@brunosps00/dev-workflow 1.0.2 → 1.0.4

package/lib/prompts.js

@@ -33,4 +33,41 @@ async function selectLanguage(flagLang) {
   return lang;
 }
 
-module.exports = { selectLanguage, question };
+// Multi-select prompt. Accepts comma-separated indexes ("1,3,5"), "all" for every
+// option, or a single index. Returns an array of selected option strings.
+// Invalid or empty input falls back to the first option.
+function multiSelect(prompt, options) {
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: process.stdout,
+  });
+
+  return new Promise((resolve) => {
+    const optionsStr = options.map((o, i) => `  ${i + 1}) ${o}`).join('\n');
+    const help = `\n  Enter numbers separated by commas (e.g. 1,3,5) or "all" for everything.`;
+    rl.question(`\n${prompt}\n${optionsStr}${help}\n\n  Choose: `, (answer) => {
+      rl.close();
+      const trimmed = (answer || '').trim().toLowerCase();
+      if (!trimmed) {
+        resolve([options[0]]);
+        return;
+      }
+      if (trimmed === 'all') {
+        resolve(options.slice());
+        return;
+      }
+      const seen = new Set();
+      const selected = [];
+      for (const part of trimmed.split(',')) {
+        const idx = parseInt(part.trim(), 10) - 1;
+        if (idx >= 0 && idx < options.length && !seen.has(idx)) {
+          seen.add(idx);
+          selected.push(options[idx]);
+        }
+      }
+      resolve(selected.length > 0 ? selected : [options[0]]);
+    });
+  });
+}
+
+module.exports = { selectLanguage, question, multiSelect };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@brunosps00/dev-workflow",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "AI-driven development workflow commands for any project. Scaffolds a complete PRD-to-PR pipeline with multi-platform AI assistant support.",
   "bin": {
     "dev-workflow": "./bin/dev-workflow.js"

package/scaffold/en/agent-instructions.md

@@ -57,6 +57,8 @@ Before picking a command from the Trigger Map, gauge the change's actual scope.
 | "Open a new project" / "Bootstrap a stack" | `/dw-new-project` |
 | "Dockerize this" / "Add docker-compose" | `/dw-dockerize` |
 | "Functional doc" / "Map screens and flows" | `/dw-functional-doc` |
+| "Install Azure skills" / "Setup Microsoft docs MCP" / "Add Azure expertise" / "I'm going to work on Azure" | `/dw-install-azure-skills` |
+| "Install AWS skills" / "Setup AWS MCP" / "Add AWS expertise" / "I'm going to work on AWS" | `/dw-install-aws-skills` |
 
 **Priority:** when in doubt between two commands, `/dw-autopilot` is the safest default for any non-trivial feature request — it composes the rest.
 

