Run a structured quality review before shipping code at any checkpoint such as PRs, releases, or milestones. Use whenever the user says 'pre-ship review', 'ship check', 'quality review', 'self review', or 'ready to ship', or before any significant code submission. This skill catches integration boundary failures where AI-generated code breaks between components. Do NOT use for routine linting or formatting (those are handled by Phase 2 of ITP) or for reviewing documentation-only changes.
From quality-toolsnpx claudepluginhub terrylica/cc-skills --plugin quality-toolsThis skill is limited to using the following tools:
references/anti-pattern-catalog.mdreferences/automated-checks.mdreferences/evolution-log.mdreferences/judgment-checks.mdreferences/tool-install-guide.mdImplements CQRS patterns with Python templates for command/query separation, event-sourcing, and scalable read/write models. Use for optimizing queries or independent scaling.
Implements Clean Architecture, Hexagonal Architecture (ports/adapters), and Domain-Driven Design for backend services. For microservice design, monolith refactoring to bounded contexts, and dependency debugging.
Provides REST and GraphQL API design principles including resource hierarchies, HTTP methods, versioning strategies, pagination, and filtering patterns for new APIs, reviews, or standards.
Structured quality review before shipping code at any checkpoint: PRs, releases, milestones. Catches the failures that occur at integration boundaries -- where contracts, examples, constants, and tests must all agree.
Core thesis: AI-generated code excels at isolated components but fails systematically at boundaries between components. This skill systematically checks those boundaries.
Self-Evolving Skill: This skill improves through use. If instructions are wrong, parameters drifted, or a workaround was needed — fix this file immediately, don't defer. Only update for real, reproducible issues.
Use before any significant code shipment:
NOT needed for: single-file cosmetic changes, documentation-only updates, dependency bumps.
MANDATORY: Select and load the appropriate template before starting review.
1. Detect changed files and scope (git diff --name-only against base branch)
2. Run Phase 1 - External tool checks (Pyright, Vulture, import-linter, deptry, Semgrep, Griffe)
3. Run Phase 2 - cc-skills orchestration (code-hardcode-audit, dead-code-detector, pr-gfm-validator)
4. Run Phase 2 conditional checks based on file types changed
5. Phase 3 - Verify every function parameter has at least one caller passing it by name
6. Phase 3 - Verify every config/example parameter maps to an actual function kwarg
7. Phase 3 - Check for architecture boundary violations (hardcoded feature lists, cross-layer coupling)
8. Phase 3 - Verify domain constants and formulas are correct (cross-reference cited sources)
9. Phase 3 - Audit test quality - do tests test what they claim (not side effects)?
10. Phase 3 - Check for implicit dependencies between new components
11. Phase 3 - Look for O(n^2) patterns where O(n) suffices
12. Phase 3 - Verify error messages give actionable guidance
13. Phase 3 - Confirm examples reflect actual behavior, not aspirational behavior
14. Compile findings report with severity and suggested fixes
1. Verify the fix addresses root cause, not symptom
2. Verify the fix does not mask information flow
3. Check that new test reproduces the original bug (fails without fix)
4. Run Phase 1 - External tool checks on changed files
5. Run Phase 2 - cc-skills checks on changed files
6. Verify constants consistency if any values changed
7. Compile findings report
1. Verify all callers updated to match new signatures
2. Run Phase 1 - External tool checks (especially Griffe for API drift)
3. Run Phase 2 - cc-skills checks (especially dead-code-detector)
4. Verify examples/docs updated to match new parameter names
5. Verify no dead imports from removed features
6. Check for introduced cross-boundary coupling
7. Compile findings report
Run static analysis tools on changed files. Skip any tool that is not installed (graceful degradation).
Detect scope:
git diff --name-only $(git merge-base HEAD main)...HEAD
Run in parallel:
pyright --outputjson <changed_py_files> # Type contracts
vulture <changed_py_files> --min-confidence 80 # Dead code / YAGNI
lint-imports # Architecture boundaries
deptry . # Dependency hygiene
semgrep --config .semgrep/ <changed_files> # Custom pattern rules
griffe check --against main <package> # API signature drift
What each tool catches:
| Tool | Anti-Pattern | Install |
|---|---|---|
| Pyright (strict) | Interface contracts, return types, cross-file type errors | pip install pyright |
| Vulture | Dead code, unused constants/imports (YAGNI) | pip install vulture |
| import-linter | Architecture boundary violations, forbidden imports | pip install import-linter |
| deptry | Unused/missing/transitive dependencies | pip install deptry |
| Semgrep | Non-determinism, silent param absorption, banned patterns | brew install semgrep |
| Griffe | Breaking API changes, signature drift vs base branch | pip install griffe |
Graceful degradation: If a tool is not installed, log a warning and skip it. Never fail the entire review because one optional tool is missing.
