Skill

caa-codebase-audit-and-fix-skill

Trigger with /audit-codebase, 'audit the codebase', 'compliance audit', 'codebase audit'. Use when auditing a codebase for compliance violations, generating TODOs, or applying automated fixes.

npx claudepluginhub emasoft/emasoft-plugins --plugin code-auditor-agent

Tool Access

This skill is limited to using the following tools:

ReadWriteGlobGrepBash(uv:*)Bash(git:*)Bash(python:*)AgentWebFetchmcp__plugin_llm-externalizer_llm-externalizer__*

Preview

10-phase pipeline auditing every file against a reference standard with grep triage, batch processing, multi-wave verification, gap-fill, and optional automated fixes.

Supporting Assets

references/completion-checklist.mdreferences/delta-audit.mdreferences/error-handling.mdreferences/instructions.mdreferences/large-codebase.mdreferences/model-selection.mdreferences/monorepo.mdreferences/output-format.mdreferences/remote-scanning.md

SKILL.md

Similar Skills

strategic-compact

179.0k

Suggests manual /compact at logical task boundaries in long Claude Code sessions and multi-phase tasks to avoid arbitrary auto-compaction losses.

1 file

ecc

Stats

Stars1

Forks0

Last CommitApr 25, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Codebase Audit And Fix

Overview

10-phase pipeline auditing every file against a reference standard with grep triage, batch processing, multi-wave verification, gap-fill, and optional automated fixes.

Prerequisites

Agent	Phase	Purpose
`caa-domain-auditor-agent`	1, 3	Discovery and gap-fill auditing
`caa-verification-agent`	2, 3	Cross-check and missed-file detection
`caa-consolidation-agent`	4	Merge, dedup, classify findings
`caa-security-review-agent`	4b	Vulnerabilities, secrets, CVEs
`caa-todo-generator-agent`	5	Actionable TODO generation
`caa-fix-agent`	6	Implement fixes with checkpoints
`caa-fix-verifier-agent`	7	Verify fixes, detect regressions

Requires: Python 3.12+, uv, Git repo. Uses ${CLAUDE_PLUGIN_ROOT} for scripts, ${CLAUDE_SKILL_DIR} for reference docs, ${CLAUDE_PLUGIN_DATA} for persistent audit state.

Instructions

Set SCOPE_PATH, REFERENCE_STANDARD, generate RUN_ID (8 hex).
P0: Inventory all files, create 3-4 file batches per domain.
P1: Spawn caa-domain-auditor-agent swarms on each batch.
P2: Spawn caa-verification-agent to cross-check reports.
P3: Gap-fill any missed files with additional audit waves.
P4: Consolidate per-domain, then run P4b security scan (MANDATORY).
P5: Generate actionable TODOs via caa-todo-generator-agent.
P6-P7: If FIX_ENABLED=true, apply fixes and verify (else skip).
P8: Compile final report. See instructions.

Output

Produces a consolidated audit report in reports/code-auditor/ with per-domain findings, a TODO list, and a final summary. See output format.

Error Handling

On agent failure, retry with checkpoint recovery. See error handling.

Examples

Input: /audit-codebase with SCOPE_PATH=src/, FIX_ENABLED=false
Output: Audit report in reports/code-auditor/ with per-domain findings and TODO list

Input: /audit-codebase with FIX_ENABLED=true, MAX_FIX_PASSES=3
Output: All 9 phases run; fixes applied, verified, final report generated

Checklist

Copy this checklist and track your progress:

All files in SCOPE_PATH audited (0 missed)
Security scan (P4b) completed
TODO list generated and saved
Final report compiled in reports/code-auditor/

Resources

Instructions
- Phase Steps, Parameters, Pipeline, Report Naming
- Finding IDs, Spawning Patterns, Fix Agent Worktree Merge-Back, Loop Termination
Output Format
- Pipeline artifacts and report structure
Model Selection
- Model requirements per agent
Error Handling
- Recovery strategies and retry logic
Completion Checklist
- Progress tracking criteria
Remote Scanning
- Local Clone Method, API-Only Method
Monorepo & Workspaces
- Workspace detection and audit strategy
Large Codebase Strategy
- Full Coverage (Default), Automated Triage for Prioritization, Checkpoint and Resume
Delta Audit Mode
- When to Use Delta Mode, Delta Audit Workflow