contract-audit
Use when reviewing a package's class contract relationships (interface implementations, inheritance chains, cross-package port consumers) and updating its SPEC.md Class Contract Registry.
Best use case
contract-audit is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when reviewing a package's class contract relationships (interface implementations, inheritance chains, cross-package port consumers) and updating its SPEC.md Class Contract Registry.
Teams using contract-audit should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/contract-audit/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How contract-audit Compares
| Feature / Agent | contract-audit | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when reviewing a package's class contract relationships (interface implementations, inheritance chains, cross-package port consumers) and updating its SPEC.md Class Contract Registry.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
## Rule Anchor - "Type System (Strict)" in `AGENTS.md` - "Spec Quality Gate" in `AGENTS.md` - `type-boundary-and-ssot` skill - `architecture-patterns` skill - `spec-writing-standard` skill ## Use This Skill When - Adding or updating a Class Contract Registry in a package's `docs/SPEC.md`. - Reviewing whether a package's classes respect ownership boundaries and single responsibility. - Verifying that interface implementations match their contracts after refactoring. - Auditing cross-package port-to-adapter relationships. ## Preconditions - The target package exists in `pnpm-workspace.yaml`. - `docs/SPEC.md` exists (create using `spec-writing-standard` if missing). - `scripts/audit/audit-implements.mjs` is available and runnable. ## Tier Priority Review packages in dependency order so upstream contracts are established first. | Tier | Packages | Rationale | | ---- | ----------------------------------------------------- | -------------------------------------------------------- | | 1 | agent-core, agent-sdk | Contract owners and SDK facades | | 2 | agent-runtime, agent-sessions, agent-tools | Primary lifecycle and tool implementors | | 3 | agent-command-_, agent-provider-_, agent-transport-\* | Product command, provider, and transport specializations | | 4 | agent-cli, agent-playground, agent-server, agent-web | Product shells, apps, and leaf integrations | ## Execution Steps 1. **Select target package** using tier priority above. 2. **Collect contracts mechanically**: ```bash node scripts/audit/audit-implements.mjs ``` Filter output for the target package. Extract all `implements` and `extends` relationships. 3. **Classify each contract**: - **Port interface**: Dependency inversion boundary (e.g., `IStoragePort`). - **Extension point**: Abstract base for consumer specialization (e.g., `AbstractNodeDefinition`). - **Strategy/Policy**: Swappable behavior (e.g., `IRetryPolicy`). - **Internal contract**: Package-internal interface not exported. 4. **Build registry tables** for the Class Contract Registry section: ### Interface Implementations | Interface | Implementor | Kind | Location | | --------- | ----------- | ---- | -------- | ### Inheritance Chains | Base | Derived | Location | Notes | | ---- | ------- | -------- | ----- | ### Cross-Package Port Consumers | Port (Owner) | Adapter (Consumer Package) | Location | | ------------ | -------------------------- | -------- | 5. **Update SPEC.md**: Add or replace the `## Class Contract Registry` section. 6. **Verify responsibility**: - Each class has a single, clear responsibility. - No class reaches across package boundaries to access internal state. - Port implementations do not leak domain logic from the adapter layer. 7. **Verify encapsulation**: - Internal types are not exported via barrel (`index.ts`). - Mutable internal state is not exposed through public getters. - Construction uses DI; no hard-coded dependencies on concrete classes. 8. **Identify refactoring needs**: If violations are found, document them and apply fixes using `repo-change-loop` skill. 9. **Cross-check with audit tool**: ```bash node scripts/audit/audit-implements.mjs ``` Confirm the Class Contract Registry matches the audit output. ## Stop Conditions - Class Contract Registry tables are empty for a package that has `implements` or `extends` relationships. - Registry lists a class or interface that does not exist in source. - Registry omits a class that appears in `implements-audit` output for the package. - A class implements an interface from a package it does not declare as a dependency. - Cross-package port consumer table is missing when the package imports ports from another package. ## Checklist - [ ] `implements-audit` output reviewed for the target package - [ ] All `implements` relationships documented in Interface Implementations table - [ ] All `extends` relationships documented in Inheritance Chains table - [ ] Cross-package port consumers identified and documented - [ ] Each contract classified (port, extension point, strategy, internal) - [ ] Single responsibility verified for each class - [ ] No internal types leaked through barrel exports - [ ] SPEC.md Class Contract Registry matches audit output - [ ] `pnpm build` passes after any changes - [ ] `pnpm harness:scan` passes ## Anti-Patterns - Listing every TypeScript interface (only list behavioral contracts, not data shapes). - Including test doubles in the main registry (note them separately if needed). - Documenting implementation details instead of contract relationships. - Skipping cross-package analysis for packages that consume ports.
Related Skills
contract-testing
Applies consumer-driven contract testing to verify API compatibility between packages or services without full E2E tests. Use when designing or evolving API boundaries between loosely coupled modules.
web-design-guidelines
Review UI code for Web Interface Guidelines compliance. Use when asked to "review my UI", "check accessibility", "audit design", "review UX", or "check my site against best practices".
vitest-testing-strategy
Defines a practical testing strategy for TypeScript and JavaScript using Vitest across unit, integration, and type-level tests. Use when adding features, refactoring, or preventing regressions with fast feedback loops.
version-management
All packages must have the same version. Use changesets for coordinated version bumps. Never version packages independently.
vercel-react-native-skills
React Native and Expo best practices for building performant mobile apps. Use when building React Native components, optimizing list performance, implementing animations, or working with native modules. Triggers on tasks involving React Native, Expo, mobile performance, or native platform APIs.
vercel-react-best-practices
React and Next.js performance optimization guidelines from Vercel Engineering. This skill should be used when writing, reviewing, or refactoring React/Next.js code to ensure optimal performance patterns. Triggers on tasks involving React components, Next.js pages, data fetching, bundle optimization, or performance improvements.
vercel-composition-patterns
React composition patterns that scale. Use when refactoring components with boolean prop proliferation, building flexible component libraries, or designing reusable APIs. Triggers on tasks involving compound components, render props, context providers, or component architecture. Includes React 19 API changes.
user-request-gate
Use immediately when the user requests any implementation, code change, feature addition, fix, or modification. Gates code writing behind a backlog draft document. Read-only exploration is always permitted.
type-boundary-and-ssot
Applies Robota's preferred workflow for trust-boundary validation, strict typing, quality gates, and owner-based SSOT reuse. Use when adding or reviewing type contracts, boundary parsing, shared contract ownership, or running quality checks.
tdd-red-green-refactor
Kent Beck's TDD workflow. Use when writing new code or modifying existing behavior. Enforces the Red-Green-Refactor cycle with small, verifiable steps.
task-tracking
Track work using task files in .agents/tasks/. Use when starting, progressing, or completing a task to maintain a persistent record of work.
tailwind-truncation
Provide Tailwind truncation patterns for single-line and multi-line text. Use when discussing text ellipsis, truncation, or line-clamp usage.