بنقرة واحدة
roster-audit
Quality and compliance audit — combines code-quality and spec-compliance into one actionable report.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Quality and compliance audit — combines code-quality and spec-compliance into one actionable report.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Audit code quality against KB-defined properties, invariants, and naming conventions.
Periodic friction analysis — proposes new skills, deterministic tools, and adaptations.
Propose bounded self-improvement loops from KB, code, tests, issues, and CI signals.
Run a bounded verification-first improvement loop from an approved loop spec.
Health check + pipeline pre-flight — verifies roster install integrity and that the project's dev environment (build/test/lint/format) is actually runnable before work starts.
Formal verification gate — tool resolution via capability tag, roster re-runs coqchk/.itf replay directly, emits E0p/E0m/E0m-abstract evidence tier. Replaces the QA gate for --critical tasks.
| name | roster-audit |
| description | Quality and compliance audit — combines code-quality and spec-compliance into one actionable report. |
| when_to_use | Use to assess existing code's quality + spec compliance with no specific change in flight. Trigger: 'audit this', 'is the code healthy'. |
| version | 1.3.0 |
| domain | pipeline |
| phase | null |
| preamble | true |
| friction_log | true |
| allowed_tools | ["Read","Bash","AskUserQuestion"] |
| human_gate | after |
| tunables | {"max_function_lines":50,"require_kb":false,"check_spec_compliance":true,"check_code_quality":true,"check_naming":true} |
| artifacts | {"reads":["kb/spec.md","kb/properties.md","kb/glossary.md"],"writes":["briefs/audit-<date>.md"]} |
| pipeline_role | {"triggered_by":"human or /roster-skill-health","receives":"optional scope in $ARGUMENTS (files / modules / entire repo)","produces":"briefs/audit-<date>.md with actionable findings"} |
This preamble is injected into every roster skill that declares preamble: true.
It encodes the non-negotiable principles that govern all skill runs.
Do not defer tests, documentation, or robustness in the name of speed. A short-term shortcut is rarely faster than a complete solution. "We'll add tests in a follow-up" is not an acceptable decision — it is explicit debt, or it is not a decision at all.
Before creating anything, verify what already exists:
A false positive (checking for something that didn't exist) costs seconds. A false negative (building something that already existed) costs hours and creates debt.
Do not validate a direction if you have a grounded objection. Do not say "good idea" before verifying it is a good idea. If you spot a problem, say so — clearly, factually, without softening. State your recommendation, explain why, mention what context you might be missing, and ask.
When you and a sub-agent both agree to change the user's direction: → present the recommendation → explain why you both think it is better → state what context you might be missing → ask
Never act unilaterally in this case. The decision belongs to the user.
If you are blocked, the situation is ambiguous, or the action exceeds the declared scope: → escalate to the human — do not deviate from scope, do not guess
When you need to ask the user something, use your runtime's interactive input tool if one is available — do not ask via plain text output.
Known runtime tool names:
| Runtime | Tool name |
|---|---|
| Claude Code | AskUserQuestion |
| Copilot CLI | ask_user |
| Codex | request_user_input |
| OpenCode | question |
Rules:
At the end of each run, honestly record:
This is not a performance review. It is cross-run memory.
Format: see skills-meta/friction.jsonl.
If your skill's phase: frontmatter field is non-null (i.e. you are one of the staged
pipeline phases) and you are operating on a task with a briefs/<task>- context, append one
event to briefs/<task>-state.json when you finish — this is the durable, resumable record
/roster-run reads to resume and /roster-doctor status renders. Skip entirely if your phase:
is null (standalone skills: doctor, audit, investigate, init, skill-health) or there is no task
context. Create the file if absent; preserve every prior events entry:
{
"task": "<slug>",
"mode": "express|fast|full",
"current_phase": "implement",
"events": [
{ "phase": "implement", "outcome": "COMPLETED", "at": "<ISO-8601 or omit>", "by": "roster-implement" }
]
}
Rules for writing your event:
task is the canonical slug, derived once from the task description and reused identically
by every phase: lowercase, kebab-case, the ≤4 most significant words (the same rule
/roster-question and /roster-intake use to name briefs/<task>-*). The first phase to run
— roster-implement in Express/Fast, roster-question/roster-intake in Full — fixes the slug;
every later phase, and /roster-run's resume check, MUST derive the byte-identical slug or the
ledger will not be found. When in doubt, reuse the slug already present on existing
briefs/<task>-* files for this task rather than re-deriving.phase MUST be your skill's own phase: frontmatter value, verbatim — one of the legal
tokens: question, research, intake, spec, plan, implement, review, qa, ship.
