メニュー
Use when asked to audit, evaluate, or understand a codebase's architecture. Covers structure, patterns, coupling, cohesion, and architectural drift. Use after codebase-mapping for full context.
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Use when porting any module from a Next.js (React) app to a Nuxt 4 (Vue 3) production app backed by NestJS. User provides module name and three repo paths. Covers submodule analysis, backend verification, feature inventory, sidebar registration, theme/dark-mode rules, and multi-pass execution.
Use as the master reference for all core principles, anti-hallucination protocol, severity framework, and skill activation rules. Every other skill inherits from this. Read this first in any new session.
Use when creating new skills for the skills library. Defines the structure, format, quality standards, and testing requirements for new skills.
Multi-agent council using real subagent spawning (Task() tool), deterministic CLI state management, and file-based handoffs. Orchestrator stays lean while specialists execute in fresh contexts.
Use when you have a spec or requirements for a multi-step task and need to create a detailed implementation plan before touching code.
Use when you have a detailed implementation plan and need to execute it task by task with deviation handling, checkpoints, and atomic commits.
| name | architecture-audit |
| description | Use when asked to audit, evaluate, or understand a codebase's architecture. Covers structure, patterns, coupling, cohesion, and architectural drift. Use after codebase-mapping for full context. |
Evaluate the structural health of a codebase — patterns, coupling, cohesion, and alignment between what the code claims to be and what it actually is.
Core principle: Architecture is not what's drawn on a whiteboard. It's what's in the code.
NO ARCHITECTURAL CLAIMS WITHOUT READING THE ACTUAL CODE
codebase-mapping first)systematic-debugging)performance-audit)codebase-mapping)YOU CANNOT:
- Assess architecture from directory names alone — read the actual code in each layer
- Claim "clean architecture" because folders are named well — check dependency direction
- Say "patterns are consistent" without checking EVERY module — inconsistency hides in corners
- Skip dependency graph analysis — coupling only reveals itself through imports
- Accept "it works" as architectural validation — working ≠ well-architected
- Audit only the happy path — error handling architecture matters equally
- Skip cross-cutting concerns — auth, logging, config are architecture too
- Trust documentation over code — code is the source of truth, docs drift
| Rationalization | Reality |
|---|---|
| "The folder structure looks clean" | Folder structure ≠ architecture. Check dependency direction. |
| "We're using MVC/Clean Architecture" | Claiming a pattern ≠ implementing it. Verify with imports. |
| "Only the core modules matter" | Utility modules, middleware, and config can rot the architecture. |
| "It's a small project, architecture doesn't matter" | Small projects become large projects. Foundation matters. |
| "We'll fix the architecture later" | Later never comes. Architectural debt compounds exponentially. |
| "The tests prove the architecture is fine" | Tests can pass in a poorly architected system. |
1. Can I add a new feature without modifying existing code? (OCP)
2. Can I replace the database without touching business logic? (DIP)
3. Can I describe what each module does in ONE sentence? (SRP/cohesion)
4. Do inner layers depend on outer layers? (dependency direction violation)
5. If I change one module, how many other modules break? (coupling)
6. Are there circular dependencies? (sure sign of tangled architecture)
7. Does the code match the claimed architecture pattern?
8. Are cross-cutting concerns (auth, logging, errors) centralized or scattered?
9. Can I test business logic without infrastructure? (testability)
10. Is there a God class/module that everything depends on?
1. MAP the directory structure — what's where
2. IDENTIFY the architectural pattern (layered, hexagonal, microservices, monolith, etc.)
3. COMPARE claimed architecture (docs) vs actual architecture (code)
4. DOCUMENT the real dependency graph
Key questions:
1. MAP module dependencies — who imports what
2. IDENTIFY circular dependencies
3. CHECK dependency direction — do inner layers depend on outer?
4. MEASURE coupling — how many modules change when one module changes?
Dependency direction rules:
✅ Controllers → Services → Repositories → Models
❌ Models → Services (wrong direction)
❌ Services → Controllers (wrong direction)
❌ Utilities → Business Logic (wrong direction)
Dependency health matrix:
