AAW Standard Operating Procedures
This skill ensures all code changes follow the auditable workflow required by enterprise compliance.
Core Principle
All code changes MUST follow the auditable workflow:
code
/aaw-plan → /aaw-implement → /aaw-test → /aaw-evidence
Workflow Requirements
Phase 1: Planning (Required)
Before ANY code change:
- •Start an audit session with
mcp__aawctl__start_session - •Read and understand policy with
mcp__aawctl__read_policy - •Create a detailed implementation plan
- •Get user approval before proceeding
Never skip planning. Even small changes need documentation.
Phase 2: Implementation (Required)
During code changes:
- •Use
mcp__aawctl__execfor ALL shell commands - •Never use direct Bash tool
- •Provide clear
purposefor each execution - •Follow scope-specific policies
- •Document any deviations from the plan
Phase 3: Testing (Required)
After implementation:
- •Run tests via
mcp__aawctl__run_tests - •Capture test artifacts via
mcp__aawctl__capture_artifact - •Do not proceed if tests fail - report and wait for decision
Phase 4: Evidence (Required)
After successful testing:
- •Generate evidence bundle via
mcp__aawctl__bundle_evidence - •Provide bundle location to user
- •Bundle must be reviewed before deployment
Policy Hierarchy
code
Global Policy: /aaw.policy.yaml
↓
Package Policy: packages/{name}/aaw.policy.yaml
↓
(Package policy extends global, can only be MORE restrictive)
Audit ID
Every session has an audit_id. This ID:
- •Links all actions in a session
- •Must be passed between phases
- •Is included in the evidence bundle
- •Should be referenced in commit messages
Compliance Checklist
Before marking any task complete, verify:
- • Audit session was started
- • Policy was checked
- • All commands went through aawctl
- • Tests were run and passed
- • Evidence bundle was generated