@aryaminus/controlkeel-opencode 0.3.31 → 0.3.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -0,0 +1,56 @@
1
+ ---
2
+ name: architect-first
3
+ description: "Settle types, module shape, and boundaries before implementation. Trigger: 'architect this', 'design module structure', 'settle types first'. For multi-module changes."
4
+ when_to_use: "Activate BEFORE writing code that crosses function/module boundaries or changes public APIs. Do NOT use for single-function fixes or when types are obvious."
5
+ argument-hint: "[feature or change to architect]"
6
+ disable-model-invocation: true
7
+ license: Apache-2.0
8
+ compatibility:
9
+ - opencode-native
10
+ - claude-standalone
11
+ - cursor-native
12
+ - codex
13
+ metadata:
14
+ author: controlkeel
15
+ version: "1.1"
16
+ category: planning
17
+ ck_mcp_tools: [ck_memory_record, ck_memory_search, ck_review_submit]
18
+ related_skills: [align, plan-slice, investigate]
19
+ ---
20
+
21
+ # Architect First
22
+
23
+ Settle types, module shape, and boundaries before writing code. Cheaper to fix the design now than rewrite callers later.
24
+
25
+ ## Do NOT use when
26
+ - Single-function fix (use `tdd-bugfix`)
27
+ - Types are obvious and scope is narrow
28
+ - The change fits in one module with no boundary changes
29
+ - During implementation (design is already approved)
30
+
31
+ ## Workflow
32
+
33
+ 1. Search `ck_memory_search` for prior decisions about the affected area.
34
+ 2. Investigate existing module boundaries (use `investigate` skill if needed).
35
+ 3. Define:
36
+ - **Types/structs** for key data structures
37
+ - **Module boundaries**: owns / exposes / depends / does-not for each module
38
+ - **Data flow**: trace primary use case across boundaries
39
+ 4. Mark unresolved decisions as `[DECISION NEEDED]`.
40
+ 5. Record design via `ck_memory_record` (type: `decision`).
41
+ 6. Submit via `ck_review_submit` (review_type: `plan`, plan_phase: `design_options`). **Wait for approval**.
42
+
43
+ ## Design principles
44
+
45
+ - Boundary discipline — modules own their data and invariants
46
+ - Type-system discipline — structs and typespecs, not bare maps
47
+ - Subtract before you add — can existing module absorb this?
48
+ - Minimize reader load — purpose clear from public API alone
49
+
50
+ ## Output
51
+
52
+ - Types and structs
53
+ - Module boundary definitions
54
+ - Data flow for primary use case
55
+ - `ck_review_submit` plan awaiting approval
56
+ - `ck_memory_record` with the design
@@ -0,0 +1,152 @@
1
+ ---
2
+ name: challenge
3
+ description: "Adversarially challenge the current plan or finding. Assume the direction is wrong and build the strongest case against it. Surfaces blind spots, false assumptions, and unexplored alternatives before execution starts."
4
+ when_to_use: "Activate when the user says 'challenge this', 'push back', 'what could go wrong', 'steelman against', or 'devil's advocate'. Also activate before executing a high-depth or high-scope plan (depth >= 5, scope architectural_scope=true). Use after ck_review_submit to stress-test an approved plan before coding starts."
5
+ argument-hint: "[plan review_id or finding rule_id to challenge — omit to challenge the latest approved plan]"
6
+ license: Apache-2.0
7
+ compatibility:
8
+ - codex
9
+ - claude-standalone
10
+ - claude-plugin
11
+ - copilot-plugin
12
+ - opencode-native
13
+ - cursor-native
14
+ - windsurf-native
15
+ - continue-native
16
+ - cline-native
17
+ - roo-native
18
+ - goose-native
19
+ - gemini-cli-native
20
+ - kiro-native
21
+ - amp-native
22
+ - augment-native
23
+ metadata:
24
+ author: controlkeel
25
+ version: "1.0"
26
+ category: governance
27
+ ck_mcp_tools:
28
+ - ck_context
29
+ - ck_finding
30
+ - ck_review_status
31
+ ---
32
+
33
+ # Challenge Skill
34
+
35
+ Adversarially review the current plan or a specific finding. The goal is not to block work — it is to surface the strongest objections *before* execution so they can be addressed, not discovered mid-implementation.
36
+
37
+ Inspired by Paradigma/Flywheel's adversarial review nodes: every knowledge claim should have an adversarial pass that tries to refute it before it propagates downstream.
