⚙️ 开发运维

compliance-audit

在代码提交后自动检查开发流程合规性,评估代码变更规模、文件数量、提交次数及敏感内容,验证会话记录、评审格式、质量检查等关键环节的执行情况,生成结构化审计报告并识别流程缺口,确保开发活动符合规范要求。

快捷安装

在终端运行此命令,即可一键安装该 Skill 到您的 Claude 中

npx skills add WellApp-ai/Well --skill "compliance-audit"

Compliance Audit Skill

Run after PR push to verify Value Delivery rules were followed during the session.

When to Use

  • After PR is pushed (invoke from push-pr mode)
  • Manually with “use compliance-audit skill”
  • When reviewing session quality

Phase 1: Gather Session Data

Collect data from the current session:

Data PointSource
Commit countgit rev-list origin/develop..HEAD --count
Files changedgit diff origin/develop --name-only | wc -l
Lines of codegit diff origin/develop --stat | tail -1
console.log presenceGrep in changed files

Phase 2: Check Compliance Requirements

2.1 PR Threshold Check

MetricCurrentThresholdStatus
Lines of Code[N]300OK/CROSSED ([X]x)
Files Changed[N]10OK/CROSSED ([X]x)
Commits[N]5OK/CROSSED ([X]x)
console.log[N]0OK/CROSSED

Verdict: [PASSED / TRIGGER_PR - Should have pushed earlier PRs]

2.2 Gaps Identified

RequirementExpectedActualStatus
Session Headers/FootersEvery response[Count]Done/Missing
pr-review skill formatFull report[Format]Done/Partial/Missing
qa-commit skill formatFull criteria table[Format]Done/Partial/Missing
pr-threshold checksAfter each commit[Count]Done/Partial/Missing
Risk AssessmentCalculate score[Done/Not]Done/Missing
Storybook storiesFor new components[Count]Done/Missing
Design system checkBefore new patterns[Done/Not]Done/Partial/Missing
Satisfies field in commitsEvery commit[Count]Done/Missing
Typecheck/LintBefore commits[Done/Not]Done/Missing

Phase 3: Generate Compliance Report

## Value Delivery Compliance Audit

### PR Threshold Check

| Metric | Current | Threshold | Status |
|--------|---------|-----------|--------|
| Lines of Code | [N] | 300 | [status] |
| Files Changed | [N] | 10 | [status] |
| Commits | [N] | 5 | [status] |
| console.log | [N] | 0 | [status] |

**Verdict:** [PASSED / TRIGGER_PR]

### Gaps Identified

| Requirement | Expected | Actual | Status |
|-------------|----------|--------|--------|
| [requirement] | [expected] | [actual] | [status] |
...

### Recommendations

[List any improvements for next session]

Phase 4: Log to Session Journal

If using Notion sync, add compliance report to Session Journal entry.

Output Format

The audit should produce a table matching the format shown in the user’s compliance screenshot, with clear CROSSED indicators for threshold violations and status icons for gap analysis.

Integration

This skill is invoked by:

  • push-pr.mdc - After PR is created (Phase 4)
  • Manual invocation for retrospective

Invocation

Invoked automatically after PR push, or manually with “use compliance-audit skill”.

🔗 相关技巧

codex-review

通过集成专用代码审查模型实现自动化代码缺陷检测,支持在开发流程中识别安全漏洞、性能问题及代码异味,并可嵌入CI/CD流水线执行静态分析,提供结构化输出以供后续处理,适用于保障代码质量与维护安全合规的软件交付场景。

electron-chromium-upgrade

指导 Electron项目中 Chromium 版本升级的全流程,涵盖同步依赖时的补丁冲突解决与构建阶段的编译问题修复。通过反复执行同步与构建命令,定位并修复补丁应用及代码兼容性问题,确保所有更改按规范提交,最终实现 Electron 成功构建并启动。

cloudflare-r2

提供与 S3 兼容的对象存储服务,支持零出口流量费用的文件上传下载、跨区域数据迁移及生命周期管理,通过 Workers 深度集成实现低延迟访问,适用于构建高可用静态资源托管和大规模数据存储系统。

cursor-multi-repo

支持在 Cursor IDE 中统一管理多个代码仓库,通过多根工作区或单体仓库模式组织项目,实现跨仓库的规则继承、选择性索引配置及上下文感知,适用于复杂协作开发场景。