@aryaminus/controlkeel-opencode 0.3.31 → 0.3.33
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.opencode/skills/architect-first/SKILL.md +56 -0
- package/.opencode/skills/challenge/SKILL.md +152 -0
- package/.opencode/skills/cli-for-agents/SKILL.md +46 -0
- package/.opencode/skills/continual-learning/SKILL.md +66 -0
- package/.opencode/skills/continuity/SKILL.md +169 -0
- package/.opencode/skills/controlkeel-governance/SKILL.md +23 -0
- package/.opencode/skills/deep-code-quality-review/SKILL.md +63 -0
- package/.opencode/skills/deep-code-quality-review/references/quality-checklist.md +102 -0
- package/.opencode/skills/deslop/SKILL.md +99 -0
- package/.opencode/skills/deslop/references/slop-patterns.md +188 -0
- package/.opencode/skills/investigate/SKILL.md +52 -0
- package/.opencode/skills/orchestrate-tasks/SKILL.md +70 -0
- package/.opencode/skills/orchestrate-tasks/references/handoff-format.md +42 -0
- package/.opencode/skills/parallel-review/SKILL.md +55 -0
- package/.opencode/skills/reviewable-pr/SKILL.md +63 -0
- package/.opencode/skills/reviewable-pr/references/pr-checklist.md +42 -0
- package/.opencode/skills/standup-summary/SKILL.md +60 -0
- package/.opencode/skills/tdd-bugfix/SKILL.md +53 -0
- package/.opencode/skills/tdd-bugfix/references/root-cause-checklist.md +28 -0
- package/package.json +1 -1
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
# Deep Code Quality Checklist
|
|
2
|
+
|
|
3
|
+
Walk this checklist during a deep code quality review. Each item maps to a
|
|
4
|
+
`ck_finding` rule ID. Use `ck_validate` for automated scanning, then manually
|
|
5
|
+
apply these structural checks.
|
|
6
|
+
|
|
7
|
+
## File Size and Decomposition
|
|
8
|
+
|
|
9
|
+
- **1000-line threshold**: Has any file crossed 1000 lines due to this change?
|
|
10
|
+
Rule: `code_quality.file_size`. Severity: high.
|
|
11
|
+
Check: `wc -l <file>`. If approaching or crossing 1000, recommend decomposition.
|
|
12
|
+
|
|
13
|
+
- **Module cohesion**: Does each module have a single clear responsibility?
|
|
14
|
+
If a module handles auth, formatting, and API calls, flag for extraction.
|
|
15
|
+
|
|
16
|
+
- **Function length**: Are any functions longer than 50 lines?
|
|
17
|
+
Long functions often hide missing abstractions. Recommend extraction.
|
|
18
|
+
|
|
19
|
+
## Spaghetti and Branching
|
|
20
|
+
|
|
21
|
+
- **Ad-hoc conditionals**: Are new `if`/`case`/`cond` branches added to unrelated flows?
|
|
22
|
+
Rule: `code_quality.spaghetti_condition`. Severity: medium to high.
|
|
23
|
+
Prefer: dedicated abstraction, helper, state machine, or separate module.
|
|
24
|
+
|
|
25
|
+
- **Feature flags in shared code**: Are feature-specific checks scattered across general-purpose modules?
|
|
26
|
+
Rule: `code_quality.wrong_layer`. Severity: medium.
|
|
27
|
+
Prefer: isolate behind a dedicated abstraction.
|
|
28
|
+
|
|
29
|
+
- **One-off booleans or nullable modes**: Do new flags complicate existing control flow?
|
|
30
|
+
Consider whether a typed model or explicit dispatcher would eliminate the branching.
|
|
31
|
+
|
|
32
|
+
- **Narrow edge-case handling**: Is special-case logic inserted in the middle of an already busy function?
|
|
33
|
+
Recommend extracting to a helper or restructuring the flow.
|
|
34
|
+
|
|
35
|
+
## Abstraction Quality
|
|
36
|
+
|
|
37
|
+
- **Unnecessary abstractions**: Are there wrappers, identity functions, or pass-through helpers that add indirection without clarity?
|
|
38
|
+
Rule: `code_quality.unnecessary_abstraction`. Severity: medium.
|
|
39
|
+
Prefer: delete the layer of indirection.
|
|
40
|
+
|
|
41
|
+
- **Missing abstractions**: Are there repeated conditionals or similar patterns that signal a missing model?
|
|
42
|
+
Rule: `code_quality.missing_abstraction`. Severity: medium.
|
|
43
|
+
Prefer: extract a typed model, helper, or dispatcher.
|
|
44
|
+
|
|
45
|
+
- **Thin wrappers**: Does an abstraction merely call through to another function without adding logic?
|
|
46
|
+
Recommend: inline the call unless the wrapper provides a clear naming or boundary benefit.
|
|
47
|
+
|
|
48
|
+
- **Magic handling**: Are generic mechanisms (dynamic dispatch, reflection-like patterns) used where simple data-shape assumptions would be clearer?
