AI代理团队简化与加固代码审查：自动化两阶段循环提升生产级代码质量

agent-teams-simplify-and-harden by pskoett/pskoett-ai-skills

329 周安装量

75 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/pskoett/pskoett-ai-skills --skill agent-teams-simplify-and-harden

AI/机器学习开发自动化

🇨🇳中文介绍

Agent Teams Simplify & Harden

安装

npx skills add pskoett/pskoett-ai-skills/skills/agent-teams-simplify-and-harden

一个两阶段的团队循环，用于产出生产级质量的代码：实现，然后使用简化 + 加固审查进行审计，接着修复审计发现的问题，然后重新审计，重复此过程直到代码库稳固或达到循环上限。

使用时机

根据规范或计划实现多个功能
在一批更改后加固代码库
修复评审中识别出的一系列问题或缺陷
任何涉及 5 个以上文件且质量门控很重要的任务

流水线集成

此技能用一个基于团队的循环替换了标准流水线（执行、评审、学习）的第 2-4 阶段。它可以接在 plan-interview 之后运行，也可以独立运行 —— 所有上游产物都是可选的。

[plan-interview] → [agent-teams-simplify-and-harden] → [self-improvement]
                    ├─ 意图框架（团队负责人）
                    ├─ 实现（并行代理）
                    ├─ 审计（并行代理）
                    ├─ 偏离检查（团队负责人，在轮次之间）
                    └─ 学习循环输出 → self-improvement

当存在来自 plan-interview 的计划文件时，此技能会从中提取任务。当不存在计划时，团队负责人会运行一个简短的嵌入式规划阶段。上下文浏览作为团队负责人在循环轮次之间的轻量级偏离检查运行 —— 子代理是短生命周期的，不需要它。

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

循环限制与退出条件

当以下任何一项为真时，循环退出：

干净的审计：所有审计员报告零发现
仅低严重性轮次：某一轮中的所有发现严重性均为 low —— 内联修复它们（由团队负责人或单个实现代理）并退出，无需重新审计
达到循环上限：已完成 3 轮审计。在第三轮之后，内联修复剩余的关键/高严重性发现并退出。在最终摘要中记录任何未解决的中/低严重性发现。

预算指导：跟踪各轮累积的差异增长。如果修复轮次在原始实现差异之上增加了超过 30%，则收紧范围：跳过中/低严重性的简化发现，只关注加固补丁和规范缺陷。

如果存在计划文件（来自 plan-interview，位于 docs/plans/plan-NNN-<slug>.md 或用用户提供）：读取它，提取实现清单，并将其用作步骤 2 的任务列表。

如果不存在计划，运行一个简短的嵌入式规划访谈：

需要构建、修复或加固什么？（功能、错误、目标）
规范或事实来源是什么？（文档、问题、PR 或口头描述）
验收标准是什么？

将答案转化为具体的任务列表。这不是一个完整的 plan-interview —— 只需足以将工作分解为可并行化的单元。

意图框架：在创建团队之前，团队负责人发出：

## 意图框架 #1

**成果：** [团队会话将交付什么]
**方法：** [团队结构、代理数量、审计维度]
**约束：** [范围边界、循环上限、预算限制]
**成功标准：** [干净的审计或达到循环上限且所有关键/高严重性问题已解决]
**预估复杂度：** [小 / 中 / 大 —— 基于任务数量和文件数量]

在继续之前与用户确认。这锚定了所有后续的偏离检查。

TeamCreate:
  team_name: "<project>-harden"
  description: "实现并加固 <description>"

将工作分解为离散的、可并行化的任务。每个任务应足够独立，以便一个代理完成而无需等待其他代理。

TaskCreate for each unit of work:
  subject: "实现 <具体事项>"
  description: "详细需求、文件路径、验收标准"
  activeForm: "正在实现 <事项>"

