一键在 Manus 中运行任何 Skill

dark-code-suite-init

星标0

分支0

更新时间2026年4月14日 00:03

Sets up a project to use the full dark code prevention suite in one step: creates the .claude/comprehension/ directory for comprehension artifacts, adds a ## Dark Code Prevention section to CLAUDE.md (or creates CLAUDE.md if missing), creates docs/dark-code-audit/ for audit reports, and runs an initial dark-code-audit to baseline the project's current comprehension debt. Use this skill when starting to use the dark code suite on a new project, when onboarding a codebase to dark code prevention practices, or any time you hear "set up dark code prevention", "initialize the dark code suite", "add comprehension gate to this project", or "how do I start with dark code practices here".

安装

用 Codex 或 Claude 帮你安装复制这段 Prompt，粘贴到 Codex、Claude 或其他助手里，让它检查 Skill 页面并帮你完成安装。

在 Manus 中运行

来源

az9713

az9713/dark-code-skills

打开 GitHub 仓库查看创作者相关仓库

下载

在 Manus 中运行

Dark Code Suite Init

You are setting up a project to use the full dark code prevention suite. This is a one-time initialization per project.

Step 1: Create required directories

Create these if they don't exist:

.claude/comprehension/ — where comprehension-gate writes COMPREHENSION_ARTIFACT.md files
docs/dark-code-audit/ — where dark-code-audit writes audit reports

Step 2: Update or create CLAUDE.md

Read the existing CLAUDE.md at the project root. If it doesn't exist, create it.

Add a ## Dark Code Prevention section. If a section with this name already exists, skip (don't duplicate it).

The section to add:

## Dark Code Prevention

This project uses the dark code prevention suite. The three skills that matter most:

- `/context-layer-generator <module-path>` — generates MODULE_MANIFEST.md,
  BEHAVIORAL_CONTRACTS.md, and DECISION_LOG.md for a module. Run this for any module
  that lacks context files before making significant changes.

- `/comprehension-gate` — runs a seven-dimension comprehension review before committing.
  Required for changes over 50 lines to modules that touch shared resources.

- `/dark-code-audit` — audits the full codebase for comprehension debt. Run quarterly
  or before major compliance/security reviews.

### Context layer files

For each significant module, the following files should exist at the module root:
- `MODULE_MANIFEST.md` — structural map: dependencies, dependents, shared resources, owner
- `BEHAVIORAL_CONTRACTS.md` — per-interface behavioral guarantees
- `DECISION_LOG.md` — architectural decisions with Warning fields

When modifying a module: check if these files exist. If they don't, run
`/context-layer-generator` before making significant changes.

### Comprehension artifact

Before committing changes over 50 lines to modules that touch shared infrastructure
(Redis, databases, queues, cross-service APIs), run `/comprehension-gate` and ensure
a COMPREHENSION_ARTIFACT.md exists in `.claude/comprehension/`.

### What this suite does NOT address

Runtime agent path monitoring, cross-tenant data exposure at runtime, and tamper-proof
regulatory audit logging require production observability tooling beyond Claude Code.

Step 3: Report

After setup:

Dark code suite initialized for: [project name]

Created:
  ✓ .claude/comprehension/   (comprehension artifacts go here)
  ✓ docs/dark-code-audit/    (audit reports go here)
  ✓ CLAUDE.md updated        (dark code prevention section added)

Next steps:
  1. Run /dark-code-audit to baseline this project's comprehension debt
  2. Run /context-layer-generator <highest-risk-module> to start building context layers
  3. Run /comprehension-gate before your next significant commit

The pre-commit hook in settings.json will enforce comprehension artifacts on commits
over 50 lines. Run /dark-code-audit to see which modules need context layers first.

同仓库更多 Skills

同仓库

comprehension-gate

az9713/dark-code-skills

Runs a seven-dimension comprehension review on a code change before it ships: credential exposure, cross-service side effects, blast radius, state/persistence mismatch (the Kiro pattern — AI treating persistent infrastructure as ephemeral), token TTL management, implicit assumptions, and whether the change would be explainable by the person shipping it. Produces a COMPREHENSION_ARTIFACT.md with a findings table and a CLEAR / REVIEW REQUIRED / HOLD verdict. Use this skill before merging any AI-generated code, before any change that touches shared resources (Redis, shared databases, message queues), before changes to auth flows or token handling, when reviewing code for dark code risk, or any time you hear "check blast radius", "review for comprehension", "is this safe to ship", "comprehension gate", "pre-merge review", or "will this cause an incident". This skill catches system-level failures that linters, type checkers, and unit tests cannot detect.

2026-04-140

context-layer-generator

az9713/dark-code-skills

Generates three context layer artifacts for a code module: MODULE_MANIFEST.md (structural map — where things connect), BEHAVIORAL_CONTRACTS.md (semantic contracts — what each interface guarantees), and DECISION_LOG.md (philosophical record — why decisions were made, with explicit warnings about what breaks if reversed). Use this skill whenever working on a module that lacks documentation, when the original author has left, before an AI agent modifies an unfamiliar module, when documenting a module after onboarding, when a codebase audit flagged missing context layers, or any time you hear phrases like "document this module", "make this self-describing", "build context layers", "preserve knowledge before the author leaves", or "what does this module do". This skill is especially important for AI-generated code that was never explained by anyone.

