refactor(audits): route all report writes to .claude/audits/

Before: SEO.md, GEO.md, HARDEN.md, VALIDATE.md, BUGS-FOUND.md landed
at project root. After: all five go to .claude/audits/. Covers both
dispatcher write paths and the dispatcher bash commands that parse
each report (test -s, grep score, wc) — otherwise the dispatcher
would look for the file at the old location.

- skills/seo,geo,harden,validate,code-clean — write paths + console
  summaries ("Report: .claude/audits/X.md")
- skills/harden,validate — bash parsing commands (test/grep/wc) aligned
- agents/seo-analyzer,validator-analyzer,code-cleaner — agent-side refs
- agents/validator-analyzer frontmatter description updated

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

agents/code-cleaner.md

@@ -141,7 +141,7 @@ Do NOT call the `/refactor` skill — invoke the agent directly.
 
 If cleanup reveals actual bugs (not style issues — real defects):
 
-- Append each bug to `BUGS-FOUND.md` at project root:
+- Append each bug to `.claude/audits/BUGS-FOUND.md` (run `mkdir -p .claude/audits` first):
   ```
   ## [date] Bug found during code-clean
   - **File**: <file:line>
@@ -178,7 +178,7 @@ REFACTORED:
 SKIPPED (user decision):
 - <item> — <reason>
 
-BUGS FOUND: <N> (logged to BUGS-FOUND.md)
+BUGS FOUND: <N> (logged to .claude/audits/BUGS-FOUND.md)
 
 TESTS: passing / no test suite / <failures>
 ```
@@ -192,7 +192,7 @@ TESTS: passing / no test suite / <failures>
 - No "while we're here" scope creep. Only fix approved items.
 - Exported/public API symbols require explicit per-item user confirmation
   before deletion — even if they appear unused.
-- Bugs go to BUGS-FOUND.md, not fixed in this workflow.
+- Bugs go to .claude/audits/BUGS-FOUND.md, not fixed in this workflow.
 - If the codebase has no tests and the changes are non-trivial,
   warn the user about the risk before executing.
 - No plugin check (lightweight skill, not an orchestrator).

agents/seo-analyzer.md

@@ -877,7 +877,7 @@ SEO AGENT RESULT (depth: <LOCAL|FULL>)
 ```
 
 **If standalone `/seo` on a project without `/geo`**: write/update
-`SEO.md` at project root. Structure matches classic format, with §7
+`.claude/audits/SEO.md` (run `mkdir -p .claude/audits` first). Structure matches classic format, with §7
 (GEO) marked as "Not audited — run /geo for GEO/AI optimization".
 
 ```markdown

agents/validator-analyzer.md

@@ -1,6 +1,6 @@
 ---
 name: validator-analyzer
-description: Web standards audit agent — W3C HTML validity (validator.nu), W3C CSS validity (jigsaw.w3.org), WCAG 2.1 accessibility (axe-core, pa11y, WAVE). Dispatched from /validate. Produces scored VALIDATE.md report with concrete diffs for auto-fixable issues and user actions for judgment-required fixes. Complementary to /harden (security), /seo (indexability), /geo (AI extraction).
+description: Web standards audit agent — W3C HTML validity (validator.nu), W3C CSS validity (jigsaw.w3.org), WCAG 2.1 accessibility (axe-core, pa11y, WAVE). Dispatched from /validate. Produces scored .claude/audits/VALIDATE.md report with concrete diffs for auto-fixable issues and user actions for judgment-required fixes. Complementary to /harden (security), /seo (indexability), /geo (AI extraction).
 tools: Read, Edit, Write, Bash, Grep, Glob, WebFetch
 ---
 
@@ -287,7 +287,7 @@ RGAA 4.1 (French public sector).
 
 ---
 
-## STEP 4 — Score + VALIDATE.md
+## STEP 4 — Score + .claude/audits/VALIDATE.md
 
 ### Scoring
 
@@ -306,7 +306,7 @@ Base 100. Deductions :
 
 Clamp to [0, 100].
 
