swe-workflow-skills 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -17
- package/VERSION +1 -1
- package/catalog.json +95 -5
- package/package.json +1 -1
- package/roles.json +58 -7
- package/skills/ai-evaluation/SKILL.md +111 -0
- package/skills/ai-evaluation/evals/evals.json +40 -0
- package/skills/ai-evaluation/references/eval-tooling.md +63 -0
- package/skills/architecture-design/SKILL.md +3 -1
- package/skills/brainstorming/SKILL.md +92 -0
- package/skills/brainstorming/evals/evals.json +40 -0
- package/skills/browser-verification/SKILL.md +95 -0
- package/skills/browser-verification/evals/evals.json +40 -0
- package/skills/build-vs-buy/SKILL.md +109 -0
- package/skills/build-vs-buy/evals/evals.json +40 -0
- package/skills/cicd-pipeline/SKILL.md +1 -0
- package/skills/code-archaeology/SKILL.md +103 -0
- package/skills/code-archaeology/evals/evals.json +41 -0
- package/skills/compliance-privacy/SKILL.md +113 -0
- package/skills/compliance-privacy/evals/evals.json +41 -0
- package/skills/compliance-privacy/references/obligations-map.md +69 -0
- package/skills/data-pipeline-design/SKILL.md +116 -0
- package/skills/data-pipeline-design/evals/evals.json +41 -0
- package/skills/data-pipeline-design/references/orchestration.md +64 -0
- package/skills/data-quality/SKILL.md +107 -0
- package/skills/data-quality/evals/evals.json +39 -0
- package/skills/data-quality/references/tooling.md +45 -0
- package/skills/deployment-checklist/SKILL.md +2 -1
- package/skills/dx-audit/SKILL.md +97 -0
- package/skills/dx-audit/evals/evals.json +40 -0
- package/skills/feature-planning/SKILL.md +5 -1
- package/skills/finops-cost-optimization/SKILL.md +109 -0
- package/skills/finops-cost-optimization/evals/evals.json +40 -0
- package/skills/git-workflow/SKILL.md +10 -0
- package/skills/llm-app-engineering/SKILL.md +102 -0
- package/skills/llm-app-engineering/evals/evals.json +40 -0
- package/skills/llm-app-engineering/references/patterns.md +70 -0
- package/skills/ml-experiment-tracking/SKILL.md +1 -1
- package/skills/ml-pipeline-design/SKILL.md +1 -1
- package/skills/mobile-architecture/SKILL.md +106 -0
- package/skills/mobile-architecture/evals/evals.json +40 -0
- package/skills/mobile-release/SKILL.md +109 -0
- package/skills/mobile-release/evals/evals.json +41 -0
- package/skills/plan-execution/SKILL.md +115 -0
- package/skills/plan-execution/evals/evals.json +55 -0
- package/skills/project-documentation/SKILL.md +4 -0
- package/skills/release-management/SKILL.md +97 -0
- package/skills/release-management/evals/evals.json +56 -0
- package/skills/release-management/references/release-tooling.md +106 -0
- package/skills/resilience-engineering/SKILL.md +121 -0
- package/skills/resilience-engineering/evals/evals.json +40 -0
- package/skills/security-audit/SKILL.md +2 -2
- package/skills/skill-router/SKILL.md +46 -3
- package/skills/subagent-orchestration/SKILL.md +100 -0
- package/skills/subagent-orchestration/evals/evals.json +40 -0
- package/skills/threat-modeling/SKILL.md +101 -0
- package/skills/threat-modeling/evals/evals.json +40 -0
- package/skills/threat-modeling/references/stride-mitigations.md +90 -0
- package/skills/writing-skills/SKILL.md +27 -11
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "ai-evaluation",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "We've built a RAG chatbot over our internal docs and we're planning to launch in two weeks. How should we evaluate it before launch? Someone on the team mentioned ragas.",
|
|
7
|
+
