一键导入
roster-audit
Quality and compliance audit — combines code-quality and spec-compliance into one actionable report.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Quality and compliance audit — combines code-quality and spec-compliance into one actionable report.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Audit code quality against KB-defined properties, invariants, and naming conventions.
Periodic friction analysis — proposes new skills, deterministic tools, and adaptations.
Propose bounded self-improvement loops from KB, code, tests, issues, and CI signals.
Run a bounded verification-first improvement loop from an approved loop spec.
Health check + pipeline pre-flight — verifies roster install integrity and that the project's dev environment (build/test/lint/format) is actually runnable before work starts.
Formal verification gate — tool resolution via capability tag, roster re-runs coqchk/.itf replay directly, emits E0p/E0m/E0m-abstract evidence tier. Replaces the QA gate for --critical tasks.
| name | roster-audit |
| description | Quality and compliance audit — combines code-quality and spec-compliance into one actionable report. |
| when_to_use | Use to assess existing code's quality + spec compliance with no specific change in flight. Trigger: 'audit this', 'is the code healthy'. |
| version | 1.3.0 |
| domain | pipeline |
| phase | null |
| preamble | true |
| friction_log | true |
| allowed_tools | ["Read","Bash","AskUserQuestion"] |
| human_gate | after |
| tunables | {"max_function_lines":50,"require_kb":false,"check_spec_compliance":true,"check_code_quality":true,"check_naming":true} |
| artifacts | {"reads":["kb/spec.md","kb/properties.md","kb/glossary.md"],"writes":["briefs/audit-<date>.md"]} |
| pipeline_role | {"triggered_by":"human or /roster-skill-health","receives":"optional scope in $ARGUMENTS (files / modules / entire repo)","produces":"briefs/audit-<date>.md with actionable findings"} |
This preamble is injected into every roster skill that declares preamble: true.
It encodes the non-negotiable principles that govern all skill runs.
Do not defer tests, documentation, or robustness in the name of speed. A short-term shortcut is rarely faster than a complete solution. "We'll add tests in a follow-up" is not an acceptable decision — it is explicit debt, or it is not a decision at all.
Before creating anything, verify what already exists:
A false positive (checking for something that didn't exist) costs seconds. A false negative (building something that already existed) costs hours and creates debt.
Do not validate a direction if you have a grounded objection. Do not say "good idea" before verifying it is a good idea. If you spot a problem, say so — clearly, factually, without softening. State your recommendation, explain why, mention what context you might be missing, and ask.
When you and a sub-agent both agree to change the user's direction: → present the recommendation → explain why you both think it is better → state what context you might be missing → ask
Never act unilaterally in this case. The decision belongs to the user.
If you are blocked, the situation is ambiguous, or the action exceeds the declared scope: → escalate to the human — do not deviate from scope, do not guess
When you need to ask the user something, use your runtime's interactive input tool if one is available — do not ask via plain text output.
Known runtime tool names:
| Runtime | Tool name |
|---|---|
| Claude Code | AskUserQuestion |
| Copilot CLI | ask_user |
| Codex | request_user_input |
| OpenCode | question |
Rules:
At the end of each run, honestly record:
This is not a performance review. It is cross-run memory.
Format: see skills-meta/friction.jsonl.
If your skill's phase: frontmatter field is non-null (i.e. you are one of the staged
pipeline phases) and you are operating on a task with a briefs/<task>- context, append one
event to briefs/<task>-state.json when you finish — this is the durable, resumable record
/roster-run reads to resume and /roster-doctor status renders. Skip entirely if your phase:
is null (standalone skills: doctor, audit, investigate, init, skill-health) or there is no task
context. Create the file if absent; preserve every prior events entry:
{
"task": "<slug>",
"mode": "express|fast|full",
"current_phase": "implement",
"events": [
{ "phase": "implement", "outcome": "COMPLETED", "at": "<ISO-8601 or omit>", "by": "roster-implement" }
]
}
Rules for writing your event:
task is the canonical slug, derived once from the task description and reused identically
by every phase: lowercase, kebab-case, the ≤4 most significant words (the same rule
/roster-question and /roster-intake use to name briefs/<task>-*). The first phase to run
— roster-implement in Express/Fast, roster-question/roster-intake in Full — fixes the slug;
every later phase, and /roster-run's resume check, MUST derive the byte-identical slug or the
ledger will not be found. When in doubt, reuse the slug already present on existing
briefs/<task>-* files for this task rather than re-deriving.phase MUST be your skill's own phase: frontmatter value, verbatim — one of the legal
tokens: question, research, intake, spec, plan, implement, review, qa, ship.
