From design-system-ops
Scans codebases for token compliance violations: hardcoded raw values, wrong-tier token references, inconsistent application. Produces reports with file references and remediation guidance.
npx claudepluginhub murphytrueman/design-system-opsThis skill uses the workspace's default tool permissions.
A skill for identifying token compliance violations in a codebase or implementation: hardcoded raw values where tokens should be used, wrong-tier token references, and inconsistent token application. Produces a violation report with file references and remediation guidance.
Audits design system token definitions for naming violations, missing semantic tiers, and structural debt in tiered architectures. Generates severity-rated findings and prioritized remediations.
Audits design token usage in code and design files for consistency, coverage, gaps, and hard-coded values. Generates reports with prioritized recommendations.
Detects design systems in code, identifies token drifts with paired evidence blocks showing definitions vs conflicting usages. Use for auditing UI consistency.
Share bugs, ideas, or general feedback.
A skill for identifying token compliance violations in a codebase or implementation: hardcoded raw values where tokens should be used, wrong-tier token references, and inconsistent token application. Produces a violation report with file references and remediation guidance.
Token compliance problems compound quietly. A single hardcoded hex value does not break anything. Two hundred of them, distributed across a codebase by dozens of contributors over two years, mean that a brand refresh or a dark mode implementation becomes a manual find-and-replace operation through thousands of files rather than a token update.
The compliance check exists to catch violations before they accumulate, and to understand the pattern of violations when they already have. The pattern matters: if hardcoded values are concentrated in one product area or one team's contribution, the response is different than if they are evenly distributed.
Before producing output, check for a .ds-ops-config.yml file in the project root. If present, load:
severity.* — overrides for violation severity. Especially: hardcoded_color, wrong_tier_reference, tier_leakagesystem.theming — if true, elevate hardcoded colour violations to the configured severity (typically critical)system.styling — pre-selects the detection approachintegrations.github — if enabled, auto-search for violations across the repo (see below)integrations.style_dictionary — if enabled, use the parsed token tree as the reference for what tokens exist and their correct tiersgates.* — if running as part of component-to-release, these determine which violations block releaseGitHub (integrations.github.enabled: true):
integrations.github.repo for hardcoded values:
gh api search/code -q "repo:[repo] language:css #[0-9a-fA-F]{6}" — hex colours in CSSgh api search/code -q "repo:[repo] language:scss #[0-9a-fA-F]{6}" — hex colours in SCSSpx values in styling files as a spacing compliance signalStyle Dictionary v4 (integrations.style_dictionary.enabled: true):
Figma MCP (integrations.figma.enabled: true):
If an integration fails, log it and proceed with manual input.
Token compliance has the most value on messy codebases — the ones with years of accumulated hardcoded values, inconsistent styling approaches, and multiple token migration attempts. For these codebases, apply the extended detection protocol:
Indicators of a messy codebase:
style= attributes in component templatesExtended detection for messy codebases:
Legacy value mapping. Before flagging violations, build a map of legacy values to current tokens. Many hardcoded values in legacy code were correct at the time they were written — they pre-date the token system. Map #0066CC to var(--color-action-primary) so remediation guidance is specific, not just "use a token."
Violation age estimation. Use git blame or file modification dates to estimate when violations were introduced. Group violations by era:
Hotspot detection. Identify the 5–10 files with the most violations. These are the high-value remediation targets — fixing them reduces the violation count disproportionately. Present as:
Compliance hotspots:
1. src/legacy/checkout/styles.scss — 47 hardcoded values (pre-token era)
2. src/components/Card/Card.styles.ts — 23 hardcoded values (migration era)
3. src/pages/Dashboard/index.tsx — 19 inline styles (post-token era — PRIORITY)
Intentional override detection. Not every hardcoded value is a violation. Look for patterns that indicate intentional overrides:
/* override */, /* intentional */, /* custom */Ask for or confirm (skip questions already answered by auto-pull):
var(--token)), SCSS variables ($token), Tailwind utility classes, CSS-in-JS theme objects, or a mixStyling approach matters for how violations are detected:
var(--color-action-primary). Hardcoded values are raw hex/rgb/px values outside of var().$color-action-primary or map-get($tokens, 'action-primary'). Hardcoded values are raw literals not using $ variables.bg-primary, text-color-content-default, gap-4). These are NOT hardcoded values — they are token references expressed as utility classes. Hardcoded values in Tailwind are arbitrary value brackets: h-[12px], bg-[#ff0000], p-[7px]. Flag arbitrary values as violations; do not flag standard utility classes that resolve to configured tokens.theme.colors.action.primary or tokens.spacing[4]. Hardcoded values are raw literals in style objects.Framework-specific detection notes:
<style lang="scss" scoped> blocks. Look for raw px values where $token variables or var(--token) should be used. Vue's scoped styles may also contain token references via v-bind() for dynamic CSS — these are valid token usage if bound to a token-backed prop.style="" attributes in templates (e.g. style="background-color: {{ item.color }}"), hardcoded hex values in SVG fill/stroke attributes, and raw pixel values in HTML dimension attributes. Twig components typically reference tokens via BEM utility classes — audit the SCSS that backs those classes, not just the template.boxPalette.foregroundAction, mapSpacing(0.5), or theme.colors.primary. Hardcoded violations are string literals in style objects: color: '#FF0000', padding: '16px'. Also check for tokens accessed via helper functions (e.g. mapSpacing(), packs.underline) — these are valid token usage.Find and flag all colour values that are not token references:
#0066CC, #FFF)rgb(0, 102, 204), rgba(0,0,0,0.5))red, white, transparent — note that transparent is sometimes acceptable; flag it as WARN rather than FAIL and assess context)For each finding: file reference or context, the raw value found, and the token it should reference.
