simplify-and-harden-ci
Simplify & Harden CI
Install
gh skill install pskoett/pskoett-skills simplify-and-harden-ci
Fallback using the Agent Skills CLI:
npx skills add pskoett/pskoett-skills/skills/simplify-and-harden-ci
Purpose
Run a CI-only variant of Simplify & Harden in pull requests:
- No code mutation in CI
- Review only changed files
- Emit structured findings
- Optionally block merge based on severity gates
Use simplify-and-harden for interactive/local coding sessions.
Context Limitation (Important)
CI agents do not have the same peak implementation context as the coding agent that wrote the change. Treat CI findings as structured review signals, not as full intent-aware rewrites.
Implications:
- Prefer scan/report and merge gating
- Do not auto-apply code changes in CI
- Escalate ambiguous findings to interactive review
Prerequisites
- GitHub Actions enabled for the repository
- GitHub CLI authenticated (
gh auth status) gh-awinstalled locally for authoring/validation:
gh extension install github/gh-aw
- In GitHub Actions jobs, install the CLI with:
- uses: github/gh-aw/actions/setup-cli@main
with:
version: v0.2.0-beta
CI Contract
The CI skill must enforce:
- Scope lock: review only files changed in the PR
- Headless execution: report findings, do not apply patches/refactors
- Structured output: emit
simplify_and_hardensummary payload - Gate policy:
critical: fail check when critical harden findings existadvisory(optional): fail check when advisory findings are configured to block
Authoring Workflow (gh-aw)
Example-only template lives in references/workflow-example.md.
Keep it outside .github/workflows until you explicitly want automation enabled.
When ready to enable:
- Copy
references/workflow-example.mdtemplate block into.github/workflows/simplify-and-harden-ci.md. - Compile and validate workflow:
gh aw compile --validate --strict
- Trigger and push workflow changes:
gh aw run simplify-and-harden-ci --push
- Check status/logs in GitHub Actions and ensure PR feedback is posted.
Prompt Template (CI)
Use this prompt body in your gh-aw workflow:
Run Simplify & Harden in CI (headless mode) for this pull request.
Rules:
1) Review only files changed in this PR.
2) Do not modify repository files.
3) Before reporting findings, re-read all changed code with "fresh eyes" and actively look for obvious bugs, errors, confusing logic, brittle assumptions, naming issues, and missed hardening opportunities.
4) Simplify pass: detect dead code, naming clarity issues, control-flow complexity, unnecessary API surface, and over-abstraction.
5) Harden pass: detect input-validation gaps, injection vectors, auth/authz issues, secret exposure, data leaks, and concurrency risks.
6) Document pass: suggest non-obvious rationale comments as findings (do not edit files).
7) Emit structured YAML under key `simplify_and_harden`, including:
- simplify findings
- harden findings (critical/advisory split)
- summary counts
- `review_followup_required`
- learning loop candidates for self-improvement ingestion
8) If blocking policy is enabled and matching findings exist, mark the run as failed.
Recommended Outputs
- PR comment with concise findings and severity ordering
- Check run summary with pass/fail reason
- Machine-readable YAML artifact for downstream automation
Integration with Self-Improvement
Forward simplify_and_harden.learning_loop.candidates into
.learnings/LEARNINGS.md via the self-improvement workflow so recurrent
patterns can be promoted into durable agent context rules.
More from pskoett/pskoett-ai-skills
self-improvement
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks. For CI-only/headless learning capture, use self-improvement-ci.
1.1Kself-improvement-ci
CI-only self-improvement workflow using gh-aw (GitHub Agentic Workflows). Captures recurring failure patterns and quality signals from pull request checks, emits structured learning candidates, and proposes durable prevention rules without interactive prompts. Use when: you want automated learning capture in CI/headless pipelines.
455agent-teams-simplify-and-harden
Implementation + audit loop using parallel agent teams with structured simplify, harden, and document passes. Spawns implementation agents to do the work, then audit agents to find complexity, security gaps, and spec deviations, then loops until code compiles cleanly, all tests pass, and auditors find zero issues or the loop cap is reached. Use when: implementing features from a spec or plan, hardening existing code, fixing a batch of issues, or any multi-file task that benefits from a build-verify-fix cycle.
449simplify-and-harden
Post-completion self-review for coding agents that runs simplify, harden, and micro-documentation passes on non-trivial code changes. Use when: a coding task is complete in a general agent session and you want a bounded quality and security sweep before signaling done. For CI pipeline execution, use simplify-and-harden-ci.
421plan-interview
|
409intent-framed-agent
Frames coding-agent work sessions with explicit intent capture and drift monitoring. Use when a session transitions from planning/Q&A to implementation for coding tasks, refactors, feature builds, bug fixes, or other multi-step execution where scope drift is a risk.
375