@codihaus/claude-skills 1.0.0

package/README.md

@@ -0,0 +1,167 @@
+# @codihaus/claude-skills
+
+Claude Code skills for software development workflow.
+
+## Quick Start
+
+```bash
+# Initialize in your project
+npx @codihaus/claude-skills init
+
+# That's it! Start Claude Code and try a skill
+/debrief "Build a todo app"
+```
+
+## What This Does
+
+1. **Checks your system** - Ensures you have required tools (node, git, etc.)
+2. **Installs skills** - Copies skills to `.claude/skills/`
+3. **Configures Claude Code** - Sets up permissions and hooks
+4. **Sets up CLAUDE.md** - Creates project instructions file
+
+## Available Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `/debrief` | Create BRD and use cases from requirements |
+| `/dev-scout` | Explore and document existing codebase |
+| `/dev-arch` | Make architecture decisions |
+| `/dev-specs` | Create implementation specifications |
+| `/dev-coding` | Implement features from specs |
+| `/dev-test` | Automated UI testing |
+| `/dev-review` | Code review with quality checks |
+| `/dev-changelog` | Document what was implemented |
+
+### Utility Skills
+
+| Skill | Purpose |
+|-------|---------|
+| `/utils/diagram` | Mermaid diagram validation |
+| `/utils/docs-graph` | Documentation relationships |
+| `/utils/gemini` | Large codebase scanning (1M context) |
+
+## Commands
+
+```bash
+# Initialize skills in project
+npx @codihaus/claude-skills init
+
+# Update to latest version
+npx @codihaus/claude-skills update
+
+# Check for updates only
+npx @codihaus/claude-skills update --check
+
+# List available skills
+npx @codihaus/claude-skills list
+
+# List installed skills only
+npx @codihaus/claude-skills list --installed
+
+# Add a specific skill
+npx @codihaus/claude-skills add dev-arch
+
+# Remove a skill
+npx @codihaus/claude-skills remove dev-arch
+
+# Check system and project setup
+npx @codihaus/claude-skills doctor
+
+# Fix issues automatically
+npx @codihaus/claude-skills doctor --fix
+```
+
+## Init Options
+
+```bash
+# Skip dependency checking
+npx @codihaus/claude-skills init --no-deps
+
+# Skip hooks setup
+npx @codihaus/claude-skills init --no-hooks
+
+# Install specific skills only
+npx @codihaus/claude-skills init --skills debrief,dev-specs,dev-coding
+
+# Skip confirmation prompts
+npx @codihaus/claude-skills init -y
+```
+
+## System Requirements
+
+### Required
+- Node.js 18+
+- Git
+
+### Recommended
+- Python 3.8+ (for `/utils/gemini`)
+- jq (for `/utils/docs-graph`)
+
+### Optional
+- GitHub CLI (for PR creation)
+
+## Project Dependencies
+
+Some skills work better with project dependencies:
+
+```bash
+# For UI testing with /dev-test
+npm install -D @playwright/test
+
+# For large codebase scanning with /utils/gemini
+pip install google-generativeai
+```
+
+## Workflow
+
+```
+/debrief "Customer wants..."
+    ↓
+Creates BRD + Use Cases
+    ↓
+/dev-arch validates architecture
+    ↓
+/dev-specs creates implementation plans
+    ↓
+/dev-coding implements features
+    ├── /dev-coding-backend (API work)
+    └── /dev-coding-frontend (UI work)
+    ↓
+/dev-test runs automated tests
+    ↓
+/dev-review checks code quality
+    ↓
+/dev-changelog documents what was built
+```
+
+## Configuration
+
+Skills are installed to `.claude/skills/`. You can customize:
+
+- **`.claude/settings.local.json`** - Claude Code permissions
+- **`.claude/hooks.json`** - Automation hooks
+- **`CLAUDE.md`** - Project-specific instructions
+
+## Updating
+
+```bash
+# Check for updates
+npx @codihaus/claude-skills update --check
+
+# Apply updates
+npx @codihaus/claude-skills update
+```
+
+## Troubleshooting
+
+```bash
+# Run doctor to check setup
+npx @codihaus/claude-skills doctor
+
+# Fix issues automatically
+npx @codihaus/claude-skills doctor --fix
+```
+
+## License
+
+MIT

