review-software-architecture
Review software architecture for coupling, cohesion, SOLID principles, API design, scalability, and technical debt. Covers system-level evaluation, architecture decision record review, and improvement recommendations. Use when evaluating a proposed architecture before implementation, assessing an existing system for scalability or security, reviewing ADRs, performing a technical debt assessment, or evaluating readiness for significant scale-up.
Best use case
review-software-architecture is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Review software architecture for coupling, cohesion, SOLID principles, API design, scalability, and technical debt. Covers system-level evaluation, architecture decision record review, and improvement recommendations. Use when evaluating a proposed architecture before implementation, assessing an existing system for scalability or security, reviewing ADRs, performing a technical debt assessment, or evaluating readiness for significant scale-up.
Teams using review-software-architecture should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/review-software-architecture/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How review-software-architecture Compares
| Feature / Agent | review-software-architecture | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Review software architecture for coupling, cohesion, SOLID principles, API design, scalability, and technical debt. Covers system-level evaluation, architecture decision record review, and improvement recommendations. Use when evaluating a proposed architecture before implementation, assessing an existing system for scalability or security, reviewing ADRs, performing a technical debt assessment, or evaluating readiness for significant scale-up.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Review Software Architecture Evaluate software architecture at the system level for quality attributes, design principles adherence, and long-term maintainability. ## When to Use - Evaluating a proposed architecture before implementation begins - Assessing an existing system for scalability, maintainability, or security - Reviewing Architecture Decision Records (ADRs) for a project - Performing a technical debt assessment - Evaluating whether a system is ready for a significant scale-up or feature expansion - Differentiating from line-level code review (which focuses on PR-level changes) ## Inputs - **Required**: System codebase or architecture documentation (diagrams, ADRs, README) - **Required**: Context about the system's purpose, scale, and constraints - **Optional**: Non-functional requirements (latency, throughput, availability targets) - **Optional**: Team size and skill composition - **Optional**: Technology constraints or preferences - **Optional**: Known pain points or areas of concern ## Procedure ### Step 1: Understand the System Context Map the system boundaries and interfaces: ```markdown ## System Context - **Name**: [System name] - **Purpose**: [One-line description] - **Users**: [Who uses it and how] - **Scale**: [Requests/sec, data volume, user count] - **Age**: [Years in production, major versions] - **Team**: [Size, composition] ## External Dependencies | Dependency | Type | Criticality | Notes | |-----------|------|-------------|-------| | PostgreSQL | Database | Critical | Primary data store | | Redis | Cache | High | Session store + caching | | Stripe | External API | Critical | Payment processing | | S3 | Object storage | High | File uploads | ``` **Got:** Clear picture of what the system does and what it depends on. **If fail:** If architecture documentation is missing, derive the context from code structure, configs, and deployment files. ### Step 2: Evaluate Structural Quality #### Coupling Assessment Examine how tightly modules depend on each other: - [ ] **Dependency direction**: Do dependencies flow in one direction (layered) or circular? - [ ] **Interface boundaries**: Are modules connected through defined interfaces/contracts or direct implementation references? - [ ] **Shared state**: Is mutable state shared between modules? - [ ] **Database coupling**: Do multiple services read/write the same tables directly? - [ ] **Temporal coupling**: Must operations happen in a specific order without explicit orchestration? ```bash # Detect circular dependencies (JavaScript/TypeScript) npx madge --circular src/ # Detect import patterns (Python) # Look for deep cross-package imports grep -r "from app\." --include="*.py" | sort | uniq -c | sort -rn | head -20 ``` #### Cohesion Assessment Evaluate whether each module has a single, clear responsibility: - [ ] **Module naming**: Does the name accurately describe what the module does? - [ ] **File size**: Are files or classes excessively large (>500 lines suggests multiple responsibilities)? - [ ] **Change frequency**: Do unrelated features require changes to the same module? - [ ] **God objects**: Are there classes/modules that everything depends on? | Coupling Level | Description | Example | |---------------|-------------|---------| | Low (good) | Modules communicate through interfaces | Service A calls Service B's API | | Medium | Modules share data structures | Shared DTO/model library | | High (concern) | Modules reference each other's internals | Direct database access across modules | | Pathological | Modules modify each other's internal state | Global mutable state | **Got:** Coupling and cohesion assessed with specific examples from the codebase. **If fail:** If the codebase is too large for manual review, sample 3-5 key modules and the most-changed files. ### Step 3: Assess SOLID Principles | Principle | Question | Red Flags | |-----------|----------|-----------| | **S**ingle Responsibility | Does each class/module have one reason to change? | Classes with >5 public methods on unrelated concerns | | **O**pen/Closed | Can behavior be extended without modifying existing code? | Frequent modifications to core classes for each new feature | | **L**iskov Substitution | Can subtypes replace their base types without breaking behavior? | Type checks (`instanceof`) scattered through consumer code | | **I**nterface Segregation | Are interfaces focused and minimal? | "Fat" interfaces where consumers implement unused methods | | **D**ependency Inversion | Do high-level modules depend on abstractions, not details? | Direct instantiation of infrastructure classes in business logic | ```markdown ## SOLID Assessment | Principle | Status | Evidence | Impact | |-----------|--------|----------|--------| | SRP | Concern | UserService handles auth, profile, notifications, and billing | High — changes to billing risk breaking