Documentation Index
Fetch the complete documentation index at: https://mintlify.com/jorgeferrando/sdd-skills/llms.txt
Use this file to discover all available pages before exploring further.
/sdd-audit is a semantic code-review tool that checks your changes against the conventions and project rules captured in openspec/steering/. Run it before opening a pull request to catch architecture violations early, after a refactor to confirm nothing has drifted, or periodically to track accumulated technical debt. Unlike a linter — which enforces syntax and style — audit is semantic: it checks whether the code follows the architectural patterns, naming conventions, and structural rules your team has documented. It complements your linter rather than replacing it.
Usage
Prerequisites
openspec/steering/conventions.md must exist. This file is generated by /sdd-init (new project) or /sdd-steer (existing project).
Without
conventions.md, /sdd-audit has no reference to check against and will not run. If the file is missing, run /sdd-init or /sdd-steer first to establish your project’s conventions baseline.What It Does
Checks that
openspec/steering/conventions.md exists. If it is missing, the skill stops and tells you which command to run to create it.openspec/steering/conventions.md (required)openspec/steering/project-rules.md (if it exists)conventions-*.md) loaded selectively based on the files in scope — for example, conventions-testing.md is loaded only when the scope includes test files, and conventions-security.md only when scope includes auth or input-handling files. Irrelevant specialists are skipped to keep context focused.Rules in
project-rules.md that duplicate existing linter coverage (quote style, import order, etc.) are excluded — audit is semantic, not syntactic.Analyzing: 4 modified files since main
src/components/UserCard.tsx
src/services/user.service.ts
tests/user.service.spec.ts
...
Ruleset: conventions.md (12 rules) + project-rules.md (8 rules) = 20 rules
For each file in scope, every applicable MUST / MUST NOT / SHOULD / MAY rule is checked. Violations are noted with approximate line numbers and concrete descriptions. The source file (conventions.md vs project-rules.md) is recorded for each violation.
MUST / MUST NOTSHOULDMAY## Audit Report — {project} — {date}
Scope: {N files analyzed} | Rules checked: {N}
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
### Critical (blocks PR review)
- [C01] `src/api/handler.py:15` — MUST NOT inject Repository directly
- Rule: architecture — MUST NOT bypass the service layer [conventions.md]
- Fix: inject UserService instead
- [C02] `src/api/handler.py:42` — MUST use type hints for all parameters
- Rule: code-style — MUST annotate function parameters [conventions.md]
- Fix: add type annotations to all parameters
### Important (technical debt)
- [I01] `src/api/handler.py:28` — SHOULD keep methods under 50 lines (current: 67)
- Rule: structure — SHOULD limit method length [conventions.md]
- Fix: extract the validation block into a separate method
### Minor
- [M01] `src/services/user.service.ts:8` — MAY use readonly for injected dependencies
- Rule: style — MAY declare injected fields as readonly [conventions.md]
- Fix: add readonly modifier
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
## Summary
| Level | Count |
|----------|-------|
| Critical | 2 |
| Important| 1 |
| Minor | 1 |
| Total | 4 |
If critical or important violations exist, the report ends with grouped
/sdd-new prompts to track the fixes as SDD changes:Output
/sdd-audit does not modify any code. It produces a report only. Fix recommendations suggest the exact change needed; /sdd-new prompts let you track groups of violations as first-class SDD changes rather than ad-hoc edits.
Skill Metadata
| Field | Value |
|---|---|
model_hint | sonnet |
requires | openspec/steering/conventions.md |
produces | Audit report (no files written) |
/sdd-audit also runs automatically as part of /sdd-verify — when conventions.md exists, verify runs an audit on the changed files as an additional quality gate before the PR is created.When to Use
Before opening a pull request
Before opening a pull request
The primary use case. Run
/sdd-audit to catch convention violations before reviewers do — critical violations are exactly the kind of feedback that shows up in PR comments.After a refactor
After a refactor
Refactors touch many files and can introduce drift. Run
/sdd-audit src/ on the affected directory to confirm the refactored code still follows the established patterns.Onboarding a new contributor
Onboarding a new contributor
Use audit on a new team member’s first PR as an educational tool — it explains which rule was violated and why, not just that something is wrong.
Periodic debt tracking
Periodic debt tracking
Run audit periodically on the whole codebase (or a specific domain) to track how technical debt is evolving over time.
Next Steps
- Fix critical violations before creating a PR. Use the suggested
/sdd-newprompts to track them as proper SDD changes. - Defer important violations by adding them to
tasks.mdso they are tracked but not blocking. - After implementing fixes, run
/sdd-auditagain to confirm the violations are resolved.