workflow-compliance-audit
Systematic audit of whether agents are following established workflows — cross-review, plan approval, TDD compliance, and document intelligence status.
Best use case
workflow-compliance-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Systematic audit of whether agents are following established workflows — cross-review, plan approval, TDD compliance, and document intelligence status.
Teams using workflow-compliance-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/workflow-compliance-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How workflow-compliance-audit Compares
| Feature / Agent | workflow-compliance-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Systematic audit of whether agents are following established workflows — cross-review, plan approval, TDD compliance, and document intelligence status.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
SKILL.md Source
# Workflow Compliance Audit
Audit whether agents are following established workflows (plan review, cross-review, TDD, document intelligence) by examining git history, review artifacts, session data, and intelligence pipelines.
## What Gets Audited
| Area | What to Check | Evidence Sources |
|------|-------------|------------------|
| **Cross-Review** | Are engineering commits getting reviewed? | `scripts/review/results/`, git log |
| **Plan Review** | Are plans written and approved before implementation? | Issue comments, `.planning/` files |
| **TDD Compliance** | Are tests written before implementation? | Commit order, test file timestamps |
| **Doc Intelligence** | Is the document index healthy and current? | `data/document-index/index.jsonl`, `standards-transfer-ledger.yaml` |
| **Resource Intelligence** | Is the resource maturity tracker being updated? | `data/document-index/resource-intelligence-maturity.yaml` |
| **Session Governance** | Any runaway sessions, bypass patterns? | Session logs, bypass logs |
## Audit Procedure
### 1. Cross-Review Status
Check `scripts/review/results/` for recent artifacts:
```
ls -lt scripts/review/results/ | head -15
```
- Find the date of the most recent review artifact
- Count engineering commits since that date
- Calculate review compliance rate: reviews / engineering_commits
**Engineering commits** = commits with `feat:`, `fix:`, `refactor:` prefixes that touch `digitalmodel/`, `worldenergydata/`, `assetutilities/`, or have `cat:engineering` labels.
### 2. Plan Review Compliance
Check if engineering issues had plans before implementation:
```
gh issue list --state open --label cat:engineering --json number,title | python3 -c "..."
```
- For recent engineering commits, check if the referenced issue had a plan comment before the implementation commit date
- Check `.planning/` for phase plans that were approved
### 3. Document Intelligence Health
Check the primary index file:
```
wc -l data/document-index/index.jsonl
python3 -c "import json; d=json.loads(open('data/document-index/index.jsonl').readline()); print(d.get('summary_done'), d.get('content_type'))"
```
- Total records count
- Sample a few records - check if `summary_done` and `content_type` fields are populated
- **Verify index metadata coverage** (post #1878): `content_type` should be populated for 100% of records; `summary_done=True` for ~16% (the rest are mostly CAD files). If either coverage has regressed, run `scripts/data/document-index/validate-index-metadata.py` — exit 1 indicates a regression. `online-resource-registry.yaml` and `standards-transfer-ledger.yaml` remain useful for curated engineering lookups.
- Conference papers indexed? Check `conference-index-batch.jsonl`
### 4. Resource Intelligence Status
Read `data/document-index/resource-intelligence-maturity.yaml`:
- Documents marked read: count and percentage
- Target: typically >80% within 3 months
- Key calculations implemented: list with percentages
- Check the `generated` field — is the tracker being updated or is it stale?
### 5. Bypass Pattern Analysis
Check for agents bypassing established gates:
```
grep -r "SKIP_REVIEW_GATE\|GIT_PRE_PUSH_SKIP\|skip.*plan\|bypass" logs/ docs/handoffs/ 2>/dev/null
```
- Count bypass events
- Check if bypasses are justified or habitual
## Expected Output
Structured audit report with:
- **Status**: HEALTHY | WARNING | CRITICAL for each area
- **Evidence**: Specific dates, commit hashes, file paths
- **Trend**: Improving | Stable | Declining (if historical data available)
- **Action Items**: What needs fixing
## Example Finding Format
```
## Cross-Review: CRITICAL
Last review artifact: Apr 2 (one Codex retroactive review)
Prior review cluster: Mar 24
542 commits since reviews stopped
Compliance rate: ~0.2%
```
## Pitfalls
- **Session signals directory**: `.Codex/state/session-signals/` may have stale data. The `check_claude_usage.sh` script may never have run, so generated log files don't exist.
