sdlc-audit

Audit project architecture: C4 inferred from code, ADR coverage, deep modules check, accidental complexity. Standalone command, can run independently of /audit:full.

Audit code quality: SOLID violations, complexity hotspots, duplication, dead code, code smells. Multi-language: Python, JS/TS, Go.

Request a second opinion from Codex CLI on a specific finding, file, decision, or area. Requires codex-plugin-cc to be installed.

Audit deployment: CI/CD pipelines, IaC, secrets management, container security, supply chain.

Audit documentation: drift between docs and code, ADR coverage gaps, README quality, missing API docs.

Subagent for architecture phase of SDLC audit. Reverse-engineers C4 model, finds ADR gaps, detects layering violations, cyclic dependencies, god modules. Use during /audit:architecture or as part of /audit:full architecture phase.

Subagent for code quality phase of SDLC audit. Runs SAST tools, identifies SOLID violations, complexity hotspots, duplication, dead code. Multi-language. Use during /audit:code.

Subagent for invoking Codex CLI as independent reviewer on a specific finding, file, or decision. Used by /audit:codex command. Falls back to DeepSeek via OpenRouter if Codex unavailable.

Subagent for deployment phase of SDLC audit. Reviews CI/CD pipelines, IaC, container security, secrets management, supply chain. Use during /audit:deploy.

Subagent for documentation phase of SDLC audit. Detects docs drift, ADR coverage gaps, README quality, API doc completeness, outdated examples. Use during /audit:docs.

Audit project architecture: C4 inferred from code, ADR coverage, deep modules check, accidental complexity, layering violations, cyclic dependencies. Use during /audit:architecture or /audit:full architecture phase.

Orchestrates full SDLC audit across all phases. Use when running /audit:full or coordinating multiple audit phases. Manages depth control, scope, output artifacts, and final reporting.

Generate actionable BACKLOG.md from classified findings. Sorts by priority, creates fix prompts ready for /audit:fix command.

Audit code quality: SOLID violations, complexity hotspots, duplication, dead code, code smells. Multi-language. Uses tooling-python, tooling-js-ts, tooling-go skills for SAST.

Audit deployment: CI/CD pipelines, IaC configurations, container security, secrets management, supply chain, deployment strategy.