For detailed tool procedures, see Automated Checks Reference. For installation instructions, see Tool Install Guide.
Invoke existing cc-skills that complement external tools.
Always run:
Run conditionally based on changed file types:
| Condition | Skill to invoke |
|---|---|
| Python files changed | impl-standards (error handling, constants, logging) |
| 500+ lines changed | code-clone-assistant (duplicate code detection) |
| Plugin/hook files changed | plugin-validator (structure, silent failures) |
| Markdown/docs changed | link-validation (broken links, path policy) |
These checks require understanding intent, domain correctness, and architectural fitness. Go through each one manually.
Check 1: Architecture Boundaries
Check 2: Domain Correctness
Check 3: Test Quality
Check 4: Dependency Transparency
Check 5: Performance
Check 6: Error Message Quality
Check 7: Example Accuracy
**kwargs or **_?For detailed check procedures, see Judgment Checks Reference.
Phase 1 (Tools):
- [ ] Pyright strict passes on changed files (no type errors)
- [ ] Vulture finds no unused code in new files (or allowlisted)
- [ ] import-linter passes (no architecture boundary violations)
- [ ] deptry passes (no unused/missing dependencies)
- [ ] Semgrep custom rules pass (no non-determinism, no silent param absorption)
- [ ] Griffe shows no unintended API breaking changes vs base branch
Phase 2 (cc-skills):
- [ ] code-hardcode-audit passes (no magic numbers or secrets)
- [ ] dead-code-detector passes (no unused code)
- [ ] PR description links valid (pr-gfm-validator)
Phase 3 (Judgment):
- [ ] No new cross-boundary coupling introduced
- [ ] Domain constants and formulas are mathematically correct
- [ ] Tests actually test what they claim (not side effects)
- [ ] Implicit dependencies between components are documented
- [ ] No O(n^2) where O(n) suffices
- [ ] Error messages give actionable guidance
- [ ] Examples reflect actual behavior, not aspirational behavior
This skill is built on a taxonomy of 9 integration boundary anti-patterns. For the full catalog with examples, detection heuristics, and fix approaches, see Anti-Pattern Catalog.
| # | Anti-Pattern | Detection Method |
|---|---|---|
| 1 | Interface contract violation | Pyright + Griffe + manual trace |
| 2 | Misleading examples | Semgrep + manual config-to-code comparison |
| 3 | Architecture boundary violation | import-linter + manual review |
| 4 | Incorrect domain constants | Semgrep + domain expertise |
| 5 | Testing gaps | mutmut + manual test audit |
| 6 | Non-determinism | Semgrep custom rules |
| 7 | YAGNI | Vulture + dead-code-detector |
| 8 | Hidden dependencies | Manual dependency trace |
| 9 | Performance anti-patterns | Manual complexity analysis |
After modifying THIS skill:
references/ links resolve correctlyreferences/evolution-log.md| Issue | Cause | Solution |
|---|---|---|
| Tool not found | External tool not installed | Install per tool-install-guide.md or skip (graceful degradation) |
| Too many Vulture false positives | Framework entry points look unused | Create allowlist: vulture --make-whitelist > whitelist.py |
| Semgrep too slow | Large codebase scan | Scope to changed files only: semgrep --include=<changed> |
| import-linter has no contracts | Project not configured | Add [importlinter] section to pyproject.toml |
| Griffe reports false breaking changes | Intentional API change | Use griffe check --against main --allow-breaking |
| Phase 3 finds nothing but reviewer finds issues | New anti-pattern category | Add to catalog and evolution-log.md |
| cc-skill not triggering | Skill not installed in marketplace | Verify with /plugin list |
For detailed information, see:
After this skill completes, reflect before closing the task:
Do NOT defer. The next invocation inherits whatever you leave behind.