一键导入
specflow-change-impact-review
Use when the user wants to run the change-audit pipeline to autonomously review impact cones of recent changes and log findings.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Use when the user wants to run the change-audit pipeline to autonomously review impact cones of recent changes and log findings.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Use when the user wants to manage CI workflows, import/export artifacts, configure standards ingestion, or set up team roles and RBAC. Covers adapter configuration, hook management, and CODEOWNERS generation.
Use when the user wants to review, validate, or verify any SpecFlow artifacts. Triggers context-specific checks using automated scripts and checklist review.
Use when the user wants a full-project health review. Runs a zero-question deterministic core with optional adversarial wings. Creates AUD and CHL artifacts.
Use when the user wants to discover, capture, or author new requirements. Triggers a progressive disclosure conversation to extract specifications and create REQ artifacts.
Use when stories are planned and the user wants to implement them. Orchestrates implementation, updates artifact statuses, and creates test artifacts.
Use when setting up SpecFlow in a new or existing project. Conversational bootstrap that scaffolds directories, installs hooks, generates CI workflows, and recommends next steps.
| name | specflow-change-impact-review |
| description | Use when the user wants to run the change-audit pipeline to autonomously review impact cones of recent changes and log findings. |
This skill accepts freeform user input alongside the command. Interpret the user's message to determine scope and depth:
Always run the deterministic core regardless of input. It costs zero tokens and provides the foundation for any analysis.
This skill implements the change-audit pipeline. It finds all unreviewed Change Records (DEC artifacts), computes their blast radius, reviews impacted artifacts against architectural constraints, files findings as Challenges (CHL artifacts), and updates the DEC status.
Find all Decision (DEC) artifacts representing change records that need review.
Look in _specflow/work/decisions/ for artifacts containing review_status: unreviewed in their YAML frontmatter.
If no unreviewed DECs are found, announce that the pipeline is clean (idempotent behavior) and exit gracefully without doing any work.
For each unreviewed DEC found:
specflow change-impact command on the DEC's ID (or the artifacts it addresses) to compute the blast radius.
uv run specflow change-impact <DEC_ID>
For each DEC and its impact cone:
Read the DEC artifact to understand the nature of the change (from its body and rationale).
Read the impacted artifacts within the cone.
Analyze the change against existing architectural constraints, requirements, and system design.
Look for:
Auto-select adversarial lenses based on cone signals. Pure pattern-matching misses risks that need an explicit frame. Inspect the tags and types in the impact cone and pick 2-3 lenses from specflow-artifact-review/references/adversarial-lenses.md to apply to the impacted artifacts. Selection rules:
| Signal in cone | Lenses to add |
|---|---|
Tags include safety, hazard, compliance, or any complies_with: [...] link | Regulator + Premortem |
Public API / interface changes (ARCH or DDD with interface tag, or contract artifacts) | Worst-case user + Composition |
Scale-sensitive change (tags performance, latency, throughput, or DEC mentions traffic/load) | Stress-scale ×100 + Cost-scaling |
| Long-lived assumption baked in (DEC pins a vendor, protocol version, schema format) | Temporal drift + Dependency shock |
| None of the above | Premortem + Composition (default minimum) |
Apply the selected lenses to the cone artifacts only — never the full project. Each lens is one focused question; spend a few sentences per lens, not a deep audit. The output is one or more findings per lens, which feed Step 4.
If issues are discovered during the review of a DEC's impact cone:
uv run specflow create --type challenge --title "<Summary of issue>"
severity of the CHL (e.g., warning, error).challenges.After the review for a specific DEC is complete:
review_status in its YAML frontmatter.
review_status: flagged.review_status: reviewed.Repeat Steps 2-5 for all unreviewed DECs discovered in Step 1.
review_status: unreviewed. If none exist, do nothing.change-impact. Do not review the entire project.