Skill

remediation-patterns

Common fixes across audit categories organized by priority. Use when producing actionable remediation recommendations in audit reports.

From ai-readiness

Install

Run in your terminal

npx claudepluginhub bailejl/dev-plugins --plugin ai-readiness

Tool Access

This skill uses the workspace's default tool permissions.

Skill Content

Similar Skills

prompt-lookup

Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.

prompts.chat

157.5k

skill-lookup

Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.

prompts.chat

157.5k

agent-eval

Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.

ecc

140.7k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitMar 1, 2026

Actions

View Source View Plugin View on GitHub View README

Remediation Patterns

This skill provides common fixes across all audit categories. Reference this when producing actionable coaching recommendations in audit reports.

Priority Ordering Framework

When presenting remediation recommendations, order by impact-to-effort ratio:

Priority	Category	Rationale
P0 — Immediate	Security critical	Secrets, credentials, critical vulnerabilities — active risk
P1 — This Sprint	Blocking patterns	Long-lived branches, env branches, cherry-pick promotion
P2 — This Month	Quality foundations	Test coverage, error handling, type safety
P3 — This Quarter	Structural improvements	Architecture refactoring, module boundaries
P4 — Ongoing	Continuous improvement	Naming, docs, style consistency

Documentation Fixes

Stale README

Problem: README describes outdated setup, architecture, or commands. Fix:

Run setup steps from README — note every failure.
Update setup instructions to match current reality.
Add a "Last verified" date to build/setup sections.
Set up CI to run README setup steps periodically.

Missing CLAUDE.md

Problem: No AI instruction file exists. Fix:

Create CLAUDE.md at project root.
Include: project description, tech stack, build/test/run commands, top 5 conventions.
Keep under 300 lines. Point to detailed docs rather than embedding content.
Structure as WHAT (project overview) → WHY (architecture decisions) → HOW (commands and workflows).
Pair prohibitions with alternatives: "Never use X, prefer Y instead."

Outdated Architecture Docs

Problem: Architecture diagrams reference removed components or deprecated patterns. Fix:

Cross-reference docs against current src/ directory structure.
Delete references to components that no longer exist.
Add dates to architecture documents.
Consider auto-generated architecture docs from code structure.

Code Quality Fixes

Dead Code Removal

Problem: Unused files, functions, imports, or commented-out code consuming context. Fix:

Run dead code detection (knip for JS/TS, vulture for Python, unused for Go).
Delete unused exports, functions, and files.
Delete all commented-out code — git has the history.
Remove stale TODO/FIXME comments older than 6 months — triage or delete.
Add dead code detection to CI pipeline.

Code Duplication

Problem: Copy-paste logic creating forked patterns the AI replicates. Fix:

Identify duplicate patterns using tools or manual inspection.
Extract shared logic into canonical implementations in utils/, shared/, or common/.
Document the canonical patterns in CLAUDE.md.
Prioritize deduplication in high-traffic modules (files the AI sees most often).

Naming Inconsistencies

Problem: Mixed conventions (camelCase/snake_case, abbreviations, vague names). Fix:

Document naming conventions in CLAUDE.md or a linter config.
Pick one convention per context (files, variables, functions, classes).
Rename vague identifiers in high-traffic modules first.
Enforce with linter rules (eslint naming-convention, pylint naming-style).
Fix file naming inconsistencies within each directory.

Complexity Reduction

Problem: Functions > 30 lines, cyclomatic complexity > 10, nesting > 3 levels. Fix:

Extract deeply nested conditionals into named helper functions.
Replace complex boolean expressions with descriptively named variables.
Split large functions along responsibility boundaries.
Keep files under 500 lines — split larger files by feature.

Security Fixes

Secrets Rotation

Problem: API keys, tokens, passwords, or connection strings found in code or git history. Fix (in order):

Immediately rotate the exposed credential — assume it is compromised.
Remove from current working tree.
Add pattern to .gitignore and pre-commit hook.
Use git-filter-repo or BFG Repo Cleaner to purge from history.
Force push to all remotes (coordinate with team).
Set up automated secret scanning (gitleaks, trufflehog) in CI.