|
|
49
|
+
Rule: `code_quality.magic_handling`. Severity: medium.
|
|
50
|
+
Prefer: explicit typed models.
|
|
51
|
+
|
|
52
|
+
## Type Boundaries
|
|
53
|
+
|
|
54
|
+
- **Unnecessary casts**: Are there type casts that obscure the real contract?
|
|
55
|
+
Rule: `code_quality.type_boundary`. Severity: low to medium.
|
|
56
|
+
Prefer: make the boundary explicit.
|
|
57
|
+
|
|
58
|
+
- **Loose optionality**: Are optional params or nil returns used where the invariant is actually clear?
|
|
59
|
+
Prefer: explicit types that encode the real state.
|
|
60
|
+
|
|
61
|
+
- **Ad-hoc object shapes**: Are data structures loosely shaped rather than explicitly typed?
|
|
62
|
+
Prefer: structs, typed schemas, or shared contracts.
|
|
63
|
+
|
|
64
|
+
## Layering and Ownership
|
|
65
|
+
|
|
66
|
+
- **Feature logic in shared paths**: Is feature-specific logic in general-purpose modules?
|
|
67
|
+
Rule: `code_quality.wrong_layer`. Severity: medium to high.
|
|
68
|
+
Prefer: move to a dedicated module behind the right boundary.
|
|
69
|
+
|
|
70
|
+
- **Canonical helper duplication**: Is a new helper created when the codebase already has a canonical utility for the job?
|
|
71
|
+
Rule: `code_quality.duplicate_logic`. Severity: medium.
|
|
72
|
+
Prefer: reuse the existing helper.
|
|
73
|
+
|
|
74
|
+
- **Implementation details leaking through APIs**: Are internal data shapes exposed through public interfaces?
|
|
75
|
+
Recommend: define explicit API contracts.
|
|
76
|
+
|
|
77
|
+
## Orchestration
|
|
78
|
+
|
|
79
|
+
- **Sequential when parallel is simpler**: Is independent work serialized for no reason?
|
|
80
|
+
Rule: `code_quality.orchestration`. Severity: low to medium.
|
|
81
|
+
Prefer: parallel execution for independent work.
|
|
82
|
+
|
|
83
|
+
- **Non-atomic related updates**: Can related updates leave state half-applied?
|
|
84
|
+
Prefer: more atomic structure (transaction, batch, single operation).
|
|
85
|
+
|
|
86
|
+
## Code Judo Opportunities
|
|
87
|
+
|
|
88
|
+
For each change, explicitly ask:
|
|
89
|
+
|
|
90
|
+
- Can this be reframed so fewer concepts, branches, or helper layers are needed?
|
|
91
|
+
- Is there a reorganization that uses the existing architecture more effectively?
|
|
92
|
+
- Can whole categories of complexity be deleted rather than rearranged?
|
|
93
|
+
- Does the change improve or worsen the local architecture?
|
|
94
|
+
- Is this the simplest implementation that solves the actual task?
|
|
95
|
+
|
|
96
|
+
**Priority order** for findings:
|
|
97
|
+
1. Structural quality regressions (file size, spaghetti)
|
|
98
|
+
2. Missed opportunities for dramatic simplification
|
|
99
|
+
3. Boundary and abstraction problems
|
|
100
|
+
4. Layering and ownership issues
|
|
101
|
+
5. Type boundary concerns
|
|
102
|
+
6. Legibility and maintainability
|
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: deslop
|
|
3
|
+
description: "Clean AI slop: remove narrative comments, verbosity, hallucinated patterns, padding. Also cleans AI-generated issue/PR text. Trigger: 'unslop', 'clean up AI code', 'remove slop', 'clean up issue description'. Complements aislop detection."
|
|
4
|
+
when_to_use: "Activate ONLY when explicitly asked to clean up AI-generated slop in code or issue/PR text. Do NOT auto-trigger during normal coding."
|
|
5
|
+
argument-hint: "[file, diff, or aislop findings to clean]"
|
|
6
|
+
disable-model-invocation: true
|
|
7
|
+
license: Apache-2.0
|
|
8
|
+
compatibility:
|
|
9
|
+
- opencode-native
|
|
10
|
+
- claude-standalone
|
|
11
|
+
- cursor-native
|
|
12
|
+
- codex
|
|
13
|
+
metadata:
|
|
14
|
+
author: controlkeel
|
|
15
|
+
version: "1.1"
|
|
16
|
+
category: quality
|
|
17
|
+
ck_mcp_tools: [ck_validate, ck_git_diff, ck_git_commit, ck_finding]
|
|
18
|
+
related_skills: [deep-code-quality-review]
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
# Deslop
|
|
22
|
+
|
|
23
|
+
Remove AI-generated slop while preserving behavior. Companion to aislop scanner — aislop detects, this skill cleans.
