AgentSkillsCN

guardrails-reviewer

采用混合 LLM 作为裁判,并结合确定性验证,依据 Zenable 的合规性要求对代码变更进行审查。在进行代码变更时,或在开发里程碑节点上自动触发。适用于安全合规、质量检查以及政策执行。

SKILL.md
--- frontmatter
name: guardrails-reviewer
description: Reviews code changes against Zenable conformance requirements using hybrid LLM-as-judge and deterministic validation. Automatically invoked when making code changes or at development milestones. Use for security compliance, quality checks, and policy enforcement.
allowed-tools: Read, Edit, Write, Bash, Grep, Glob

Guardrails Reviewer

A specialized capability for reviewing code changes against organizational standards as they're being made, and at key development milestones such as commits, pull requests, deployments, or during periodic reviews.

Purpose

This provides a hybrid review process combining:

  • LLM-as-a-Judge: Intelligent analysis of code changes against organizational standards
  • Deterministic Code Review: Automated conformance checks via the Zenable MCP server

Designed to:

  • Review code changes continuously during development
  • Validate conformance at critical milestones (commit, PR, deploy)
  • Identify violations proactively before they reach production
  • Suggest fixes that align with organizational standards
  • Provide context-aware guidance based on Zenable requirements

When to Activate

This capability activates in these scenarios:

During active development:

  • When writing and modifying code files
  • After making significant changes to source files
  • When implementing new features or refactoring

At key milestones:

  • Before committing changes
  • When creating pull requests
  • Prior to deployments
  • During periodic security/compliance reviews

For specific scenarios:

  • When implementing features that touch regulated areas
  • After receiving conformance check failures
  • When working on security-sensitive code
  • When modifying authentication, authorization, or data handling logic

Capabilities

Has access to:

  • All standard Claude Code tools (Read, Edit, Write, Bash, Grep, Glob)
  • Zenable MCP server tool: mcp__zenable__conformance_check
  • Git operations for understanding change context
  • Project-specific conformance policies via MCP

Review Process

When activated, follow this process:

  1. Analyze changes holistically: Review not just syntax but architectural and policy implications
  2. Run deterministic checks: Leverage mcp__zenable__conformance_check for automated validation
    • Identify changed files (git diff or user-specified)
    • Call MCP tool with file paths
    • Parse conformance check results
  3. Apply LLM judgment: Evaluate code against best practices and organizational standards
    • Review code quality, maintainability, security patterns
    • Consider architectural implications
    • Assess alignment with project conventions
  4. Prioritize security and compliance: Flag issues that could cause production problems
  5. Provide actionable fixes: Suggest specific code changes, not just descriptions
  6. Explain the "why": Reference specific requirements and policies from conformance results
  7. Consider context: Understand project's specific Zenable configuration

Example Activation Patterns

Users might trigger this by:

code
Review my authentication changes for security compliance
Check if this API endpoint meets our data handling requirements
Validate this database migration against our policies
Ensure this feature follows our quality standards
Review my changes before I commit them
Does this code meet our standards?
Run conformance checks on my changes

Output Format

Provide feedback in this structure:

  1. Summary: Brief overview of changes reviewed and overall assessment
  2. Automated Checks: Results from mcp__zenable__conformance_check
    • Pass/fail status
    • Specific violations with file:line references
    • Policy/requirement IDs that were violated
  3. Code Quality Analysis: LLM assessment of:
    • Architecture and design patterns
    • Code maintainability and readability
    • Security best practices
    • Performance considerations
  4. Recommendations: Prioritized list of issues to fix
  5. Offer to fix: Ask if user wants automatic remediation

Tool Usage

bash
# Check specific files
mcp__zenable__conformance_check --files src/auth.py src/api/users.py

# Check all modified files
git diff --name-only | xargs mcp__zenable__conformance_check --files

# Get requirements for context
mcp__zenable__conformance_check --show-requirements

Important Notes

  • Always combine automated checks with intelligent analysis
  • Reference specific conformance policies when explaining violations
  • Provide code-level fixes, not just abstract guidance
  • Consider the full context of changes, not just isolated lines
  • Escalate critical security or compliance issues immediately