-### Report structure — write to `<PROJECT_ROOT>/VALIDATE.md`
+### Report structure — write to `<PROJECT_ROOT>/.claude/audits/VALIDATE.md` (run `mkdir -p .claude/audits` first)
 
 ```markdown
 # Validation Report — <project name>
@@ -455,7 +455,7 @@ READY TO APPLY — awaiting dispatcher confirmation
 - **Single agent, narrow scope.** W3C HTML + W3C CSS + WCAG 2.1 only.
   Drop anything else (meta tags, JSON-LD, perf, security, generic linting).
 - **Degrade gracefully.** Missing tools → fall back to static checks.
-  Never fail hard. Always produce VALIDATE.md, even in degraded mode.
+  Never fail hard. Always produce .claude/audits/VALIDATE.md, even in degraded mode.
 - **Framework awareness.** For SPA/JS frameworks (Next/Astro/Vite/
   SvelteKit/Nuxt), validate built output (`dist/`, `_site/`, `build/`,
   `out/`), not JSX/TSX source. Note "Validated against built HTML at
@@ -464,8 +464,7 @@ READY TO APPLY — awaiting dispatcher confirmation
   STOP, return control via `READY TO APPLY`.
 - **Cite evidence.** Every finding : `file:line` + tool output quote.
   Empty findings or hand-waving = bug.
-- **One report.** `VALIDATE.md` at project root (or `docs/VALIDATE.md`
-  if convention exists). On re-run, move previous content to a
+- **One report.** `.claude/audits/VALIDATE.md`. On re-run, move previous content to a
   `## Historique` section — do not overwrite silently.
 - **External validators are authoritative.** If validator.nu disagrees
   with `html-validate`, trust validator.nu. If jigsaw disagrees with

skills/code-clean/SKILL.md

@@ -7,7 +7,7 @@ description: |
   Trigger: "code-clean", "clean up the code", "remove dead code",
   "enforce code style", "cleanup", "nettoyage du code", "code hygiene".
   For targeted refactoring without audit → use /refactor instead.
-  For bug fixes discovered during cleanup → logged to BUGS-FOUND.md, not fixed here.
+  For bug fixes discovered during cleanup → logged to .claude/audits/BUGS-FOUND.md, not fixed here.
 argument-hint: <file, directory, or blank for entire project>
 disable-model-invocation: false
 allowed-tools:

skills/geo/SKILL.md

@@ -37,9 +37,9 @@ $ARGUMENTS
 
 ## Note on integration
 
-If `SEO.md` already exists at project root, the geo-analyzer will
+If `.claude/audits/SEO.md` already exists, the geo-analyzer will
 merge its findings into that file's `§7 — Optimisation GEO / IA`
 section (rather than writing a separate `GEO.md`). This keeps a
 single consolidated report when both /seo and /geo have been run.
 
-If no `SEO.md` exists, the agent writes `GEO.md` at project root.
+If no `.claude/audits/SEO.md` exists, the agent writes `.claude/audits/GEO.md` (run `mkdir -p .claude/audits` first).

skills/harden/SKILL.md

@@ -8,7 +8,7 @@ description: |
   (.htaccess, nginx.conf, netlify.toml, vercel.json, _headers, _redirects,
   wrangler.toml). Dispatches the seo-analyzer agent with a STRICT scope
   filter — no meta/OG/JSON-LD/sitemap/CWV/headings/alt/i18n noise.
-  Produces HARDEN.md at project root.
+  Produces .claude/audits/HARDEN.md.
   Trigger: "harden", "web hardening", "ssl audit", "https audit",
   "hsts", "csp", "security headers", "http to https", "redirect audit",
   "htaccess audit", "404 page", "canonical audit", "transport security",
@@ -366,7 +366,7 @@ Agent(
       "READY TO APPLY — awaiting dispatcher confirmation" at the end.
       Do NOT apply any Edit/Write — the dispatcher handles STEP 3.
 
-  OUTPUT — write to <PROJECT_ROOT>/HARDEN.md :
+  OUTPUT — write to <PROJECT_ROOT>/.claude/audits/HARDEN.md (run `mkdir -p .claude/audits` first) :
 
     # Web Hardening Report — <project_name>
 
@@ -504,18 +504,18 @@ cached (now-READY) SSL Labs result.
 ## STEP 2 — Verify output
 
