Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From draft
Audits a single service/module end-to-end for production readiness (ACID, resilience, observability). Not for diff/PR review or bug-finding sweeps.
How this skill is triggered — by the user, by Claude, or both
Slash command
/draft:deep-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Perform an exhaustive end-to-end lifecycle review of a service, component, or module. Ensure ACID compliance and production-grade enterprise quality. Unlike standard review commands, this operates strictly at the module level.
Perform an exhaustive end-to-end lifecycle review of a service, component, or module. Ensure ACID compliance and production-grade enterprise quality. Unlike standard review commands, this operates strictly at the module level.
When draft/graph/schema.yaml exists, this skill must follow the graph-first lookup contract in core/shared/graph-query.md §Mandatory Lookup Contract. Deep-review uses the graph to narrow review scope — a key 30–50% scope reduction:
First resolve the bundled helpers:
# Locate Draft's bundled helpers (cwd is the user's project; ${CLAUDE_PLUGIN_ROOT}
# is not exported into skill Bash). See core/shared/tool-resolver.md.
DRAFT_TOOLS="$(cat ~/.cache/draft/plugin-root 2>/dev/null)/scripts/tools"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$(ls -d ~/.claude/plugins/cache/*/draft/*/scripts/tools 2>/dev/null | sort -V | tail -1)"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$(ls -d ~/.claude/plugins/marketplaces/*draft*/scripts/tools 2>/dev/null | tail -1)"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$PWD/scripts/tools"
"$DRAFT_TOOLS/graph-impact.sh"/graph-callers.sh and "$DRAFT_TOOLS/graph-arch.sh" --repo . for the audited module's structure — do not enumerate via find."$DRAFT_TOOLS/graph-impact.sh" --repo . --file <each-changed-file> per file in the diff (or per file in the module if no diff) to obtain the affected module set deterministically."$DRAFT_TOOLS/cycle-detect.sh" --repo . and flag any cycle that includes the audited module as Architecture Resilience finding."$DRAFT_TOOLS/hotspot-rank.sh" --repo . to identify high-fanIn files inside the module — these get deeper inspection.Filesystem grep is reserved for source-text scans (API contract strings, secret patterns, log message audits). Module enumeration and caller tracing go through the graph.
See shared red flags — applies to all code-touching skills.
Skill-specific:
draft/.ai-context.md, draft/tech-stack.md, draft/product.md)$ARGUMENTS — Optional: explicit module/service/component name (directory) to review. If omitted, auto-select the next unreviewed module.ls draft/.ai-context.md 2>/dev/null
If draft/ does not exist: STOP — "No Draft context found. Run /draft:init first. Deep review requires draft/.ai-context.md and draft/tech-stack.md to evaluate against project standards."
If .ai-context.md is missing, check for draft/architecture.md as a fallback (per core/shared/draft-context-loading.md).
draft/deep-review-history.json if it exists. This file tracks previously reviewed modules with timestamps.$ARGUMENTS is provided: Use that module. If it was previously reviewed, re-review it (the user explicitly requested it).draft/.ai-context.md if it exists (check ## Modules or ## Module Catalog sections).src/ or equivalent source root.__init__.py, package.json, or go.mod.
Document which heuristic was used in the report.
Select the first module NOT present in the review history. If all have been reviewed, pick the one with the oldest review date.core/shared/draft-context-loading.md. Use loaded context to understand intended boundaries and critical invariants.draft/tracks/*/hld.md for §Detailed Design components matching the module path. When found, extract claims from §High-Level Design / Key Design Decisions, §Checklist (Performance/Scale/Security/Resiliency/Multi-tenancy/Upgrade/Cost), §Observability, §Deployment, and any LLD §Classes and Interfaces invariants and §Error Handling policies. These claims become the design contract this audit measures against (HLD claims vs code reality).draft/guardrails.md exists, read the ## Learned Anti-Patterns section before analysis begins. During the audit, when an issue matches a learned anti-pattern, prefix the finding with [KNOWN-ANTI-PATTERN: {pattern name}]. This separates newly discovered issues from documented recurring patterns and allows the report to recommend systemic remediation rather than isolated fixes.Rule references:
[CQ-006, CQ-007, CQ-008]error/exception context,[SEC-03]SQL parameterization,[RC-004, RC-005]data integrity & concurrency. Cite the rule ID in each finding.
