From patchy-bot
Universal post-completion audit orchestrator — run after ANY Claude Code process finishes. Triggers on: "audit this", "audit what was done", "post-changes-audit", "/post-changes-audit", "review what was done", "post-implementation review", "check everything", "full audit", "validate the changes", "is this ready for PR", "final review", "quality gate", "sign-off check", "verify the work", "run post-check", "run the audit", "audit the session", "post-audit", "what did claude do", "review the session", "check what changed". Use after: code implementations, debug sessions, plan executions, agent tasks, swarm completions, refactors, infrastructure changes, migrations, installs, or any multi-step workflow. Sequences 22 skills across 5 phases: forensic inventory → deep review → impact & regression → security & compliance → verdict & paper trail. Read-only by default — fixes only applied when explicitly requested. NOT for implementing changes or planning.
npx claudepluginhub kman182401/patchy-operationalThis skill uses the workspace's default tool permissions.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Compares coding agents like Claude Code and Aider on custom YAML-defined codebase tasks using git worktrees, measuring pass rate, cost, time, and consistency.
$ARGUMENTS
Execute a thorough post-implementation audit through five mandatory phases. Read-only by default — findings are reported, not auto-fixed, unless the user explicitly passes fix in $ARGUMENTS or requests fixes during the session.
Fast mode: If $ARGUMENTS contains fast or quick, run only Phases 1, 3, and 5 (Stages 1, 2, 7, 8, 14). Mark report as [FAST MODE — partial coverage].
Goal: Build a precise, classified inventory of everything that changed — before evaluating quality. Every subsequent phase depends on this inventory. Do not skip or abbreviate.
Sequential — inventory must be complete before any review begins.
/change-forensicsRun the forensic change mapping skill. Capture the complete classified inventory:
PRIMARY / COLLATERAL / LOCKFILE / GENERATED / CONFIG / TEST / UNEXPECTED classification)Store the output as $FORENSIC_INVENTORY. Feed the file list and UNEXPECTED items into all subsequent phases.
/diff-reviewRun the pre-commit quality gate on the full git diff. Scan added lines for:
console.log, print(, breakpoint(), debugger)/scope-guardCompare actual changes against original task scope. Use the UNEXPECTED files from $FORENSIC_INVENTORY as primary input. Produce a SCOPE REPORT with drift items and ON TRACK / DRIFTING status.
Goal: Evaluate the changes across every quality and correctness dimension.
Stages 4–7 run in parallel where the environment supports it — they are independent review lenses.
/code-reviewerStructured code review across correctness, architecture, performance, maintainability, and test coverage. Produce a categorized report with severity-rated findings.
/analyzeDeep post-completion audit. Check for:
/expert-analysisEvidence-first investigation through security, architecture, operations, and developer experience lenses. Separate verified findings from inferences.
/full-orchestration (verification phase only)Run the Phase 4 Verification checklist from full-orchestration. Confirm no verification step was skipped during implementation. Report which checks were done and which were missed.
Spawn specialized review agents in parallel (use /dispatching-parallel-agents):
security-auditor agent (read-only vulnerability assessment)performance-engineer agentdependency-manager agentGoal: Determine what else the changes could affect and verify nothing previously working has broken.
Sequential — impact analysis must complete before regression targeting.
/impact-radarTrace the full downstream blast radius of the changes using $FORENSIC_INVENTORY as input:
Store Recommended regression targets from the impact report as $REGRESSION_TARGETS.
/regression-guardRun systematic regression detection using $REGRESSION_TARGETS as priority input:
Flag any regression as BLOCKING. Do not proceed to Phase 4 without noting regression status.
Goal: Verify security posture, test coverage, and compliance of the changes.
Stages 10–13 run sequentially — security findings may require targeted re-testing.
/security-reviewRun semgrep, bandit (Python), and manual pattern checks on all changed files. Flag HIGH/CRITICAL findings as blocking. Check for:
/security-scanBroader security scanning: dependency vulnerability audit, secrets detection (gitleaks/trufflehog patterns), permission analysis, and attack surface changes introduced by the diff.