Input Validation

Problem: Missing server-side validation, unsanitized user input, injection vectors. Fix:

Add schema validation for all API request bodies (zod, joi, pydantic).
Use parameterized queries — never concatenate user input into SQL.
Enable template auto-escaping for HTML output.
Validate file uploads (type, size, filename).
Add CORS restrictions (no wildcard * in production).

Missing Security Headers

Problem: No CSP, HSTS, X-Frame-Options, etc. Fix:

Add security headers via middleware (helmet for Express, SecurityHeaders for ASP.NET).
Set Content-Security-Policy to restrict script/style sources.
Set Strict-Transport-Security with appropriate max-age.
Set X-Frame-Options: DENY unless framing is required.

Git Hygiene Fixes

Commit Message Quality

Problem: Messages like "fix", "wip", "update", "asdf". Fix:

Adopt conventional commits (feat:, fix:, refactor:, docs:).
Enforce with a commit-msg git hook (commitlint).
Squash WIP commits before merging — keep final history clean.
Use imperative mood: "Add feature" not "Added feature".

Branch Cleanup

Problem: > 50 stale remote branches, merged but undeleted branches. Fix:

Delete merged branches: git branch -r --merged origin/main | grep -v main | xargs -I{} git push origin --delete {}.
Set up automatic branch deletion after PR merge (GitHub/GitLab setting).
Delete branches stale > 90 days after team review.
Target: branches live < 24 hours (trunk-based development).

Long-Lived Branches

Problem: Feature branches > 7 days, environment branches. Fix:

Move toward trunk-based development with feature flags.
Break large features into small, independently deployable increments.
Merge to main at least daily.
Delete environment branches — use CI/CD pipeline stages instead.

Testing Fixes

Low Coverage

Problem: Insufficient test coverage, especially for critical business logic. Fix:

Identify high-traffic modules (files changed most often) — test these first.
Write tests for public API boundaries first, not internal implementation.
Use behavior-driven test names: should_return_404_when_user_not_found.
Aim for coverage of code paths, not just lines.
For legacy code: start with characterization/approval tests to capture current behavior.

Assertion Quality

Problem: Tests that "pass" but don't verify meaningful behavior. Fix:

Every test must have at least one meaningful assertion.
Assert specific values, not just truthiness.
Test behavior, not implementation details — tests should survive refactoring.
Remove tautological tests that can never fail.
Add assertion messages that diagnose failures.

Test Reliability

Problem: Flaky tests, time-dependent tests, shared mutable state. Fix:

Mock or stub all external dependencies (network, filesystem, clock).
Isolate test data — no shared mutable state between tests.
Replace sleep() with proper async waiting mechanisms.
Use test fixtures/factories instead of inline data.
Run tests in random order to detect order dependencies.

AI Configuration Fixes

Missing Ignore Files

Problem: No .claudeignore / .cursorignore, AI processing noise. Fix:

Create .claudeignore with:
- Generated files: dist/, build/, *.min.js, *.bundle.*
- Dependencies: node_modules/, vendor/, venv/
- Lock files: package-lock.json, yarn.lock, *.lock
- Binaries: *.png, *.jpg, *.woff, *.ttf
- Secrets: .env*, *.pem, *.key, credentials/

Missing Type Safety

Problem: Untyped codebase producing poor AI output. Fix:

Enable TypeScript strict mode or mypy strict.
Add type annotations to public APIs and module boundaries first.
Type function signatures before function bodies.
Use branded types or newtypes for domain concepts.
Every typed function signature is a contract the AI can reason about.

Hooks Not Enforcing Rules

Problem: Critical rules exist only in documentation (advisory), not in hooks (deterministic). Fix:

Identify the 3 most important rules from CLAUDE.md.
Implement as pre-commit hooks (formatting, lint, test).
Use husky (Node), pre-commit (Python), or git's native hooks.
Hooks should fail fast with clear error messages.
Move rule from "instruction" to "enforcement" in CLAUDE.md.