ワンクリックで
product-quality-analysis
Product quality metrics, SonarCloud analysis, technical debt management, code quality gates
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Product quality metrics, SonarCloud analysis, technical debt management, code quality gates
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Identity and access management: RBAC, least privilege, MFA, quarterly reviews per ISO 27001 A.5.15, A.8.2, A.8.3
Business continuity and disaster recovery: 30-day retention, quarterly restore tests, RTO/RPO targets per ISO 27001 A.17
Political psychology, cognitive biases, group dynamics, leadership analysis, decision-making patterns for Swedish political intelligence
Risk-based data and asset classification framework: PUBLIC, INTERNAL, CONFIDENTIAL, RESTRICTED aligned with ISO 27001 A.5.12 and CIA triad
Unified compliance verification across ISO 27001, NIST CSF, CIS Controls, NIS2, EU CRA, GDPR, SOC 2, PCI DSS, and HIPAA for cybersecurity consulting
Cryptographic controls implementation: TLS 1.3, AES-256-GCM, bcrypt, RSA-4096, key management per NIST FIPS 140-2 and ISO 27001 A.8.24
| name | product-quality-analysis |
| description | Product quality metrics, SonarCloud analysis, technical debt management, code quality gates |
| license | Apache-2.0 |
This skill provides guidance for measuring, monitoring, and improving product quality in the CIA platform using SonarCloud analysis, code quality gates, technical debt management, and quality metrics. It ensures the political intelligence platform maintains high reliability and maintainability.
Apply this skill when:
Do NOT use for:
Quality Gate: CIA Platform Standard
│
├─ NEW CODE (changes since last version)
│ ├─ Coverage ≥ 80% on new code
│ ├─ Duplicated lines ≤ 3%
│ ├─ Maintainability rating = A
│ ├─ Reliability rating = A
│ ├─ Security rating = A
│ ├─ Security hotspots reviewed = 100%
│ └─ No new blocker or critical issues
│
└─ OVERALL CODE
├─ Coverage ≥ 70% (target: 80%)
├─ Duplicated lines ≤ 5%
├─ Technical debt ratio ≤ 5%
├─ Maintainability rating ≥ B
├─ Reliability rating ≥ B
└─ Security rating ≥ B
Pull Request Quality Check
│
├─→ SonarCloud analysis passes?
│ ├─ YES → Continue
│ └─ NO → Block merge, fix issues
│
├─→ Code coverage meets threshold?
│ ├─ YES → Continue
│ └─ NO → Add missing tests
│
├─→ No new critical/blocker issues?
│ ├─ YES → Continue
│ └─ NO → Fix before merge
│
├─→ Security hotspots reviewed?
│ ├─ YES → Continue
│ └─ NO → Review and classify
│
└─→ Approve PR for merge
| Metric | Description | Target | Action if Below |
|---|---|---|---|
| Bugs | Reliability issues | 0 new | Fix before merge |
| Vulnerabilities | Security flaws | 0 new | Fix immediately |
| Code smells | Maintainability issues | A rating | Refactor in sprint |
| Coverage | Test coverage % | ≥ 80% new | Add unit tests |
| Duplications | Copy-paste code % | ≤ 3% new | Extract shared code |
| Complexity | Cyclomatic complexity | < 10/method | Decompose methods |
| Cognitive complexity | Readability measure | < 15/method | Simplify logic |
| Technical debt | Effort to fix issues | < 5% ratio | Plan debt sprints |
SonarCloud Rating Scale:
A = 0 issues (excellent)
B = at least 1 minor issue
C = at least 1 major issue
D = at least 1 critical issue
E = at least 1 blocker issue
CIA Platform Minimum: B for overall, A for new code
Technical Debt Categories
│
├─ DESIGN DEBT
│ ├─ Circular dependencies between modules
│ ├─ Missing abstraction layers
│ └─ Tight coupling between services
│
├─ CODE DEBT
│ ├─ Duplicated code across modules
│ ├─ Complex methods (high cyclomatic complexity)
│ ├─ Missing or outdated documentation
│ └─ Inconsistent naming conventions
│
├─ TEST DEBT
│ ├─ Missing unit tests for critical paths
│ ├─ Flaky integration tests
│ ├─ No E2E tests for user flows
│ └─ Low branch coverage in complex logic
│
└─ DEPENDENCY DEBT
├─ Outdated library versions
├─ Unused dependencies in POMs
├─ Known vulnerability in dependencies
└─ License compatibility issues
| Impact | Effort: Low | Effort: Medium | Effort: High |
|---|---|---|---|
| High | Fix immediately | Plan for next sprint | Schedule dedicated sprint |
| Medium | Fix during feature work | Add to backlog | Evaluate ROI |
| Low | Boy scout rule | Track in backlog | Defer |
// ✅ Boy Scout Rule: Leave code cleaner than you found it
// When modifying a method, also:
// - Add missing tests
// - Fix adjacent code smells
// - Update outdated JavaDoc
// - Remove unused imports
// ✅ Extract Method for complex logic
// BEFORE: Method with cyclomatic complexity > 10
public String analyzeVotingPattern(List<Vote> votes) {
// 50+ lines of complex logic
}
// AFTER: Decomposed into focused methods
public String analyzeVotingPattern(List<Vote> votes) {
VoteStatistics stats = calculateStatistics(votes);
String trend = identifyTrend(stats);
return formatAnalysis(stats, trend);
}
CIA Platform Module Quality Targets:
│
├─ model.* modules
│ ├─ Coverage: ≥ 70% (generated code excluded)
│ ├─ Complexity: Low (POJOs, entities)
│ └─ Focus: Correct JPA annotations, equals/hashCode
│
├─ service.* modules
│ ├─ Coverage: ≥ 85% (business logic)
│ ├─ Complexity: Medium (application logic)
│ └─ Focus: Transaction boundaries, error handling
│
├─ web-widgets module
│ ├─ Coverage: ≥ 75% (UI logic)
│ ├─ Complexity: Medium (view logic)
│ └─ Focus: Accessibility, responsive design
│
└─ citizen-intelligence-agency module
├─ Coverage: ≥ 80% (integration)
├─ Complexity: Low (configuration, wiring)
└─ Focus: Security configuration, startup
<!-- JaCoCo coverage enforcement -->
<plugin>
<groupId>org.jacoco</groupId>
<artifactId>jacoco-maven-plugin</artifactId>
<configuration>
<rules>
<rule>
<element>BUNDLE</element>
<limits>
<limit>
<counter>LINE</counter>
<value>COVEREDRATIO</value>
<minimum>0.80</minimum>
</limit>
<limit>
<counter>BRANCH</counter>
<value>COVEREDRATIO</value>
<minimum>0.70</minimum>
</limit>
</limits>
</rule>
</rules>
</configuration>
</plugin>
Code Quality Review:
□ SonarCloud quality gate passes
□ No new bugs or vulnerabilities
□ Code coverage ≥ 80% on new code
□ No duplicated blocks > 10 lines
□ Cyclomatic complexity < 10 per method
□ Cognitive complexity < 15 per method
□ JavaDoc on public APIs
□ Consistent naming conventions
□ No TODO/FIXME without linked issue
Release Quality Assessment:
□ Overall coverage trending upward
□ Technical debt ratio ≤ 5%
□ Zero blocker or critical issues
□ All security hotspots reviewed
□ Dependency updates applied
□ Performance regression tests pass
□ E2E test suite passes