{"id":"4a5dbc75-2630-448e-8572-7d8385861af1","shortId":"f5eXZZ","kind":"skill","title":"codebase-audit","tagline":"全面代码库审计 — 自适应并行深度分析（前后端契约、数据完整性、异常处理/安全、架构/技术债、配置/缓存），输出按严重程度排序的统一报告和修复路线图。Use when user asks to audit, analyze, or review an entire codebase for design issues, find hidden bugs, check architecture health, or asks '全面审查', '代码库审计', '分析设计问题', 'audit codebase', 'health check', '有哪些问","description":"# Codebase Audit — Adaptive Deep Analysis\n\nA comprehensive codebase audit that adapts its agent configuration to the project's tech stack. Each agent uses opus for maximum thoroughness. Results are compiled into a unified report sorted by severity with a phased repair roadmap.\n\n## Core Principles\n\n1. **Opus only** — All audit agents MUST use `model=\"opus\"`. This is non-negotiable. Smaller models miss subtle cross-file issues.\n2. **Depth over breadth** — Fewer agents with broader scope and deeper analysis beats many shallow agents. Each agent should trace issues across file boundaries.\n3. **Adaptive** — Agent count and focus areas vary by project type. Don't waste an agent on \"frontend rendering\" for a backend-only project.\n\n## When to Use\n\n- User asks to audit/review/analyze an entire codebase\n- User wants to find hidden bugs, silent degradation, or design inconsistencies\n- User asks about technical debt, architecture health, or \"what's broken\"\n- Before a major refactor or after inheriting an unfamiliar codebase\n- Periodic health check (monthly/quarterly)\n\n## Workflow\n\n### Phase 0: Tech Stack Detection\n\nDetect the project's tech stack to determine the agent configuration:\n\n```\nDetection checklist:\n- package.json / tsconfig.json → TypeScript/JavaScript (React, Next.js, Vue, etc.)\n- pyproject.toml / requirements.txt / setup.py → Python (FastAPI, Django, Pydantic, etc.)\n- Cargo.toml → Rust (serde, axum, actix, etc.)\n- go.mod → Go (gin, echo, gorm, etc.)\n- Multiple stacks → Full-stack project (frontend + backend)\n```\n\n### Phase 1: Launch Agents (Adaptive)\n\nBased on the detected stack, choose the appropriate agent configuration below. Launch ALL agents in a SINGLE message with `model=\"opus\"` for every agent.\n\nRead `references/agent-prompts.md` for complete prompt templates.\n\n---\n\n#### Full-Stack Projects (5 agents)\n\nWhen both frontend and backend exist (e.g., React + FastAPI, Next.js + Go).\n\n| # | Agent | Type | Scope (merged dimensions) |\n|---|-------|------|---------------------------|\n| 1 | **Frontend-Backend Contract** | `reviewer` | Type consistency (field names, types, missing fields) + Rendering pipeline (layout/block/card routing completeness, dead slots, unrendered fields) + Serialization boundaries (models that silently drop fields). This agent reads BOTH sides and traces data across the API boundary. |\n| 2 | **Data Integrity & Flow** | `code-reviewer` | Data pipeline end-to-end: from input through every transformation layer to output. Covers: field resolver filters, serialization/deserialization, model_validate/model_dump, cache read/write symmetry. Finds where fields get silently dropped. Also covers: declaration-execution gaps (registered but unwired handlers, enum without config). |\n| 3 | **Error Handling & Security** | `security-reviewer` | Exception patterns (bare except, debug-level errors, warning+fallback), security (hardcoded secrets, injection, unsafe deserialization), silent degradation (error paths that produce user-visible wrong