如果需要，设置依赖关系：

TaskUpdate: { taskId: "2", addBlockedBy: ["1"] }

3. 生成实现代理

生成 general-purpose 代理（它们可以读取、写入和编辑文件）。每个任务一个或每个逻辑组一个。并行运行它们。

Task tool (spawn teammate):
  subagent_type: general-purpose
  team_name: "<project>-harden"
  name: "impl-<area>"
  mode: bypassPermissions
  prompt: |
    你是 <project>-harden 团队的一名实现代理。
    你的名字是 impl-<area>。

    检查 TaskList 中分配给你的任务并完成它们。
    完成每个任务后，将其标记为完成并检查是否有更多任务。

    质量门控：
    - 代码必须能干净编译（替换为你项目的编译命令，例如 bunx tsc --noEmit, cargo build, go build ./...）
    - 测试必须通过（替换为你项目的测试命令，例如 bun test, pytest, go test ./...）
    - 遵循现有的代码模式和约定

    当你所有任务都完成后，通知团队负责人。

4. 等待实现完成

监控代理消息。当所有实现代理报告完成时：

运行编译/类型检查以验证干净构建
运行测试以验证全部通过
如果任一失败，在继续之前修复或分配修复任务

在生成审计员之前，收集本次会话中修改的文件列表：

git diff --name-only <base-branch>  # 或：git diff --name-only HEAD~N

你将把这个文件列表传递给每个审计员。

5. 生成审计代理

生成 Explore 代理（只读 —— 它们不能编辑文件，这可以防止它们静默地“修复”问题，从而违背审计的目的）。每个审计员使用简化与加固方法关注不同的方面。

推荐的审计维度：

审计员	关注点	心态
simplify-auditor	代码清晰度和不必要的复杂性	"是否有更简单的方式来表达这个？"
harden-auditor	安全性和健壮性缺陷	"如果恶意人员看到这个，他们会尝试什么？"
spec-auditor	实现与规范/计划的完整性	"代码是否符合要求？"

每个审计员的完整提示模板在 references/auditor-prompts.md 中。每个提示都强制执行：只读范围、全新视角开始、结构化的发现格式以及明确的零发现报告。

作为 Explore 代理生成。检查：死代码、命名、控制流、API 表面、过度抽象、整合。将发现分类为外观或重构（重构门槛："明显错误，而不仅仅是缺陷"）。报告文件、行号、类别、修复建议、严重性。

作为 Explore 代理生成。检查：输入验证、错误处理、注入向量、认证/授权、密钥、数据暴露、依赖风险、竞态条件。将发现分类为补丁或安全重构。报告文件、行号、类别、严重性、攻击向量、修复建议。

作为 Explore 代理生成。检查：缺失的功能、不正确的行为、不完整的实现、违反约定、测试覆盖率、验收标准缺陷。将发现分类为缺失、不正确、不完整或未测试。报告文件、行号、类别、规范引用、严重性。

6. 处理审计发现

收集所有审计员的发现。对于每个发现：

关键/高严重性：创建一个任务并分配给一个实现代理
中严重性：创建一个任务，包含在下一轮实现中
低严重性/外观：仅在修复微不足道时包含在下一轮中；否则在最终摘要中注明并跳过

重构门槛：对于分类为重构或安全重构的发现，在创建任务之前评估重构是否真正必要。门槛是："高级工程师是否会说当前状态明显错误，而不仅仅是缺陷？" 拒绝那些属于风格偏好或边际改进的重构提议。

退出检查：如果本轮所有发现的严重性均为 low，则内联修复它们并跳过重新审计（参见循环限制）。

创建修复任务时，将文档记录捆绑到每个实现代理的工作中：

修复了你分配的问题后，在你接触过的文件中，对非显而易见的决策添加最多 5 条单行注释：

需要超过 5 秒思考"为什么这个存在？"的逻辑

变通方法或临时方案，附带上下文和移除条件的 TODO

性能选择以及为什么选择当前方法

不要对审计修复本身进行注释 —— 只对原始实现中缺乏解释的决策进行注释。

这使文档记录保持轻量级和范围明确。后续轮次的审计员不应将这些注释标记为发现。

如果有需要修复的发现：

根据发现创建任务（包含文档记录说明）
生成实现代理（或通过 SendMessage 重用空闲的代理）
等待修复
运行编译 + 测试验证
偏离检查（团队负责人）： 在下一轮审计之前，重新阅读意图框架和计划/任务分解。将工作的当前状态与原始范围进行比较。如果审计发现正将团队拉入不相关的领域，或者范围已超出框架范围，则重新调整范围或提前退出循环并生成摘要。
检查循环限制（参见"循环限制与退出条件"）
如果不退出：再次生成审计代理（使用新的代理，而不是重用 —— 干净的上下文）
重复