 ```bash
-test -s HARDEN.md && wc -l HARDEN.md || echo "MISSING HARDEN.md"
+test -s .claude/audits/HARDEN.md && wc -l .claude/audits/HARDEN.md || echo "MISSING .claude/audits/HARDEN.md"
 ```
 
 If missing or empty :
 ```
-⚠️  seo-analyzer did not produce HARDEN.md. Options:
+⚠️  seo-analyzer did not produce .claude/audits/HARDEN.md. Options:
   A) Retry with same scope
   B) Downgrade to LOCAL and retry (if FULL failed on network)
   C) Abort
 ```
 
-Extract the score and critical-alert count from HARDEN.md for the console summary.
+Extract the score and critical-alert count from `.claude/audits/HARDEN.md` for the console summary.
 
 ---
 
@@ -523,9 +523,9 @@ Extract the score and critical-alert count from HARDEN.md for the console summar
 
 Skip this step if MODE=audit.
 
-If MODE=fix and HARDEN.md ends with `READY TO APPLY — awaiting dispatcher confirmation` :
+If MODE=fix and `.claude/audits/HARDEN.md` ends with `READY TO APPLY — awaiting dispatcher confirmation` :
 
-1. Parse the `## 8. Fix bundle` section from HARDEN.md.
+1. Parse the `## 8. Fix bundle` section from `.claude/audits/HARDEN.md`.
 2. Group by file. For each group, show the combined diff to the user.
 3. Ask :
    ```
@@ -539,15 +539,15 @@ If MODE=fix and HARDEN.md ends with `READY TO APPLY — awaiting dispatcher conf
      A) Apply all
      B) Review each diff before applying
      C) Apply only Critique severity
-     D) Abort — keep HARDEN.md as audit report
+     D) Abort — keep .claude/audits/HARDEN.md as audit report
    ```
 4. On `A` : apply each bundle via Edit (targeted old_string/new_string,
    never full-file Write on shared templates).
 5. On `B` : for each diff, show and ask yes/no/skip.
 6. On `C` : filter to Critique-only, then behave as `A`.
-7. On `D` : stop, leave HARDEN.md untouched.
+7. On `D` : stop, leave `.claude/audits/HARDEN.md` untouched.
 
-After applying : append a `## 10. Changes applied` section to HARDEN.md
+After applying : append a `## 10. Changes applied` section to `.claude/audits/HARDEN.md`
 with commit-ready summary lines.
 
 Never apply fixes without explicit confirmation. Never use `--no-verify`
@@ -563,8 +563,8 @@ URL              : <url or static>
 Depth            : LOCAL | FULL
 Mode             : audit | fix
 Score            : XX / 100  (<before> → <after> if fix applied)
-Critical alerts  : <N>  (voir HARDEN.md § 0)
-Report           : HARDEN.md
+Critical alerts  : <N>  (voir .claude/audits/HARDEN.md § 0)
+Report           : .claude/audits/HARDEN.md
 
 EXTERNAL VALIDATORS (FULL only) :
   Mozilla Observatory   : <Grade>   (score/135)
@@ -613,6 +613,5 @@ NEXT STEPS :
 - **SSL Labs can be slow and fail-soft.** 180s poll cap. If TIMEOUT,
   note it in HARDEN.md and move on. Cached result auto-hits on next run
   via `maxAge=24`. Never block the whole audit waiting on SSL Labs.
-- **One report file.** `HARDEN.md` at project root (or `docs/HARDEN.md`
-  if that convention exists). On re-run, move previous content to a
+- **One report file.** `.claude/audits/HARDEN.md`. On re-run, move previous content to a
   `## Historique` section, do not overwrite silently.

skills/seo/SKILL.md

@@ -5,7 +5,7 @@ description: |
   Runs the seo-analyzer (classical search — Google, Bing, DuckDuckGo)
   and geo-analyzer (AI search — ChatGPT, Perplexity, Claude, Gemini,
   Google AI Overviews, Copilot) IN PARALLEL, then consolidates their
-  output into a unified SEO.md report.
+  output into a unified .claude/audits/SEO.md report.
   Covers: meta, OG, JSON-LD (classical + GEO-optimised schemas),
   sitemap, robots.txt (including AI crawlers), llms.txt, headings,
   alt attrs, canonicals, hreflang, Core Web Vitals, entity SEO
@@ -36,7 +36,7 @@ allowed-tools:
 # /seo — parallel SEO + GEO dispatcher
 
 This skill orchestrates TWO specialist agents running in parallel, then
-merges their output into a single `SEO.md` report. It is the main
+merges their output into a single `.claude/audits/SEO.md` report. It is the main
 entry point for any SEO/GEO work on a web project.
 
 ## STEP 0 — Collect shared context (ONCE)
@@ -267,8 +267,8 @@ the dispatcher will merge your output with seo-analyzer's output.
 ## STEP 2 — Merge envelopes into SEO.md
 
 Both agents return structured envelopes keyed by SEO.md section
-numbers. Consolidate them into a single `SEO.md` at project root
-(or `docs/SEO.md` if that convention exists).
+numbers. Consolidate them into `.claude/audits/SEO.md`
+(run `mkdir -p .claude/audits` first).
 
 ### Combined score calculation
 

skills/validate/SKILL.md

@@ -4,7 +4,7 @@ description: |
   Web standards audit — W3C HTML validity (validator.nu), W3C CSS
   validity (jigsaw.w3.org/css-validator), WCAG 2.1 accessibility
   (axe-core, pa11y, WAVE API). Dedicated to syntactic and
-  accessibility conformance. Produces VALIDATE.md at project root.
+  accessibility conformance. Produces .claude/audits/VALIDATE.md.
   Dispatches the validator-analyzer agent with a STRICT scope
   filter — no meta/OG/JSON-LD/CWV/security-header noise.
   Trigger: "validate", "validation", "w3c", "html validity",
@@ -220,7 +220,7 @@ Agent(
       "READY TO APPLY — awaiting dispatcher confirmation" at the end
       of §5. Do NOT apply any Edit/Write — the dispatcher handles STEP 3.
 
-  Output: write <PROJECT_ROOT>/VALIDATE.md per the structure in your
+  Output: write <PROJECT_ROOT>/.claude/audits/VALIDATE.md (run `mkdir -p .claude/audits` first) per the structure in your
   spec (sections 0-8, score XX/100).
   """
 )
@@ -231,23 +231,23 @@ Agent(
 ## STEP 2 — Verify output
 
