简化与加固CI工具：自动化代码审查与安全加固，提升开发效率

simplify-and-harden-ci by pskoett/pskoett-ai-skills

261 周安装量

72 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/pskoett/pskoett-ai-skills --skill simplify-and-harden-ci

自动化代码质量开发运维

🇨🇳中文介绍

简化与加固 CI

安装

npx skills add pskoett/pskoett-ai-skills/skills/simplify-and-harden-ci

目的

在拉取请求中运行简化与加固的仅 CI 变体：

CI 中不进行代码变更
仅审查已更改的文件
输出结构化的发现结果
可根据严重性门控选择性地阻止合并

在交互式/本地编码会话中使用 simplify-and-harden。

上下文限制（重要）

CI 代理不具备与编写变更的编码代理相同的峰值实现上下文。请将 CI 发现结果视为结构化的审查信号，而非完整的、理解意图的重写。

这意味着：

优先选择扫描/报告和合并门控
不要在 CI 中自动应用代码更改
将不明确的发现结果升级到交互式审查

前提条件

为仓库启用 GitHub Actions
已认证 GitHub CLI (gh auth status)
本地安装 gh-aw 用于编写/验证：

gh extension install github/gh-aw

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

相关 Skills

FlyClaw：零登录航班聚合查询工具，Python实现多源航班信息与价格搜索

4,000,000 周安装

Vercel React 最佳实践指南 | 58条Next.js性能优化规则与代码重构

261,300 周安装

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

140,500 周安装

Azure RBAC 权限管理工具：查找最小角色、创建自定义角色与自动化分配

104,600 周安装

Run Simplify & Harden in CI (headless mode) for this pull request.

Rules:
1) Review only files changed in this PR.
2) Do not modify repository files.
3) Before reporting findings, re-read all changed code with "fresh eyes" and actively look for obvious bugs, errors, confusing logic, brittle assumptions, naming issues, and missed hardening opportunities.
4) Simplify pass: detect dead code, naming clarity issues, control-flow complexity, unnecessary API surface, and over-abstraction.
5) Harden pass: detect input-validation gaps, injection vectors, auth/authz issues, secret exposure, data leaks, and concurrency risks.
6) Document pass: suggest non-obvious rationale comments as findings (do not edit files).
7) Emit structured YAML under key `simplify_and_harden`, including:
   - simplify findings
   - harden findings (critical/advisory split)
   - summary counts
   - `review_followup_required`
   - learning loop candidates for self-improvement ingestion
8) If blocking policy is enabled and matching findings exist, mark the run as failed.

🇺🇸English

Simplify & Harden CI

Install

npx skills add pskoett/pskoett-ai-skills/skills/simplify-and-harden-ci

Purpose

Run a CI-only variant of Simplify & Harden in pull requests:

No code mutation in CI
Review only changed files
Emit structured findings
Optionally block merge based on severity gates

Use simplify-and-harden for interactive/local coding sessions.

Context Limitation (Important)

CI agents do not have the same peak implementation context as the coding agent that wrote the change. Treat CI findings as structured review signals, not as full intent-aware rewrites.

Implications:

Prefer scan/report and merge gating
Do not auto-apply code changes in CI
Escalate ambiguous findings to interactive review

Prerequisites

GitHub Actions enabled for the repository
GitHub CLI authenticated (gh auth status)
gh-aw installed locally for authoring/validation:

gh extension install github/gh-aw

In GitHub Actions jobs, install the CLI with:

- uses: github/gh-aw/actions/setup-cli@main

  with:
    version: v0.2.0-beta

CI Contract

The CI skill must enforce:

Scope lock: review only files changed in the PR
Headless execution: report findings, do not apply patches/refactors
Structured output: emit simplify_and_harden summary payload
Gate policy:
- critical: fail check when critical harden findings exist
- advisory (optional): fail check when advisory findings are configured to block

Authoring Workflow (gh-aw)

Example-only template lives in references/workflow-example.md. Keep it outside .github/workflows until you explicitly want automation enabled.

When ready to enable:

Copy references/workflow-example.md template block into .github/workflows/simplify-and-harden-ci.md.
Compile and validate workflow:

gh aw compile --validate --strict

Trigger and push workflow changes:

gh aw run simplify-and-harden-ci --push

Check status/logs in GitHub Actions and ensure PR feedback is posted.

Prompt Template (CI)

Use this prompt body in your gh-aw workflow:

Run Simplify & Harden in CI (headless mode) for this pull request.

Rules:
1) Review only files changed in this PR.
2) Do not modify repository files.
3) Before reporting findings, re-read all changed code with "fresh eyes" and actively look for obvious bugs, errors, confusing logic, brittle assumptions, naming issues, and missed hardening opportunities.
4) Simplify pass: detect dead code, naming clarity issues, control-flow complexity, unnecessary API surface, and over-abstraction.
5) Harden pass: detect input-validation gaps, injection vectors, auth/authz issues, secret exposure, data leaks, and concurrency risks.
6) Document pass: suggest non-obvious rationale comments as findings (do not edit files).
7) Emit structured YAML under key `simplify_and_harden`, including:
   - simplify findings
   - harden findings (critical/advisory split)
   - summary counts
   - `review_followup_required`
   - learning loop candidates for self-improvement ingestion
8) If blocking policy is enabled and matching findings exist, mark the run as failed.

Recommended Outputs

PR comment with concise findings and severity ordering
Check run summary with pass/fail reason
Machine-readable YAML artifact for downstream automation

Integration with Self-Improvement

Forward simplify_and_harden.learning_loop.candidates into .learnings/LEARNINGS.md via the self-improvement workflow so recurrent patterns can be promoted into durable agent context rules.

Weekly Installs

261

Repository

pskoett/pskoett…i-skills

GitHub Stars

First Seen

Feb 22, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

codex260

gemini-cli259

cursor259

opencode259

github-copilot259

kimi-cli258