package/scaffold/en/commands/dw-install-aws-skills.md

@@ -0,0 +1,166 @@
+<system_instructions>
+You install opt-in AWS agent skills from `aws/agent-toolkit-for-aws` (Apache 2.0) into `.agents/skills/aws/` and register the unified AWS MCP Server (stdio via `uvx mcp-proxy-for-aws`, requires AWS credentials) in `.claude/settings.json`. Same outcome as `npx @brunosps00/dev-workflow install-aws-skills` — different interface.
+
+## When to Use
+- Use when the user asks to "install AWS skills", "setup AWS MCP", "add AWS expertise", "I'm going to work on AWS", or similar.
+- Use when an existing project starts a new feature that touches AWS (Lambda, S3, Bedrock, EC2, etc.) and there is no `.agents/skills/aws/` yet.
+- Do NOT use for Azure, GCP, or non-AWS clouds — those have their own commands or aren't supported.
+- Do NOT use to install dev-workflow's own skills — those ship with `init`/`update`.
+
+## Pipeline Position
+**Predecessor:** (user explicit request) | **Successor:** any AWS-shaped feature work (typically `/dw-plan` or `/dw-autopilot`).
+
+## Prerequisites
+
+<critical>This command needs:
+1. `git` available on PATH.
+2. `uv` (Python tool runner) — provides `uvx` which invokes `mcp-proxy-for-aws`.
+3. `aws cli` ≥ 2.32.0.
+4. Valid AWS credentials — verify with `aws sts get-caller-identity`.
+
+If ANY of these is missing or invalid, STOP and tell the user how to install/configure it. Do NOT clone or copy anything if prerequisites are not met — partial install is worse than no install.</critical>
+
+## Categories (upstream-native)
+
+| Category | Upstream paths |
+|---|---|
+| **All** | `skills/core-skills/*` + `skills/specialized-skills/*/*` |
+| **Core** | `skills/core-skills/*` — 13 horizontal skills: amazon-bedrock, aws-amplify, aws-billing-and-cost-management, aws-cdk, aws-cloudformation, aws-containers, aws-iam, aws-messaging-and-streaming, aws-observability, aws-sdk-js-v3-usage, aws-sdk-python-usage, aws-sdk-swift-usage, aws-serverless |
+| **Analytics** | `skills/specialized-skills/analytics-skills/*` |
+| **Database** | `skills/specialized-skills/database-skills/*` |
+| **EC2 / Compute** | `skills/specialized-skills/ec2-skills/*` |
+| **Migration & Modernization** | `skills/specialized-skills/migration-and-modernization-skills/*` |
+| **Networking & Content Delivery** | `skills/specialized-skills/networking-and-content-delivery-skills/*` |
+| **Operations** | `skills/specialized-skills/operations-skills/*` |
+| **Security & Identity** | `skills/specialized-skills/security-and-identity-skills/*` |
+| **Serverless** | `skills/specialized-skills/serverless-skills/*` |
+| **Storage** | `skills/specialized-skills/storage-skills/*` |
+
+## Workflow
+
+### 1. Verify prerequisites
+
+Run each in turn via Bash. On any failure, STOP and print the matching instruction block:
+
+| Check | If missing |
+|---|---|
+| `git --version` | `git is required. Install via brew/apt/git-scm.com.` |
+| `uv --version` | `uv is required. Install: curl -LsSf https://astral.sh/uv/install.sh \| sh` (macOS/Linux) or PowerShell equivalent on Windows. |
+| `aws --version` | `aws cli ≥ 2.32.0 is required. Install via brew install awscli, winget install Amazon.AWSCLI, or follow AWS docs.` |
+| `aws sts get-caller-identity` | `AWS credentials are missing/expired. Easiest: aws login (rotates every 15 min, valid 12h). SSO: aws configure sso. Keys: aws configure.` |
+
+Do NOT proceed to step 2 if any check fails.
+
+### 2. Pick region
+
+Ask the user which AWS region to use. The MCP server is regional — currently supported endpoints:
+
+- `us-east-1` → `https://aws-mcp.us-east-1.api.aws/mcp`
+- `eu-central-1` → `https://aws-mcp.eu-central-1.api.aws/mcp`
+
+Default to `us-east-1` if the user has no preference. The agent can override per-query (e.g., "list EC2 instances in eu-west-1") — the endpoint region is just the default operating region.
+
+### 3. Ask which categories to install
+
+Use AskUserQuestion (multi-select if supported; otherwise loop). Present the 11 categories above. Default suggestion when undecided: ask "what part of AWS are you about to work on?" and map to a category.
+
+### 4. Shallow clone the upstream repo
+
+```bash
+TMP=$(mktemp -d -t dw-aws-skills-XXXXXX)
+git clone --depth=1 https://github.com/aws/agent-toolkit-for-aws.git "$TMP"
+```
+
+If the clone fails, STOP and report the error verbatim.
+
+### 5. Filter and copy
+
+For each selected category, glob the corresponding upstream path and collect all skill directories. Examples:
+
+- "Core" → every subdirectory of `$TMP/skills/core-skills/`
+- "Database" → every subdirectory of `$TMP/skills/specialized-skills/database-skills/`
+- "All" → every subdirectory of `$TMP/skills/core-skills/` AND every subdirectory of `$TMP/skills/specialized-skills/*/`
+
+Before copying, **clear** `.agents/skills/aws/` for a clean refresh (re-runs replace previous selections).
+
+Skip any skill whose root contains executable scripts (`.sh`, `.py`, `.js`, `.ts`, `.ps1`, `.bat`) — dev-workflow only installs pure-markdown skills. Report the skipped count.
+
+Copy each matched directory recursively to `.agents/skills/aws/<skill-name>/`. **Flatten** the upstream hierarchy — the destination has no `core-skills/` vs `specialized-skills/` split. Just the skill slug as the directory name.
+
+### 6. Register the AWS MCP Server
+
+Read `.claude/settings.json`. Parse the JSON. Upsert into `mcpServers`:
+
+```json
+{
+  "mcpServers": {
+    "aws-mcp": {
+      "command": "uvx",
+      "args": [
+        "mcp-proxy-for-aws@latest",
+        "https://aws-mcp.us-east-1.api.aws/mcp",
+        "--metadata",
+        "AWS_REGION=us-east-1"
+      ],
+      "transport": "stdio",
+      "timeout": 100000
+    }
+  }
+}
+```
+
+Substitute the endpoint and `AWS_REGION` value with the region picked in step 2.
+
+If `mcpServers.aws-mcp` already exists, leave it untouched — never overwrite. Tell the user to edit `.claude/settings.json` directly (or remove the entry and re-run) to change the region. Other entries in `mcpServers` (context7, playwright, microsoft-learn, etc.) MUST be preserved.
+
+### 7. Write `.dw/references/aws-mcp-instructions.md`
+
+Create (overwrite if present) with the canonical agent-facing guidance — the 5 MCP tools (`aws___search_documentation`, `aws___read_documentation`, `aws___retrieve_skill`, `aws___call_aws`, `aws___run_script`), the destructive-operations protocol (confirm before any `create*`/`update*`/`delete*`/`modify*`/IAM/billing call), region behavior, source-grounding discipline, refresh/uninstall.
+
+The CLI version of this command (`npx @brunosps00/dev-workflow install-aws-skills`) ships the canonical text. If running as a slash command, replicate the same content from `lib/install-aws-skills.js` `AWS_MCP_INSTRUCTIONS` constant.
+
+### 8. Cleanup
+
+Remove `$TMP`. Always — even if earlier steps failed.
+
+### 9. Report
+
+```
+## AWS skills installed
+
+Categories: [list]
+Region: us-east-1 (or chosen)
+Skills copied: N (skipped M with executable scripts)
+MCP registered: aws-mcp (or "already present, left unchanged")
+Agent instructions: .dw/references/aws-mcp-instructions.md
+
+## Next steps
+
+1. Restart Claude Code (or Codex / Copilot / OpenCode) so the MCP loads.
+2. Validate with an AWS question, e.g. "What's the Lambda concurrent execution limit?"
+3. The agent can now call AWS APIs via aws___call_aws — review
+   .dw/references/aws-mcp-instructions.md for destructive-op protocol.
+4. To refresh from upstream, re-run /dw-install-aws-skills.
+5. To uninstall: rm -rf .agents/skills/aws/ and remove the "aws-mcp"
+   entry from .claude/settings.json mcpServers.
+```
+
+## Required Behavior
+
+<critical>NEVER add `aws-mcp` MCP outside of this command. It is opt-in. `init` and `update` MUST NOT touch it.</critical>
+
+<critical>NEVER register the deprecated AWS Knowledge MCP (`https://knowledge-mcp.global.api.aws`). AWS officially superseded it with the unified AWS MCP Server; registering both causes tool conflicts that confuse agents.</critical>
+
+<critical>NEVER auto-install `uv` or `aws cli`. Print the instruction block and let the user choose their install path. This avoids breaking the user's environment with package managers we don't own.</critical>
+
+<critical>NEVER skip the credentials check. A clean install with no working `aws sts get-caller-identity` produces a broken MCP that fails on every tool call. Better to stop and instruct.</critical>
+
+<critical>NEVER copy upstream LICENSE/README/CONTRIBUTING into `.agents/skills/aws/` — those belong to AWS and pollute skill discovery. Copy only per-skill `SKILL.md` + auxiliary content (references/, assets/).</critical>
+
+<critical>NEVER copy skills with executable scripts. The dev-workflow scope is markdown-only. If a skill needs scripts, the user should install it directly from the upstream repo, not through this command.</critical>
+
+## Attribution
+
+Skills come from [`aws/agent-toolkit-for-aws`](https://github.com/aws/agent-toolkit-for-aws) (Apache 2.0, by AWS). The MCP server is documented at [docs.aws.amazon.com/aws-mcp/](https://docs.aws.amazon.com/aws-mcp/). The proxy is [`aws/mcp-proxy-for-aws`](https://github.com/aws/mcp-proxy-for-aws). dev-workflow only orchestrates the install.
+
+</system_instructions>

package/scaffold/en/commands/dw-install-azure-skills.md

@@ -0,0 +1,138 @@
+<system_instructions>
+You install opt-in Azure agent skills from `MicrosoftDocs/Agent-Skills` (CC-BY-4.0) into `.agents/skills/azure/` and register the Microsoft Learn MCP Server (HTTP, no-auth) in `.claude/settings.json`. Same outcome as `npx @brunosps00/dev-workflow install-azure-skills` — different interface.
+
+## When to Use
+- Use when the user asks to "install Azure skills", "setup Microsoft docs MCP", "add Azure expertise", "I'm going to work on Azure", or similar.
+- Use when an existing project starts a new feature that touches Azure (Container Apps, OpenAI, AKS, etc.) and there is no `.agents/skills/azure/` yet.
+- Do NOT use for AWS, GCP, or any non-Microsoft cloud — those are not in the upstream repo.
+- Do NOT use to install dev-workflow's own skills — those ship with `init`/`update`.
+
+## Pipeline Position
+**Predecessor:** (user explicit request) | **Successor:** any Azure-shaped feature work (typically `/dw-plan` or `/dw-autopilot`).
+
+## Prerequisites
+
+<critical>This command needs `git` available on PATH. If `git --version` fails, STOP and tell the user to install git first.</critical>
+
+## Categories (curated)
+
+| Category | What it covers |
+|---|---|
+| All | Every skill in the upstream `skills/` directory. |
+| Compute | AKS, App Service, Container Apps/Instances/Registry, Functions, VMs, Batch, Spring Apps. |
+| Data & Storage | Blob, Cosmos DB, SQL, MySQL, PostgreSQL, Cache for Redis, Data Lake, Files, Table/Queue Storage, Managed Disks. |
+| AI & ML | OpenAI, AI Foundry, AI Vision, AI Search, AI Services, Machine Learning, Anomaly Detector, Bot Service, Cognitive Services. |
+| Networking | Application Gateway, Front Door, Load Balancer, VPN Gateway, ExpressRoute, Bastion, DNS, CDN, Virtual Network, Virtual WAN, Private Link, Network Watcher, Firewall, Traffic Manager. |
+| Identity & Security | Entra ID (Active Directory), Key Vault, Attestation, Defender, Sentinel, Security Center, Artifact Signing. |
+| DevOps | Boards, Pipelines, Artifacts, Repos, Azure DevOps Server, Test Plans. |
+| Observability | Monitor, Application Insights, Log Analytics. |
+| Integration | Logic Apps, Service Bus, Event Grid, Event Hubs, API Management, API Center, Business Process Tracking. |
+| Architecture | Architecture guidance, Advisor, Blueprints, Well-Architected, Policy, Resource Graph, Resource Manager. |
+
+## Workflow
+
+### 1. Verify `git`
+
+Run `git --version` via Bash. On failure, STOP with: `git is required to install Azure skills. Install git and re-run.`
+
+### 2. Ask the user which categories to install
+
+Use AskUserQuestion (multi-select if your interface supports it; otherwise loop). Present the 10 categories with their one-line descriptions. Default suggestion when the user is undecided: ask "what part of Azure are you about to work on?" and map their answer to a category.
+
+### 3. Shallow clone the upstream repo
+
+```bash
+TMP=$(mktemp -d -t dw-azure-skills-XXXXXX)
+git clone --depth=1 https://github.com/MicrosoftDocs/Agent-Skills.git "$TMP"
+```
+
+If the clone fails (network, GitHub rate limit, etc.), STOP and report the error verbatim. Do not partially install.
+
+### 4. Filter and copy
+
+For each subdirectory of `$TMP/skills/`, decide whether it matches the selected categories. The match is **prefix-based** — a directory name like `azure-aks-edge-essentials` matches the prefix `azure-aks`.
+
+**Prefix table (canonical — keep in sync with `lib/azure-categories.js` in the dev-workflow repo):**
+
+| Category | Prefixes |
+|---|---|
+| **All** | (every directory under `$TMP/skills/`) |
+| **Compute** | `azure-aks`, `azure-app-service`, `azure-container-apps`, `azure-container-instances`, `azure-container-registry`, `azure-functions`, `azure-virtual-machines`, `azure-vmware-solution`, `azure-batch`, `azure-spring-apps` |
+| **Data & Storage** | `azure-blob-storage`, `azure-cosmos-db`, `azure-sql`, `azure-database-for-mysql`, `azure-database-for-postgresql`, `azure-cache-redis`, `azure-data-lake`, `azure-files`, `azure-storage`, `azure-table-storage`, `azure-queue-storage`, `azure-managed-disk` |
+| **AI & ML** | `azure-openai`, `azure-ai-foundry`, `azure-ai-vision`, `azure-ai-search`, `azure-ai-services`, `azure-machine-learning`, `azure-anomaly-detector`, `azure-bot-service`, `azure-cognitive` |
+| **Networking** | `azure-application-gateway`, `azure-front-door`, `azure-load-balancer`, `azure-vpn-gateway`, `azure-expressroute`, `azure-bastion`, `azure-dns`, `azure-cdn`, `azure-virtual-network`, `azure-virtual-wan`, `azure-private-link`, `azure-network-watcher`, `azure-firewall`, `azure-traffic-manager` |