If the assessment is conducted against a design file rather than code: look for any colour styles applied as raw values rather than library styles.
Find and flag spacing values that are not token references:
padding: 16px, gap: 8px)1rem when there is a spacing token for 16px/1rem)Note: not all pixel values are compliance violations. Border widths, minimum touch targets, and other fixed dimensions may be intentionally hardcoded. Assess context and flag as WARN where intent is ambiguous.
Find and flag typography values that are not token references:
font-size: 14px)font-weight: 700)line-height: 1.5)font-family: 'Inter', sans-serif)Find and flag component-level code that references primitive tokens directly rather than routing through semantic tokens:
FAIL example: background-color: var(--color-blue-500) in a button implementation
Should be: background-color: var(--color-action-primary) → var(--color-blue-500)
This is the subtlest compliance violation and the most architecturally damaging. It appears correct on the surface — the right colour is being used — but it breaks the semantic contract and means a semantic change (e.g. changing what "action primary" means) does not propagate to the component.
For each finding: the token being referenced, the semantic token that should be used instead, and the context.
Find and flag cases where the same visual property is implemented differently across components or contexts:
color.action.primary in some places, color.brand.500 in others, for the same role)These violations are often invisible in a per-component review but surface clearly when components are compared.
Open with a headline sentence that tells the reader the overall state and where to focus.
Date: [date] Scope: [what was assessed] Assessment method: [codebase / design file / Storybook / described properties]
Overall compliance picture. What is the most significant finding? Is the violation pattern concentrated or distributed?
| Check | Violations found | 🔴 Critical | 🟠 High | 🟡 Medium | ⚪ Low |
|---|---|---|---|---|---|
| Hardcoded colour values | |||||
| Hardcoded spacing values | |||||
| Hardcoded typography values | |||||
| Wrong-tier token references | |||||
| Inconsistent token application | |||||
| Total |
Group by check type. For each violation:
| ID | Check | Severity | Location | Raw value / incorrect reference | Correct token | Notes |
|---|---|---|---|---|---|---|
| TC-01 | Colour | 🔴 FAIL | [file path or context] | #0066CC | var(--color-action-primary) |
Not all violations carry equal weight. Adjust severity based on component importance. This is the feature that distinguishes a compliance check from a simple grep — without context-aware severity, every violation looks the same.
Elevated severity (upgrade one level):
Standard severity:
Reduced severity (downgrade one level):
max-width: 1200px for a container, height: 1px for a divider) — flag as INFO, not WARNContextual discrimination examples:
To exercise the severity system properly, the skill must distinguish between:
| Found value | Context | Verdict | Reason |
|---|---|---|---|
color: #0066CC | In a component's hover state | 🔴 FAIL (elevated) | Hardcoded colour on an interactive state — breaks theming |
color: #0066CC | In a legacy page template | ⚠️ WARN (reduced) | Pre-token era code — known debt, not active failure |
border: 1px solid | In a divider utility | ℹ️ INFO | Structural value — not a token concern |
padding: 16px | In a component's spacing | 🔴 FAIL | Should use spacing token |
padding: 16px | In a test file's wrapper | ℹ️ INFO | Test infrastructure — not user-facing |
max-width: 960px | In a layout container | ℹ️ INFO | Layout constraint — intentional fixed value |
background: transparent | In a ghost button reset | ℹ️ INFO | CSS reset value — not a token violation |
Apply the adjustment after the initial severity assignment. Note the adjustment and reason in the violation log — "Severity upgraded from Medium to High: component is on the checkout critical path" or "Severity downgraded to INFO: layout utility using structural pixel value."
This weighting ensures remediation effort focuses on violations with the highest real-world impact, and prevents clean codebases from generating false-positive noise on values that are correctly hardcoded.
Step back from individual violations and describe the pattern:
Pattern analysis turns a violation log into actionable intelligence. "Hardcoded spacing violations are concentrated in the legacy product area — likely pre-dates the token system" leads to a different response than "hardcoded spacing violations are evenly distributed and increasing — the token system is not being adopted."
Immediate: Wrong-tier token references and any hardcoded values that would break under theming or brand change. These have architectural impact.
Planned: Consistent hardcoded values that correspond clearly to existing tokens. These can be resolved in a systematic pass.
Review: Ambiguous values (raw percentages, context-dependent px values, intentional overrides). These need human judgment before remediation.
Recommend the most efficient approach for the volume and pattern of violations found:
If the token source declares DTCG format compliance, or if the team is targeting DTCG alignment, run these additional checks:
Type declaration compliance. Every token should have a $type field. Flag tokens without type declarations. Validate that declared types match the DTCG 2025.10 type list (color, dimension, fontFamily, fontWeight, duration, cubicBezier, number, strokeStyle, border, transition, shadow, gradient, typography).
Composite type sub-value compliance. For composite tokens (typography, shadow, border, transition, gradient), validate that every sub-value is either a proper token reference or a correctly typed literal. A typography token with fontSize: "14px" instead of fontSize: "{font-size.base}" is a compliance violation at the sub-value level.
Resolver coverage. If resolver files exist, validate that every semantic token has a value in every declared mode. Missing mode values are theming bugs waiting to happen — the system will fall back unpredictably when a consumer activates a mode where the token isn't defined.
Alias chain integrity. Follow every alias chain from component → semantic → primitive. Flag broken chains (aliases that reference non-existent tokens), circular references, and chains that skip tiers.
Include DTCG findings as a separate section in the report. These are informational for teams not targeting DTCG, and compliance-level for teams that are.
For organisations with multiple systems that share token primitives or semantic naming:
Cross-system token inconsistency creates confusion when teams work across products or when components from different systems appear on the same page.