This skill should be used when the user asks to "find architecture gaps", "assess technical debt", "identify risks in the codebase", "evaluate code quality", "audit the architecture", or needs to produce a prioritized inventory of gaps, risks, and technical debt in a brownfield codebase based on evidence from prior discovery artifacts.
From pm-architect-brownfieldnpx claudepluginhub nbkm8y5/claude-plugins --plugin pm-architect-brownfieldThis skill uses the workspace's default tool permissions.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Details PluginEval's skill quality evaluation: 3 layers (static, LLM judge), 10 dimensions, rubrics, formulas, anti-patterns, badges. Use to interpret scores, improve triggering, calibrate thresholds.
Produce a prioritized, evidence-backed inventory of architectural gaps, risks, and technical debt in a brownfield codebase. This skill compares the actual system state (from AS_IS_SYSTEM_MODEL.md and REVERSE_PRD.md) against architectural best practices, security standards, and maintainability criteria to identify where the system falls short.
[AS_IS_SYSTEM_MODEL.md + REVERSE_PRD.md + Codebase] --> **ARCHITECTURE GAP ANALYSIS** --> [ARCH_GAPS_AND_RISKS.md] --> Target Architecture --> ...
Input: AS_IS_SYSTEM_MODEL.md, REVERSE_PRD.md, actual codebase (via Read/Glob/Grep)
Output: ARCH_GAPS_AND_RISKS.md written to artifacts directory
The output artifact follows the standard artifact template:
# [ARTIFACT TITLE]
## Summary
## Inputs
## Outputs
## Assumptions
## Open Questions
## Main Content
## Acceptance Criteria
AS_IS_SYSTEM_MODEL.md to understand:
REVERSE_PRD.md to understand:
Systematically evaluate the codebase against architectural quality attributes.
> Route handler directly executes SQL query instead of using a service layer [src/routes/orders.ts:45-60]
password =, secret =, api_key =, token = in source files"SELECT.*" +, f-strings with SQL)cors({ origin: '*' }), debug: true in production configmd5(, sha1( for passwordssync operations in async contextsSELECT * without LIMIT, missing paginationFor each identified gap, create a structured entry.
Gap format:
### GAP-0001: [Title]
- **Priority**: P0 | P1 | P2
- **Category**: Architecture | Security | Performance | Maintainability | Reliability | Observability
- **Description**: [What is missing or wrong]
- **Evidence**:
> [Specific code evidence] [file:line]
> [Additional evidence if applicable] [file:line]
- **Impact**: [What problems this causes or risks it creates]
- **Recommendation**: [High-level suggestion for addressing this gap]
- **Related**: [Links to REQ-NNNN, COMP-NNNN, or other artifact IDs if applicable]
Priority definitions:
Assign GAP-NNNN IDs: Sort all gaps alphabetically by title (case-insensitive), then assign sequential four-digit numbers starting at 0001.
For each identified risk (potential future problem, not a current gap), create a structured entry.
Risk format:
### RISK-0001: [Title]
- **Severity**: Critical | High | Medium | Low
- **Likelihood**: Almost Certain | Likely | Possible | Unlikely | Rare
- **Priority**: P0 | P1 | P2 (derived from Severity x Likelihood)
- **Category**: Architecture | Security | Performance | Maintainability | Reliability | Operational
- **Description**: [What could go wrong]
- **Evidence**:
> [Code evidence showing why this risk exists] [file:line]
- **Trigger Conditions**: [What would cause this risk to materialize]
- **Impact**: [Consequences if the risk materializes]
- **Mitigation**: [Recommended actions to reduce likelihood or impact]
- **Related**: [Links to GAP-NNNN, REQ-NNNN, COMP-NNNN if applicable]
Severity x Likelihood -> Priority matrix:
| Critical | High | Medium | Low | |
|---|---|---|---|---|
| Almost Certain | P0 | P0 | P1 | P1 |
| Likely | P0 | P1 | P1 | P2 |
| Possible | P1 | P1 | P2 | P2 |
| Unlikely | P1 | P2 | P2 | P2 |
| Rare | P2 | P2 | P2 | P2 |
Assign RISK-NNNN IDs: Sort all risks by severity (Critical first, then High, Medium, Low), then alphabetically by title within each severity level, then assign sequential four-digit numbers starting at 0001.
