marcoguillermaz
UserScaffold for legible, reviewable AI-assisted development. Turn Claude Code into a reviewable collaborator with tiered pipelines, 24 audit skills, 11 stacks, MCP server, and Anthropic drift tracking.
Categories
Indexed Skills (11)
external-review
Run a fresh-context review of CDK before a release. --mode=quick spawns a Claude general-purpose subagent with no project memory and an auto-bundled snapshot. --mode=full fans out the same bundle to GPT-4.1, Gemini 2.5 Pro, Mistral Large, and Perplexity Sonar Pro for cross-LLM coverage. Maintainer-only; not shipped to user projects.
api-contract-audit
Static OpenAPI contract audit - endpoint drift (spec vs code), schema drift, status-code mismatch, breaking-change detection vs previous spec version, versioning consistency, security scheme alignment, deprecation markers, Richardson Maturity L0-L3 scoring. Framework auto-gen for FastAPI, NestJS, Express+swagger-jsdoc, Next.js route handlers, Django REST.
arch-audit
Audit Claude Code architecture files against Anthropic docs and release notes, and verify internal ecosystem consistency. Run weekly to maintain compliance, catch new features, and keep the context system clean.
commit
Classify staged changes, generate conventional commit message (type/scope/body), and execute git commit. Use after any implementation phase to commit work.
context-review
Phase 8.5 grep checks C1-C3. Runs the three mechanical grep checks of the context review in a single invocation - C1 credential patterns, C2 unresolved placeholders, C3 field name staleness. Returns pass/fail per check with matched lines. The orchestrator handles C4-C12 (judgment-required checks) in the main session after receiving this report.
dependency-audit
Dependency update audit. Inventories outdated packages, classifies into Tier A (safe patch+minor), Tier B (non-core major), Tier C (core/breaking-risk). Fetches changelogs for breaking-change candidates, greps the codebase for consumed APIs to evaluate impact, checks the test baseline, and produces a decision report (apply/defer/escalate per package). Also checks runtime version vs current LTS. Stack-aware via sibling PATTERNS.md (node-ts, python, swift in v1; other stacks fall back to agnostic rules). Audit-only — never modifies package.json or lockfiles in v1.
dependency-scan
Phase 1 mandatory dependency scan. Runs all 6 checks in a single invocation - route hrefs, component import consumers, shared type/utility consumers, test file references, FK references, access control policies. Returns a structured report per check with exact file paths and line numbers. Invoke once with the full list of affected entities. Never invoke for single-check queries - use Grep directly for those.
doc-audit
Static documentation drift audit - relative-link resolution, code-block syntax, CDK placeholder residuals, slash-command name match, skill-count consistency, ADR marker freshness, stack-specific doc sync (Next.js / Django / Swift).
infra-audit
Infrastructure and CI/CD security audit - GitHub Actions workflows (pwn-request, secret logging, missing pinning, permissions overreach), Dockerfile (latest tag, USER root, ADD on URL), Kubernetes manifests (runAsNonRoot, privileged containers, hostNetwork), Terraform (IAM wildcards, state in git, module pinning), GitLab CI equivalent checks. Stack-agnostic.
test-audit
Static test-suite quality audit - coverage from lcov/Istanbul/Cobertura/go/tarpaulin reports, pyramid shape (unit/integration/e2e ratio), anti-patterns (.only leaks, skipped tests, no-assertion tests, hardcoded sleeps). Stack-aware across 11 supported stacks.
ui-audit
Audit UI for design token compliance and component adoption. Static grep-based analysis against the sitemap's page and component files. Requires a design system with semantic tokens.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.