Skip to content

playbookTV/Ironclad

Repository files navigation

Ironclad Agent Skills

Agent-agnostic operating procedures for reviewing, debugging, testing, refactoring, and hardening software.

Ironclad is a suite of structured skills for coding agents. Each skill gives an agent a method, an evidence standard, a verification protocol, and a clear burden of proof.

These are not prompt snippets. They are operating procedures designed to stop agents from jumping from plausible observation to confident action.

The suite

Skill Epistemology Use it when
App Audit Determine whether the product is safe enough to ship within tested scope You need broad release-readiness coverage across security, reliability, concurrency, accessibility, browser behaviour, and UI consistency
Bug Hunter Prove the causal chain A bug, crash, regression, flaky test, intermittent failure, or incorrect result needs diagnosis
Test Architect Prove risk coverage, not line coverage You need a test strategy, gap analysis, or a decision about the correct test boundary
UX Torture Test Prove observable user harm, not aesthetic opinion You need to stress an interface across journeys, states, responsive extremes, accessibility, hostile content, and failure conditions
Refactor Guardian Prove necessity, then prove behavioural preservation A refactor, migration, cleanup, modernisation, extraction, or rewrite is being proposed
Auth Archon Never trust the apparent boundary. Build the graph, then attack the graph Work touches login, sessions, roles, permissions, tenants, recovery, federation, API keys, service accounts, or machine authority

Shared operating arc

Every skill inherits a common discipline:

Explore
  ↓
Model
  ↓
Declare scope
  ↓
Investigate
  ↓
Gather evidence
  ↓
Verify adversarially
  ↓
Act
  ↓
Re-test
  ↓
Close explicitly

The shared arc does not make the skills interchangeable. Each has a different burden of proof.

A debugger proves causality. A test strategist proves risk coverage. An auth reviewer proves or disproves authority boundaries. A UX reviewer proves observable harm. A refactor reviewer proves necessity and preservation.

Repository structure

ironclad-agent-skills/
├── skills/
│   ├── app-audit/
│   │   ├── SKILL.md
│   │   ├── references/
│   │   └── app-audit.skill
│   ├── bug-hunter/
│   ├── test-architect/
│   ├── ux-torture-test/
│   ├── refactor-guardian/
│   └── auth-archon/
├── docs/
│   ├── architecture.md
│   ├── using-the-skills.md
│   ├── evidence-standard.md
│   ├── severity-model.md
│   ├── verification-protocol.md
│   └── creating-a-skill.md
├── examples/
├── .github/
├── CONTRIBUTING.md
├── SECURITY.md
└── LICENSE

Each skill directory contains both readable source and a packaged .skill artifact.

Installation

Ironclad skills are agent-agnostic. Install them by copying one or more skills/<name>/ directories into the skill directory used by your target agent. Each installed skill should keep SKILL.md at its root.

For a generic installer:

scripts/install-skills.sh --dest /path/to/agent/skills

For npm-based distribution:

npx ironclad-agent-skills --dest /path/to/agent/skills

See docs/installation.md for selected-skill installs, replacement behavior, NPX usage, and the neutral ironclad-skills.json manifest.

Quick start

Choose the skill that matches the job, then instruct the agent to follow it against the relevant repository and runtime.

Example:

Use Bug Hunter for this issue.

Do not change production behaviour during discovery. Reproduce the failure, minimise it, trace the actual execution path, test competing causal hypotheses, and establish the root cause before proposing a fix.

After root cause is established, propose the smallest safe correction, add regression protection, and re-run the original reproduction.

For an authorization review:

Use Auth Archon.

Build the Identity and Authority Graph first. Then test the declared boundaries across actor, resource, action, tenant, channel, and lifecycle state. Do not treat UI reachability as evidence of authorization.

Status language

The suite uses explicit closure language such as:

  • CONFIRMED
  • FIXED AND VERIFIED
  • MITIGATED
  • CANNOT REPRODUCE
  • PARTIAL
  • NEEDS INVESTIGATION
  • NOT TESTED
  • NOT WORTH TESTING
  • DO NOT REFACTOR
  • ACCEPTED RISK

A limited successful review should use:

PASS WITHIN TESTED SCOPE

It should not claim that an entire product is secure, accessible, compliant, correct, or resilient.

Multi-agent use

For deeper work:

  1. Run reconnaissance and establish a verified system map.
  2. Give specialists the same verified context and declared scope.
  3. Keep discovery passes independent where possible.
  4. Normalise duplicate findings without erasing distinct failure modes.
  5. Send important claims to a fresh verifier.
  6. Allow verified findings into the confirmed section.
  7. Remediate in controlled phases.
  8. Re-run the original attack, reproduction, invariant, journey, or migration checkpoint.

What Ironclad is not

Ironclad does not replace professional penetration testing, legal or compliance review, specialist accessibility certification, production observability, human judgement, or domain expertise.

The suite exists to improve agent discipline, evidence quality, reproducibility, and engineering decision-making.

Contributing

New skills must introduce a distinct job and burden of proof. A renamed checklist or themed copy of an existing skill will not be accepted.

See CONTRIBUTING.md and docs/creating-a-skill.md.

License

MIT.

About

Agent-agnostic operating procedures for reviewing, debugging, testing, refactoring, and hardening software.

Topics

Resources

License

Code of conduct

Contributing

Security policy

Stars

6 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors