From ruflo-metaharness
Composite Phase-2 audit worker (ADR-150). Bundles harness oia-manifest + threat-model + mcp-scan into one timestamped audit record stored in the `metaharness-audit` memory namespace. Designed for cron-scheduled drift detection.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ruflo-metaharness:harness-oia-audit [--path .] [--dry-run] [--alert-on-worst clean|low|medium|high] [--format table|json][--path .] [--dry-run] [--alert-on-worst clean|low|medium|high] [--format table|json]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
The 13th worker (ADR-150 Phase 2) — runs three MetaHarness static
The 13th worker (ADR-150 Phase 2) — runs three MetaHarness static surfaces in one shot, computes a composite worst-severity signal, and persists the audit record to memory so drift over time is visible.
Implementation: scripts/oia-audit.mjs.
harness oia-manifest <path> — Open Infrastructure Architecture
layer alignment (L1-L9).harness threat-model <path> — categorized MCP-surface threat
report with worst: clean|low|medium|high.harness mcp-scan <path> — per-server/tool policy + permissions
max(threatModel.worst, max(mcpScan.findings.severity)).metaharness-audit with key
audit-<iso-timestamp> (unless --dry-run).--alert-on-worst <severity>: exit 1 if composite worst ≥ threshold.When ALL three components report metaharness-not-available, the script
emits the standard degraded payload and exits 0. When only some are
degraded, each individual component carries its own degraded: true
flag in the audit record — the audit still runs and persists what it
could gather.
Designed for weekly cron in .github/workflows/:
on:
schedule:
- cron: '17 4 * * 0' # Sundays at 04:17 UTC
jobs:
oia-audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
- run: node plugins/ruflo-metaharness/scripts/oia-audit.mjs --alert-on-worst high
--alert-on-worst high fails the job on any HIGH-severity finding;
drift below HIGH is logged but doesn't block.
Each audit run stores under metaharness-audit:audit-<iso-ts>. To list
recent audits:
npx @claude-flow/cli@latest memory list --namespace metaharness-audit --limit 10
To diff two audits (drift detection):
A=$(npx ... memory retrieve --key audit-2026-06-01... --namespace metaharness-audit)
B=$(npx ... memory retrieve --key audit-2026-06-15... --namespace metaharness-audit)
# Compare composite.worst, components.threatModel.worst, etc.
A future ADR can wire this into a dedicated cost-diff-style diff
viewer specifically for audit drift.
harness-threat-model — the underlying threat-model componentharness-mcp-scan — the underlying MCP-scan componentharness-score + harness-genome — readiness metrics (orthogonal to audit)npx claudepluginhub meefs/claude-code-flow --plugin ruflo-metaharnessGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.
Dispatches multiple subagents concurrently for independent tasks without shared state. Use when facing 2+ unrelated failures or subsystems that can be investigated in parallel.
4plugins reuse this skill
First indexed Jul 14, 2026