internal/ciparity/ — new stdlib-only package with four tests:
1. TestSurfaceParity_MCPToolCatalogue (HARD GATE):
- Every MCP tool name conforms to certctl_<word>(_<word>)*
- No duplicate names across the five tools*.go files
- Total tools ≥ mcpBaselineFloor (150; current count 155)
Catches accidental tool deletions + naming-convention drift.
2. TestSurfaceParity_CLICommandCatalogue (INFORMATIONAL):
Walks cmd/cli/main.go's switch-case dispatcher. Logs the 31
distinct verbs. Per frozen decision 0.9, warn-only until the CLI
surface stabilizes.
3. TestSurfaceParity_OpenAPI_MCPHeuristicCoverage (INFORMATIONAL):
Reports the fraction of OpenAPI ops whose path tokens overlap
with MCP tool name tokens. Trend metric; current coverage 92%.
4. TestSurfaceParity_Summary (INFORMATIONAL):
One-glance count of router routes / OpenAPI ops / MCP tools / CLI
verbs. Easy eyeball for a PR reviewer.
Verified in sandbox:
- gofmt clean
- go vet clean
- go test -short -count=1: all four PASS in 0.017s
Stdlib-only by design — the tests read source files with os.ReadFile +
regexp + go/ast. Keeps the test runnable without pulling in the rest
of the codebase's transitive deps; fast self-contained signal.
Router ↔ OpenAPI parity (TestRouter_OpenAPIParity) stays in
internal/api/router/openapi_parity_test.go where it already lives.
This bundle does not duplicate it.
Allowlist scaffold at scripts/ci-guards/surface-parity-mcp-exemptions.yaml
for the day TestSurfaceParity_OpenAPI_MCP* is promoted from
informational to hard gate.
Audit-Closes: post-v2.1.0-anti-rot/item-2
shankar0123