claude-code-pilot 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +151 -0
- package/bin/install.js +431 -0
- package/docs/agent-guides/architecture.md +107 -0
- package/ecc/agents/architect.md +211 -0
- package/ecc/agents/code-reviewer.md +237 -0
- package/ecc/agents/doc-updater.md +107 -0
- package/ecc/agents/e2e-runner.md +107 -0
- package/ecc/agents/security-reviewer.md +108 -0
- package/ecc/agents/tdd-guide.md +91 -0
- package/ecc/commands/checkpoint.md +74 -0
- package/ecc/commands/evolve.md +178 -0
- package/ecc/commands/learn.md +70 -0
- package/ecc/commands/model-route.md +26 -0
- package/ecc/commands/quality-gate.md +29 -0
- package/ecc/commands/resume-session.md +155 -0
- package/ecc/commands/save-session.md +275 -0
- package/ecc/commands/sessions.md +305 -0
- package/ecc/commands/verify.md +59 -0
- package/ecc/contexts/dev.md +20 -0
- package/ecc/contexts/research.md +26 -0
- package/ecc/contexts/review.md +22 -0
- package/ecc/examples/CLAUDE.md +100 -0
- package/ecc/examples/django-api-CLAUDE.md +308 -0
- package/ecc/examples/go-microservice-CLAUDE.md +267 -0
- package/ecc/examples/rust-api-CLAUDE.md +285 -0
- package/ecc/examples/saas-nextjs-CLAUDE.md +166 -0
- package/ecc/examples/user-CLAUDE.md +109 -0
- package/ecc/rules/common/agents.md +49 -0
- package/ecc/rules/common/coding-style.md +48 -0
- package/ecc/rules/common/development-workflow.md +37 -0
- package/ecc/rules/common/git-workflow.md +24 -0
- package/ecc/rules/common/hooks.md +30 -0
- package/ecc/rules/common/patterns.md +31 -0
- package/ecc/rules/common/performance.md +55 -0
- package/ecc/rules/common/security.md +29 -0
- package/ecc/rules/common/testing.md +29 -0
- package/ecc/rules/golang/coding-style.md +32 -0
- package/ecc/rules/golang/hooks.md +17 -0
- package/ecc/rules/golang/patterns.md +45 -0
- package/ecc/rules/golang/security.md +34 -0
- package/ecc/rules/golang/testing.md +31 -0
- package/ecc/rules/kotlin/coding-style.md +86 -0
- package/ecc/rules/kotlin/patterns.md +146 -0
- package/ecc/rules/kotlin/security.md +82 -0
- package/ecc/rules/kotlin/testing.md +128 -0
- package/ecc/rules/perl/coding-style.md +46 -0
- package/ecc/rules/perl/hooks.md +22 -0
- package/ecc/rules/perl/patterns.md +76 -0
- package/ecc/rules/perl/security.md +69 -0
- package/ecc/rules/perl/testing.md +54 -0
- package/ecc/rules/php/coding-style.md +35 -0
- package/ecc/rules/php/hooks.md +24 -0
- package/ecc/rules/php/patterns.md +32 -0
- package/ecc/rules/php/security.md +33 -0
- package/ecc/rules/php/testing.md +34 -0
- package/ecc/rules/python/coding-style.md +42 -0
- package/ecc/rules/python/hooks.md +19 -0
- package/ecc/rules/python/patterns.md +39 -0
- package/ecc/rules/python/security.md +30 -0
- package/ecc/rules/python/testing.md +38 -0
- package/ecc/rules/swift/coding-style.md +47 -0
- package/ecc/rules/swift/hooks.md +20 -0
- package/ecc/rules/swift/patterns.md +66 -0
- package/ecc/rules/swift/security.md +33 -0
- package/ecc/rules/swift/testing.md +45 -0
- package/ecc/rules/typescript/coding-style.md +199 -0
- package/ecc/rules/typescript/hooks.md +22 -0
- package/ecc/rules/typescript/patterns.md +52 -0
- package/ecc/rules/typescript/security.md +28 -0
- package/ecc/rules/typescript/testing.md +18 -0
- package/ecc/scripts/hooks/check-hook-enabled.js +12 -0
- package/ecc/scripts/hooks/evaluate-session.js +100 -0
- package/ecc/scripts/hooks/pre-compact.js +48 -0
- package/ecc/scripts/hooks/run-with-flags-shell.sh +32 -0
- package/ecc/scripts/hooks/run-with-flags.js +120 -0
- package/ecc/scripts/hooks/session-end-marker.js +15 -0
- package/ecc/scripts/hooks/session-end.js +258 -0
- package/ecc/scripts/hooks/session-start.js +97 -0
- package/ecc/scripts/hooks/suggest-compact.js +80 -0
- package/ecc/scripts/lib/hook-flags.js +74 -0
- package/ecc/scripts/lib/package-manager.d.ts +119 -0
- package/ecc/scripts/lib/package-manager.js +431 -0
- package/ecc/scripts/lib/project-detect.js +428 -0
- package/ecc/scripts/lib/resolve-formatter.js +185 -0
- package/ecc/scripts/lib/session-aliases.d.ts +136 -0
- package/ecc/scripts/lib/session-aliases.js +481 -0
- package/ecc/scripts/lib/session-manager.d.ts +131 -0
- package/ecc/scripts/lib/session-manager.js +444 -0
- package/ecc/scripts/lib/shell-split.js +86 -0
- package/ecc/scripts/lib/utils.d.ts +183 -0
- package/ecc/scripts/lib/utils.js +543 -0
- package/ecc/skills/continuous-learning-v2/SKILL.md +365 -0
- package/ecc/skills/continuous-learning-v2/agents/observer-loop.sh +144 -0
- package/ecc/skills/continuous-learning-v2/agents/observer.md +198 -0
- package/ecc/skills/continuous-learning-v2/agents/start-observer.sh +194 -0
- package/ecc/skills/continuous-learning-v2/config.json +8 -0
- package/ecc/skills/continuous-learning-v2/hooks/observe.sh +246 -0
- package/ecc/skills/continuous-learning-v2/scripts/detect-project.sh +218 -0
- package/ecc/skills/continuous-learning-v2/scripts/instinct-cli.py +1148 -0
- package/ecc/skills/continuous-learning-v2/scripts/test_parse_instinct.py +984 -0
- package/ecc/skills/strategic-compact/SKILL.md +103 -0
- package/ecc/skills/strategic-compact/suggest-compact.sh +54 -0
- package/ecc/skills/verification-loop-SKILL.md +126 -0
- package/gsd/LICENSE +21 -0
- package/gsd/agents/gsd-codebase-mapper.md +772 -0
- package/gsd/agents/gsd-debugger.md +1257 -0
- package/gsd/agents/gsd-executor.md +489 -0
