--- name: self-validation-loop description: | After generating code, automatically spawn validator agents in parallel (test-generator + code-reviewer + security-auditor) to catch issues before the user runs the code. If any validator finds a problem, the loop iterates: regenerate β†’ revalidate β†’ up to N attempts. Stops only when all validators sign off OR max attempts reached. Use when: - code-generator just produced new code - large refactor was just applied - migration was just written - security-sensitive code path was touched (auth, crypto, payments) - code was generated without tests already in scope --- # Self-Validation Loop β€” Trust, but Verify (Automatically) The fastest way to ship broken code is to skip validation. The fastest way to ship correct code is to validate so consistently it becomes muscle memory. This skill makes that muscle memory automatic. ## Trigger Conditions ``` ALWAYS trigger after: - code-generator agent completes - migration-generator agent completes - terraform-generator agent completes - refactor-master applies a 🟠/πŸ”΄ tier refactor - Edits to files matching: auth/, payments/, crypto/, security/ OPTIONALLY trigger after: - Any Edit/Write that exceeds 50 LOC delta - Any commit prep step DON'T trigger for: - Single-line typo fixes - Documentation-only changes - Test file changes (tests validate code, not vice versa) - Dependencies-only changes (lockfile bumps, etc.) ``` ## Validator Panel ``` DEFAULT (3 validators in parallel): - test-generator β†’ does coverage / does test suite pass? - code-reviewer β†’ quality, idioms, pitfalls? - security-auditor β†’ injection? auth bypass? secret leak? EXTENDED (add for sensitive code): - performance-analyzer β†’ hot path concerns? - db-doctor β†’ if SQL touched - accessibility-reviewer β†’ if UI touched ``` ## Loop Protocol ``` Loop (max 3 iterations): 1. SUBJECT under validation Capture: files changed, diff range, test command(s) for this stack 2. DISPATCH validators in parallel Each validator returns: VERDICT: PASS | FAIL | NEEDS_INFO FINDINGS: BLOCKING: 3. AGGREGATE - All PASS β†’ exit loop, mark VALIDATED - Any FAIL with BLOCKING β†’ enter remediation - Only NEEDS_INFO / non-blocking β†’ user reviews 4. REMEDIATE (if FAIL) - Group findings by file - Re-invoke the appropriate generator with the failure context as input: "Previous attempt failed validation: - : Generate a corrected version." - Apply, re-enter loop 5. STOP CONDITIONS - Validated (all PASS) β†’ DONE - Max iterations reached β†’ REPORT what's still failing, defer to user - Same finding repeats 2x β†’ STOP, escalate (likely needs human judgment) ``` ## Output Format Per iteration: ``` πŸ”„ SELF-VALIDATION β€” pass /3 test-generator: PASS (coverage 87%, all tests green) code-reviewer: FAIL (1 blocking: unhandled error path in handler.ts:42) security-auditor: PASS REMEDIATION: regenerating handler.ts with explicit error handling… ``` Final: ``` βœ… VALIDATED in passes Files: Tests: added/updated Reviewers' notes (non-blocking): - - ``` Or: ``` ⚠️ VALIDATION INCOMPLETE after 3 passes Outstanding issues: - : Recommendation: human review before merging. ``` ## Failure Escalation Heuristics ``` If the SAME validator surfaces the SAME finding 2 iterations in a row: β†’ escalate to human; auto-loop is not converging. If two DIFFERENT validators block on a CONFLICTING demand: (e.g., security-auditor wants strict input rejection, but test-generator's coverage tests rely on graceful tolerance) β†’ invoke `consensus-voting` skill to resolve. If validator can't run (env issue, missing deps): β†’ skip with NEEDS_INFO, note in output, don't fail the loop. ``` ## Anti-Patterns - Running validators sequentially (always parallel β€” they're independent) - Lowering the bar to make tests pass faster ("just delete the failing assert") - Treating "no findings" as "no issues" (also check coverage went up) - Looping > 3 times (you're not converging β€” stop and ask a human) - Ignoring NEEDS_INFO ("env can't run pytest") β€” at least flag it - Validator-on-validator (don't validate the test code with another test agent) ## Integration - Auto-trigger via PostToolUse hook for code-generator outputs (planned) - Pairs with `learning-loop` β€” if the same finding keeps appearing across sessions, persist the pattern as a project lesson - Feeds `release-manager` pre-flight: validated code passes pre-flight faster