|
|
24
|
+
|
|
25
|
+
## Do NOT use when
|
|
26
|
+
- Normal coding or refactoring (use `deep-code-quality-review`)
|
|
27
|
+
- Security issues found (use `security-review`)
|
|
28
|
+
- Writing new code (not applicable)
|
|
29
|
+
- Reviewing issue/PR technical correctness (use `investigate` or appropriate review skill)
|
|
30
|
+
|
|
31
|
+
## Slop patterns (see [catalog](references/slop-patterns.md))
|
|
32
|
+
|
|
33
|
+
**Code patterns:**
|
|
34
|
+
1. Narrative comments — describing what code obviously does
|
|
35
|
+
2. Unnecessary verbosity — 10 lines where 3 suffice
|
|
36
|
+
3. Hallucinated imports — modules not used or not existing
|
|
37
|
+
4. Mechanical padding — single-call wrappers, unnecessary intermediates
|
|
38
|
+
5. Generic error messages — "An error occurred" instead of context
|
|
39
|
+
6. TODO stubs with no implementation
|
|
40
|
+
7. Redundant type annotations — already inferred
|
|
41
|
+
|
|
42
|
+
**Issue/PR text patterns:**
|
|
43
|
+
8. Over-confident root cause analysis without evidence
|
|
44
|
+
9. Generic implementation strategies without project-specific context
|
|
45
|
+
10. Long lists of irrelevant error classes
|
|
46
|
+
11. AI-generated issue expansion that broadens scope with hypotheses
|
|
47
|
+
12. Hallucinated code references or function names
|
|
48
|
+
|
|
49
|
+
## Subtraction rules
|
|
50
|
+
|
|
51
|
+
- **Delete, don't replace.** If a comment explains what → delete it, don't rewrite it.
|
|
52
|
+
- **Inline, don't redirect.** Single-call helper → inline and delete.
|
|
53
|
+
- **Shrink, don't reorganize.** 10-line function can be 3 → shrink, don't split.
|
|
54
|
+
- **Remove dead code.** Unused imports, unreachable branches.
|
|
55
|
+
- **Preserve intent.** Comments explaining **why** → keep. Helpers with meaningful naming → keep.
|
|
56
|
+
|
|
57
|
+
## Workflow
|
|
58
|
+
|
|
59
|
+
**For code cleanup:**
|
|
60
|
+
1. Run `ck_git_diff` to scope changes. Run `ck_validate` for aislop findings.
|
|
61
|
+
2. List slop patterns found. Plan removals — do not start editing until plan is clear.
|
|
62
|
+
3. Apply removals. Run tests after each logical group.
|
|
63
|
+
4. The diff must be **smaller** after cleanup, not just different.
|
|
64
|
+
5. Full suite must pass. Zero new failures.
|
|
65
|
+
6. `ck_validate` on cleaned diff. `ck_git_commit`.
|
|
66
|
+
|
|
67
|
+
**For issue/PR text cleanup:**
|
|
68
|
+
1. Identify the issue or PR description text to clean.
|
|
69
|
+
2. Run `ck_validate` with `source_type: "issue"` or `source_type: "pull_request"` to assess trust level.
|
|
70
|
+
3. List slop patterns found (over-confident analysis, generic strategies, hallucinated references).
|
|
71
|
+
4. Remove AI-generated expansions and stick to observed facts: command run, expected behavior, actual behavior, exact error/log.
|
|
72
|
+
5. Replace hallucinated code references with accurate ones after verification.
|
|
73
|
+
6. Remove generic implementation advice; keep only specific, actionable guidance.
|
|
74
|
+
7. Validate the cleaned text preserves the core issue report without the AI-generated noise.
|
|
75
|
+
|
|
76
|
+
## Rules
|
|
77
|
+
|
|
78
|
+
**For code:**
|
|
79
|
+
- Behavior preservation — every passing test stays passing
|
|
80
|
+
- No scope creep — fix slop only, do not refactor or add features
|
|
81
|
+
- Smaller diff — fewer lines after cleanup, not same or more
|
|
82
|
+
|
|
83
|
+
**For issue/PR text:**
|
|
84
|
+
- Fact preservation — keep the actual observed behavior and errors
|
|
85
|
+
- No scope narrowing — don't remove important context or edge cases
|
|
86
|
+
- Evidence-based — replace confident analysis with observed facts
|
|
87
|
+
- Specific over generic — keep concrete details, remove vague suggestions
|
|
88
|
+
|
|
89
|
+
## Output
|
|
90
|
+
|
|
91
|
+
**For code:**
|
|
92
|
+
- Cleaned code with slop removed
|
|
93
|
+
- Full suite passing
|
|
94
|
+
- Commit with cleanup
|
|
95
|
+
|
|
96
|
+
**For issue/PR text:**
|
|
97
|
+
- Cleaned description with AI-generated noise removed
|
|
98
|
+
- Preserved core issue report with observed facts
|
|
99
|
+
- Specific, actionable guidance without over-confident analysis
|
|
@@ -0,0 +1,188 @@
|
|
|
1
|
+
# Slop Pattern Catalog
|
|
2
|
+
|
|
3
|
+
Common AI-generated code patterns that should be removed during deslop. Each
|
|
4
|
+
pattern includes what to look for and the subtraction rule.