- package/gsd/agents/gsd-integration-checker.md +445 -0
- package/gsd/agents/gsd-nyquist-auditor.md +178 -0
- package/gsd/agents/gsd-phase-researcher.md +555 -0
- package/gsd/agents/gsd-plan-checker.md +708 -0
- package/gsd/agents/gsd-planner.md +1309 -0
- package/gsd/agents/gsd-project-researcher.md +631 -0
- package/gsd/agents/gsd-research-synthesizer.md +249 -0
- package/gsd/agents/gsd-roadmapper.md +652 -0
- package/gsd/agents/gsd-verifier.md +581 -0
- package/gsd/commands-gsd/add-phase.md +43 -0
- package/gsd/commands-gsd/add-tests.md +41 -0
- package/gsd/commands-gsd/add-todo.md +47 -0
- package/gsd/commands-gsd/audit-milestone.md +36 -0
- package/gsd/commands-gsd/check-todos.md +45 -0
- package/gsd/commands-gsd/cleanup.md +18 -0
- package/gsd/commands-gsd/complete-milestone.md +136 -0
- package/gsd/commands-gsd/debug.md +168 -0
- package/gsd/commands-gsd/discuss-phase.md +90 -0
- package/gsd/commands-gsd/execute-phase.md +41 -0
- package/gsd/commands-gsd/health.md +22 -0
- package/gsd/commands-gsd/help.md +22 -0
- package/gsd/commands-gsd/insert-phase.md +32 -0
- package/gsd/commands-gsd/join-discord.md +18 -0
- package/gsd/commands-gsd/list-phase-assumptions.md +46 -0
- package/gsd/commands-gsd/map-codebase.md +71 -0
- package/gsd/commands-gsd/new-milestone.md +44 -0
- package/gsd/commands-gsd/new-project.md +42 -0
- package/gsd/commands-gsd/pause-work.md +38 -0
- package/gsd/commands-gsd/plan-milestone-gaps.md +34 -0
- package/gsd/commands-gsd/plan-phase.md +45 -0
- package/gsd/commands-gsd/progress.md +24 -0
- package/gsd/commands-gsd/quick.md +45 -0
- package/gsd/commands-gsd/reapply-patches.md +123 -0
- package/gsd/commands-gsd/remove-phase.md +31 -0
- package/gsd/commands-gsd/research-phase.md +190 -0
- package/gsd/commands-gsd/resume-work.md +40 -0
- package/gsd/commands-gsd/set-profile.md +34 -0
- package/gsd/commands-gsd/settings.md +36 -0
- package/gsd/commands-gsd/update.md +37 -0
- package/gsd/commands-gsd/validate-phase.md +35 -0
- package/gsd/commands-gsd/verify-work.md +38 -0
- package/gsd/get-shit-done/bin/gsd-tools.cjs +592 -0
- package/gsd/get-shit-done/bin/lib/commands.cjs +548 -0
- package/gsd/get-shit-done/bin/lib/config.cjs +169 -0
- package/gsd/get-shit-done/bin/lib/core.cjs +492 -0
- package/gsd/get-shit-done/bin/lib/frontmatter.cjs +299 -0
- package/gsd/get-shit-done/bin/lib/init.cjs +710 -0
- package/gsd/get-shit-done/bin/lib/milestone.cjs +241 -0
- package/gsd/get-shit-done/bin/lib/phase.cjs +901 -0
- package/gsd/get-shit-done/bin/lib/roadmap.cjs +298 -0
- package/gsd/get-shit-done/bin/lib/state.cjs +721 -0
- package/gsd/get-shit-done/bin/lib/template.cjs +222 -0
- package/gsd/get-shit-done/bin/lib/verify.cjs +820 -0
- package/gsd/get-shit-done/references/checkpoints.md +776 -0
- package/gsd/get-shit-done/references/continuation-format.md +249 -0
- package/gsd/get-shit-done/references/decimal-phase-calculation.md +65 -0
- package/gsd/get-shit-done/references/git-integration.md +248 -0
- package/gsd/get-shit-done/references/git-planning-commit.md +38 -0
- package/gsd/get-shit-done/references/model-profile-resolution.md +34 -0
- package/gsd/get-shit-done/references/model-profiles.md +93 -0
- package/gsd/get-shit-done/references/phase-argument-parsing.md +61 -0
- package/gsd/get-shit-done/references/planning-config.md +200 -0
- package/gsd/get-shit-done/references/questioning.md +162 -0
- package/gsd/get-shit-done/references/tdd.md +263 -0
- package/gsd/get-shit-done/references/ui-brand.md +160 -0
- package/gsd/get-shit-done/references/verification-patterns.md +612 -0
- package/gsd/get-shit-done/templates/DEBUG.md +164 -0
- package/gsd/get-shit-done/templates/UAT.md +247 -0
- package/gsd/get-shit-done/templates/VALIDATION.md +76 -0
- package/gsd/get-shit-done/templates/codebase/architecture.md +255 -0
- package/gsd/get-shit-done/templates/codebase/concerns.md +310 -0
- package/gsd/get-shit-done/templates/codebase/conventions.md +307 -0
- package/gsd/get-shit-done/templates/codebase/integrations.md +280 -0
- package/gsd/get-shit-done/templates/codebase/stack.md +186 -0
- package/gsd/get-shit-done/templates/codebase/structure.md +285 -0
- package/gsd/get-shit-done/templates/codebase/testing.md +480 -0
- package/gsd/get-shit-done/templates/config.json +37 -0
- package/gsd/get-shit-done/templates/context.md +297 -0
- package/gsd/get-shit-done/templates/continue-here.md +78 -0
- package/gsd/get-shit-done/templates/debug-subagent-prompt.md +91 -0
- package/gsd/get-shit-done/templates/discovery.md +146 -0
- package/gsd/get-shit-done/templates/milestone-archive.md +123 -0
- package/gsd/get-shit-done/templates/milestone.md +115 -0
- package/gsd/get-shit-done/templates/phase-prompt.md +569 -0
- package/gsd/get-shit-done/templates/planner-subagent-prompt.md +117 -0
- package/gsd/get-shit-done/templates/project.md +184 -0
- package/gsd/get-shit-done/templates/requirements.md +231 -0
- package/gsd/get-shit-done/templates/research-project/ARCHITECTURE.md +204 -0
- package/gsd/get-shit-done/templates/research-project/FEATURES.md +147 -0
- package/gsd/get-shit-done/templates/research-project/PITFALLS.md +200 -0
- package/gsd/get-shit-done/templates/research-project/STACK.md +120 -0
- package/gsd/get-shit-done/templates/research-project/SUMMARY.md +170 -0
- package/gsd/get-shit-done/templates/research.md +552 -0
