一键导入
pattern-detection
Detect codebase patterns — commit velocity anomalies, codebase drift, and dependency risks — and persist them as workspace learnings
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Detect codebase patterns — commit velocity anomalies, codebase drift, and dependency risks — and persist them as workspace learnings
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Inspect and analyze codebases using pygount for LOC counting, language breakdown, and code-vs-comment ratios. Use when asked to check lines of code, repo size, language composition, or codebase stats.
Set up GitHub authentication for the agent using git (universally available) or the gh CLI. Covers HTTPS tokens, SSH keys, credential helpers, and gh auth — with a detection flow to pick the right method automatically.
Production-grade PR review with execution-verified suggestions. Reads repository conventions, history, and security surfaces before reviewing. For every suggested fix, attempts to compile and test it in the sandbox — the comment includes proof. Modelled on GitHub Copilot's agentic architecture with one critical advantage: the sandbox is already running.
Create, manage, triage, and close GitHub issues. Search existing issues, add labels, assign people, and link to PRs. Works with gh CLI or falls back to git + GitHub REST API via curl.
Open and manage GitHub pull requests through Kai MCP tools — propose changes, monitor CI, iterate on failures, and merge. No git tokens are shared to the sandbox; every GitHub operation goes through the backend via the workspace's GitHub App installation.
Clone, create, fork, configure, and manage GitHub repositories. Manage remotes, secrets, releases, and workflows. Works with gh CLI or falls back to git + GitHub REST API via curl.
| name | pattern-detection |
| description | Detect codebase patterns — commit velocity anomalies, codebase drift, and dependency risks — and persist them as workspace learnings |
| version | 2.0.0 |
| author | kai-agent |
| metadata | {"kai":{"tags":["kai","security","patterns","analysis"]}} |
Detect systemic patterns that go beyond individual vulnerabilities. These are structural signals about codebase health, consistency, and risk. They are persisted as workspace learnings (category pattern) so that future cycles — and the Brief page — can reason about them.
kai_workspace_learnings_add availableEvery detected pattern becomes one kai_workspace_learnings_add call with:
kai_workspace_learnings_add(
workspaceId="...",
category="pattern",
content="[<type>] <title> — <description>. Signal: <1-5>. Repo: <name>. File: <path or n/a>. Detail: <why it matters>.",
repoId="<repoId>" # optional — link the learning to a specific repo
)
Prefix [<type>] with one of: anomaly, codebase_drift, dependency_risk.
Signal strength is a single digit 1-5 embedded in the content string so the
daily-cycle skill can parse it back. Keep each learning to one concrete
pattern — many small learnings beat one mega-entry.
If signal strength ≥ 4, also call lifecycle_actions_create (see bottom of
this file) to queue an investigation action.
Detect files with unusually high commit frequency, which often signals rushed fixes, logic drift, or accumulated technical debt in critical paths.
How to detect:
For each connected repo, use terminal to run:
git log --format='%H %ai' --since='30 days ago' -- <file>
Focus on high-risk files: auth modules, payment handlers, middleware, config files.
Use browse_repository_files to list the repo structure and identify security-critical paths.
If a file has more than 15 commits in 30 days, or more than 2x the average commit rate for files in the same directory, flag it.
Persist as a learning:
kai_workspace_learnings_add(
workspaceId="...",
category="pattern",
content="[anomaly] High commit velocity on src/auth/middleware.ts — 32 commits in 30 days, 4.2x the directory average. Signal: 4. Repo: kai-backend. File: src/auth/middleware.ts. Detail: high churn on security-critical code signals logic drift, incomplete refactors, or accumulated quick fixes.",
repoId="<repoId>"
)
Signal strength guide:
Detect inconsistent patterns across files in the same module, which often indicates uncoordinated changes from multiple developers or AI tools.
How to detect:
Use read_repository_files to sample 3-5 files in the same module (e.g., all route handlers, all middleware, all service files).
Compare patterns for:
If 3+ distinct patterns exist for the same concern in the same module, flag it.
Persist as a learning:
kai_workspace_learnings_add(
workspaceId="...",
category="pattern",
content="[codebase_drift] 4 error-handling patterns across src/routes/ — Pattern A (try/catch, 3 files), Pattern B (middleware, 2 files), Pattern C (manual propagation, 1 file), Pattern D (silent swallow, 1 file). Signal: 4. Repo: kai-backend. Detail: evidence of uncoordinated AI-assisted edits; recommend unifying on middleware approach.",
repoId="<repoId>"
)
Signal strength guide:
Assess the dependency surface area and identify supply chain risks.
How to detect:
Use read_repository_files to read the package manifest:
package.jsonrequirements.txt, pyproject.toml, Pipfilego.modCargo.tomlCount direct dependencies. If possible, use terminal to count transitive dependencies:
npm ls --all --json 2>/dev/null | jq '.dependencies | length'pip freeze | wc -lCheck for:
kai_list_vulnerabilities)Persist as a learning:
kai_workspace_learnings_add(
workspaceId="...",
category="pattern",
content="[dependency_risk] 42 direct / 1,284 transitive deps in kai-frontend — 3 known vulnerable (including one critical in next@14.x). Signal: 5. Repo: kai-frontend. Detail: no Dependabot/Renovate config detected; last manual audit 73 days ago.",
repoId="<repoId>"
)
Signal strength guide:
For any pattern with signal strength ≥ 4, create a lifecycle action for investigation:
lifecycle_actions_create(
workspaceId="...",
type="investigate",
title="Investigate: <pattern title>",
description="<pattern description>",
priority="high" if signal >= 4 else "medium",
reasoning="Detected by pattern analysis. <brief explanation of why this matters>.",
repoId="<repoId>"
)