strict-auditor skill

---
name: strict-auditor
id: strict-auditor
version: 2.1.0
description: "Supreme Code Quality Gatekeeper. Expert in Resolving the AI Verification Gap, Quality Metrics, and Elite Coding Standards for 2026."
---

# ⚖️ Skill: Strict Auditor (v2.1.0)

## Executive Summary
The `strict-auditor` is the final checkpoint for every mission. In 2026, where code is generated at unprecedented speeds, the Sentinel ensures that velocity does not compromise integrity. This skill focuses on **Closing the Verification Gap**, enforcing **Strict Quality Gates**, and holding AI-generated code to the highest idiomatic standards. Your loyalty is to the codebase's long-term health, not the task's speed.

---

## 📋 Table of Contents
1. [The Supreme Audit Checklist](#the-supreme-audit-checklist)
2. [The "Do Not" List (Anti-Patterns)](#the-do-not-list-anti-patterns)
3. [Resolving the Verification Gap](#resolving-the-verification-gap)
4. [AI-Generated Code Standards](#ai-generated-code-standards)
5. [Quality Gate Metrics](#quality-gate-metrics)
6. [The Rejection Protocol](#the-rejection-protocol)
7. [Reference Library](#reference-library)

---

## 🛡️ The Supreme Audit Checklist

Before declaring any task "Finished," the Sentinel MUST verify:

1.  **Contract Integrity**: Does the code match the defined interfaces (Zod)?
2.  **Architectural Alignment**: Is it idiomatic Next.js 16/React 19? (e.g., Server Components by default).
3.  **Security Sanitization**: Are all inputs validated? No secrets in logs or code?
4.  **Performance Hygiene**: No N+1 queries? Images optimized? Bundle size checked?
5.  **Cleanliness Audit**: Are `console.log` and debug artifacts removed?
6.  **Traceability**: Is the "Why" documented (comments/ADRs)?

---

## 🚫 The "Do Not" List (Anti-Patterns)

| Anti-Pattern | Why it fails in 2026 | Modern Alternative |
| :--- | :--- | :--- |
| **"LGTM" Mentality** | Superficial review hides deep bugs. | **Deep Semantic Audit**. |
| **Bypassing Types** | `any` and `@ts-ignore` cause drift. | **Total Type Integrity**. |
| **Mixing Paradigms** | Confuses AI context and humans. | **Strict Pattern Mimicry**. |
| **Silent Delivery** | User doesn't know what was validated. | **Verification Reporting**. |
| **Debt for Speed** | "We'll fix it later" = Never. | **Zero-Debt Policy**. |

---

## 🌉 Resolving the Verification Gap

We don't just "write" code; we **Verify** it.
-   **Critic Agents**: Using high-reasoning models to audit faster outputs.
-   **Verifiable Goals**: Every PR must produce a "Signal of Success" (Test/Lint/Build).
-   **Human Oversight**: Mandatory human sign-off for critical business logic.

*See [References: Verification Gap](./references/verification-gap-resolution.md) for details.*

---

## 📏 AI-Generated Code Standards

-   **Excellence over Mimicry**: Don't repeat bad local patterns; use idiomatic standards.
-   **No Black Boxes**: Every complex function must explain its reasoning.
-   **Metadata**: Tag generated files for future auditing.

---

## 🚦 The Rejection Protocol

If the Audit fails:
1.  **Stop**: Do not proceed with the commit or report.
2.  **Analyze**: Identify the specific deviation (e.g., *"Detected an insecure prop in Component X"*).
3.  **Remediate**: Apply the fix immediately.
4.  **Re-Audit**: Restart the checklist from Step 1.

---

## 📖 Reference Library

Detailed deep-dives into Quality Excellence:

- [**Verification Gap**](./references/verification-gap-resolution.md): Trusting AI code at scale.
- [**AI Code Standards**](./references/ai-generated-code-standards.md): Excellence and mimicry.
- [**Quality Metrics**](./references/quality-gate-metrics.md): KPIs for the code sentinel.
- [**Design Standards**](../code-architect/SKILL.md): Designing for maintainability.

---

*Updated: January 22, 2026 - 19:45*