2026-04-140

dark-code-audit

az9713/dark-code-skills

Audits a codebase for dark code risk: code that was generated, passed automated checks, and shipped without anyone understanding it. Produces a structured audit report with a hotspot map, comprehension debt scorecard (spec coverage %, context layer coverage %, review depth), ownership gap analysis, top failure scenarios, and a prioritized action plan. Use this skill before a security review, compliance review, or major refactor; when new engineers join and the codebase feels opaque; after a period of high AI-assisted development velocity; quarterly as a health check; or any time you hear "audit for dark code", "comprehension debt", "dark code risk", "what do we not understand about this codebase", "knowledge gap analysis", "who owns what", or "we've been shipping AI code really fast lately". This skill does not recommend "add more monitoring" — it identifies where human comprehension is missing and prescribes structural fixes.

2026-04-140

generate-data-lineage

az9713/dark-code-skills

Assembles a data flow narrative from MODULE_MANIFEST.md and BEHAVIORAL_CONTRACTS.md context files, answering the explainability question: "What does the system do with [data type] for [user journey]?" Use before a compliance or security review, when a dark-code-audit flags "Explainability: Partial", when onboarding a new engineer who needs to understand data flows, or when preparing for GDPR, EU AI Act, or SOC 2 review. Reads context layers across the codebase, interviews for gaps, and writes docs/data-lineage/YYYY-MM-DD-<name>.md with a confidence rating. Invoke as: /generate-data-lineage (all PII-touching flows in the codebase) /generate-data-lineage --journey user-signup (specific user journey) /generate-data-lineage --module path/to/mod (flows for a specific module) /generate-data-lineage --type payment (specific data type)

2026-04-140

generate-eu-ai-act-system-card

az9713/dark-code-skills

Generates a per-service EU AI Act system card documenting AI tool usage, risk classification, human oversight mechanisms, and limitations. Use for any service where AI tools contribute to code generation, decision support, or automated processing — especially before the August 2026 EU AI Act deadline. Use when dark-code-audit flags AI-heavy services, when preparing a compliance package for a regulator or enterprise customer, or when the organization needs to document its AI practices. Reads MODULE_MANIFEST.md and BEHAVIORAL_CONTRACTS.md, conducts a structured interview, and writes docs/compliance/eu-ai-act-system-card-<service>-YYYY-MM-DD.md. Invoke as /generate-eu-ai-act-system-card path/to/service or with --risk-level limited|general|high.

2026-04-140

generate-gdpr-ropa

az9713/dark-code-skills

Generates a draft GDPR Article 30 Record of Processing Activities (ROPA) from MODULE_MANIFEST.md and BEHAVIORAL_CONTRACTS.md context files. Use when preparing for a GDPR audit, when a dark-code-audit flags PII-handling services with incomplete documentation, or when building a compliance package. Reads context layers across the codebase, groups them into logical processing activities, auto-populates what it can, and interviews the user for fields that require human judgment (legal basis, purpose, international transfers). Writes docs/compliance/gdpr-ropa-YYYY-MM-DD.md. Invoke as /generate-gdpr-ropa or /generate-gdpr-ropa --module path/to/module for a single module entry.

2026-04-140

name

dark-code-suite-init

description

Dark Code Suite Init

You are setting up a project to use the full dark code prevention suite. This is a one-time initialization per project.

Step 1: Create required directories

Create these if they don't exist:

.claude/comprehension/ — where comprehension-gate writes COMPREHENSION_ARTIFACT.md files
docs/dark-code-audit/ — where dark-code-audit writes audit reports

Step 2: Update or create CLAUDE.md

Read the existing CLAUDE.md at the project root. If it doesn't exist, create it.

Add a ## Dark Code Prevention section. If a section with this name already exists, skip (don't duplicate it).

The section to add:

## Dark Code Prevention

This project uses the dark code prevention suite. The three skills that matter most:

- `/context-layer-generator <module-path>` — generates MODULE_MANIFEST.md,
  BEHAVIORAL_CONTRACTS.md, and DECISION_LOG.md for a module. Run this for any module
  that lacks context files before making significant changes.

- `/comprehension-gate` — runs a seven-dimension comprehension review before committing.
  Required for changes over 50 lines to modules that touch shared resources.

- `/dark-code-audit` — audits the full codebase for comprehension debt. Run quarterly
  or before major compliance/security reviews.

### Context layer files

For each significant module, the following files should exist at the module root:
- `MODULE_MANIFEST.md` — structural map: dependencies, dependents, shared resources, owner
- `BEHAVIORAL_CONTRACTS.md` — per-interface behavioral guarantees
- `DECISION_LOG.md` — architectural decisions with Warning fields

When modifying a module: check if these files exist. If they don't, run
`/context-layer-generator` before making significant changes.

### Comprehension artifact

Before committing changes over 50 lines to modules that touch shared infrastructure
(Redis, databases, queues, cross-service APIs), run `/comprehension-gate` and ensure
a COMPREHENSION_ARTIFACT.md exists in `.claude/comprehension/`.

### What this suite does NOT address

Runtime agent path monitoring, cross-tenant data exposure at runtime, and tamper-proof
regulatory audit logging require production observability tooling beyond Claude Code.

Step 3: Report

After setup:

Dark code suite initialized for: [project name]

Created:
  ✓ .claude/comprehension/   (comprehension artifacts go here)
  ✓ docs/dark-code-audit/    (audit reports go here)
  ✓ CLAUDE.md updated        (dark code prevention section added)

Next steps:
  1. Run /dark-code-audit to baseline this project's comprehension debt
  2. Run /context-layer-generator <highest-risk-module> to start building context layers
  3. Run /comprehension-gate before your next significant commit

The pre-commit hook in settings.json will enforce comprehension artifacts on commits
over 50 lines. Run /dark-code-audit to see which modules need context layers first.