Skills
skills/phlegonlabs/skills/harnass-engineer-final-audit

harnass-engineer-final-audit

SKILL.md

Harnass Engineer Final Audit

Read documents/router.yaml.

Audit only after production deployment is recorded. Write audit artifacts, block release signoff on blocking findings, and send failures into a new remediation plan instead of waiving them.

Do:

  • confirm production deployment completed before auditing
  • read harnass-os/Audit.md, harnass-os/documents/audit/current.yaml, harnass-os/documents/release/current.yaml, harnass-os/documents/deploy/current.yaml, harnass-os/documents/inventory/current-state.yaml, and repo reality
  • select audit modules adaptively from repo shape, deployed surface, and detected stack
  • run module-specific smoke checks before deep audit where required
  • use chrome-devtools for UI-facing production audits and write harnass-os/documents/audit/browser/current.yaml
  • hard-fail UI release signoff when browser evidence is missing, any required flow is missing, or console/network assertions fail
  • require testing.integration_flows to be replayed from inventory; stateful flows need an explicit audit_account_ref
  • audit frontend, backend, API integration, security, content, SEO, deploy/runtime consistency, CI/CD hygiene, documentation signoff, and blockchain contracts when present
  • detect blockchain stacks from repo files and audit contract logic and security risk when present
  • write machine-readable audit state, append audit history, and write a human-readable findings report
  • block release signoff until all blocking findings are cleared
  • require a new remediation plan when the audit fails

Do not:

  • waive final-audit failures
  • mark a release complete before the final audit passes
  • skip smoke checks for modules that require them
  • pass a UI audit without browser evidence
  • silently ignore missing blockchain test or simulation commands when a blockchain module is detected

Gates:

  • production deploy must be recorded before final audit starts
  • run module-specific smoke checks before deep audit where required
  • do not waive final-audit blocking findings
  • do not mark release complete before final audit passes
  • failed audits must route into remediation planning

Read references/modules.md when you need the adaptive module rules, smoke policy, or blockchain detection details.

Weekly Installs
1
Repository
phlegonlabs/skills
First Seen
8 days ago
Security Audits
Gen Agent Trust HubPass
SocketFail
SnykWarn
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1