feat: add twelve-factor app skill and compliance audit agent#93
Conversation
Add a new `twelve-factor` skill with actionable TypeScript patterns for building 12-factor compliant services (config, dependencies, backing services, stateless processes, disposability, logging). Includes a `twelve-factor-audit` agent for auditing existing codebases against the methodology with compliance reports and prioritized suggestions. Greenfield projects must follow all factors; brownfield projects adopt incrementally with a prioritized adoption order. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skill fixes:
- Fix response.json() returning any — now validates through schema
- Fix config.QUEUE_URL compile error — removed undefined field
- Fix server.close() not awaited — now promisified
- Fix JSON.stringify(error) producing {} — proper error serialization
- Fix process.exit(0) after errors — exits non-zero on failure
- Add drain timeout to prevent hung shutdown processes
- Add health check endpoint pattern (/health, /ready)
- Add Factor VIII (Concurrency) — separate entry points, process types
- Add optional config and complex config examples (SENTRY_DSN, ALLOWED_ORIGINS)
- Add startup fail-fast with clear error message on invalid config
- Add request correlation ID to logging requirements
- Add setInterval/node-cron as stateless anti-pattern
- Expand brownfield adoption order (swap backing services before stateless)
- Broaden scope — applies to any deployed app, not just backend services
- Add code example to Dependencies section
Agent fixes:
- Scope explicitly to Node.js/TypeScript in description
- Add all 12 factors (was missing I, V, VIII)
- Add ORM detection patterns (Prisma, TypeORM, Drizzle, Sequelize)
- Add response patterns (full audit, quick health check, specific factor)
- Use Grep tool parameters instead of bash grep
- Add instruction to write report to file
- Improve false-positive guidance for statelessness checks
Documentation updates:
- README.md: Update all counts (15→16 skills, 9→10 agents, 21→22 total)
- README.md: Add twelve-factor to Key Sections table
- README.md: Add two entries to Skills Guide problem table
- README.md: Add full agent #10 section with audit table
- README.md: Add curl command for project-specific install
- README.md: Update Documentation section agent list
- agents/README.md: Add twelve-factor-audit to overview, decision table, summary
- install-claude.sh: Update summary message counts
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Skill: - Fix ALLOWED_ORIGINS default producing [''] instead of [] on empty string - Fix concurrency example referencing QUEUE_URL not in schema (use REDIS_URL) - Fix logger spread overwriting reserved keys (namespace under context) - Fix admin script missing try/finally for db cleanup - Fix shutdown signal type to 'SIGTERM' | 'SIGINT' union - Add Factor I (Codebase) section — one codebase per service, monorepo guidance - Add Factor V (Build/Release/Run) section — same artifact all envs, no baked config - Add dependency isolation rule (node_modules, not global installs) - Add backing services Pick<Config> for minimal surface - Add TDD integration section — how to test config, shutdown, backing services - Add codebase and build items to checklist - Cross-reference typescript-strict and testing skills in intro Agent: - Replace remaining bash grep commands with proper Bash alternatives - Add false-positive guidance for Factors II, III, IV, VI, XI Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Clarify service-only scope and correct grep/lockfile instructions to avoid false audit results. Align README terminology with the agents' workflow guidance.
Automated PR ReviewSummary
Recommendation: APPROVE CI: OpenCode Compatibility check passes. What's GoodThis is a well-structured documentation and tooling PR. The content quality is high throughout. Skill content (
Agent content (
Integration:
Suggestions (Nice to Have)
The
The Grep pattern for Generated by pr-reviewer agent |
Summary
twelve-factorskill (377 lines) with actionable TypeScript patterns for building 12-factor compliant applications — covers all 12 factors with code examples, anti-patterns, and a verification checklisttwelve-factor-auditagent (330 lines) for auditing existing Node.js/TypeScript codebases against the 12-factor methodology — produces structured compliance reports with file/line citations, code suggestions, and prioritized action plans/setupcommand for automatic detection of 12-factor patterns (Dockerfile, docker-compose, Procfile, .env.example, Kubernetes manifests)install-claude.sh(16 skills, 10 agents),README.md, andagents/README.mdwith all counts, tables, and listingsKey design decisions
Pick<Config>for minimal surface, noanytypesFiles changed
claude/.claude/skills/twelve-factor/SKILL.mdclaude/.claude/agents/twelve-factor-audit.mdclaude/.claude/CLAUDE.mdclaude/.claude/commands/setup.mdclaude/.claude/agents/README.mdREADME.mdinstall-claude.sh.changeset/twelve-factor-skill.mdTest plan
stow claudesucceeds,~/.claude/skills/twelve-factor/SKILL.mdis symlinkedgrep twelve-factor ~/.claude/CLAUDE.mdshows catalog entry and workflow reference./install-claude.sh --skills-onlyincludes the new skilltwelve-factor-auditagent against an existing service project/setupon a project with a Dockerfile to verify 12-factor detection🤖 Generated with Claude Code