/code-audit

16 April 2026#reference#pipeline#code-quality#security

/code-audit

Orchestrates a comprehensive codebase audit across five dimensions. Produces a prioritized remediation plan with graded findings and delta tracking between audit cycles.

Trigger: "audit this codebase", "code audit", "code health check", "what needs fixing", "grade my code", "bring this to good standing" Output: docs/03-code-audit/ Reports: 9 (00–08) · Sub-skills: 7

Reports

#	File	What it covers
00	`00-executive-summary.md`	Scorecard, verdict (Good Standing / Acceptable / Needs Work / Critical), top findings
01	`01-consistency.md`	Naming conventions, file org, error handling, imports, formatting
02	`02-repetition.md`	Duplicated logic, copy-paste, DRY violations
03	`03-security.md`	Hardcoded secrets, injection vectors, unvalidated inputs, dependency CVEs
04	`04-pattern-optimization.md`	Anti-patterns, async handling, state management, N+1 queries, type safety
05	`05-auditability.md`	Module clarity, comment quality, circular dependencies, traceability
06	`06-graded-todo.md`	The deliverable. Prioritized remediation plan with severity scores
07	`07-activity-log.md`	All audit observations
08	`08-delta-report.md`	Before/after comparison (re-audit only)

Output Tree

docs/03-code-audit/
├── 00-executive-summary.md
├── 01-consistency.md
├── 02-repetition.md
├── 03-security.md
├── 04-pattern-optimization.md
├── 05-auditability.md
├── 06-graded-todo.md
├── 07-activity-log.md
├── 08-delta-report.md                  # re-audit only
└── previous-audit/                     # re-audit only
    └── *.md

Sub-Skills

Skill	Produces	Standalone?
`consistency-auditor`	Report 01	Yes
`repetition-detector`	Report 02	Yes
`security-auditor`	Report 03	Yes
`pattern-optimizer`	Report 04	Yes
`auditability-assessor`	Report 05	Yes
`audit-grader`	Reports 00 + 06	Yes (needs auditor reports as input)
`delta-reporter`	Report 08	Yes (needs two audit cycles)

Workflow

project-scanner inventories the codebase
Five specialist auditors run (parallel in Claude Code, sequential in Claude.ai)
audit-grader reads all five reports, scores and prioritizes
On re-audit: delta-reporter compares with previous cycle

Verdict Levels

Verdict	Meaning
Good Standing	All pillars pass. Ship it.
Acceptable	Minor gaps. Ship with awareness.
Needs Work	Significant findings. Fix before shipping.
Critical	Blocking issues. Stop and fix now.

Integration

Reads from: project-scanner output
Pairs with: /security-audit for deeper security review
Feeds into: /doc-suite-generator can reference audit findings

Use Cases

01. How to audit your codebase before it audits you

Download the full toolkit → · Back to library →

𝕏 Post