"expected_output": "Designs an evaluation plan: a golden dataset grounded in real user questions, the RAG triad (faithfulness, answer relevance, context precision/recall) separating retrieval from generation metrics, a concrete tool choice (ragas/deepeval/promptfoo) with rationale, LLM-as-judge reliability measures, and the eval suite wired in as a regression gate rather than a one-off check",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Proposes building a golden/evaluation dataset grounded in real user questions or the docs, rather than evaluating ad hoc",
|
|
10
|
+
"Covers the RAG triad or equivalent — faithfulness/groundedness, answer relevance, and retrieval/context quality — and distinguishes retrieval metrics from generation metrics",
|
|
11
|
+
"Recommends a concrete evaluation tool (ragas, deepeval, or promptfoo) and explains its role",
|
|
12
|
+
"Addresses LLM-as-judge reliability with at least one concrete measure: rubric design, position/self-preference bias, majority voting, or calibrating the judge against human spot-checks",
|
|
13
|
+
"Proposes running the evals as a repeatable regression gate (in CI or before each prompt/pipeline change), not only as a one-off pre-launch check"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "Our LLM feature summarizes long sales calls. We have no ground-truth summaries and no users yet. How do we evaluate quality with zero labeled data?",
|
|
19
|
+
"expected_output": "Does not treat missing labels as a blocker: proposes reference-free evaluation (rubric-based LLM-as-judge, groundedness against the source call, pairwise comparison between variants), bootstraps a small human-labeled golden set, calibrates the judge against human spot-checks, and plans online signals (feedback, A/B) once users exist",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Does not claim evaluation is impossible without labels — proposes reference-free approaches such as rubric-based LLM-as-judge, groundedness against the source transcript, or pairwise comparison between variants",
|
|
22
|
+
"Recommends bootstrapping a small human-labeled golden set (even tens of examples) and explains what it buys",
|
|
23
|
+
"Designs the judge with an explicit rubric or criteria decomposition rather than a bare overall score",
|
|
24
|
+
"Mentions checking the judge against human spot-checks (calibration/agreement) or using voting to reduce judge noise",
|
|
25
|
+
"Plans for online signals after launch (user feedback, A/B testing) as a complement to offline evals"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "Set up MLflow for our fine-tuning experiments so we can log runs and compare hyperparameters across the team.",
|
|
31
|
+
"expected_output": "Recognizes this as experiment-tracking infrastructure, not evaluation design — hands off to ml-experiment-tracking for the MLflow setup and run comparison, noting the boundary: tracking records and compares runs, while ai-evaluation defines what and how to measure",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request is about experiment-tracking/run-comparison infrastructure, not about defining evaluation metrics or datasets",
|
|
34
|
+
"Refers to the ml-experiment-tracking skill for the MLflow setup and run comparison",
|
|
35
|
+
"Does not produce an evaluation-design workflow (golden datasets, judges, RAG metrics) as the answer to a tracking-infrastructure request",
|
|
36
|
+
"States the boundary: tracking records and compares runs, while evaluation design defines what and how to measure"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# Evaluation Tooling — Selection and Judge-Design Detail
|
|
2
|
+
|
|
3
|
+
Tool landscapes move fast; verify against each project's current docs before
|
|
4
|
+
committing. What follows is the decision logic, which is stable.
|
|
5
|
+
|
|
6
|
+
## Choosing the eval tool
|
|
7
|
+
|
|
8
|
+
Pick **one** primary tool. They overlap heavily; running two means maintaining
|
|
9
|
+
two golden-set formats and two CI integrations for no added signal.