output instead of failing). |\n| 4 | **Architecture & Code Quality** | `architect` | Layer violations, circular dependencies, god objects (files >800 lines), code duplication (parallel systems, scattered mapping tables), extension cost analysis (how many files to add a new type), DI pattern consistency. |\n| 5 | **Config & Persistence** | `database-reviewer` | Config completeness (template/schema vs code expectations, conflicting defaults), cache key completeness (missing code version dimension), DB schema consistency, temp file cleanup, state persistence across restarts. |\n\n---\n\n#### Backend-Only Projects (4 agents)\n\nWhen only backend exists (Python API, Rust service, Go microservice, etc.)\n\n| # | Agent | Type | Scope |\n|---|-------|------|-------|\n| 1 | **API Contract & Data Integrity** | `code-reviewer` | API schema vs internal models, serialization boundaries, data pipeline tracing, field dropping, declaration-execution gaps. |\n| 2 | **Error Handling & Security** | `security-reviewer` | Same as full-stack Agent 3. |\n| 3 | **Architecture & Code Quality** | `architect` | Same as full-stack Agent 4. |\n| 4 | **Config & Persistence** | `database-reviewer` | Same as full-stack Agent 5. |\n\n---\n\n#### Frontend-Only Projects (3 agents)\n\nWhen only frontend exists (React SPA, Vue app, etc.)\n\n| # | Agent | Type | Scope |\n|---|-------|------|-------|\n| 1 | **Component Architecture & Rendering** | `reviewer` | Type routing completeness, component registration gaps, dead props/slots, state management consistency, API consumption patterns. |\n| 2 | **Error Handling & Code Quality** | `code-reviewer` | Unhandled promise rejections, error boundaries, catch-and-ignore patterns, god components, code duplication. |\n| 3 | **Config & Build** | `reviewer` | Build config consistency, env variable management, bundle analysis, dead dependencies. |\n\n---\n\n### Phase 2: Compile Unified Report\n\nAfter ALL agents complete, compile findings into a single report:\n\n```markdown\n# [Project Name] Codebase Audit Report\n\n> Audit date: YYYY-MM-DD\n> Target: path\n> Tech stack: detected stack\n> Agents: N (list agent names)\n\n## Summary\n| Level | Count | Key Areas |\n|-------|-------|-----------|\n| Critical | N | ... |\n| High/P1 | N | ... |\n| Medium/P2 | N | ... |\n\n## Critical (Fix Immediately)\n| # | Problem | Agent | Impact |\n|---|---------|-------|--------|\nFor each: file:line, code snippet, risk description, fix suggestion.\n\n## High / P1 (Fix This Week)\n### [Category]\n| # | Problem | File(s) |\n|---|---------|---------|\nDetails for each.\n\n## Medium / P2 (Plan to Fix)\n[Same structure]\n\n## Repair Roadmap\n| Phase | Scope | Est. Files |\n|-------|-------|------------|\n| Phase 0 (urgent) | Critical fixes | ~N files |\n| Phase 1 (this week) | High priority | ~N files |\n| Phase 2 (next week) | Medium priority | ~N files |\n| Phase 3 (ongoing) | Architecture | ~N files |\n```\n\n### Deduplication\n\nSince agents have broader overlapping scopes, deduplication is simpler:\n- Same file + same line → merge\n- Same root cause found by multiple agents → keep the most detailed one, note cross-agent confirmation (this actually increases confidence)\n- Severity conflicts → use the highest\n\n### Severity Classification\n\n| Level | Criteria |\n|-------|----------|\n| **Critical** | Data loss, rendering failure, security vulnerability, complete feature breakage affecting users NOW |\n| **High/P1** | Silent