Agent-agnostic operating procedures for reviewing, debugging, testing, refactoring, and hardening software.
Ironclad is a suite of structured skills for coding agents. Each skill gives an agent a method, an evidence standard, a verification protocol, and a clear burden of proof.
These are not prompt snippets. They are operating procedures designed to stop agents from jumping from plausible observation to confident action.
| Skill | Epistemology | Use it when |
|---|---|---|
| App Audit | Determine whether the product is safe enough to ship within tested scope | You need broad release-readiness coverage across security, reliability, concurrency, accessibility, browser behaviour, and UI consistency |
| Bug Hunter | Prove the causal chain | A bug, crash, regression, flaky test, intermittent failure, or incorrect result needs diagnosis |
| Test Architect | Prove risk coverage, not line coverage | You need a test strategy, gap analysis, or a decision about the correct test boundary |
| UX Torture Test | Prove observable user harm, not aesthetic opinion | You need to stress an interface across journeys, states, responsive extremes, accessibility, hostile content, and failure conditions |
| Refactor Guardian | Prove necessity, then prove behavioural preservation | A refactor, migration, cleanup, modernisation, extraction, or rewrite is being proposed |
| Auth Archon | Never trust the apparent boundary. Build the graph, then attack the graph | Work touches login, sessions, roles, permissions, tenants, recovery, federation, API keys, service accounts, or machine authority |
Every skill inherits a common discipline:
Explore
↓
Model
↓
Declare scope
↓
Investigate
↓
Gather evidence
↓
Verify adversarially
↓
Act
↓
Re-test
↓
Close explicitly
The shared arc does not make the skills interchangeable. Each has a different burden of proof.
A debugger proves causality. A test strategist proves risk coverage. An auth reviewer proves or disproves authority boundaries. A UX reviewer proves observable harm. A refactor reviewer proves necessity and preservation.
ironclad-agent-skills/
├── skills/
│ ├── app-audit/
│ │ ├── SKILL.md
│ │ ├── references/
│ │ └── app-audit.skill
│ ├── bug-hunter/
│ ├── test-architect/
│ ├── ux-torture-test/
│ ├── refactor-guardian/
│ └── auth-archon/
├── docs/
│ ├── architecture.md
│ ├── using-the-skills.md
│ ├── evidence-standard.md
│ ├── severity-model.md
│ ├── verification-protocol.md
│ └── creating-a-skill.md
├── examples/
├── .github/
├── CONTRIBUTING.md
├── SECURITY.md
└── LICENSE
Each skill directory contains both readable source and a packaged .skill artifact.
Ironclad skills are agent-agnostic. Install them by copying one or more
skills/<name>/ directories into the skill directory used by your target agent.
Each installed skill should keep SKILL.md at its root.
For a generic installer:
scripts/install-skills.sh --dest /path/to/agent/skillsFor npm-based distribution:
npx ironclad-agent-skills --dest /path/to/agent/skillsSee docs/installation.md for selected-skill installs, replacement behavior,
NPX usage, and the neutral ironclad-skills.json manifest.
Choose the skill that matches the job, then instruct the agent to follow it against the relevant repository and runtime.
Example:
Use Bug Hunter for this issue.
Do not change production behaviour during discovery. Reproduce the failure, minimise it, trace the actual execution path, test competing causal hypotheses, and establish the root cause before proposing a fix.
After root cause is established, propose the smallest safe correction, add regression protection, and re-run the original reproduction.
For an authorization review:
Use Auth Archon.
Build the Identity and Authority Graph first. Then test the declared boundaries across actor, resource, action, tenant, channel, and lifecycle state. Do not treat UI reachability as evidence of authorization.
The suite uses explicit closure language such as:
CONFIRMEDFIXED AND VERIFIEDMITIGATEDCANNOT REPRODUCEPARTIALNEEDS INVESTIGATIONNOT TESTEDNOT WORTH TESTINGDO NOT REFACTORACCEPTED RISK
A limited successful review should use:
PASS WITHIN TESTED SCOPE
It should not claim that an entire product is secure, accessible, compliant, correct, or resilient.
For deeper work:
- Run reconnaissance and establish a verified system map.
- Give specialists the same verified context and declared scope.
- Keep discovery passes independent where possible.
- Normalise duplicate findings without erasing distinct failure modes.
- Send important claims to a fresh verifier.
- Allow verified findings into the confirmed section.
- Remediate in controlled phases.
- Re-run the original attack, reproduction, invariant, journey, or migration checkpoint.
Ironclad does not replace professional penetration testing, legal or compliance review, specialist accessibility certification, production observability, human judgement, or domain expertise.
The suite exists to improve agent discipline, evidence quality, reproducibility, and engineering decision-making.
New skills must introduce a distinct job and burden of proof. A renamed checklist or themed copy of an existing skill will not be accepted.
See CONTRIBUTING.md and docs/creating-a-skill.md.
MIT.