moicle 2.3.0 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (32) hide show
  1. package/README.md +36 -47
  2. package/assets/commands/marketing.md +6 -6
  3. package/assets/skills/docs/sync/SKILL.md +195 -157
  4. package/assets/skills/feature/build/SKILL.md +891 -0
  5. package/assets/skills/feature/track/SKILL.md +157 -0
  6. package/assets/skills/fix/bug/SKILL.md +449 -0
  7. package/assets/skills/fix/incident/SKILL.md +6 -6
  8. package/assets/skills/marketing/brand/SKILL.md +304 -0
  9. package/assets/skills/marketing/content/SKILL.md +199 -141
  10. package/assets/skills/research/explore/SKILL.md +392 -0
  11. package/assets/skills/review/code/SKILL.md +622 -0
  12. package/dist/commands/install/usage.js +2 -2
  13. package/dist/commands/install/usage.js.map +1 -1
  14. package/package.json +1 -1
  15. package/assets/skills/docs/write/SKILL.md +0 -274
  16. package/assets/skills/feature/api/SKILL.md +0 -277
  17. package/assets/skills/feature/deprecate/SKILL.md +0 -276
  18. package/assets/skills/feature/new/SKILL.md +0 -273
  19. package/assets/skills/feature/refactor/SKILL.md +0 -269
  20. package/assets/skills/fix/hotfix/SKILL.md +0 -233
  21. package/assets/skills/fix/pr-comment/SKILL.md +0 -186
  22. package/assets/skills/fix/root-cause/SKILL.md +0 -276
  23. package/assets/skills/marketing/logo/SKILL.md +0 -252
  24. package/assets/skills/marketing/seo-blog/SKILL.md +0 -367
  25. package/assets/skills/marketing/video/SKILL.md +0 -258
  26. package/assets/skills/research/onboarding/SKILL.md +0 -225
  27. package/assets/skills/research/spike/SKILL.md +0 -228
  28. package/assets/skills/research/web/SKILL.md +0 -204
  29. package/assets/skills/review/architect/SKILL.md +0 -274
  30. package/assets/skills/review/branch/SKILL.md +0 -277
  31. package/assets/skills/review/pr/SKILL.md +0 -231
  32. package/assets/skills/review/tdd/SKILL.md +0 -245
@@ -0,0 +1,157 @@
1
+ ---
2
+ name: feature-track
3
+ description: Tracked development loop — first brainstorm + plan and get user approval, THEN checkout a branch, build a task checklist, and loop each item through test → implement → verify → fix → mark done → commit (one commit per item). Use when user says "bắt đầu loop", "làm track này", "tracked loop", "checklist driven dev", "run the loop", "checkout branch and start track", "brainstorm rồi làm track", "implement with checklist and commit per task".
4
+ args: "[TASK_DESCRIPTION]"
5
+ ---
6
+
7
+ # Tracked Development Loop
8
+
9
+ Run a multi-step task as a controlled loop: **brainstorm + plan first, get approval, THEN** checkout a branch, turn the plan into a task checklist, and drive each item through test → implement → verify → fix → mark done → commit — **one commit per item**.
10
+
11
+ **ARGUMENTS:** `<task description>` — e.g., `wallet savings account`, `add rate limiting to auth`, `migrate orders module to events`
12
+
13
+ ## When to use this skill
14
+
15
+ - ✅ A task that splits into several verifiable steps you want to drive as a checklist
16
+ - ✅ You want a clean history — one commit per completed step, easy to revert
17
+ - ✅ You want test-first discipline on each step, on a dedicated branch
18
+ - ❌ One-line / obvious change → just do it
19
+ - ❌ Urgent production bug → use `/fix-bug` (QUICK mode)
20
+ - ❌ Single full DDD feature across all layers → use `/feature-build` (NEW mode)
21
+ - ❌ Driving ONE unit test-first with no branch/checklist → use `/review-code` (TDD mode)
22
+
23
+ ## Read Architecture First
24
+
25
+ Detect stack via `~/.claude/architecture/_shared/stack-detection.md`. The stack doc tells you:
26
+ - Test command + test file location convention
27
+ - Build + lint commands (for the VERIFY step)
28
+ - Mocking pattern for ports / dependencies
29
+
30
+ ---
31
+
32
+ ## Workflow
33
+
34
+ ```
35
+ 0 BRAINSTORM & PLAN ─▶ [USER APPROVES] ─▶ 1 SETUP ─▶ ┌─ 2 LOOP per item ──────────────────────┐ ─▶ 3 REPORT
36
+ (understand, /brainstorm,(last step of (branch + │ TEST → IMPLEMENT → VERIFY → FIX → │
37
+ plan + draft checklist) planning) checklist) │ MARK DONE → COMMIT │
38
+ │ └ fail ─▶ FIX ─▶ VERIFY (to pass) │
39
+ └─────────── next pending item ──────────┘
40
+ ```
41
+
42
+ > Core rule: **brainstorm and plan, the LAST planning step is user approval, THEN start the loop.** Never jump straight to branch/checklist.
