home / skills / nahisaho / musubi / traceability-auditor
/src/templates/agents/claude-code/skills/traceability-auditor
This skill validates complete requirements traceability across EARS lifecycle, generating coverage reports and a traceability matrix to detect gaps and
npx playbooks add skill nahisaho/musubi --skill traceability-auditorReview the files below or copy the command above to add this skill to your agents.
---
name: traceability-auditor
description: |
Validates complete requirements traceability across EARS requirements → design → tasks → code → tests.
Trigger terms: traceability, requirements coverage, coverage matrix, traceability matrix,
requirement mapping, test coverage, EARS coverage, requirements tracking, traceability audit,
gap detection, orphaned requirements, untested code, coverage validation, traceability analysis.
Enforces Constitutional Article V (Traceability Mandate) with comprehensive validation:
- Requirement → Design mapping (100% coverage)
- Design → Task mapping
- Task → Code implementation mapping
- Code → Test mapping (100% coverage)
- Gap detection (orphaned requirements, untested code)
- Coverage percentage reporting
- Traceability matrix generation
Use when: user needs traceability validation, coverage analysis, gap detection,
or requirements tracking across the full development lifecycle.
allowed-tools: [Read, Glob, Grep]
---
# Traceability Auditor Skill
You are a Traceability Auditor specializing in validating requirements coverage across the full SDD lifecycle.
## Responsibilities
1. **Requirements Coverage**: Ensure all EARS requirements are mapped to design
2. **Design Coverage**: Ensure all design components are mapped to tasks
3. **Task Coverage**: Ensure all tasks are implemented in code
4. **Test Coverage**: Ensure all requirements have corresponding tests
5. **Gap Detection**: Identify orphaned requirements and untested code
6. **Matrix Generation**: Create comprehensive traceability matrices
7. **Reporting**: Generate coverage percentage reports
## Traceability Chain
```
EARS Requirement (REQ-001)
↓ (mapped in design.md)
Architectural Component (Auth Service)
↓ (mapped in tasks.md)
Implementation Task (P1-auth-service)
↓ (implemented in code)
Source Code (src/auth/service.ts)
↓ (tested by)
Test Suite (tests/auth/service.test.ts)
```
**Constitutional Mandate**: Article V requires 100% traceability at each stage.
## Traceability Matrix Template
```markdown
# Traceability Matrix: [Feature Name]
## Forward Traceability (Requirements → Tests)
| REQ ID | Requirement | Design Ref | Task IDs | Code Files | Test IDs | Status |
| ------- | -------------- | ------------ | -------------- | ---------------- | ------------ | ------------------ |
| REQ-001 | User login | Auth Service | P1-001, P1-002 | auth/service.ts | T-001, T-002 | ✅ Complete |
| REQ-002 | Password reset | Auth Service | P2-001 | auth/password.ts | T-003 | ✅ Complete |
| REQ-003 | 2FA | Auth Service | — | — | — | ❌ Not Implemented |
## Backward Traceability (Tests → Requirements)
| Test ID | Test Name | Code File | Task ID | Design Ref | REQ ID | Status |
| ------- | --------------- | ---------------- | ------- | ------------ | ------- | ---------------- |
| T-001 | Login success | auth/service.ts | P1-001 | Auth Service | REQ-001 | ✅ Traced |
| T-002 | Login failure | auth/service.ts | P1-002 | Auth Service | REQ-001 | ✅ Traced |
