Jetpack Compose Audit
This skill audits Android Jetpack Compose repositories with a strict, evidence-based report.
Skill version: 2.0.1 — released 2026-04-29. Compose track: Kotlin 2.0.20+ / Compose Compiler 1.5.4+ (Strong Skipping Mode default). See the README changelog for what changed.
It is intentionally focused on four categories:
- Performance
- State management
- Side effects
- Composable API quality
This skill does
not score design or Material 3 compliance in v1. If the audit surfaces likely design-system problems, recommend a follow-up audit with the
skill (reference implementation:
https://github.com/hamen/material-3-skill).
Out Of Scope In v1
Owned and deliberate scope choices — call out the limitation in the report rather than silently producing thin coverage:
- Material 3 compliance, theming, color/typography tokens — defer to the skill.
- Accessibility scoring (, content descriptions, touch-target sizing) — flag obvious gaps as a note, do not score.
- UI test coverage and Compose test rule patterns — note presence/absence, do not score.
- Compose Multiplatform-specific rules (/, target-specific code paths).
- Wear OS / TV / Auto / Glance surfaces.
- Build performance (incremental compilation, KSP/KAPT choice).
If the user explicitly asks for any of these, narrow the scope and state it in the report.
When To Use
Use this skill when the user asks to:
- audit a Jetpack Compose repository
- review Compose architecture or quality
- rate a codebase with scores
- inspect recomposition, state, or effects issues
- identify Compose best-practice violations in an existing repo
Typical trigger phrases:
- "audit this Compose repo"
- "score this Jetpack Compose codebase"
- "review state hoisting and side effects"
- "check Compose performance"
- "rate this repository"
Expected Output
Produce both:
- a repository report file named
- a short chat summary with the overall score, category scores, worst issues, and the top fixes
Audit Principles
- Be strict, but evidence-based.
- Do not score from search hits alone. Read representative files before judging a category.
- Cite concrete file paths in the report for every important deduction.
- Cite an official documentation URL for every deduction. No "trust me" findings — the rubric maps every rule to a canonical source in
references/canonical-sources.md
- Prefer canonical Android guidance over folklore.
- Treat performance as important, but not as the only lens.
- Do not punish app code for failing public-library purity tests. Apply API-quality checks mainly to reusable internal components, design-system pieces, and shared UI building blocks.
- Reserve scores for repeated or systemic problems, not isolated mistakes.
- Do not award unless the repo is consistently strong across the category.
Process
1. Confirm Scope
Identify the target path:
- If the user passed an explicit path (
[repo path or module path]
- If no path was passed, default to the current working directory.
- If the path does not exist, ask the user to clarify.
Before mapping modules, confirm Compose is actually present (fast-fail):
- grep for in any or
- grep for or under
If neither shows up, stop and report that the target is out of scope. Do not run a full module map first.
If Compose is present
only in
,
, or test sources (no production usage), narrow the scope to those directories, set confidence to
, and state in the report that the audit is over sample code rather than production paths. Do not score production-quality categories against demo code.
2. Map The Repository
Before scoring, identify:
- Gradle modules
- Android app and feature modules
- likely Compose source roots
- shared UI/component packages
- theme or design-system packages
- state holder or ViewModel areas
- test and preview locations
- baseline-profile related modules or config if present
3. Build A Compose Surface Map
Look for:
- functions
- reusable UI components
- screens and routes
- usage
- , ,
collectAsStateWithLifecycle
- , , , ,
- , , ,
- animation APIs: , , ,
rememberInfiniteTransition
If the repo is large, audit by category or by module. If subagents are available, parallelize category scans by spawning
-type subagents (no write tools) and merge the findings.
4. Generate Compose Compiler Reports (Automatic)
Do
not ask the user to edit
or run commands themselves. The skill runs the build with a bundled Gradle init script that injects
/
into every Compose module without modifying any file in the target repo. Before scoring, attempt this:
-
Locate the init script shipped with the skill:
scripts/compose-reports.init.gradle
. The absolute path is the skill's install location — in most installs that's
~/.claude/skills/jetpack-compose-audit/scripts/compose-reports.init.gradle
. If you cannot resolve the path, fall back to writing the script to
<target>/.compose-audit-reports.init.gradle
and delete it after the run.
