SocketDev
diff --git a/‎.claude/skills/quality-scan/SKILL.md‎
Lines changed: 113 additions & 57 deletions b/‎.claude/skills/quality-scan/SKILL.md‎
Lines changed: 113 additions & 57 deletions
@@ -1,6 +1,6 @@
 ---
 name: quality-scan
-description: Cleans up junk files (SCREAMING_TEXT.md, temp files) and performs comprehensive quality scans across codebase to identify critical bugs, logic errors, caching issues, and workflow problems. Spawns specialized agents for targeted analysis and generates prioritized improvement tasks. Use when improving code quality, before releases, or investigating issues.
+description: Validates structural consistency, cleans up junk files (SCREAMING_TEXT.md, temp files), and performs comprehensive quality scans across codebase to identify critical bugs, logic errors, caching issues, and workflow problems. Spawns specialized agents for targeted analysis and generates prioritized improvement tasks. Use when improving code quality, before releases, or investigating issues.
 ---
 
 # quality-scan
@@ -26,8 +26,9 @@ This is Socket Security's binary tooling manager (BTM) that:
 2. **logic** - Algorithm errors, edge cases, type guards, off-by-one errors
 3. **cache** - Cache staleness, race conditions, invalidation bugs
 4. **workflow** - Build scripts, CI issues, cross-platform compatibility
-5. **security** - GitHub Actions workflow security (zizmor scanner)
-6. **documentation** - README accuracy, outdated docs, missing documentation
+5. **workflow-optimization** - CI optimization checks (build-required conditions on cached builds)
+6. **security** - GitHub Actions workflow security (zizmor scanner)
+7. **documentation** - README accuracy, outdated docs, missing documentation, junior developer friendliness
 
 **Why Quality Scanning Matters:**
 - Catches bugs before they reach production
@@ -107,16 +108,15 @@ pnpm run update
 
 <validation>
 **Expected Results:**
-- Dependencies updated in socket-cli
+- Dependencies updated in socket-btm
 - Report number of packages updated
 - Continue with scan even if update fails
 
 **Track for reporting:**
 - Packages updated: N
 - Update status: Success/Failed (with warning)
 
-**Important:** Only update dependencies in the current repository (socket-cli). Do NOT attempt to update sibling repositories (socket-btm, socket-sbom-generator, ultrathink) as this is out of scope and could have unintended side effects.
-</validation>
+**Important:** Only update dependencies in the current repository (socket-btm). Do NOT attempt to update sibling repositories (socket-sbom-generator, socket-cli, ultrathink) as this is out of scope and could have unintended side effects.</validation>
 
 ---
 
@@ -195,7 +195,56 @@ find . -type f -name '*.log' \
 
 ---
 
-### Phase 4: Determine Scan Scope
+### Phase 4: Structural Validation
+
+<action>
+Run automated consistency checker to validate architectural patterns:
+</action>
+
+**Validation Tasks:**
+
+Run the consistency checker to validate monorepo structure:
+
+```bash
+node scripts/check-consistency.mjs
+```
+
+**The consistency checker validates:**
+1. **Required files** - README.md, package.json existence
+2. **Vitest configurations** - Proper mergeConfig usage
+3. **Test scripts** - Correct test patterns per package type
+4. **Coverage scripts** - Coverage setup where appropriate
+5. **External tools** - external-tools.json format validation
+6. **Build output structure** - Standard build/{mode}/out/Final/ layout
+7. **Package.json structure** - Standard fields and structure
+8. **Workspace dependencies** - Proper workspace:* and catalog: usage
+
+<validation>
+**Expected Results:**
+- Errors: 0 (any errors should be reported as Critical findings)
+- Warnings: 2 or fewer (expected deviations documented in checker)
+- Info: Multiple info messages are normal (observations only)
+
+**If errors found:**
+1. Report as Critical findings in the final report
+2. Include file:line references from checker output
+3. Suggest fixes based on checker recommendations
+4. Continue with remaining scans
+
+**If warnings found:**
+- Report as Low findings (these are expected deviations)
+- Document in final report under "Structural Validation"
+
+**Track for reporting:**
+- Number of packages validated
+- Number of errors/warnings/info messages
+- Any architectural pattern violations
+
+</validation>
+
+---
+
+### Phase 5: Determine Scan Scope
 