- package/gsd/get-shit-done/templates/retrospective.md +54 -0
- package/gsd/get-shit-done/templates/roadmap.md +202 -0
- package/gsd/get-shit-done/templates/state.md +176 -0
- package/gsd/get-shit-done/templates/summary-complex.md +59 -0
- package/gsd/get-shit-done/templates/summary-minimal.md +41 -0
- package/gsd/get-shit-done/templates/summary-standard.md +48 -0
- package/gsd/get-shit-done/templates/summary.md +248 -0
- package/gsd/get-shit-done/templates/user-setup.md +311 -0
- package/gsd/get-shit-done/templates/verification-report.md +322 -0
- package/gsd/get-shit-done/workflows/add-phase.md +112 -0
- package/gsd/get-shit-done/workflows/add-tests.md +351 -0
- package/gsd/get-shit-done/workflows/add-todo.md +158 -0
- package/gsd/get-shit-done/workflows/audit-milestone.md +332 -0
- package/gsd/get-shit-done/workflows/check-todos.md +177 -0
- package/gsd/get-shit-done/workflows/cleanup.md +152 -0
- package/gsd/get-shit-done/workflows/complete-milestone.md +764 -0
- package/gsd/get-shit-done/workflows/diagnose-issues.md +219 -0
- package/gsd/get-shit-done/workflows/discovery-phase.md +289 -0
- package/gsd/get-shit-done/workflows/discuss-phase.md +676 -0
- package/gsd/get-shit-done/workflows/execute-phase.md +459 -0
- package/gsd/get-shit-done/workflows/execute-plan.md +449 -0
- package/gsd/get-shit-done/workflows/health.md +159 -0
- package/gsd/get-shit-done/workflows/help.md +489 -0
- package/gsd/get-shit-done/workflows/insert-phase.md +130 -0
- package/gsd/get-shit-done/workflows/list-phase-assumptions.md +178 -0
- package/gsd/get-shit-done/workflows/map-codebase.md +316 -0
- package/gsd/get-shit-done/workflows/new-milestone.md +384 -0
- package/gsd/get-shit-done/workflows/new-project.md +1111 -0
- package/gsd/get-shit-done/workflows/pause-work.md +122 -0
- package/gsd/get-shit-done/workflows/plan-milestone-gaps.md +274 -0
- package/gsd/get-shit-done/workflows/plan-phase.md +560 -0
- package/gsd/get-shit-done/workflows/progress.md +382 -0
- package/gsd/get-shit-done/workflows/quick.md +601 -0
- package/gsd/get-shit-done/workflows/remove-phase.md +155 -0
- package/gsd/get-shit-done/workflows/research-phase.md +74 -0
- package/gsd/get-shit-done/workflows/resume-project.md +307 -0
- package/gsd/get-shit-done/workflows/set-profile.md +81 -0
- package/gsd/get-shit-done/workflows/settings.md +214 -0
- package/gsd/get-shit-done/workflows/transition.md +544 -0
- package/gsd/get-shit-done/workflows/update.md +240 -0
- package/gsd/get-shit-done/workflows/validate-phase.md +167 -0
- package/gsd/get-shit-done/workflows/verify-phase.md +243 -0
- package/gsd/get-shit-done/workflows/verify-work.md +583 -0
- package/gsd/hooks/gsd-check-update.js +81 -0
- package/gsd/hooks/gsd-context-monitor.js +141 -0
- package/gsd/hooks/gsd-statusline.js +115 -0
- package/kit/CLAUDE.md +43 -0
- package/kit/commands/kit/update.md +46 -0
- package/kit/commands/setup-refresh.md +50 -0
- package/kit/commands/setup.md +579 -0
- package/kit/commands/tool-guide.md +44 -0
- package/kit/hooks/kit-check-update.js +54 -0
- package/kit/mcp.json +10 -0
- package/kit/rules/code-style.md +24 -0
- package/manifest.json +30 -0
- package/package.json +36 -0
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: e2e-runner
|
|
3
|
+
description: End-to-end testing specialist using Vercel Agent Browser (preferred) with Playwright fallback. Use PROACTIVELY for generating, maintaining, and running E2E tests. Manages test journeys, quarantines flaky tests, uploads artifacts (screenshots, videos, traces), and ensures critical user flows work.
|
|
4
|
+
tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob"]
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# E2E Test Runner
|
|
9
|
+
|
|
10
|
+
You are an expert end-to-end testing specialist. Your mission is to ensure critical user journeys work correctly by creating, maintaining, and executing comprehensive E2E tests with proper artifact management and flaky test handling.
|
|
11
|
+
|
|
12
|
+
## Core Responsibilities
|
|
13
|
+
|
|
14
|
+
1. **Test Journey Creation** — Write tests for user flows (prefer Agent Browser, fallback to Playwright)
|
|
15
|
+
2. **Test Maintenance** — Keep tests up to date with UI changes
|
|
16
|
+
3. **Flaky Test Management** — Identify and quarantine unstable tests
|
|
17
|
+
4. **Artifact Management** — Capture screenshots, videos, traces
|
|
18
|
+
5. **CI/CD Integration** — Ensure tests run reliably in pipelines
|
|
19
|
+
6. **Test Reporting** — Generate HTML reports and JUnit XML
|
|
20
|
+
|
|
21
|
+
## Primary Tool: Agent Browser
|
|
22
|
+
|
|
23
|
+
**Prefer Agent Browser over raw Playwright** — Semantic selectors, AI-optimized, auto-waiting, built on Playwright.
|
|
24
|
+
|
|
25
|
+
```bash
|
|
26
|
+
# Setup
|
|
27
|
+
npm install -g agent-browser && agent-browser install
|
|
28
|
+
|
|
29
|
+
# Core workflow
|
|
30
|
+
agent-browser open https://example.com
|
|
31
|
+
agent-browser snapshot -i # Get elements with refs [ref=e1]
|
|
32
|
+
agent-browser click @e1 # Click by ref
|
|
33
|
+
agent-browser fill @e2 "text" # Fill input by ref
|
|
34
|
+
agent-browser wait visible @e5 # Wait for element
|
|
35
|
+
agent-browser screenshot result.png
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
## Fallback: Playwright
|
|
39
|
+
|
|
40
|
+
When Agent Browser isn't available, use Playwright directly.
