Agent Teams Simplify & Harden
Install
CODEBLOCK0
A two-phase team loop that produces production-quality code: implement, then audit using simplify + harden passes, then fix audit findings, then re-audit, repeating until the codebase is solid or the loop cap is reached.
When to Use
- - Implementing multiple features from a spec or plan
- Hardening a codebase after a batch of changes
- Fixing a list of issues or gaps identified in a review
- Any task touching 5+ files where quality gates matter
The Pattern
CODEBLOCK1
Loop Limits and Exit Conditions
The loop exits when ANY of these are true:
- 1. Clean audit: All auditors report zero findings
- Low-only round: All findings in a round are severity
low -- fix them inline (team lead or a single impl agent) and exit without re-auditing - Loop cap reached: 3 audit rounds have completed. After the third round, fix remaining critical/high findings inline and exit. Log any unresolved medium/low findings in the final summary.
Budget guidance: Track the cumulative diff growth across rounds. If fix rounds have added more than 30% on top of the original implementation diff, tighten the scope: skip medium/low simplify findings and focus only on harden patches and spec gaps.
Step-by-Step Procedure
1. Create the Team
CODEBLOCK2
2. Create Tasks
Break the work into discrete, parallelizable tasks. Each task should be independent enough for one agent to complete without blocking on others.
CODEBLOCK3
Set up dependencies if needed:
�CODEBLOCK4
3. Spawn Implementation Agents
Spawn general-purpose agents (they can read, write, and edit files). One per task or one per logical group. Run them in parallel.
CODEBLOCK5
4. Wait for Implementation to Complete
Monitor agent messages. When all implementation agents report done:
- 1. Run compile/type checks to verify clean build
- Run tests to verify all pass
- If either fails, fix or assign fixes before proceeding
Before spawning auditors, collect the list of files modified in this session:
git diff --name-only <base-branch> # or: git diff --name-only HEAD~N
You will pass this file list to each auditor.
5. Spawn Audit Agents
Spawn Explore agents (read-only -- they cannot edit files, which prevents them from "fixing" issues silently). Each auditor covers a different concern using the Simplify & Harden methodology.
Recommended audit dimensions:
| Auditor | Focus | Mindset |
|---|
| simplify-auditor | Code clarity and unnecessary complexity | "Is there a simpler way to express this?" |
| harden-auditor |
Security and resilience gaps | "If someone malicious saw this, what would they try?" |
|
spec-auditor | Implementation vs spec/plan completeness | "Does the code match what was asked for?" |
Simplify Auditor
CODEBLOCK7
Harden Auditor
CODEBLOCK8
Spec Auditor
CODEBLOCK9
6. Process Audit Findings
Collect findings from all auditors. For each finding:
- - Critical/High: Create a task and assign to an implementation agent
- Medium: Create a task, include in next implementation round
- Low/Cosmetic: Include in next round only if trivial to fix; otherwise note in the final summary and skip
Refactor gate: For findings categorized as refactor or security refactor, evaluate whether the refactor is genuinely necessary before creating a task. The bar: "Would a senior engineer say the current state is clearly wrong, not just imperfect?" Reject refactor proposals that are style preferences or marginal improvements.
Exit check: If all findings in this round are severity low, fix them inline and skip re-auditing (see Loop Limits).
When creating fix tasks, bundle a document pass into each implementation agent's work:
After fixing your assigned issues, add up to 5 single-line comments
across the files you touched on non-obvious decisions:
- - Logic that needs more than 5 seconds of "why does this exist?" thought
- Workarounds or hacks, with context and a TODO for removal conditions
- Performance choices and why the current approach was picked
Do NOT comment on the audit fixes themselves -- only on decisions
from the original implementation that lack explanation.
This keeps the document pass lightweight and scoped. Auditors in subsequent rounds should not flag these comments as findings.
7. Loop
If there are findings to fix:
- 1. Create tasks from findings (include document pass instructions)
- Spawn implementation agents (or reuse idle ones via SendMessage)
- Wait for fixes
- Run compile + test verification
- Check loop limits (see "Loop Limits and Exit Conditions")
- If not exiting: spawn audit agents again (fresh agents, not reused -- clean context)
- Repeat
8. Final Verification and Summary
When exit conditions are met:
- 1. Compile / type check -- must be clean
- Tests -- must all pass
- No
// TODO or // FIXME comments introduced without corresponding tasks
Produce a final summary for the session:
CODEBLOCK10
Adapt the format to your context. The goal is a clear record of what was found, what was fixed, what was skipped and why, and what remains.