38
+
39
+ ## When to Use
40
+
41
+ - Before executing a plan with `architectural_scope: true` or `depth >= 5`
42
+ - When the user asks "what could go wrong", "push back on this", or "devil's advocate"
43
+ - After `ck_review_submit` on a plan that affects multiple files or core modules
44
+ - When a finding has been open for multiple sessions and no one has questioned it
45
+ - Before delegating long-running autonomous work
46
+
47
+ ## Challenge Flow
48
+
49
+ ### Step 1 — Load context
50
+
51
+ Call `ck_context` to load:
52
+ - The current session, task, and latest approved plan
53
+ - Open findings (especially `blocked` and `escalated`)
54
+ - Risk tier and compliance constraints
55
+
56
+ If a specific `review_id` or `rule_id` was passed as an argument, use that as the target. Otherwise challenge the latest approved plan from `planning_context.latest_approved_plan`.
57
+
58
+ ### Step 2 — Extract the hypothesis
59
+
60
+ Look for `hypothesis` and `expected_signal` in the plan refinement. If absent, infer them:
61
+ - **Hypothesis**: what core assumption does this plan rest on? (e.g. "adding X will fix Y", "this abstraction won't break Z")
62
+ - **Expected signal**: what would confirm the hypothesis is correct?
63
+
64
+ State both explicitly before challenging. If you cannot reconstruct a hypothesis, that itself is the first challenge: **"This plan has no falsifiable hypothesis."**
65
+
66
+ ### Step 3 — Run the adversarial pass
67
+
68
+ For each dimension below, generate the strongest objection you can. Do not hedge — argue as if you are trying to kill the plan.
69
+
70
+ #### A. Assumption inversion
71
+ List the top 3 assumptions the plan makes. For each, ask: "What if this is false?" If any assumption being false would make the plan fail or significantly change the approach, flag it.
72
+
73
+ #### B. Scope creep signal
74
+ Look at `scope_estimate`. Is `architectural_scope` underreported? Are there more files likely to be touched than `files_touched_estimate` suggests? Flag any evidence that the real diff will be larger than claimed.
75
+
76
+ #### C. Contradicted findings
77
+ Check existing findings. Does any open finding (status `open` or `blocked`) directly contradict or undermine the plan? List them with their `rule_id`.
78
+
79
+ #### D. Missing alternatives
80
+ Look at `options_considered` and `rejected_options`. Is there a viable approach that was never considered? Describe it in one sentence and state why it might be better.
81
+
82
+ #### E. Validation gap
83
+ Look at `validation_plan`. Is there a scenario where all validation steps pass but the plan still fails in production? Describe it.
84
+
85
+ #### F. Hallucination propagation risk
86
+ If this plan produces outputs that downstream tasks will depend on — identify what those outputs are and whether they are verifiable. Flag any output that downstream work will treat as ground truth but that has not been independently verified.
87
+
88
+ ### Step 4 — Score the challenge
89
+
90
+ Summarize findings as:
91
+
92
+ ```
93
+ STRONG objections (would change the plan): N
94
+ MODERATE objections (should be addressed): N
95
+ WEAK objections (worth noting, not blocking): N
96
+ ```
97
+
98
+ If `STRONG >= 1`: recommend **blocking execution** and re-submitting the plan with the objections addressed.
99
+ If `STRONG == 0, MODERATE >= 2`: recommend **addressing before execution starts**, not blocking.
100
+ If `STRONG == 0, MODERATE <= 1`: recommend **proceeding** with the noted caveats.
101
+
102
+ ### Step 5 — Record findings
103
+
104
+ For each STRONG or MODERATE objection, call `ck_finding` with:
105
+ - `category`: `"challenge"`
106
+ - `severity`: `"high"` for STRONG, `"medium"` for MODERATE
107
+ - `rule_id`: `"challenge.<dimension>"` (e.g. `"challenge.assumption_inversion"`, `"challenge.validation_gap"`)
108
+ - `plain_message`: the objection in one sentence
109
+ - `decision`: `"warn"` (never block automatically — the human decides)
110
+ - `extends_finding_id`: the finding this challenge responds to, if applicable
111
+ - `contradicts_finding_id`: any existing finding this objection overturns, if applicable
112
+
113
+ Do NOT record WEAK objections as findings. Include them only in the report.