| Metric | Healthy | Warning | Critical |
|---|---|---|---|
| Circular dependencies | 0 | 1-2 | 3+ |
| Max dependency depth | 3-4 layers | 5-6 layers | 7+ layers |
| Fan-out (imports per module) | < 5 | 5-10 | > 10 |
| Fan-in (dependents per module) | < 10 | 10-20 | > 20 (God module) |
1. IDENTIFY the dominant patterns (Repository, Service, Factory, etc.)
2. CHECK if patterns are applied consistently
3. FIND violations — where does the pattern break?
4. ASSESS — is the pattern appropriate for the problem?
Common pattern violations:
| Pattern | Violation | Impact |
|---|---|---|
| MVC | Business logic in controllers | Untestable, duplicated logic |
| Repository | Direct SQL in services | Coupled to DB implementation |
| Service Layer | Fat controllers, thin services | Logic scattered across layers |
| Event-Driven | Synchronous calls bypassing events | Hidden behavior, tight coupling |
| Clean Architecture | Framework code in domain layer | Domain locked to framework |
| Microservices | Direct database calls between services | Shared state, no isolation |
| DDD | Anemic domain models (data-only entities) | Business logic leaks to services |
1. CHECK module cohesion — does each module have a single, clear purpose?
2. CHECK boundary clarity — can you describe what a module does in one sentence?
3. FIND leaking abstractions — internal details exposed to consumers
4. IDENTIFY god classes/modules — things that do too much
Cohesion checklist:
| Question | Healthy | Unhealthy |
|---|---|---|
| Can you describe this module in one sentence? | Yes | "It does X and Y and also Z" |
| How many reasons to change? | 1-2 | 5+ |
| How many other modules depend on it? | Few | Everyone |
| Can you replace it without changing consumers? | Yes | No |
| Are its internals hidden from consumers? | Yes | Consumers reach into internals |
1. HOW is authentication handled? (centralized or scattered?)
2. HOW is authorization enforced? (middleware, decorators, manual checks?)
3. HOW is error handling done? (global handler, per-endpoint, inconsistent?)
4. HOW is logging implemented? (structured, unstructured, missing?)
5. HOW is configuration managed? (env vars, hardcoded, mixed?)
6. HOW are transactions managed? (explicit, implicit, missing?)
7. HOW is validation done? (centralized, per-endpoint, duplicated?)
Cross-cutting concern health:
| Concern | Centralized | Scattered | Missing |
|---|---|---|---|
| Auth | ✅ Middleware | ⚠️ Per-route checks | 🔴 No auth |
| Errors | ✅ Global handler | ⚠️ Try-catch everywhere | 🔴 Unhandled errors |
| Logging | ✅ Structured, central | ⚠️ console.log scattered | 🔴 No logging |
| Config | ✅ Environment + defaults | ⚠️ Hardcoded in some places | 🔴 Secrets in code |
| Validation | ✅ Shared validators | ⚠️ Inline checks | 🔴 No validation |
1. HOW hard is it to add a new feature? (new endpoint, new entity, new UI page)
2. HOW hard is it to change an existing feature?
3. HOW hard is it to delete a feature?
4. WHAT breaks when you touch one thing? (blast radius)
5. HOW would this scale at 10x the current load?
6. WHAT would a new team member struggle with?
# Architecture Audit: [Project Name]
## Executive Summary
[2-3 sentences: overall health assessment]
## Architecture Overview
- **Pattern:** [Identified pattern]
- **Claimed vs Actual:** [Alignment assessment]
- **Module Count:** [N modules/packages/services]
- **Primary Language(s):** [Languages]
## Dependency Map
[Key dependencies and their directions]
## Findings
### 🔴 Critical
[Findings with evidence and recommendations]
### 🟠 High
[...]
### 🟡 Medium
[...]
### 🟢 Low
[...]
## Metrics
| Metric | Value | Assessment |
|--------|-------|------------|
| Circular dependencies | N | 🔴/🟢 |
| God classes (>300 lines) | N | 🔴/🟢 |
| Dependency depth | N layers | 🟡/🟢 |
| Test coverage estimate | N% | 🟡/🟢 |
| Avg file length | N lines | 🟡/🟢 |
| Cross-cutting consistency | N/7 centralized | 🟡/🟢 |
## Recommendations
[Priority-ordered improvements with effort estimates]
## Verdict
[PASS / CONDITIONAL PASS / FAIL]
codebase-mapping for initial understandingsecurity-audit, performance-audit, database-auditrefactoring-safely for recommended improvementswriting-plans for remediation work