43
+
44
+ ---
45
+
46
+ ## Phase 0: BRAINSTORM & PLAN
47
+
48
+ **Goal:** understand the task, pick the simplest viable approach, draft the checklist — and get the user to approve before touching anything.
49
+
50
+ ### Steps
51
+ 1. **Detect stack** — load the matching architecture doc for test/build/lint commands and conventions.
52
+ 2. **Understand the task** — read the relevant code/context. If `[TASK_DESCRIPTION]` is ambiguous (scope, acceptance criteria, edge cases), ask to clarify (AskUserQuestion). Don't assume.
53
+ 3. **Brainstorm the approach — invoke `/brainstorm`** to generate and compare options for the task (First Principles, SCAMPER, Working Backwards, 5 Whys…), then pick the simplest that works. For a trivial/obvious task a quick single-framework pass is enough — don't overengineer, but don't skip the step.
54
+ 4. **Draft the plan** — settle:
55
+ - the chosen approach,
56
+ - a proposed branch name (`feat/<slug>`),
57
+ - the **draft checklist** — each item = one verifiable unit = one test passing + one commit,
58
+ - files affected + how each item is tested.
59
+ 5. **Present the plan and WAIT for approval.** This is the last step of planning. No branch, no code, no `TaskCreate` yet.
60
+
61
+ ### Gate
62
+ - [ ] Stack detected
63
+ - [ ] Requirements clear (clarified if they weren't)
64
+ - [ ] Approach brainstormed via `/brainstorm` (simplest viable picked)
65
+ - [ ] Plan + draft checklist presented
66
+ - [ ] **User APPROVED the plan**
67
+
68
+ ---
69
+
70
+ ## Phase 1: SETUP
71
+
72
+ **Goal:** turn the approved plan into a branch + a live checklist. Runs only AFTER approval.
73
+
74
+ ### Steps
75
+ 1. **Checkout a new branch** with the approved name (`feat/<slug>`) off the current base. Never run the loop on `master` / `main`.
76
+ 2. **Create the checklist** with `TaskCreate` — one task per checklist item, in order, matching the approved plan.
77
+
78
+ ### Gate
79
+ - [ ] New branch created and checked out
80
+ - [ ] Checklist created via `TaskCreate`, matching the approved plan
81
+
82
+ ---
83
+
84
+ ## Phase 2: LOOP (per item)
85
+
86
+ Take the next `pending` item from the task list and run it through the full cycle. Repeat until no `pending` items remain.
87
+
88
+ 1. **MARK IN_PROGRESS** — `TaskUpdate` the item → `in_progress`.
89
+ 2. **TEST (RED)** — write a unit test describing the item's behavior. Run it and confirm it **fails for the right reason** (code missing / assertion fails), not a typo or import error.
90
+ 3. **IMPLEMENT (GREEN)** — write the minimal code to make the test pass. Follow an existing reference module so it matches the codebase style.
91
+ 4. **VERIFY** — actually run it: the item's test + build + lint (commands per stack). Never claim pass without running.
92
+ 5. **FIX** — if anything fails, fix at the **root, never swallow the error** (handle exceptions explicitly — no empty catch). Then go back to VERIFY until green.
93
+ 6. **MARK DONE** — `TaskUpdate` the item → `completed`.
94
+ 7. **COMMIT** — commit just this item with a conventional message (`feat:` / `fix:` / `test:` / `refactor:` …). Commit only — **do not push automatically**.