|
|
5
|
+
|
|
6
|
+
## Issue and PR Text Patterns
|
|
7
|
+
|
|
8
|
+
### Over-confident root cause analysis without evidence
|
|
9
|
+
```markdown
|
|
10
|
+
# Bad: confident diagnosis without supporting evidence
|
|
11
|
+
The issue is clearly caused by a race condition in the user session manager. We should add a mutex lock around the session state mutations to prevent concurrent access.
|
|
12
|
+
|
|
13
|
+
# Good: stick to observed facts
|
|
14
|
+
When two requests hit the session endpoint simultaneously, I see session state corruption in the logs. Here's the exact error and reproduction steps.
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
### Generic implementation strategies
|
|
18
|
+
```markdown
|
|
19
|
+
# Bad: generic advice without project-specific context
|
|
20
|
+
The best approach would be to implement a comprehensive retry mechanism with exponential backoff, circuit breaker pattern, and extensive monitoring.
|
|
21
|
+
|
|
22
|
+
# Good: specific, actionable guidance tied to the actual problem
|
|
23
|
+
Add retry with exponential backoff (max 3 attempts) to the `ApiClient.post/2` function, which currently fails on network timeouts.
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
### Long lists of irrelevant error classes
|
|
27
|
+
```markdown
|
|
28
|
+
# Bad: enumerating possible issues without narrowing down
|
|
29
|
+
This could be caused by: network timeouts, SSL certificate errors, DNS resolution failures, malformed JSON responses, rate limiting, authentication failures, or server-side bugs.
|
|
30
|
+
|
|
31
|
+
# Good: specific error with context
|
|
32
|
+
The specific error is `{:error, :timeout}` after 30 seconds when calling the external payment API. Here's the full stack trace.
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
### AI-generated issue expansion
|
|
36
|
+
```markdown
|
|
37
|
+
# Bad: expands narrow observation into broad hypotheses
|
|
38
|
+
The login button doesn't work. This suggests potential problems with the authentication flow, session management, CSRF token validation, user database integrity, or frontend event handling. We should audit the entire auth subsystem.
|
|
39
|
+
|
|
40
|
+
# Good: focused on the actual observation
|
|
41
|
+
Clicking the login button does nothing. No network request is sent to `/auth/login` and no error appears in the console. Here are the browser devtools screenshots.
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
### Hallucinated code references
|
|
45
|
+
```markdown
|
|
46
|
+
# Bad: confident but wrong code references
|
|
47
|
+
The bug is in `lib/my_app/auth/session_manager.ex` line 45 where the `validate_session/1` function doesn't check for expired tokens.
|
|
48
|
+
|
|
49
|
+
# Good: accurate code references after actual investigation
|
|
50
|
+
The issue is in `lib/my_app/web/auth_plug.ex` where the `call/2` function doesn't validate session expiration before proceeding.
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
## Comments
|
|
54
|
+
|
|
55
|
+
### Narrative comments
|
|
56
|
+
```elixir
|
|
57
|
+
# Bad: describes what the code does
|
|
58
|
+
# Check if the user is authenticated before proceeding
|
|
59
|
+
if user do
|
|
60
|
+
...
|
|
61
|
+
end
|
|
62
|
+
|
|
63
|
+
# Good: delete the comment, the code is self-explanatory
|
|
64
|
+
if user do
|
|
65
|
+
...
