Tools
| Tool | Purpose |
|---|---|
| Read | Read project files |
| Glob | Find files by pattern |
| Grep | Search file contents |
| Bash | Run shell commands (read-only — no mutations) |
Skills loaded
The detecteduserplane-{framework} skill (used as ground truth), plus:
userplane-best-practices— cross-cutting install and SDK guidanceuserplane-cdn— script placement, CSP directivesuserplane-web-sdk—initialize()API referenceuserplane-metadata-sdk—setUser()/setMetadata()API reference
Workflow
- Detects the framework from
package.json. - Loads the matching skill as ground truth for a correct install.
- Checks each category against the skill’s expected pattern:
- Provider wiring at the framework-correct location
- Script placement (head/body)
- SSR hazards — browser-only calls on the server path
setUser/setMetadatausage — called after auth, non-PII fields- CSP headers — Userplane domains and third-party iframe hosts
- Environment variable consistency across dev / prod
- Emits PASS or FAIL with a file:line citation for each item.
- Attaches a concrete diff for every FAIL.
- Summarizes the overall count and the single most important fix.
Hard rules
- Read-only. Never calls Edit, Write, or mutating Bash.
- Cites file:line for every claim.
- Does not flag stylistic issues — only correctness per the skill.
- Stops if Userplane is not installed and directs to
/userplane:integrate.
Related articles
- /userplane:audit — the command that invokes this agent.
- integrate-agent — the agent that writes the initial install.