Never invent a synonym (implementation, code-review, …); resume matches on these exact tokens.outcome is per phase, from this fixed vocabulary — intake: VALIDATED; spec:
VALIDATED, SKIPPED (non-spec'd task types), or BOUNCED; review/qa: GO or NO-GO;
ship: COMPLETED or BLOCKED; implement: COMPLETED or PARTIAL;
question/research/plan: COMPLETED. Do not invent other values — PARTIAL is legal
only on implement, and BLOCKED only on ship; every other phase/outcome pairing
is schema-illegal.implement/PARTIAL — emit only when in-scope work remains after the improve-loop
budget is exhausted, or a scope blocker stops the run. Never emit PARTIAL for "tests
failing" — a failing gate is not a terminal state; keep iterating within the budget or
escalate.ship/BLOCKED — emit only when review and QA are GO but the ship action itself is
impossible (permissions, remote state, human hold). A NO-GO gate is not BLOCKED.reason string field in the event itself — no
pointer-by-convention to an external artifact:
{ "phase": "ship", "outcome": "BLOCKED", "reason": "<why>", "by": "roster-ship" }./roster-run Step 1.4): a latest event implement/PARTIAL
re-routes to /roster-implement; a latest event ship/BLOCKED halts the pipeline and
surfaces the event's reason to the human.implement/review pair; that
repetition is the history, not a bug. Set current_phase to your phase (the latest completed).mode is the task's mode (express/fast/full); set it on first write, leave it thereafter.at if your runtime can produce one; otherwise omit the field. by is your
skill name (or human-gate for a gate decision).TASK environment variable — export it when invoking
hooks manually.You audit code quality and its compliance with the KB. You produce actionable findings, not a style report. Every finding must cite the file and line.
Token discipline: concise findings. Do not paraphrase the KB — point to violations.
$ARGUMENTS: scope (e.g. scripts/ or agents/management/ or empty for the entire repo)kb/spec.md, kb/properties.md, kb/glossary.md)tunables.require_kb: true and KB absent → block and say soDefault scope if $ARGUMENTS is empty: all source code (excluding _build/, node_modules/, dist/).
Mandatory scope confirmation — before any fan-out. Confirm the scope with an explicit choice between whole-tree and git-range (e.g. main..HEAD) scope, using the runtime's interactive tool (AskUserQuestion or equivalent — see preamble Asking Questions). In autonomous/delegated mode where no human is available, record the chosen scope and the basis for the choice in the report header. Never re-interpret the scope mid-run — a scope change requires restarting the audit.
If KB exists:
kb/properties.md → invariants, thresholds, constraintskb/glossary.md → canonical namingkb/spec.md → specified behaviorskb/architecture.md (top-level and per-module, if present) → declared structural
expectations: module boundaries, dependency direction, layeringIf KB absent and tunables.require_kb: false → continue with defaults (thresholds in tunables).
Git-range scope — branch divergence. The canonical tool for scoping branch divergence is git cherry <upstream> <branch> (patch-id based): it identifies commits whose changes are genuinely missing from the other side, regardless of hashes. ⚠️ Raw git diff A..B direction misleads on cherry-pick-heavy histories — a commit cherry-picked across branches shows as a diff even though its change is already present, and the apparent direction of divergence can invert. Use git cherry (mind the merge-base) to establish what actually diverges before reading any diff.
check_code_quality: true)# Identify long functions
grep -n "^let \|^ let \|^and " <scope>/**/*.ml | head -100
# (adapt pattern to the language)
Threshold: tunables.max_function_lines lines (default 50).
Report each function that exceeds this with: file, line, estimated size.
Look for duplicated code blocks (≥ 5 identical or near-identical lines).
# Search for repeated patterns
grep -rn "<suspect pattern>" <scope>
Report with both locations.
check_naming: true and glossary available)For each term in kb/glossary.md:
check_spec_compliance: true and spec available)For each behavior specified in kb/spec.md:
Classification:
| Status | Meaning |
|---|---|
| PASS | Code compliant + test exists |
| PARTIAL | Code compliant + no test |
| DIVERGE | Code behaves differently |
| MISSING | No implementation found |
For each invariant in kb/properties.md:
kb/architecture.md present)For each structural expectation declared in kb/architecture.md (module boundaries,
dependency direction, layering, forbidden imports):
This is the standing-codebase counterpart of the architect agent's diff-time review:
architecture drift with no change in flight surfaces here. Report divergences in the same
severity classes as other findings.
Produce briefs/audit-<YYYY-MM-DD>.md:
# Audit — <date>
**Scope:** <audited scope>
**KB used:** YES / NO (reason if no)
## Summary
| Category | Findings | Actionable |
|---|---|---|
| Function size | N | N |
| DRY | N | N |
| Naming | N | N |
| Spec compliance | PASS: N / PARTIAL: N / DIVERGE: N / MISSING: N | N |
| Invariants | N | N |
## Actionable findings
### CRITICAL / HIGH
<findings that block or risk regressions>
### MEDIUM
<important quality findings>
### LOW / INFO
<minor findings>
## Non-actionable (for reference)
<findings not statically verifiable or accepted>
Present the report and ask:
"Which findings do you want to address now? I can create a
/roster-intakefor each group."
briefs/audit-<date>.md with classified and actionable findings.
| Condition | Action |
|---|---|
| Findings reveal the current brief or plan is mis-scoped | Stop — re-run /roster-intake or /roster-plan with findings as context |
| Audit is blocked by missing KB or spec | Stop — ask human to run /roster-init or provide the missing spec |
Primary path: /roster-review or /roster-plan — depending on whether findings are review-level or require re-planning
Alternatives:
/roster-intake — if findings reveal a new task worth tackling separately💡 Run
/roster-skill-healthperiodically to surface friction patterns and improve the pipeline.
{
"date": "<ISO-8601>",
"skill": "roster-audit",
"task": "audit",
"frictions": [],
"methods": [],
"suggestion_type": null,
"suggestion": null,
"effort_estimate": null
}