|
|
10
|
+
|
|
11
|
+
| Tool | Shape | Choose when |
|
|
12
|
+
|---|---|---|
|
|
13
|
+
| **ragas** | Python library of RAG-specific metrics (faithfulness, answer relevancy, context precision/recall, noise sensitivity) | The system is RAG and you want the standard names for the RAG triad with minimal ceremony. Integrates with LangChain/LlamaIndex datasets. |
|
|
14
|
+
| **deepeval** | pytest-style framework — metrics as assertions, `assert_test(test_case, [metric])` | The team already lives in pytest and wants evals in the same runner and CI report as unit tests. Broad metric set (RAG triad, hallucination, bias, custom G-Eval rubrics). |
|
|
15
|
+
| **promptfoo** | Config-driven (YAML) prompt/model comparison matrix + web viewer, CLI-first | The main activity is comparing prompt variants or models side-by-side; also does red-teaming. Good for non-Python stacks (Node CLI). |
|
|
16
|
+
| **Roll your own** | A loop + a judge prompt + a JSON of cases | The metrics are product-specific rubrics anyway and a framework would only wrap your judge calls. Fine — the golden set and calibration discipline matter more than the harness. |
|
|
17
|
+
|
|
18
|
+
Platform suites (LangSmith, Langfuse, Braintrust, W&B Weave) bundle eval +
|
|
19
|
+
tracing + datasets; prefer them when the team already uses that platform for
|
|
20
|
+
observability — the dataset/annotation UI is the real value.
|
|
21
|
+
|
|
22
|
+
## RAG metric cheat sheet
|
|
23
|
+
|
|
24
|
+
| Failure you saw | Stage | Metric to add |
|
|
25
|
+
|---|---|---|
|
|
26
|
+
| Answer cites facts not in the docs | Generation | Faithfulness / groundedness |
|
|
27
|
+
| Answer is on-topic-ish but doesn't answer | Generation | Answer relevance |
|
|
28
|
+
| Right doc exists but wasn't retrieved | Retrieval | Context recall |
|
|
29
|
+
| Retrieved chunks are mostly padding | Retrieval | Context precision |
|
|
30
|
+
| Correct refusal expected, model answered anyway | Both | Unanswerable-set accuracy |
|
|
31
|
+
|
|
32
|
+
Debug order: retrieval metrics first. Generation metrics computed over bad
|
|
33
|
+
context are noise — fix recall before tuning prompts.
|
|
34
|
+
|
|
35
|
+
## LLM-as-judge bias catalog
|
|
36
|
+
|
|
37
|
+
| Bias | Symptom | Counter |
|
|
38
|
+
|---|---|---|
|
|
39
|
+
| Position | Prefers whichever answer is shown first | Randomize/swap order, judge twice, keep only consistent verdicts |
|
|
40
|
+
| Self-preference | Rates its own model family's style higher | Judge with a different model family than the generator |
|
|
41
|
+
| Verbosity | Longer answer wins regardless of substance | Instruct explicitly; normalize or cap lengths; per-criterion rubric |
|
|
42
|
+
| Sycophancy toward the prompt | Scores what the question implies is right | Hide metadata (which variant is "new"); blind the judge |
|
|
43
|
+
| Scale drift | 7/10 today ≠ 7/10 next month | Binary/3-point criteria; compare deltas on the same rubric version |
|
|
44
|
+
|
|
45
|
+
## Judge calibration procedure
|
|
46
|
+
|
|
47
|
+
1. Sample 20–30 golden cases; have a human score them with the same rubric.
|
|
48
|
+
2. Run the judge on the same cases (k=3 voting).
|
|
49
|
+
3. Compute simple agreement (percent match per criterion). Below ~80%: the
|
|
50
|
+
rubric is ambiguous — tighten criteria wording, add anchored examples
|
|
51
|
+
(a passing and a failing answer per criterion), re-run.
|
|
52
|
+
4. Re-calibrate whenever the rubric, judge model, or task distribution changes.
|
|
53
|
+
|
|
54
|
+
## Online evaluation notes
|
|
55
|
+
|
|
56
|
+
- **A/B tests**: randomize per user (not per request) for conversational
|
|
57
|
+
products; pick the primary metric before launch; expect judge-metric ↔
|
|
58
|
+
user-metric divergence and investigate it — it usually means the rubric is
|
|
59
|
+
measuring the wrong thing.
|
|
60
|
+
- **Human feedback**: thumbs up/down rates are biased (angry users click more);
|
|
61
|
+
use as a trend signal and a failure-mining source, not an absolute score.
|
|
62
|
+
- **Failure mining**: a weekly pass over flagged conversations feeding the
|
|
63
|
+
golden set is the highest-ROI eval activity that exists.