package/bin/cli.js

@@ -0,0 +1,58 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import chalk from 'chalk';
+import { init } from '../src/commands/init.js';
+import { update } from '../src/commands/update.js';
+import { list } from '../src/commands/list.js';
+import { add } from '../src/commands/add.js';
+import { remove } from '../src/commands/remove.js';
+import { doctor } from '../src/commands/doctor.js';
+
+const program = new Command();
+
+program
+  .name('claude-skills')
+  .description('Claude Code skills for software development workflow')
+  .version('1.0.0');
+
+program
+  .command('init')
+  .description('Initialize skills in current project')
+  .option('-s, --skills <skills>', 'Comma-separated list of skills to install')
+  .option('--all', 'Install all skills (default)', true)
+  .option('--no-deps', 'Skip dependency checking')
+  .option('--no-hooks', 'Skip hooks setup')
+  .option('-y, --yes', 'Skip confirmation prompts')
+  .action(init);
+
+program
+  .command('update')
+  .description('Update installed skills to latest version')
+  .option('--check', 'Only check for updates, do not install')
+  .action(update);
+
+program
+  .command('list')
+  .description('List available skills')
+  .option('-i, --installed', 'Show only installed skills')
+  .option('-a, --available', 'Show all available skills')
+  .action(list);
+
+program
+  .command('add <skill>')
+  .description('Add a specific skill')
+  .action(add);
+
+program
+  .command('remove <skill>')
+  .description('Remove a specific skill')
+  .action(remove);
+
+program
+  .command('doctor')
+  .description('Check system dependencies and project setup')
+  .option('--fix', 'Attempt to fix issues automatically')
+  .action(doctor);
+
+program.parse();

package/package.json

@@ -0,0 +1,46 @@
+{
+  "name": "@codihaus/claude-skills",
+  "version": "1.0.0",
+  "description": "Claude Code skills for software development workflow",
+  "main": "src/index.js",
+  "bin": {
+    "claude-skills": "./bin/cli.js"
+  },
+  "scripts": {
+    "build": "node scripts/build.js",
+    "prepublishOnly": "npm run build",
+    "test": "node bin/cli.js --help"
+  },
+  "type": "module",
+  "keywords": [
+    "claude",
+    "claude-code",
+    "ai",
+    "skills",
+    "development",
+    "automation"
+  ],
+  "author": "CodiHaus",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/codihaus/claude-skills.git"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.0.0",
+    "fs-extra": "^11.2.0",
+    "inquirer": "^9.2.0",
+    "ora": "^8.0.0"
+  },
+  "files": [
+    "bin",
+    "src",
+    "skills",
+    "templates",
+    "README.md"
+  ]
+}