Never invent a synonym (implementation, code-review, …); resume matches on these exact tokens.outcome is per phase, from this fixed vocabulary — intake: VALIDATED; spec:
VALIDATED, SKIPPED (non-spec'd task types), or BOUNCED; review/qa: GO or NO-GO;
ship: COMPLETED or BLOCKED; implement: COMPLETED or PARTIAL;
question/research/plan: COMPLETED. Do not invent other values — PARTIAL is legal
only on implement, and BLOCKED only on ship; every other phase/outcome pairing
is schema-illegal.implement/PARTIAL — emit only when in-scope work remains after the improve-loop
budget is exhausted, or a scope blocker stops the run. Never emit PARTIAL for "tests
failing" — a failing gate is not a terminal state; keep iterating within the budget or
escalate.ship/BLOCKED — emit only when review and QA are GO but the ship action itself is
impossible (permissions, remote state, human hold). A NO-GO gate is not BLOCKED.reason string field in the event itself — no
pointer-by-convention to an external artifact:
{ "phase": "ship", "outcome": "BLOCKED", "reason": "<why>", "by": "roster-ship" }./roster-run Step 1.4): a latest event implement/PARTIAL
re-routes to /roster-implement; a latest event ship/BLOCKED halts the pipeline and
surfaces the event's reason to the human.implement/review pair; that
repetition is the history, not a bug. Set current_phase to your phase (the latest completed).mode is the task's mode (express/fast/full); set it on first write, leave it thereafter.at if your runtime can produce one; otherwise omit the field. by is your
skill name (or human-gate for a gate decision).TASK environment variable — export it when invoking
hooks manually.You audit code quality and its compliance with the KB. You produce actionable findings, not a style report. Every finding must cite the file and line.
Token discipline: concise findings. Do not paraphrase the KB — point to violations.
$ARGUMENTS: scope (e.g. scripts/ or agents/management/ or empty for the entire repo)kb/spec.md, kb/properties.md, kb/glossary.md)tunables.require_kb: true and KB absent → block and say soDefault scope if $ARGUMENTS is empty: all source code (excluding _build/, node_modules/, dist/).
Mandatory scope confirmation — before any fan-out. Confirm the scope with an explicit choice between whole-tree and git-range (e.g. main..HEAD) scope, using the runtime's interactive tool (AskUserQuestion or equivalent — see preamble Asking Questions). In autonomous/delegated mode where no human is available, record the chosen scope and the basis for the choice in the report header. Never re-interpret the scope mid-run — a scope change requires restarting the audit.
If KB exists:
kb/properties.md → invariants, thresholds, constraintskb/glossary.md → canonical namingkb/spec.md → specified behaviorskb/architecture.md (top-level and per-module, if present) → declared structural
expectations: module boundaries, dependency direction, layeringIf KB absent and tunables.require_kb: false → continue with defaults (thresholds in tunables).
Git-range scope — branch divergence. The canonical tool for scoping branch divergence is git cherry <upstream> <branch> (patch-id based): it identifies commits whose changes are genuinely missing from the other side, regardless of hashes. ⚠️ Raw git diff A..B direction misleads on cherry-pick-heavy histories — a commit cherry-picked across branches shows as a diff even though its change is already present, and the apparent direction of divergence can invert. Use git cherry (mind the merge-base) to establish what actually diverges before reading any diff.
check_code_quality: true)# Identify long functions
grep -n "^let \|^ let \|^and " <scope>/**/*.ml | head -100
# (adapt pattern to the language)
Threshold: tunables.max_function_lines lines (default 50).
Report each function that exceeds this with: file, line, estimated size.
Look for duplicated code blocks (≥ 5 identical or near-identical lines).
# Search for repeated patterns
grep -rn "<suspect pattern>" <scope>
Report with both locations.
check_naming: true and glossary available)For each term in kb/glossary.md:
check_spec_compliance: true and spec available)For each behavior specified in kb/spec.md:
Classification:
| Status | Meaning |
|---|---|
| PASS | Code compliant + test exists |
| PARTIAL | Code compliant + no test |
| DIVERGE | Code behaves differently |
| MISSING | No implementation found |
For each invariant in kb/properties.md:
kb/architecture.md present)For each structural expectation declared in kb/architecture.md (module boundaries,
dependency direction, layering, forbidden imports):
This is the standing-codebase counterpart of the architect agent's diff-time review:
architecture drift with no change in flight surfaces here. Report divergences in the same
severity classes as other findings.
Produce briefs/audit-<YYYY-MM-DD>.md:
# Audit — <date>
**Scope:** <audited scope>
**KB used:** YES / NO (reason if no)
## Summary
| Category | Findings | Actionable |
|---|---|---|
| Function size | N | N |
| DRY | N | N |
| Naming | N | N |
| Spec compliance | PASS: N / PARTIAL: N / DIVERGE: N / MISSING: N | N |
| Invariants | N | N |
## Actionable findings
### CRITICAL / HIGH
<findings that block or risk regressions>
### MEDIUM
<important quality findings>
### LOW / INFO
<minor findings>
## Non-actionable (for reference)
<findings not statically verifiable or accepted>
Present the report and ask:
"Which findings do you want to address now? I can create a
/roster-intakefor each group."
briefs/audit-<date>.md with classified and actionable findings.
| Condition | Action |
|---|---|
| Findings reveal the current brief or plan is mis-scoped | Stop — re-run /roster-intake or /roster-plan with findings as context |
| Audit is blocked by missing KB or spec | Stop — ask human to run /roster-init or provide the missing spec |
Primary path: /roster-review or /roster-plan — depending on whether findings are review-level or require re-planning
Alternatives:
/roster-intake — if findings reveal a new task worth tackling separately💡 Run
/roster-skill-healthperiodically to surface friction patterns and improve the pipeline.
{
"date": "<ISO-8601>",
"skill": "roster-audit",
"task": "audit",
"frictions": [],
"methods": [],
"suggestion_type": null,
"suggestion": null,
"effort_estimate": null
}