8. 最终验证与摘要

当退出条件满足时：

编译 / 类型检查 —— 必须干净
测试 —— 必须全部通过
没有引入没有对应任务的 // TODO 或 // FIXME 注释

为本次会话生成最终摘要：

## 加固摘要

**完成的审计轮次：** 2 / 3（最大）
**退出原因：** 干净的审计（所有审计员报告零发现）

### 各轮发现

第 1 轮：
- simplify-auditor: 4 个外观问题，1 个重构提议（已拒绝 —— 风格偏好）
- harden-auditor: 2 个补丁，1 个安全重构（已批准）
- spec-auditor: 1 个缺失功能

第 2 轮：
- simplify-auditor: 0 个发现
- harden-auditor: 0 个发现
- spec-auditor: 0 个发现

### 采取的行动
- 已修复：6 个发现（4 个外观问题，2 个补丁，1 个安全重构，1 个缺失功能 —— 已拒绝的重构除外）
- 已跳过：1 个重构提议（原因：风格偏好，不是缺陷）
- 文档记录：在 2 个文件中添加了 3 条注释

### 未解决的问题
- 无

### 超出范围的观察
- <任何审计员标记的超出范围的项目，供将来参考>

### 学习循环
learning_loop:
  target_skill: "self-improvement"
  candidates:
    - pattern_key: "harden.input_validation"
      auditor: "harden-auditor"
      rounds_to_resolve: 1
      severity: "high"
      suggested_rule: "在使用前验证和边界检查外部输入。"
    - pattern_key: "simplify.dead_code"
      auditor: "simplify-auditor"
      rounds_to_resolve: 1
      severity: "low"
      suggested_rule: "在最终确定前移除死代码和未使用的导入。"

将跨轮次重复出现的审计发现规范化为 pattern_key 条目，使用与 simplify-and-harden 相同的格式。这可以输入到 self-improvement 中，用于跨任务模式跟踪和推广。

根据你的上下文调整格式。目标是清晰地记录发现了什么、修复了什么、跳过了什么及其原因，以及剩余了什么。

向所有代理发送关闭请求，然后删除团队：

SendMessage type: shutdown_request to each agent
TeamDelete

代码库 / 任务规模	实现代理	审计代理
小型（< 10 个文件）	1-2	2（简化 + 加固）
中型（10-30 个文件）	2-3	2-3
大型（30+ 个文件）	3-5	3（简化 + 加固 + 规范）

代理越多 = 并行性越高，但协调开销也越大。对于大多数任务，2-3 个实现代理和 2-3 个审计员是最佳选择。

实现代理应为 general-purpose —— 它们需要写权限
审计代理应为 Explore —— 只读可以防止它们静默地"修复"问题，这违背了审计的目的
每轮使用新的审计代理 —— 不要重用之前轮次的审计员；它们携带的上下文会使它们偏向于"已检查过"的区域
任务描述必须具体 —— 包含文件路径、函数名称、期望的确切行为。模糊的任务会产生模糊的实现。
在各阶段之间运行编译 + 测试 —— 不要在损坏的代码上生成审计员；先修复编译/测试错误
保持循环紧凑 —— 如果审计员只发现 1-2 个低严重性的外观问题，自己修复它们，而不是生成完整的实现轮次
在生成前分配任务 —— 通过 TaskUpdate 在任务上设置 owner，以便代理立即知道要做什么
简化优先的姿态 —— 在处理审计发现时，优先处理能减少噪音的外观清理，然后再处理重构。清理是默认操作，重构是例外
安全重于风格 —— 当预算或时间有限时，优先处理加固发现而非简化发现
传递文件列表 —— 始终给审计员明确的修改文件列表。不要依赖它们自己推断范围。