auth | | OCP | Good | Plugin system for payment providers | Low | | LSP | Good | No type-checking anti-patterns found | Low | | ISP | Concern | IRepository has 15 methods, most implementors use 3-4 | Medium | | DIP | Concern | Controllers directly instantiate database repositories | Medium | ``` **Got:** Each principle assessed with at least one specific example. **If fail:** Not all principles apply equally to every architecture style. Note when a principle is less relevant (e.g., ISP matters less in functional codebases). ### Step 4: Review API Design For systems that expose APIs (REST, GraphQL, gRPC): - [ ] **Consistency**: Naming conventions, error formats, pagination patterns uniform - [ ] **Versioning**: Strategy exists and is applied (URL, header, content negotiation) - [ ] **Error handling**: Error responses are structured, consistent, and don't leak internals - [ ] **Authentication/Authorization**: Properly enforced at the API layer - [ ] **Rate limiting**: Protection against abuse - [ ] **Documentation**: OpenAPI/Swagger, GraphQL schema, or protobuf definitions maintained - [ ] **Idempotency**: Mutating operations (POST/PUT) handle retries safely ```markdown ## API Design Review | Aspect | Status | Notes | |--------|--------|-------| | Naming consistency | Good | RESTful resource naming throughout | | Versioning | Concern | No versioning strategy — breaking changes affect all clients | | Error format | Good | RFC 7807 Problem Details used consistently | | Auth | Good | JWT with role-based scopes | | Rate limiting | Missing | No rate limiting on any endpoint | | Documentation | Concern | OpenAPI spec exists but 6 months out of date | ``` **Got:** API design reviewed against common standards with specific findings. **If fail:** If no API is exposed, skip this step and focus on internal module interfaces. ### Step 5: Evaluate Scalability and Reliability - [ ] **Statelessness**: Can the application scale horizontally (no local state)? - [ ] **Database scalability**: Are queries indexed? Is the schema suitable for the data volume? - [ ] **Caching strategy**: Is caching applied at appropriate layers (database, application, CDN)? - [ ] **Failure handling**: What happens when a dependency is unavailable (circuit breaker, retry, fallback)? - [ ] **Observability**: Are logs, metrics, and traces implemented? - [ ] **Data consistency**: Is eventual consistency acceptable or is strong consistency required? **Got:** Scalability and reliability assessed relative to stated non-functional requirements. **If fail:** If non-functional requirements are undocumented, recommend defining them as a first step. ### Step 6: Assess Technical Debt ```markdown ## Technical Debt Inventory | Item | Severity | Impact | Estimated Effort | Recommendation | |------|----------|--------|-----------------|----------------| | No database migrations | High | Schema changes are manual and error-prone | 1 sprint | Adopt Alembic/Flyway | | Monolithic test suite | Medium | Tests take 45 min, developers skip them | 2 sprints | Split into unit/integration/e2e | | Hardcoded config values | Medium | Environment-specific values in source code | 1 sprint | Extract to env vars/config service | | No CI/CD pipeline | High | Manual deployment prone to errors | 1 sprint | Set up GitHub Actions | ``` **Got:** Technical debt catalogued with severity, impact, and effort estimates. **If fail:** If the debt inventory is overwhelming, prioritize the top 5 items by impact/effort ratio. ### Step 7: Review Architecture Decision Records (ADRs) If ADRs exist, evaluate: - [ ] Decisions have clear context (what problem was being solved) - [ ] Alternatives were considered and documented - [ ] Trade-offs are explicit - [ ] Decisions are still current (not superseded without documentation) - [ ] New significant decisions have ADRs If ADRs don't exist, recommend establishing them for key decisions. ### Step 8: Write the Architecture Review ```markdown ## Architecture Review Report ### Executive Summary [2-3 sentences: overall health, key concerns, recommended actions] ### Strengths 1. [Specific architectural strength with evidence] 2. ... ### Concerns (by severity) #### Critical 1. **[Title]**: [Description, impact, recommendation] #### Major 1. **[Title]**: [Description, impact, recommendation] #### Minor 1. **[Title]**: [Description, recommendation] ### Technical Debt Summary [Top 5 debt items with prioritized recommendations] ### Recommended Next Steps 1. [Actionable recommendation with clear scope] 2. ... ``` **Got:** Review report is actionable with prioritized recommendations. **If fail:** If the review is time-boxed, clearly state what was covered and what remains unassessed. ## Validation - [ ] System context documented (purpose, scale, dependencies, team) - [ ] Coupling and cohesion assessed with specific code examples - [ ] SOLID principles evaluated where applicable - [ ] API design reviewed (if applicable) - [ ] Scalability and reliability assessed against requirements - [ ] Technical debt catalogued and prioritized - [ ] ADRs reviewed or their absence noted - [ ] Recommendations are specific, prioritized, and actionable ## Pitfalls - **Reviewing code instead of architecture**: This skill is about system-level design, not line-level code quality. Use `code-reviewer` for PR-level feedback. - **Prescribing a specific technology**: Architecture reviews should identify problems, not mandate specific tools unless there's a clear technical reason. - **Ignoring team context**: The "best" architecture for a 3-person team differs from a 30-person team. Consider organizational constraints. - **Perfectionism**: Every system has tech debt. Focus on debt that is actively causing pain or blocking future work. - **Assuming scale**: Don't recommend distributed systems for an app serving 100 users. Match architecture to actual requirements. ## Related Skills - `security-audit-codebase` — security-focused code and configuration review - `configure-git-repository` — repository structure and conventions - `design-serialization-schema` — data schema design and evolution - `review-data-analysis` — review of analytical correctness (complementary perspective)
Related Skills
simulate-cpu-architecture
Design and simulate a minimal CPU from scratch: define an instruction set architecture (ISA), build the datapath (ALU, register file, program counter, memory interface), design the control unit (hardwired or microprogrammed), implement the fetch-decode-execute cycle, and verify by tracing a small program clock cycle by clock cycle. The capstone "computer inside a computer" exercise that composes combinational and sequential building blocks into a complete processor.
