// Project health audit and health check — architecture, performance, tests, dependencies, code quality. Use when assessing overall project health, before releases, or after refactors.
Self-improving loop for plugin skills. Reads program.md, proposes one mutation per iteration, evaluates against deterministic scorer, keeps improvements via git, reverts failures. Targets weakest skill+dimension. Use with /loop for overnight runs.
Compute metrics for Claude Code sessions. Discovers via ccrider, filters trivial, computes friction/opportunity/fingerprint scores. Use for broad session triage.
Recommend safe Bash permissions for Elixir mix commands in settings.json. Use when permission prompts slow workflow, "fix permissions", "reduce prompts", "auto-allow mix".
Brainstorm Elixir/Phoenix features — explore ideas, compare approaches, gather requirements. Use when vague idea, not sure how to approach, or want to discuss before plan.
Analyze Elixir/Phoenix performance — N+1 queries, assign bloat, ecto optimization, genserver bottlenecks. Use when slowness, timeouts, or high memory reported.
Address PR review comments on Elixir/Phoenix code — fetch comments, draft responses, optionally fix code. Use when the user shares a PR URL or mentions reviewer feedback.
| name | phx:audit |
| description | Project health audit and health check — architecture, performance, tests, dependencies, code quality. Use when assessing overall project health, before releases, or after refactors. |
| effort | high |
| argument-hint | ["--quick|--full|--focus=area|--since=commit"] |
Comprehensive project-wide health assessment using 5 parallel specialist subagents.
/phx:audit # Full audit (default)
/phx:audit --quick # 2-3 minute pulse check
/phx:audit --focus=security # Deep dive single area
/phx:audit --focus=performance
/phx:audit --since abc123 # Incremental audit since commit
/phx:audit --since HEAD~10 # Audit last 10 commits
--quick first to catch compile/test failures before spending tokens on 5 parallel agentsSpawn 5 specialists in parallel using Agent tool. Each call routes to a
declared-model plugin specialist (sonnet/opus) so the work doesn't fall
through to general-purpose (Opus by default):
| Subagent | Focus | Output File | Routes to |
|---|---|---|---|
| Architecture Reviewer | Structure quality, coupling, cohesion | arch-review.md | phoenix-patterns-analyst (sonnet) |
| Performance Auditor | N+1, indexes, bottlenecks, scalability | perf-audit.md | general-purpose (TODO: no perf specialist exists yet) |
| Security Auditor | OWASP scan, auth patterns, secrets | security-audit.md | security-analyzer (opus) |
| Test Health Auditor | Coverage, quality, flaky tests | test-audit.md | testing-reviewer (sonnet) |
| Dependency Auditor | Vulnerabilities, outdated, unused | deps-audit.md | general-purpose (TODO: per-package hex-deps-triager only) |
Create Claude Code tasks for real-time progress visibility:
For each auditor:
TaskCreate({subject: "{Area} audit", activeForm: "Auditing {area}..."})
TaskUpdate({taskId, status: "in_progress"})
Then spawn all 5 agents with Agent tool (parallel). Route to declared-model
specialists where they exist, keep general-purpose only where no specialist
covers the audit category:
Agent(subagent_type: "phoenix-patterns-analyst", prompt: "Architecture audit: analyze module structure, context boundaries, coupling, cohesion. Write findings to .claude/audit/reports/arch-review.md", run_in_background: true)
Agent(subagent_type: "general-purpose", prompt: "Performance audit: N+1 queries, missing indexes, bottlenecks, scalability. Write findings to .claude/audit/reports/perf-audit.md", run_in_background: true)
Agent(subagent_type: "security-analyzer", prompt: "Security audit: OWASP scan, auth patterns, secret leakage. Write findings to .claude/audit/reports/security-audit.md", run_in_background: true)
Agent(subagent_type: "testing-reviewer", prompt: "Test health audit: coverage, quality, flakes. Write findings to .claude/audit/reports/test-audit.md", run_in_background: true)
Agent(subagent_type: "general-purpose", prompt: "Dependency audit: vulnerabilities, outdated, unused. Write findings to .claude/audit/reports/deps-audit.md", run_in_background: true)
Why specialist routing matters: general-purpose subagents inherit the
parent session model (usually Opus). Plugin specialists declare their own
model in frontmatter (sonnet/haiku for most). Routing 3 of 5 audit tracks to
declared-model specialists materially cuts Opus subagent volume per audit run.
Agent prompts must be FOCUSED. Scope each prompt to the relevant directories and patterns. Do NOT give vague prompts like "analyze the codebase."
Output efficiency: Tell each agent: "Report ONLY issues found. Do NOT list clean checks, passing categories, or 'What's Good'. One summary line per clean area suffices."
Wait for ALL auditors to complete. Mark each auditor's task as
completed via TaskUpdate as it finishes. NEVER proceed while
any auditor is still running.
Read reports from .claude/audit/reports/.
After all 5 auditors complete, spawn context-supervisor:
Agent(subagent_type: "context-supervisor", prompt: """
Compress audit findings.
Input: .claude/audit/reports/
Output: .claude/audit/summaries/
Priority: Health scores per category, critical findings
only, cross-category correlations, deduplicate findings
found by 2+ agents.
""")
Read .claude/audit/summaries/consolidated.md for synthesis.
Each category scores 0-100. See ${CLAUDE_SKILL_DIR}/references/scoring-methodology.md.
Write to .claude/audit/summaries/project-health-{date}.md.
Report includes: Executive summary with health score (A-F, numeric/100), per-category score table (Architecture, Performance, Security, Tests, Dependencies), critical issues, top recommendations, and action plan (Immediate/Short-term/Long-term).
--quick)Only run essential checks (~2-3 minutes):
Run mix compile --warnings-as-errors, then mix hex.audit && mix deps.audit,
then mix xref graph --format stats, then mix test --trace 2>&1 | tail -20.
Skip: Full security scan, N+1 analysis, test quality metrics, architecture deep dive.
--focus=area)Deep dive single area with full specialist resources:
| Focus | Subagent | Extra Checks |
|---|---|---|
security | security-analyzer | Full OWASP, sobelow, manual patterns |
performance | general-purpose | Profile-level analysis, query explain (no plugin specialist yet) |
architecture | phoenix-patterns-analyst | Full xref, coupling matrix, cohesion |
tests | testing-reviewer | Coverage by context, quality metrics |
deps | general-purpose | License audit, maintenance status (per-package hex-deps-triager only) |
--since <commit>)Analyze only changes since a specific commit. Useful for pre-merge checks:
Run git diff --name-only <commit>...HEAD to identify changed files, then run targeted audits on changed files only (skips full project scan).
Combines with other flags: /phx:audit --since HEAD~5 --focus=security
| Command | Scope | Frequency |
|---|---|---|
/phx:review | Changed files (diff) | Every PR |
/phx:audit | Entire project | Quarterly |
/phx:boundaries | Context structure | On-demand |
/phx:verify | Compile/test pass | Anytime |
${CLAUDE_SKILL_DIR}/references/scoring-methodology.md - How scores are calculated${CLAUDE_SKILL_DIR}/references/architecture-checks.md - Detailed architecture criteria