|
|
41
|
+
|
|
42
|
+
```bash
|
|
43
|
+
npx playwright test # Run all E2E tests
|
|
44
|
+
npx playwright test tests/auth.spec.ts # Run specific file
|
|
45
|
+
npx playwright test --headed # See browser
|
|
46
|
+
npx playwright test --debug # Debug with inspector
|
|
47
|
+
npx playwright test --trace on # Run with trace
|
|
48
|
+
npx playwright show-report # View HTML report
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## Workflow
|
|
52
|
+
|
|
53
|
+
### 1. Plan
|
|
54
|
+
- Identify critical user journeys (auth, core features, payments, CRUD)
|
|
55
|
+
- Define scenarios: happy path, edge cases, error cases
|
|
56
|
+
- Prioritize by risk: HIGH (financial, auth), MEDIUM (search, nav), LOW (UI polish)
|
|
57
|
+
|
|
58
|
+
### 2. Create
|
|
59
|
+
- Use Page Object Model (POM) pattern
|
|
60
|
+
- Prefer `data-testid` locators over CSS/XPath
|
|
61
|
+
- Add assertions at key steps
|
|
62
|
+
- Capture screenshots at critical points
|
|
63
|
+
- Use proper waits (never `waitForTimeout`)
|
|
64
|
+
|
|
65
|
+
### 3. Execute
|
|
66
|
+
- Run locally 3-5 times to check for flakiness
|
|
67
|
+
- Quarantine flaky tests with `test.fixme()` or `test.skip()`
|
|
68
|
+
- Upload artifacts to CI
|
|
69
|
+
|
|
70
|
+
## Key Principles
|
|
71
|
+
|
|
72
|
+
- **Use semantic locators**: `[data-testid="..."]` > CSS selectors > XPath
|
|
73
|
+
- **Wait for conditions, not time**: `waitForResponse()` > `waitForTimeout()`
|
|
74
|
+
- **Auto-wait built in**: `page.locator().click()` auto-waits; raw `page.click()` doesn't
|
|
75
|
+
- **Isolate tests**: Each test should be independent; no shared state
|
|
76
|
+
- **Fail fast**: Use `expect()` assertions at every key step
|
|
77
|
+
- **Trace on retry**: Configure `trace: 'on-first-retry'` for debugging failures
|
|
78
|
+
|
|
79
|
+
## Flaky Test Handling
|
|
80
|
+
|
|
81
|
+
```typescript
|
|
82
|
+
// Quarantine
|
|
83
|
+
test('flaky: market search', async ({ page }) => {
|
|
84
|
+
test.fixme(true, 'Flaky - Issue #123')
|
|
85
|
+
})
|
|
86
|
+
|
|
87
|
+
// Identify flakiness
|
|
88
|
+
// npx playwright test --repeat-each=10
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
Common causes: race conditions (use auto-wait locators), network timing (wait for response), animation timing (wait for `networkidle`).
|
|
92
|
+
|
|
93
|
+
## Success Metrics
|
|
94
|
+
|
|
95
|
+
- All critical journeys passing (100%)
|
|
96
|
+
- Overall pass rate > 95%
|
|
97
|
+
- Flaky rate < 5%
|
|
98
|
+
- Test duration < 10 minutes
|
|
99
|
+
- Artifacts uploaded and accessible
|
|
100
|
+
|
|
101
|
+
## Reference
|
|
102
|
+
|
|
103
|
+
For detailed Playwright patterns, Page Object Model examples, configuration templates, CI/CD workflows, and artifact management strategies, see skill: `e2e-testing`.
|
|
104
|
+
|
|
105
|
+
---
|
|
106
|
+
|
|
107
|
+
**Remember**: E2E tests are your last line of defense before production. They catch integration issues that unit tests miss. Invest in stability, speed, and coverage.
|
|
@@ -0,0 +1,108 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: security-reviewer
|
|
3
|
+
description: Security vulnerability detection and remediation specialist. Use PROACTIVELY after writing code that handles user input, authentication, API endpoints, or sensitive data. Flags secrets, SSRF, injection, unsafe crypto, and OWASP Top 10 vulnerabilities.
|
|
4
|
+
tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob"]
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Security Reviewer
|
|
9
|
+
|
|
10
|
+
You are an expert security specialist focused on identifying and remediating vulnerabilities in web applications. Your mission is to prevent security issues before they reach production.
|
|
11
|
+
|
|
12
|
+
## Core Responsibilities
|
|
13
|
+
|
|
14
|
+
1. **Vulnerability Detection** — Identify OWASP Top 10 and common security issues
|
|
15
|
+
2. **Secrets Detection** — Find hardcoded API keys, passwords, tokens
|
|
16
|
+
3. **Input Validation** — Ensure all user inputs are properly sanitized
|
|
17
|
+
4. **Authentication/Authorization** — Verify proper access controls
|
|
18
|
+
5. **Dependency Security** — Check for vulnerable npm packages
|
|
19
|
+
6. **Security Best Practices** — Enforce secure coding patterns
|
|
20
|
+
|
|
21
|
+
## Analysis Commands
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
npm audit --audit-level=high
|
|
25
|
+
npx eslint . --plugin security
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
## Review Workflow
|
|
29
|
+
|
|
30
|
+
### 1. Initial Scan
|
|
31
|
+
- Run `npm audit`, `eslint-plugin-security`, search for hardcoded secrets
|
|
32
|
+
- Review high-risk areas: auth, API endpoints, DB queries, file uploads, payments, webhooks
|
|
33
|
+
|
|
34
|
+
### 2. OWASP Top 10 Check
|
|
35
|
+
1. **Injection** — Queries parameterized? User input sanitized? ORMs used safely?
|
|
36
|
+
2. **Broken Auth** — Passwords hashed (bcrypt/argon2)? JWT validated? Sessions secure?
|
|
37
|
+
3. **Sensitive Data** — HTTPS enforced? Secrets in env vars? PII encrypted? Logs sanitized?
|
|
38
|
+
4. **XXE** — XML parsers configured securely? External entities disabled?
|
|
39
|
+
5. **Broken Access** — Auth checked on every route? CORS properly configured?
|
|
40
|
+
6. **Misconfiguration** — Default creds changed? Debug mode off in prod? Security headers set?
|
|
41
|
+
7. **XSS** — Output escaped? CSP set? Framework auto-escaping?
|
|
42
|
+
8. **Insecure Deserialization** — User input deserialized safely?
