@votadev/tooncode 2.2.1

package/skills/code/refactor.md

@@ -0,0 +1,26 @@
+---
+name: refactor
+description: Refactor code (auto-detect or specify target)
+---
+
+Refactor target: {{input}}
+
+## If a file was specified:
+Refactor that specific file.
+
+## If nothing specified (auto-detect):
+1. Find the largest/most complex files: `wc -l *.py` or equivalent
+2. Check for code smells:
+   - Functions longer than 50 lines
+   - Files longer than 500 lines
+   - Deep nesting (3+ levels)
+   - Duplicated code blocks
+3. Pick the worst offender and refactor it
+
+## Refactor checklist:
+- Improve naming clarity
+- Extract long functions into smaller ones
+- Remove duplication (DRY)
+- Simplify complex conditionals
+- Better structure and separation of concerns
+Show diff of every change.

package/skills/code/review.md

@@ -0,0 +1,24 @@
+---
+name: review
+description: Review code for bugs and security (auto-detect scope)
+---
+
+Review target: {{input}}
+
+## If a file/folder was specified:
+Read and review that specific target.
+
+## If nothing specified (auto-detect):
+1. Run `git diff` or `git diff --staged` to find recent changes
+2. If no changes, review the main source files in the project
+3. Focus on the most critical files first
+
+## Review checklist:
+- Security vulnerabilities (injection, XSS, auth bypass)
+- Logic errors and edge cases
+- Performance bottlenecks
+- Error handling gaps
+- Race conditions / concurrency issues
+
+Output a report with severity: Critical / High / Medium / Low
+For each: file:line, problem, fix suggestion.

package/skills/code/scaffold.md

@@ -0,0 +1,13 @@
+---
+name: scaffold
+description: Generate project boilerplate / new feature structure
+---
+
+Scaffold: {{input}}
+
+1. Detect or ask: language, framework, project type
+2. Create the file/folder structure
+3. Write boilerplate code with proper imports
+4. Add config files if needed (tsconfig, pyproject.toml, etc.)
+5. Initialize dependencies (package.json, requirements.txt)
+6. Make it runnable immediately

package/skills/code/test.md

@@ -0,0 +1,26 @@
+---
+name: test
+description: Generate tests (auto-detect what needs testing)
+---
+
+Test target: {{input}}
+
+## If a file was specified:
+Write tests for that specific file.
+
+## If nothing specified (auto-detect):
+1. Find source files that have NO corresponding test files
+2. Check `git diff` for recently changed files without tests
+3. Prioritize: most critical/complex files first
+4. Generate tests for the top 3 untested files
+
+## For each test file:
+1. Detect language -> choose framework (pytest, jest, vitest, go test)
+2. Read the source code first
+3. Write tests covering:
+   - Happy path
+   - Edge cases (empty, null, max values)
+   - Error handling
+   - Boundary conditions
+4. Run the tests
+5. Fix any failures

package/skills/code/types.md

@@ -0,0 +1,12 @@
+---
+name: types
+description: Add type annotations / interfaces
+---
+
+Add type annotations to: {{input}}
+
+1. Read the code and infer types from usage
+2. Add type hints (Python), TypeScript types, or Go type assertions
+3. Create interfaces/types for complex objects
+4. Add generics where appropriate
+5. Verify no type errors (run mypy/tsc if available)

package/skills/data/migrate.md

@@ -0,0 +1,14 @@
+---
+name: migrate
+description: Create database migration
+---
+
+Create database migration for: {{input}}
+
+1. Read existing models/schema
+2. Generate migration file with:
+   - up() - apply changes
+   - down() - rollback changes
+3. Use the project's migration tool (alembic, knex, prisma, django)
+4. Handle: new tables, column changes, indexes, foreign keys
+5. Test both up and down migrations

package/skills/data/seed.md

@@ -0,0 +1,13 @@
+---
+name: seed
+description: Generate seed/fixture data
+---
+
+Generate seed data for: {{input}}
+
+1. Read the data models/schema
+2. Create realistic sample data (not lorem ipsum)
+3. Respect relationships and foreign keys
+4. Include edge cases (empty strings, nulls, long text, unicode)
+5. Write as: seed script, SQL inserts, JSON fixtures, or factory functions
+6. Make it idempotent (safe to run multiple times)