114
+
115
+ ### Step 6 — Output the report
116
+
117
+ ```markdown
118
+ # Challenge Report
119
+
120
+ **Target:** [plan title or finding rule_id]
121
+ **Hypothesis:** [stated or inferred]
122
+ **Expected signal:** [stated or inferred, or "not specified"]
123
+
124
+ ## Verdict: [BLOCK | ADDRESS BEFORE EXECUTION | PROCEED WITH CAVEATS]
125
+
126
+ ## Strong objections
127
+ [list, or "None"]
128
+
129
+ ## Moderate objections
130
+ [list, or "None"]
131
+
132
+ ## Weak objections / notes
133
+ [list, or "None"]
134
+
135
+ ## Findings recorded
136
+ [list of ck_finding IDs created, or "None"]
137
+ ```
138
+
139
+ ## Integration with ck_review_submit
140
+
141
+ After a challenge that clears (no STRONG objections), the caller can re-submit the plan with the moderate objections addressed. The new submission should include:
142
+ - `hypothesis`: the hypothesis now made explicit
143
+ - `expected_signal`: the observable confirmation criterion
144
+ - Prior challenge findings referenced in `alignment_context`
145
+
146
+ This creates a traceable chain: plan → challenge → revised plan → execution.
147
+
148
+ ## What this skill does NOT do
149
+
150
+ - It does not rewrite or fix the plan. It challenges it.
151
+ - It does not block execution directly. It records findings and gives a recommendation.
152
+ - It does not repeat static policy checks (`ck_validate` covers those). It targets reasoning and assumption errors.
@@ -0,0 +1,46 @@
1
+ ---
2
+ name: cli-for-agents
3
+ description: "Design/review CLIs for agent-friendliness: non-interactive flags, layered help, idempotency, dry-run, actionable errors. Trigger: 'agent CLI', 'automation-friendly CLI', 'headless CLI design'."
4
+ when_to_use: "Activate when building or reviewing a CLI that agents will drive. Do NOT use for general coding or web UI work."
5
+ argument-hint: "[CLI name or command to design/review]"
6
+ disable-model-invocation: true
7
+ license: Apache-2.0
8
+ compatibility:
9
+ - opencode-native
10
+ - claude-standalone
11
+ - cursor-native
12
+ - codex
13
+ metadata:
14
+ author: controlkeel
15
+ version: "1.1"
16
+ category: development
17
+ ck_mcp_tools: [ck_validate, ck_finding]
18
+ ---
19
+
20
+ # CLI for Agents
21
+
22
+ CLIs that agents can drive reliably. Most human-oriented CLIs block agents with interactive prompts, missing examples, and ambiguous errors.
23
+
24
+ ## Do NOT use when
25
+ - Building web UIs or non-CLI tools
26
+ - The CLI already follows these patterns and needs no review
27
+
28
+ ## Checklist
29
+
30
+ Design or review against these rules. Record violations as `ck_finding` (rule `cli.agent_unfriendly`).
31
+
32
+ - **Non-interactive first**: Every input as a flag. Interactive is fallback, not default.
33
+ - **Layered help**: `--help` per subcommand, not full manual dump.
34
+ - **Examples on every `--help`**: Real copy-pasteable invocations.
35
+ - **stdin/pipelines**: Accept stdin where sensible, support chaining.
36
+ - **Actionable errors**: Missing flag → correct example invocation, not a hang.
37
+ - **Idempotency**: Same command twice = safe (no-op or "already done").
38
+ - **Destructive actions**: `--dry-run` to preview, `--yes`/`--force` to skip confirmations.
39
+ - **Predictable structure**: `resource verb` pattern consistent across all subcommands.
40
+ - **Machine-readable output**: IDs, URLs, durations on success — not just "done".
41
+
42
+ ## Output
43
+
44
+ - CLI design with flags, examples, error messages
45
+ - Or: review findings for existing CLI
46
+ - `ck_finding` records for agent-unfriendly patterns
@@ -0,0 +1,66 @@
1
+ ---
2
+ name: continual-learning
3
+ description: "Auto-mine session for durable memory: user preferences and workspace facts. Trigger: 'learn from this', 'update memory', 'save what we learned', or at session end."
4
+ when_to_use: "Activate at session end, when the user asks to save learnings, or periodically in long sessions. Do NOT use during active coding."
