Skills Guide

Vérification de Conformité OpenAI SDK

VérifiéSûr

Auditer des fichiers ou répertoires par rapport à la checklist de conformité OpenAI SDK (règles A1–A11). Génère un rapport Markdown avec preuves PASS/FAIL et corrections suggérées. Aide à appliquer les normes de la Kira Constitution et à détecter les violations comme le routage personnalisé, les schémas Zod manquants ou les catégories d'outils inappropriées.

Spar Skills Guide Bot
TestingIntermédiaire
8002/06/2026
Claude Code
#compliance#openai-sdk#audit#code-review#checklist

Recommandé pour

Claude CodeRevue de codeGénération de testsAudit de sécuritéIngénieur QA / testIngénieur sécurité

Notre avis

Audite un code source pour vérifier sa conformité à la checklist OpenAI SDK et génère un rapport Markdown.

Points forts

  • Automatise l'inspection de conformité SDK OpenAI.
  • Fournit des correctifs concrets pour chaque violation.
  • Respecte la hiérarchie de sévérité et les conditions d'arrêt.
  • Produit un rapport structuré avec preuves et suggestions.

Limites

  • Nécessite que la checklist existe au chemin spécifié.
  • Peut manquer des violations si le code utilise des motifs non détectables.
  • Ne couvre pas les migrations volumineuses ni les changements fonctionnels forts.
Quand l'utiliser

Lorsqu'on vous demande de vérifier la conformité d'un code contre les règles OpenAI SDK ou d'exécuter un audit de conformité.

Quand l'éviter

Pour des audits génériques non liés au SDK OpenAI ou lorsque la checklist cible est absente.

Analyse de sécurité

Sûr
Score qualité90/100

The skill is a compliance auditor that reads code, evaluates rules, and generates a Markdown report. It does not execute any code, system commands, or network requests, and there is no destructive or exfiltrating behavior. No security risks are present.

Aucun point d'attention détecté

Exemples

Full compliance audit
Run compliance check on the /src directory using the OpenAI SDK compliance checklist.
Check a single file
Check compliance of src/agents/orchestrator.py against OpenAI SDK rules.
Exhaustive audit
Audit my project for OpenAI SDK compliance with exhaustive mode, don't stop on first high severity.

name: COMPLIANCE_CHECK description: Apply the OpenAI SDK compliance checklist to audit files or directories and produce a Markdown report with findings and suggested fixes. Use when asked to "check compliance", "run compliance check", or "audit against OpenAI SDK rules".

COMPLIANCE CHECK

Owner: QA

Goal

Audit a target (file set or directory) against .claude/checklists/openai-sdk-compliance-checklist.yaml and deliver a Markdown report with evidence and actionable fixes.

Workflow

1. Load Inputs

  • Read target_path (file, directory, or list).
  • Respect context: apply strictly to agent implementations, tools, and orchestration code.

2. Evaluate Rules

  • Process rules top-down (A1 → A11).

  • Apply activation_hint and stop_condition:

    • Stop on first HIGH unless --exhaustive is requested.
    • Stop if findings_count > 25.

  • Enforce Kira Constitution and OpenAI Agents SDK standards:

    • A1. Primitives Only: Orchestration uses only run()/Runner.run() and handoff(); no extra verbs like routeAgent or pipeTo.
    • A2. Tool Categories Valid: Every tool is one of: Function | Hosted | Agent-as-Tool | MCP.
    • A3. No Custom Routing: No bespoke agent-to-agent communication (axios/fetch/custom) beyond SDK patterns.
    • A4. Tool Input Schema (Zod): All tools define parameters via tool({ parameters: z.object({...}) }).
    • A5. Structured Outputs (Zod): Agents with non-text outputs declare outputType: z.object({...}).
    • A6. Single RunContext<T>: One canonical RunContext<T> shared across agents/tools/guardrails.
    • A7. History Threading: Conversation history flows via result.history → next run().
    • A8. Model Settings Casing: Uses modelSettings.toolChoice (camelCase), not tool_choice.
    • A9. Tracing Enabled/Declared: Tracing wired to Langfuse (or explicitly disabled with rationale).
    • A10. Vision & Whisper Usage: Use OpenAI Vision for images/PDFs and Whisper for audio; custom file analysis only for text formats.
    • A11. Deterministic IDs via Context: IDs (userId, wid, aid, etc.) come from RunContext; never inferred or generated by agents.

  • For each rule:

    • Mark PASS/FAIL with evidence (file path + line/snippet).
    • For FAIL, provide a concrete fix that matches the rule’s fix guidance.
    • Preserve severity and autofix flags from the checklist.

3. Apply Lean Guards

  • Do not expand scope beyond meta.scope.
  • Prefer small, safe fixes.
  • Refactor only when required by a rule.
  • Skip large migrations.
  • If a standard conflicts with a functional requirement, flag it for manual review rather than forcing a breaking change.

4. Produce Report

  • Follow the checklist output_schema.
  • Include:
    • Summary: counts by severity + decision (READY | NEEDS_REVISION | BLOCKED).
    • Findings: list items with id, severity, file, symbol (if known), evidence, fix, autofix.
    • Suggestions: targeted next steps based on findings.

5. Save Output

  • Write Markdown to docs/qa/reports/compliance-{{target_slug}}.md.
  • Create directories if missing.

Anti-Patterns

  • Do not mark PASS without evidence.
  • Do not invent IDs, symbols, or file paths.
  • Do not ignore severity: HIGH violations.
  • Do not propose custom orchestration verbs or "clever" routing logic that bypasses the SDK.
  • Do not recommend using raw tool_choice or messages arrays without SDK types.
  • Do not allow UUID generation inside agents (must come from context).
Skills similaires

TDD Red-Green-Refactor

Testing

Skill qui guide Claude a travers le cycle TDD complet.

Claude CodeWindsurfintermediate
650
189
2,063
Admin

Audit d'Accessibilité Web

Testing

Réalise un audit d'accessibilité web complet selon les normes WCAG.

claudeCursorWindsurfintermediate
129
37
441
Admin

Générateur de Tests UAT

Testing

Génère des cas de test d'acceptation utilisateur structurés et complets.

claudechatgptintermediate
87
24
360
Admin