95
+
96
+ ### Gate (per item, before moving on)
97
+ - [ ] Test green
98
+ - [ ] Build + lint green
99
+ - [ ] Task marked `completed`
100
+ - [ ] Item committed (one commit)
101
+
102
+ ---
103
+
104
+ ## Phase 3: Final Report
105
+
106
+ ```markdown
107
+ ## Track Complete: {task}
108
+
109
+ Branch: `feat/{slug}`
110
+
111
+ | # | Item | Test(s) | Commit | Status |
112
+ |---|------|---------|--------|--------|
113
+ | 1 | {item} | {test name} | {hash} `feat: …` | ✅ |
114
+ | 2 | {item} | {test name} | {hash} `feat: …` | ✅ |
115
+
116
+ ### Totals
117
+ - Items: {N} done / {N}
118
+ - Commits: {N}
119
+ - Tests added: {N}, all green
120
+
121
+ ### Next
122
+ - Push + open PR, or run `/review-code` (SELF mode) first
123
+ ```
124
+
125
+ ---
126
+
127
+ ## Hard Rules
128
+
129
+ - **Plan + user approval FIRST** — no branch, no code until the plan is approved.
130
+ - **Branch first** — never run the loop on `master` / `main`.
131
+ - **RED before GREEN** — no production code that a failing test didn't drive.
132
+ - **Verify by running real commands** — never assert pass from inspection alone.
133
+ - **Never swallow errors** in FIX — handle exceptions explicitly, fix the root cause.
134
+ - **One commit per item** — don't squash steps together, don't push automatically.
135
+ - **DB operations (migrate / seed / drop)** inside any item: **CONFIRM with the user before running — every time, even if a previous item was already confirmed.**
136
+ - **Simple first** — don't overengineer an item.
137
+
138
+ ---
139
+
140
+ ## Related Skills
141
+
142
+ | When | Use |
143
+ |------|-----|
144
+ | Need idea frameworks for Phase 0 | `/brainstorm` |
145
+ | Drive ONE unit deeper test-first | `/review-code` (TDD mode) |
146
+ | Full DDD feature across all layers | `/feature-build` (NEW mode) |
147
+ | Self-review the branch after the loop | `/review-code` (SELF mode) |
148
+ | Urgent prod bug, no checklist | `/fix-bug` (QUICK mode) |
149
+
150
+ ## Recommended Agents
151
+
152
+ | Phase | Agent | Purpose |
153
+ |-------|-------|---------|
154
+ | BRAINSTORM / PLAN | `@clean-architect` | Approach + decomposition |
155
+ | TEST | `@test-writer` | Failing test per item |
156
+ | IMPLEMENT | Stack-specific dev agent | Minimal implementation |
157
+ | VERIFY / FIX | `@code-reviewer` | Catch issues before commit |
@@ -0,0 +1,449 @@
1
+ ---
2
+ name: fix-bug
3
+ description: Bug fixing workflow with two depths — QUICK (fast fix + rollback plan when cause is clear) and DEEP (systematic root-cause investigation for hard, intermittent, or recurring bugs). Use when fixing bugs, hotfixes, urgent issues, production bugs, or when user says "fix bug", "hotfix", "urgent fix", "production issue", "deep debug", "deep-debug", "trace bug", "find root cause", "hard bug", "investigate bug".
4
+ args: "[MODE]"
5
+ ---
6
+
7
+ # Bug Fix Workflow
8
+
9
+ One skill, two depths. Start in **QUICK** when the cause is clear; escalate to **DEEP** when it isn't.
10
+
11
+ ## Pick your mode
12
+
13
+ | Situation | Mode | Jump to |
14
+ |-----------|------|---------|
15
+ | Bug is reproducible and root cause is clear (or identifiable in <1h) | **QUICK** | [Mode QUICK](#mode-quick) |
16
+ | Bug keeps returning after "fixes", intermittent, vendor internals, race condition, prod ≠ local | **DEEP** | [Mode DEEP](#mode-deep) |
17
+
18
+ **Escalation rule:** if in QUICK mode the 5 Whys don't converge, or repro fails because it's environment/state-specific → switch to DEEP.
19
+
20
+ - ❌ Production is down right now → use `/fix-incident` first (triage + comms), then come back here.
21
+ - ❌ Bug is on an open PR review → use `/review-code` (ADDRESS mode).
22
+ - ❌ Building a new feature → use `/feature-build` (NEW mode).
23
+
24
+ ## Read Architecture First (both modes)
25
+
26
+ Read `ddd-architecture.md` + the stack-specific doc — the fix must land in the right layer (usecase / handler / infra) per architecture rules. Severity definitions: `~/.claude/architecture/_shared/severity-levels.md` (incident table). QUICK typically covers P2-P4; P1 → start with `/fix-incident`.