5
+ argument-hint: "[optional: specific area to learn from]"
6
+ disable-model-invocation: true
7
+ license: Apache-2.0
8
+ compatibility:
9
+ - opencode-native
10
+ - claude-standalone
11
+ - cursor-native
12
+ - codex
13
+ metadata:
14
+ author: controlkeel
15
+ version: "1.1"
16
+ category: memory
17
+ ck_mcp_tools: [ck_memory_search, ck_memory_record, ck_memory_archive]
18
+ related_skills: [proof-memory]
19
+ ---
20
+
21
+ # Continual Learning
22
+
23
+ Auto-mine session activity for durable memory updates. CK's `ck_memory_record` is manual — this skill automates extraction.
24
+
25
+ ## Do NOT use when
26
+ - During active coding (distracts from the task)
27
+ - When no meaningful session activity has occurred
28
+ - To record secrets, tokens, or transient debugging state
29
+
30
+ ## What gets learned (only two categories)
31
+
32
+ 1. **User Preferences**: Recurring corrections, preferred patterns, naming, tools, workflows
33
+ 2. **Workspace Facts**: Stable codebase facts, architecture decisions, module ownership, constraints
34
+
35
+ ## What does NOT get learned
36
+
37
+ Secrets, one-off instructions, transient state, process meta-guidance
38
+
39
+ ## Workflow
40
+
41
+ 1. Search `ck_memory_search` for existing memories to avoid duplication.
42
+ 2. Scan session recent events (reviews, findings, decisions) for:
43
+ - User corrections recurring more than once
44
+ - Architecture decisions approved and not reversed
45
+ - Workspace facts discovered and not contradicted
46
+ - Preferences stated explicitly or demonstrated consistently
47
+ 3. For each candidate: Is it durable? Reusable? Specific? If no to any, skip.
48
+ 4. Record via `ck_memory_record`:
49
+ - Preferences → type `decision`, tags `["user-preference"]`
50
+ - Facts → type `brief`, tags `["workspace-fact"]`
51
+ 5. Archive superseded items via `ck_memory_archive`.
52
+ 6. If no high-signal items found: "No high-signal memory updates."
53
+
54
+ ## Rules
55
+
56
+ - Plain bullet points only — no metadata blocks, confidence scores
57
+ - Cap at 12 items per section
58
+ - Deduplicate semantically — "prefer Req" and "always use Req" are the same item
59
+ - Update in place, do not create duplicates alongside old items
60
+ - Never record secrets
61
+
62
+ ## Output
63
+
64
+ - `ck_memory_record` entries for new preferences/facts
65
+ - `ck_memory_archive` for superseded items
66
+ - Summary: "Recorded N preferences, M facts, archived K items."
@@ -0,0 +1,169 @@
1
+ ---
2
+ name: continuity
3
+ description: "Learn, record, audit, and apply codebase patterns consistently across a repo by comparing current code to canonical local examples stored in CK memory. Use when asked to preserve continuity, learn a pattern, check drift, fix inconsistent implementations, or enforce local conventions."
4
+ when_to_use: "Activate ONLY for pattern-related work: learning repo conventions, auditing for drift, or fixing inconsistencies. Do NOT use for one-off code changes or general governance."
5
+ argument-hint: "[learn <name> <paths...>|check <name>|fix <name>|ci]"
6
+ disable-model-invocation: true
7
+ license: Apache-2.0
8
+ compatibility:
9
+ - opencode-native
10
+ - claude-standalone
11
+ - cursor-native
12
+ - codex
13
+ metadata:
14
+ author: controlkeel
15
+ version: "1.0"
16
+ category: governance
17
+ ck_mcp_tools: [ck_memory_record, ck_memory_search, ck_finding, ck_fs_find, ck_fs_grep, ck_fs_read, ck_git_diff, ck_validate]
18
+ related_skills: [investigate, controlkeel-governance, deslop]
19
+ ---
20
+
21
+ # Continuity
22
+
23
+ Learn, record, audit, and apply codebase patterns consistently using CK's existing tools. No external registry files, no new infrastructure — everything lives in CK typed memory and findings.
24
+
25
+ This skill fills the gap between CK's policy-level validation (`ck_validate`) and unstructured convention hints in `AGENTS.md`. It lets you encode *local coding conventions* — "our screens follow this shape, hooks use this pattern, imports go here" — as searchable, auditable, CI-gatable rules.