Every ACID finding ("missing rollback", "fire-and-forget write", "race condition", "no isolation guarantee") must cite the closest applicable rule range (e.g., [RC-004..RC-005] for data integrity, [CQ-006..CQ-008] for error context, [SEC-03] for SQL safety).
Evidence requirement (Ground-Truth Discipline G1, G4): Every ACID finding ("missing rollback", "fire-and-forget write", "race condition", "no isolation guarantee") must cite file:line AND include a quoted code snippet showing the issue. A finding that says "no transactions found in module X" without quoting the code site is a graph-metadata claim, not an audit result — discard it. "Verify" and "Check" below mean Read the candidate sites, not "scan for keywords."
[RC-004][CQ-006, RC-003][RC-005][CQ-007, CQ-008]Applicability note: Skip categories that are not applicable to the module type (e.g., circuit breakers and backpressure are backend-specific; skip for frontend/CLI modules).
Rule references:
[RC-008, RC-009, RC-010]observability & logging,[SEC-04, SEC-06]network/process boundaries,[SEC-05]secrets,[RC-015]config validation,[CQ-006..CQ-008]error context. Cite the rule ID in each finding.
Every finding in this phase must cite the relevant rule range (e.g., [RC-008..RC-010] for observability, [SEC-04, SEC-06] for network/process boundaries, [RC-015] for configuration).
[RC-005][RC-008, RC-009, RC-010]
[SEC-05, RC-010][RC-015, SEC-05]Rule references:
[RC-012]API/contract drift,[SEC-01..SEC-10]for §Security claims,[RC-005, RC-013]for §Resiliency/§Architecture claims. Cite the rule ID alongside[HLD-DRIFT: §<section>].
Cite the most specific rule range applicable to the drift (e.g., [RC-012] for API changes, [SEC-01..SEC-10] for security claims).
For each HLD claim extracted in Phase 1, validate it against code:
Surface gaps as findings with prefix [HLD-DRIFT: §<section>] (Important if the gap is documentation-vs-implementation drift; Critical if the code violates a stated invariant or security claim).
Instead of mutating the source code, translate all findings into clear, actionable requirements that a developer (or agent) can implement via Test-Driven Development.
Applicability note: Skip categories not applicable to the module type (e.g., network partitions are irrelevant for purely local CLI tools).
Rule references:
[RC-005]concurrency & retries,[SEC-04]network boundaries,[CQ-008]timeouts/cleanup,[RC-015]capacity/config bounds. Cite the rule ID in each finding.
Cite relevant rule ranges for resilience findings (e.g., [RC-005] for retries, [CQ-008] for timeouts).
[RC-005, CQ-008]After completing the review, update draft/deep-review-history.json:
{
"reviews": [
{
"module": "<module-name>",
"path": "<module-path>",
"timestamp": "<ISO-8601>",
"issues_found": <count>,
"summary": "<one-line summary>"
}
]
}
Create the file in the draft/ directory if it does not exist. Append to the reviews array if it does. Do NOT save to .claude/ or .gemini/.
Output a structured summary and detailed "Implementation Spec" for any needed fixes.
File to create: draft/deep-review-reports/<module-name>.md
Create the draft/deep-review-reports/ directory if it does not exist.
MANDATORY: Include YAML frontmatter with git metadata. Follow the procedure in core/shared/git-report-metadata.md to gather git info and generate the frontmatter. Use generated_by: "draft:deep-review" and set module to the reviewed module name.
Additional deep-review fields beyond the standard template:
module_path: "<module-path>"
reviewer: "{model name from runtime}"
Module reviewed: name and path Issues by category: ACID | Resilience | Observability Verdict: PASS / CONDITIONAL PASS / FAIL
Verdict criteria:
Format findings as actionable tasks:
### [Critical/Important/Minor] Issue Name `[RC-### or CQ-### or SEC-## if applicable]`
**File:** path/to/file:line
**Description:** What's wrong conceptually (e.g., Transaction lacks rollback on Exception XYZ).
**Proposed Fix Specification:**
- Add `try/except` block catching Exception XYZ.
- Explicitly call `db.rollback()`.
- Emit structured log with correlation ID.
Cite the most specific rule ID from core/guardrails/review-checks.md (RC-###), core/guardrails/security.md (SEC-##), or core/guardrails/code-quality.md (CQ-###) that governs the finding. If no numbered rule applies, omit — the finding stands.
