菜单
Runs a three-tier codebase audit (git history, targeted scans, full review) with gating. Use when auditing a codebase before release or after incidents.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Detects AI-generated writing patterns in prose. Use when reviewing docs for slop, vague language, or identity leaks before publishing.
Audits Rust code for unsafe blocks, ownership issues, and Cargo dependency risks. Use when reviewing Rust code or before merging Rust changes.
Recommends context compression strategies for bloated or quota-heavy sessions. Use when context feels sluggish or quota burns faster than expected.
Guide minimal code via a decision ladder with full safety, edge, and negative-case coverage. Use when adding code, choosing a dependency, or auditing a diff.
Optimizes context window via MECW principles and memory tiering. Use when context exceeds 30% or before long multi-step tasks.
Generates or remediates documentation with human-quality writing. Use when creating new docs, rewriting AI-generated content, or applying style profiles.
| name | tiered-audit |
| description | Runs a three-tier codebase audit (git history, targeted scans, full review) with gating. Use when auditing a codebase before release or after incidents. |
| alwaysApply | false |
| category | audit |
| tags | ["audit","git-history","code-quality","review","escalation"] |
| tools | [] |
| usage_patterns | ["codebase-audit","git-history-review","targeted-review"] |
| complexity | intermediate |
| model_hint | standard |
| estimated_tokens | 600 |
| modules | ["modules/escalation-criteria.md","modules/tier2-targeted.md","modules/tier3-gate.md"] |
| dependencies | ["imbue:proof-of-work","imbue:review-core","imbue:structured-output"] |
Always runs first. Analyzes git log, diff stats, and blame to identify areas of concern without reading any source files.
Run these git commands for the target commit range (default: current branch vs main):
# 1. Churn hotspots: files changed most often
git log --format="" --name-only {base}..HEAD \
| sort | uniq -c | sort -rn | head -20
# 2. Diff stats: size of changes per file
git diff --stat {base}..HEAD
# 3. Fix-on-fix patterns: commits fixing previous commits
git log --oneline {base}..HEAD \
| grep -iE "(fix|revert|patch|hotfix)"
# 4. New file clusters: modules with many new files
git diff --name-status {base}..HEAD \
| grep "^A" | cut -f2 \
| sed 's|/[^/]*$||' | sort | uniq -c | sort -rn
# 5. Large commits: single commits with big diffs
git log --format="%h %s" --shortstat {base}..HEAD
Verification: Confirm each command produces output.
If a command returns empty, the commit range may be wrong;
verify {base} resolves correctly with git merge-base.
Write findings to .coordination/agents/tier1-audit.findings.md:
---
agent: tier1-audit
tier: 1
evidence_count: {N}
---
## Summary
{1-2 sentence overview of what the git history reveals}
## Churn Hotspots
{top 10 most-changed files with change counts}
For each flagged file, include:
- Location: path/to/file.py:line (most-changed function or block)
- Anchor: `verbatim source text at that line`
[E1] Command: git log --format="" --name-only ...
Output: {relevant output}
## Fix-on-Fix Patterns
{commits that fix previous commits in the same area}
[E2] Command: git log --oneline ... | grep -iE ...
Output: {relevant output}
## New File Clusters
{modules with 5+ new files}
## Large Diffs
{commits with 200+ line changes}
## Escalation Recommendation
{list of areas flagged for Tier 2, or "no escalation needed"}
After Tier 1 completes, check findings against the
escalation criteria in modules/escalation-criteria.md.
If NO criteria are met: audit is complete. Report findings.
If criteria ARE met: list flagged areas and proceed to Tier 2 for each area sequentially.
Runs only for areas flagged by Tier 1. Each flagged area is audited one at a time, not in parallel.
For each flagged area:
One findings file per area:
.coordination/agents/tier2-{area-name}.findings.md
Each file follows the output contract for audits (see imbue:proof-of-work/modules/output-contracts).
Requires explicit user approval. See
modules/escalation-criteria.md for the gate protocol.
Tier 3 should use dedicated sessions (one per area) with file-based coordination, NOT parallel subagents.
All tiers use this contract:
output_contract:
required_sections:
- summary
- evidence
min_evidence_count: 3 # Tier 1
# min_evidence_count: 8 # Tier 2
expected_artifacts: []
retry_budget: 1
strictness: normal
Tier 2 raises the minimum evidence count to 8 because it reads source files and should produce deeper analysis.
Verification: After each tier completes, verify the
findings file exists and contains at least the minimum
evidence count ([E1], [E2], etc.) before proceeding
to the next tier or reporting results.
tiered-audit:findings-verified)Every finding must cite a real location and a verbatim anchor. Write
findings to .review/findings.json and confirm each citation resolves:
python plugins/imbue/scripts/citation_verifier.py \
--findings .review/findings.json --repo-root .
Drop or label UNVERIFIED any finding the verifier fails (exit 1); only
verified findings enter the report. See Skill(imbue:review-core) Step 5
and Skill(imbue:structured-output) for the schema.
.coordination/agents/tier1-audit.findings.md and contains
at least 3 evidence entries ([E1]–[E3]).Location + verbatim Anchor
confirmed by citation_verifier.py (exit 0), or unverified
findings were dropped or labeled UNVERIFIED.