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: architecture-design
|
|
3
|
-
description: "Guide architectural and structural decisions using Architecture Decision Records (ADRs) — new services, pattern choices, database selection, component boundaries, state management, costly-to-reverse decisions. Triggers: how should I architect, which pattern, design decision, should I use X or Y, system design, ADR, component design, architectural trade-off."
|
|
3
|
+
description: "Guide architectural and structural decisions using Architecture Decision Records (ADRs) — new services, pattern choices, database selection, component boundaries, state management, costly-to-reverse decisions. Triggers: how should I architect, which pattern, design decision, should I use X or Y, system design, ADR, component design, architectural trade-off. Owns internal-structure decisions — build vs buy/adopt a vendor or OSS capability → build-vs-buy."
|
|
4
4
|
model: opus
|
|
5
5
|
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
6
|
---
|
|
@@ -78,6 +78,8 @@ ADRs are immutable records. If a decision is superseded, create a new ADR that r
|
|
|
78
78
|
|
|
79
79
|
For visual architecture documentation (system diagrams, runtime flows, infrastructure topology), see the `architecture-documentation` skill.
|
|
80
80
|
|
|
81
|
+
When the decision is whether a capability should be built at all versus bought or adopted (vendor/SaaS/OSS, TCO, lock-in, exit costs), use `build-vs-buy` — it produces the same ADR-style record, but for sourcing rather than structure.
|
|
82
|
+
|
|
81
83
|
## When to Split Decisions
|
|
82
84
|
|
|
83
85
|
If the analysis reveals multiple independent decisions bundled together, split them into separate ADRs. For example, "How should we handle caching?" might split into:
|
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: brainstorming
|
|
3
|
+
description: "Facilitate divergent ideation before committing to a spec — Socratic questioning, widening the option space, challenging assumptions and inherited constraints, then converging on candidates. Triggers: brainstorm, let's explore ideas, what are our options, help me think through, generate ideas, what could we build, not sure what I want, explore approaches, ideate. Once ideas converge, hand off to prd-writing (WHAT/WHY) or feature-planning (breakdown) — this skill opens options; those close them."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Brainstorming
|
|
9
|
+
|
|
10
|
+
Divergent exploration *before* convergent specification. The most expensive
|
|
11
|
+
failure in product work is efficiently building the wrong thing — this skill
|
|
12
|
+
exists to widen the option space and test the framing before anything gets
|
|
13
|
+
specced. It sits upstream of `prd-writing` and `feature-planning`: they converge
|
|
14
|
+
on one answer; this skill makes sure the right answers were on the table first.
|
|
15
|
+
|
|
16
|
+
The mode is **Socratic**: the user's tacit knowledge of their domain beats any
|
|
17
|
+
generated list. Ask questions that surface it; generate to provoke, not to
|
|
18
|
+
replace their thinking.
|
|
19
|
+
|
|
20
|
+
## Workflow
|
|
21
|
+
|
|
22
|
+
### Step 1: Frame the Real Problem
|
|
23
|
+
|
|
24
|
+
Before generating anything, ask: what problem, for whom, why now, and what would
|
|
25
|
+
"solved" look like? Then challenge the framing — the stated problem is often a
|
|
26
|
+
solution in disguise ("we need a dashboard" usually means "someone can't answer
|
|
27
|
+
a question"). Ask "what does that get you?" until you hit the underlying need.
|
|
28
|
+
If the user arrives with a solution already chosen, brainstorm the *problem
|
|
29
|
+
behind it* before brainstorming within it.