For Phase 3 (Security): Load core/guardrails/security.md and apply the 5-step security reasoning chain. Hard red line violations (SEC-01…SEC-10) are always Critical. Run core/guardrails/dependency-triage.md procedure for any dependency manifest files in the module's scope [RC-014].
Constraints:
Skip pattern learning if the analysis found zero findings.
After generating the report, execute the pattern learning phase from core/shared/pattern-learning.md to update draft/guardrails.md with patterns discovered during this module audit. Module-level reviews often reveal architecture and concurrency conventions that are valuable for future analysis.
Every deep-review report must end with a ## Next Actions section listing the smallest set of follow-ups in execution order. Use this exact shape:
## Next Actions
| # | Action | Owner | Blocker? | Skill / Command |
|---|---|---|---|---|
| 1 | <imperative one-liner> | <author\|on-call\|TBD> | yes/no | `/draft:<skill> <args>` or `n/a` |
Rules:
[SEC-*], ACID violations, unbounded resource use) produce blocker rows./draft:adr for structural changes, /draft:new-track for multi-week remediation, /draft:incident-response for hot issues, /draft:tech-debt for systemic items.After deep-review audit completion:
If architecture debt found:
"Architecture debt identified in module audit. Consider:
→ /draft:tech-debt — Catalog and prioritize the architecture debt
→ /draft:adr — Document undiscovered design decisions found during review"
If documentation gaps found:
→ /draft:documentation runbook — Generate operational runbook for this module"
Before printing the final report, internally verify and report:
impact per file in scope).grep/find run, name the concept it searched for. Source-text scans for API contract strings, secrets, or log audits are exempt.If draft/graph/schema.yaml does not exist, set Graph files queried: NONE and use justification graph data unavailable.
Emit the canonical footer from core/shared/graph-usage-report.md §Canonical footer. The lint hook scripts/tools/check-graph-usage-report.sh validates the section on save.
As the last step after saving the deep-review report, emit a metrics record. Best-effort — never block.
Payload fields:
{
"skill": "deep-review",
"module": "<module path or name>",
"phases_completed": <N>,
"critical_count": <N>,
"important_count": <N>,
"sec_violations": <N>,
"acid_violations": <N>,
"graph_queries": <N>,
"fallback_grep_count": <N>
}
Emit call:
# Locate Draft's bundled helpers (cwd is the user's project; ${CLAUDE_PLUGIN_ROOT}
# is not exported into skill Bash). See core/shared/tool-resolver.md.
DRAFT_TOOLS="$(cat ~/.cache/draft/plugin-root 2>/dev/null)/scripts/tools"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$(ls -d ~/.claude/plugins/cache/*/draft/*/scripts/tools 2>/dev/null | sort -V | tail -1)"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$(ls -d ~/.claude/plugins/marketplaces/*draft*/scripts/tools 2>/dev/null | tail -1)"
[ -d "$DRAFT_TOOLS" ] || DRAFT_TOOLS="$PWD/scripts/tools"
[ -x "$DRAFT_TOOLS/emit-skill-metrics.sh" ] && bash "$DRAFT_TOOLS/emit-skill-metrics.sh" \
'{"skill":"deep-review","module":"<module>","phases_completed":<N>,"critical_count":<N>,"important_count":<N>,"sec_violations":<N>,"acid_violations":<N>,"graph_queries":<N>,"fallback_grep_count":<N>}'
npx claudepluginhub drafthq/draft --plugin draftDeep architectural review of a platform or product — cross-references code against claims, maps failure modes, evaluates scaling bottlenecks, and produces a decision-grade handoff document with ADRs. Use when: reviewing an existing system for scaling readiness, performing a CTO handoff, evaluating platform architecture for enterprise readiness, or auditing a codebase before a major migration. Triggers: architecture review, scaling review, platform review, CTO handoff, system audit, scaling analysis, architecture assessment, production readiness.
Performs systematic architecture reviews across 7 dimensions (structural, scalability, enterprise readiness, performance, security, ops, data) with scored reports and prioritized recommendations.
Audits a codebase across 29 dimensions — security, privacy, compliance (HIPAA/PCI/SOC 2), architecture, testing, performance, DevOps, UX, SEO, AI/ML, and more. Generates structured docs and files remediation tickets.