26
+
27
+ ## Do NOT use when
28
+ - The work is a one-off code change (governance is handled by `controlkeel-governance`)
29
+ - The question is about security policy (use `security-review`)
30
+ - You need to trace code paths without enforcing conventions (use `investigate`)
31
+ - The repo has no patterns worth recording yet
32
+
33
+ ## How it works
34
+
35
+ CK typed memory IS the pattern registry. `ck_finding` IS the violation tracker. `ck_fs_*` tools ARE the scanner. This skill just wires them together:
36
+
37
+ | Need | CK tool |
38
+ |------|---------|
39
+ | Store a pattern | `ck_memory_record(record_type: "decision", tags: ["continuity", "pattern", "active"])` |
40
+ | Find known patterns | `ck_memory_search(query: "...", record_type: "decision")` + filter tags |
41
+ | Find canonical files | `ck_fs_find`, `ck_fs_grep` to locate implementations |
42
+ | Read source-of-truth | `ck_fs_read` |
43
+ | Audit files for drift | `ck_fs_grep` for violation signals, `ck_fs_read` to verify |
44
+ | Record violations | `ck_finding(category: "continuity", severity: "...", rule_id: "continuity.<pattern-name>")` |
45
+ | Scope to changed files | `ck_git_diff` to list changed paths first |
46
+ | CI gate | `ck_validate` against finding-based policy |
47
+
48
+ ## Pattern Registry
49
+
50
+ Patterns live in CK typed memory. To learn a pattern, record it with a consistent shape:
51
+
52
+ ```elixir
53
+ # Pattern recording convention
54
+ record_type: "decision"
55
+ tags: ["continuity", "pattern", "<status>"]
56
+ # status: active | draft | deprecated
57
+
58
+ # Body shape (markdown):
59
+ # ## Pattern: <kebab-case-name>
60
+ # - **Source of truth:** <file paths>
61
+ # - **Applies to:** <glob patterns>
62
+ # - **Does not apply to:** <glob exceptions>
63
+ # - **Rule summary:** <one paragraph>
64
+ # - **Required shape:** <observable rules>
65
+ # - **Violation signals:** <searchable patterns>
66
+ # - **Severity:** high | medium | low
67
+ # - **Fix strategy:** <mechanical fix steps>
68
+ ```
69
+
70
+ ### Tag conventions
71
+
72
+ - `["continuity", "pattern", "active"]` — actively enforced
73
+ - `["continuity", "pattern", "draft"]` — being refined
74
+ - `["continuity", "pattern", "deprecated"]` — no longer enforced
75
+
76
+ ## Invocation modes
77
+
78
+ ### learn — Record a new pattern
79
+
80
+ When the user says "learn this pattern" or shows you canonical example files:
81
+
82
+ 1. Read the provided files with `ck_fs_read`.
83
+ 2. Search for similar implementations with `ck_fs_find` + `ck_fs_grep`.
84
+ 3. Compare examples. Identify the canonical shape.
85
+ 4. **Ask focused questions if ambiguous.** Don't guess. Point to specific files and ask which should be canonical.
86
+ 5. Once confirmed, record with `ck_memory_record` using the shape above.
87
+ 6. Tell the user what was recorded.
88
+
89
+ ### check — Audit for drift (read-only)
90
+
91
+ When the user says "check this pattern" or "audit for drift":
92
+
93
+ 1. Search `ck_memory_search(tags: ["continuity", "pattern"])` for matching patterns.
94
+ 2. If a specific name given, filter by body content matching that name.
95
+ 3. If scope wasn't specified, check `ck_git_diff` for changed files first (changed-files scope).
96
+ 4. Or audit the full path scope if user explicitly requests full-repo.
97
+ 5. For each pattern, search for violation signals using `ck_fs_grep`.
98
+ 6. Read candidate files with `ck_fs_read` to verify.
99
+ 7. Report violations concisely. Do NOT edit files.
100
+ 8. For each violation, offer to record it with `ck_finding` if the user wants it tracked.
101
+
102
+ ### fix — Audit and apply safe fixes
103
+
104
+ When the user says "fix this pattern" or "apply the pattern":
105
+
106
+ 1. Run the `check` workflow first.
107
+ 2. Apply high-confidence mechanical fixes directly.
108
+ 3. **Ask before** fixes that rename public symbols, move files across packages, or require choosing between canonical examples.
109
+ 4. Re-run the pattern search to confirm drift is closed.
110
+ 5. Run repo-native validation (tests, lint, typecheck) if available.
