AgentSkillsCN

code-plan-audit

以完备性评分卡、反模式风险检测以及就绪性检查为基础,规划高质量的审计流程。在审计实施方案、评估方案完备性、检查错误处理策略、评估命名与可读性预检、审查测试策略、评估权衡文档,或对软件项目开展方案审计时使用此功能。涵盖10项完备性评分卡、代码质量预检、反模式风险评估,以及构建就绪性决策。

SKILL.md
--- frontmatter
name: code-plan-audit
description: Plan quality auditing with completeness scorecard, antipattern risk detection, and readiness checks. Use when auditing implementation plans, evaluating plan completeness, checking error handling strategy, assessing naming and readability pre-checks, reviewing testing strategy, evaluating tradeoff documentation, or running plan-audit on a software project. Covers the 10-point completeness scorecard, code quality pre-checks, antipattern risk assessment, and build-readiness decision.

Code Plan Audit

Audit implementation plans for completeness, quality risks, and build readiness. Catches gaps that lead to rework, missed requirements, and architectural dead ends.

Quick Reference

Plan Completeness Scorecard

#CheckSeverityCross-Reference
1Problem clearly stated with concrete requirementsCritical(see code-quality-foundations -> Code Should Work)
2Acceptance criteria are testable (not vague adjectives)Critical(see code-testing-quality -> What to Test vs. What Not to Test)
3Error handling strategy defined (propagate, recover, or fail)Critical(see code-antipatterns -> Silent Failure)
4Key tradeoffs identified and documentedWarning(see code-quality-foundations -> Tradeoff Thinking)
5Testing strategy chosen (unit/integration/E2E proportions)Warning(see code-testing-quality -> The Test Pyramid)
6Dependencies and integration points identifiedWarning(see code-quality-foundations -> Make Code Modular)
7Naming conventions and readability approach consistentWarning(see code-quality-foundations -> Make Code Readable)
8Security boundaries identified (input validation, auth, data exposure)Warning(see code-review -> Review Goals)
9Scope bounded — deferred items explicitly listedNote(see code-antipatterns -> Premature Abstraction)
10Existing solutions checked (libraries, shared code, prior art)Note(see code-quality-foundations -> Code Should Not Reinvent the Wheel)

Scoring: 10/10 = ready to build. 7-9 = minor gaps, address before starting. 4-6 = return to planning. <4 = needs fundamental design work.

Actionability Tests

Five tests every plan item must pass before implementation:

TestMethodPass Criteria
Verb TestDoes every task contain implementation verbs?Active verbs (create, validate, transform), not vague ("handle", "manage", "deal with")
Scope TestCan you estimate effort for each task?Clear boundaries — you know when each task is done
Test TestCan you write a test from the description?Testable acceptance criteria, not adjectives ("fast", "clean", "robust")
Dependency TestAre inter-task dependencies explicit?Clear ordering — no hidden assumptions about what runs first
Edge Case TestAre boundary conditions and error paths mentioned?At least: empty input, invalid input, concurrent access (if applicable)

Code Quality Pre-Checks

Evaluate the plan against quality pillars before writing code. These checks are faster and cheaper than fixing quality failures after implementation.

Readability Pre-Check

SignalQuestionIf No ->
Naming intentDoes the plan use domain-specific names (not generic "data", "item", "thing")?Clarify domain vocabulary before coding
Layer clarityAre abstraction layers described (API, business logic, data access)?Define boundaries before coding
Single responsibilityCan each component be described in one sentence without "and"?Split components

(see code-quality-foundations -> Make Code Readable, Layers of Abstraction)

Error Handling Strategy Check

QuestionIf Missing ->
Which errors are expected vs. unexpected?Define: "not found" is expected; "DB down" is unexpected
Where are system boundaries (user input, external APIs, file I/O)?Map validation points
What's the recovery strategy for each failure mode?Decide: retry, fallback, propagate, or fail fast
Are error messages actionable for the caller?Plan error types and messages

(see code-antipatterns -> Silent Failure, Unexpected Side Effects)

Modularity Pre-Check

SignalQuestionIf No ->
Single concernDoes each module/class handle one distinct problem?Reassess responsibilities
Dependency directionDo dependencies flow one way (high-level -> low-level)?Identify circular risks
Interface boundariesAre public APIs defined separately from implementation?Design contracts first
TestabilityCan each component be tested without complex setup?Redesign for dependency injection

(see code-quality-foundations -> Make Code Modular, Make Code Testable)

Antipattern Risk Assessment

Scan the plan for patterns that predict quality failures during implementation.

