simplify-and-harden-ci

Original🇺🇸 English
Translated

CI-only Simplify & Harden workflow for pull requests using gh-aw (GitHub Agentic Workflows). Runs headless scan-and-report checks for simplify/harden/document, posts structured findings, and can block merges on critical or advisory classes. Use when: you want automated quality/security review in CI without interactive approvals.

8installs
Sourcepskoett/pskoett-ai-skills
Added on

NPX Install

npx skill4agent add pskoett/pskoett-ai-skills simplify-and-harden-ci

Tags

Translated version includes tags in frontmatter
ci-workflowcode-simplificationcode-hardeninggh-awpull-request-validation

SKILL.md Content

View Translation Comparison →

Simplify & Harden CI

Install

bash
npx skills add pskoett/pskoett-ai-skills/simplify-and-harden-ci

Purpose

Run a CI-only variant of Simplify & Harden in pull requests:
  • No code mutation in CI
  • Review only changed files
  • Emit structured findings
  • Optionally block merge based on severity gates
Use 
simplify-and-harden
for interactive/local coding sessions.

Context Limitation (Important)

CI agents do not have the same peak implementation context as the coding agent that wrote the change. Treat CI findings as structured review signals, not as full intent-aware rewrites.
Implications:
  • Prefer scan/report and merge gating
  • Do not auto-apply code changes in CI
  • Escalate ambiguous findings to interactive review

Prerequisites

  1. GitHub Actions enabled for the repository
  2. GitHub CLI authenticated (
    gh auth status
    )
  3. gh-aw
    installed locally for authoring/validation:
bash
gh extension install github/gh-aw
  1. In GitHub Actions jobs, install the CLI with:
yaml
- uses: github/gh-aw/actions/setup-cli@main
  with:
    version: v0.2.0-beta

CI Contract

The CI skill must enforce:
  1. Scope lock: review only files changed in the PR
  2. Headless execution: report findings, do not apply patches/refactors
  3. Structured output: emit 
    simplify_and_harden
    summary payload
  4. Gate policy: 
    • critical
      : fail check when critical harden findings exist
    • advisory
      (optional): fail check when advisory findings are configured to block

Authoring Workflow (gh-aw)

Example-only template lives in 
references/workflow-example.md
. Keep it outside 
.github/workflows
until you explicitly want automation enabled.
When ready to enable:
  1. Copy 
    references/workflow-example.md
    template block into 
    .github/workflows/simplify-and-harden-ci.md
    .
  2. Compile and validate workflow:
bash
gh aw compile --validate --strict
  1. Trigger and push workflow changes:
bash
gh aw run simplify-and-harden-ci --push
  1. Check status/logs in GitHub Actions and ensure PR feedback is posted.

Prompt Template (CI)

Use this prompt body in your gh-aw workflow:
text
Run Simplify & Harden in CI (headless mode) for this pull request.

Rules:
1) Review only files changed in this PR.
2) Do not modify repository files.
3) Simplify pass: detect dead code, naming clarity issues, control-flow complexity, unnecessary API surface, and over-abstraction.
4) Harden pass: detect input-validation gaps, injection vectors, auth/authz issues, secret exposure, data leaks, and concurrency risks.
5) Document pass: suggest non-obvious rationale comments as findings (do not edit files).
6) Emit structured YAML under key `simplify_and_harden`, including:
   - simplify findings
   - harden findings (critical/advisory split)
   - summary counts
   - `review_followup_required`
   - learning loop candidates for self-improvement ingestion
7) If blocking policy is enabled and matching findings exist, mark the run as failed.

Recommended Outputs

  1. PR comment with concise findings and severity ordering
  2. Check run summary with pass/fail reason
  3. Machine-readable YAML artifact for downstream automation

Integration with Self-Improvement

Forward 
simplify_and_harden.learning_loop.candidates
into 
.learnings/LEARNINGS.md
via the 
self-improvement
workflow so recurrent patterns can be promoted into durable agent context rules.