Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From epic
Runs parallel code quality, security, and test audits against a spec. Outputs PASS/WARN/FAIL per dimension with file-level findings.
npx claudepluginhub epicsagas/epic-harness --plugin epic-harnessHow this skill is triggered — by the user, by Claude, or both
Slash command
/epic:auditThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**CRITICAL**: Run `HARNESS_DIR=$(epic path)` first. NEVER use `.harness/` in the project directory.
Guides technical evaluation of code review feedback: read fully, restate for understanding, verify against codebase, respond with reasoning or pushback before implementing.
Share bugs, ideas, or general feedback.
CRITICAL: Run HARNESS_DIR=$(epic path) first. NEVER use .harness/ in the project directory.
This skill has 3 internal modes that run in parallel:
Confirm go has run:
git symbolic-ref --short HEAD # must NOT be main/master
Load the spec to know what was supposed to be built:
ls -t $HARNESS_DIR/specs/SPEC-*.md | head -1
Read the Requirements and Acceptance Criteria sections.
git diff --stat $(git merge-base HEAD main)
git diff --name-only $(git merge-base HEAD main)
| Pattern | Scope | Extra checks |
|---|---|---|
*.api.*, *route*, *controller*, *handler* | API | + Contract testing, request validation |
*.tsx, *.jsx, *.vue, *.svelte, *.css | Frontend | + Accessibility, semantic HTML |
*.sql, *migration*, *schema* | Database | + Migration safety, rollback plan |
*.rs, Cargo.toml, *.go, go.mod | Backend | + Build verification, type safety |
*.test.*, *.spec.*, __tests__/ | Tests | + Coverage delta, flaky test detection |
Dockerfile*, *.yml, *.yaml, Makefile | Infra | + Config validation, secret detection |
*.md, *.txt | Docs | + Link checking, freshness |
Launch all 3 modes with run_in_background: true.
## Code Review: <file or area>
- [BLOCKER] <description> (line X)
- [WARN] <description> (line Y)
- [NIT] <description> (line Z)
## Summary
- Blockers: N
- Warnings: N
- Verdict: APPROVE / REQUEST_CHANGES
.env files are in .gitignore## Security Audit
- [CRITICAL] SQL injection risk in <file>:<line>
- [HIGH] Hardcoded secret in <file>:<line>
- [MEDIUM] Missing rate limit on <endpoint>
## Performance Audit
- [HIGH] N+1 query in <file>:<line>
- [MEDIUM] Unbounded array growth in <file>:<line>
## Summary
- Security: PASS / FAIL (N critical, N high)
- Performance: PASS / WARN (N issues)
Combine all findings into a single report:
## Audit Report
- Spec: SPEC-{timestamp} ({goal_slug})
- Branch: {current branch}
### Change Scope
- Scopes detected: [API, Frontend, Backend, Database, Infra, Docs, Tests]
- Scope-specific checks: [list what ran]
### Code Quality: [PASS/WARN/FAIL]
### Security: [PASS/WARN/FAIL]
### Performance: [PASS/WARN/FAIL]
### Tests: [X/Y passing, Z% coverage]
### Spec Coverage
- R1: ✅/❌ addressed in diff
- R2: ✅/❌ addressed in diff
- AC1: ✅/❌ verified by test
- AC2: ✅/❌ verified by test
### Action Items
1. [blocker or warning]
/ship to create a PR."/go, then re-run /audit."| Excuse | Rebuttal | What to do instead |
|---|---|---|
| "It's a small change, skip security" | Small changes introduce big vulnerabilities | Always run the security checklist |
| "Tests are passing, that's enough" | Tests don't catch security or performance issues | Run all 3 modes |
| "I'll fix the warnings later" | Later never comes | Fix blockers now, warnings before merge |