Aggregate gaps and risks into a summary view.
| Category | P0 Count | P1 Count | P2 Count | Total |
|----------|----------|----------|----------|-------|
| Architecture | 2 | 5 | 3 | 10 |
| Security | 1 | 2 | 0 | 3 |
| Performance | 0 | 3 | 4 | 7 |
| Maintainability | 0 | 4 | 6 | 10 |
| Reliability | 1 | 1 | 2 | 4 |
| Observability | 0 | 1 | 3 | 4 |
| **Total** | **4** | **16** | **18** | **38** |
| File/Component | Gap Count | Risk Count | Total Mentions |
|---------------|-----------|------------|----------------|
| src/routes/api.ts | 3 | 2 | 5 |
| COMP-0003 (Data Layer) | 4 | 3 | 7 |
Assemble all findings into the final artifact.
ARCH_GAPS_AND_RISKS.md following the template[file:line] evidence# Architecture Gaps and Risks: [Project Name]
## Summary
[3-5 sentence overview: total gaps found, total risks, critical items count, top categories]
## Inputs
- AS_IS_SYSTEM_MODEL.md
- REVERSE_PRD.md
- Codebase at: [path]
## Outputs
- ARCH_GAPS_AND_RISKS.md (this document)
## Assumptions
- [ASM-NNNN]: [Assumption with rationale]
## Open Questions
- [OQ-NNNN]: [Question about areas that could not be fully assessed]
## Main Content
### Gap Inventory
#### Critical (P0)
[GAP-NNNN entries with Priority P0]
#### Significant (P1)
[GAP-NNNN entries with Priority P1]
#### Minor (P2)
[GAP-NNNN entries with Priority P2]
### Risk Registry
#### Critical Severity
[RISK-NNNN entries with Severity Critical]
#### High Severity
[RISK-NNNN entries with Severity High]
#### Medium Severity
[RISK-NNNN entries with Severity Medium]
#### Low Severity
[RISK-NNNN entries with Severity Low]
### Technical Debt Summary
#### Debt by Category
| Category | P0 | P1 | P2 | Total |
|----------|----|----|----|----|
#### Hotspot Analysis
| File/Component | Gap Count | Risk Count | Total |
|---------------|-----------|------------|-------|
#### Effort Estimation
| Priority | Count | Estimated Effort | Recommended Timeline |
|----------|-------|-----------------|---------------------|
### Gap-Risk Cross Reference
| Gap ID | Related Risks | Category | Priority |
|--------|--------------|----------|----------|
### Traceability
| ID | Type | Related COMP | Related REQ | Related ENT | Related INT |
|----|------|-------------|-------------|-------------|-------------|
## Acceptance Criteria
- [ ] Every GAP-NNNN cites [file:line] evidence
- [ ] Every RISK-NNNN cites [file:line] evidence
- [ ] Priority assignments follow the severity/likelihood matrix
- [ ] Technical debt summary aggregates match individual entries
- [ ] Hotspot analysis identifies multi-gap components
- [ ] Cross-references link to upstream artifact IDs
- [ ] All categories represented in analysis (even if no findings)
Output path: artifacts/brownfield/<project_name>/ARCH_GAPS_AND_RISKS.md
Template: ${CLAUDE_PLUGIN_ROOT}/reference/templates/ARCH_GAPS_AND_RISKS.template.md
These rules ensure reproducible output regardless of when or how many times the skill is invoked on the same inputs.
Every gap and risk MUST include evidence citations from actual code.
Format: > Claim text [relative/path/to/file.ext:line_number]
Examples:
> Database password is hardcoded as string literal [src/config/db.ts:12]
> SQL query constructed via string concatenation without parameterization [src/repositories/user.ts:34]
> No rate limiting middleware applied to authentication endpoints [src/routes/auth.ts:5-20]
> Error handler returns stack traces to client in all environments [src/middleware/error.ts:18]
> Component imports 15 other modules creating high fan-out coupling [src/services/order.ts:1-15]
Rules:
[file:line][file:start-end][file1:line] [file2:line]Before finalizing the artifact, verify:
[file:line] evidence citation[file:line] evidence citation