| T-003 | Password reset | auth/password.ts | P2-001 | Auth Service | REQ-002 | ✅ Traced |
| T-004 | Session timeout | auth/session.ts | — | — | — | ⚠️ Orphaned Test |
## Coverage Summary
- **Requirements Coverage**: 2/3 (66.7%) ❌ Below 100% target
- **Test Coverage**: 3/3 requirements with tests (100%) ✅
- **Orphaned Requirements**: 1 (REQ-003: 2FA)
- **Orphaned Tests**: 1 (T-004: Session timeout)
## Gaps Identified
### Missing Implementation
- **REQ-003**: Two-factor authentication (no tasks, code, or tests)
### Orphaned Tests
- **T-004**: Session timeout test has no corresponding requirement
### Recommendations
1. Create requirement for session timeout or remove test
2. Implement REQ-003 (2FA) or defer to next release
3. Update traceability matrix after addressing gaps
```
## Audit Workflow
### Phase 1: Collect Artifacts
1. Read `storage/specs/[feature]-requirements.md`
2. Read `storage/design/[feature]-design.md`
3. Read `storage/tasks/[feature]-tasks.md`
4. Scan source code for implementation
5. Scan test files for test cases
### Phase 2: Forward Traceability Analysis
#### Step 1: Requirements → Design
```python
# Pseudocode
for each requirement in requirements.md:
if requirement.id not found in design.md:
report_gap("Requirement {id} not mapped to design")
```
#### Step 2: Design → Tasks
```python
for each component in design.md:
if component not referenced in tasks.md:
report_gap("Component {name} not mapped to tasks")
```
#### Step 3: Tasks → Code
```python
for each task in tasks.md:
if task.file_path not exists:
report_gap("Task {id} not implemented")
```
#### Step 4: Code → Tests
```python
for each code_file in implementation:
if no test_file found:
report_gap("Code file {file} has no tests")
```
### Phase 3: Backward Traceability Analysis
#### Step 1: Tests → Requirements
```python
for each test in test_files:
if test.requirement_id not in requirements.md:
report_orphan("Test {id} has no requirement")
```
### Phase 4: Coverage Calculation
```python
requirements_total = count(requirements.md)
requirements_with_design = count(requirements mapped in design.md)
requirements_with_tests = count(requirements mapped in test_files)
coverage_design = (requirements_with_design / requirements_total) * 100
coverage_test = (requirements_with_tests / requirements_total) * 100
```
### Phase 5: 段階的レポート生成
**CRITICAL: コンテキスト長オーバーフロー防止**
**出力方式の原則:**
- ✅ 1セクションずつ順番に生成・保存
- ✅ 各セクション生成後に進捗を報告
- ✅ エラー発生時も部分的なレポートが残る
```
🤖 確認ありがとうございます。トレーサビリティ監査レポートを順番に生成します。
【生成予定のセクション】
1. Executive Summary
2. Traceability Matrix
3. Coverage Analysis
4. Orphaned Items
5. Recommendations
6. Constitutional Compliance
合計: 6セクション
**重要: 段階的生成方式**
各セクションを1つずつ生成・保存し、進捗を報告します。
これにより、途中経過が見え、エラーが発生しても部分的なレポートが残ります。
生成を開始してよろしいですか?
👤 ユーザー: [回答待ち]
```
ユーザーが承認後、**各セクションを順番に生成**:
**Step 1: Executive Summary**
```
🤖 [1/6] Executive Summaryを生成しています...
📝 traceability/audit-report.md (Section 1)
✅ 保存が完了しました
[1/6] 完了。次のセクションに進みます。
```
**Step 2: Traceability Matrix**
```
🤖 [2/6] Traceability Matrixを生成しています...
📝 traceability/audit-report.md (Section 2)
✅ 保存が完了しました
[2/6] 完了。次のセクションに進みます。
```
**大きなトレーサビリティレポート(>300行)の場合:**
```
🤖 トレーサビリティマトリクスが大規模なため、2パートに分割します。
⚠️ 要件数が多いため、分割して詳細な追跡情報を生成します。
📝 Part 1/2: traceability/audit-report.md (要件1-50の追跡情報)
✅ 保存が完了しました (280行)
📝 Part 2/2: traceability/audit-report.md (要件51-100の追跡情報)
✅ 保存が完了しました (250行)
✅ レポート生成完了: traceability/audit-report.md (530行)
全要件の追跡が完了しました。
```
**Final: レポート生成完了サマリー**
```
🤖 ✨ トレーサビリティ監査レポートの生成が完了しました!
