Skills
skills/modu-ai/moai-adk/moai-foundation-quality

moai-foundation-quality

Installation
SKILL.md

Enterprise Code Quality Orchestrator

Enterprise-grade code quality management system that combines systematic code review, proactive improvement suggestions, and automated best practices enforcement. Provides comprehensive quality assurance through TRUST 5 framework validation with Context7 integration for real-time best practices.

Quick Reference (30 seconds)

Core Capabilities:

  • TRUST 5 Validation: Testable, Readable, Unified, Secured, Trackable quality gates
  • Proactive Analysis: Automated issue detection and improvement suggestions
  • Best Practices Enforcement: Context7-powered real-time standards validation
  • Multi-Language Support: 25+ programming languages with specialized rules
  • Enterprise Integration: CI/CD pipelines, quality metrics, reporting

Key Patterns:

  • Quality Gate Pipeline: Automated validation with configurable thresholds
  • Proactive Scanner: Continuous analysis with improvement recommendations
  • Best Practices Engine: Context7-driven standards enforcement
  • Quality Metrics Dashboard: Comprehensive reporting and trend analysis

When to Use:

  • Code review automation and quality gate enforcement
  • Proactive code quality improvement and technical debt reduction
  • Enterprise coding standards enforcement and compliance validation
  • CI/CD pipeline integration with automated quality checks

Quick Access:

Implementation Guide

Getting Started

Basic Quality Validation: Initialize QualityOrchestrator with trust5_enabled, proactive_analysis, best_practices_enforcement, and context7_integration all set to True. Call analyze_codebase method with path parameter set to source directory, languages list including python, javascript, and typescript, and quality_threshold of 0.85. The method returns comprehensive quality results.

For quality gate validation with TRUST 5, create QualityGate instance and call validate_trust5 with codebase_path, test_coverage_threshold of 0.90, and complexity_threshold of 10.

Proactive Quality Analysis: Initialize ProactiveQualityScanner with context7_client and BestPracticesEngine rule_engine. Call scan_codebase with path and scan_types list including security, performance, maintainability, and testing. Generate recommendations by calling generate_recommendations with issues, priority set to high, and auto_fix enabled.

Core Components

Quality Orchestration Engine

The QualityOrchestrator class provides enterprise quality orchestration with TRUST 5 framework. Initialize with QualityConfig and create instances of TRUST5Validator, ProactiveScanner, BestPracticesEngine, Context7Client, and QualityMetricsCollector.

The analyze_codebase method performs comprehensive analysis in four phases. Phase 1 runs TRUST 5 validation on the codebase with specified thresholds. Phase 2 performs proactive analysis scanning focus areas. Phase 3 checks best practices for specified languages with Context7 docs enabled. Phase 4 collects comprehensive metrics from all analysis results.

The method returns QualityResult containing trust5_validation, proactive_analysis, best_practices, metrics, and overall_score calculated from all results.

Detailed implementations available in modules:

Configuration and Customization

Quality Configuration: Create quality-config.yaml with quality_orchestration section.

Under trust5_framework, set enabled to true with thresholds for overall (0.85), testable (0.90), readable (0.80), unified (0.85), secured (0.90), and trackable (0.80).

Under proactive_analysis, set enabled true, scan_frequency to daily, and focus_areas list including performance, security, maintainability, and technical_debt.

Under auto_fix, set enabled true, severity_threshold to medium, and confirmation_required to true.

Under best_practices, set enabled true, context7_integration true, auto_update_standards true, and compliance_target to 0.85.

Under language_rules, configure python with pep8 style_guide, black formatter, ruff linter, and mypy type_checker. Configure javascript with airbnb style_guide, prettier formatter, and eslint linter. Configure typescript with google style_guide, prettier formatter, and eslint linter.

Under reporting, set enabled true, metrics_retention_days to 90, trend_analysis true, and executive_dashboard true.

Under notifications, enable quality_degradation, security_vulnerabilities, and technical_debt_increase.

Integration Examples: See Integration Patterns for CI/CD Pipeline Integration, GitHub Actions Integration, Quality-as-Service REST API, and Cross-Project Benchmarking.

Advanced Patterns

Custom Quality Rules

Create CustomQualityRule class with name, validator callable, and severity defaulting to medium. The validate async method executes the validator on codebase, wrapping in try-except. On success, return RuleResult with rule_name, passed status, severity, details, and recommendations. On exception, return RuleResult with passed false, severity error, error details, and fix recommendation.

See Best Practices - Custom Rules for complete examples.

