← Back to Skills Marketplace
Architecture Governance
by
jerry-guo-mys
· GitHub ↗
· v1.0.0
248
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install architecture-governance
Description
架构治理专家。基于六大维度评价系统健康度,生成治理任务与报告。触发:架构健康度评估、技术债务识别、治理规划、架构评审、系统对比、治理周报/月报。
README (SKILL.md)
Architecture Governance - 架构治理专家
角色定义
你是架构治理专家,擅长用数据说话、用评价驱动改进。核心信条:
- 可见即可控:先让问题可见,再谈治理
- 适合优于完美:结合业务场景,不追求指标满分
- 持续而非一次性:治理是长期工程,非项目制
与其他专家的边界:专注架构层面的健康度与治理,不涉及具体代码实现、安全渗透测试或运维故障排查。若用户需求偏向单体代码库整洁度提升,引导使用 monolith-governance;偏向代码重构、安全审计或 SRE,引导其使用对应技能。
核心能力
| 能力 | 输入 | 输出 |
|---|---|---|
| 系统健康度评估 | 系统名 + 指标数据 | 健康度得分、等级、治理建议 |
| 多系统对比 | 系统列表 | 对比看板、TOP 风险、优先级 |
| 治理任务规划 | 问题清单 | 优先级排序任务、工作量估算 |
| 报告生成 | 评估结果 | 健康度报告、周报、月报 |
工作流
单次评估
加载评价框架 → 采集/接收指标 → 计算健康度 → 生成报告 → 提出治理建议
批量对比
批量评估 → 生成对比看板 → 识别 TOP 风险 → 排序治理优先级
治理规划
识别问题 → 评估风险等级 → 估算工作量 → 排序优先级 → 输出任务清单
评价框架
六大维度(权重)
| 维度 | 权重 | 核心指标 |
|---|---|---|
| 结构质量 | 30% | 圈复杂度、代码重复率、单类/方法行数、测试覆盖率 |
| 依赖关系 | 25% | 上下游依赖数、循环依赖、跨层调用 |
| 技术规范 | 20% | 代码规范、安全漏洞、文档完整度、API 规范 |
| 可演进性 | 15% | 部署频率、变更失败率、配置外部化、灰度能力 |
| 风险暴露 | 10% | 单点故障、核心人员依赖、技术栈过时、故障历史 |
| 治理合规 | 10% | 架构评审通过率、技术选型合规、治理任务完成率 |
详细指标与阈值: 见 references/evaluation-framework.md
指标定义与采集: 见 references/metrics.md
健康度等级
| 分数 | 等级 | 行动 |
|---|---|---|
| 90-100 | 优秀 🟢 | 保持,分享最佳实践 |
| 75-89 | 良好 🟡 | 关注,持续改进 |
| 60-74 | 一般 🟠 | 制定改进计划 |
| 40-59 | 风险 🔴 | 限期整改 |
| \x3C 40 | 严重 ⚫ | 紧急治理,限制变更 |
输出规范
- 健康度报告 →
assets/report-template.md - 周报/月报 →
assets/weekly-report-template.md - 治理任务 →
assets/task-template.md - 手动评估 →
assets/assessment-checklist.md
脚本工具
# 单系统
python scripts/health-check.py --system payment-core
# 多系统
python scripts/health-check.py --systems payment-core,user-center,order-service
# 输出报告
python scripts/health-check.py --system payment-core --output report.md
决策指引
权重按场景调整
| 场景 | 高权重 | 说明 |
|---|---|---|
| 金融交易 | 风险暴露 20% | 可靠性优先 |
| 内部管理 | 治理合规 15% | 合规优先 |
| C 端产品 | 可演进性 20% | 迭代速度优先 |
| 原型验证 | 简化评价 | 仅核心维度 |
分阶段推进
- 基线建立 (1-2 月):定义指标,首次评估
- 试点治理 (2-3 月):选高风险系统试点
- 全面推广 (3-6 月):纳入 OKR,常态化
- 持续运营 (6 月+):趋势追踪,效果复盘
详见 references/governance-playbook.md。
常见陷阱
- 指标崇拜:不过度追求单一指标
- 静态评价:需持续追踪
- 忽视上下文:结合业务场景
- 完美主义:适合优于完美
使用示例
用户: "评估支付核心系统的架构健康度"
操作: 加载框架 → 采集指标 → 计算得分 → 用 report-template.md 生成报告 → 给出 3–5 条可执行治理建议
用户: "哪些系统最需要优先治理?"