-
Check for a Gradle wrapper in the target:
. If missing, skip to the fallback in step 6.
-
Pick a compile target. Prefer the cheapest task that still triggers Kotlin compilation for a Compose module:
- find the first application module via
rg -l 'com\.android\.application' -g '*.gradle*'
- try in order:
:<app-module>:compileReleaseKotlinAndroid
:<app-module>:compileReleaseKotlin
- If the project is Compose-only on a library (), use that module instead.
-
Run the build. Inform the user the build is starting (it may take several minutes).
bash
cd <target> && ./gradlew <task> \
--init-script <path-to>/compose-reports.init.gradle \
--no-daemon --quiet
Use a 600-second timeout. If the task fails, try the next fallback task in step 3 once. Do not loop indefinitely.
-
Collect the reports.
bash
find <target> -path '*/build/compose_audit/*' \
\( -name '*-classes.txt' -o -name '*-composables.txt' -o -name '*-composables.csv' -o -name '*-module.json' \)
From these files, extract:
- unstable classes (lines starting with in ) used as composable parameters
- non-skippable but restartable named composables (ignore zero-argument lambdas; focus on actual named functions in or where )
- module-wide skippability counts from , AND compute the named-only skippability from (by filtering out rows where and calculating
sum(skippable) / sum(restartable)
-
Fallback if the build fails or Gradle is unavailable. Proceed with source-inferred stability findings, but:
- set
Compiler diagnostics used: no
- reduce overall confidence by one level
- state each stability-related deduction as "inferred from source — not verified against compiler reports"
Stability deductions from step 5 are measured evidence and should be weighted normally. Fallback deductions from step 6 are inferred and must be flagged as such in the report.
5. Audit The Four Categories
Use the scoring rubric in
and the heuristics in
references/search-playbook.md
.
Performance
Focus on:
- expensive work in composition
- avoidable recomposition
- lazy list keys
- bad state-read timing
- unstable or overly broad reads
- backwards writes
- animation phase correctness (per-frame values deferred to layout/draw via lambda modifiers, held in ,
rememberInfiniteTransition
- obvious release-performance hygiene where visible
State Management
Focus on:
- hoisting correctness
- single source of truth
- reusable stateless seams
- correct use of vs
- lifecycle-aware observable collection
- observable vs non-observable mutable state
Side Effects
Focus on:
- side effects incorrectly done in composition
- correct effect API choice
- effect keys
- stale lambda capture
- cleanup correctness
- lifecycle-aware effect behavior
- animations driven from for target-driven state changes (not from the composition body;
rememberCoroutineScope().launch { animateTo(...) }
Composable API Quality
Focus on reusable internal components, not every leaf screen.
Check:
- presence and placement
- parameter order
- explicit over implicit configuration
- meaningful defaults
- avoiding or parameters in reusable APIs where a better shape exists
- reusable animated components exposing
animationSpec: AnimationSpec<T>
- component purpose and layering
6. Verify Findings
Before deducting points:
- read the file where the smell appears
- make sure the pattern is real, not a false positive
- check whether the repo already has a compensating pattern elsewhere
- distinguish one-off mistakes from systemic patterns
- for stability findings (skippable / restartable / unstable params), use the compiler reports generated in Step 4. Cite the specific report line (e.g.
app/build/compose_audit/app_release-classes.txt:42
7. Score
Assign each category a
score and a status:
- : fail
- : needs work
- : solid
- : excellent
Use the weights in
to compute the overall score.