示例：实现规范功能

0.  规划：阅读规范（或运行嵌入式访谈），分解为 8 个任务
0b. 发出意图框架 #1，与用户确认
1.  TeamCreate: "feature-harden"
2.  TaskCreate x8（每个功能一个）
3.  生成 3 个实现代理，每个分配约 3 个任务
4.  等待 → 全部完成 → 编译干净 → 测试通过
5.  收集修改的文件列表（git diff --name-only）
6.  生成 3 个审计员：simplify-auditor, harden-auditor, spec-auditor
7.  Simplify-auditor 发现 4 个外观问题 + 1 个重构提议
8.  Harden-auditor 发现 2 个补丁 + 1 个安全重构
9.  Spec-auditor 发现 1 个缺失功能
10. 团队负责人评估重构（批准安全重构，拒绝简化重构），创建修复 + 文档任务
11. 生成 2 个实现代理进行修复
12. 等待 → 编译干净 → 测试通过
13. 偏离检查：重新阅读意图框架，范围看起来良好
14. 第 2 轮：生成 3 个新的审计员
15. 审计员发现 0 个问题 → 退出条件满足
16. 生成加固摘要 + 学习循环输出
17. 关闭代理，TeamDelete

质量门控（不可协商）

这些必须在循环退出前通过：

干净的编译 / 类型检查 —— 零错误
测试 —— 零失败
退出条件满足（干净的审计、仅低严重性轮次，或达到循环上限且关键/高严重性发现已解决）
没有引入没有对应任务的 // TODO 或 // FIXME 注释

与其他技能的互操作性

此技能消耗什么

来自 plan-interview（可选）： 计划文件（docs/plans/plan-NNN-<slug>.md）。当可用时，从实现清单中提取任务。当不存在时，团队负责人运行嵌入式规划阶段。
来自用户（始终可用）： 任务描述、规范或功能列表。当不存在计划文件时用作事实来源。

此技能产出什么

用于 self-improvement： 来自重复审计发现的学习循环候选，与 simplify-and-harden 相同的 pattern_key 格式。
用于用户： 包含所有轮次完整审计跟踪的加固摘要。

此技能用一个基于团队的循环替换了标准流水线的第 2-4 阶段：

plan-interview（可选 —— 或在阶段 0 中进行嵌入式规划）
agent-teams-simplify-and-harden（团队负责人 + 意图框架 + 实现 + 审计 + 偏离检查 + 学习循环）
self-improvement（消耗学习循环输出以进行跨任务模式跟踪）

团队负责人运行自己的意图框架（不从 intent-framed-agent 消耗）和在轮次之间的轻量级上下文浏览偏离检查（不是完整的退出/移交协议）。子代理是短生命周期的，不运行流水线技能。

2026 年 2 月 21 日

🇺🇸English

Agent Teams Simplify & Harden

Install

npx skills add pskoett/pskoett-ai-skills/skills/agent-teams-simplify-and-harden

A two-phase team loop that produces production-quality code: implement , then audit using simplify + harden passes , then fix audit findings , then re-audit , repeating until the codebase is solid or the loop cap is reached.

When to Use

Implementing multiple features from a spec or plan
Hardening a codebase after a batch of changes
Fixing a list of issues or gaps identified in a review
Any task touching 5+ files where quality gates matter

Pipeline Integration

This skill replaces stages 2–4 of the standard pipeline (execution, review, learning) with a team-based loop. It can follow plan-interview or run standalone — every upstream artifact is optional.

[plan-interview] → [agent-teams-simplify-and-harden] → [self-improvement]
                    ├─ intent frame (team lead)
                    ├─ implement (parallel agents)
                    ├─ audit (parallel agents)
                    ├─ drift check (team lead, between rounds)
                    └─ learning loop output → self-improvement

When a plan file from plan-interview exists, the skill extracts tasks from it. When no plan exists, the team lead runs a brief inline planning phase. Context-surfing runs as a lightweight drift check for the team lead between loop rounds — sub-agents are short-lived and don't need it.