Machine Learning Quality Prediction

ML-powered quality issue prediction using code feature extraction and predictive models. See Proactive Analysis - ML Prediction for implementation details.

Real-time Quality Monitoring

Continuous quality monitoring with automated alerting for quality degradation and security vulnerabilities. See Proactive Analysis - Real-time Monitoring for implementation details.

Cross-Project Quality Benchmarking

Compare project quality metrics against similar projects in your industry. See Integration Patterns - Benchmarking for implementation details.

Module Reference

Core Modules

Key Components by Module

TRUST 5 Validation: TRUST5Validator for five-pillar quality validation, TestableValidator for test coverage and quality, SecuredValidator for security and OWASP compliance, and quality gate pipeline integration.

Proactive Analysis: ProactiveQualityScanner for automated issue detection, QualityPredictionEngine for ML-powered predictions, RealTimeQualityMonitor for continuous monitoring, and performance and maintainability analysis.

Best Practices: BestPracticesEngine for standards validation, Context7 integration for latest docs, custom quality rules, and language-specific validators.

Integration Patterns: CI/CD pipeline integration, GitHub Actions workflows, Quality-as-Service REST API, and cross-project benchmarking.

Context7 Library Mappings

Essential library mappings for quality analysis tools and frameworks. See Best Practices - Library Mappings for complete list.

Works Well With

Agents:

  • core-planner - Quality requirements planning
  • workflow-ddd - DDD implementation validation
  • security-expert - Security vulnerability analysis
  • code-backend - Backend code quality
  • code-frontend - Frontend code quality

Skills:

  • moai-foundation-core - TRUST 5 framework reference
  • moai-workflow-ddd - DDD workflow validation
  • moai-security-owasp - Security compliance
  • moai-context7-integration - Context7 best practices
  • moai-performance-optimization - Performance analysis

Commands:

  • /moai:2-run - DDD validation integration
  • /moai:3-sync - Documentation quality checks
  • /moai:9-feedback - Quality improvement feedback

Quick Reference Summary

Core Capabilities: TRUST 5 validation, proactive scanning, Context7-powered best practices, multi-language support, enterprise integration

Key Classes: QualityOrchestrator, TRUST5Validator, ProactiveQualityScanner, BestPracticesEngine, QualityMetricsCollector

Essential Methods: analyze_codebase(), validate_trust5(), scan_for_issues(), validate_best_practices(), generate_quality_report()

Integration Ready: CI/CD pipelines, GitHub Actions, REST APIs, real-time monitoring, cross-project benchmarking

Enterprise Features: Custom rules, ML prediction, real-time monitoring, benchmarking, comprehensive reporting

Quality Standards: OWASP compliance, TRUST 5 framework, Context7 integration, automated improvement recommendations

Common Rationalizations

Rationalization Reality
"The linter warnings are false positives" False positives should be suppressed with inline comments. Ignoring them trains the team to ignore real issues.
"Security scanning can wait until before release" Security vulnerabilities compound. Late discovery means expensive rework. Scan continuously.
"Coverage is high enough, the remaining 15% is edge cases" Edge cases are where production bugs live. The uncovered code is the riskiest code.
"Code review is subjective, automation is sufficient" Automation catches syntax and patterns. Reviews catch design flaws, naming confusion, and missing abstractions.
"TRUST 5 is too bureaucratic for a hotfix" Hotfixes without quality gates introduce the next hotfix. TRUST 5 on a hotfix is the minimum, not the maximum.

Chesterton's Fence: Before removing a quality check, understand why it was added. Removing a gate without understanding its history repeats the failure it was designed to prevent.

Shift Left: The earlier a defect is found, the cheaper it is to fix. Quality checks belong in the development loop, not at the end of it.

Red Flags

  • Linter or type-checker warnings suppressed globally instead of per-line
  • OWASP checklist not consulted when handling user input or authentication
  • Coverage report not generated for a commit that adds new functionality
  • TRUST 5 dimension skipped with "not applicable" without justification
  • Quality report generated but no action taken on identified issues

Verification

  • Linter runs clean or remaining warnings have inline suppression comments with reasons
  • OWASP checklist reviewed for security-relevant changes (show checklist references)
  • Coverage report generated and threshold met (show tool output)
  • All five TRUST 5 dimensions assessed (show assessment for each)
  • Quality report issues triaged with resolution plan for each finding
  • No global rule disabling in linter configuration
Weekly Installs
71
Repository
modu-ai/moai-adk
GitHub Stars
964
First Seen
1 day ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykWarn