| name | ultracode-service-audit |
| description | Run a multi-agent, adversarially-verified full-service audit across 7 dimensions (code / UX / scalability / planning+north-star / security / promotion / extensible), separating findings into confirmed / unverified / rejected and producing a priority-ranked, M-numbered milestone roadmap (as many milestones as the findings warrant). Use when the user says "ultracode ์ ์ฒด ์๋น์ค ์ ๊ฒ", "์ ์ฒด ์๋น์ค๋ฅผ ์ ๊ฒํ์", "์ฝ๋ยทUXยทํ์ฅ์ฑยท๊ธฐํยท๋ถ๊ทน์ฑ์งํยท๋ณด์ยทํ๋ณด ๋ฌธ์ ์ ์ ํ์
ํ๊ณ ์ฐ์ ์์์ ๋ฐ๋ผ ๊ฐ์ ", "๋ค์ฐจ์ ์๋น์ค ๊ฐ์ฌ", or in English "audit the whole service / full multi-dimensional service audit / find code, UX, scalability, planning, security, and marketing problems and prioritize fixes". The heavyweight superset audit โ orchestrate it as a Workflow with fan-out finders and an adversarial verify pass. NOT for a single-artifact prose/README review (use multi-persona-review) or a single-axis gap-vs-benchmark loop (use gap-analysis-e2e) โ those are the lighter siblings. |
Ultracode Service Audit
The heavyweight, multi-agent audit of an entire service across many dimensions at once.
The fan-out is orchestrated as a Workflow / multi-agent run, and it can be large โ the real
run drove many agents in parallel, not a 7-agent minimum. "ultracode" implies that heavyweight
parallelism: a finder (often several) per dimension plus a separate squad of verifiers. Where a
single skill inspects one axis (UX, or code, or strategy), this one fans out finder agents per
dimension, then runs a separate adversarial verification pass so that only findings that
survive cross-examination are reported as real. The output is one priority-ranked roadmap where
every item is dimension-tagged, evidence-graded, and traceable to the product's North Star.
This is the skill behind the user's real request (turn 94):
"ultracode ํ์ฌ๊น์ง ๊ฐ๋ฐํ ๋ด์ฉ์ ๊ธฐ์ค์ผ๋ก ์ ์ฒด ์๋น์ค๋ฅผ ์ ๊ฒํ์. ์ฝ๋์ ๋ฌธ์ , UX ์ ๋ฌธ์ ,
ํ์ฅ์ฑ ๋ฌธ์ , ๊ธฐํ ๋ฐ ๋ถ๊ทน์ฑ์งํ, ๋ณด์์, ํ๋ณด์์ ๋ฌธ์ ์ ์ ํ์
ํ๊ณ ๊ฐ๊ฐ์ ๊ฐ์ ์ ...
์ฐ์ ์์์ ๋ฐ๋ผ ๊ฐ์ ํ์"
That run produced ํ์ 29 / ๋ฏธ๊ฒ์ฆ 0 / ๊ธฐ๊ฐ 8 โ the confirmed/unverified/rejected split
is not decoration, it is the whole point. The ๋ฏธ๊ฒ์ฆ 0 was that run's outcome, not a
guarantee the bucket goes unused: the ๋ฏธ๊ฒ์ฆ bucket is load-bearing and stays in the report
the moment any finding lands with no verifier votes. A finding nobody could verify never gets
reported as fact.
When to use
- The user wants a whole-service health check, not one narrow review โ "์ ์ฒด ์๋น์ค๋ฅผ ์ ๊ฒํ์",
"๋ค์ฐจ์ ๊ฐ์ฌ", "audit everything before launch / before we promote".
- You have the Workflow / ultracode multi-agent capability available (this skill assumes you
can fan out independent agents and re-aggregate). Without it, fall back to running the
dimensions sequentially yourself โ but step 3 forbids a finder from grading itself, so
sequential mode cannot produce a true ํ์ . In that mode, never emit ํ์ verdicts: label
every finding ๋ฏธ๊ฒ์ฆ or evidence-backed-only (a failing test / exposed secret / reproduced
crash counts; an opinion does not), and state plainly in the report that no independent
verification ran. That keeps the no-false-ship invariant honest when fan-out is absent.
- You need an output that is prioritized and trustworthy โ every claim graded, weak claims
sunk in the ranking, nothing over-claimed.
If the user only wants one axis, use the focused sibling instead (see Cross-references). This
skill is the superset; don't reach for it when a scalpel will do.
The seven dimensions (extensible)
Each dimension gets a named, enumerated rubric before any auditing starts, so findings are
checked against explicit criteria rather than vibes. This is the discipline behind heuristic
evaluation (Nielsen / NN/g): a violation of a named rule is a candidate defect, justified
against context โ not an automatic one.
| # | Dimension | Rubric to hand the finder agent |
|---|
| 1 | Code | correctness/logic, security (injection, authz, exposed secrets), readability, tests-that-fail-when-logic-breaks, design/architecture fit (SonarSource multi-axis review) |
| 2 | UX | Nielsen's 10 usability heuristics; rate severity by impact, not by rule-match count |
| 3 | Scalability | data-model limits, hot paths, statefulness, single points of failure, cost-per-unit growth |
| 4 | Planning + North Star | the one North Star metric + its Inputs (Amplitude); does each finding move the metric or an Input? |
| 5 | Security | secrets exposure, authz boundaries, dependency CVEs, input trust, data egress |
| 6 | Promotion / Marketing | Working-Backwards: take the product's implied PR/FAQ (its promised value) and audit whether the built service + its messaging actually deliver โ surface over-claim / false-ship gaps |
| 7 | + Extensible | add a dimension by giving it (a) a named rubric and (b) its own independent verifier. Nothing else changes |
The framework set is load-bearing, not ornamental:
Core workflow
Orchestrate this as a Workflow: fan-out โ adversarial verify โ synthesize.
1. Scope and set North Star (pre-flight)
Read the service's SPEC/PRD/NORTH_STAR and recent state. Name the North Star metric and its
Inputs explicitly โ they are the strategic anchor every finding will be tested against. If you
can't state the North Star, stop and ask; auditing dimensions in isolation with no anchor just
generates busywork.
2. Fan-out: independent finder(s) per dimension
Spawn at least one finder agent for each dimension with its own rubric (table above) โ and
spawn several per dimension where the surface is large. This is the heavyweight step: a real run
fans out to many agents in parallel, not a fixed seven. Run them
independently โ NN/g's finding is that independent passes catch issues a single pass misses
(3 evaluators โ 60% of issues; one agent per dimension is not enough on its own, which is why
step 3 exists). Each finder returns candidate findings with: dimension tag, the rubric item
violated, the evidence it actually observed, and a proposed severity.
3. Adversarial verify pass (the load-bearing step)
This is a distinct second pass, not the finders grading themselves. Re-order the reviewer
agents and give them diverse prompts/roles, then task them with peer-reviewing every round-one
assertion. This is Multi-Agent Verification (BoN-MAV): reliability scales at test time by
running multiple independent verifiers and accepting only what survives cross-validation.
https://arxiv.org/pdf/2502.20379
Decision rule per finding:
- Confirmed (ํ์ ) โ survives verification, or carries irrefutable evidence (a failing test,
an exposed secret, a reproduced crash). Verifier consensus, not one voice.
- Unverified (๋ฏธ๊ฒ์ฆ) โ 0 adversarial-verify votes and no hard evidence. Kept in a
separate bucket. Never reported as fact. This is the no-false-ship invariant
(
.claude/rules/no-false-ship.md).
- Rejected (๊ธฐ๊ฐ) โ majority of verifiers refute it (rubric-match without real defect, wrong
reasoning, already handled). A majority refute kills the finding.
Engineer verifier diversity deliberately. MAV names the failure mode that breaks the whole
ensemble: correlated-verifier collapse โ if every reviewer shares the same model, prompt,
and blind spot, the adversarial pass rubber-stamps wrong findings and hands you false
confidence. Vary roles, ordering, and prompts so verifiers don't share blind spots. If you
cannot achieve independence, say so in the report and downgrade your confidence accordingly.
4. Cap the loops
Verification cost scales with verifier count and debate rounds. Set a hard ceiling on
revision/debate iterations (this is a gates-taxonomy Revision gate โ iteration cap mandatory)
and escalate to the user rather than loop forever on a contested finding. Unbounded debate
buys diminishing returns at runaway token cost.
5. Score surviving findings with RICE
Rank confirmed (and any carried-forward unverified) findings with Reach ร Impact ร Confidence
/ Effort = impact per time worked.
https://www.intercom.com/blog/rice-simple-prioritization-for-product-managers/
The Confidence multiplier is where the verification tier pays off โ map it directly:
| Verdict | RICE Confidence |
|---|
| Confirmed + hard evidence | 100% |
| Confirmed by verifier consensus | 80% |
| Unverified (carried, not dropped) | 50% or lower |
This makes weakly-evidenced findings sink in the ranking automatically โ you carry them
honestly instead of either pretending they're certain or silently deleting them. Rank by raw
severity or gut feel and high-impact-but-unproven items jump the queue; the Confidence term
exists precisely to stop that.