 ```bash
-test -s VALIDATE.md && wc -l VALIDATE.md || echo "MISSING VALIDATE.md"
+test -s .claude/audits/VALIDATE.md && wc -l .claude/audits/VALIDATE.md || echo "MISSING .claude/audits/VALIDATE.md"
 ```
 
 If missing or empty :
 ```
-⚠️  validator-analyzer did not produce VALIDATE.md. Options :
+⚠️  validator-analyzer did not produce .claude/audits/VALIDATE.md. Options :
   A) Retry with same scope
   B) Downgrade to LOCAL and retry (if FULL failed on network)
   C) Abort
 ```
 
-Extract the score and critical-alert count from VALIDATE.md for the
+Extract the score and critical-alert count from `.claude/audits/VALIDATE.md` for the
 console summary :
 
 ```bash
-grep -oE '\*\*Score\*\*\s+:\s+[0-9]+ / 100' VALIDATE.md | head -1
-grep -c '^### \[Critique\]' VALIDATE.md
+grep -oE '\*\*Score\*\*\s+:\s+[0-9]+ / 100' .claude/audits/VALIDATE.md | head -1
+grep -c '^### \[Critique\]' .claude/audits/VALIDATE.md
 ```
 
 ---
@@ -256,7 +256,7 @@ grep -c '^### \[Critique\]' VALIDATE.md
 
 Skip this step if `MODE=audit`.
 
-If VALIDATE.md ends with `READY TO APPLY — awaiting dispatcher confirmation` :
+If `.claude/audits/VALIDATE.md` ends with `READY TO APPLY — awaiting dispatcher confirmation` :
 
 1. Parse the `## 5. Fix bundle` section.
 2. Group by file. For each group, show the combined diff to the user.
@@ -276,7 +276,7 @@ Options :
   A) Apply all
   B) Review each diff before applying
   C) Apply only Critique + Haute
-  D) Abort — keep VALIDATE.md as audit report
+  D) Abort — keep .claude/audits/VALIDATE.md as audit report
 ```
 
 4. On `A` : apply each bundle via `Edit` (targeted `old_string` /
@@ -284,7 +284,7 @@ Options :
    overwriting /seo or /geo content — meta tags, JSON-LD).
 5. On `B` : for each diff, show and ask yes/no/skip.
 6. On `C` : filter to Critique + Haute, then behave as `A`.
-7. On `D` : stop, leave VALIDATE.md untouched.
+7. On `D` : stop, leave `.claude/audits/VALIDATE.md` untouched.
 
 After applying, append a `## 8. Changes applied` section with
 commit-ready summary lines :
@@ -322,7 +322,7 @@ URL              : <url or static>
 Depth            : LOCAL | FULL
 Mode             : audit | fix
 Score            : XX / 100  (<before> → <after> if fix applied)
-Report           : VALIDATE.md
+Report           : .claude/audits/VALIDATE.md
 
 BREAKDOWN :
   W3C HTML         : <N errors / M warnings>
@@ -367,8 +367,7 @@ Install for better LOCAL coverage :
 - **External validators are authoritative on live URLs.** validator.nu
   and jigsaw are the W3C backends. If a local tool disagrees with
   them, trust the W3C backend; flag the divergence as a finding.
-- **One report file.** `VALIDATE.md` at project root (or
-  `docs/VALIDATE.md` if that convention exists). On re-run, move
+- **One report file.** `.claude/audits/VALIDATE.md`. On re-run, move
   previous content to a `## Historique` section, do not overwrite
   silently.
 - **Cache dir.** `.validate-cache/` (gitignored) stores raw tool