package/skills/data/sql.md

@@ -0,0 +1,14 @@
+---
+name: sql
+description: Write and optimize SQL queries
+---
+
+SQL task: {{input}}
+
+1. Understand the schema (read models or migration files)
+2. Write the query with:
+   - Proper JOINs (avoid N+1)
+   - Indexes consideration
+   - Pagination if needed
+3. Optimize: EXPLAIN ANALYZE if database is available
+4. Add as a named query, repository method, or ORM equivalent

package/skills/debug/error.md

@@ -0,0 +1,27 @@
+---
+name: error
+description: Add error handling (auto-detect files or specify)
+---
+
+Target: {{input}}
+
+## If a file/module was specified:
+1. Read the specified file
+2. Find all unhandled failure points
+3. Add proper error handling
+
+## If nothing specified (auto-detect):
+1. Glob all source files in project
+2. Search for risky patterns:
+   - Bare `except:` or `catch(e)` with no handling
+   - Missing null checks
+   - Unvalidated user input
+   - Network/file operations without try/catch
+3. Fix the worst offenders first
+4. Add logging where needed
+
+For each fix:
+- Use specific error types (not generic)
+- Add meaningful error messages
+- Add appropriate logging (error/warn/info)
+- Add graceful degradation where possible

package/skills/debug/fix.md

@@ -0,0 +1,23 @@
+---
+name: fix
+description: Find and fix bugs (auto-detect or specify)
+---
+
+Bug to fix: {{input}}
+
+## If a specific bug was described:
+1. Search codebase for related code
+2. Identify root cause
+3. Fix it
+4. Verify the fix
+
+## If no bug was specified (auto-detect):
+1. Run `git diff` to see recent changes that might have caused issues
+2. Run tests: `pytest` / `npm test` / `go test ./...` (detect which)
+3. Check for common issues:
+   - Import errors
+   - Syntax errors
+   - Runtime errors in recent changes
+4. Read error logs if available
+5. Fix all found issues
+6. Re-run tests to confirm

package/skills/debug/perf.md

@@ -0,0 +1,16 @@
+---
+name: perf
+description: Profile and find performance bottlenecks
+---
+
+Profile: {{input}}
+
+1. Add timing/profiling instrumentation
+2. Run the code and collect metrics
+3. Identify top bottlenecks:
+   - Slow functions (wall time)
+   - Memory usage spikes
+   - Unnecessary I/O or network calls
+   - N+1 query patterns
+4. Fix the top 3 bottlenecks
+5. Show before/after timing comparison

package/skills/debug/trace.md

@@ -0,0 +1,12 @@
+---
+name: trace
+description: Trace execution flow of a feature
+---
+
+Trace the execution flow of: {{input}}
+
+1. Find the entry point
+2. Follow the call chain step by step
+3. Note key data transformations
+4. Identify external calls (API, DB, filesystem)
+5. Draw a simple flow: function A -> function B -> ...

package/skills/devops/ci.md

@@ -0,0 +1,16 @@
+---
+name: ci
+description: Generate CI/CD pipeline config
+---
+
+Create CI/CD pipeline for this project:
+
+1. Detect language and framework
+2. Generate config for {{input}} (default: GitHub Actions)
+3. Include stages:
+   - Install dependencies
+   - Lint / format check
+   - Run tests
+   - Build
+   - Deploy (if applicable)
+4. Add caching for faster builds

package/skills/devops/docker.md

@@ -0,0 +1,15 @@
+---
+name: docker
+description: Generate Dockerfile and docker-compose
+---
+
+Analyze the project and create:
+
+1. **Dockerfile** - multi-stage build, minimal image, non-root user
+2. **docker-compose.yml** - if multiple services needed
+3. **.dockerignore** - exclude unnecessary files
+
+Optimize for:
+- Small image size
+- Fast builds (layer caching)
+- Security (non-root, no secrets in image)