9. Cleanup
Send shutdown requests to all agents, then delete the team:
CODEBLOCK11
Agent Sizing Guide
| Codebase / Task Size | Impl Agents | Audit Agents |
|---|
| Small (< 10 files) | 1-2 | 2 (simplify + harden) |
| Medium (10-30 files) |
2-3 | 2-3 |
| Large (30+ files) | 3-5 | 3 (simplify + harden + spec) |
More agents = more parallelism but more coordination overhead. For most tasks, 2-3 implementation agents and 2-3 auditors is the sweet spot.
Tips
- - Implementation agents should be
general-purpose -- they need write access - Audit agents should be
Explore -- read-only prevents them from silently "fixing" things, which defeats the purpose of auditing - Fresh audit agents each round -- don't reuse auditors from previous rounds; they carry context that biases them toward "already checked" areas
- Task descriptions must be specific -- include file paths, function names, exact behavior expected. Vague tasks produce vague implementations.
- Run compile + tests between phases -- don't spawn auditors on broken code; fix compilation/test errors first
- Keep the loop tight -- if auditors find only 1-2 low-severity cosmetic issues, fix them yourself instead of spawning a full implementation round
- Assign tasks before spawning -- set
owner on tasks via TaskUpdate so agents know what to work on immediately - Simplify-first posture -- when processing audit findings, prioritize cosmetic cleanups that reduce noise before tackling refactors. Cleanup is the default, refactoring is the exception
- Security over style -- when budget or time is constrained, prioritize harden findings over simplify findings
- Pass the file list -- always give auditors the explicit list of modified files. Don't rely on them figuring out scope on their own.
Example: Implementing Spec Features
CODEBLOCK12
Quality Gates (Non-Negotiable)
These must pass before the loop can exit:
- 1. Clean compile / type check -- zero errors
- Tests -- zero failures
- Exit condition met (clean audit, low-only round, or loop cap reached with critical/high findings resolved)
- No
// TODO or // FIXME comments introduced without corresponding tasks
Agent Teams 简化与加固
安装
bash
npx skills add pskoett/pskoett-ai-skills/agent-teams-simplify-and-harden
一个两阶段团队循环,用于生成生产级代码:实现,然后使用简化+加固流程进行审计,然后修复审计发现,然后重新审计,重复直到代码库稳固或达到循环上限。
何时使用
- - 根据规范或计划实现多个功能
- 在一批更改后加固代码库
- 修复审查中发现的问题或差距列表
- 任何涉及5个以上文件且质量门控重要的任务
模式
┌──────────────────────────────────────────────────────────┐
│ 团队负责人(你) │
│ │
│ 阶段1:实现(+ 修复轮次的文档记录) │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ impl-1 │ │ impl-2 │ │ impl-3 │ ... │
│ │(通用 │ │(通用 │ │(通用 │ │
│ │ 用途) │ │ 用途) │ │ 用途) │ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ ┌─────────────────────────────────────┐ │
│ │ 验证:编译 + 测试 │ │
│ └─────────────────────────────────────┘ │
│ │ │
│ 阶段2:简化与加固审计 │
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
│ │ 简化 │ │ 加固 │ │ 规范 │ ... │
│ │ 审计器 │ │ 审计器 │ │ 审计器 │ │
│ │(探索型)│ │(探索型)│ │(探索型)│ │
│ └──────────┘ └──────────┘ └──────────┘ │
│ │ │ │ │
│ ▼ ▼ ▼ │
│ 退出条件是否满足? │
│ 是 → 生成摘要。发布。 │
│ 否 → 返回阶段1,将发现作为任务处理 │
│ (最多3轮审计) │
└──────────────────────────────────────────────────────────┘
循环限制与退出条件
当以下任一条件成立时,循环退出:
- 1. 干净审计:所有审计器报告零发现
- 仅低严重性轮次:一轮中所有发现均为低严重性——内联修复它们(由团队负责人或单个实现代理处理),无需重新审计即可退出
- 达到循环上限:已完成3轮审计。第三轮后,内联修复剩余的严重/高严重性发现并退出。在最终摘要中记录任何未解决的中/低严重性发现。
预算指导: 跟踪各轮次的累积差异增长。如果修复轮次在原始实现差异基础上增加了超过30%,则缩小范围:跳过中/低严重性的简化发现,仅关注加固补丁和规范差距。
分步流程
1. 创建团队
TeamCreate:
team_name: <项目>-harden
description: 实现并加固<描述>
2. 创建任务
将工作分解为离散的、可并行化的任务。每个任务应足够独立,以便一个代理可以完成而不阻塞其他代理。
TaskCreate for each unit of work:
subject: 实现<具体内容>
description: 详细需求、文件路径、验收标准
activeForm: 正在实现<内容>
如果需要,设置依赖关系:
TaskUpdate: { taskId: 2, addBlockedBy: [1] }
3. 生成实现代理
生成通用代理(它们可以读取、写入和编辑文件)。每个任务或每个逻辑组一个。并行运行它们。
Task tool (spawn teammate):
subagent_type: general-purpose
team_name: <项目>-harden
name: impl-<区域>
mode: bypassPermissions
prompt: |
你是<项目>-harden团队的一个实现代理。
你的名字是impl-<区域>。
检查TaskList中分配给你的任务并完成它们。
完成每个任务后,标记为已完成并检查更多任务。
质量门控:
- 代码必须干净编译(替换你项目的编译命令,
例如 bunx tsc --noEmit, cargo build, go build ./...)