review-web-design
Review web design for layout, typography, colour, spacing, responsive behaviour, brand consistency, and visual hierarchy. Covers design principles and improvement recommendations. Use for mockup review before development, implemented site assessment, design review feedback, brand consistency check, or responsive behaviour at breakpoints.
review-ux-ui
Review UX and UI design with Nielsen heuristics, WCAG 2.1 accessibility, keyboard and screen reader audit, user flow analysis, cognitive load assessment, and form usability. Use for usability review before release, WCAG 2.1 audit, user flow evaluation, form review, or heuristic evaluation of an existing interface.
review-skill-format
Review a SKILL.md file for compliance with the agentskills.io standard. Checks YAML frontmatter fields, required sections, line count limits, procedure step format, and registry synchronization. Use when a new skill needs format validation before merge, an existing skill has been modified and requires re-validation, performing a batch audit of all skills in a domain, or reviewing a contributor's skill submission in a pull request.
review-research
Conduct a peer review of research methodology, experimental design, and manuscript quality. Covers methodology evaluation, statistical appropriateness, reproducibility assessment, bias identification, and constructive feedback. Use when reviewing a manuscript, preprint, or internal research report, evaluating a research proposal or study protocol, assessing evidence quality behind a claim, or reviewing a thesis chapter or dissertation section.
review-pull-request
Review a pull request end-to-end using GitHub CLI. Covers diff analysis, commit history review, CI/CD check verification, severity-leveled feedback (blocking/suggestion/nit/praise), and gh pr review submission. Use when a pull request is assigned for review, performing a self-review before requesting others' input, conducting a second review after feedback is addressed, or auditing a merged PR for post-merge quality assessment.
review-data-analysis
Review a data analysis for quality, correctness, and reproducibility. Covers data quality assessment, assumption checking, model validation, data leakage detection, and reproducibility verification. Use when reviewing a colleague's analysis before publication, validating an ML pipeline before production deployment, auditing a report for regulatory or business decision-making, or performing a second-analyst review in a regulated environment.
review-codebase
Multi-phase deep codebase review with severity ratings and structured output. Covers architecture, security, code quality, and UX/accessibility in a single coordinated pass. Produces a prioritized findings table suitable for direct conversion to GitHub issues via the create-github-issues skill.
design-compliance-architecture
Design a compliance architecture that maps applicable regulations to computerized systems. Covers system inventory, criticality classification (GxP-critical, GxP-supporting, non-GxP), GAMP 5 category assignment, regulatory requirements traceability, and governance structure definition. Use when establishing a new regulated facility, formalising compliance across multiple systems, addressing a regulatory gap analysis, harmonising compliance after mergers or reorganisations, or preparing a site master file that references computerized systems.
cross-review-project
Conduct a structured cross-project code review between two Claude Code instances via the cross-review-mcp broker. Each agent reads its own codebase, reviews the peer's code, and engages in evidence-backed dialogue — with QSG scaling laws enforcing review quality through minimum bandwidth constraints and phase-gated progression.
adapt-architecture
Execute structural metamorphosis using strangler fig migration, chrysalis phases, and interface preservation. Covers transformation planning, parallel running, progressive cutover, rollback design, and post-metamorphosis stabilization for system architecture evolution. Use when assess-form has classified the system as READY for transformation, when migrating from monolith to microservices, when replacing a core subsystem while dependents continue operating, or when any architectural change must be gradual rather than big-bang.
skill-name-here
One to three sentences describing what this skill accomplishes, followed by key activation triggers. This field is the primary mechanism agents use to decide whether to activate the skill — it is read during discovery before the full body is loaded. Start with a verb. Include the most important "when to use" conditions inline. Max 1024 characters.