+| **Identity & Security** | `azure-active-directory`, `azure-entra`, `azure-key-vault`, `azure-attestation`, `azure-defender`, `azure-sentinel`, `azure-security-center`, `azure-artifact-signing` |
+| **DevOps** | `azure-boards`, `azure-pipelines`, `azure-artifacts`, `azure-repos`, `azure-devops`, `azure-test-plans` |
+| **Observability** | `azure-monitor`, `azure-application-insights`, `azure-log-analytics` |
+| **Integration** | `azure-logic-apps`, `azure-service-bus`, `azure-event-grid`, `azure-event-hubs`, `azure-api-management`, `azure-api-center`, `azure-business-process-tracking` |
+| **Architecture** | `azure-architecture`, `azure-advisor`, `azure-blueprints`, `azure-well-architected`, `azure-policy`, `azure-resource-graph`, `azure-resource-manager` |
+
+A directory matches a category if its name equals one of the prefixes OR starts with `<prefix>-`.
+
+Before copying, **clear** `.agents/skills/azure/` to ensure a clean refresh (re-runs replace previous selections; this is intentional).
+
+Skip any skill whose root contains executable scripts (`.sh`, `.py`, `.js`, `.ts`, `.ps1`, `.bat`) — dev-workflow only installs pure markdown skills. Report the skipped count.
+
+Copy each matched directory recursively to `.agents/skills/azure/<skill-name>/`. Preserve subdirectories (`references/`, `assets/`).
+
+### 5. Register the Microsoft Learn MCP server
+
+Read `.claude/settings.json` (create the directory if missing). Parse the JSON. Upsert into `mcpServers`:
+
+```json
+{
+  "mcpServers": {
+    "microsoft-learn": {
+      "type": "http",
+      "url": "https://learn.microsoft.com/api/mcp"
+    }
+  }
+}
+```
+
+If `mcpServers.microsoft-learn` already exists, leave it untouched — never overwrite user config. Other entries in `mcpServers` (context7, playwright, etc.) MUST be preserved.
+
+### 6. Write `.dw/references/azure-mcp-instructions.md`
+
+Create this file (overwrite if present) with the agent-facing guidance — when to call which MCP tool (`microsoft_docs_search`, `microsoft_docs_fetch`, `microsoft_code_sample_search`), how to cite sources per `dw-source-grounding`, and how to refresh or uninstall.
+
+The CLI version of this command (`npx @brunosps00/dev-workflow install-azure-skills`) ships the canonical text of this file — if you are running as a slash command, replicate the same content from `lib/install-azure-skills.js` `AZURE_MCP_INSTRUCTIONS` constant.
+
+### 7. Cleanup
+
+Remove `$TMP`. Always — even if earlier steps failed.
+
+### 8. Report
+
+```
+## Azure skills installed
+
+Categories: [list]
+Skills copied: N (skipped M with executable scripts)
+MCP registered: microsoft-learn (or "already present, left unchanged")
+Agent instructions: .dw/references/azure-mcp-instructions.md
+
+## Next steps
+
+1. Restart Claude Code (or Codex / Copilot / OpenCode) so the MCP loads.
+2. Validate with an Azure question, e.g. "How do I deploy to Azure Container Apps?"
+3. To refresh from upstream, re-run /dw-install-azure-skills.
+4. To uninstall: rm -rf .agents/skills/azure/ and remove the "microsoft-learn"
+   entry from .claude/settings.json mcpServers.
+```
+
+## Required Behavior
+
+<critical>NEVER add `microsoft-learn` MCP outside of this command. It is opt-in. `init` and `update` MUST NOT touch it.</critical>
+
+<critical>NEVER copy skills with executable scripts. The dev-workflow scope is markdown-only. If a skill needs scripts, the user should install it directly from the upstream repo, not through this command.</critical>
+
+<critical>NEVER fabricate the upstream URL or the MCP URL. The repo is `https://github.com/MicrosoftDocs/Agent-Skills.git` and the MCP endpoint is `https://learn.microsoft.com/api/mcp`. These are first-party Microsoft endpoints with CC-BY-4.0 attribution required.</critical>
+
+<critical>NEVER copy upstream LICENSE/README files into `.agents/skills/azure/` — those belong to Microsoft and pollute the agent's skill discovery. Copy only `SKILL.md` + per-skill auxiliary content (references/, assets/).</critical>
+
+## Attribution
+
+Skills come from [`MicrosoftDocs/Agent-Skills`](https://github.com/MicrosoftDocs/Agent-Skills) (CC-BY-4.0, by Microsoft). The MCP server is documented at [Microsoft Learn](https://learn.microsoft.com/en-us/training/support/mcp-get-started). dev-workflow only orchestrates the install — no upstream content is modified beyond directory placement.
+
+</system_instructions>