degradation (user sees wrong/incomplete output), type mismatches causing data truncation, missing config causing empty output, architectural violations blocking development |\n| **Medium/P2** | Code duplication, inconsistent patterns, suboptimal error handling, tech debt that slows development but doesn't break features |\n\n## Stack-Specific Patterns\n\nRead `references/stack-patterns.md` for technology-specific search patterns.","tags":["codebase","audit","claude","arsenal","majiayu000","agent-skills","ai-agents","ai-coding-assistant","automation","claude-code","code-review","developer-tools"],"capabilities":["skill","source-majiayu000","skill-codebase-audit","topic-agent-skills","topic-ai-agents","topic-ai-coding-assistant","topic-automation","topic-claude","topic-claude-code","topic-code-review","topic-developer-tools","topic-devops","topic-productivity","topic-prompt-engineering","topic-python"],"categories":["claude-arsenal"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/majiayu000/claude-arsenal/codebase-audit","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add majiayu000/claude-arsenal","source_repo":"https://github.com/majiayu000/claude-arsenal","install_from":"skills.sh"}},"qualityScore":"0.464","qualityRationale":"deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 29 github stars · SKILL.md body (6,817 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-01T07:01:13.026Z","embedding":null,"createdAt":"2026-04-18T22:24:03.125Z","updatedAt":"2026-05-01T07:01:13.026Z","lastSeenAt":"2026-05-01T07:01:13.026Z","tsv":"'0':210,760 '1':90,263,319,533,614,767 '2':113,360,557,633,670,775 '3':137,410,570,571,600,655,783 '4':447,517,582,583 '5':301,482,595 '800':459 'across':134,356,511 'actix':246 'actual':821 'adapt':48,56,138,266 'add':475 'affect':843 'agent':58,67,95,118,128,130,139,152,223,265,275,280,290,302,314,349,518,530,569,581,594,601,611,676,702,705,722,790,809,818 'also':397 'analysi':50,124,470,666 'analyz':21 'api':358,524,534,541,630 'app':609 'appropri':274 'architect':451,575 'architectur':34,188,448,572,616,785,863 'area':143,711 'ask':18,37,166,184 'audit':3,20,41,47,54,94,688,690 'audit/review/analyze':168 'axum':245 'backend':159,261,307,322,514,521 'backend-on':158,513 'bare':419 'base':267 'beat':125 'block':865 'boundari':136,342,359,547,645 'breadth':116 'break':883 'breakag':842 'broader':120,792 'broken':193 'bug':32,177 'build':657,659 'bundl':665 'cach':388,496 'cargo.toml':242 'catch':647 'catch-and-ignor':646 'categori':739 'caus':805,855,860 'check':33,44,206 'checklist':226 'choos':272 'circular':454 'classif':830 'cleanup':508 'code':365,449,461,492,500,539,573,636,639,653,728,868 'code-review':364,538,638 'codebas':2,26,42,46,53,171,203,687 'codebase-audit':1 'compil':75,671,678 'complet':294,336,489,498,621,677,840 'compon':615,622,652 'comprehens':52 'confid':823 'config':409,483,488,584,656,660,859 'configur':59,224,276 'confirm':819 'conflict':494,825 'consist':326,481,505,629,661 'consumpt':631 'contract':323,535 'core':88 'cost':469 'count':140,709 'cover':381,398 'criteria':832 'critic':712,718,762,833 'cross':110,817 'cross-ag':816 'cross-fil':109 'data':355,361,367,536,548,834,856 'databas':486,587 'database-review':485,586 'date':691 'db':503 'dd':695 'dead':337,625,667 'debt':187,876 'debug':422 'debug-level':421 'declar':400,554 'declaration-execut':399,553 'dedupl':788,795 'deep':49 'deeper':123 'default':495 'degrad':179,434,848 