27
+
28
+ ---
29
+ ---
30
+
31
+ # Mode QUICK
32
+
33
+ Fast-track bug fix with a rollback plan. Use when the cause is identifiable in under an hour of investigation.
34
+
35
+ ## When to use
36
+
37
+ - ✅ Bug is reproducible and root cause is clear (or quickly identifiable)
38
+ - ✅ Need a fix shipped fast with a rollback plan
39
+ - ✅ Severity ranges from low (minor UI) to high (feature broken)
40
+ - ❌ Production is down right now → use `/fix-incident` first
41
+ - ❌ Bug has been "fixed" multiple times and keeps returning → switch to **Mode DEEP**
42
+
43
+ ## Workflow
44
+
45
+ ```
46
+ IDENTIFY → REPRODUCE → FIX → VERIFY → DEPLOY
47
+ ↑ ↓
48
+ └── ROLLBACK (if needed)
49
+ ```
50
+
51
+ ## Phase 1: IDENTIFY (≤15 min)
52
+
53
+ **Goal:** capture exactly what's broken — no speculation.
54
+
55
+ ### Capture
56
+ - Error message / stack trace (verbatim)
57
+ - Steps to reproduce
58
+ - Expected vs actual behavior
59
+ - Environment (prod / staging / dev)
60
+ - Affected users (all / subset / specific tenant)
61
+ - Recent deploys / config changes (last 24-48h)
62
+
63
+ ### 5 Whys (worked example)
64
+ > Q1: Why does checkout fail? A1: `OrderService.calculate` returns NaN.
65
+ > Q2: Why NaN? A2: `quantity * price` where price is undefined.
66
+ > Q3: Why undefined? A3: New SKUs from supplier feed have null price.
67
+ > Q4: Why null? A4: Feed schema added optional `price` field, defaulted to null.
68
+ > Q5: Why didn't validation catch it? A5: Import worker skips schema validation for "perf".
69
+
70
+ → Root cause: skipped validation in import worker. Fix at the import boundary, not in checkout.
71
+
72
+ ### Gate
73
+ - [ ] Error captured verbatim
74
+ - [ ] Reproduction steps known (or "intermittent" noted)
75
+ - [ ] Severity assigned (P2 / P3 / P4)
76
+ - [ ] Root cause identified (switch to **Mode DEEP** if 5 Whys doesn't converge)
77
+
78
+ ## Phase 2: REPRODUCE (≤30 min)
79
+
80
+ **Goal:** reproduce locally before changing any code.
81
+
82
+ ### Steps
83
+ 1. Check out the deployed commit (NOT main if main has drifted)
84
+ 2. Reproduce with the exact data / inputs from Phase 1
85
+ 3. If you can't reproduce → it's environment-specific. Check:
86
+ - Env vars on prod vs local
87
+ - DB state / data shape
88
+ - Cache / CDN state
89
+ - Runtime version differences
90
+
91
+ ### Gate
92
+ - [ ] Reproduced locally on the deployed commit
93
+ - [ ] OR documented why local reproduction is impossible + plan to test on staging
94
+
95
+ ## Phase 3: FIX
96
+
97
+ **Goal:** smallest correct change at the right layer.
98
+
99
+ ### Rules
100
+ - Fix at the **root cause**, not the symptom
101
+ - Land the fix in the right layer (boundary validation → handler/DTO; business rule → usecase; data shape → infra mapper)
102
+ - **Add a regression test first** (RED), then make it pass (GREEN). See `/review-code` (TDD mode).
103
+ - Don't refactor on the fix — separate PR
104
+ - If the fix requires schema migration, plan it as 2 deploys (compatible code first, then migration)
105
+
106
+ ### Boundary defense
107
+ For data-shape bugs (null where not expected, type mismatch from external API): defend at the **trust boundary** (handler / adapter), not inside business logic.
108
+
109
+ ### Gate
110
+ - [ ] Regression test added (red → green)
111
+ - [ ] Fix is in the right layer (per architecture)
112
+ - [ ] No unrelated changes in the PR
113
+ - [ ] Existing tests still pass
114
+
115
+ ## Phase 4: VERIFY
116
+
117
+ **Goal:** confirm fix works without breaking other paths.
