MCP HubMCP Hub
Back to Skills

well-architected

avelikiy
Updated 2 days ago
6 views
30
6
30
View on GitHub
Designexcelwordaidesign

About

This Claude Skill enforces a comprehensive architecture review across six pillars (operational excellence, security, reliability, performance, cost, sustainability) for all non-nano projects. It's automatically applied by the architect agent when creating or auditing ARCH documents to ensure thorough design consideration beyond just features. Developers should use it for small-to-enterprise project architectures, audits, and brownfield reviews, but not for nano projects or simple bug fixes.

Quick Install

Claude Code

Recommended
Primary
npx skills add avelikiy/great_cto -a claude-code
Plugin CommandAlternative
/plugin add https://github.com/avelikiy/great_cto
Git CloneAlternative
git clone https://github.com/avelikiy/great_cto.git ~/.claude/skills/well-architected

Copy and paste this command in Claude Code to install this skill

Documentation

Well-Architected — 6 pillars to verify before shipping

Every ARCH document for non-nano work must answer the 6 pillar questions below. Skipping a pillar is allowed only if explicitly justified (e.g. "Sustainability: N/A — backend-only, runs in shared infra.").

This is adapted from AWS Well-Architected (lens: small-team SaaS / LLM applications), trimmed to questions that matter at <10 engineer scale.

Pillar 1 — Operational excellence

Questions

  1. Observability: What metrics, logs, traces do we emit? How do we tell from a dashboard if this is working in prod?
  2. Deployability: How do we ship a change? CI gates? Rollback path?
  3. Runbooks: When this breaks at 3am, what does on-call read?

Pass criteria

  • ✅ One metric per business outcome (e.g. webhook-deliveries-acked)
  • ✅ One log line per request, with request-id correlatable across services
  • ✅ Deploy path is documented and tested (rollback dry-run executed)
  • ✅ Runbook covers top-3 failure modes from pre-mortem

Common fail

❌ "We'll add monitoring later." Monitoring is part of the feature.

Pillar 2 — Security

Questions

  1. Trust boundaries: Where does untrusted data enter? How is it validated/sanitized?
  2. Authn / authz: Who can call this? Who can read/write the data?
  3. Secrets: Where are API keys, DB passwords, JWT signing keys stored?
  4. Data classification: PII? PHI? PCI cardholder data? What's the retention policy?

Pass criteria

  • ✅ Every external input has explicit validation at the boundary
  • ✅ Authz is enforced at the data layer, not just UI
  • ✅ Secrets in env vars or secret manager, never in source
  • ✅ Sensitive data classified and retention policy defined

Common fail

❌ "JWT validates the user, that's our authz." JWT is authentication. Authorization is separate (this user can read THIS row).

Pillar 3 — Reliability

Questions

  1. Failure modes: What happens when a downstream dependency is slow / down / corrupted?
  2. Idempotency: Can a retried request safely re-execute?
  3. Backups & recovery: What's the RPO (data-loss tolerance)? RTO (downtime tolerance)? Test plan for both?
  4. Capacity: What's the max QPS this can handle? What happens at 1.5x that?

Pass criteria

  • ✅ Circuit breakers / timeouts on external calls
  • ✅ State-mutating endpoints accept idempotency keys
  • ✅ Backups documented + restore tested in the last 90 days
  • ✅ Load test exists; results in docs/perf/

Common fail

❌ "Postgres has backups." Backups without a tested restore aren't backups.

Pillar 4 — Performance efficiency

Questions

  1. SLOs: What's the p50/p95/p99 latency target? Error rate? Availability?
  2. Bottlenecks: Profile the critical path — what's the slowest step?
  3. Caching: What's cacheable? Cache invalidation strategy?
  4. Scaling: Vertical or horizontal? Auto-scale rules?

Pass criteria

  • ✅ SLO numbers in the ARCH doc (not "fast enough")
  • ✅ Profile attached for non-trivial requests
  • ✅ Cache strategy documented; invalidation explicit
  • ✅ Scaling decision justified by data, not "feels right"

Common fail

❌ "Database can handle it." Quantify: queries/sec, row count, index hit rate.