package/skills/doc/api.md

@@ -0,0 +1,15 @@
+---
+name: api
+description: Generate API documentation
+---
+
+Read {{input}} and generate API documentation:
+
+For each endpoint/function:
+- Method + path (or function signature)
+- Description
+- Parameters (name, type, required, description)
+- Request body example
+- Response example
+- Error codes
+- Usage example (curl or code)

package/skills/doc/readme.md

@@ -0,0 +1,29 @@
+---
+name: readme
+description: Generate or update README.md
+---
+
+Read the project structure and code, then generate a comprehensive README.md:
+
+# Project Name
+- Badge placeholders
+
+## Overview
+- What this project does
+
+## Install
+- Step by step
+
+## Usage
+- Code examples
+
+## Configuration
+- Environment variables, config files
+
+## API / Commands
+- Available endpoints or CLI commands
+
+## Development
+- How to set up dev environment, run tests
+
+## License

package/skills/git/changelog.md

@@ -0,0 +1,16 @@
+---
+name: changelog
+description: Generate changelog from git history
+---
+
+Generate CHANGELOG.md:
+
+1. Read git log: `git log --oneline --since="last month"` (or {{input}} range)
+2. Categorize commits:
+   - Features (feat:)
+   - Bug Fixes (fix:)
+   - Breaking Changes (breaking:)
+   - Other (refactor, docs, chore)
+3. Format as Keep a Changelog standard
+4. Include date and version if tagged
+5. Write/update CHANGELOG.md

package/skills/git/commit.md

@@ -0,0 +1,12 @@
+---
+name: commit
+description: Smart git commit with auto-generated message
+---
+
+1. Run `git diff --staged` and `git diff` to see all changes
+2. If nothing staged, run `git add -A`
+3. Write a clear commit message:
+   - First line: type(scope): summary (under 72 chars)
+   - Types: feat, fix, refactor, docs, test, chore
+   - Body: what changed and why
+4. Commit with the message

package/skills/git/pr.md

@@ -0,0 +1,17 @@
+---
+name: pr
+description: Create a pull request with summary
+---
+
+1. Check current branch and commits ahead of main
+2. Run `git diff main...HEAD` to see all changes
+3. Write a PR description:
+   ## Summary
+   - Bullet points of what changed
+   
+   ## Changes
+   - File-by-file breakdown
+   
+   ## Testing
+   - How to test these changes
+4. Create PR using `gh pr create` if gh CLI is available

package/skills/security/audit.md

@@ -0,0 +1,24 @@
+---
+name: audit
+description: Security audit - OWASP top 10 scan
+---
+
+Security audit this project for OWASP Top 10:
+
+1. **Injection** - SQL, NoSQL, OS command, LDAP
+2. **Broken Auth** - weak passwords, session management
+3. **Sensitive Data** - exposed secrets, unencrypted data
+4. **XXE** - XML external entity
+5. **Broken Access Control** - privilege escalation, IDOR
+6. **Misconfig** - default credentials, verbose errors, open CORS
+7. **XSS** - reflected, stored, DOM-based
+8. **Insecure Deserialization** - pickle, yaml.load, JSON parse
+9. **Known Vulnerabilities** - outdated dependencies
+10. **Logging** - insufficient logging, log injection
+
+Also check for:
+- Hardcoded secrets (API keys, passwords, tokens)
+- .env files in git
+- Unsafe file operations
+
+Output: severity, file:line, description, fix.

package/skills/security/secrets.md

@@ -0,0 +1,13 @@
+---
+name: secrets
+description: Scan for hardcoded secrets and credentials
+---
+
+Scan entire project for hardcoded secrets:
+
+1. Search for patterns: API keys, tokens, passwords, connection strings
+2. Check: .env files, config files, source code, scripts
+3. Check .gitignore covers sensitive files
+4. Verify no secrets in git history: `git log -p | grep -i "password\|secret\|api.key\|token"`
+5. Suggest: use environment variables or secret manager
+6. Create/update .gitignore if needed

package/tooncode.cmd

@@ -0,0 +1,2 @@
+@echo off
+python -m tooncode %*