package/scaffold/pt-br/agent-instructions.md

@@ -57,6 +57,8 @@ Antes de escolher um comando da Trigger Map, dimensione o escopo real da mudanç
 | "Abre um novo projeto" / "Bootstrap de stack" | `/dw-new-project` |
 | "Dockeriza isso" / "Adiciona docker-compose" | `/dw-dockerize` |
 | "Functional doc" / "Mapeia screens e flows" | `/dw-functional-doc` |
+| "Instala skills Azure" / "Configura MCP do Microsoft docs" / "Adiciona expertise Azure" / "Vou trabalhar com Azure" | `/dw-install-azure-skills` |
+| "Instala skills AWS" / "Configura MCP da AWS" / "Adiciona expertise AWS" / "Vou trabalhar com AWS" | `/dw-install-aws-skills` |
 
 **Prioridade:** na dúvida entre dois comandos, `/dw-autopilot` é o default mais seguro pra qualquer pedido de feature não-trivial — ele compõe os demais.
 

package/scaffold/pt-br/commands/dw-install-aws-skills.md

@@ -0,0 +1,166 @@
+<system_instructions>
+Você instala agent skills opt-in da AWS a partir do `aws/agent-toolkit-for-aws` (Apache 2.0) em `.agents/skills/aws/` e registra o AWS MCP Server unificado (stdio via `uvx mcp-proxy-for-aws`, requer credenciais AWS) em `.claude/settings.json`. Mesmo resultado de `npx @brunosps00/dev-workflow install-aws-skills` — interface diferente.
+
+## Quando Usar
+- Use quando o usuário pedir para "instalar skills AWS", "configurar MCP da AWS", "adicionar expertise AWS", "vou trabalhar com AWS", ou similar.
+- Use quando um projeto existente começa uma feature que toca AWS (Lambda, S3, Bedrock, EC2, etc.) e ainda não há `.agents/skills/aws/`.
+- NÃO use para Azure, GCP ou clouds não-AWS — têm comandos próprios ou não são suportados.
+- NÃO use para instalar as skills nativas do dev-workflow — essas vêm com `init`/`update`.
+
+## Posição no Pipeline
+**Antecessor:** (pedido explícito do usuário) | **Sucessor:** qualquer trabalho de feature AWS (tipicamente `/dw-plan` ou `/dw-autopilot`).
+
+## Pré-requisitos
+
+<critical>Este comando precisa de:
+1. `git` no PATH.
+2. `uv` (Python tool runner) — provê `uvx` que invoca o `mcp-proxy-for-aws`.
+3. `aws cli` ≥ 2.32.0.
+4. Credenciais AWS válidas — verifique com `aws sts get-caller-identity`.
+
+Se QUALQUER um faltar ou estiver inválido, PARE e diga ao usuário como instalar/configurar. NÃO clone ou copie nada se os pré-requisitos não estão prontos — install parcial é pior que nenhum.</critical>
+
+## Categorias (nativas do upstream)
+
+| Categoria | Caminhos upstream |
+|---|---|
+| **All** | `skills/core-skills/*` + `skills/specialized-skills/*/*` |
+| **Core** | `skills/core-skills/*` — 13 skills horizontais: amazon-bedrock, aws-amplify, aws-billing-and-cost-management, aws-cdk, aws-cloudformation, aws-containers, aws-iam, aws-messaging-and-streaming, aws-observability, aws-sdk-js-v3-usage, aws-sdk-python-usage, aws-sdk-swift-usage, aws-serverless |
+| **Analytics** | `skills/specialized-skills/analytics-skills/*` |
+| **Database** | `skills/specialized-skills/database-skills/*` |
+| **EC2 / Compute** | `skills/specialized-skills/ec2-skills/*` |
+| **Migration & Modernization** | `skills/specialized-skills/migration-and-modernization-skills/*` |
+| **Networking & Content Delivery** | `skills/specialized-skills/networking-and-content-delivery-skills/*` |
+| **Operations** | `skills/specialized-skills/operations-skills/*` |
+| **Security & Identity** | `skills/specialized-skills/security-and-identity-skills/*` |