package/skills/_quality-attributes.md

@@ -0,0 +1,392 @@
+# Quality Attributes
+
+Central methodology for building scalable, maintainable, and reliable software. Each skill loads its relevant section.
+
+## How to Use
+
+| Skill | Loads Section |
+|-------|---------------|
+| `/dev-arch` | Architecture Level |
+| `/dev-specs` | Specification Level |
+| `/dev-coding` | Implementation Level |
+| `/dev-review` | All levels (verification) |
+
+---
+
+## Scalability
+
+Building systems that handle growth without major rewrites.
+
+### Architecture Level (`/dev-arch`)
+
+**Database:**
+- [ ] Can handle 10x current data volume?
+- [ ] Sharding strategy needed?
+- [ ] Read replicas for heavy read loads?
+- [ ] Connection pooling configured?
+
+**API Design:**
+- [ ] Stateless services (no server-side sessions)?
+- [ ] Horizontally scalable (add more instances)?
+- [ ] Load balancer compatible?
+- [ ] API versioning strategy?
+
+**Caching:**
+- [ ] Cache layer defined (Redis, CDN, in-memory)?
+- [ ] Cache invalidation strategy?
+- [ ] What to cache: queries, computed values, static assets?
+
+**Async Processing:**
+- [ ] Background jobs for heavy operations?
+- [ ] Queue system (Redis, SQS, RabbitMQ)?
+- [ ] Retry and dead-letter handling?
+
+**Data Flow:**
+- [ ] Event-driven where appropriate?
+- [ ] Pub/sub for decoupling?
+- [ ] CQRS for read/write separation (if complex)?
+
+### Specification Level (`/dev-specs`)
+
+**API Patterns:**
+- [ ] Pagination for all list endpoints (cursor or offset)
+- [ ] Filtering and sorting parameters
+- [ ] Batch endpoints for bulk operations
+- [ ] Partial responses (field selection)
+
+**Database Patterns:**
+- [ ] Indexes planned for query patterns
+- [ ] Denormalization where read-heavy
+- [ ] Soft deletes for audit trails
+- [ ] Archival strategy for old data
+
+**Rate Limiting:**
+- [ ] Per-user limits defined
+- [ ] Per-endpoint limits for expensive operations
+- [ ] Graceful degradation responses
+
+### Implementation Level (`/dev-coding`)
+
+**Query Efficiency:**
+- [ ] No N+1 queries (use joins/includes)
+- [ ] Select only needed fields
+- [ ] Limit result sets
+- [ ] Use database-level aggregations
+
+**Memory Management:**
+- [ ] Stream large files (don't load into memory)
+- [ ] Paginate internal loops
+- [ ] Clean up resources (close connections)
+
+**Concurrency:**
+- [ ] Connection pooling used
+- [ ] Async/await for I/O operations
+- [ ] No blocking in hot paths
+
+### Review Level (`/dev-review`)
+
+- [ ] Query complexity acceptable (no full table scans)?
+- [ ] Memory usage bounded?
+- [ ] Response times within SLA?
+- [ ] Load tested for expected traffic?
+
+---
+
+## Maintainability
+
+Building systems that are easy to understand, modify, and extend.
+
+### Architecture Level (`/dev-arch`)
+
+**Modularity:**
+- [ ] Clear boundaries between features?
+- [ ] Loose coupling between modules?
+- [ ] Shared code extracted appropriately?
+
+**Code Organization:**
+- [ ] Consistent folder structure?
+- [ ] Feature-based or layer-based (pick one)?
+- [ ] Where does new code go? (clear answer)
+
+**Dependencies:**
+- [ ] External dependencies justified?
+- [ ] Abstraction layer for third-party services?
+- [ ] Version pinning strategy?
+
+### Specification Level (`/dev-specs`)
+
+**API Design:**
+- [ ] RESTful conventions followed?
+- [ ] Consistent naming across endpoints?
+- [ ] Clear error response format?
+- [ ] Documented with examples?
+
+**Data Model:**
+- [ ] Normalized appropriately?
+- [ ] Naming conventions consistent?
+- [ ] Relationships clear?
+
+### Implementation Level (`/dev-coding`)
+
+**Code Quality:**
+- [ ] Functions do one thing
+- [ ] Names describe intent
+- [ ] No magic numbers/strings
+- [ ] DRY without over-abstraction
+
+**Documentation:**
+- [ ] Complex logic commented
+- [ ] Public APIs documented
+- [ ] README updated if needed
+
+### Review Level (`/dev-review`)
+
+- [ ] Can a new developer understand this?
+- [ ] Would you want to maintain this?
+- [ ] Test coverage adequate?
+- [ ] No code smells?
+
+---
+
+## Performance
+
+Building systems that respond quickly.
+
+### Architecture Level (`/dev-arch`)
+
+**Latency Targets:**
+- [ ] P50, P95, P99 latency targets defined?
+- [ ] Which operations are latency-critical?
+- [ ] Acceptable degradation under load?
+
+**Optimization Strategy:**
+- [ ] CDN for static assets?
+- [ ] Edge caching where appropriate?
+- [ ] Database query optimization plan?
+
+### Specification Level (`/dev-specs`)
+
+**API Design:**
+- [ ] Batch endpoints to reduce round trips?
+- [ ] GraphQL for flexible queries (if applicable)?
+- [ ] Compression enabled?
+
+**Data Access:**
+- [ ] Eager vs lazy loading decided?
+- [ ] Indexes specified for queries?
+- [ ] Caching hints in spec?
+
+### Implementation Level (`/dev-coding`)
+
+**Frontend:**
+- [ ] Bundle size optimized?
+- [ ] Images optimized?
+- [ ] Lazy loading for below-fold content?