'depend':455,668 'depth':114 'descript':731 'deseri':432 'design':28,181 'detail':743,813 'detect':213,214,225,270,700 'determin':221 'develop':866,879 'di':479 'dimens':318,502 'django':239 'doesn':881 'drop':346,396,552 'duplic':462,654,869 'e.g':309 'echo':251 'empti':861 'end':370,372 'end-to-end':369 'entir':25,170 'enum':407 'env':662 'error':411,424,435,558,634,644,873 'est':757 'etc':233,241,247,253,529,610 'everi':289,376 'except':417,420 'execut':401,555 'exist':308,522,605 'expect':493 'extens':468 'fail':446 'failur':837 'fallback':426 'fastapi':238,311 'featur':841,884 'fewer':117 'field':327,331,340,347,382,393,551 'file':111,135,458,473,507,726,741,758,765,773,781,787,799 'filter':384 'find':30,175,391,679 'fix':719,732,736,750,763 'flow':363 'focus':142 'found':806 'frontend':154,260,305,321,597,604 'frontend-backend':320 'frontend-on':596 'full':257,298,567,579,592 'full-stack':256,297,566,578,591 'gap':402,556,624 'get':394 'gin':250 'go':249,313,527 'go.mod':248 'god':456,651 'gorm':252 'handl':412,559,635,874 'handler':406 'hardcod':428 'health':35,43,189,205 'hidden':31,176 'high':734,770 'high/p1':714,846 'highest':828 'ignor':649 'immedi':720 'impact':723 'inconsist':182,870 'increas':822 'inherit':200 'inject':430 'input':374 'instead':444 'integr':362,537 'intern':544 'issu':29,112,133 'keep':810 'key':497,710 'launch':264,278 'layer':378,452 'layout/block/card':334 'level':423,708,831 'line':460,727,801 'list':704 'loss':835 'major':196 'manag':628,664 'mani':126,472 'map':466 'markdown':684 'maximum':71 'medium':746,778 'medium/p2':716,867 'merg':317,802 'messag':284 'microservic':528 'mismatch':854 'miss':107,330,499,858 'mm':694 'model':98,106,286,343,386,545 'monthly/quarterly':207 'multipl':254,808 'must':96 'n':703,713,715,717,764,772,780,786 'name':328,686,706 'negoti':104 'new':477 'next':776 'next.js':231,312 'non':103 'non-negoti':102 'note':815 'object':457 'one':814 'ongo':784 'opus':69,91,99,287 'output':380,443,852,862 'overlap':793 'p1':735 'p2':747 'package.json':227 'parallel':463 'path':436,697 'pattern':418,480,632,650,871,888,896 'period':204 'persist':484,510,585 'phase':85,209,262,669,755,759,766,774,782 'pipelin':333,368,549 'plan':748 'principl':89 'prioriti':771,779 'problem':721,740 'produc':438 'project':62,146,161,216,259,300,516,599,685 'promis':642 'prompt':295 'props/slots':626 'pydant':240 'pyproject.toml':234 'python':237,523 'qualiti':450,574,637 'react':230,310,606 'read':291,350,889 'read/write':389 'refactor':197 'references/agent-prompts.md':292 'references/stack-patterns.md':890 'regist':403 'registr':623 'reject':643 'render':155,332,617,836 'repair':86,753 'report':79,673,683,689 'requirements.txt':235 'resolv':383 'restart':512 'result':73 'review':23,324,366,416,487,540,563,588,618,640,658 'risk':730 'roadmap':87,754 'root':804 'rout':335,620 'rust':243,525 'scatter':465 'schema':504,542 'scope':121,316,532,613,756,794 'search':895 'secret':429 'secur':413,415,427,560,562,838 'security-review':414,561 'see':850 'serd':244 'serial':341,546 'serialization/deserialization':385 'servic':526 'setup.py':236 'sever':82,824,829 'shallow':127 'side':352 'silent':178,345,395,433,847 'simpler':797 'sinc':789 'singl':283,682 'skill' 'skill-codebase-audit' 'slot':338 'slow':878 'smaller':105 'snippet':729 'sort':80 'source-majiayu000' 'spa':607 'specif':887,894 'stack':65,212,219,255,258,271,299,568,580,593,699,701,886 'stack-specif':885 'state':509,627 