+| **Serverless** | `skills/specialized-skills/serverless-skills/*` |
+| **Storage** | `skills/specialized-skills/storage-skills/*` |
+
+## Fluxo de Trabalho
+
+### 1. Verificar pré-requisitos
+
+Rode cada um via Bash. Em qualquer falha, PARE e imprima o bloco de instrução correspondente:
+
+| Check | Se faltar |
+|---|---|
+| `git --version` | `git é obrigatório. Instale via brew/apt/git-scm.com.` |
+| `uv --version` | `uv é obrigatório. Instale: curl -LsSf https://astral.sh/uv/install.sh \| sh` (macOS/Linux) ou PowerShell equivalente no Windows. |
+| `aws --version` | `aws cli ≥ 2.32.0 é obrigatório. Instale via brew install awscli, winget install Amazon.AWSCLI, ou siga a doc AWS.` |
+| `aws sts get-caller-identity` | `Credenciais AWS faltando/expiradas. Mais fácil: aws login (rotaciona a cada 15 min, valid 12h). SSO: aws configure sso. Keys: aws configure.` |
+
+NÃO prossiga para o passo 2 se algum check falhar.
+
+### 2. Escolher região
+
+Pergunte ao usuário qual região AWS usar. O MCP server é regional — endpoints suportados:
+
+- `us-east-1` → `https://aws-mcp.us-east-1.api.aws/mcp`
+- `eu-central-1` → `https://aws-mcp.eu-central-1.api.aws/mcp`
+
+Default `us-east-1` se o usuário não tiver preferência. O agent pode sobrescrever por query (ex: "list EC2 instances in eu-west-1") — a região do endpoint é só a região de operação default.
+
+### 3. Perguntar quais categorias instalar
+
+Use AskUserQuestion (multi-select se suportar; caso contrário, loop). Apresente as 11 categorias acima. Sugestão default quando indeciso: pergunte "qual parte da AWS você vai mexer?" e mapeie para uma categoria.
+
+### 4. Clone shallow do repo upstream
+
+```bash
+TMP=$(mktemp -d -t dw-aws-skills-XXXXXX)
+git clone --depth=1 https://github.com/aws/agent-toolkit-for-aws.git "$TMP"
+```
+
+Se o clone falhar, PARE e reporte o erro verbatim.
+
+### 5. Filtrar e copiar
+
+Para cada categoria selecionada, glob o caminho upstream correspondente e colete todos os diretórios de skill. Exemplos:
+
+- "Core" → cada subdir de `$TMP/skills/core-skills/`
+- "Database" → cada subdir de `$TMP/skills/specialized-skills/database-skills/`
+- "All" → cada subdir de `$TMP/skills/core-skills/` E cada subdir de `$TMP/skills/specialized-skills/*/`
+
+Antes de copiar, **limpe** `.agents/skills/aws/` para refresh limpo (re-runs substituem seleções anteriores).
+
+Pule qualquer skill cujo root contenha scripts executáveis (`.sh`, `.py`, `.js`, `.ts`, `.ps1`, `.bat`) — dev-workflow instala apenas skills puramente markdown. Reporte a contagem de pulados.
+
+Copie cada diretório casado recursivamente para `.agents/skills/aws/<skill-name>/`. **Achatar** a hierarquia upstream — o destino não tem split `core-skills/` vs `specialized-skills/`. Só o slug da skill como nome de diretório.
+
+### 6. Registrar o AWS MCP Server
+
+Leia `.claude/settings.json`. Parseie o JSON. Upsert em `mcpServers`:
+
+```json
+{
+  "mcpServers": {
+    "aws-mcp": {
+      "command": "uvx",
+      "args": [
+        "mcp-proxy-for-aws@latest",
+        "https://aws-mcp.us-east-1.api.aws/mcp",
+        "--metadata",
+        "AWS_REGION=us-east-1"
+      ],
+      "transport": "stdio",
+      "timeout": 100000
+    }
+  }
+}
+```
+
+Substitua o endpoint e o valor de `AWS_REGION` pela região escolhida no passo 2.
+