Plan-Level Antipatterns

AntipatternSymptom in PlanSeverityFix
The FogAdjectives without verbs ("robust auth", "clean API")CriticalEvery feature needs concrete implementation verbs
The WishlistDescribes the final vision, no phased deliveryWarningDefine what's built first, park the rest
The MonolithEverything in one component, no separationWarningIdentify distinct concerns and boundaries
The OracleAssumes perfect knowledge of future requirementsWarningDesign for current needs with generally applicable techniques
The Clone"Like X but..." without understanding X's design decisionsWarningIdentify specific patterns to adopt, not just the product
Missing Error StoryHappy path only — no error handling, no edge casesCriticalAdd error scenarios for each integration point

Implementation Risk Signals

Scan the plan for these signals that predict specific antipatterns during coding:

Plan SignalPredictsPrevention
No domain types mentionedPrimitive obsessionPlan dedicated types for constrained values
"Handle errors" without specificsSilent failureDefine error categories and recovery per boundary
Single class/module for multiple concernsGod objectSplit responsibilities before coding
"Optimize for performance" without metricsPremature optimizationDefine performance targets with measurement plan
Interface defined before second use casePremature abstractionStart concrete, extract interface when needed
Same logic referenced in multiple plan sectionsShotgun surgery riskCentralize into single source of truth

(see code-antipatterns -> Severity Classification, Pattern Recognition)

Testing Strategy Evaluation

Verify the plan includes a testing approach proportional to the risk.

Test Strategy Completeness

CheckQuestionIf Missing ->
Test levelUnit, integration, or E2E — which and why?Default: unit for logic, integration for boundaries
Test double strategyReal objects, stubs, mocks, or fakes — where?Default: real objects internal, fakes at boundaries
Edge casesNulls, empty collections, boundaries, error paths?List at least 3 edge cases per public function
Coverage targetWhat percentage, and of what?Default: >80% of critical business logic paths
Regression planHow do you verify existing behavior still works?Run full test suite; add tests for touched code

Test Strategy Red Flags

Red FlagProblemFix
"We'll add tests later"Tests never get added; untested code shipsWrite test plan alongside implementation plan
"100% coverage" as goalLeads to testing trivial code, missing meaningful coverageTarget critical paths, not line count
No integration tests plannedUnit tests pass but components don't work togetherPlan integration tests at every boundary
Mock-heavy strategyTests coupled to implementation, break on refactoringPrefer real objects internal, fakes at boundaries
No test for error pathsHappy path works, errors silently failEvery error handling branch needs a test

(see code-testing-quality -> The Test Pyramid, Testing Antipatterns)

Tradeoff Documentation Check

Plans that don't document tradeoffs create knowledge silos — future developers (including your future self) won't understand why decisions were made.

Minimum Tradeoff Documentation

For each significant design decision, the plan should include:

ElementQuestionExample
DecisionWhat was decided?"Use PostgreSQL for persistence"
ContextWhat constraints drive this?"Need ACID transactions, team has PG experience"
AlternativesWhat else was considered?"MongoDB (flexible schema) and SQLite (simpler)"
ConsequencesWhat are the accepted downsides?"Schema migrations needed; more operational overhead than SQLite"

Minimum bar: At least one documented tradeoff per plan. If there are zero documented tradeoffs, the planner either hasn't considered alternatives or hasn't recorded their reasoning — both are risks.

(see code-quality-foundations -> Every Decision Has Consequences)

Decision Tables

"Is This Plan Ready to Build?"

#QuestionIf No ->
1Can you state what the code does in one sentence?STOP — Define the problem and deliverable
2Do acceptance criteria pass the Test Test (testable, not adjectives)?STOP — Rewrite criteria as verifiable assertions
3Is error handling strategy defined for each system boundary?STOP — Map boundaries and failure modes
4Is the testing approach proportional to the risk?STOP — Define test levels and critical paths
5Is at least one design tradeoff documented with alternatives?STOP — Record reasoning for key decisions

All five "Yes" -> READY TO BUILD. Start with the highest-risk component.

"Where Should I Focus Audit Effort?"

ContextFocus OnRationale
Greenfield projectScorecard completeness, modularity pre-checkFoundation decisions compound
Adding to existing codebaseAntipattern risk, naming consistency, integration pointsMust fit existing patterns
Security-sensitive featureError handling, security boundaries, input validationBreaches are catastrophic
Performance-critical pathTradeoff documentation, testing strategy, measurement planOptimizations need evidence
Prototype / spikeProblem statement, scope boundaries onlyDon't over-plan throwaway work
Shared library / public APIHard-to-misuse check, error handling, modularityConsumers can't easily work around design mistakes

Checklists

Plan Audit Checklist

  • Completeness Scorecard ≥7/10
  • All plan items pass the 5 Actionability Tests
  • Readability pre-check: naming, layers, single responsibility
  • Error handling strategy defined for each system boundary
  • No plan-level antipatterns present (The Fog, The Wishlist, Missing Error Story)
  • Implementation risk signals addressed
  • Testing strategy complete (levels, doubles, edge cases, coverage)
  • No test strategy red flags
  • At least one design tradeoff documented with alternatives and consequences
  • Scope bounded — deferred items explicitly listed

Quick Pre-Implementation Gate

Run this 60-second check before writing any code:

  • I can state the deliverable in one sentence
  • I know the first test I'll write
  • I know what errors I'll handle and how
  • I know what I'm not building (scope boundary)

See Also

  • code-quality-foundations — Quality pillars and goals that plans should target (see code-quality-foundations -> The Four Goals, The Six Pillars)
  • code-antipatterns — Antipattern catalog for risk assessment during audit (see code-antipatterns -> Pattern Recognition, Severity Classification)
  • code-testing-quality — Test strategy and quality evaluation (see code-testing-quality -> The Test Pyramid, Testing Antipatterns)
  • code-review — Review process that validates plan execution (see code-review -> Review Goals, Reviewer Checklist)