/test-runnerRun the full test suite for all touched modules. Report:
/linterVerify all changed files pass linting. Report remaining style or formatting issues.
/verification-loopRun the complete verification chain: build → typecheck → lint → test → security scan → diff review. Produce the structured verification report (PASS/FAIL per gate).
Goal: Produce a single authoritative verdict and a complete paper trail of the session.
Sequential — verdict synthesizes all prior findings; trail captures the final state.
Collect all findings from Phases 1–4. Deduplicate overlapping findings across skills. Classify every unique finding:
/audit-trailGenerate the complete structured paper trail:
If $ARGUMENTS contains a ticket ID (e.g., JIRA-1234), pass it to audit-trail for inclusion in commit footer and PR title.
Run /tm:update-task to update the task tracker with audit results, findings summary, and final verdict.
After all phases complete, produce this consolidated report:
╔══════════════════════════════════════════════════════════════════╗
║ POST-CHANGES AUDIT REPORT ║
╠══════════════════════════════════════════════════════════════════╣
║ Task reviewed: [one-line summary of what was audited] ║
║ Files changed: [N files, +X lines / -Y lines] ║
║ Audit timestamp: [datetime] ║
╠══════════════════════════════════════════════════════════════════╣
## PHASE RESULTS
| Phase | Stage | Status | Key Findings |
|-------|--------------------|-------------|---------------------------|
| 1 | Change Forensics | ✅ / ⚠️ / 🚫 | N files, M unexpected |
| 1 | Diff Review | ✅ / ⚠️ / 🚫 | [summary] |
| 1 | Scope Guard | ✅ / ⚠️ / 🚫 | ON TRACK / DRIFTING |
| 2 | Code Review | ✅ / ⚠️ / 🚫 | [summary] |
| 2 | Deep Analyze | ✅ / ⚠️ / 🚫 | [summary] |
| 2 | Expert Analysis | ✅ / ⚠️ / 🚫 | [summary] |
| 3 | Impact Radar | ✅ / ⚠️ / 🚫 | Blast radius: N files |
| 3 | Regression Guard | ✅ / ⚠️ / 🚫 | N tests / CLEAN / REGRESS |
| 4 | Security Review | ✅ / ⚠️ / 🚫 | X critical, Y high |
| 4 | Security Scan | ✅ / ⚠️ / 🚫 | [summary] |
| 4 | Test Runner | ✅ / ⚠️ / 🚫 | N/M passed, X% coverage |
| 4 | Linter | ✅ / ⚠️ / 🚫 | CLEAN / N issues |
| 4 | Verification Loop | ✅ / ⚠️ / 🚫 | Build/Type/Lint/Test gates|
## BLOCKING ISSUES (must fix before merge/deploy)
[Numbered list with file:line, severity, and recommended fix — or "None found"]
## WARNINGS (review recommended, not blocking)
[Numbered list — or "None found"]
## OBSERVATIONS (informational)
[Numbered list — or "None"]
## FIXES APPLIED (only in fix mode)
[List of changes made during this audit — or "Read-only mode: no fixes applied"]
## REMAINING RISKS
[Honest assessment of what could not be fully verified]
╠══════════════════════════════════════════════════════════════════╣
║ VERDICT: ✅ APPROVED | ⚠️ APPROVED WITH CONDITIONS | 🚫 BLOCKED ║
║ [One sentence explaining the verdict] ║
╚══════════════════════════════════════════════════════════════════╝
Default: read-only. Findings are reported, not auto-applied.
Activate fix mode when $ARGUMENTS contains fix, auto-fix, or fix and report:
Confirm every applicable stage was executed before delivering the verdict:
Phase 1 — Forensic Inventory
Phase 2 — Deep Review
Phase 3 — Impact & Regression
Phase 4 — Security & Compliance
Phase 5 — Synthesis & Trail