synaptiai/convention-enforcement
plugins/flow/skills/convention-enforcement/SKILL.md
Validate git conventions (commit messages, branch naming, PR format, issue linkage) by detecting project-specific rules from CLAUDE.md and settings, inferring patterns from recent history. Use when creating commits, preparing PRs, or reviewing for convention compliance. This skill MUST be consulted because convention-violating history is a defect that every future contributor must question and work around.
$ install --global
skillsauthnpx skillsauth add synaptiai/synapti-marketplace convention-enforcementInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 7, 2026, 4:43 AM147.0s1 file scanned
SKILL.md
- name:
- convention-enforcement
- description:
- Validate git conventions (commit messages, branch naming, PR format, issue linkage) by detecting project-specific rules from CLAUDE.md and settings, inferring patterns from recent history. Use when creating commits, preparing PRs, or reviewing for convention compliance. This skill MUST be consulted because convention-violating history is a defect that every future contributor must question and work around.
- allowed-tools:
- Bash, Read
- context:
- fork
- agent:
- Explore
Convention Enforcement
Domain skill for validating git conventions across the development workflow.
Iron Law
CONVENTIONS ARE NOT OPTIONAL. A commit that violates project conventions is a defective commit, regardless of code quality.
History that violates conventions is history that every future contributor must question and work around.
Convention Sources (Priority Order)
- CLAUDE.md — Project-specific overrides (highest priority)
- settings.flow.json — Plugin configuration
- Defaults — Built-in conventions (lowest priority)
CLAUDE_MD=""
[ -f ".claude/CLAUDE.md" ] && CLAUDE_MD=".claude/CLAUDE.md"
[ -z "$CLAUDE_MD" ] && [ -f "CLAUDE.md" ] && CLAUDE_MD="CLAUDE.md"
Commit Message Validation
Format
<type>(<scope>): <subject>
[optional body]
[optional footer]
Rules
- Type: Must be one of configured
conventions.commitTypes(default: feat, fix, docs, style, refactor, test, chore, perf, ci, build, revert, improve) - Scope: Optional, parenthesized, lowercase
- Subject: Imperative mood, no period
- Body: Separated by blank line
Validation
DEFAULT_BRANCH=$(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name' 2>/dev/null || echo "main")
git log --format="%s" "$DEFAULT_BRANCH"..HEAD
Check each commit subject against the format regex:
^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert|improve)(\(.+\))?: .+$
Branch Naming Validation
Check current branch against configured patterns:
BRANCH=$(git branch --show-current)
Valid patterns (from conventions.branchPatterns):
feature/issue-{N}-{desc}— alphanumeric + hyphensfix/issue-{N}-{desc}docs/issue-{N}-{desc}
Invalid:
- Spaces or special characters
- Missing issue number (unless explicitly configured)
- Direct commits to default branch
PR Format Validation
A valid PR must have:
- Title matching conventional commit format
- Body with at least: Summary section, linked issue reference
- Labels (at least one)
- No draft status when requesting review
Issue Linkage
Every branch should link to an issue:
ISSUE_NUM=$(echo "$BRANCH" | grep -oE 'issue-[0-9]+' | grep -oE '[0-9]+')
[ -n "$ISSUE_NUM" ] && gh issue view "$ISSUE_NUM" --json state --jq '.state' 2>/dev/null
Warn if:
- Branch has no issue number
- Linked issue is closed
- Linked issue is assigned to someone else
Project-Specific Detection
Infer conventions from existing patterns:
# Infer from recent commits
git log --oneline -20 --format="%s"
# Infer from existing branches
git for-each-ref --sort=-committerdate --format='%(refname:short)' refs/remotes/origin/ | head -10
If project uses different conventions (e.g., feat/123-description instead of feature/issue-123-description), adapt validation accordingly and note in output.
Output
Report all violations with severity:
| Violation | Severity | Fix |
|-----------|----------|-----|
| Non-conventional commit message | P2 | Amend or reword |
| Wrong branch naming | P3 | Note only (too late to rename) |
| Missing issue linkage | P2 | Add Closes #N to PR body |
| Missing PR labels | P3 | Add during PR creation |
Rationalization Prevention
| Excuse | Response | |--------|----------| | "The convention doesn't apply to this type of change" | Check the config. If the convention is configured, it applies. | | "I'll fix the commit message later" | Later doesn't exist in git history. Fix it now. |
Related Skills
synaptiai/workflow-validation
tools
VerifiedTrustedCommunity
Validate a FlowWorkflow YAML at `plugins/flow/workflows/<id>.workflow.yaml` against `schemas/v1/workflow.schema.json` AND cross-reference the referenced skills/agents exist + every Tier 3 action is confirm-gated + no native /goal or /loop dependency is declared. Use when /flow:workflow validate is invoked, when CI runs the workflow schema gates, or when a new workflow is being authored. This skill MUST be consulted because schema validation alone catches shape errors; cross-reference validation catches the silent-correctness failures (typo'd skill name, Tier 3 escape, /goal dependency) that would otherwise ship to users.
5SKILL.mdUpdated May 23, 2026
synaptiai/visual-verification
tools
VerifiedTrustedCommunity
Verify UI-facing changes by running a screenshot-analyze-verify loop across configured viewports, with a browser-tool priority cascade (Playwright MCP → Chrome DevTools MCP → CLI fallback → external skill fallback) and bounded iteration. Use after build/runtime verification passes and the diff includes `.tsx`/`.jsx`/`.vue`/`.html`/`.css`/`.scss`/`.svelte` files OR the acceptance criteria mention UI/page/render/display/visual. This skill MUST be consulted because UI changes that pass build and unit tests can still ship blank pages, render-blocking console errors, or broken responsive layouts that no other verification phase catches.
5SKILL.mdUpdated May 7, 2026
synaptiai/team-coordination
data-ai
VerifiedTrustedCommunity
Coordinate agent teams for adversarial review (paired skeptic/verifier per facet, challenge round with disposition vocabulary, consolidated findings with confidence) or parallel implementation (task sizing 5-6 per teammate, non-overlapping files). Enforces independent analysis before shared conclusions. Reference only (`disable-model-invocation: true`); loaded only when `agentTeams: true` in settings.
5SKILL.mdUpdated Apr 15, 2026
synaptiai/code-review-methodology
development
VerifiedTrustedCommunity
Conduct two-stage code review: Stage 1 verifies spec compliance (criterion-to-code mapping), Stage 2 evaluates security, correctness, performance, and maintainability across 6 parallel facets with P1/P2/P3 synthesis and deduplication by file:line. Use when reviewing code changes or pull requests. This skill MUST be consulted because reviewing quality on broken logic is wasted effort, and unmet acceptance criteria must block merge.
5SKILL.mdUpdated Apr 15, 2026