- 测试必须通过(替换你项目的测试命令,
例如 bun test, pytest, go test ./...)
- 遵循现有代码模式和约定
当所有任务完成后,通知团队负责人。
4. 等待实现完成
监控代理消息。当所有实现代理报告完成时:
- 1. 运行编译/类型检查以验证干净构建
- 运行测试以验证全部通过
- 如果任一失败,在继续之前修复或分配修复
在生成审计器之前,收集本次会话中修改的文件列表:
bash
git diff --name-only <基础分支> # 或:git diff --name-only HEAD~N
你将把这个文件列表传递给每个审计器。
5. 生成审计代理
生成探索型代理(只读——它们不能编辑文件,这防止它们静默地修复问题)。每个审计器使用简化与加固方法论覆盖不同的关注点。
推荐的审计维度:
| 审计器 | 关注点 | 心态 |
|---|
| 简化审计器 | 代码清晰度和不必要的复杂性 | 有没有更简单的方式来表达这个? |
| 加固审计器 |
安全性和韧性差距 | 如果恶意的人看到这个,他们会尝试什么? |
|
规范审计器 | 实现与规范/计划的完整性 | 代码是否符合要求? |
简化审计器
Task tool (spawn teammate):
subagent_type: Explore
team_name: <项目>-harden
name: simplify-auditor
prompt: |
你是<项目>-harden团队的一个简化审计器。
你的名字是simplify-auditor。
你的工作是发现不必要的复杂性——而不是修复它。你是只读的。
范围:仅审查以下文件(本次会话中修改的)。
不要在其他文件中标记问题,即使你注意到它们。
要审查的文件:
<粘贴文件列表>
新鲜视角开始(必须):在报告发现之前,用新鲜视角重新阅读所有
列出的更改代码,并主动寻找明显的错误、错误、令人困惑的逻辑、
脆弱的假设、命名问题和遗漏的加固机会。
审查每个文件并检查:
1. 死代码和脚手架——调试日志、注释掉的尝试、未使用的导入、
迭代遗留的临时变量
2. 命名清晰度——函数名、变量和参数在新鲜阅读时不够清晰
3. 控制流——可以扁平化的嵌套条件、可以替代深层嵌套的提前返回、
可以简化的布尔表达式
4. API表面——应该私有的公共方法/函数、不必要的暴露
5. 过度抽象——当前范围不合理的类、接口或包装函数。
代理倾向于过度工程化。
6. 合并——分布在多个函数/文件中可以放在一处的逻辑
对于每个发现,分类为:
- 外观性(死代码、未使用的导入、命名、控制流、可见性降低)
——低风险,易于修复
- 重构(合并、重组、抽象更改)
——仅在真正必要时标记,而不是仅仅稍微好一点。
标准:高级工程师会说当前状态明显错误,而不仅仅是不完美吗?
对于每个发现报告:
1. 文件和行号
2. 类别(外观性或重构)
3. 问题是什么
4. 应该是什么(具体修复,而非模糊)
5. 严重性:高 / 中 / 低
如果你注意到范围外文件的问题,在末尾范围外观察下单独列出。
在范围内要彻底。检查每个列出的文件。
完成后,将你的完整发现发送给团队负责人。
如果你发现零个范围内问题,明确说明。
加固审计器
Task tool (spawn teammate):
subagent_type: Explore
team_name: <项目>-harden
name: harden-auditor
prompt: |
你是<项目>-harden团队的一个安全/加固审计器。
你的名字是harden-auditor。
你的工作是发现安全性和韧性差距——而不是修复它们。
你是只读的。
范围:仅审查以下文件(本次会话中修改的)。
不要在其他文件中标记问题,即使你注意到它们。
要审查的文件:
<粘贴