111
+ 6. Summarize what changed.
112
+
113
+ ### ci — Deterministic audit for automation
114
+
115
+ When run in CI or pre-commit context:
116
+
117
+ 1. Run `ck_git_diff` to get changed files.
118
+ 2. Search `ck_memory_search(tags: ["continuity", "pattern", "active"])`.
119
+ 3. For patterns with `changed-files` scope, audit only changed files against violation signals.
120
+ 4. For patterns with `full-repo` scope, audit the full scope.
121
+ 5. Report violations as `ck_finding(category: "continuity", severity: rule_severity)`.
122
+ 6. End with a stable summary line matching the pattern:
123
+
124
+ ```
125
+ CONTINUITY_RESULT: pass|fail
126
+ PATTERNS_CHECKED: <n>
127
+ VIOLATIONS: <n>
128
+ ```
129
+
130
+ ## Operating principles
131
+
132
+ 1. **Code wins over docs.** Start from actual implementations, not documentation.
133
+ 2. **CK memory wins over inference.** Read recorded patterns before making claims. If memory contradicts current code, report the conflict.
134
+ 3. **Do not invent canonical patterns.** If unsure which file is canonical, ask the user. Point to files, not abstract preferences.
135
+ 4. **Record decisions.** After the user identifies canonical examples, save in CK memory so future sessions inherit it.
136
+ 5. **Prefer narrow scope first.** Audit changed files or provided paths before scanning the whole repo.
137
+ 6. **Separate detection from fixing.** First report violations. Then fix only what's clearly implied by pattern rules.
138
+ 7. **Avoid shallow text matching.** Use `ck_fs_grep` to find candidates, but verify structure by reading relevant files.
139
+ 8. **Respect baselines.** If a pattern has known legacy drift, don't report it as a new violation.
140
+
141
+ ## Useful search tactics
142
+
143
+ ```bash
144
+ # Find pattern candidates
145
+ ck_fs_find --query "ComponentName" --path lib/
146
+
147
+ # Search for violation signals
148
+ ck_fs_grep --query "import { useState }" --path lib/app/
149
+
150
+ # List changed files for CI scope
151
+ ck_git_diff --base-ref origin/main...HEAD
152
+
153
+ # Find related implementations
154
+ ck_fs_find --query "*.tsx" --path lib/app/screens
155
+ ```
156
+
157
+ ## Output style
158
+
159
+ Be direct and actionable. Never dump raw search results. Always distinguish:
160
+
161
+ - **Confirmed canonical:** file paths with evidence
162
+ - **Inferred but unconfirmed:** labeled as such
163
+ - **Violations that should be fixed:** specific files + issue + expected shape
164
+ - **Intentional exceptions:** known drift, not actionable
165
+ - **Open questions:** what needs human input
166
+
167
+ If no violations found, say:
168
+
169
+ > Continuity check passed for `<pattern>/<scope>`.
@@ -105,6 +105,28 @@ For any new feature, fix, or project — before writing plans or code — use th
105
105
  - Do not add abstractions, compatibility shims, or indirection unless they are justified by the current codebase. Prefer the simplest change that solves the actual task.
106
106
  - Before saying work is done, re-check proof, findings, and budget state.
107
107
 
108
+ ## Invariant Enforcement vs. Local Workarounds
109
+
110
+ **Critical principle**: Prefer enforcing system invariants over adding local workarounds for bad states.