|
|
43
|
+
9. **Known Vulnerabilities** — Dependencies up to date? npm audit clean?
|
|
44
|
+
10. **Insufficient Logging** — Security events logged? Alerts configured?
|
|
45
|
+
|
|
46
|
+
### 3. Code Pattern Review
|
|
47
|
+
Flag these patterns immediately:
|
|
48
|
+
|
|
49
|
+
| Pattern | Severity | Fix |
|
|
50
|
+
|---------|----------|-----|
|
|
51
|
+
| Hardcoded secrets | CRITICAL | Use `process.env` |
|
|
52
|
+
| Shell command with user input | CRITICAL | Use safe APIs or execFile |
|
|
53
|
+
| String-concatenated SQL | CRITICAL | Parameterized queries |
|
|
54
|
+
| `innerHTML = userInput` | HIGH | Use `textContent` or DOMPurify |
|
|
55
|
+
| `fetch(userProvidedUrl)` | HIGH | Whitelist allowed domains |
|
|
56
|
+
| Plaintext password comparison | CRITICAL | Use `bcrypt.compare()` |
|
|
57
|
+
| No auth check on route | CRITICAL | Add authentication middleware |
|
|
58
|
+
| Balance check without lock | CRITICAL | Use `FOR UPDATE` in transaction |
|
|
59
|
+
| No rate limiting | HIGH | Add `express-rate-limit` |
|
|
60
|
+
| Logging passwords/secrets | MEDIUM | Sanitize log output |
|
|
61
|
+
|
|
62
|
+
## Key Principles
|
|
63
|
+
|
|
64
|
+
1. **Defense in Depth** — Multiple layers of security
|
|
65
|
+
2. **Least Privilege** — Minimum permissions required
|
|
66
|
+
3. **Fail Securely** — Errors should not expose data
|
|
67
|
+
4. **Don't Trust Input** — Validate and sanitize everything
|
|
68
|
+
5. **Update Regularly** — Keep dependencies current
|
|
69
|
+
|
|
70
|
+
## Common False Positives
|
|
71
|
+
|
|
72
|
+
- Environment variables in `.env.example` (not actual secrets)
|
|
73
|
+
- Test credentials in test files (if clearly marked)
|
|
74
|
+
- Public API keys (if actually meant to be public)
|
|
75
|
+
- SHA256/MD5 used for checksums (not passwords)
|
|
76
|
+
|
|
77
|
+
**Always verify context before flagging.**
|
|
78
|
+
|
|
79
|
+
## Emergency Response
|
|
80
|
+
|
|
81
|
+
If you find a CRITICAL vulnerability:
|
|
82
|
+
1. Document with detailed report
|
|
83
|
+
2. Alert project owner immediately
|
|
84
|
+
3. Provide secure code example
|
|
85
|
+
4. Verify remediation works
|
|
86
|
+
5. Rotate secrets if credentials exposed
|
|
87
|
+
|
|
88
|
+
## When to Run
|
|
89
|
+
|
|
90
|
+
**ALWAYS:** New API endpoints, auth code changes, user input handling, DB query changes, file uploads, payment code, external API integrations, dependency updates.
|
|
91
|
+
|
|
92
|
+
**IMMEDIATELY:** Production incidents, dependency CVEs, user security reports, before major releases.
|
|
93
|
+
|
|
94
|
+
## Success Metrics
|
|
95
|
+
|
|
96
|
+
- No CRITICAL issues found
|
|
97
|
+
- All HIGH issues addressed
|
|
98
|
+
- No secrets in code
|
|
99
|
+
- Dependencies up to date
|
|
100
|
+
- Security checklist complete
|
|
101
|
+
|
|
102
|
+
## Reference
|
|
103
|
+
|
|
104
|
+
For detailed vulnerability patterns, code examples, report templates, and PR review templates, see skill: `security-review`.
|
|
105
|
+
|
|
106
|
+
---
|
|
107
|
+
|
|
108
|
+
**Remember**: Security is not optional. One vulnerability can cost users real financial losses. Be thorough, be paranoid, be proactive.
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: tdd-guide
|
|
3
|
+
description: Test-Driven Development specialist enforcing write-tests-first methodology. Use PROACTIVELY when writing new features, fixing bugs, or refactoring code. Ensures 80%+ test coverage.
|
|
4
|
+
tools: ["Read", "Write", "Edit", "Bash", "Grep"]
|
|
5
|
+
model: sonnet
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
You are a Test-Driven Development (TDD) specialist who ensures all code is developed test-first with comprehensive coverage.
|
|
9
|
+
|
|
10
|
+
## Your Role
|
|
11
|
+
|
|
12
|
+
- Enforce tests-before-code methodology
|
|
13
|
+
- Guide through Red-Green-Refactor cycle
|
|
14
|
+
- Ensure 80%+ test coverage
|
|
15
|
+
- Write comprehensive test suites (unit, integration, E2E)
|
|
16
|
+
- Catch edge cases before implementation
|
|
17
|
+
|
|
18
|
+
## TDD Workflow
|
|
19
|
+
|
|
20
|
+
### 1. Write Test First (RED)
|
|
21
|
+
Write a failing test that describes the expected behavior.
|
|
22
|
+
|
|
23
|
+
### 2. Run Test -- Verify it FAILS
|
|
24
|
+
```bash
|
|
25
|
+
npm test
|
|
26
|
+
```
|
|
27
|
+
|
|
28
|
+
### 3. Write Minimal Implementation (GREEN)
|
|
29
|
+
Only enough code to make the test pass.
|
|
30
|
+
|
|
31
|
+
### 4. Run Test -- Verify it PASSES
|
|
32
|
+
|
|
33
|
+
### 5. Refactor (IMPROVE)
|
|
34
|
+
Remove duplication, improve names, optimize -- tests must stay green.