The Pattern

┌──────────────────────────────────────────────────────────┐
│                  TEAM LEAD (you)                          │
│                                                           │
│  Phase 1: IMPLEMENT (+ document pass on fix rounds)       │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐                 │
│  │ impl-1   │ │ impl-2   │ │ impl-3   │  ...            │
│  │ (general │ │ (general │ │ (general │                 │
│  │ purpose) │ │ purpose) │ │ purpose) │                 │
│  └──────────┘ └──────────┘ └──────────┘                 │
│       │             │            │                        │
│       ▼             ▼            ▼                        │
│  ┌─────────────────────────────────────┐                 │
│  │  Verify: compile + tests            │                 │
│  └─────────────────────────────────────┘                 │
│       │                                                   │
│  Phase 2: SIMPLIFY & HARDEN AUDIT                         │
│  ┌──────────┐ ┌──────────┐ ┌──────────┐                 │
│  │ simplify │ │ harden   │ │ spec     │  ...            │
│  │ auditor  │ │ auditor  │ │ auditor  │                 │
│  │ (Explore)│ │ (Explore)│ │ (Explore)│                 │
│  └──────────┘ └──────────┘ └──────────┘                 │
│       │             │            │                        │
│       ▼             ▼            ▼                        │
│  Exit conditions met?                                     │
│    YES → Produce summary. Ship it.                        │
│    NO  → back to Phase 1 with findings as tasks           │
│          (max 3 audit rounds)                             │
└──────────────────────────────────────────────────────────┘

Loop Limits and Exit Conditions

The loop exits when ANY of these are true:

Clean audit : All auditors report zero findings
Low-only round : All findings in a round are severity low -- fix them inline (team lead or a single impl agent) and exit without re-auditing
Loop cap reached : 3 audit rounds have completed. After the third round, fix remaining critical/high findings inline and exit. Log any unresolved medium/low findings in the final summary.

Budget guidance: Track the cumulative diff growth across rounds. If fix rounds have added more than 30% on top of the original implementation diff, tighten the scope: skip medium/low simplify findings and focus only on harden patches and spec gaps.

Step-by-Step Procedure

0. Plan and Frame

If a plan file exists (from plan-interview at docs/plans/plan-NNN-<slug>.md or user-provided): read it, extract the implementation checklist, and use those as the task list for step 2.

If no plan exists , run a brief inline planning interview:

What needs to be built, fixed, or hardened? (features, bugs, targets)
What's the spec or source of truth? (doc, issue, PR, or verbal description)
What are the acceptance criteria?

Turn the answers into a concrete task list. This is not a full plan-interview — just enough to break the work into parallelizable units.

Intent frame: Before creating the team, the team lead emits:

## Intent Frame #1

**Outcome:** [What the team session will deliver]
**Approach:** [Team structure, number of agents, audit dimensions]
**Constraints:** [Scope boundaries, loop cap, budget limits]
**Success criteria:** [Clean audit or loop cap with all critical/high resolved]
**Estimated complexity:** [Small / Medium / Large — based on task count and file count]

Confirm with the user before proceeding. This anchors all subsequent drift checks.

1. Create the Team

TeamCreate:
  team_name: "<project>-harden"
  description: "Implement and harden <description>"

2. Create Tasks

Break the work into discrete, parallelizable tasks. Each task should be independent enough for one agent to complete without blocking on others.

TaskCreate for each unit of work:
  subject: "Implement <specific thing>"
  description: "Detailed requirements, file paths, acceptance criteria"
  activeForm: "Implementing <thing>"

Set up dependencies if needed:

TaskUpdate: { taskId: "2", addBlockedBy: ["1"] }

3. Spawn Implementation Agents

Spawn general-purpose agents (they can read, write, and edit files). One per task or one per logical group. Run them in parallel.