|
|
66
|
+
end
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
### Story comments
|
|
70
|
+
```elixir
|
|
71
|
+
# Bad: tells a story
|
|
72
|
+
# First, we need to get the user from the database.
|
|
73
|
+
# Then, we check if they have admin privileges.
|
|
74
|
+
# If they do, we allow access to the dashboard.
|
|
75
|
+
user = Accounts.get_user!(id)
|
|
76
|
+
if Accounts.admin?(user), do: render_dashboard(user)
|
|
77
|
+
|
|
78
|
+
# Good: just the code
|
|
79
|
+
user = Accounts.get_user!(id)
|
|
80
|
+
if Accounts.admin?(user), do: render_dashboard(user)
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
### Kept comments
|
|
84
|
+
```elixir
|
|
85
|
+
# Keep: explains WHY, not what
|
|
86
|
+
# Using pessimistic locking here because concurrent updates
|
|
87
|
+
# caused a race condition in production (see #1234)
|
|
88
|
+
Repo.lock(user)
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
## Verbosity
|
|
92
|
+
|
|
93
|
+
### Unnecessary intermediate variables
|
|
94
|
+
```elixir
|
|
95
|
+
# Bad
|
|
96
|
+
result = do_something()
|
|
97
|
+
final_result = process(result)
|
|
98
|
+
return_value = format(final_result)
|
|
99
|
+
return_value
|
|
100
|
+
|
|
101
|
+
# Good
|
|
102
|
+
do_something() |> process() |> format()
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
### Overly explicit pattern matching
|
|
106
|
+
```elixir
|
|
107
|
+
# Bad
|
|
108
|
+
case value do
|
|
109
|
+
true -> handle_true()
|
|
110
|
+
false -> handle_false()
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
# Good
|
|
114
|
+
if value, do: handle_true(), else: handle_false()
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
## Dead Code
|
|
118
|
+
|
|
119
|
+
### Unused imports
|
|
120
|
+
```elixir
|
|
121
|
+
# Bad: imported but never referenced
|
|
122
|
+
alias MyApp.SomeModule # never used
|
|
123
|
+
|
|
124
|
+
# Good: delete the import
|
|
125
|
+
```
|
|
126
|
+
|
|
127
|
+
### TODO stubs with no implementation
|
|
128
|
+
```elixir
|
|
129
|
+
# Bad
|
|
130
|
+
def handle_error(error) do
|
|
131
|
+
# TODO: implement error handling
|
|
132
|
+
:ok
|
|
133
|
+
end
|
|
134
|
+
|
|
135
|
+
# Good: implement it or remove the function if not called
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
### Unreachable branches
|
|
139
|
+
```elixir
|
|
140
|
+
# Bad: else branch can never execute
|
|
141
|
+
if true do
|
|
142
|
+
do_thing()
|
|
143
|
+
else
|
|
144
|
+
handle_impossible_case() # dead code
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
# Good: remove the conditional entirely
|
|
148
|
+
do_thing()
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
## Padding
|
|
152
|
+
|
|
153
|
+
### Single-call wrappers
|
|
154
|
+
```elixir
|
|
155
|
+
# Bad: helper adds no logic, just redirects
|
|
156
|
+
def get_user_name(user), do: user.name
|
|
157
|
+
|
|
158
|
+
# Good: just call user.name directly at the call site
|
|
159
|
+
```
|
|
160
|
+
|
|
161
|
+
### Generic error messages
|
|
162
|
+
```elixir
|
|
163
|
+
# Bad
|
|
164
|
+
{:error, "An error occurred while processing the request"}
|
|
165
|
+
|
|
166
|
+
# Good
|
|
167
|
+
{:error, "Payment gateway timeout: #{status} after #{timeout}ms"}
|
|
168
|
+
```
|
|
169
|
+
|
|
170
|
+
## Hallucinated Patterns
|
|
171
|
+
|
|
172
|
+
### Imports for non-existent modules
|
|
173
|
+
```elixir
|
|
174
|
+
# Bad: module does not exist in the project
|
|
175
|
+
alias Phoenix.HTML.Form # wrong module name
|
|
176
|
+
|
|
177
|
+
# Good: use the actual module
|
|
178
|
+
alias Phoenix.Component
|
|
179
|
+
```
|
|
180
|
+
|
|
181
|
+
### Redundant type specs
|
|
182
|
+
```elixir
|
|
183
|
+
# Bad: typespec repeats what the function body already makes clear
|
|
184
|
+
@spec add(integer(), integer()) :: integer()
|
|
185
|
+
def add(a, b), do: a + b
|
|
186
|
+
|
|
187
|
+
# Good: keep typespecs for public APIs, remove for trivial private functions
|
|
188
|
+
```
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: investigate
|
|
3
|
+
description: "Read-only codebase Q&A: trace code paths, answer how/why/where questions without changes. Trigger: 'how does X work', 'why was Y built this way', 'trace the data flow'."
|
|
4
|
+
when_to_use: "Activate for read-only exploration questions. Do NOT use when code changes are needed."
|
|
5
|
+
argument-hint: "[question about the codebase]"
|
|
6
|
+
disable-model-invocation: true
|
|
7
|
+
license: Apache-2.0
|
|
8
|
+
compatibility:
|
|
9
|
+
- opencode-native
|
|
10
|
+
- claude-standalone
|
|
11
|
+
- cursor-native
|
|
12
|
+
- codex
|
|
13
|
+
metadata:
|
|
14
|
+
author: controlkeel
|
|
15
|
+
version: "1.1"
|
|
16
|
+
category: exploration
|
|
17
|
+
ck_mcp_tools: [ck_memory_search]
|
|
18
|
+
related_skills: [architect-first]
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
# Investigate
|
|
22
|
+
|
|
23
|
+
Read-only codebase Q&A. Trace code, not guesses. No file changes.
|
|
24
|
+
|
|
25
|
+
## Do NOT use when
|
|
26
|
+
- Code changes are needed (use appropriate dev skill)
|
|
27
|
+
- The question is about planning (use `align`)
|
|
28
|
+
- The question is about security (use `security-review`)
|
|
29
|
+
|
|
30
|
+
## Workflow
|
|
31
|
+
|
|
32
|
+
1. Search `ck_memory_search` for prior analysis on this area.
|
|
33
|
+
2. Trace actual code paths for the question type:
|
|
34
|
+
- **How**: entry point → call chain → data flow → side effects
|
|
35
|
+
- **Why**: `git log --oneline -20 -- <file>`, linked issues, commit messages
|
|
36
|
+
- **Where**: search for function/module references, trace callers
|
|
37
|
+
- **What-if**: trace the code path for that scenario, identify edge cases
|
|
38
|
+
3. Check multiple sources: source control, tests, comments. Code shows what, not why.
|
|
39
|
+
4. Answer concisely: direct answer + evidence (file:line, commit SHA) + caveats.
|
|
40
|
+
|
|
41
|
+
## Rules
|
|
42
|
+
|
|
43
|
+
- Read-only — no file changes. If fix needed, record and recommend appropriate skill.