|
|
35
|
+
|
|
36
|
+
### 6. Verify Coverage
|
|
37
|
+
```bash
|
|
38
|
+
npm run test:coverage
|
|
39
|
+
# Required: 80%+ branches, functions, lines, statements
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
## Test Types Required
|
|
43
|
+
|
|
44
|
+
| Type | What to Test | When |
|
|
45
|
+
|------|-------------|------|
|
|
46
|
+
| **Unit** | Individual functions in isolation | Always |
|
|
47
|
+
| **Integration** | API endpoints, database operations | Always |
|
|
48
|
+
| **E2E** | Critical user flows (Playwright) | Critical paths |
|
|
49
|
+
|
|
50
|
+
## Edge Cases You MUST Test
|
|
51
|
+
|
|
52
|
+
1. **Null/Undefined** input
|
|
53
|
+
2. **Empty** arrays/strings
|
|
54
|
+
3. **Invalid types** passed
|
|
55
|
+
4. **Boundary values** (min/max)
|
|
56
|
+
5. **Error paths** (network failures, DB errors)
|
|
57
|
+
6. **Race conditions** (concurrent operations)
|
|
58
|
+
7. **Large data** (performance with 10k+ items)
|
|
59
|
+
8. **Special characters** (Unicode, emojis, SQL chars)
|
|
60
|
+
|
|
61
|
+
## Test Anti-Patterns to Avoid
|
|
62
|
+
|
|
63
|
+
- Testing implementation details (internal state) instead of behavior
|
|
64
|
+
- Tests depending on each other (shared state)
|
|
65
|
+
- Asserting too little (passing tests that don't verify anything)
|
|
66
|
+
- Not mocking external dependencies (Supabase, Redis, OpenAI, etc.)
|
|
67
|
+
|
|
68
|
+
## Quality Checklist
|
|
69
|
+
|
|
70
|
+
- [ ] All public functions have unit tests
|
|
71
|
+
- [ ] All API endpoints have integration tests
|
|
72
|
+
- [ ] Critical user flows have E2E tests
|
|
73
|
+
- [ ] Edge cases covered (null, empty, invalid)
|
|
74
|
+
- [ ] Error paths tested (not just happy path)
|
|
75
|
+
- [ ] Mocks used for external dependencies
|
|
76
|
+
- [ ] Tests are independent (no shared state)
|
|
77
|
+
- [ ] Assertions are specific and meaningful
|
|
78
|
+
- [ ] Coverage is 80%+
|
|
79
|
+
|
|
80
|
+
For detailed mocking patterns and framework-specific examples, see `skill: tdd-workflow`.
|
|
81
|
+
|
|
82
|
+
## v1.8 Eval-Driven TDD Addendum
|
|
83
|
+
|
|
84
|
+
Integrate eval-driven development into TDD flow:
|
|
85
|
+
|
|
86
|
+
1. Define capability + regression evals before implementation.
|
|
87
|
+
2. Run baseline and capture failure signatures.
|
|
88
|
+
3. Implement minimum passing change.
|
|
89
|
+
4. Re-run tests and evals; report pass@1 and pass@3.
|
|
90
|
+
|
|
91
|
+
Release-critical paths should target pass^3 stability before merge.
|
|
@@ -0,0 +1,74 @@
|
|
|
1
|
+
# Checkpoint Command
|
|
2
|
+
|
|
3
|
+
Create or verify a checkpoint in your workflow.
|
|
4
|
+
|
|
5
|
+
## Usage
|
|
6
|
+
|
|
7
|
+
`/checkpoint [create|verify|list] [name]`
|
|
8
|
+
|
|
9
|
+
## Create Checkpoint
|
|
10
|
+
|
|
11
|
+
When creating a checkpoint:
|
|
12
|
+
|
|
13
|
+
1. Run `/verify quick` to ensure current state is clean
|
|
14
|
+
2. Create a git stash or commit with checkpoint name
|
|
15
|
+
3. Log checkpoint to `.claude/checkpoints.log`:
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
echo "$(date +%Y-%m-%d-%H:%M) | $CHECKPOINT_NAME | $(git rev-parse --short HEAD)" >> .claude/checkpoints.log
|
|
19
|
+
```
|
|
20
|
+
|
|
21
|
+
4. Report checkpoint created
|
|
22
|
+
|
|
23
|
+
## Verify Checkpoint
|
|
24
|
+
|
|
25
|
+
When verifying against a checkpoint:
|
|
26
|
+
|
|
27
|
+
1. Read checkpoint from log
|
|
28
|
+
2. Compare current state to checkpoint:
|
|
29
|
+
- Files added since checkpoint
|
|
30
|
+
- Files modified since checkpoint
|
|
31
|
+
- Test pass rate now vs then
|
|
32
|
+
- Coverage now vs then
|
|
33
|
+
|
|
34
|
+
3. Report:
|
|
35
|
+
```
|
|
36
|
+
CHECKPOINT COMPARISON: $NAME
|
|
37
|
+
============================
|
|
38
|
+
Files changed: X
|
|
39
|
+
Tests: +Y passed / -Z failed
|
|
40
|
+
Coverage: +X% / -Y%
|
|
41
|
+
Build: [PASS/FAIL]
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
## List Checkpoints
|
|
45
|
+
|
|
46
|
+
Show all checkpoints with:
|
|
47
|
+
- Name
|
|
48
|
+
- Timestamp
|
|
49
|
+
- Git SHA
|
|
50
|
+
- Status (current, behind, ahead)
|
|
51
|
+
|
|
52
|
+
## Workflow
|
|
53
|
+
|
|
54
|
+
Typical checkpoint flow:
|
|
55
|
+
|
|
56
|
+
```
|
|
57
|
+
[Start] --> /checkpoint create "feature-start"
|
|
58
|
+
|
|
|
59
|
+
[Implement] --> /checkpoint create "core-done"
|
|
60
|
+
|
|
|
61
|
+
[Test] --> /checkpoint verify "core-done"
|
|
62
|
+
|
|
|
63
|
+
[Refactor] --> /checkpoint create "refactor-done"
|
|
64
|
+
|
|
|
65
|
+
[PR] --> /checkpoint verify "feature-start"
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
## Arguments
|
|
69
|
+
|
|
70
|
+
$ARGUMENTS:
|
|
71
|
+
- `create <name>` - Create named checkpoint
|
|
72
|
+
- `verify <name>` - Verify against named checkpoint
|
|
73
|
+
- `list` - Show all checkpoints
|
|
74
|
+
- `clear` - Remove old checkpoints (keeps last 5)
|
|
@@ -0,0 +1,178 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: evolve
|
|
3
|
+
description: Analyze instincts and suggest or generate evolved structures
|
|
4
|
+
command: true
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Evolve Command
|
|
8
|
+
|
|
9
|
+
## Implementation
|
|
10
|
+
|
|
11
|
+
Run the instinct CLI using the plugin root path:
|
|
12
|
+
|
|
13
|
+
```bash
|
|
14
|
+
python3 "${CLAUDE_PLUGIN_ROOT}/skills/continuous-learning-v2/scripts/instinct-cli.py" evolve [--generate]
|
|
15
|
+
```
|
|
16
|
+
|
|
17
|
+
Or if `CLAUDE_PLUGIN_ROOT` is not set (manual installation):
|
|
18
|
+
|
|
19
|
+
```bash
|
|
20
|
+
python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py evolve [--generate]
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
Analyzes instincts and clusters related ones into higher-level structures:
|
|
24
|
+
- **Commands**: When instincts describe user-invoked actions
|
|
25
|
+
- **Skills**: When instincts describe auto-triggered behaviors
|
|
26
|
+
- **Agents**: When instincts describe complex, multi-step processes
|
|
27
|
+
|
|
28
|
+
## Usage
|
|
29
|
+
|
|
30
|
+
```
|
|
31
|
+
/evolve # Analyze all instincts and suggest evolutions
|
|
32
|
+
/evolve --generate # Also generate files under evolved/{skills,commands,agents}
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
## Evolution Rules
|
|
36
|
+
|
|
37
|
+
### → Command (User-Invoked)
|
|
38
|
+
When instincts describe actions a user would explicitly request:
|
|
39
|
+
- Multiple instincts about "when user asks to..."
