Audits code for Outfitter Stack compliance including Result types, error handling, logging patterns, and path safety. Use for pre-commit reviews, code quality checks, migration validation, or when "audit", "check compliance", "review stack", or "stack patterns" are mentioned.
View on GitHubplugins/outfitter-stack/skills/stack-review/SKILL.md
February 1, 2026
Select agents to install to:
npx add-skill https://github.com/outfitter-dev/agents/blob/main/plugins/outfitter-stack/skills/stack-review/SKILL.md -a claude-code --skill stack-reviewInstallation paths:
.claude/skills/stack-review/# Stack Compliance Review
Audit code for @outfitter/* pattern compliance.
## 6-Step Audit Process
### Step 1: Scan for Anti-Patterns
Run searches to identify issues:
```bash
# Thrown exceptions (Critical)
rg "throw new" --type ts
# try/catch control flow (Critical)
rg "try \{" --type ts
# Console usage (High)
rg "console\.(log|error|warn)" --type ts
# Hardcoded paths (High)
rg "(homedir|~\/\.)" --type ts
# Custom error classes (Medium)
rg "class \w+Error extends Error" --type ts
```
### Step 2: Review Handler Signatures
Check each handler for:
- Returns `Result<T, E>` not `Promise<T>`
- Has context parameter as second argument
- Error types explicitly listed in union
- Uses `Handler<TInput, TOutput, TError>` type
```bash
# Find handlers
rg "Handler<" --type ts -A 2
# Find missing context
rg "Handler<.*> = async \(input\)" --type ts
```
### Step 3: Check Error Usage
Verify errors:
- Use `@outfitter/contracts` classes
- Have correct category for use case
- Include appropriate details
- Are returned via `Result.err()`, not thrown
### Step 4: Validate Logging
Check logging:
- Uses `ctx.logger`, not console
- Metadata is object, not string concatenation
- Sensitive fields would be redacted
- Child loggers used for request context
### Step 5: Check Path Safety
Verify paths:
- User paths validated with `securePath()`
- XDG helpers used (`getConfigDir`, etc.)
- Atomic writes for file modifications
- No hardcoded home paths
### Step 6: Review Context
Check context:
- `createContext()` at entry points
- Context passed through handler chain
- `requestId` used for tracing
## Quick Audit
```bash
# Critical issues (count)
rg "throw new|catch \(" --type ts -c
# Console usage (count)
rg "console\.(log|error|warn)" --type ts -c
# Handler patterns
rg "Handler<" --type ts -A 2
```
## Checklist
### Result Types
- [ ] Handlers return `Result<T, E>`, not thrown exceptions
- [ ] Errors use taxonomy classes (`ValidationError`, `NotFoundError`, etc.)
- [ ] R