6. Synthesize the M-numbered roadmap
Cluster surviving findings (affinity-style), trace each to the North Star or an Input (drop the
strategically immaterial), and emit a milestone roadmap with as many milestones as the
findings warrant โ M1, M2, โฆ however far the work runs (the real run landed at M4). There is
no fixed milestone count; severity and clustering decide it. Every roadmap item carries:
dimension tag ยท verdict ยท RICE score ยท North-Star linkage ยท evidence pointer. Items that
don't move the metric or an Input are flagged as nice-to-have, not milestone-blocking.
No-false-ship evidence matrix
Because this audit itself can over-claim, report each dimension's verification the same way the
repo's no-false-ship rule demands for shipped features โ per-path evidence, unverified shown as
unverified, never one path's evidence reused for another:
| Dimension | Finder evidence | Verifier outcome | Verdict |
|-------------|----------------------------|-------------------------|-----------|
| Code | failing test repro'd | 3/3 verifiers confirm | ํ์ |
| UX | heuristic #4 violation | 2/3 confirm, context ok | ํ์ |
| Security | suspected authz gap | 0 verifier votes | ๋ฏธ๊ฒ์ฆ |
| Promotion | README claim vs built | majority refute | ๊ธฐ๊ฐ |
A row with no verifier votes stays "๋ฏธ๊ฒ์ฆ" in the final report. Hiding it and declaring "audit
complete" is exactly the false-ship failure this skill exists to prevent.
Worked example (Input โ Output)
Input (user, verbatim trigger):
"ultracode ์ ์ฒด ์๋น์ค๋ฅผ ์ ๊ฒํ์ โ ์ฝ๋ยทUXยทํ์ฅ์ฑยท๊ธฐํยท๋ถ๊ทน์ฑ์งํยท๋ณด์ยทํ๋ณด ๋ฌธ์ ์ ํ์
ํ๊ณ
์ฐ์ ์์์ ๋ฐ๋ผ ๊ฐ์ ํ์."
Process:
- Pre-flight: North Star = "weekly successful first-install completions"; Inputs = wizard
completion rate, CLI flag coverage, install success rate.
- Fan-out: 7 finders, each with its rubric. ~40 raw candidate findings.
- Adversarial verify (re-ordered, diverse verifiers): 29 survive, 8 refuted, several land in
๋ฏธ๊ฒ์ฆ with 0 votes and stay there.
- Loop cap hit on one contested scalability claim โ escalated to user, not debated to death.
- RICE: a confirmed-with-failing-test code bug (Confidence 100%) outranks a plausible-but-
unverified marketing gap (Confidence 50%) even though the marketing gap felt bigger.
- Synthesize.
Output (abridged):
Service Audit โ ํ์ 29 / ๋ฏธ๊ฒ์ฆ (carried) N / ๊ธฐ๊ฐ 8
M1 (now): [Codeยทํ์ ยทRICE 9.6] install crash on --with-* flag (failing test attached)
[Securityยทํ์ ยทRICE 8.1] secret in committed config โ moves Input "install success"
M2: [UXยทํ์ ยทRICE 6.4] wizard step skips a category โ moves Input "wizard completion"
M3: [Scaleยทํ์ ยทRICE 4.2] category list hardcoded in 2 places โ derive
M4: [Promotionยทํ์ ยทRICE 3.5] README over-claims a feature (Working-Backwards gap)
Parked: [Securityยท๋ฏธ๊ฒ์ฆยทconf 50%] suspected authz gap โ needs reproduction before action
Rejected: 8 findings (rubric-match without real defect / already handled)
(the run stopped at M4 โ milestone count follows the findings, it is not a fixed five)
Every M-item: dimension-tagged, verdict-graded, North-Star-linked, RICE-ranked.
Cross-references (don't duplicate โ hand off)
- UX dimension can spawn the multi-persona UX review skill (
multi-persona-review) for
deeper persona-based heuristic inspection instead of a single UX finder.
- Gap findings (built vs promised, missing E2E coverage) hand off to
gap-analysis-e2e
rather than being re-derived here.
- The roadmap output feeds
northstar-roadmap, which owns milestone sequencing and
North-Star input modeling in depth.
- For repo discipline this skill enforces:
.claude/rules/no-false-ship.md (evidence matrix,
confirmed/unverified/rejected) and .claude/rules/gates-taxonomy.md (Revision-loop cap,
Escalation on contested findings).
Progressive disclosure
This SKILL.md is the operating manual. If per-dimension rubrics need to grow (e.g. a full
Nielsen severity scale, or a language-specific code-review checklist), put them in a
reference/ file beside this one and link it here โ keep this file lean. The extensibility
contract stays: a new dimension = a named rubric + its own independent verifier, nothing else.