|
|
40
|
+
- Instincts with triggers like "when creating a new X"
|
|
41
|
+
- Instincts that follow a repeatable sequence
|
|
42
|
+
|
|
43
|
+
Example:
|
|
44
|
+
- `new-table-step1`: "when adding a database table, create migration"
|
|
45
|
+
- `new-table-step2`: "when adding a database table, update schema"
|
|
46
|
+
- `new-table-step3`: "when adding a database table, regenerate types"
|
|
47
|
+
|
|
48
|
+
→ Creates: **new-table** command
|
|
49
|
+
|
|
50
|
+
### → Skill (Auto-Triggered)
|
|
51
|
+
When instincts describe behaviors that should happen automatically:
|
|
52
|
+
- Pattern-matching triggers
|
|
53
|
+
- Error handling responses
|
|
54
|
+
- Code style enforcement
|
|
55
|
+
|
|
56
|
+
Example:
|
|
57
|
+
- `prefer-functional`: "when writing functions, prefer functional style"
|
|
58
|
+
- `use-immutable`: "when modifying state, use immutable patterns"
|
|
59
|
+
- `avoid-classes`: "when designing modules, avoid class-based design"
|
|
60
|
+
|
|
61
|
+
→ Creates: `functional-patterns` skill
|
|
62
|
+
|
|
63
|
+
### → Agent (Needs Depth/Isolation)
|
|
64
|
+
When instincts describe complex, multi-step processes that benefit from isolation:
|
|
65
|
+
- Debugging workflows
|
|
66
|
+
- Refactoring sequences
|
|
67
|
+
- Research tasks
|
|
68
|
+
|
|
69
|
+
Example:
|
|
70
|
+
- `debug-step1`: "when debugging, first check logs"
|
|
71
|
+
- `debug-step2`: "when debugging, isolate the failing component"
|
|
72
|
+
- `debug-step3`: "when debugging, create minimal reproduction"
|
|
73
|
+
- `debug-step4`: "when debugging, verify fix with test"
|
|
74
|
+
|
|
75
|
+
→ Creates: **debugger** agent
|
|
76
|
+
|
|
77
|
+
## What to Do
|
|
78
|
+
|
|
79
|
+
1. Detect current project context
|
|
80
|
+
2. Read project + global instincts (project takes precedence on ID conflicts)
|
|
81
|
+
3. Group instincts by trigger/domain patterns
|
|
82
|
+
4. Identify:
|
|
83
|
+
- Skill candidates (trigger clusters with 2+ instincts)
|
|
84
|
+
- Command candidates (high-confidence workflow instincts)
|
|
85
|
+
- Agent candidates (larger, high-confidence clusters)
|
|
86
|
+
5. Show promotion candidates (project -> global) when applicable
|
|
87
|
+
6. If `--generate` is passed, write files to:
|
|
88
|
+
- Project scope: `~/.claude/homunculus/projects/<project-id>/evolved/`
|
|
89
|
+
- Global fallback: `~/.claude/homunculus/evolved/`
|
|
90
|
+
|
|
91
|
+
## Output Format
|
|
92
|
+
|
|
93
|
+
```
|
|
94
|
+
============================================================
|
|
95
|
+
EVOLVE ANALYSIS - 12 instincts
|
|
96
|
+
Project: my-app (a1b2c3d4e5f6)
|
|
97
|
+
Project-scoped: 8 | Global: 4
|
|
98
|
+
============================================================
|
|
99
|
+
|
|
100
|
+
High confidence instincts (>=80%): 5
|
|
101
|
+
|
|
102
|
+
## SKILL CANDIDATES
|
|
103
|
+
1. Cluster: "adding tests"
|
|
104
|
+
Instincts: 3
|
|
105
|
+
Avg confidence: 82%
|
|
106
|
+
Domains: testing
|
|
107
|
+
Scopes: project
|
|
108
|
+
|
|
109
|
+
## COMMAND CANDIDATES (2)
|
|
110
|
+
/adding-tests
|
|
111
|
+
From: test-first-workflow [project]
|
|
112
|
+
Confidence: 84%
|
|
113
|
+
|
|
114
|
+
## AGENT CANDIDATES (1)
|
|
115
|
+
adding-tests-agent
|
|
116
|
+
Covers 3 instincts
|
|
117
|
+
Avg confidence: 82%
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
## Flags
|
|
121
|
+
|
|
122
|
+
- `--generate`: Generate evolved files in addition to analysis output
|
|
123
|
+
|
|
124
|
+
## Generated File Format
|
|
125
|
+
|
|
126
|
+
### Command
|
|
127
|
+
```markdown
|
|
128
|
+
---
|
|
129
|
+
name: new-table
|
|
130
|
+
description: Create a new database table with migration, schema update, and type generation
|
|
131
|
+
command: /new-table
|
|
132
|
+
evolved_from:
|
|
133
|
+
- new-table-migration
|
|
134
|
+
- update-schema
|
|
135
|
+
- regenerate-types
|
|
136
|
+
---
|
|
137
|
+
|
|
138
|
+
# New Table Command
|
|
139
|
+
|
|
140
|
+
[Generated content based on clustered instincts]
|
|
141
|
+
|
|
142
|
+
## Steps
|
|
143
|
+
1. ...
|
|
144
|
+
2. ...
