Scan the codebase for undocumented trust boundaries, abstractions, and patterns, then update ARCHITECTURE.md with human-approved entries.
/cdocs and the codebase structure has changed/csetup for initial populationRuns after features are merged and documented. Keeps the living architecture document accurate so that future /cspec, /creview-spec, and /caudit runs have correct context. Stale architecture docs cause every downstream skill to make wrong assumptions.
Requires high intensity or above.
docs/architecture/ if it exceeds ~5000 wordsAfter landing an OAuth2 integration, you run /cupdate-arch.
The agent scans the codebase and finds three undocumented items:
TB-004: OAuth2 Token Exchange — a new trust boundary where the app exchanges authorization codes with the identity provider. The agent drafts an entry noting the identity assertion method (PKCE + state parameter) and the invariant that authorization codes must be single-use.
ABS-007: HTTP Client Wrapper — a wrapper module enforcing timeout and retry policies that 8 call sites use but ARCHITECTURE.md does not mention. The entry notes the invariant “all external HTTP calls go through this wrapper” and the violation condition “direct http.Get calls bypassing the wrapper.”
PAT-005: Config-Then-Wire — a pattern repeated in 6 places where config structs are parsed and then wired to handlers. The entry notes the violation condition “config parsed but wiring call omitted.”
You approve TB-004 and ABS-007, reject PAT-005 as too granular. ARCHITECTURE.md is updated with the two new entries.
| Reads | Writes |
|---|---|
ARCHITECTURE.md |
ARCHITECTURE.md (updated entries) |
.correctless/specs/*.md |
docs/architecture/*.md (fragments, if size threshold exceeded) |
docs/verification/*.md |
|
| Source code (scan for patterns) |
Each entry follows a structured format with required fields:
| Type | Prefix | Required Fields |
|---|---|---|
| Trust Boundary | TB-xxx | Crosses, identity assertion, data sensitivity change, invariant, violated-when |
| Abstraction | ABS-xxx | What, invariant, enforced-at, violated-when, test |
| Pattern | PAT-xxx | Rule, violated-when, test |
| Environment Assumption | ENV-xxx | Runtime assumption, invariant, violated-when |
This skill requires high intensity or above. At standard intensity, architecture documentation is maintained manually. The structured scanning and entry drafting require the extended agent pipeline for context.
docs/architecture/ with links from the root file./cupdate-arch. It scans the codebase fresh each time. Partially written entries can be reviewed and corrected on the next run.