Pillar 5 — Cost optimization

Questions

  1. Hot path: What's the most expensive operation per request? Why?
  2. Right-sizing: Is the chosen instance type / model / DB tier the smallest one that meets SLO?
  3. Cleanup: What happens to old data? Old logs? Old branch environments?

Pass criteria

  • ✅ Use skill cost-model to document explicit $ numbers
  • ✅ Choose smallest LLM model that meets quality SLO (haiku before sonnet, sonnet before opus)
  • ✅ Retention policy for logs, metrics, old data

Common fail

❌ Defaulting to Opus / GPT-4 when Haiku would work. Test on Haiku first.

Pillar 6 — Sustainability (env / energy)

Questions

  1. Workload efficiency: Is the code O(n log n) when it could be O(n)?
  2. Idle resources: Can dev environments scale to zero overnight?
  3. Data minimization: Do we collect / store data we never query?

Pass criteria

  • ✅ Hot loop complexity documented
  • ✅ Non-prod resources have shutdown schedules
  • ✅ Data lifecycle covers ingestion, retention, deletion

Common fail

❌ Logs at debug level in prod, never reviewed. Waste of storage + carbon.

Output format — add to ARCH

## Well-Architected review

### 1. Operational excellence
- Metrics: <list>
- Deploy path: <link to runbook>
- Verdict: PASS | RISKS LISTED

### 2. Security
- Trust boundaries: <list>
- Data classification: <PII / PHI / PCI / none>
- Verdict: PASS | RISKS LISTED

### 3. Reliability
- Failure modes: <link to pre-mortem>
- Idempotency: <yes/no per endpoint>
- Verdict: PASS | RISKS LISTED

### 4. Performance
- SLOs: p99=<ms>, error_rate=<%>, availability=<%>
- Verdict: PASS | RISKS LISTED

### 5. Cost
- Per-request cost: $<amount>
- Verdict: PASS | RISKS LISTED

### 6. Sustainability
- Hot-path complexity: O(<n>)
- Verdict: PASS | N/A | RISKS LISTED

## Open risks (rolled up)

<bullet list of all RISKS LISTED items + mitigation in plan>

When PASS is acceptable with risks listed

Not every architecture is bulletproof. PASS-with-risks is OK if:

  • Each risk is explicit (not hand-waved)
  • Each risk has either a mitigation in the plan OR explicit acceptance by the user
  • The pre-mortem section addresses the top-3 risk-score items

Gate:plan can approve a PASS-with-risks; gate:ship needs the mitigations shipped.

GitHub Repository

avelikiy/great_cto
Path: skills/well-architected
0
agentic-codingclaude-code-pluginclaude-code-skillsclaude-code-subagentscode-reviewcto

Related Skills

executing-plans

Design

Use the executing-plans skill when you have a complete implementation plan to execute in controlled batches with review checkpoints. It loads and critically reviews the plan, then executes tasks in small batches (default 3 tasks) while reporting progress between each batch for architect review. This ensures systematic implementation with built-in quality control checkpoints.

View skill

requesting-code-review

Design

This skill dispatches a code-reviewer subagent to analyze code changes against requirements before proceeding. It should be used after completing tasks, implementing major features, or before merging to main. The review helps catch issues early by comparing the current implementation with the original plan.

View skill

connect-mcp-server

Design

This skill provides a comprehensive guide for developers to connect MCP servers to Claude Code using HTTP, stdio, or SSE transports. It covers installation, configuration, authentication, and security for integrating external services like GitHub, Notion, and custom APIs. Use it when setting up MCP integrations, configuring external tools, or working with Claude's Model Context Protocol.

View skill

web-cli-teleport

Design

This skill helps developers choose between Claude Code Web and CLI interfaces based on task analysis, then enables seamless session teleportation between these environments. It optimizes workflow by managing session state and context when switching between web, CLI, or mobile. Use it for complex projects requiring different tools at various stages.

View skill