|
|
145
|
+
```
|
|
146
|
+
|
|
147
|
+
### Skill
|
|
148
|
+
```markdown
|
|
149
|
+
---
|
|
150
|
+
name: functional-patterns
|
|
151
|
+
description: Enforce functional programming patterns
|
|
152
|
+
evolved_from:
|
|
153
|
+
- prefer-functional
|
|
154
|
+
- use-immutable
|
|
155
|
+
- avoid-classes
|
|
156
|
+
---
|
|
157
|
+
|
|
158
|
+
# Functional Patterns Skill
|
|
159
|
+
|
|
160
|
+
[Generated content based on clustered instincts]
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
### Agent
|
|
164
|
+
```markdown
|
|
165
|
+
---
|
|
166
|
+
name: debugger
|
|
167
|
+
description: Systematic debugging agent
|
|
168
|
+
model: sonnet
|
|
169
|
+
evolved_from:
|
|
170
|
+
- debug-check-logs
|
|
171
|
+
- debug-isolate
|
|
172
|
+
- debug-reproduce
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
# Debugger Agent
|
|
176
|
+
|
|
177
|
+
[Generated content based on clustered instincts]
|
|
178
|
+
```
|
|
@@ -0,0 +1,70 @@
|
|
|
1
|
+
# /learn - Extract Reusable Patterns
|
|
2
|
+
|
|
3
|
+
Analyze the current session and extract any patterns worth saving as skills.
|
|
4
|
+
|
|
5
|
+
## Trigger
|
|
6
|
+
|
|
7
|
+
Run `/learn` at any point during a session when you've solved a non-trivial problem.
|
|
8
|
+
|
|
9
|
+
## What to Extract
|
|
10
|
+
|
|
11
|
+
Look for:
|
|
12
|
+
|
|
13
|
+
1. **Error Resolution Patterns**
|
|
14
|
+
- What error occurred?
|
|
15
|
+
- What was the root cause?
|
|
16
|
+
- What fixed it?
|
|
17
|
+
- Is this reusable for similar errors?
|
|
18
|
+
|
|
19
|
+
2. **Debugging Techniques**
|
|
20
|
+
- Non-obvious debugging steps
|
|
21
|
+
- Tool combinations that worked
|
|
22
|
+
- Diagnostic patterns
|
|
23
|
+
|
|
24
|
+
3. **Workarounds**
|
|
25
|
+
- Library quirks
|
|
26
|
+
- API limitations
|
|
27
|
+
- Version-specific fixes
|
|
28
|
+
|
|
29
|
+
4. **Project-Specific Patterns**
|
|
30
|
+
- Codebase conventions discovered
|
|
31
|
+
- Architecture decisions made
|
|
32
|
+
- Integration patterns
|
|
33
|
+
|
|
34
|
+
## Output Format
|
|
35
|
+
|
|
36
|
+
Create a skill file at `~/.claude/skills/learned/[pattern-name].md`:
|
|
37
|
+
|
|
38
|
+
```markdown
|
|
39
|
+
# [Descriptive Pattern Name]
|
|
40
|
+
|
|
41
|
+
**Extracted:** [Date]
|
|
42
|
+
**Context:** [Brief description of when this applies]
|
|
43
|
+
|
|
44
|
+
## Problem
|
|
45
|
+
[What problem this solves - be specific]
|
|
46
|
+
|
|
47
|
+
## Solution
|
|
48
|
+
[The pattern/technique/workaround]
|
|
49
|
+
|
|
50
|
+
## Example
|
|
51
|
+
[Code example if applicable]
|
|
52
|
+
|
|
53
|
+
## When to Use
|
|
54
|
+
[Trigger conditions - what should activate this skill]
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
## Process
|
|
58
|
+
|
|
59
|
+
1. Review the session for extractable patterns
|
|
60
|
+
2. Identify the most valuable/reusable insight
|
|
61
|
+
3. Draft the skill file
|
|
62
|
+
4. Ask user to confirm before saving
|
|
63
|
+
5. Save to `~/.claude/skills/learned/`
|
|
64
|
+
|
|
65
|
+
## Notes
|
|
66
|
+
|
|
67
|
+
- Don't extract trivial fixes (typos, simple syntax errors)
|
|
68
|
+
- Don't extract one-time issues (specific API outages, etc.)
|
|
69
|
+
- Focus on patterns that will save time in future sessions
|
|
70
|
+
- Keep skills focused - one pattern per skill
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
# Model Route Command
|
|
2
|
+
|
|
3
|
+
Recommend the best model tier for the current task by complexity and budget.
|
|
4
|
+
|
|
5
|
+
## Usage
|
|
6
|
+
|
|
7
|
+
`/model-route [task-description] [--budget low|med|high]`
|
|
8
|
+
|
|
9
|
+
## Routing Heuristic
|
|
10
|
+
|
|
11
|
+
- `haiku`: deterministic, low-risk mechanical changes
|
|
12
|
+
- `sonnet`: default for implementation and refactors
|
|
13
|
+
- `opus`: architecture, deep review, ambiguous requirements
|
|
14
|
+
|
|
15
|
+
## Required Output
|
|
16
|
+
|
|
17
|
+
- recommended model
|
|
18
|
+
- confidence level
|
|
19
|
+
- why this model fits
|
|
20
|
+
- fallback model if first attempt fails
|
|
21
|
+
|
|
22
|
+
## Arguments
|
|
23
|
+
|
|
24
|
+
$ARGUMENTS:
|
|
25
|
+
- `[task-description]` optional free-text
|
|
26
|
+
- `--budget low|med|high` optional
|
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
# Quality Gate Command
|
|
2
|
+
|
|
3
|
+
Run the ECC quality pipeline on demand for a file or project scope.
|
|
4
|
+
|
|
5
|
+
## Usage
|
|
6
|
+
|
|
7
|
+
`/quality-gate [path|.] [--fix] [--strict]`
|
|
8
|
+
|
|
9
|
+
- default target: current directory (`.`)
|
|
10
|
+
- `--fix`: allow auto-format/fix where configured
|
|
11
|
+
- `--strict`: fail on warnings where supported
|
|
12
|
+
|
|
13
|
+
## Pipeline
|
|
14
|
+
|
|
15
|
+
1. Detect language/tooling for target.
|
|
16
|
+
2. Run formatter checks.
|
|
17
|
+
3. Run lint/type checks when available.
|
|
18
|
+
4. Produce a concise remediation list.
|
|
19
|
+
|
|
20
|
+
## Notes
|
|
21
|
+
|
|
22
|
+
This command mirrors hook behavior but is operator-invoked.
|
|
23
|
+
|
|
24
|
+
## Arguments
|
|
25
|
+
|
|
26
|
+
$ARGUMENTS:
|
|
27
|
+
- `[path|.]` optional target path
|
|
28
|
+
- `--fix` optional
|
|
29
|
+
- `--strict` optional
|