Measured ceilings are mandatory, not suggestive. When Step 4 produced compiler reports, the Performance rubric in
defines a ceiling. First determine whether Strong Skipping is active (Kotlin 2.0.20+ / Compose Compiler 1.5.4+, or an explicit opt-in flag) and pick the matching table — the SSM-off table is driven by
+ unstable-class count, the SSM-on table by
+ instance-recreation churn +
quality on unstable params. After arriving at a qualitative Performance score, you MUST apply the ceiling and lower the score if it exceeds the cap. Show the math in the report, and name which table was applied:
Performance ceiling check:
Strong Skipping: OFF (Kotlin 1.9.x, no opt-in) → applying SSM-off table
skippable% = 186/273 = 68.1% → falls in 50-70% band → cap at 4
qualitative score: 7
applied score: 4 (ceiling lowered from 7)
Under Strong Skipping,
will typically sit near 100% and stop being the binding constraint; the cap is usually driven by observed churn (
/
/ fresh literals passed into composables) or by expensive / broken
on unstable params. Name those findings explicitly in the ceiling-check block so the reader can audit the pick.
Do not round
up into a higher band.
is not
. If a qualitative score lands at or below the ceiling, no adjustment is needed — but the check itself must appear in the report so the reader can audit it.
If a category genuinely has too little auditable surface area, mark it
, explain why, and renormalize the remaining weights.
8. Write The Report
Use
references/report-template.md
.
The report must include:
- overall score
- category score table
- top critical findings
- category-by-category reasoning
- evidence file paths
- prioritized remediation list
- optional follow-up note to run if design issues are suspected
Write the report to:
- inside the audited target (the path the user passed), not the current working directory.
If
already exists at that path, do not overwrite it silently. Either confirm overwrite with the user, or write to
COMPOSE-AUDIT-REPORT-<YYYY-MM-DD>.md
alongside it.
9. Return A Short Summary
In chat, produce a summary that mirrors the report's
section — not a generic recap. The developer should be able to act on the summary alone without opening the report file.
Include:
- overall score (and the delta vs. any prior at the same path, if present)
- one-line judgment for each category, with the applied ceiling if any (e.g. "Performance 8/10 — capped by the SSM-on table: recreated params")
- compiler-report highlights when Step 4 succeeded: Strong Skipping on/off (or mixed across modules), which ceiling table was applied, module-wide , named-only , which metric actually bound the cap, count of unstable shared types, and any module that failed to build
- top three actionable fixes, each with:
- the concrete change ("add to in ")
- file path(s) and line numbers — the same ones listed in the report's Prioritized Fixes
- one official doc URL from
references/canonical-sources.md
- expected impact that matches the active ceiling table: on SSM-off, frame it in terms of named-only / unstable-param reductions; on SSM-on, frame it in terms of removing instance-recreation churn, fixing expensive / broken , or clearing the binding cap
- whether a audit is worth running next
The top-three fixes in the chat summary MUST be the same items as the report's
list (same file paths, same doc links). Do not add generic advice in chat that isn't in the written report.
Evidence Rules
- Prefer multiple examples over one dramatic example.
- Use positive evidence too, not just failures.
- Do not infer runtime problems you cannot justify from the code.
- When a rule is based on official guidance but app-level tradeoffs may justify deviation, call it out as a tradeoff instead of pretending it is always wrong.
Large Repo Strategy
For medium or large repositories:
- Map modules first.
- Pick representative files per module.
- Parallelize category scans when possible.
- Merge repeated findings into systemic issues instead of listing the same smell twenty times.
What To Avoid
- Do not produce a generic checklist with no repository evidence.
- Do not turn the report into a public-library API lecture if the repo is an app.
- Do not inflate the performance score just because the app uses Compose.
- Do not over-penalize isolated experiments or sample files unless they are part of production paths.
- Do not score design in v1.
- Do not flag or on its own — the "run once" pattern is idiomatic. Only flag it when the body captures a value that may change without .
- Do not deduct on Compose Multiplatform code paths for Android-only APIs (
collectAsStateWithLifecycle
lifecycle-runtime-compose
- Do not double-count the same root cause across categories. A stability problem typically surfaces in both Performance and State — pick the dominant category and cross-reference.
References
- — per-rule rubric with inline citations
references/search-playbook.md
references/report-template.md
references/canonical-sources.md
references/diagnostics.md
scripts/compose-reports.init.gradle