- **Hermes sessions**: Not tracked in the same way as Codex sessions. Check `~/.hermes/sessions/` for Hermes-specific data.
- **Auto-sync noise**: `chore(sync): auto-sync` commits inflate total commit counts. Filter these out.
- **Review artifacts vs review execution**: Having review files in `scripts/review/results/` doesn't mean the review was performed — check file sizes and content. Some artifacts are empty or contain only error messages.
- **Document index vs registry**: The index.jsonl is NOT the same as the online-resource-registry.yaml or standards-transfer-ledger.yaml. The index tracks all documents (647K+), while registries track specific collections.
- **Resource maturity YAML vs Markdown**: The YAML is authoritative, the Markdown is generated. Always check the YAML for current state.
## Related
- `engineering-issue-workflow` skill — the workflow being audited
- `hermes-workflow-audit` — cron and agent health specifically
- Issue #1839 — workflow hard-stops and session governance
- Issue #1515 — AI review routing policyRelated Skills
llm-wiki-audit-feedback-loop
Durable feedback loop for correcting llm-wiki pages without losing the correction to chat history. Use when (1) a human notices a wiki page is wrong, outdated, or contradicts a source, (2) processing the `audit/` inbox of a domain wiki, (3) reviewing what feedback has been resolved vs deferred, (4) needing to leave a comment on a specific text range that survives line- number drift. Implements the anchored-text audit file pattern from lewislulu/llm-wiki-skill, adapted for workspace-hub's domain-wiki layout under /mnt/local-analysis/llm-wiki/wikis/<domain>/. Extends the 5-op model (compile/ingest/query/lint) from research/llm-wiki with the missing `audit` op. Never silently delete feedback — rejected audits stay archived with rejection rationale.
digitalmodel-orcawave-orcaflex-proof-workflows
Class-level digitalmodel OrcaWave/OrcaFlex readiness, semantic-proof, fixture-proof, and closeout workflows.
pre-completion-cleanup-audit
Audit and dispose of session residue (orphan files, scratch dirs, sibling-repo state, locks, trash-stages) BEFORE claiming a task complete. Required gate before any agent says "all done", "task complete", or hands work back to user/orchestrator.
repo-mission-portfolio-audit
Audit the workspace-hub repo portfolio to extract each repo's mission, identify documentation gaps, and prioritize a plan/approval sequence with explicit LLM-wiki weighting for future issue triage.
provider-session-ecosystem-audit-and-exporters
Build and maintain cross-provider session-log audits for Codex, Codex, Hermes, and Gemini, including exporter design, normalization, and behavioral verification.
orcawave-orcaflex-readiness-audit
Audit the real readiness of digitalmodel OrcaWave/OrcaFlex spec-driven workflows by reconciling workspace-hub issues, source/tests, semantic-equivalence boundaries, and wiki synthesis gaps.
read-only-pre-implementation-audit
Systematic cross-check workflow to validate assumptions before TDD coding begins
portable-pattern-verification-workflow
Multi-package implementation with verification strategy for cross-platform configuration hardening
plan-gated-issue-validation-workflow
Systematic validation pattern for plan-approved GitHub issues with pre-existing deliverables
multi-year-tax-filing-verification-workflow
Verify and reconcile complex multi-form tax filings by cross-referencing source documents, identifying data dependencies, and validating line-by-line against authoritative records.
multi-file-tax-reconciliation-workflow
Systematic parallel review and reconciliation of multi-document tax filings with cross-reference validation
metadata-only-wiki-sweep-workflow
Disciplined inventory process for cataloging documents by filename/path without content claims, using parent-centric grouping to prevent stub proliferation