一键导入
review-compliance
Validates business requirements compliance - generates OpenAPI specs, creates contract tests, and ensures acceptance criteria alignment
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Validates business requirements compliance - generates OpenAPI specs, creates contract tests, and ensures acceptance criteria alignment
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Injects project context (AGENT_DOCS_DIR, active story) before every skill invocation via PreToolUse hook.
Discover skills in this marketplace that match your workflow. Accepts a workload or task description, scans all released skills, and recommends the best matches with install commands. Use when users ask 'what skills are available', 'find a skill for X', 'which skill helps me with Y', 'what can I install', or 'recommend skills for my workflow'.
Collect non-functional requirements through interactive Q&A. Asks targeted questions about performance, scalability, security, reliability, and cost constraints. Invokable with /gather-nfr.
Hypothesis-driven bug investigation with mandatory regression tests
Create git commits with configurable numbering (issue-based or sequential). Analyzes staged changes and generates commit messages following project conventions. Optionally creates GitHub issues if no active story exists.
Spawn the Architect agent to map business requirements to implementation details, produce implementation briefs, assess risks, and create ADRs. Use for standalone architecture tasks without the full agile team.
| name | review:compliance |
| description | Validates business requirements compliance - generates OpenAPI specs, creates contract tests, and ensures acceptance criteria alignment |
The compliance skill acts as a quality architect that enforces test coverage for acceptance criteria before commits, and validates API compliance:
When to use:
# Full compliance scan
/compliance
# Validate specific API
/compliance --api admin
# Run specific phase
/compliance --phase openapi
/compliance --phase contract
/compliance --phase coverage
/compliance --phase acceptance
# Get help
/compliance --help
The skill executes in five phases. Phase 0 runs first as a pre-commit quality gate:
Phase 0: AC Validation (Quality Gates)
↓
Active Story → Extract/Generate ACs → Link to Tests → Validate P0=100% → Block if Gaps
↓
Phase 1-4 (API Compliance - Optional)
↓
OpenAPI Generation → Contract Tests → Coverage Analysis → PRD Validation
↓ ↓ ↓ ↓
docs/api/*.yaml **/__tests__/ Missing tests Compliance report
Phase 0 is the primary mode - it enforces quality standards before commits. Phases 1-4 are optional - run when working with APIs or legacy PRD validation.
Purpose: Enforce test coverage for acceptance criteria before commits. Acts as a quality gate that blocks commits when P0 ACs aren't fully tested.
See: @references/quality-architect-mode.md for detailed guide
Process:
$AGENT_DOCS_DIR/active-story.yamlExample:
# Run as part of /gh:commit workflow (automatic)
/gh:commit
# → 🔍 Running quality gate checks...
# → ✓ Extracted 3 ACs from story #305
# → ✓ Linked 2/3 ACs to tests
# → ❌ Commit blocked: 1 P0 AC not tested
# → Generated test stub: src/__tests__/ac-002.test.ts
# Or run standalone
/compliance --phase 0
# → Validates ACs and generates report
# → Exits with code 1 if P0 gaps exist
Output:
.claude/compliance/acceptance-criteria.json - AC data structure with evidence.claude/compliance/story-{issueNumber}-compliance.md - Quality gate report{module}/__tests__/ac-{id}.test.ts - Generated test stubs (for P0 gaps)When to use:
/gh:commit before creating commitsQuality Gates:
AC Generation Strategy:
Test Linking Strategy:
Grep(keywords, glob: **/__tests__/**/*.test.ts)Test Stub Generation:
Purpose: Generate machine-readable API specifications from TypeScript Lambda code.
See: @references/openapi-generation.md for detailed guide
Process:
Example:
/compliance --phase openapi --api admin
# → Analyzes lambda/admin/index.ts
# → Generates docs/api/admin-openapi.yaml
# → Validates spec syntax
Output:
docs/api/{api}-openapi.yaml - OpenAPI 3.0 specificationWhen to use:
Purpose: Generate automated tests that validate API contracts against OpenAPI specs.
See: @references/contract-testing.md for detailed guide
Process:
Example:
/compliance --phase contract --api admin
# → Reads docs/api/admin-openapi.yaml
# → Generates lambda/admin/__tests__/contract.test.ts
# → Creates 40+ schema validation tests
Output:
lambda/{api}/__tests__/contract.test.ts - Jest test suiteWhen to use:
Purpose: Identify untested code paths and generate missing tests.
See: @references/coverage-analysis.md for detailed guide
Process:
Example:
/compliance --phase coverage --lambda admin
# → Runs: cd lambda/admin && npm test -- --coverage
# → Parses coverage report
# → Identifies 12 untested functions
# → Generates lambda/admin/__tests__/index.test.ts
Output:
lambda/{api}/__tests__/index.test.ts - Generated unit testsWhen to use:
Purpose: Ensure implementation meets documented business requirements.