Task tool (spawn teammate):
  subagent_type: general-purpose
  team_name: "<project>-harden"
  name: "impl-<area>"
  mode: bypassPermissions
  prompt: |
    You are an implementation agent on the <project>-harden team.
    Your name is impl-<area>.

    Check TaskList for your assigned tasks and complete them.
    After completing each task, mark it completed and check for more.

    Quality gates:
    - Code must compile cleanly (substitute your project's compile
      command, e.g. bunx tsc --noEmit, cargo build, go build ./...)
    - Tests must pass (substitute your project's test command,
      e.g. bun test, pytest, go test ./...)
    - Follow existing code patterns and conventions

    When all your tasks are done, notify the team lead.

4. Wait for Implementation to Complete

Monitor agent messages. When all implementation agents report done:

Run compile/type checks to verify clean build
Run tests to verify all pass
If either fails, fix or assign fixes before proceeding

Before spawning auditors, collect the list of files modified in this session:

git diff --name-only <base-branch>  # or: git diff --name-only HEAD~N

You will pass this file list to each auditor.

5. Spawn Audit Agents

Spawn Explore agents (read-only -- they cannot edit files, which prevents them from "fixing" issues silently). Each auditor covers a different concern using the Simplify & Harden methodology.

Recommended audit dimensions:

Auditor	Focus	Mindset
simplify-auditor	Code clarity and unnecessary complexity	"Is there a simpler way to express this?"
harden-auditor	Security and resilience gaps	"If someone malicious saw this, what would they try?"
spec-auditor	Implementation vs spec/plan completeness	"Does the code match what was asked for?"

Full prompt templates for each auditor are in references/auditor-prompts.md. Each prompt enforces: read-only scope, fresh-eyes start, structured finding format, and explicit zero-findings reporting.

Simplify Auditor

Spawned as Explore agent. Checks: dead code, naming, control flow, API surface, over-abstraction, consolidation. Categorizes findings as cosmetic or refactor (refactor bar: "clearly wrong, not just imperfect"). Reports file, line, category, fix, severity.

Harden Auditor

Spawned as Explore agent. Checks: input validation, error handling, injection vectors, auth/authz, secrets, data exposure, dependency risk, race conditions. Categorizes findings as patch or security refactor. Reports file, line, category, severity, attack vector, fix.

Spec Auditor

Spawned as Explore agent. Checks: missing features, incorrect behavior, incomplete implementation, contract violations, test coverage, acceptance criteria gaps. Categorizes findings as missing , incorrect , incomplete , or untested. Reports file, line, category, spec reference, severity.

6. Process Audit Findings

Collect findings from all auditors. For each finding:

Critical/High : Create a task and assign to an implementation agent
Medium : Create a task, include in next implementation round
Low/Cosmetic : Include in next round only if trivial to fix; otherwise note in the final summary and skip

Refactor gate: For findings categorized as refactor or security refactor , evaluate whether the refactor is genuinely necessary before creating a task. The bar: "Would a senior engineer say the current state is clearly wrong, not just imperfect?" Reject refactor proposals that are style preferences or marginal improvements.

Exit check: If all findings in this round are severity low, fix them inline and skip re-auditing (see Loop Limits).

When creating fix tasks, bundle a document pass into each implementation agent's work:

After fixing your assigned issues, add up to 5 single-line comments across the files you touched on non-obvious decisions:

Logic that needs more than 5 seconds of "why does this exist?" thought

Workarounds or hacks, with context and a TODO for removal conditions

Performance choices and why the current approach was picked

Do NOT comment on the audit fixes themselves -- only on decisions from the original implementation that lack explanation.

This keeps the document pass lightweight and scoped. Auditors in subsequent rounds should not flag these comments as findings.