118
+
119
+ ### Local
120
+ - [ ] Original failure no longer reproducible
121
+ - [ ] All tests pass (`{test command}`)
122
+ - [ ] Linter clean
123
+ - [ ] Build green
124
+
125
+ ### Staging (if available)
126
+ - [ ] Deploy to staging
127
+ - [ ] Reproduce the failure scenario — should pass
128
+ - [ ] Smoke-test adjacent features (anything sharing the code path)
129
+ - [ ] Monitor logs for 5-15 min
130
+
131
+ ### Gate
132
+ - [ ] Local + staging both verified
133
+ - [ ] No regressions in adjacent features
134
+
135
+ ## Phase 5: DEPLOY
136
+
137
+ ### Pre-deploy checklist
138
+ - [ ] PR reviewed (`/review-code` SELF + a teammate's PR review)
139
+ - [ ] Rollback plan documented (see below)
140
+ - [ ] On-call notified
141
+ - [ ] CHANGELOG entry
142
+
143
+ ### Rollback plan
144
+ Document **before** deploying:
145
+ - Rollback method: `revert PR` / `redeploy commit {sha}` / `feature flag off` / `DB migration down`
146
+ - Estimated rollback time
147
+ - Who has authority to roll back (usually IC or on-call)
148
+ - Signal to roll back (specific metric + threshold)
149
+
150
+ ### Deploy steps
151
+ 1. Deploy via normal pipeline (don't skip CI even under pressure)
152
+ 2. Watch metrics + logs for the symptom + adjacent code paths
153
+ 3. Hold deploy attention for at least 1× normal request cycle (15-30 min)
154
+
155
+ ### Gate
156
+ - [ ] Deployed successfully
157
+ - [ ] Symptom no longer occurring
158
+ - [ ] No new errors in monitoring
159
+ - [ ] Stakeholders notified
160
+
161
+ ## Phase 6: ROLLBACK (if Phase 5 verify fails)
162
+
163
+ ### When to roll back
164
+ - Error rate increases post-deploy
165
+ - New error type appears
166
+ - Adjacent feature breaks
167
+ - Performance degrades meaningfully
168
+
169
+ ### How
170
+ 1. Announce: "Rolling back {fix} in 60s due to {observation}"
171
+ 2. Execute: revert / redeploy previous / flip flag / migration down
172
+ 3. Verify rollback: metrics return to baseline
173
+ 4. Post-mortem the rollback — what was missed in Phase 3/4?
174
+
175
+ ## Final Report (QUICK)
176
+
177
+ ```markdown
178
+ ## Hotfix: {short description}
179
+
180
+ ### Root cause
181
+ {From Phase 1, 5 Whys final answer}
182
+
183
+ ### Fix
184
+ - File: `path/to/file:line` · Layer: {handler / usecase / infra}
185
+ - Approach: {boundary defense / logic correction / data migration}
186
+
187
+ ### Tests
188
+ - Regression test: {file:line} — all tests passing
189
+
190
+ ### Deploy
191
+ - Deployed: {timestamp} · Verified: {timestamp + how}
192
+ - Rollback plan: {revert / redeploy / flag / migration}
193
+
194
+ ### Severity: {P2 / P3 / P4} · Status: SHIPPED ✅ (or ROLLED BACK + reason)
195
+ ```
196
+
197
+ ---
198
+ ---
199
+
200
+ # Mode DEEP
201
+
202
+ For bugs that have been "fixed" multiple times and keep coming back, intermittent bugs, or errors deep inside vendor code. **Do not guess** — trace step by step.
203
+
204
+ ## When to use
205
+
206
+ - ✅ Same bug returns after multiple "fixes"
207
+ - ✅ "Sometimes works, sometimes doesn't" — likely hidden state
208
+ - ✅ Error inside vendor / framework internals
209
+ - ✅ Local vs production behavior differs
210
+ - ✅ Race condition / concurrency suspected
211
+ - ❌ Bug is well understood, just needs a fix → **Mode QUICK**
212
+ - ❌ Production is down with user impact → `/fix-incident` first, then this mode
213
+
214
+ ## Workflow
215
+
216
+ ```
217
+ COLLECT → VERIFY → TRACE → ROOT CAUSE → CHECK HIDDEN STATE → FIX → VERIFY
218
+ ```
219
+
220
+ **Time budget:** if you've traced for >2 hours with no convergence → stop, write down what you know, ask a teammate. Rabbit holes are real.
