Back to Details

simplify-and-harden-ci

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Simplify & Harden CI

简化与加固CI

Install

安装

bash
npx skills add pskoett/pskoett-ai-skills/simplify-and-harden-ci
bash
npx skills add pskoett/pskoett-ai-skills/simplify-and-harden-ci

Purpose

用途

Run a CI-only variant of Simplify & Harden in pull requests:
  • No code mutation in CI
  • Review only changed files
  • Emit structured findings
  • Optionally block merge based on severity gates
Use 
simplify-and-harden
for interactive/local coding sessions.
在拉取请求中运行仅适用于CI的“简化与加固”变体:
  • CI中不进行代码变更
  • 仅审查已修改的文件
  • 输出结构化检查结果
  • 可根据严重程度阈值选择性阻止合并
在交互式/本地编码会话中使用
simplify-and-harden

Context Limitation (Important)

上下文限制(重要)

CI agents do not have the same peak implementation context as the coding agent that wrote the change. Treat CI findings as structured review signals, not as full intent-aware rewrites.
Implications:
  • Prefer scan/report and merge gating
  • Do not auto-apply code changes in CI
  • Escalate ambiguous findings to interactive review
CI代理不具备编写代码的代理那样完整的实现上下文。请将CI检查结果视为结构化的审查信号,而非完全理解意图的重写。
影响:
  • 优先使用扫描/报告和合并门控
  • 不要在CI中自动应用代码变更
  • 将模糊的检查结果升级到交互式审查

Prerequisites

前提条件

  1. GitHub Actions enabled for the repository
  2. GitHub CLI authenticated (
    gh auth status
    )
  3. gh-aw
    installed locally for authoring/validation:
bash
gh extension install github/gh-aw
  1. In GitHub Actions jobs, install the CLI with:
yaml
- uses: github/gh-aw/actions/setup-cli@main
  with:
    version: v0.2.0-beta
  1. 仓库已启用GitHub Actions
  2. GitHub CLI已完成认证(
    gh auth status
  3. 已在本地安装
    gh-aw
    用于创作/验证:
bash
gh extension install github/gh-aw
  1. 在GitHub Actions任务中,通过以下方式安装CLI:
yaml
- uses: github/gh-aw/actions/setup-cli@main
  with:
    version: v0.2.0-beta

CI Contract

CI约定

The CI skill must enforce:
  1. Scope lock: review only files changed in the PR
  2. Headless execution: report findings, do not apply patches/refactors
  3. Structured output: emit 
    simplify_and_harden
    summary payload
  4. Gate policy: 
    • critical
      : fail check when critical harden findings exist
    • advisory
      (optional): fail check when advisory findings are configured to block
CI技能必须遵循以下规则:
  1. 范围锁定:仅审查PR中修改的文件
  2. 无头执行:仅报告检查结果,不应用补丁/重构
  3. 结构化输出:输出
    simplify_and_harden
    摘要负载
  4. 门控策略: 
    • critical
      :当存在严重级别的加固问题时,标记检查不通过
    • advisory
      (可选):当配置为阻止的建议级别问题存在时,标记检查不通过

Authoring Workflow (gh-aw)

创作工作流(gh-aw)

Example-only template lives in 
references/workflow-example.md
. Keep it outside 
.github/workflows
until you explicitly want automation enabled.
When ready to enable:
  1. Copy 
    references/workflow-example.md
    template block into 
    .github/workflows/simplify-and-harden-ci.md
    .
  2. Compile and validate workflow:
bash
gh aw compile --validate --strict
  1. Trigger and push workflow changes:
bash
gh aw run simplify-and-harden-ci --push
  1. Check status/logs in GitHub Actions and ensure PR feedback is posted.
示例模板位于
references/workflow-example.md
中。在明确要启用自动化之前,请不要将其放入
.github/workflows
目录。
准备启用时:
  1. references/workflow-example.md
    中的模板块复制到
    .github/workflows/simplify-and-harden-ci.md
  2. 编译并验证工作流:
bash
gh aw compile --validate --strict
  1. 触发并推送工作流变更:
bash
gh aw run simplify-and-harden-ci --push
  1. 在GitHub Actions中检查状态/日志,确保PR反馈已发布。

Prompt Template (CI)

CI提示模板

Use this prompt body in your gh-aw workflow:
text
Run Simplify & Harden in CI (headless mode) for this pull request.

Rules:
1) Review only files changed in this PR.
2) Do not modify repository files.
3) Simplify pass: detect dead code, naming clarity issues, control-flow complexity, unnecessary API surface, and over-abstraction.
4) Harden pass: detect input-validation gaps, injection vectors, auth/authz issues, secret exposure, data leaks, and concurrency risks.
5) Document pass: suggest non-obvious rationale comments as findings (do not edit files).
6) Emit structured YAML under key `simplify_and_harden`, including:
   - simplify findings
   - harden findings (critical/advisory split)
   - summary counts
   - `review_followup_required`
   - learning loop candidates for self-improvement ingestion
7) If blocking policy is enabled and matching findings exist, mark the run as failed.
在gh-aw工作流中使用以下提示内容:
text
Run Simplify & Harden in CI (headless mode) for this pull request.

Rules:
1) Review only files changed in this PR.
2) Do not modify repository files.
3) Simplify pass: detect dead code, naming clarity issues, control-flow complexity, unnecessary API surface, and over-abstraction.
4) Harden pass: detect input-validation gaps, injection vectors, auth/authz issues, secret exposure, data leaks, and concurrency risks.
5) Document pass: suggest non-obvious rationale comments as findings (do not edit files).
6) Emit structured YAML under key `simplify_and_harden`, including:
   - simplify findings
   - harden findings (critical/advisory split)
   - summary counts
   - `review_followup_required`
   - learning loop candidates for self-improvement ingestion
7) If blocking policy is enabled and matching findings exist, mark the run as failed.

Recommended Outputs

推荐输出

  1. PR comment with concise findings and severity ordering
  2. Check run summary with pass/fail reason
  3. Machine-readable YAML artifact for downstream automation
  1. PR评论:包含简洁的检查结果,并按严重程度排序
  2. 检查运行摘要:包含通过/失败原因
  3. 机器可读的YAML工件:用于下游自动化

Integration with Self-Improvement

与自我改进功能集成

Forward 
simplify_and_harden.learning_loop.candidates
into 
.learnings/LEARNINGS.md
via the 
self-improvement
workflow so recurrent patterns can be promoted into durable agent context rules.
simplify_and_harden.learning_loop.candidates
通过
self-improvement
工作流转发到
.learnings/LEARNINGS.md
,这样重复出现的模式可以被升级为持久的代理上下文规则。