ai-quality-guardrails

Codebase exploration agent. Use for file search, code reading, pattern discovery, documentation consultation, and architecture analysis. Read-only — never modifies files. <example>Context: User needs to understand code structure. user: "Find all files that import the auth module" assistant: "I'll use the explorer agent to search the codebase."</example> <example>Context: User needs architecture analysis. user: "How does the checkout flow work?" assistant: "I'll use the explorer agent to trace the execution path."</example>

Code implementation agent. Use for writing code, executing approved plans, refactoring, and making file changes. <example>Context: User has an approved plan. user: "Implement the authentication module" assistant: "I'll use the implementer agent to execute the plan."</example> <example>Context: User wants code changes. user: "Add validation to the form component" assistant: "I'll use the implementer agent to write the code."</example>

Code review and implementation audit agent. Use for thorough reviews of PRs, implementations, and architecture decisions. Structured severity-based analysis. Read-only — never modifies files. <example>Context: Implementation is complete. user: "Review the authentication implementation" assistant: "I'll use the reviewer agent to audit the code."</example> <example>Context: PR needs review. user: "Review this pull request" assistant: "I'll use the reviewer agent to check for issues."</example>

Validation runner. Use for running lint, typecheck, tests, architecture checks, and reporting pass/fail results. Has shell access to execute commands but must not modify files — enforcement is behavioral, not sandboxed. <example>Context: User wants to check code quality. user: "Run all the checks" assistant: "I'll use the validator agent to run the validation ladder."</example> <example>Context: After implementation. user: "Run lint and typecheck" assistant: "I'll use the validator agent."</example>

This skill should be used when reviewing or auditing AI-generated code for common failure patterns. Applies a systematic checklist covering hallucinated APIs, phantom dependencies, OWASP security vulnerabilities, control-flow omissions, logic errors, and agentic AI risks. Triggers on "scrutinize AI code", "check for hallucinated APIs", "OWASP review", "audit generated code", "review code for AI-specific bugs", "security checklist on generated code".

This skill should be used when the user asks for a thorough review, comprehensive review, multi-perspective review, or parallel review of an implementation. It launches 2-3 reviewer agents in parallel — each focused on a different perspective (correctness, architecture, security) — then aggregates and deduplicates findings. Appropriate for standard or higher complexity. Triggers on "thorough review", "review from all angles", "comprehensive code review", "parallel review", "multi-perspective review".

This skill should be used when the user asks to create an implementation plan, plan a feature, break work into milestones, define acceptance criteria, or scope a multi-step task. Ensures plans include numbered acceptance criteria, concrete test scenarios, and verifiable milestones following spec-driven development principles. Triggers on "create a plan", "plan this feature", "define AC", "break this into steps", "scope this work", "implementation plan for".

This skill should be used after any review (plan review, implementation review, code review) to apply quality threshold gating. It triggers when findings exceed pass thresholds, when the user says "apply review gate", "re-review after fixes", "check review thresholds", "iterate on review findings", or when a review produces critical or high-severity findings. Enforces mandatory re-review with iteration tracking and escalation.

This skill should be used when an agent is about to return implementation results, claim a task is done, or hand off completed work. It enforces self-validation — comparing output against plan acceptance criteria, running validation commands, and iterating internally until quality standards pass. Triggers on "validate before finishing", "check your work before reporting back", "run tests before completing", or when an implementer agent reaches the end of a plan phase.