// Checks cyclomatic complexity, nesting, long methods, god classes, O(n2), N+1 queries, constants management. Use when auditing code quality.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | ln-624-code-quality-auditor |
| description | Checks cyclomatic complexity, nesting, long methods, god classes, O(n2), N+1 queries, constants management. Use when auditing code quality. |
| allowed-tools | Read, Grep, Glob, Bash, mcp__hex-graph__audit_workspace, mcp__hex-graph__analyze_architecture, mcp__hex-line__read_file, mcp__hex-line__grep_search, mcp__hex-line__outline |
| license | MIT |
Paths: File paths (
references/,../ln-*) are relative to this skill directory.
Type: L3 Worker
Specialized worker auditing code complexity, method signatures, algorithms, and constants management.
MANDATORY READ: Load references/audit_worker_core_contract.md.
Tool policy: follow host AGENTS.md MCP preferences; load references/mcp_tool_preferences.md and references/mcp_integration_patterns.md only when host policy is absent or MCP behavior is unclear.
Receives contextStore with: tech_stack, best_practices, principles, codebase_root, output_dir.
Domain-aware: Supports domain_mode + current_domain (see audit_output_schema.md#domain-aware-worker-output).
Use hex-graph first when hotspots, architecture coupling, or semantic relationships materially improve the audit. Use hex-line first for local code reads when available. If MCP is unavailable, unsupported, or not indexed, continue with built-in Read/Grep/Glob/Bash and state the fallback in the report.
Detection policy: use two-layer detection (candidate scan, then context verification); load references/two_layer_detection.md only when the verification method is ambiguous.
scan_path (domain-aware if specified), extract output_dirscan_path (not codebase_root)contextStore.graph_indexed OR .hex-skills/codegraph/index.db exists:
audit_workspace(path=scan_path, verbosity="minimal", limit=5) -- use returned hotspots to pre-identify complex functions and god classes. Raise limit only for deliberate drill-down.analyze_architecture(path=scan_path, verbosity="full") -- use returned coupling metrics for cascade depth and coupling analysis.outline(file_path) before reading large source files -- understand function/class structure for complexity analysis.Grep(pattern="if.*if.*if", path=scan_path) for nesting detectiondomain: domain_name (if domain-aware)references/templates/audit_worker_report_template.md, write to {output_dir}/ln-624--{domain}.md (or 624-quality.md in global mode) in single Write callWhat: Too many decision points in single function (> 10)
Detection:
eslint-plugin-complexity, radon (Python), gocyclo (Go)Severity:
Recommendation: Split function, extract helper methods, use early returns
Effort: M-L (depends on complexity)
What: Nested if/for/while blocks too deep
Detection:
Severity:
Recommendation: Extract functions, use guard clauses, invert conditions
Effort: M (refactor structure)
What: Functions too long, doing too much
Detection:
Severity:
Recommendation: Split into smaller functions, apply Single Responsibility
Effort: M (extract logic)
What: Files with too many responsibilities
Detection:
Severity:
Recommendation: Split into multiple files, apply separation of concerns
Effort: L (major refactor)
What: Functions with excessive parameters
Detection:
Severity:
Recommendation: Use parameter object, builder pattern, default parameters
Effort: S-M (refactor signature + calls)
What: Inefficient nested loops over collections
Detection:
for (i) { for (j) { ... } }arr.map(x => arr.filter(...))Severity:
Recommendation: Use hash maps, optimize with single pass, use better data structures
Effort: M (algorithm redesign)
What: ORM lazy loading causing N+1 queries
Detection:
users.forEach(u => u.getPosts())Severity:
Recommendation: Use eager loading, batch queries, JOIN
Effort: M (change ORM query)
What: Magic numbers/strings, decentralized constants, duplicates
Detection:
| Issue | Pattern | Example |
|---|---|---|
| Magic numbers | Hardcoded numbers in conditions/calculations | if (status === 2) |
| Magic strings | Hardcoded strings in comparisons | if (role === 'admin') |
| Decentralized | Constants scattered across files | MAX_SIZE = 100 in 5 files |
| Duplicates | Same value multiple times | STATUS_ACTIVE = 1 in 3 places |
| No central file | Missing constants.ts or config.py | No single source of truth |
Severity:
Recommendation:
constants.ts, config.py, constants.go)const STATUS_ACTIVE = 1Effort: M (extract constants, update imports, consolidate)
What: Poor method contracts reducing readability and maintainability
Detection:
| Issue | Pattern | Example |
|---|---|---|
| Boolean flag params | >=2 boolean params in signature | def process(data, is_async: bool, skip_validation: bool) |
| Too many optional params | >=3 optional params with defaults | def query(db, limit=10, offset=0, sort="id", order="asc") |
| Inconsistent verb naming | Different verbs for same operation type in one module | get_user() vs fetch_account() vs load_profile() |
| Unclear return type | -> dict, -> Any, -> tuple without TypedDict/NamedTuple | def get_stats() -> dict instead of -> StatsResponse |
Severity:
Recommendation:
get_ for sync, fetch_ for async, etc.)Effort: S-M (refactor signatures + callers)
What: Functions triggering cascading chains of external side-effects (DB writes -> notifications -> metrics -> limits).
Detection:
MANDATORY READ: Load references/ai_ready_architecture.md for side-effect markers, false positive exclusions, and opaque sink rules.
**/services/**/*.{py,ts,js,cs,java} to find service filesSeverity:
Conflict Resolution: IF function is an orchestrator/coordinator (imports 3+ services AND delegates to them sequentially) -> ARCH-AI-SEB does NOT apply. Orchestrators are EXPECTED to have multiple side-effect categories. Only flag SEB for leaf functions.
Recommendation: Refactor to flat orchestration -- extract side-effects into independent sink functions. See reference.
Effort: M-L
Output: Also generate summary Pipe/Sink table per module:
| Module | Sinks (0-1) | Shallow Pipes (2) | Deep Pipes (3+) | Sink Ratio |
|---|
MANDATORY READ: Load references/audit_scoring.md.
MANDATORY READ: Load references/templates/audit_worker_report_template.md.
Write JSON summary per references/audit_summary_contract.md. In managed mode the caller passes both runId and summaryArtifactPath; in standalone mode the worker generates its own run-scoped artifact path per shared contract.
Write report to {output_dir}/ln-624--{domain}.md (or 624-quality.md in global mode) with category: "Code Quality" and checks: cyclomatic_complexity, deep_nesting, long_methods, god_classes, too_many_params, quadratic_algorithms, n_plus_one, magic_numbers, method_signatures, cascade_depth.
Return summary per references/audit_summary_contract.md.
When summaryArtifactPath is absent, write the standalone runtime summary under .hex-skills/runtime-artifacts/runs/{run_id}/evaluation-worker/{worker}--{identifier}.json and optionally echo the same summary in structured output.
Report written: .hex-skills/runtime-artifacts/runs/{run_id}/audit-report/ln-624--orders.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)
Apply the already-loaded references/audit_worker_core_contract.md.
domain_mode="domain-aware", scan ONLY scan_path (not entire codebase)domain field in each finding when domain-awareApply the already-loaded references/audit_worker_core_contract.md.
{output_dir}/ln-624--{domain}.md (atomic single Write call)references/audit_output_schema.mdVersion: 3.0.0 Last Updated: 2025-12-23