 <action>
 Ask user which scans to run:
@@ -206,8 +255,9 @@ Ask user which scans to run:
 2. **logic** - Logic errors (algorithms, edge cases, type guards)
 3. **cache** - Caching issues (staleness, races, invalidation)
 4. **workflow** - Workflow problems (scripts, CI, git hooks)
-5. **security** - GitHub Actions security (template injection, cache poisoning, etc.)
-6. **documentation** - Documentation accuracy (README errors, outdated docs)
+5. **workflow-optimization** - CI optimization (build-required checks for cached builds)
+6. **security** - GitHub Actions security (template injection, cache poisoning, etc.)
+7. **documentation** - Documentation accuracy (README errors, outdated docs)
 
 **User Interaction:**
 Use AskUserQuestion tool:
@@ -236,7 +286,7 @@ If user requests non-existent scan type, report error and suggest valid types.
 
 ---
 
-### Phase 5: Execute Scans
+### Phase 6: Execute Scans
 
 <action>
 For each enabled scan type, spawn a specialized agent using Task tool:
@@ -283,59 +333,20 @@ Scan systematically and report all findings. If no issues found, state that expl
 - Cache scan: reference.md starting at line ~200
 - Workflow scan: reference.md starting at line ~300
 - Security scan: reference.md starting at line ~400
-- Documentation scan: reference.md starting at line ~810
+- Workflow-optimization scan: reference.md starting at line ~860
+- Documentation scan: reference.md starting at line ~1040
 
 <validation>
-**Structured Output Validation:**
-
-After each agent returns, validate output structure before parsing:
-
-```bash
-# 1. Verify agent completed successfully
-if [ -z "$AGENT_OUTPUT" ]; then
-  echo "ERROR: Agent returned no output"
-  exit 1
-fi
-
-# 2. Check for findings or clean report
-if ! echo "$AGENT_OUTPUT" | grep -qE '(File:.*Issue:|No .* issues found|✓ Clean)'; then
-  echo "WARNING: Agent output missing expected format"
-  echo "Agent may have encountered an error or found no issues"
-fi
-
-# 3. Verify severity levels if findings exist
-if echo "$AGENT_OUTPUT" | grep -q "File:"; then
-  if ! echo "$AGENT_OUTPUT" | grep -qE 'Severity: (Critical|High|Medium|Low)'; then
-    echo "WARNING: Findings missing severity classification"
-  fi
-fi
-
-# 4. Verify fix suggestions if findings exist
-if echo "$AGENT_OUTPUT" | grep -q "File:"; then
-  if ! echo "$AGENT_OUTPUT" | grep -q "Fix:"; then
-    echo "WARNING: Findings missing suggested fixes"
-  fi
-fi
-```
-
-**Manual Verification Checklist:**
-- [ ] Agent output includes findings OR explicit "No issues found" statement
-- [ ] All findings include file:line references
-- [ ] All findings include severity level (Critical/High/Medium/Low)
-- [ ] All findings include suggested fixes
-- [ ] Agent output is parseable and structured
-
-**For each scan completion:**
+For each scan completion:
 - Verify agent completed without errors
-- Extract findings from agent output (or confirm "No issues found")
+- Extract findings from agent output
 - Parse into structured format (file, issue, severity, fix)
 - Track scan coverage (files analyzed)
-- Log any validation warnings for debugging
 </validation>
 
 ---
 
-### Phase 6: Aggregate Findings
+### Phase 7: Aggregate Findings
 
 <action>
 Collect all findings from agents and aggregate:
@@ -374,7 +385,7 @@ interface Finding {
 