221
+
222
+ ## Step 1: COLLECT — capture evidence exactly
223
+
224
+ Record **verbatim**, do not interpret:
225
+
226
+ - Exact error message (copy-paste, don't paraphrase)
227
+ - Stack trace: file, line, full call chain
228
+ - Affected environment (prod / staging / local)
229
+ - Frequency: always / intermittent / specific input / specific user
230
+ - Timing: started exactly when? aligns with a deploy / cron / data change?
231
+
232
+ ### Gate
233
+ - [ ] Error captured verbatim
234
+ - [ ] Stack trace captured (or noted absent)
235
+ - [ ] Frequency known
236
+ - [ ] Timing noted (helps narrow "what changed")
237
+
238
+ ## Step 2: VERIFY — running code = local code?
239
+
240
+ Do NOT assume prod = local.
241
+
242
+ - Identify the deployed commit
243
+ - `git diff` deployed vs local
244
+ - If they differ → read the deployed version before reasoning further
245
+ - Container / image involved? Verify the image tag, not just the source
246
+
247
+ ### Gate
248
+ - [ ] Deployed commit identified
249
+ - [ ] Local checkout matches OR differences understood
250
+
251
+ ## Step 3: TRACE — entry to failure, every step
252
+
253
+ The single most important step. Skip nothing.
254
+
255
+ ### 3a. Entry → error line
256
+ - Where does the request / event / job enter? (route, listener, cron, queue handler)
257
+ - Which function calls which? Follow stack trace exactly
258
+ - How does data flow between layers?
259
+
260
+ ### 3b. Where does faulty data come from?
261
+ - Created locally or loaded from DB / API / cache / session?
262
+ - Goes through serialize / deserialize?
263
+ - Goes through any transform / map / cast?
264
+
265
+ ### 3c. Type + state at the moment of failure
266
+ - Actual runtime type (use a debugger or log)
267
+ - Expected type
268
+ - Why do they differ?
269
+
270
+ ### 3d. Vendor / framework internals
271
+ - Open the vendor source at the EXACT line from the stack trace
272
+ - Trace backwards: who calls this method, with what args?
273
+ - What condition routes execution into the failing branch?
274
+
275
+ ### Debugging tools
276
+
277
+ Use the right tool, not just `console.log`:
278
+
279
+ | Tool | When |
280
+ |------|------|
281
+ | **Debugger breakpoint** | Step through suspect code, inspect locals |
282
+ | **Conditional breakpoint** | Stop only when `x == nil` / `id == 42` |
283
+ | **Logpoint** (debugger) | Inject log without modifying source — useful in prod-like envs |
284
+ | **Memory / heap profiler** | Suspected memory leak or unbounded growth |
285
+ | **CPU profiler** | Slow path / hot loop |
286
+ | **Network trace** (Wireshark, browser devtools) | Wire-level issue with external API |
287
+ | **strace / dtruss** | Syscall-level (file, network) on Unix |
288
+ | **Time-travel debugger** (rr, Replay) | Hard non-determinism, race conditions |
289
+ | **Distributed tracing** (OpenTelemetry, Jaeger) | Cross-service latency or error origin |
290
+
291
+ ### Gate
292
+ - [ ] Full call chain documented
293
+ - [ ] Source of faulty data identified
294
+ - [ ] Actual vs expected type / state recorded
295
+
296
+ ## Step 4: ROOT CAUSE — answer 3 questions
297
+
298
+ 1. **Why does it fail?** — the specific technical cause
299
+ 2. **Why didn't it fail before?** — what changed (deploy, dep, data shape, config, traffic)
300
+ 3. **Reproduction conditions?** — exact inputs / state that trigger it
301
+
302
+ If you cannot answer all 3 → return to Step 3.
303
+
304
+ ### Gate
305
+ - [ ] All 3 questions answered with **evidence**, not speculation
306
+
307
+ ## Step 5: HIDDEN STATE — check 6 sources
308
+
309
+ "Sometimes works, sometimes doesn't" bugs live here.
310
+
311
+ ### 5a. Cache / serialization
312
+ - Cached object lost transient fields / lazy-loaded properties?
313
+ - Stale cache has OLD shape; new code expects NEW shape?
314
+ - Serialize / deserialize changes types? (int↔float, null handling, enum↔string, date timezone)
315
+
316
+ ### 5b. Database / storage
317
+ - Collation / encoding affecting comparisons (e.g., case-insensitive collation hiding duplicates)?
318
+ - DB default values mismatch with code expectations (null vs empty string)?
319
+ - Schema on prod vs schema in code (migration not applied)?
