playbooks

home / skills / wellapp-ai / well / compliance-audit

compliance-audit skill

/cursor-rules/skills/compliance-audit

This skill audits post-PR sessions for Value Delivery compliance, summarizing thresholds, gaps, and recommended improvements.

npx playbooks add skill wellapp-ai/well --skill compliance-audit

Review the files below or copy the command above to add this skill to your agents.

Files (1)
SKILL.md
3.0 KB
---
name: compliance-audit
description: Audit Value Delivery compliance after PR push
---

# Compliance Audit Skill

Run after PR push to verify Value Delivery rules were followed during the session.

## When to Use

- After PR is pushed (invoke from push-pr mode)
- Manually with "use compliance-audit skill"
- When reviewing session quality

## Phase 1: Gather Session Data

Collect data from the current session:

| Data Point | Source |
|------------|--------|
| Commit count | `git rev-list origin/develop..HEAD --count` |
| Files changed | `git diff origin/develop --name-only \| wc -l` |
| Lines of code | `git diff origin/develop --stat \| tail -1` |
| console.log presence | Grep in changed files |

## Phase 2: Check Compliance Requirements

### 2.1 PR Threshold Check

| Metric | Current | Threshold | Status |
|--------|---------|-----------|--------|
| Lines of Code | [N] | 300 | OK/CROSSED ([X]x) |
| Files Changed | [N] | 10 | OK/CROSSED ([X]x) |
| Commits | [N] | 5 | OK/CROSSED ([X]x) |
| console.log | [N] | 0 | OK/CROSSED |

**Verdict:** [PASSED / TRIGGER_PR - Should have pushed earlier PRs]

### 2.2 Gaps Identified

| Requirement | Expected | Actual | Status |
|-------------|----------|--------|--------|
| Session Headers/Footers | Every response | [Count] | Done/Missing |
| pr-review skill format | Full report | [Format] | Done/Partial/Missing |
| qa-commit skill format | Full criteria table | [Format] | Done/Partial/Missing |
| pr-threshold checks | After each commit | [Count] | Done/Partial/Missing |
| Risk Assessment | Calculate score | [Done/Not] | Done/Missing |
| Storybook stories | For new components | [Count] | Done/Missing |
| Design system check | Before new patterns | [Done/Not] | Done/Partial/Missing |
| Satisfies field in commits | Every commit | [Count] | Done/Missing |
| Typecheck/Lint | Before commits | [Done/Not] | Done/Missing |

## Phase 3: Generate Compliance Report

```markdown
## Value Delivery Compliance Audit

### PR Threshold Check

| Metric | Current | Threshold | Status |
|--------|---------|-----------|--------|
| Lines of Code | [N] | 300 | [status] |
| Files Changed | [N] | 10 | [status] |
| Commits | [N] | 5 | [status] |
| console.log | [N] | 0 | [status] |

**Verdict:** [PASSED / TRIGGER_PR]

### Gaps Identified

| Requirement | Expected | Actual | Status |
|-------------|----------|--------|--------|
| [requirement] | [expected] | [actual] | [status] |
...

### Recommendations

[List any improvements for next session]
```

## Phase 4: Log to Session Journal

If using Notion sync, add compliance report to Session Journal entry.

## Output Format

The audit should produce a table matching the format shown in the user's compliance screenshot, with clear CROSSED indicators for threshold violations and status icons for gap analysis.

## Integration

This skill is invoked by:
- `push-pr.mdc` - After PR is created (Phase 4)
- Manual invocation for retrospective

## Invocation

Invoked automatically after PR push, or manually with "use compliance-audit skill".

Overview

This skill audits Value Delivery compliance immediately after a PR push and produces a clear, actionable compliance report. It checks PR thresholds, session artifacts, and common gaps, then generates a markdown-style table summary suitable for session journals or Notion sync. Use it to enforce discipline on commit size, testability, and developer hygiene.

How this skill works

The skill gathers session data (commit count, files changed, lines of code, presence of console.log, etc.) by comparing HEAD to origin/develop. It evaluates those metrics against configured thresholds and scans for required artifacts (session headers/footers, storybook stories, typecheck results, Satisfies fields). Finally, it composes a compliance report with a PR Threshold table, a Gaps Identified table, recommendations, and optional logging to the session journal.

When to use it

  • Automatically after a PR push (push-pr flow)
  • Manually with “use compliance-audit skill” for retrospectives
  • When reviewing session quality before merge
  • As a gate for enforceable PR policies
  • When onboarding new contributors to ensure process adherence

Best practices

  • Run the audit as part of CI after each PR push to catch regressions early
  • Keep PRs small: aim below thresholds to avoid TRIGGER_PR status
  • Include Satisfies fields and session headers/footers in commits to satisfy traceability checks
  • Run typecheck and lint locally before commits to reduce false negatives
  • Add Storybook stories and design system checks when introducing UI changes

Example use cases

  • Post-PR automation that blocks large, unfocused changes and prompts earlier split PRs
  • Team retrospectives to highlight missing artifacts and recurring gaps
  • Automated journaling: append audit output to Notion session entries for compliance history
  • Pre-merge checklist: ensure typecheck, lint, and risk assessment are present before approving
  • Quality gates that enforce Storybook coverage for new components

FAQ

What thresholds does the audit use by default?

Default thresholds are 300 lines of code, 10 files changed, 5 commits, and 0 console.log occurrences; these drive the PR Threshold Check.

Can I change thresholds or checks?

Yes. Thresholds and scanned requirements are configurable in the CI/skill configuration so teams can tune limits to fit their workflow.