Skills
skills/levnikolaevich/claude-code-skills/ln-629-lifecycle-auditor

ln-629-lifecycle-auditor

SKILL.md

Paths: File paths (shared/, references/, ../ln-*) are relative to skills repo root. If not found at CWD, locate this SKILL.md directory and go up one level for repo root.

Lifecycle Auditor (L3 Worker)

Specialized worker auditing application lifecycle and entry points.

Purpose & Scope

  • Worker in ln-620 coordinator pipeline
  • Audit lifecycle (Category 12: Medium Priority)
  • Check bootstrap, shutdown, signal handling, probes
  • Calculate compliance score (X/10)

Inputs (from Coordinator)

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

Receives contextStore with tech stack, deployment type, codebase root, output_dir.

Workflow

MANDATORY READ: Load shared/references/two_layer_detection.md for detection methodology.

  1. Parse context + output_dir
  2. Check lifecycle patterns (Layer 1: grep for SIGTERM, shutdown handlers, probes)
  3. Analyze context per candidate (Layer 2):
    • Bootstrap order: read main file — trace actual init sequence, verify dependencies satisfied before use
    • Graceful shutdown: read signal handlers — do they actually close all resources? Or just log and exit?
    • Resource cleanup: read shutdown handler — are ALL opened resources (DB, Redis, queues) closed?
    • Probes: check deployment config (Dockerfile, k8s manifests) — is this containerized?
  4. Collect confirmed findings
  5. Calculate score
  6. Write Report: Build full markdown report in memory per shared/templates/audit_worker_report_template.md, write to {output_dir}/629-lifecycle.md in single Write call
  7. Return Summary: Return minimal summary to coordinator

Audit Rules

1. Bootstrap Initialization Order

Detection:

  • Check main/index file for initialization sequence
  • Verify dependencies loaded before usage (DB before routes)

Severity:

  • HIGH: Incorrect order causes startup failures

Recommendation: Initialize in correct order: config → DB → routes → server

Effort: M (refactor startup)

2. Graceful Shutdown

Detection:

  • Grep for SIGTERM, SIGINT handlers
  • Check process.on('SIGTERM') (Node.js)
  • Check signal.Notify (Go)

Severity:

  • HIGH: No shutdown handler (abrupt termination)

Recommendation: Add SIGTERM handler, close connections gracefully

Effort: M (add shutdown logic)

3. Resource Cleanup on Exit

Detection:

  • Check if DB connections closed on shutdown
  • Verify file handles released
  • Check worker threads stopped

Severity:

  • MEDIUM: Resource leaks on shutdown

Recommendation: Close all resources in shutdown handler

Effort: S-M (add cleanup calls)

4. Signal Handling

Detection:

  • Check handlers for SIGTERM, SIGINT, SIGHUP
  • Verify proper signal propagation to child processes

Severity:

  • MEDIUM: Missing signal handlers

Recommendation: Handle all standard signals

Effort: S (add signal handlers)

5. Liveness/Readiness Probes

Detection (for containerized apps):

  • Check for /live, /ready endpoints
  • Verify Kubernetes probe configuration

Severity:

  • MEDIUM: No probes (Kubernetes can't detect health)

Recommendation: Add /live (is running) and /ready (ready for traffic)

Effort: S (add endpoints)

Scoring Algorithm

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/references/audit_scoring.md.

Output Format

MANDATORY READ: Load shared/references/audit_worker_core_contract.md and shared/templates/audit_worker_report_template.md.

Write report to {output_dir}/629-lifecycle.md with category: "Lifecycle" and checks: bootstrap_order, graceful_shutdown, resource_cleanup, signal_handling, probes.

Return summary to coordinator:

Report written: docs/project/.audit/ln-620/{YYYY-MM-DD}/629-lifecycle.md
Score: X.X/10 | Issues: N (C:N H:N M:N L:N)

Reference Files

  • Audit output schema: shared/references/audit_output_schema.md

Critical Rules

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

  • Do not auto-fix: Report only, lifecycle changes risk downtime
  • Deployment-aware: Adapt probe checks to deployment type (Kubernetes = probes required, bare metal = optional)
  • Effort realism: S = <1h, M = 1-4h, L = >4h
  • Exclusions: Skip CLI tools and scripts (no long-running lifecycle), skip serverless functions (platform-managed lifecycle)
  • Initialization order matters: Flag DB usage before DB init as HIGH regardless of context

Definition of Done

MANDATORY READ: Load shared/references/audit_worker_core_contract.md.

  • contextStore parsed (deployment type, output_dir)
  • All 5 checks completed (bootstrap order, graceful shutdown, resource cleanup, signal handling, probes)
  • Findings collected with severity, location, effort, recommendation
  • Score calculated per shared/references/audit_scoring.md
  • Report written to {output_dir}/629-lifecycle.md (atomic single Write call)
  • Summary returned to coordinator

Version: 3.0.0 Last Updated: 2025-12-23

Weekly Installs
89
Repository
levnikolaevich/…e-skills
GitHub Stars
202
First Seen
Jan 24, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
claude-code81
gemini-cli78
opencode78
codex78
cursor77
github-copilot73