111
+
112
+ - **Avoid**: "Make the system work with malformed data" (tolerant readers, fallbacks, recovery logic)
113
+ - **Prefer**: "Make malformed data impossible" (validation at write time, strict schemas, invariants)
114
+
115
+ AI-generated code often sees a local failure and adds local defenses against it. This accumulates complexity and weakens system foundations. Instead:
116
+
117
+ 1. **Identify the invariant**: What should always be true? (e.g., session logs are always valid, user data is always validated)
118
+ 2. **Enforce at the boundary**: Prevent invalid states from being written, not handle them after the fact
119
+ 3. **Remove workarounds**: Existing code that handles "impossible" states should be removed after invariant enforcement
120
+ 4. **Validate patterns**: Use `ck_finding` with category `architecture` and rule `CK-INVARIANT-001` when you see tolerance for bad states
121
+
122
+ **Examples**:
123
+ - ❌ Add fallback reader for corrupted session logs
124
+ - ✅ Prevent corrupted session logs from being written (strict validation, checksums)
125
+ - ❌ Add migration for malformed user records
126
+ - ✅ Enforce schema constraints so malformed records cannot be created
127
+ - ❌ Add retry logic for undefined API responses
128
+ - ✅ Define strict API contracts and validate responses against them
129
+
108
130
  ## Quick reference
109
131
 
110
132
  - `ck_context` — mission, task, budget, proof, memory, workspace snapshot, transcript summary, resume context
@@ -125,3 +147,4 @@ For any new feature, fix, or project — before writing plans or code — use th
125
147
  ## Additional resources
126
148
 
127
149
  - For the full governed workflow, see [references/workflow.md](references/workflow.md)
150
+ - For issue and PR validation patterns to combat AI-generated slop, see [docs/issue-pr-validation-guide.md](../../docs/issue-pr-validation-guide.md)
@@ -0,0 +1,63 @@
1
+ ---
2
+ name: deep-code-quality-review
3
+ description: "Strict maintainability review: abstraction quality, file size, spaghetti growth, code-judo simplification. Trigger: 'deep quality review', 'thermo-nuclear review', 'harsh maintainability audit'."
4
+ when_to_use: "Activate ONLY when explicitly asked for a harsh code quality review. Do NOT auto-trigger during normal coding or security reviews."
5
+ argument-hint: "[file, PR, branch, or area]"
6
+ disable-model-invocation: true
7
+ license: Apache-2.0
8
+ compatibility:
9
+ - opencode-native
10
+ - claude-standalone
11
+ - cursor-native
12
+ - codex
13
+ metadata:
14
+ author: controlkeel
15
+ version: "1.1"
16
+ category: quality
17
+ ck_mcp_tools: [ck_validate, ck_finding, ck_git_diff, ck_review_submit]
18
+ related_skills: [security-review, parallel-review]
19
+ ---
20
+
21
+ # Deep Code Quality Review
22
+
23
+ Extremely strict maintainability review. Be **ambitious** about structure — search for "code judo" moves that make the implementation dramatically simpler.
24
+
25
+ ## Do NOT use when
26
+ - Security review needed (use `security-review`)
27
+ - Normal code review or PR feedback
28
+ - Making behavior changes
29
+
30
+ ## Standards (non-negotiable)
31
+
32
+ 1. **File size**: Flag files crossing 1000 lines → `ck_finding` rule `code_quality.file_size` (severity `high`).
33
+ 2. **No spaghetti**: Flag ad-hoc conditionals in unrelated flows → rule `code_quality.spaghetti_condition`.
34
+ 3. **Design over "it works"**: If structure can be cleaner with same behavior, push for cleaner.
35
+ 4. **Direct over magical**: Flag thin wrappers, identity functions, pass-through helpers → rule `code_quality.unnecessary_abstraction`.
36
+ 5. **Type boundaries**: Flag unnecessary casts, optionality, ad-hoc shapes → rule `code_quality.type_boundary`.
37
+ 6. **Canonical layer**: Flag feature logic in shared paths → rule `code_quality.wrong_layer`.
38
+ 7. **Orchestration**: Flag sequential when parallel is simpler → rule `code_quality.orchestration`.
39
+
40
+ Additional rules: `code_quality.missing_abstraction`, `code_quality.magic_handling`, `code_quality.duplicate_logic`.
41
+
42
+ ## Workflow
43
+
44
+ 1. Run `ck_git_diff` to get changes. Run `ck_validate` for automated patterns.
45
+ 2. Walk [quality checklist](references/quality-checklist.md) against every meaningful change.
46
+ 3. Record each issue with `ck_finding` using the rule IDs above.
47
+ 4. Submit findings via `ck_review_submit` (review_type: `plan`). Wait for approval.
48
+
49
+ ## Approval bar
50
+
51
+ No approval unless: no structural regression, no missed simplification, no file explosion, no spaghetti growth, no unnecessary abstraction, no layer leak, no missed decomposition.
52
+
53
+ ## Relationship to security-review
54
+
55
+ - **security-review**: OWASP, injection, auth, secrets, dependencies
56
+ - **this skill**: abstraction quality, file size, spaghetti, layering, simplification
57
+ - Use `parallel-review` to run both concurrently.
58
+
59
+ ## Output
60
+
61
+ - `ck_finding` records with specific rule IDs
62
+ - `ck_review_submit` plan with prioritized findings
63
+ - No code changes — review only