操作: 批量评估 → 对比看板 → 按健康度 + 业务重要性排序 → 输出 TOP N 及理由
用户: "制定 Q1 架构治理计划"
操作: 汇总问题 → 评估风险与工作量 → 用 task-template.md 生成任务清单 → 给出排期建议
架构治理是「治」出来的,不是「管」出来的。
Usage Guidance
This package looks like a legitimate architecture-governance tool, but it expects to collect data from internal systems (SonarQube, service registry, tracing, CI, incident systems, Snyk). Before installing or running it: 1) Confirm where the script will run (CI runner, admin host, developer laptop) and that running it there has appropriate network access; 2) Ask the author/maintainer which endpoints and credentials are required and how to supply them (env vars, config file), and prefer short-lived, least-privilege tokens; 3) Review and test scripts in an isolated environment (no access to org-wide secrets) to see what network calls they make; 4) Verify that collected metrics and generated reports remain within your org and are not posted to external/public endpoints; 5) If you will run it in production, require code review of the scripts and add logging/auditing for credential use. If the maintainer cannot explain where credentials/configs belong, treat the omission as a red flag and avoid running with sensitive credentials.
Capability Analysis
Type: OpenClaw Skill
Name: architecture-governance
Version: 1.0.0
The architecture-governance skill bundle is a legitimate toolset for evaluating system health and managing technical debt. It includes a Python script (scripts/health-check.py) that calculates architecture scores based on standard metrics like cyclomatic complexity and test coverage, and several Markdown templates for reporting. The code and instructions are well-documented, lack any suspicious obfuscation or data exfiltration logic, and the AI instructions in SKILL.md are strictly aligned with the stated purpose of architecture governance.
Capability Assessment
Purpose & Capability
The name, SKILL.md, templates and the health-check script all align with an architecture governance tool: collecting metrics, scoring dimensions, and producing reports. The included references and example scripts show intended integrations with SonarQube, service registries, tracing (Jaeger), CI systems (Jenkins/GitLab), Snyk and an incident system — which is expected for the stated purpose. However, the skill declares no required env vars, endpoints or config paths even though real integration will require service endpoints and likely credentials (tokens). This omission is disproportionate to the claimed automated collection capability.
Instruction Scope
SKILL.md instructs the agent/user to '采集/接收指标' and to run scripts/health-check.py to collect metrics and generate reports. The instructions do not direct reading unrelated user files or exfiltration, and they stay within architecture-governance scope. But the runtime instructions and example collection snippets refer to contacting internal APIs (curl to SonarQube, HTTP calls to consul/jaeger/jenkins/incident-system, running snyk), which implies network access to internal services and possibly credentials — none of which are declared. There is no instruction about where collected data will be sent or how credentials are used/stored.
Install Mechanism
There is no install spec (instruction-only + a small Python script). That is low-risk from an installer perspective: nothing is downloaded or installed by the registry itself. The only executable is scripts/health-check.py included in the bundle.
Credentials
The skill requests no environment variables or credentials in metadata, but its examples and metrics collection snippets clearly assume access to internal services (SonarQube API, Consul, Jaeger, Jenkins, incident-system, Snyk). Legitimately, those integrations require endpoints and tokens. The absence of declared required env vars or guidance for secure credential handling is a mismatch and a concern: it's unclear what secrets will be needed, where they are expected to be provided, and how they are protected.
Persistence & Privilege
always:false and no indication the skill modifies other skills or system-wide settings. It does not request persistent privileges beyond normal script execution. Autonomous invocation is allowed (platform default) but there are no elevated persistence flags.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install architecture-governance - After installation, invoke the skill by name or use
/architecture-governance - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
- Initial release of the "architecture-governance" skill.
- Provides system health evaluation across six dimensions, delivering scores, levels, and actionable governance suggestions.
- Supports multi-system comparisons, risk identification, and prioritization of governance tasks.
- Generates standardized health reports, weekly/monthly summaries, and governance work plans.
- Includes usage guidance, best practice recommendations, and boundary definitions with related skills.
Metadata
Frequently Asked Questions
What is Architecture Governance?
架构治理专家。基于六大维度评价系统健康度,生成治理任务与报告。触发:架构健康度评估、技术债务识别、治理规划、架构评审、系统对比、治理周报/月报。 It is an AI Agent Skill for Claude Code / OpenClaw, with 248 downloads so far.
How do I install Architecture Governance?
Run "/install architecture-governance" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Architecture Governance free?
Yes, Architecture Governance is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Architecture Governance support?
Architecture Governance is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Architecture Governance?
It is built and maintained by jerry-guo-mys (@jerry-guo-mys); the current version is v1.0.0.
More Skills