원클릭으로
evidence-validation
Codify "verify, don't trust" — what counts as valid evidence per review dimension, and how to judge it.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Codify "verify, don't trust" — what counts as valid evidence per review dimension, and how to judge it.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Keep commits atomic — split a mixed change set into scoped, reviewable commits.
The one-time procedure to take an exported project to live — understand it, confirm the name/goal/stack with the user, run the deterministic `aspis bootstrap`, enrich the judgment files (AGENTS.md, ARCHITECTURE, context), verify, and let the package self-clean. Followed by the bootstrap agent.
Keep per-subsystem architectural intent current through the planning loop — read before designing, record an impact report on change, confirm with the user, apply a dated update, and verify the build against approved intent.
Audit a plan's task dependency graph for structural integrity — circular dependencies, missing prerequisites, orphan tasks, and dependency classification (hard/soft/warning). Produces a pass/warn/fail audit report per dependency so planners catch graph errors before build starts.
Every editing agent should start on a clean working tree so parallel work never collides.
Verify hooks ran, no secrets, protected paths untouched, and commit message valid before committing. Owned by the reviewer.
| name | evidence-validation |
| description | Codify "verify, don't trust" — what counts as valid evidence per review dimension, and how to judge it. |
Every review finding must be backed by observable, specific evidence — never opinion, never "feels wrong." This skill defines what counts as valid evidence for each review dimension, so the reviewer never issues an unsupported verdict.
changes-required or rejected verdict — every HIGH+ finding must have
evidence.A finding without file:line or observable-trace evidence is NOT a finding — it's an impression. Drop it or downgrade it to LOW with a note. A verdict cannot rest on un-evidenced findings.
| Dimension | Valid evidence |
|---|---|
| Correctness | Failing test output, counterexample input/output, logic error at specific line |
| Scope | File change outside the packet's allowed-files list, diff showing forbidden path touched |
| Architecture | Constitution rule violated at specific file:line, cost-of-change count |
| Maintainability | Concrete readability issue (e.g. 100+ line function, 5+ nesting levels), missing self-documentation |
| Reliability | Race condition trace, missing error handling at specific line, non-idempotent operation |
| Security | OWASP-catalogued vulnerability at specific line, secret in diff, missing input sanitization |
| Performance | N+1 query visible in code, O(n²) loop without bounds, missing cache on repeated computation |
| Standards | Violation of a named convention at file:line (e.g. missing docstring, non-standard import order) |
| Documentation | Missing Purpose/Does Not/Used By block, undocumented public API, stale comment contradicting code |
file:line — what's wrong — why — severity — fix — evidence.