320
+ - **Read replica lag** — write to primary, read from replica returns stale data?
321
+
322
+ ### 5c. Concurrency / async
323
+ - **Race condition** — two requests modifying shared state simultaneously
324
+ - **Deadlock / livelock** — lock acquired but never released
325
+ - **Goroutine / async leak** — handler returned but background work continues
326
+ - **Request context cancelled** while async work depended on it
327
+ - **Channel / queue overflow** — messages dropped silently
328
+ - Use logs with nanosecond timestamps + request IDs to reconstruct the timeline
329
+
330
+ ### 5d. Runtime / compiled cache
331
+ - OPcache / bytecode cache serving old file
332
+ - Compiled config / routes / views not cleared after deploy
333
+ - CDN / proxy cache serving stale asset
334
+ - Browser cache / service worker
335
+
336
+ ### 5e. Environment
337
+ - Env vars on prod correct + complete?
338
+ - Runtime version (Node 20 vs 18, Go 1.22 vs 1.21) differs from local?
339
+ - Dependency versions differ (lockfile drift, transitive update)?
340
+
341
+ ### 5f. Multi-tenancy (SaaS-specific)
342
+ - **Tenant ID leak** — query missing `WHERE tenant_id = ?`
343
+ - Cache key missing tenant prefix → tenant A sees tenant B's data
344
+ - Background job inherits wrong tenant context
345
+ - Connection pool reused across tenants without reset
346
+
347
+ ### Gate
348
+ - [ ] All 6 categories considered (write N/A if not applicable)
349
+ - [ ] At least one category identified as the hidden state source (or explicitly ruled out)
350
+
351
+ ## Step 6: FIX
352
+
353
+ Only after Step 4 is answered. The fix MUST:
354
+
355
+ - Address **root cause**, not symptom
356
+ - Be defensive at **trust boundaries** (cache, DB, external API, user input) — NOT in internal logic
357
+ - Handle the specific edge case found, without breaking the normal path
358
+ - Be small + reviewable
359
+ - Land in the correct layer (per `~/.claude/architecture/ddd-architecture.md`)
360
+
361
+ ### Boundary defense pattern
362
+ For data-shape bugs from external sources: validate / coerce at the adapter, not inside business logic.
363
+
364
+ ### Gate
365
+ - [ ] Fix targets root cause
366
+ - [ ] Defended at the boundary
367
+ - [ ] Normal code path not regressed
368
+
369
+ ## Step 7: VERIFY
370
+
371
+ - Reproduce the Step 4 conditions → confirm fix works
372
+ - Normal code path still works
373
+ - Cache-related → test fresh load AND cached load
374
+ - Concurrency-related → reproduce under **load test** (10-100x normal concurrency)
375
+ - Verify against the deployed version (repeat Step 2)
376
+ - Add a **regression test** in the appropriate layer
377
+
378
+ ### Gate
379
+ - [ ] Original failure no longer reproducible
380
+ - [ ] Normal flow works
381
+ - [ ] Cached / serialized paths both work (if applicable)
382
+ - [ ] Load-tested if concurrency-related
383
+ - [ ] Regression test added
384
+
385
+ ## Final Report (DEEP)
386
+
387
+ ```markdown
388
+ ## Bug: {short description}
389
+
390
+ ### Root Cause
391
+ {Specific technical cause from Step 4 Q1}
392
+
393
+ ### Why it didn't fail before
394
+ {What changed: deploy / dependency / data shape / config / traffic / runtime}
395
+
396
+ ### Reproduction
397
+ {Exact steps + data + environment}
398
+
399
+ ### Hidden state source
400
+ {Cache / DB / Concurrency / Runtime / Env / Multi-tenant — or "none"}
401
+
402
+ ### Fix
403
+ - File: `path/to/file:line` · Layer: {handler / usecase / infra adapter}
404
+ - Approach: {boundary defense / type coercion / locking / cache invalidation / etc.}
405
+ - Why this is root-cause, not symptom: {explanation}
406
+
407
+ ### Regression test
408
+ - File: `path/to/test:line` — reproduces the original failure when fix removed
409
+
410
+ ### Verification
411
+ - [x] Original failure no longer reproducible [x] Normal path works
412
+ - [x] Cached path works (if applicable) [x] Load tested (if concurrency-related)
413
+ ```
414
+
415
+ ---
416
+ ---
417
+
418
+ ## Hard Rules (both modes)
419
+
420
+ - **Reproduce before fixing** — no fix lands without local repro (or a documented reason + staging plan).