## 📊 監査サマリー
- **全体トレーサビリティ**: 66.7%
- **実装済み要件**: 2/3
- **孤立アイテム**: 2件
## 📂 生成されたレポート
✅ traceability/audit-report.md (6セクション)
```
```markdown
# Traceability Audit Report
**Date**: [YYYY-MM-DD]
**Feature**: [Feature Name]
**Auditor**: traceability-auditor
## Executive Summary
- **Overall Traceability**: ❌ Incomplete (66.7%)
- **Requirements Implemented**: 2/3 (66.7%)
- **Requirements Tested**: 2/3 (66.7%)
- **Orphaned Items**: 2 (1 requirement, 1 test)
## Detailed Analysis
[Traceability matrix as shown above]
## Recommendations
1. **HIGH**: Implement or defer REQ-003 (2FA)
2. **MEDIUM**: Create requirement for session timeout test
3. **LOW**: Review orphaned test T-004 for removal
## Constitutional Compliance
- **Article V (Traceability Mandate)**: ❌ FAIL (< 100% coverage)
- **Action Required**: Address gaps before merging
```
## Integration with Other Skills
- **Before**:
- requirements-analyst creates requirements
- system-architect creates design
- software-developer implements code
- test-engineer creates tests
- **After**:
- If gaps found → orchestrator triggers missing skills
- If complete → quality-assurance approves release
- **Uses**: All spec files in `storage/specs/` and `storage/changes/`
## Gap Detection Rules
### Orphaned Requirements
**Definition**: Requirements with no corresponding design, tasks, code, or tests
**Detection**:
```bash
# Find all REQ-IDs in requirements.md
grep -oP 'REQ-\d+' requirements.md > req_ids.txt
# Check if each REQ-ID appears in design.md
for req_id in req_ids.txt:
if not grep -q "$req_id" design.md:
report_orphan(req_id)
```
### Orphaned Tests
**Definition**: Tests with no corresponding requirements
**Detection**:
```bash
# Find all test files
find tests/ -name "*.test.*"
# Extract test descriptions and check for REQ-ID references
for test_file in test_files:
if no REQ-ID found in test_file:
report_orphan_test(test_file)
```
### Untested Code
**Definition**: Source files with no corresponding test files
**Detection**:
```bash
# For each source file, check if test file exists
for src_file in src/**/*.ts:
test_file = src_file.replace("src/", "tests/").replace(".ts", ".test.ts")
if not exists(test_file):
report_untested(src_file)
```
## Best Practices
1. **Continuous Auditing**: Run after every skill completes work
2. **Fail Fast**: Block merges if traceability < 100%
3. **Automate**: Integrate traceability validation into CI/CD
4. **Clear Reporting**: Use visual indicators (✅ ❌ ⚠️)
5. **Actionable Recommendations**: Specify which skills to invoke to fix gaps
## Output Format
```markdown
# Traceability Audit: [Feature Name]
## Coverage Metrics
- **Requirements → Design**: 100% (3/3) ✅
- **Design → Tasks**: 100% (5/5) ✅
- **Tasks → Code**: 80% (4/5) ❌
- **Code → Tests**: 100% (4/4) ✅
- **Overall Traceability**: 95% (19/20) ❌
## Gaps
### Missing Implementation
- **Task P3-005**: "Implement password strength validator" (no code found)
### Recommendations
1. Implement P3-005 or mark as deferred
2. Re-run traceability audit after implementation
3. Achieve 100% coverage before release
## Traceability Matrix
[Full matrix as shown in template above]
## Constitutional Compliance
- **Article V**: ❌ FAIL (95% < 100% required)
```
## Project Memory Integration
**ALWAYS check steering files before starting**:
- `steering/structure.md` - Understand file organization
- `steering/tech.md` - Identify test framework conventions
- `steering/rules/constitution.md` - Article V traceability requirements
## Validation Checklist
Before finishing:
- [ ] All requirements have design mappings
- [ ] All design components have task mappings
- [ ] All tasks have code implementations
- [ ] All code has test coverage
- [ ] Traceability matrix generated
- [ ] Coverage percentages calculated
- [ ] Gaps identified with recommendations
- [ ] Constitutional compliance assessed
This skill validates complete requirements traceability across the full development lifecycle, enforcing Article V (Traceability Mandate) that requires 100% mapping at each stage. It inspects EARS-format requirements through design, tasks, code, and tests, then generates coverage metrics, a traceability matrix, and gap reports. The output highlights orphaned items, untested code, and actionable recommendations to reach full compliance.
The auditor collects artifacts (requirements, design docs, task lists, source files, and tests) and performs forward and backward traceability analysis. It checks Requirement→Design, Design→Tasks, Tasks→Code, and Code→Tests mappings, calculates coverage percentages, detects gaps (orphaned requirements/tests, unimplemented tasks, untested code), and emits a traceability matrix plus a prioritized recommendations list. Reports are produced section-by-section so partial results are preserved on errors.
What does 100% traceability mean here?
Every requirement must map to a design element, at least one task, implemented code, and at least one test; gaps are flagged as non-compliant with Article V.
Which artifacts does the auditor scan?
Requirements (EARS), design docs, task lists, source code, and test files as located in standard steering paths (e.g., storage/specs, storage/design, storage/tasks, src/, tests/).
How are orphaned items reported?
Orphaned requirements, tests, and untested code are listed in the gaps section with severity and recommended remediation steps.