|
|
44
|
+
- Every claim backed by code evidence or git history.
|
|
45
|
+
- Answer what was asked — do not explore tangentially.
|
|
46
|
+
- Stop at external boundaries — say so instead of speculating.
|
|
47
|
+
|
|
48
|
+
## Output
|
|
49
|
+
|
|
50
|
+
- Concise answer with file:line evidence
|
|
51
|
+
- Optional `ck_memory_record` for durable findings
|
|
52
|
+
- No file changes
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: orchestrate-tasks
|
|
3
|
+
description: "Fan large tasks across parallel agents with planner/worker/verifier roles and structured handoffs. Trigger: 'parallelize', 'fan out', 'orchestrate', or when plan-slice produces 3+ independent slices."
|
|
4
|
+
when_to_use: "Activate ONLY when a task is too large for a single agent and has independent parallelizable slices. Do NOT use for single-agent tasks."
|
|
5
|
+
argument-hint: "[goal or slice plan to orchestrate]"
|
|
6
|
+
disable-model-invocation: true
|
|
7
|
+
license: Apache-2.0
|
|
8
|
+
compatibility:
|
|
9
|
+
- opencode-native
|
|
10
|
+
- claude-standalone
|
|
11
|
+
- cursor-native
|
|
12
|
+
- codex
|
|
13
|
+
metadata:
|
|
14
|
+
author: controlkeel
|
|
15
|
+
version: "1.1"
|
|
16
|
+
category: orchestration
|
|
17
|
+
ck_mcp_tools: [ck_route, ck_delegate, ck_budget, ck_review_submit, ck_finding, ck_git_diff, ck_memory_record, ck_rollback]
|
|
18
|
+
related_skills: [plan-slice]
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
# Orchestrate Tasks
|
|
22
|
+
|
|
23
|
+
Fan large tasks across parallel agents with planner/worker/verifier roles. Adapted from Cursor's orchestrate plugin for CK governance.
|
|
24
|
+
|
|
25
|
+
## Do NOT use when
|
|
26
|
+
- Single-agent task (just use `controlkeel-governance`)
|
|
27
|
+
- Task has no parallelizable slices
|
|
28
|
+
- Budget is tight (orchestration is expensive — multiple delegations)
|
|
29
|
+
|
|
30
|
+
## Principles
|
|
31
|
+
|
|
32
|
+
1. **Planners own scope, not code** — decompose, publish tasks, read handoffs, decide next. No file edits.
|
|
33
|
+
2. **Workers are isolated** — one task, one agent, one scope. Talk up through handoffs only.
|
|
34
|
+
3. **Verifiers check independently** — read worker output, verify against acceptance criteria.
|
|
35
|
+
4. **State on disk** — `ck_memory_record` and git, no long-running agent state.
|
|
36
|
+
5. **Continuous convergence** — each cycle produces progress. No progress → escalate.
|
|
37
|
+
|
|
38
|
+
## Workflow
|
|
39
|
+
|
|
40
|
+
1. Check `ck_budget` — orchestration costs multiple delegations. Stop if insufficient.
|
|
41
|
+
2. Decompose into tasks (or use existing `plan-slice` output). Each task: name, type (worker/verifier/subplanner), scoped goal, acceptance criteria, dependencies, paths.
|
|
42
|
+
3. Record plan via `ck_memory_record` (type: `decision`, tags: `orchestration-plan`).
|
|
43
|
+
4. Submit plan via `ck_review_submit` (review_type: `plan`). **Wait for approval** before spawning.
|
|
44
|
+
5. Execute loop:
|
|
45
|
+
- Select ready tasks (dependencies satisfied, not started)