421
+ - **DO NOT GUESS / DO NOT FIX BEFORE UNDERSTANDING** — trace evidence, never infer from variable names; premature fix = new bug.
422
+ - **VERIFY DEPLOYED CODE** — never assume prod = local.
423
+ - **Fix at the root, not the symptom** — patching the symptom invites the bug back; defend at trust boundaries.
424
+ - **Regression test required** — every fix gets a test that would have caught it.
425
+ - **No drive-by refactor** — fix PR is focused; refactor goes in a separate PR.
426
+ - **Always have a rollback plan** documented before deploy; don't skip CI under pressure.
427
+ - **DEEP specifics:** check cache first for intermittent bugs; check multi-tenancy if SaaS; one root cause per bug; time-box investigation to ~2h before asking for help.
428
+
429
+ ## Related Skills
430
+
431
+ | When | Use |
432
+ |------|-----|
433
+ | Production is down right now | `/fix-incident` first, then this skill |
434
+ | Bug is on an open PR | `/review-code` (ADDRESS mode) |
435
+ | Need to write regression test first | `/review-code` (TDD mode) |
436
+ | Self-review before opening PR | `/review-code` (SELF mode) |
437
+ | Research how others solved similar bugs | `/research-explore` (WEB mode) |
438
+
439
+ ## Recommended Agents
440
+
441
+ | Phase / Mode | Agent | Purpose |
442
+ |--------------|-------|---------|
443
+ | IDENTIFY / TRACE | Stack-specific dev agent, `@code-reviewer` | Read error context / independent call-chain reading |
444
+ | Hidden state — DB | `@db-designer` | Schema, indexes, collation, replication |
445
+ | Hidden state — concurrency | `@perf-optimizer` | Race, deadlock, async leak |
446
+ | Hidden state — security/tenancy | `@security-audit` | Tenant isolation, auth context |
447
+ | FIX | Stack-specific dev agent, `@security-audit` | Boundary-defensive fix / security bugs |
448
+ | VERIFY | `@test-writer`, `@code-reviewer` | Regression test + quick review |
449
+ | DEPLOY | `@devops` | CI/CD + monitoring |
@@ -12,8 +12,8 @@ Structured workflow for handling production incidents from triage to postmortem.
12
12
  - ✅ Production is down or degraded right now
13
13
  - ✅ Users are impacted, on-call has been paged
14
14
  - ✅ Need to coordinate response, mitigation, comms, and postmortem
15
- - ❌ Bug is reported but no users impacted → use `/fix-hotfix`
16
- - ❌ Already mitigated, need to find root cause → use `/fix-root-cause`
15
+ - ❌ Bug is reported but no users impacted → use `/fix-bug` (QUICK mode)
16
+ - ❌ Already mitigated, need to find root cause → use `/fix-bug` (DEEP mode)
17
17
  - ❌ Postmortem only, no active incident → jump to Phase 5
18
18
 
19
19
  ---
@@ -205,7 +205,7 @@ Live walkthrough (5-10 min): outgoing IC walks incoming IC through the timeline
205
205
  **Goal:** apply the permanent fix and verify.
206
206
 
207
207
  ### Actions
208
- 1. Confirm root cause (use `/fix-root-cause` workflow if not obvious)
208
+ 1. Confirm root cause (use `/fix-bug` DEEP mode if not obvious)
209
209
  2. Implement permanent fix following stack architecture
210
210
  3. Add test that would have caught this
211
211
  4. Deploy fix through normal pipeline (don't skip CI even under pressure — unless explicitly authorized)
@@ -340,10 +340,10 @@ Postmortem: {date} — link to come
340
340
 
341
341
  | When | Use |
342
342
  |------|-----|
343
- | Bug reported but no active incident | `/fix-hotfix` |
344
- | Root cause unclear, need deep investigation | `/fix-root-cause` |
343
+ | Bug reported but no active incident | `/fix-bug` (QUICK mode) |
344
+ | Root cause unclear, need deep investigation | `/fix-bug` (DEEP mode) |
345
345
  | Need to roll back deployment | (use ops runbook, not a skill) |
346
- | Documenting postmortem as a doc | `/docs-write` |
346
+ | Documenting postmortem as a doc | `/docs-sync` (SINGLE mode) |
347
347
 
348
348
  ---
349
349