一键导入
running-an-architectural-assessment
Phase 2 (Research) deep-dive playbook — drafts the Architectural Assessment.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Phase 2 (Research) deep-dive playbook — drafts the Architectural Assessment.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Remediate GitHub Actions action findings identified by the action-audit skill. Applies the appropriate fix per action type — `@main` ref for internal `bitwarden/` actions, full SHA with inline version comment for external actions, or full replacement — across selected repos and creates draft PRs. Run the action-audit skill first to identify findings before using this skill. <example> User: Go ahead and fix the unpinned actions from the audit Action: Trigger action-remediate to apply fixes and create PRs </example> <example> User: Replace tj-actions/changed-files with the safe version across those repos Action: Trigger action-remediate to swap the action and create PRs </example>
Apply fixes for workflow linter findings identified by the workflow-audit skill. Applies mechanical fixes automatically, pauses for judgment calls, verifies with a re-lint, and creates draft PRs. Run the workflow-audit skill first to identify findings before using this skill. <example> User: Go ahead and fix the linter findings from the audit Action: Trigger workflow-fix to apply fixes and create PRs </example> <example> User: Fix the workflow linter issues in server and clients Action: Trigger workflow-fix for those repos </example>
Use this skill when a PR diff contains changes to dependency manifest files (package.json, .csproj, Cargo.toml, go.mod, requirements.txt, etc.) or when reviewing Renovate/Dependabot bot PRs. Evaluates new dependencies for AppSec approval process compliance, major version bump significance, lock file hygiene, and dependency removal completeness. Does NOT perform deep security or license analysis — that is handled by the bitwarden-security-engineer plugin's reviewing-dependencies skill.
Perform a rigorous, multi-agent code review with architecture-compliance, parallel quality/security analysis, finding validation, and severity audit. Use when the user asks for a structured, deep, thorough, multi-pass, or multi-agent code review — or a review that includes architecture/pattern compliance, confidence-scored findings, or a severity audit. Use when the user asks for a code review across a commit range, time window, or N most recent commits in a locally checked-out repo.
Decompose a breakdown Plan into a tasks.md document with one entry per future Jira work item. Also handles resumption against a partly-drafted task list. Triggers: "decompose into tasks", "draft the tasks section", "break this into stories", "split into Jira tickets", "fill in the tasks table", "continue task decomposition".
Resolve open design questions, then capture what's being built into the Specification section of a Bitwarden Tech Breakdown. Use after a breakdown document has been created in its empty state or resuming a partly-resolved specification. Triggered by phrasings such as "understand the work", "define breakdown scope", "write the breakdown spec", "develop the specification", "continue the breakdown spec".
| name | running-an-architectural-assessment |
| description | Phase 2 (Research) deep-dive playbook — drafts the Architectural Assessment. |
| when_to_use | Use when an initiative has cleared Phase 1 Identification and the shepherd is producing the Architectural Assessment for Architecture Council. Triggers — "starting Research phase", "drafting the Architectural Assessment", "comparing solution options". Not for PoC (use `running-a-proof-of-concept`). |
| allowed-tools | Skill, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__get_issue, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__get_issue_comments, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__get_issue_remote_links, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__search_issues, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__get_confluence_page, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__get_confluence_page_comments, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__search_confluence, mcp__plugin_bitwarden-atlassian-tools_bitwarden-atlassian__search_confluence_cql |
Phase 2 (Research) deep-dive playbook for an initiative shepherd. Deliverable: an Architectural Assessment — a Confluence page in the EN-space assessments folder that captures the refined problem statement, current state, 2–4 evaluated solution options, and a recommendation with rationale. Time budget: 3–5 weeks, 40–80 hours of shepherd time. Splits into Part A (~weeks 1–2) understanding the problem, Part B (~weeks 3–5) finding the right direction.
Interview 3–5 people affected by or knowledgeable about the problem. Cast wider when the initiative spans many teams or hits operational systems; cast narrower when it's a clear technical question.
Who to talk to:
What to ask:
What to document:
Survey existing implementations across the codebase. The shape of the survey depends on the initiative — error handling, observability, auth, data access, build/test tooling. Look for:
Research patterns from industry, comparable codebases, and Bitwarden's own prior art. The goal at this stage is breadth, then trade-offs — not depth into the favorite.
Skill(architecting-solutions) from bitwarden-tech-lead into play when the trade-offs are inside one team's codebase — that skill carries the team-scope architectural judgment heuristics.Be honest about the leading candidate but write the assessment as if any of the 2–4 might win. If you only document one approach seriously, leadership and Architecture Council can't actually make the decision — they're rubber-stamping yours.
Place under the EN-space assessments folder (the funnel doc links the canonical location). Follow the "Architectural Assessments" template; the sections below are the ones the funnel page specifies.
Strong examples from the funnel doc:
Problem: "Inconsistent state management across web vault, browser extension, and desktop app causes sync bugs" Solutions evaluated: RxJS observables, Redux Toolkit, Zustand, custom event system Recommendation: Redux Toolkit with clear migration path Rationale: TypeScript support, dev tools, team familiarity, gradual adoption path Next step: Prove it works in browser extension settings module
Weak patterns to avoid (also from the funnel doc):
The funnel doc specifies the gate at the end of Phase 2:
When you bring the assessment to the decision-makers, you need:
During Research, update the BW Initiative (see Idea-Based Initiatives for the canonical anatomy):
Skill(shepherding-an-initiative) for the umbrella playbook, Skill(running-a-proof-of-concept) for what Research feeds into, Skill(architecting-solutions) (in bitwarden-tech-lead) for the team-scope architectural judgment heuristics to apply when options live inside one team's domain.