From ruflo-metaharness
Composite Phase-2 audit worker (ADR-150). Bundles harness oia-manifest + threat-model + mcp-scan into one timestamped audit record stored in the `metaharness-audit` memory namespace. Designed for cron-scheduled drift detection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ruflo-metaharness:harness-oia-audit [--path .] [--dry-run] [--alert-on-worst clean|low|medium|high] [--format table|json][--path .] [--dry-run] [--alert-on-worst clean|low|medium|high] [--format table|json]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
The 13th worker (ADR-150 Phase 2) — runs three MetaHarness static
The 13th worker (ADR-150 Phase 2) — runs three MetaHarness static surfaces in one shot, computes a composite worst-severity signal, and persists the audit record to memory so drift over time is visible.
Implementation: scripts/oia-audit.mjs.
harness oia-manifest <path> — Open Infrastructure Architecture
layer alignment (L1-L9).harness threat-model <path> — categorized MCP-surface threat
report with worst: clean|low|medium|high.harness mcp-scan <path> — per-server/tool policy + permissions
max(threatModel.worst, max(mcpScan.findings.severity)).metaharness-audit with key
audit-<iso-timestamp> (unless --dry-run).--alert-on-worst <severity>: exit 1 if composite worst ≥ threshold.When ALL three components report metaharness-not-available, the script
emits the standard degraded payload and exits 0. When only some are
degraded, each individual component carries its own degraded: true
flag in the audit record — the audit still runs and persists what it
could gather.
Designed for weekly cron in .github/workflows/:
on:
schedule:
- cron: '17 4 * * 0' # Sundays at 04:17 UTC
jobs:
oia-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: node plugins/ruflo-metaharness/scripts/oia-audit.mjs --alert-on-worst high
--alert-on-worst high fails the job on any HIGH-severity finding;
drift below HIGH is logged but doesn't block.
Each audit run stores under metaharness-audit:audit-<iso-ts>. To list
recent audits:
npx @claude-flow/cli@latest memory list --namespace metaharness-audit --limit 10
To diff two audits (drift detection):
A=$(npx ... memory retrieve --key audit-2026-06-01... --namespace metaharness-audit)
B=$(npx ... memory retrieve --key audit-2026-06-15... --namespace metaharness-audit)
# Compare composite.worst, components.threatModel.worst, etc.
A future ADR can wire this into a dedicated cost-diff-style diff
viewer specifically for audit drift.
harness-threat-model — the underlying threat-model componentharness-mcp-scan — the underlying MCP-scan componentharness-score + harness-genome — readiness metrics (orthogonal to audit)npx claudepluginhub jzkk720/ruflo --plugin ruflo-metaharness4plugins reuse this skill
First indexed Jul 14, 2026
Guides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.