See: @references/acceptance-criteria.md for detailed guide
Process:
Example:
/compliance --phase acceptance --prd PRD-ADMIN-API.md
# → Parses docs/archive/root/PRD-ADMIN-API.md
# → Extracts 15 acceptance criteria
# → Searches codebase for implementation
# → Calculates compliance: 87% (13/15 met)
# → Generates docs/compliance-report.md
Output:
docs/compliance-report.md - Compliance status and gapsWhen to use:
The skill reads settings from config.yaml:
# Phase 1: OpenAPI Generation
openapi:
enabled: true
output_dir: "docs/api"
validate: true
apis:
- name: admin
path: lambda/admin/index.ts
- name: referral
path: lambda/referral/index.ts
# Phase 2: Contract Tests
contract:
enabled: true
output_pattern: "lambda/{api}/__tests__/contract.test.ts"
# Phase 3: Test Coverage
coverage:
enabled: true
thresholds:
lambda: 80
infrastructure: 70
# Phase 4: Acceptance Criteria
acceptance:
enabled: true
sources:
- docs/archive/root/PRD-*.md
Customize:
# Add new API
yq e '.openapi.apis += {"name": "auth", "path": "lambda/auth/index.ts"}' -i config.yaml
# Adjust coverage threshold
yq e '.coverage.thresholds.lambda = 90' -i config.yaml
# Disable phase
yq e '.contract.enabled = false' -i config.yaml
/compliance
# Output:
# ✓ Phase 1: OpenAPI Generation
# → admin: 8 endpoints documented (docs/api/admin-openapi.yaml)
# → referral: 6 endpoints documented (docs/api/referrals-openapi.yaml)
#
# ✓ Phase 2: Contract Tests
# → admin: 48 tests generated, all passing
# → referral: 36 tests generated, all passing
#
# ✓ Phase 3: Coverage Analysis
# → admin: 45% → 82% (generated 23 tests)
# → referral: 91% (no gaps)
#
# ✓ Phase 4: Acceptance Criteria
# → PRD-ADMIN-API.md: 13/15 criteria met (87%)
# → PRD-REFERRAL-API.md: 8/8 criteria met (100%)
#
# Compliance Score: 92% (21/23 criteria met)
# See: docs/compliance-report.md for details
/compliance --api admin
# Output:
# ✓ Analyzing lambda/admin/index.ts
# ✓ Generated docs/api/admin-openapi.yaml (8 endpoints)
# ✓ Validated spec: no errors
# ✓ Generated 48 contract tests
# ✓ Coverage: 45% → 82%
# ✓ Compliance: 87% (13/15 criteria met)
#
# Gaps:
# - AC-03: Email notifications on user suspension (not implemented)
# - AC-12: Audit log retention policy (not tested)
# Just generate OpenAPI specs
/compliance --phase openapi
# → docs/api/admin-openapi.yaml
# → docs/api/referrals-openapi.yaml
# Just run coverage analysis
/compliance --phase coverage
# → Analyzes all Lambdas
# → Generates missing tests
# → Reports new coverage percentages
After running /compliance, these files are created or updated:
OpenAPI Specifications:
docs/api/
├── admin-openapi.yaml # Admin API (8 endpoints)
├── referrals-openapi.yaml # Referral API (6 endpoints)
└── auth-edge-openapi.yaml # Lambda@Edge auth (3 endpoints)
Contract Tests:
lambda/admin/__tests__/
└── contract.test.ts # 48 schema validation tests
lambda/referral/__tests__/
└── contract.test.ts # 36 schema validation tests
Unit Tests:
lambda/admin/__tests__/
└── index.test.ts # Generated unit tests (coverage gaps)
Reports:
docs/
└── compliance-report.md # Compliance status, gaps, recommendations
With other skills:
/gh:commit - Reference compliance artifacts in commit messages/mr - Include compliance report in PR descriptions/code-review - Validate specs and tests before reviewWith CI/CD: see @references/examples.md for workflow integration.
Issue: OpenAPI generation fails with "Cannot find route handlers"
httpMethod and path propertiesIssue: Contract tests fail with schema validation errors
console.log(JSON.stringify(response, null, 2)) to Lambda handlerIssue: Coverage analysis shows 0% coverage
jest.config.js)npm test -- --coverage manually to verifyIssue: Acceptance criteria extraction finds 0 criteria
acceptance.sources in config.yamlIssue: Compliance report shows false negatives
acceptance-criteria.md are accurate1. Run compliance before PRs
2. Keep OpenAPI specs in sync
3. Treat contract tests as regression tests
4. Address coverage gaps incrementally
5. Link compliance reports to GitHub issues
Custom API patterns:
# config.yaml
openapi:
apis:
- name: custom
path: lambda/custom/index.ts
base_path: /api/v2/custom
auth: cognito
Override thresholds:
/compliance --phase coverage --threshold 90
Generate specific test types:
/compliance --phase contract --scenarios success,client_errors
Multi-PRD validation:
/compliance --phase acceptance --prd "docs/archive/root/PRD-*.md"