golden-principles
Golden Principles
Scan the repository for violations of mechanically enforced golden principles. Produces remediation instructions that agents can act on directly.
Inspired by OpenAI Harness Engineering:
"We started encoding what we call 'golden principles' directly into the repository and built a recurring cleanup process."
Triggers
| Trigger Phrase | Operation |
|---|---|
scan golden principles |
Full principle compliance scan |
check principle compliance |
Scan with summary report |
golden principle violations |
Scan and list violations |
run garbage collection |
Deep scan with fix-up recommendations |
audit principles |
Scan specific rules only |
When to Use
Use this skill when:
- Preparing a PR for submission (catch violations early)
- Running periodic garbage collection scans
- Auditing a domain or directory for compliance
- Adding new files to the repository
Use taste-lints instead when:
- Checking code-level invariants only (file size, naming, complexity)
- Running pre-commit checks on staged files
Use quality-grades instead when:
- Grading domains across architectural layers
- Producing quality trend reports
Process
- Run
python3 .claude/skills/golden-principles/scripts/scan_principles.pywith target - Review AGENT_REMEDIATION blocks in output
- Apply suggested fixes
- Re-run to confirm compliance
Usage
# Scan entire repository
python3 .claude/skills/golden-principles/scripts/scan_principles.py
# Scan specific directory
python3 .claude/skills/golden-principles/scripts/scan_principles.py --directory .claude/skills/
# Run specific rules only
python3 .claude/skills/golden-principles/scripts/scan_principles.py --rules script-language,skill-frontmatter
# JSON output for tooling
python3 .claude/skills/golden-principles/scripts/scan_principles.py --format json
# Write results to file
python3 .claude/skills/golden-principles/scripts/scan_principles.py --output scan-results.json --format json
Rules
| Rule | Principle | What it checks |
|---|---|---|
script-language |
GP-001 | No new .sh/.bash files |
skill-frontmatter |
GP-003 | SKILL.md has required frontmatter fields |
agent-definition |
GP-004 | Agent .md files have required sections |
yaml-logic |
GP-005 | No inline logic in workflow YAML |
actions-pinned |
GP-006 | GitHub Actions pinned to SHA |
GP-002, GP-007, GP-008 are enforced by existing tools (git hooks, taste-lints).
Exit Codes
| Code | Meaning |
|---|---|
| 0 | No violations found |
| 1 | Script error (bad arguments, file not found) |
| 10 | Violations detected |
Suppression
Add a comment in the file header to suppress a specific rule:
# golden-principle: ignore script-language
Valid rules: script-language, skill-frontmatter, agent-definition, yaml-logic, actions-pinned
Verification
After execution:
- Report lists scanned file count
- Each violation includes principle ID and remediation
- Exit code matches violation state
- Output format matches --format flag
References
- Code Qualities - Five foundational qualities: cohesion, coupling, non-redundancy, encapsulation, testability
- SOLID Principles - SRP, OCP, LSP, ISP, DIP with violation signs and code examples
- Programming by Intention - Sergeant pattern for expressing intent over implementation
- Separation of Concerns - Decomposition at method, class, layer, and service levels
- DRY Principle - Single authoritative representation with scope, violations, and when NOT to DRY
Cross-References
- Golden Principles Document
- Taste Lints for GP-007, GP-008
- Quality Grades for domain-level grading
More from rjmurillo/ai-agents
reflect
CRITICAL learning capture. Extracts HIGH/MED/LOW confidence patterns from conversations to prevent repeating mistakes and preserve what works. Use PROACTIVELY after user corrections ("no", "wrong"), after praise ("perfect", "exactly"), when discovering edge cases, or when skills are heavily used. Without reflection, valuable learnings are LOST forever. Acts as continuous improvement engine for all skills. Invoke EARLY and OFTEN - every correction is a learning opportunity.
14threat-modeling
Structured security analysis using OWASP Four-Question Framework and STRIDE methodology. Generates threat matrices with risk ratings, mitigations, and prioritization. Use for attack surface analysis, security architecture review, or when asking what can go wrong.
2chestertons-fence
Investigate historical context of existing code, patterns, or constraints before proposing changes. Automates git archaeology, PR/ADR search, and dependency analysis to prevent removing structures without understanding their purpose.
2github-url-intercept
BLOCKING INTERCEPT: When ANY github.com URL appears in user input, STOP and use this skill. Never fetch GitHub HTML pages directly - they are 5-10MB and will exhaust your context window. This skill routes URLs to efficient API calls (1-50KB). Triggers on: pull/, issues/, blob/, tree/, commit/, compare/, discussions/.
2git-advanced-workflows
Advanced Git workflows including rebasing, cherry-picking, bisect, worktrees, and reflog. Use when managing complex Git histories, collaborating on feature branches, or recovering from repository issues.
2pr-comment-responder
PR review coordinator who gathers comment context, acknowledges every
2