Quick reference for selecting and running audits with aidd --audit {AUDIT_NAME}.
Multi-Audit Support: Run multiple audits sequentially with comma-separated names:
aidd --project-dir ./app --audit SECURITY,CODE_QUALITY,ARCHITECTUREEach audit is assigned a lifecycle phase indicating when it should run relative to the development workflow. This is tracked in each audit's frontmatter as lifecycle:.
| Phase | When | Purpose |
|---|---|---|
development |
During active coding | Catch issues early while code is being written |
pre-release |
Before tagging a release | Gate quality before version bump |
post-release |
After release / periodic | Maintenance, debt, cleanup |
migration |
During rebuild/migration | Comparison and compliance checks |
specialized |
As needed per stack | Stack-specific audits (not universally applicable) |
reference |
N/A | Not an executable audit |
Run these during active coding to catch issues early.
aidd --project-dir ./app --audit CODE_QUALITY,LOGIC,COMPLICATION,DEAD_CODE,FEATURE_INTEGRATION| Audit | Priority | Time | Focus |
|---|---|---|---|
CODE_QUALITY |
High | 1-2h | Linting, formatting, ordering |
LOGIC |
High | 2-3h | Control flow, branching, state issues |
COMPLICATION |
High | 2-3h | Complexity creep, function length |
DEAD_CODE |
High | 1-2h | Orphaned code before it accumulates |
FEATURE_INTEGRATION |
High | 1-2h | Unreachable features, unwired code paths |
Run these before tagging a release to gate quality.
aidd --project-dir ./app --audit SECURITY,ARCHITECTURE,DATABASE,DATA_ARCHITECTURE,SCHEMA_CONSTRAINTS,TESTING,API_DESIGN,FRONTEND,PERFORMANCE,REACT_BEST_PRACTICES,LICENSING| Audit | Priority | Time | Focus |
|---|---|---|---|
SECURITY |
Critical | 2-4h | Auth, OWASP, encryption |
ARCHITECTURE |
High | 2-3h | API design, modularity, design flaws |
DATABASE |
High | 2-3h | Schema safety, migrations, rollback |
DATA_ARCHITECTURE |
Critical | 2-3h | Single source of truth, authority |
SCHEMA_CONSTRAINTS |
Critical | 1-2h | Schema constraints, data integrity checks |
TESTING |
High | 2-3h | Coverage gaps, test stability |
API_DESIGN |
High | 1-2h | Endpoint consistency, docs |
FRONTEND |
High | 2-3h | React patterns, accessibility |
PERFORMANCE |
High | 1-2h | Core Web Vitals, bundle size, backend |
REACT_BEST_PRACTICES |
High | 3-4h | Vercel React performance patterns |
LICENSING |
High | 1-2h | License compliance, viral deps, attribution |
Run these periodically for maintenance, debt tracking, and infrastructure review.
aidd --project-dir ./app --audit TECHDEBT,HYGIENE,LIGHTHOUSE,DEVOPS,DEPLOYMENT,TECH_STACK,DOCUMENTATION| Audit | Priority | Time | Focus |
|---|---|---|---|
TECHDEBT |
High | 2-6h | Accumulated debt inventory |
HYGIENE |
Medium | 2-4h | Dead code, deps, imports, secrets |
LIGHTHOUSE |
Medium | 1-2h | Real-world web vitals |
DEVOPS |
High | 1-2h | CI/CD pipelines, quality gates, image publishing, branch hygiene |
DEPLOYMENT |
High | 2-3h | Runtime rollout, health, metrics, logs, alerting (consolidates former MONITORING audit) |
TECH_STACK |
High | 1-2h | Dependency versions, upgrades |
DOCUMENTATION |
Medium | 1-2h | Docs quality and coverage |
Run these during rebuilds, rewrites, or major version migrations.
| Audit | Priority | Time | Focus |
|---|---|---|---|
UI_PARITY |
High | 2-3h | Compare UI surfaces post-rebuild |
REORG |
Medium | 1-2h | File structure, naming, directory layout |
Prerequisite:
UI_PARITYrequires aui_parity_reference:directive in the target project's/.aidd/project.mdpointing to the reference codebase path.
Stack-specific audits — run only on applicable projects.
| Audit | Priority | Time | Applies To |
|---|---|---|---|
CONVEX |
Critical | 1-2h | Convex backend projects |
SPERNAKIT |
High | 3-5h | Spernakit v2-derived applications |
SPERNAKITV1 |
High | 3-5h | Spernakit v1-derived applications |
SSOC |
Medium | 1-2h | Component-heavy frontends |
AI |
High | 4-8h | AI-enabled projects |
| Document | Purpose |
|---|---|
SEVERITY_CLASSIFICATION |
Severity level definitions (Critical/High/Medium/Low) |
Note: Reference documents have
type: 'reference'in frontmatter and are excluded from--audit-all.
| Audit | Priority | Time | Best For |
|---|---|---|---|
CODE_QUALITY |
High | 1-2h | General code quality, linting, formatting |
COMPLICATION |
High | 2-3h | Code complexity, optimization opportunities |
LOGIC |
High | 2-3h | Control flow, state management, logic issues |
TECHDEBT |
High | 2-4h | Technical debt identification and prioritization |
DEAD_CODE |
High | 1-2h | Unused code, orphaned files |
HYGIENE |
Medium | 2-4h | Dead code, deps, imports, secrets, static analysis |
FEATURE_INTEGRATION |
High | 1-2h | Unreachable features, unwired code paths |
| Audit | Priority | Time | Best For |
|---|---|---|---|
ARCHITECTURE |
High | 2-3h | Overall architecture, API design, complexity |
DATA_ARCHITECTURE |
Critical | 2-3h | Data flow, single source of truth, database patterns |
DATABASE |
High | 2-3h | Database design, migrations, schema evolution |
SCHEMA_CONSTRAINTS |
Critical | 1-2h | Schema constraints, data integrity, validation |
API_DESIGN |
High | 1-2h | REST/GraphQL API design, documentation |
AI |
High | 4-8h | AI provider integration consistency |
| Audit | Priority | Time | Best For |
|---|---|---|---|
SECURITY |
Critical | 2-4h | Authentication, authorization, OWASP compliance |
LICENSING |
High | 1-2h | Third-party license compliance, viral deps |
| Audit | Priority | Time | Best For |
|---|---|---|---|
PERFORMANCE |
High | 1-2h | General performance optimization |
LIGHTHOUSE |
Medium | 1-2h | Web vitals, Lighthouse report analysis |
| Audit | Priority | Time | Best For |
|---|---|---|---|
DEPLOYMENT |
High | 2-3h | Runtime rollout, health, metrics, logs, alerting (consolidates former MONITORING audit) |
DEVOPS |
High | 1-2h | CI/CD pipelines, quality gates, image publishing |
TECH_STACK |
High | 1-2h | Technology stack validation |
| Audit | Priority | Time | Best For |
|---|---|---|---|
FRONTEND |
High | 2-3h | React/UI patterns, performance, accessibility |
| Audit | Priority | Time | Best For |
|---|---|---|---|
TESTING |
High | 2-3h | Test coverage, testing strategy |
DOCUMENTATION |
Medium | 1-2h | Documentation quality and coverage |
| Audit | Priority | Time | Best For |
|---|---|---|---|
UI_PARITY |
High | 2-3h | Compare UI surfaces between two app versions, find gaps |
REORG |
Medium | 1-2h | File structure, naming, directory layout |
Prerequisite:
UI_PARITYrequires aui_parity_reference:directive in the target project's/.aidd/project.mdpointing to the reference codebase path.
| Audit | Priority | Time | Best For |
|---|---|---|---|
CONVEX |
Critical | 1-2h | Convex database patterns, validators |
SPERNAKIT |
High | 3-5h | Spernakit v2 template compliance |
SPERNAKITV1 |
High | 3-5h | Spernakit v1-derived application audit |
SSOC |
Medium | 1-2h | Shared vs page UI component separation |
| Document | Purpose |
|---|---|
SEVERITY_CLASSIFICATION |
Severity level definitions (Critical/High/Medium/Low) |
Note: Reference documents have
type: 'reference'in frontmatter and are excluded from--audit-all.
Essential (Run First):
aidd --project-dir ./app --audit SPERNAKIT,SECURITY,CODE_QUALITYRecommended (Run Monthly):
aidd --project-dir ./app --audit ARCHITECTURE,FRONTEND,DATABASE,TESTINGPeriodic (Run Quarterly):
aidd --project-dir ./app --audit PERFORMANCE,TECHDEBT,DEAD_CODE,LICENSINGEssential (Run First):
aidd --project-dir ./app --audit CONVEX,SECURITY,CODE_QUALITYRecommended (Run Monthly):
aidd --project-dir ./app --audit FRONTEND,DATA_ARCHITECTURE,TESTINGPeriodic (Run Quarterly):
aidd --project-dir ./app --audit PERFORMANCE,LIGHTHOUSE,TECHDEBT,LICENSINGEssential (Run First):
aidd --project-dir ./app --audit SECURITY,CODE_QUALITY,ARCHITECTURERecommended (Run Monthly):
aidd --project-dir ./app --audit API_DESIGN,TESTING,DATABASEPeriodic (Run Quarterly):
aidd --project-dir ./app --audit DEVOPS,DEPLOYMENT,TECHDEBT,DEAD_CODE,LICENSING# Run comprehensive audit suite for new projects
aidd --project-dir ./app --audit ARCHITECTURE,SECURITY,CODE_QUALITY# Critical audits before release
aidd --project-dir ./app --audit SECURITY,PERFORMANCE,TESTING,LICENSING# Identify and prioritize tech debt
aidd --project-dir ./app --audit TECHDEBT,DEAD_CODE,COMPLICATION# Deep dive into performance
aidd --project-dir ./app --audit PERFORMANCE,LIGHTHOUSE,FRONTEND# Compare rebuilt app against old version (requires ui_parity_reference in project.md)
aidd --project-dir ./app --audit UI_PARITYEach audit creates:
- Feature issues in
.aidd/features/audit-{name}-{unix_timestamp}-{descriptive-slug}/feature.json - Audit report in
.aidd/audit-reports/{AUDIT_NAME}-{timestamp}.md - Changelog entry with audit summary
| Audit Severity | Feature Priority | Response Time |
|---|---|---|
| Critical | 1 | 0-24 hours |
| High | 2 | 1-2 weeks |
| Medium | 3 | 1-4 weeks |
| Low | 4 | 1-3 months |
- Start with Security - Always run
SECURITYfirst on any new codebase - Use Stack-Specific Audits -
CONVEXfor Convex apps,SPERNAKITfor Spernakit apps - Combine Related Audits - Use comma-separated audits for efficiency:
--audit SECURITY,CODE_QUALITY - Limit Iterations - Use
--max-iterations 1for single-pass audits - Review Reports - Check
.aidd/audit-reports/for detailed findings - Address Critical First - Focus on Priority 1 issues before moving to lower priorities