一键导入
source-command-audit-deep-analysis
Global deep analysis — every scan (code, security, deps, bugs) → report → ADRs → backlog.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Global deep analysis — every scan (code, security, deps, bugs) → report → ADRs → backlog.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Domain Engineering diagnostic — shows what the classifier decides for an objective (CMIS/DAS/profile/skills/mode). Observation-only; never mutates or blocks.
Business-driven methodology entry point — classify (intake), create/advance an Operation or Business work context, and drive the intake → operation → nested-workflow flow. Host-neutral; dry-run by default.
Workflow Navigator — shows the current phase, deliverables, and next commands for an ADR-0057 workflow. Read-only; never mutates state.
Start a focused session on one objective — locks scope, blocks opportunistic refactors.
Deterministic QA gate (ADR-0055) — run the project suite; green + complete acceptance criteria ⇒ qa-approve testing cards into conclusion; red ⇒ report (and qa-reject only attributable failures).
L6 — autonomous feature pipeline. Drives the full squad: design → implement → review → test → log. Checkpoints can be manual or automatic.
| name | source-command-audit-deep-analysis |
| description | Global deep analysis — every scan (code, security, deps, bugs) → report → ADRs → backlog. |
Use this skill when the user asks to run the migrated source command deep-analysis.
A full-project sweep (focus: $ARGUMENTS if given, else the whole repo): deterministic scanners + agent judgment → one report → ADRs (if needed) → DevPipeline backlog. Run before a release, on a cadence, or on demand.
Deterministic pass — aggregate every scanner:
node contextkit/tools/scripts/deep-analysis.mjs --write
Merges tech-debt, dependency/supply-chain, and contract findings into
contextkit/memory/deep-analysis-findings.json.
Judgment pass — what regex can't see. Delegate in parallel (Agent tool):
security + infra-security → vulnerabilities, secrets, infra exposure.code-reviewer → constitution / SRP / structure smells.architect → cross-cutting design risks (→ candidate ADRs).qa-orchestrator → coverage gaps on qa.criticalPaths.bugType + severity S1-S4.Report — one consolidated report: counts by scan + severity, the top issues (🔴 / 🟡 / 🟢), and what's healthy. This is the deliverable; keep it factual.
Suggest ADRs — for any finding implying an architectural decision (a pattern
to adopt, a boundary to enforce, a dependency to drop), first scan existing
decisions with node contextkit/tools/scripts/adr-digest.mjs --json [ADR-0027] so
you extend/reference an existing ADR instead of duplicating it; then draft a new
one with /new-adr (Context / Decision / Consequences) only if none fits.
Fill the backlog — every finding becomes a tracked, prioritized task:
node contextkit/tools/scripts/pipeline.mjs ingest contextkit/memory/deep-analysis-findings.json --type chore
Bugs found by judgment → pipeline.mjs add --type bug --severity S1-S4 --bug-type <t> --title "…". Priorities (WSJF / severity) + SLA are auto-set and
always user-editable (pipeline.mjs prioritize <id> <P> / wsjf <id> …).
End with the natural next step — usually /dev-start or /ship on the worst item.
This is the command the security-mode boot trigger reminds you to run on a cadence (config
securityMode.everyNSessions). It's active, not reactive.