7. Loop

If there are findings to fix:

Create tasks from findings (include document pass instructions)
Spawn implementation agents (or reuse idle ones via SendMessage)
Wait for fixes
Run compile + test verification
Drift check (team lead): Before the next audit round, re-read the intent frame and plan/task breakdown. Compare the current state of the work against the original scope. If audit findings are pulling the team into unrelated areas or the scope has expanded beyond what was framed, re-scope or exit the loop early and produce the summary.
Check loop limits (see "Loop Limits and Exit Conditions")
If not exiting: spawn audit agents again (fresh agents, not reused -- clean context)
Repeat

8. Final Verification and Summary

When exit conditions are met:

Compile / type check -- must be clean
Tests -- must all pass
No // TODO or // FIXME comments introduced without corresponding tasks

Produce a final summary for the session:

## Hardening Summary

**Audit rounds completed:** 2 of 3 max
**Exit reason:** Clean audit (all auditors reported zero findings)

### Findings by round

Round 1:
- simplify-auditor: 4 cosmetic, 1 refactor (rejected -- style preference)
- harden-auditor: 2 patches, 1 security refactor (approved)
- spec-auditor: 1 missing feature

Round 2:
- simplify-auditor: 0 findings
- harden-auditor: 0 findings
- spec-auditor: 0 findings

### Actions taken
- Fixed: 6 findings (4 cosmetic, 2 patches, 1 security refactor, 1 missing feature -- rejected refactor excluded)
- Skipped: 1 refactor proposal (reason: style preference, not a defect)
- Document pass: 3 comments added across 2 files

### Unresolved
- None

### Out-of-scope observations
- <any out-of-scope items auditors flagged, for future reference>

### Learning loop
learning_loop:
  target_skill: "self-improvement"
  candidates:
    - pattern_key: "harden.input_validation"
      auditor: "harden-auditor"
      rounds_to_resolve: 1
      severity: "high"
      suggested_rule: "Validate and bound-check external inputs before use."
    - pattern_key: "simplify.dead_code"
      auditor: "simplify-auditor"
      rounds_to_resolve: 1
      severity: "low"
      suggested_rule: "Remove dead code and unused imports before finalizing."

Normalize recurring audit findings across rounds into pattern_key entries using the same format as simplify-and-harden. This feeds into self-improvement for cross-task pattern tracking and promotion.

Adapt the format to your context. The goal is a clear record of what was found, what was fixed, what was skipped and why, and what remains.

9. Cleanup

Send shutdown requests to all agents, then delete the team:

SendMessage type: shutdown_request to each agent
TeamDelete

Agent Sizing Guide

Codebase / Task Size	Impl Agents	Audit Agents
Small (< 10 files)	1-2	2 (simplify + harden)
Medium (10-30 files)	2-3	2-3
Large (30+ files)	3-5	3 (simplify + harden + spec)

More agents = more parallelism but more coordination overhead. For most tasks, 2-3 implementation agents and 2-3 auditors is the sweet spot.

Tips

Implementation agents should begeneral-purpose -- they need write access
Audit agents should beExplore -- read-only prevents them from silently "fixing" things, which defeats the purpose of auditing
Fresh audit agents each round -- don't reuse auditors from previous rounds; they carry context that biases them toward "already checked" areas
Task descriptions must be specific -- include file paths, function names, exact behavior expected. Vague tasks produce vague implementations.
Run compile + tests between phases -- don't spawn auditors on broken code; fix compilation/test errors first
Keep the loop tight -- if auditors find only 1-2 low-severity cosmetic issues, fix them yourself instead of spawning a full implementation round
Assign tasks before spawning -- set owner on tasks via TaskUpdate so agents know what to work on immediately
Simplify-first posture -- when processing audit findings, prioritize cosmetic cleanups that reduce noise before tackling refactors. Cleanup is the default, refactoring is the exception
Security over style -- when budget or time is constrained, prioritize harden findings over simplify findings
Pass the file list -- always give auditors the explicit list of modified files. Don't rely on them figuring out scope on their own.