|
|
46
|
+
- Check budget before each delegation
|
|
47
|
+
- Delegate: `ck_route` → `ck_delegate`
|
|
48
|
+
- Collect handoffs
|
|
49
|
+
- Verify completed tasks
|
|
50
|
+
- `ck_rollback` checkpoint after each success
|
|
51
|
+
- Decide: new tasks, retry failures, or completion
|
|
52
|
+
6. Synthesize: `ck_git_diff` for total change, `parallel-review` if large.
|
|
53
|
+
|
|
54
|
+
## Failure recovery
|
|
55
|
+
|
|
56
|
+
- Worker failure → record `ck_finding`, retry once, escalate if retry fails
|
|
57
|
+
- Budget exhaustion → checkpoint state, stop, record for resumption
|
|
58
|
+
- Verifier failure → worker output not trusted, fix or escalate
|
|
59
|
+
|
|
60
|
+
## Output
|
|
61
|
+
|
|
62
|
+
- Approved orchestration plan
|
|
63
|
+
- Delegated tasks with handoffs
|
|
64
|
+
- `ck_finding` for failures
|
|
65
|
+
- `ck_rollback` checkpoints
|
|
66
|
+
- Synthesized result
|
|
67
|
+
|
|
68
|
+
## Reference
|
|
69
|
+
|
|
70
|
+
- [Handoff format](references/handoff-format.md)
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# Handoff Format
|
|
2
|
+
|
|
3
|
+
Workers and verifiers produce a handoff document when they complete. This is the
|
|
4
|
+
only communication channel between a worker and its planner.
|
|
5
|
+
|
|
6
|
+
## Structure
|
|
7
|
+
|
|
8
|
+
```markdown
|
|
9
|
+
# Handoff: <task-name>
|
|
10
|
+
|
|
11
|
+
## Status
|
|
12
|
+
<completed | failed | blocked>
|
|
13
|
+
|
|
14
|
+
## What was done
|
|
15
|
+
<1-5 bullets describing the actual changes made>
|
|
16
|
+
|
|
17
|
+
## Files changed
|
|
18
|
+
- `path/to/file.ex`: <what changed and why>
|
|
19
|
+
- `path/to/test.exs`: <what was tested>
|
|
20
|
+
|
|
21
|
+
## Acceptance criteria met
|
|
22
|
+
- [x] <criterion 1>
|
|
23
|
+
- [x] <criterion 2>
|
|
24
|
+
- [ ] <criterion not met> — <why>
|
|
25
|
+
|
|
26
|
+
## Test results
|
|
27
|
+
<mix test output summary>
|
|
28
|
+
|
|
29
|
+
## Issues encountered
|
|
30
|
+
- <any blockers, unexpected complexity, or things the planner should know>
|
|
31
|
+
|
|
32
|
+
## Recommendations for planner
|
|
33
|
+
<suggestions for follow-up tasks, verifications, or adjustments>
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
## Rules
|
|
37
|
+
|
|
38
|
+
- **Be specific, not narrative.** "Added `validate_email/1` to `Accounts` module" not "improved validation".
|
|
39
|
+
- **Include test evidence.** Every completed worker must include test output.
|
|
40
|
+
- **Flag blocked criteria.** If acceptance criteria are not met, explain why and what the planner should do.
|
|
41
|
+
- **No code dumps.** The handoff summarizes changes; the actual code is in the repo.
|
|
42
|
+
- **Be concise.** A good handoff fits in one screen. If it doesn't, the task was too broad.
|
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: parallel-review
|
|
3
|
+
description: "Run security + code quality reviews concurrently, synthesize deduplicated findings. Trigger: 'full review', 'parallel review', 'both reviews', comprehensive pre-merge check."
|
|
4
|
+
when_to_use: "Activate ONLY when explicitly asked for comprehensive security+quality review. Do NOT use when only one review type is needed."
|
|
5
|
+
argument-hint: "[PR, branch, or diff]"
|
|
6
|
+
disable-model-invocation: true
|
|
7
|
+
license: Apache-2.0
|
|
8
|
+
compatibility:
|
|
9
|
+
- opencode-native
|
|
10
|
+
- claude-standalone
|
|
11
|
+
- cursor-native
|
|
12
|
+
- codex
|
|
13
|
+
metadata:
|
|
14
|
+
author: controlkeel
|
|
15
|
+
version: "1.1"
|
|
16
|
+
category: review
|
|
17
|
+
ck_mcp_tools: [ck_validate, ck_finding, ck_git_diff, ck_review_submit, ck_route, ck_delegate]
|
|
18
|
+
related_skills: [security-review, deep-code-quality-review]
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
# Parallel Review
|
|
22
|
+
|
|
23
|
+
Run `security-review` and `deep-code-quality-review` concurrently, synthesize into one prioritized report.
|
|
24
|
+
|
|
25
|
+
## Do NOT use when
|
|
26
|
+
- Only security OR quality review needed (use the specific skill directly)
|
|
27
|
+
- During normal coding
|
|
28
|
+
- For single-file changes where sequential review is fast enough
|
|
29
|
+
|
|
30
|
+
## Workflow
|
|
31
|
+
|
|
32
|
+
1. Run `ck_git_diff` to gather the diff. Run `ck_validate` for automated findings.
|
|
33
|
+
2. Launch both reviews (via `ck_delegate` or sequential invocation):
|
|
34
|
+
- **Security**: `security-review` skill — OWASP, injection, auth, secrets, deps
|
|
35
|
+
- **Quality**: `deep-code-quality-review` skill — abstraction, file size, spaghetti, layering
|
|
36
|
+
Both record findings independently via `ck_finding`.