+- [ ] No unnecessary re-renders?
+
+**Backend:**
+- [ ] Database queries optimized?
+- [ ] N+1 queries eliminated?
+- [ ] Heavy computation cached or async?
+
+### Review Level (`/dev-review`)
+
+- [ ] No obvious performance issues?
+- [ ] Acceptable query patterns?
+- [ ] Bundle size impact reviewed?
+
+---
+
+## Security
+
+Building systems that protect data and users.
+
+### Architecture Level (`/dev-arch`)
+
+**Authentication:**
+- [ ] Auth strategy chosen (JWT, session, OAuth)?
+- [ ] Token storage secure (httpOnly cookies)?
+- [ ] Refresh token strategy?
+
+**Authorization:**
+- [ ] Permission model defined (RBAC, ABAC)?
+- [ ] Where are permissions checked?
+- [ ] Default deny policy?
+
+**Data Protection:**
+- [ ] Sensitive data identified?
+- [ ] Encryption at rest needed?
+- [ ] Encryption in transit (HTTPS)?
+- [ ] PII handling compliant?
+
+### Specification Level (`/dev-specs`)
+
+**API Security:**
+- [ ] Authentication required on endpoints?
+- [ ] Authorization rules per endpoint?
+- [ ] Input validation rules defined?
+- [ ] Rate limiting specified?
+
+**Data Handling:**
+- [ ] Sensitive fields marked?
+- [ ] Audit logging requirements?
+- [ ] Data retention policy?
+
+### Implementation Level (`/dev-coding`)
+
+**Input Handling:**
+- [ ] All input validated
+- [ ] SQL injection prevented (parameterized queries)
+- [ ] XSS prevented (output encoding)
+- [ ] CSRF protection enabled
+
+**Secrets:**
+- [ ] No hardcoded secrets
+- [ ] Environment variables used
+- [ ] Secrets not logged
+
+**Dependencies:**
+- [ ] No known vulnerabilities
+- [ ] Regular updates planned
+
+### Review Level (`/dev-review`)
+
+- [ ] OWASP Top 10 considered?
+- [ ] Auth/authz correctly implemented?
+- [ ] Sensitive data protected?
+- [ ] No security anti-patterns?
+
+---
+
+## Reliability
+
+Building systems that don't break.
+
+### Architecture Level (`/dev-arch`)
+
+**Failure Handling:**
+- [ ] Single points of failure identified?
+- [ ] Redundancy where critical?
+- [ ] Graceful degradation strategy?
+
+**Recovery:**
+- [ ] Backup strategy defined?
+- [ ] Recovery time objective (RTO)?
+- [ ] Recovery point objective (RPO)?
+
+**Monitoring:**
+- [ ] What metrics to track?
+- [ ] Alerting thresholds?
+- [ ] Logging strategy?
+
+### Specification Level (`/dev-specs`)
+
+**Error Handling:**
+- [ ] Error responses defined?
+- [ ] Retry behavior specified?
+- [ ] Timeout values set?
+
+**Validation:**
+- [ ] Input constraints defined?
+- [ ] Business rule validations?
+- [ ] Data integrity checks?
+
+### Implementation Level (`/dev-coding`)
+
+**Error Handling:**
+- [ ] Errors caught and handled
+- [ ] User-friendly error messages
+- [ ] Errors logged for debugging
+- [ ] No swallowed errors
+
+**Resilience:**
+- [ ] Timeouts on external calls
+- [ ] Circuit breakers for failing services
+- [ ] Retries with backoff
+
+### Review Level (`/dev-review`)
+
+- [ ] Error paths tested?
+- [ ] Failure scenarios considered?
+- [ ] Logging adequate for debugging?
+
+---
+
+## Testability
+
+Building systems that can be verified.
+
+### Architecture Level (`/dev-arch`)
+
+**Test Strategy:**
+- [ ] Unit test coverage target?
+- [ ] Integration test approach?
+- [ ] E2E test scope?
+
+**Design for Testing:**
+- [ ] Dependencies injectable?
+- [ ] Side effects isolated?
+- [ ] Test data strategy?
+
+### Specification Level (`/dev-specs`)
+
+**Test Cases:**
+- [ ] Happy path tests defined?
+- [ ] Error cases covered?
+- [ ] Edge cases identified?
+- [ ] Test data specified?
+
+### Implementation Level (`/dev-coding`)
+
+**Code Testability:**
+- [ ] Pure functions where possible
+- [ ] Dependencies injected
+- [ ] Side effects at boundaries
+
+**Test Quality:**
+- [ ] Tests test behavior, not implementation
+- [ ] Tests are independent
+- [ ] Tests are fast
+
+### Review Level (`/dev-review`)
+
+- [ ] Tests exist for new code?
+- [ ] Tests actually test something?
+- [ ] Coverage acceptable?
+
+---
+
+## Quick Reference
+
+### When to Prioritize What
+
+| Project Type | Priority 1 | Priority 2 | Priority 3 |
+|--------------|------------|------------|------------|
+| MVP/Prototype | Maintainability | Testability | Security |
+| Growth Stage | Scalability | Performance | Reliability |
+| Enterprise | Security | Reliability | Maintainability |
+| High Traffic | Scalability | Performance | Reliability |
+
+### Red Flags to Watch
+
+| Attribute | Red Flag |
+|-----------|----------|
+| Scalability | "It works for now" without growth plan |
+| Maintainability | "Only John understands this code" |
+| Performance | "It's slow but we'll optimize later" |
+| Security | "We'll add auth after launch" |
+| Reliability | "It rarely crashes" |
+| Testability | "Too complex to test" |
+
+### Minimum Viable Quality
+
+For ANY feature, at minimum:
+
+```
+[ ] Input validated
+[ ] Errors handled
+[ ] Auth checked (if needed)
+[ ] No N+1 queries
+[ ] Basic tests exist
+[ ] No hardcoded secrets
+```