+Se `mcpServers.aws-mcp` já existir, deixe intocado — nunca sobrescreva. Diga ao usuário para editar `.claude/settings.json` direto (ou remover a entry e re-rodar) para mudar a região. Outras entradas em `mcpServers` (context7, playwright, microsoft-learn, etc.) DEVEM ser preservadas.
+
+### 7. Escrever `.dw/references/aws-mcp-instructions.md`
+
+Crie (sobrescreva se presente) com a orientação canônica para o agent — as 5 MCP tools (`aws___search_documentation`, `aws___read_documentation`, `aws___retrieve_skill`, `aws___call_aws`, `aws___run_script`), o protocolo de operações destrutivas (confirmar antes de qualquer `create*`/`update*`/`delete*`/`modify*`/IAM/billing), comportamento de região, source-grounding, refresh/uninstall.
+
+A versão CLI deste comando (`npx @brunosps00/dev-workflow install-aws-skills`) já carrega o texto canônico. Se rodando como slash command, replique o mesmo conteúdo do constant `AWS_MCP_INSTRUCTIONS` em `lib/install-aws-skills.js`.
+
+### 8. Cleanup
+
+Remova `$TMP`. Sempre — mesmo se passos anteriores falharam.
+
+### 9. Reportar
+
+```
+## Skills AWS instaladas
+
+Categorias: [lista]
+Região: us-east-1 (ou escolhida)
+Skills copiadas: N (M puladas com scripts executáveis)
+MCP registrado: aws-mcp (ou "já presente, deixado inalterado")
+Instruções do agent: .dw/references/aws-mcp-instructions.md
+
+## Próximos passos
+
+1. Reinicie o Claude Code (ou Codex / Copilot / OpenCode) para o MCP carregar.
+2. Valide com uma pergunta AWS, ex: "Qual o limite de execuções concorrentes do Lambda?"
+3. O agent agora pode chamar APIs AWS via aws___call_aws — revise
+   .dw/references/aws-mcp-instructions.md para o protocolo de operações destrutivas.
+4. Para refrescar do upstream, rode /dw-install-aws-skills de novo.
+5. Para desinstalar: rm -rf .agents/skills/aws/ e remova a entrada "aws-mcp"
+   de .claude/settings.json mcpServers.
+```
+
+## Comportamento Obrigatório
+
+<critical>NUNCA adicione o MCP `aws-mcp` fora deste comando. É opt-in. `init` e `update` NÃO DEVEM mexer.</critical>
+
+<critical>NUNCA registre o AWS Knowledge MCP deprecated (`https://knowledge-mcp.global.api.aws`). A AWS oficialmente substituiu pelo AWS MCP Server unificado; registrar ambos causa tool conflicts que confundem agents.</critical>
+
+<critical>NUNCA auto-instale `uv` ou `aws cli`. Imprima o bloco de instruções e deixe o usuário escolher o caminho de instalação. Evita quebrar o ambiente do usuário com gerenciadores que não controlamos.</critical>
+
+<critical>NUNCA pule a checagem de credenciais. Um install limpo sem `aws sts get-caller-identity` funcionando produz um MCP quebrado que falha em toda tool call. Melhor parar e instruir.</critical>
+
+<critical>NUNCA copie LICENSE/README/CONTRIBUTING do upstream para `.agents/skills/aws/` — pertencem à AWS e poluem a descoberta de skills. Copie apenas `SKILL.md` por skill + conteúdo auxiliar (references/, assets/).</critical>
+
+<critical>NUNCA copie skills com scripts executáveis. O escopo do dev-workflow é markdown-only. Se uma skill precisa de scripts, o usuário deve instalar direto do repo upstream, não por este comando.</critical>
+
+## Atribuição
+
+Skills vêm de [`aws/agent-toolkit-for-aws`](https://github.com/aws/agent-toolkit-for-aws) (Apache 2.0, da AWS). O MCP server está documentado em [docs.aws.amazon.com/aws-mcp/](https://docs.aws.amazon.com/aws-mcp/). O proxy é [`aws/mcp-proxy-for-aws`](https://github.com/aws/mcp-proxy-for-aws). dev-workflow apenas orquestra a instalação.
+
+</system_instructions>