|
|
37
|
+
3. Synthesize:
|
|
38
|
+
- Deduplicate: same code path flagged by both → one finding, higher severity
|
|
39
|
+
- Prioritize: critical > high > medium > low; security > quality > reviewability
|
|
40
|
+
- Weight overlaps: flagged by both = higher confidence
|
|
41
|
+
- Resolve disagreements with your own judgment
|
|
42
|
+
4. Submit via `ck_review_submit` (review_type: `diff`) with combined findings.
|
|
43
|
+
5. **Wait for approval** before merge/deploy.
|
|
44
|
+
|
|
45
|
+
## Rules
|
|
46
|
+
|
|
47
|
+
- Both reviews must complete — do not skip one
|
|
48
|
+
- Blocked finding from either = merge blocked
|
|
49
|
+
- Deduplicate, do not double-count
|
|
50
|
+
|
|
51
|
+
## Output
|
|
52
|
+
|
|
53
|
+
- Combined findings (deduplicated, prioritized)
|
|
54
|
+
- `ck_review_submit` diff review
|
|
55
|
+
- Clear verdict: merge / merge with warnings / blocked
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: reviewable-pr
|
|
3
|
+
description: "Prepare PRs for review: clean noisy history, improve descriptions, add reviewer guidance. Trigger: 'make easy to review', 'tidy PR', 'clean up commits', 'annotate diff'."
|
|
4
|
+
when_to_use: "Activate ONLY when explicitly asked to prepare a PR for review. Do NOT auto-trigger during normal coding or review tasks."
|
|
5
|
+
argument-hint: "[PR URL, branch, or current]"
|
|
6
|
+
disable-model-invocation: true
|
|
7
|
+
license: Apache-2.0
|
|
8
|
+
compatibility:
|
|
9
|
+
- opencode-native
|
|
10
|
+
- claude-standalone
|
|
11
|
+
- cursor-native
|
|
12
|
+
- codex
|
|
13
|
+
metadata:
|
|
14
|
+
author: controlkeel
|
|
15
|
+
version: "1.1"
|
|
16
|
+
category: review
|
|
17
|
+
ck_mcp_tools: [ck_git_diff, ck_git_status, ck_validate, ck_review_submit, ck_finding]
|
|
18
|
+
related_skills: [security-review, deep-code-quality-review]
|
|
19
|
+
---
|
|
20
|
+
|
|
21
|
+
# Reviewable PR
|
|
22
|
+
|
|
23
|
+
Prepare a PR so a reviewer can quickly understand intent, risk, and key files — without changing code behavior.
|
|
24
|
+
|
|
25
|
+
## Do NOT use when
|
|
26
|
+
- Doing normal coding or bug fixing
|
|
27
|
+
- Running security or quality reviews (use those skills directly)
|
|
28
|
+
- Making behavior changes (this skill only improves reviewability)
|
|
29
|
+
|
|
30
|
+
## Workflow
|
|
31
|
+
|
|
32
|
+
1. Resolve the PR (URL, branch, or current). Run `ck_git_diff` and `ck_git_status`.
|
|
33
|
+
2. Run `ck_validate` on the diff. Resolve blocked findings first — reviewability is secondary to correctness.
|
|
34
|
+
3. Diagnose reviewability issues against [checklist](references/pr-checklist.md):
|
|
35
|
+
- Noisy/mixed-intent commit history
|
|
36
|
+
- Missing or stale PR description
|
|
37
|
+
- Unrelated changes mixed in
|
|
38
|
+
- Mechanical changes mixed with logic
|
|
39
|
+
- Missing test coverage for core change
|
|
40
|
+
- Unclear reviewer entry points
|
|
41
|
+
4. Record issues as `ck_finding` (category `reviewability`, severity `medium`/`low`).
|
|
42
|
+
5. Submit plan via `ck_review_submit` (review_type: `plan`) describing what will change. **Wait for approval** before rewriting history or force-pushing.
|
|
43
|
+
6. Apply approved improvements. After any history rewrite, verify tree hash unchanged:
|
|
44
|
+
```
|
|
45
|
+
ORIGINAL_TREE=$(git rev-parse origin/<branch>^{tree})
|
|
46
|
+
# ... rewrite ...
|
|
47
|
+
# Tree must match
|
|
48
|
+
```
|
|
49
|
+
7. Update PR description with: TL;DR, core files (3-7), mechanical files, risk callouts, context links.
|
|
50
|
+
|
|
51
|
+
## Guardrails
|
|
52
|
+
|
|
53
|
+
- Never hide behavior changes inside cleanup
|
|
54
|
+
- Never force-push without `ck_review_submit` approval
|
|
55
|
+
- If PR too large to review, recommend splitting instead of polishing
|
|
56
|
+
- If `ck_validate` blocked, fix those first
|
|
57
|
+
|
|
58
|
+
## Output
|
|
59
|
+
|
|
60
|
+
- `ck_finding` records for reviewability issues
|
|
61
|
+
- `ck_review_submit` plan (approved)
|
|
62
|
+
- Updated PR description with reviewer guidance
|
|
63
|
+
- Verified tree identity after any history changes
|