 ---
 
-### Phase 7: Generate Report
+### Phase 8: Generate Report
 
 <action>
 Create structured quality report with all findings:
@@ -389,6 +400,34 @@ Create structured quality report with all findings:
 **Files Scanned:** N
 **Findings:** N critical, N high, N medium, N low
 
+## Dependency Updates
+
+**Repositories Updated:** N/4
+- **socket-btm**: N packages updated
+- **socket-sbom-generator**: N packages updated (or "skipped - not found")
+- **socket-cli**: N packages updated (or "skipped - not found")
+- **ultrathink**: N packages updated (or "skipped - not found")
+
+**Total Packages Updated:** N across all repositories
+
+## Structural Validation
+
+**Consistency Checker Results:**
+- Packages validated: 12
+- Errors: N (reported as Critical below)
+- Warnings: N (reported as Low below)
+- Info: N observations
+
+**Validation Categories:**
+✓ Required files
+✓ Vitest configurations
+✓ Test scripts
+✓ Coverage scripts
+✓ External tools
+✓ Build output structure
+✓ Package.json structure
+✓ Workspace dependencies
+
 ## Critical Issues (Priority 1) - N found
 
 ### packages/node-smol-builder/src/patcher.mts:89
@@ -413,6 +452,8 @@ Create structured quality report with all findings:
 
 ## Scan Coverage
 
+- **Dependency updates**: N/4 repositories updated (socket-btm, socket-sbom-generator, socket-cli, ultrathink)
+- **Structural validation**: 12 packages validated, 8 architectural patterns checked
 - **Critical scan**: N files analyzed in packages/node-smol-builder/, scripts/
 - **Logic scan**: N files analyzed (patch logic, build scripts)
 - **Cache scan**: N files analyzed (if applicable)
@@ -447,7 +488,7 @@ Create structured quality report with all findings:
 
 ---
 
-### Phase 8: Complete
+### Phase 9: Complete
 
 <completion_signal>
 ```xml
@@ -460,13 +501,27 @@ Report these final metrics to the user:
 
 **Quality Scan Complete**
 ========================
+✓ Dependency updates: N/4 repositories updated (N packages)
+✓ Structural validation: N packages validated (N errors, N warnings)
 ✓ Repository cleanup: N junk files removed
 ✓ Scans completed: [list of scan types]
 ✓ Total findings: N (N critical, N high, N medium, N low)
 ✓ Files scanned: N
 ✓ Report generated: Yes
 ✓ Scan duration: [calculated from start to end]
 
+**Dependency Update Summary:**
+- socket-btm: N packages updated
+- socket-sbom-generator: N packages updated (or "skipped - not found")
+- socket-cli: N packages updated (or "skipped - not found")
+- ultrathink: N packages updated (or "skipped - not found")
+
+**Structural Validation Summary:**
+- Packages validated: 12
+- Consistency errors: N (included in critical findings)
+- Consistency warnings: N (included in low findings)
+- Architectural patterns checked: 8
+
 **Repository Cleanup Summary:**
 - SCREAMING_TEXT.md files removed: N
 - Temporary test files removed: N
@@ -506,8 +561,9 @@ See `reference.md` for detailed agent prompts with structured tags:
 - **logic-scan** - Off-by-one errors, type guards, edge cases, algorithm correctness
 - **cache-scan** - Invalidation, key generation, memory management, concurrency
 - **workflow-scan** - Scripts, package.json, git hooks, CI configuration
+- **workflow-optimization-scan** - CI optimization checks (build-required on installation steps with checkpoint caching)
 - **security-scan** - GitHub Actions workflow security (runs zizmor scanner)
-- **documentation-scan** - README accuracy, outdated examples, incorrect package names, missing documentation
+- **documentation-scan** - README accuracy, outdated examples, incorrect package names, missing documentation, junior developer friendliness (beginner-friendly explanations, troubleshooting, getting started guides)
 
 All agent prompts follow Claude best practices with <context>, <instructions>, <pattern>, <output_format>, and <quality_guidelines> tags.