Example: Implementing Spec Features

0.  Plan: Read spec (or run inline interview), break into 8 tasks
0b. Emit Intent Frame #1, confirm with user
1.  TeamCreate: "feature-harden"
2.  TaskCreate x8 (one per feature)
3.  Spawn 3 impl agents, assign ~3 tasks each
4.  Wait → all done → compile clean → tests pass
5.  Collect modified file list (git diff --name-only)
6.  Spawn 3 auditors: simplify-auditor, harden-auditor, spec-auditor
7.  Simplify-auditor finds 4 cosmetic + 1 refactor proposal
8.  Harden-auditor finds 2 patches + 1 security refactor
9.  Spec-auditor finds 1 missing feature
10. Team lead evaluates refactors (approve security refactor,
    reject simplify refactor), creates fix + document tasks
11. Spawn 2 impl agents for fixes
12. Wait → compile clean → tests pass
13. Drift check: re-read intent frame, scope looks good
14. Round 2: Spawn 3 fresh auditors
15. Auditors find 0 issues → exit condition met
16. Produce hardening summary + learning loop output
17. Shutdown agents, TeamDelete

Quality Gates (Non-Negotiable)

These must pass before the loop can exit:

Clean compile / type check -- zero errors
Tests -- zero failures
Exit condition met (clean audit, low-only round, or loop cap reached with critical/high findings resolved)
No // TODO or // FIXME comments introduced without corresponding tasks

Interoperability with Other Skills

What this skill consumes

From plan-interview (optional): Plan file (docs/plans/plan-NNN-<slug>.md). When available, tasks are extracted from the implementation checklist. When absent, the team lead runs an inline planning phase.
From the user (always available): Task description, spec, or feature list. Used as the source of truth when no plan file exists.

What this skill produces

For self-improvement: Learning loop candidates from recurring audit findings, same pattern_key format as simplify-and-harden.
For the user: Hardening summary with full audit trail across all rounds.

Pipeline position

This skill replaces stages 2–4 of the standard pipeline with a team-based loop:

plan-interview (optional — or inline planning in Phase 0)
agent-teams-simplify-and-harden (team lead + intent frame + implement + audit + drift checks + learning loop)
self-improvement (consumes learning loop output for cross-task pattern tracking)

The team lead runs its own intent frame (not consumed from intent-framed-agent) and lightweight context-surfing drift checks between rounds (not the full exit/handoff protocol). Sub-agents are short-lived and do not run pipeline skills.

Weekly Installs

329

Repository

pskoett/pskoett…i-skills

GitHub Stars

First Seen

Feb 21, 2026

Security Audits

Gen Agent Trust HubFail SocketWarn SnykWarn

Installed on

codex328

gemini-cli327

github-copilot327

cursor327

opencode327

kimi-cli326

agent-browser 浏览器自动化工具 - Vercel Labs 命令行网页操作与测试

138,300 周安装

AI代理团队简化与加固代码审查：自动化两阶段循环提升生产级代码质量

🇨🇳中文介绍

Agent Teams Simplify & Harden

安装

使用时机

流水线集成

相关 Skills

模式

循环限制与退出条件

分步流程

0. 规划与框架

1. 创建团队

2. 创建任务

3. 生成实现代理

4. 等待实现完成

5. 生成审计代理

简化审计员

加固审计员

规范审计员

6. 处理审计发现

7. 循环

8. 最终验证与摘要

9. 清理

代理规模指南

提示

示例：实现规范功能

质量门控（不可协商）

与其他技能的互操作性

此技能消耗什么

此技能产出什么

流水线位置

🇺🇸English

Agent Teams Simplify & Harden

Install

When to Use

Pipeline Integration

The Pattern

Loop Limits and Exit Conditions

Step-by-Step Procedure

0. Plan and Frame

1. Create the Team

2. Create Tasks

3. Spawn Implementation Agents

4. Wait for Implementation to Complete

5. Spawn Audit Agents

Simplify Auditor

Harden Auditor

Spec Auditor

6. Process Audit Findings

7. Loop

8. Final Verification and Summary

9. Cleanup

Agent Sizing Guide

Tips

Example: Implementing Spec Features

Quality Gates (Non-Negotiable)

Interoperability with Other Skills

What this skill consumes

What this skill produces

Pipeline position

最新 Skills