'structur':752 'suboptim':872 'subtl':108 'suggest':733 'summari':707 'symmetri':390 'system':464 'tabl':467 'target':696 'tech':64,211,218,698,875 'technic':186 'technolog':893 'technology-specif':892 'temp':506 'templat':296 'template/schema':490 'thorough':72 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-coding-assistant' 'topic-automation' 'topic-claude' 'topic-claude-code' 'topic-code-review' 'topic-developer-tools' 'topic-devops' 'topic-productivity' 'topic-prompt-engineering' 'topic-python' 'trace':132,354,550 'transform':377 'truncat':857 'tsconfig.json':228 'type':147,315,325,329,478,531,612,619,853 'typescript/javascript':229 'unfamiliar':202 'unhandl':641 'unifi':78,672 'unrend':339 'unsaf':431 'unwir':405 'urgent':761 'use':15,68,97,164,826 'user':17,165,172,183,440,844,849 'user-vis':439 'validate/model_dump':387 'vari':144 'variabl':663 'version':501 'violat':453,864 'visibl':441 'vs':491,543 'vue':232,608 'vulner':839 'want':173 'warn':425 'wast':150 'week':738,769,777 'without':408 'workflow':208 'wrong':442 'wrong/incomplete':851 'yyyi':693 'yyyy-mm-dd':692 '代码库审计':39 '全面代码库审计':4 '全面审查':38 '分析设计问题':40 '前后端契约':6 '安全':9 '异常处理':8 '技术债':11 '数据完整性':7 '有哪些问':45 '架构':10 '缓存':13 '自适应并行深度分析':5 '输出按严重程度排序的统一报告和修复路线图':14 '配置':12","prices":[{"id":"8cc54583-0b7c-45ad-859a-3702c6523bd5","listingId":"4a5dbc75-2630-448e-8572-7d8385861af1","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"majiayu000","category":"claude-arsenal","install_from":"skills.sh"},"createdAt":"2026-04-18T22:24:03.125Z"}],"sources":[{"listingId":"4a5dbc75-2630-448e-8572-7d8385861af1","source":"github","sourceId":"majiayu000/claude-arsenal/codebase-audit","sourceUrl":"https://github.com/majiayu000/claude-arsenal/tree/main/skills/codebase-audit","isPrimary":false,"firstSeenAt":"2026-04-18T22:24:03.125Z","lastSeenAt":"2026-05-01T07:01:13.026Z"}],"details":{"listingId":"4a5dbc75-2630-448e-8572-7d8385861af1","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"majiayu000","slug":"codebase-audit","github":{"repo":"majiayu000/claude-arsenal","stars":29,"topics":["agent-skills","ai-agents","ai-coding-assistant","automation","claude","claude-code","code-review","developer-tools","devops","productivity","prompt-engineering","python","software-development","typescript","workflows"],"license":"mit","html_url":"https://github.com/majiayu000/claude-arsenal","pushed_at":"2026-04-29T04:12:22Z","description":"52 production-ready Claude Code skills and 7 specialized agents for software development, DevOps, product workflows, and automation.","skill_md_sha":"dc96932dc738cd50154a473c2dc4d2ac695987ef","skill_md_path":"skills/codebase-audit/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/majiayu000/claude-arsenal/tree/main/skills/codebase-audit"},"layout":"multi","source":"github","category":"claude-arsenal","frontmatter":{"name":"codebase-audit","description":"全面代码库审计 — 自适应并行深度分析（前后端契约、数据完整性、异常处理/安全、架构/技术债、配置/缓存），输出按严重程度排序的统一报告和修复路线图。Use when user asks to audit, analyze, or review an entire codebase for design issues, find hidden bugs, check architecture health, or asks '全面审查', '代码库审计', '分析设计问题', 'audit codebase', 'health check', '有哪些问题'. Also trigger when user asks to find silent degradation, data flow breakpoints, type mismatches between frontend and backend, or wants to understand technical debt across a project."},"skills_sh_url":"https://skills.sh/majiayu000/claude-arsenal/codebase-audit"},"updatedAt":"2026-05-01T07:01:13.026Z"}}