From quoin
Audits spec domain objects for completeness, cross-reference integrity, and alignment with object-type-guide format. Use after initial spec creation, when integrating services, or as periodic spec quality health check.
How this skill is triggered — by the user, by Claude, or both
Slash command
/quoin:spec-object-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Audit a codebase's spec domain objects for completeness, cross-reference integrity, and alignment with the object-type-guide format.
Audit a codebase's spec domain objects for completeness, cross-reference integrity, and alignment with the object-type-guide format.
Scan all spec/ directories in scope (single repo or ecosystem-wide):
find spec/ -name "*.md" -path "*/functional/*"
For each FR, extract frontmatter fields: id, title, type, object.
For every FR with a Traceability / Dependencies section:
repo-B FR-003, confirm repo-B/spec/functional/FR-003-*.md exists.Common Pitfalls:
/auth prefix) silently changing the actual path vs what the FR documents.depends_on in master spec frontmatter being empty when runtime dependencies exist.Check whether domain objects defined inline in specs have proper dedicated FRs with object: frontmatter.
Scan for inline objects:
| Pattern in spec | Missing Domain FR Type |
|---|---|
### Data Models table with field/type columns | entity or value_object |
API Request/Response JSON bodies in ## API Contract | value_object |
class X(SQLModel) or Pydantic model in code without FR | entity |
class X(str, Enum) or status fields | value_object or state_machine |
| Multi-step behavior spanning services | process |
| Env var / configuration table in spec.md | configuration |
stateDiagram-v2 in spec.md | state_machine |
The Semantic Payload Trap: Inline JSON bodies inside of an endpoint's API Contract section are the #1 cause of cross-repo semantic drift. Even if the syntax matches (e.g. { "username": "string" }), the semantics drift (email vs account_name). Any structured payload passed across a bounded context MUST have a dedicated value_object FR to anchor its field semantics.
Reference: See object-type-guide.md for the full type taxonomy.
All FRs must use standard frontmatter:
---
id: FR-XXX
title: "Descriptive Title"
type: FR
object: entity # Only if FR defines a domain object
relationships: # Structured array of cross-references
- target: "ix://org/repo/TargetFR"
type: "depends_on"
cardinality: "1:1"
---
Check for:
type: functional instead of type: FR (non-standard value).object: on FRs that clearly define domain objects.domain: or status: fields that aren't part of the standard schema.relationships: array in the frontmatter when the body references upstream/downstream dependencies (such as an API, an event, a data entity, or a required permission).type: "depends_on" when a more specific semantic linkage applies (e.g. calls, publishes, consumes, triggers, reads, writes, requires).Ask yourself these questions. If the answer is "no" to any, there's a gap:
object: process FRs that show the full sequence across services.For multi-service domains (e.g., Auth = auth-service + identity + auth-py + auth-fastapi + ts-auth-sdk):
Produce a review report with:
| Priority | Finding | Repo | Impact |
|---|---|---|---|
| P0 | Spec-code mismatch | repo | Incorrect documentation |
| P1 | Missing cross-reference | repo | Traceability gap |
| P2 | Missing object: frontmatter | repo | Parser incompatibility |
| P3 | Missing domain-typed FR | repo | Incomplete domain model |
router = APIRouter(prefix="/auth")) silently change paths. Always verify spec paths against the mounted path, not just the route decorator.| identity | Fetches user | is weaker than | identity FR-006 | Fetches user via internal lookup |. Always use FR-level IDs.depends_on: Client libraries almost always depend on the service they consume. An empty depends_on: [] in a client SDK spec is a red flag.AuthToken used by both API Keys FR-004 and OAuth Clients FR-008), the model needs its own entity FR to avoid ambiguity.email mapped to SDK's username field, but Backend strictly expects an account name). Always cross-check the meaning and format of data passed across boundaries, especially in multi-repo systems like Auth.npx claudepluginhub agent-ix/quoin --plugin quoinReviews spec.md files for completeness, clarity, implementability, testability, and structure. Identifies ambiguities, gaps, and missing sections before implementation.
Prevents silent decimal mismatch bugs across EVM chains with runtime lookup, chain-aware caching, and safe normalization for bots, dashboards, and DeFi tools.