|
|
30
|
+
|
|
31
|
+
### Step 2: Separate Real Constraints from Inherited Ones
|
|
32
|
+
|
|
33
|
+
List the constraints, then interrogate each: is it physics/budget/law (real), or
|
|
34
|
+
habit/assumption/"we've always done it this way" (inherited)? Explicitly mark
|
|
35
|
+
which are negotiable. Most breakthrough options live behind a constraint that
|
|
36
|
+
turned out to be assumed.
|
|
37
|
+
|
|
38
|
+
### Step 3: Diverge — Quantity First, Judgment Deferred
|
|
39
|
+
|
|
40
|
+
Generate broadly, and do not evaluate mid-generation — criticism during
|
|
41
|
+
divergence kills the unusual options that make the exercise worthwhile. Mix
|
|
42
|
+
techniques rather than exhausting one:
|
|
43
|
+
|
|
44
|
+
- **Vary the axes**: who else could this serve, what adjacent problem does it
|
|
45
|
+
solve, how else could it be delivered, when/where else does it apply?
|
|
46
|
+
- **Invert**: how would we guarantee this fails? Each failure mode implies an option.
|
|
47
|
+
- **Analogize**: how do other domains solve the structural equivalent?
|
|
48
|
+
- **Recombine**: force-pair two existing ideas or systems.
|
|
49
|
+
|
|
50
|
+
Alternate generating with asking — offer a batch, then ask a question that
|
|
51
|
+
mines the user's context for the next batch.
|
|
52
|
+
|
|
53
|
+
### Step 4: Widen Once More (the Wildcards)
|
|
54
|
+
|
|
55
|
+
Before converging, deliberately add the options nobody proposes on their own:
|
|
56
|
+
the **do-nothing / process-change** option (no build at all), the **1/10-scope**
|
|
57
|
+
version (what's the smallest thing that dents the problem?), the **10x**
|
|
58
|
+
version (what if this were the company's main bet?), and the
|
|
59
|
+
**buy-instead-of-build** option (delegate that comparison to `build-vs-buy` if
|
|
60
|
+
it becomes a contender).
|
|
61
|
+
|
|
62
|
+
### Step 5: Converge with Explicit Criteria
|
|
63
|
+
|
|
64
|
+
Cluster related ideas, then name the selection criteria *before* scoring
|
|
65
|
+
(typical set: impact, effort, reversibility, confidence) — criteria chosen after
|
|
66
|
+
seeing favorites just rationalize them. Score roughly, pick 1–3 candidates, and
|
|
67
|
+
keep the rest in a **parking lot** with a one-line reason each — parked, not
|
|
68
|
+
deleted; today's reject is next quarter's answer.
|
|
69
|
+
|
|
70
|
+
### Step 6: Hand Off
|
|
71
|
+
|
|
72
|
+
Write a one-paragraph brief per surviving candidate (problem, idea, why it won,
|
|
73
|
+
open questions) and route it onward: `prd-writing` for requirements,
|
|
74
|
+
`feature-planning` for task breakdown, `project-proposal` for a business case,
|
|
75
|
+
`architecture-design` if the open questions are structural.
|
|
76
|
+
|
|
77
|
+
## Principles Applied
|
|
78
|
+
|
|
79
|
+
- **Defer judgment during divergence; be ruthless during convergence** — mixing
|
|
80
|
+
the modes does both badly.
|
|
81
|
+
- **Ask > tell**: a question that unlocks the user's knowledge outperforms ten
|
|
82
|
+
generated ideas.
|
|
83
|
+
- **YAGNI applies at convergence, not divergence** — generating a wild option
|
|
84
|
+
costs a line; building it is what needs justification.
|
|
85
|
+
|
|
86
|
+
## Cross-Skill References
|
|
87
|
+
|
|
88
|
+
- `prd-writing` — turn the winning idea into WHAT/WHY requirements
|
|
89
|
+
- `feature-planning` — break the chosen idea into scoped tasks
|
|
90
|
+
- `project-proposal` — wrap a candidate in a business case for a go/no-go
|
|
91
|
+
- `build-vs-buy` — when a candidate could be bought or adopted instead of built
|
|
92
|
+
- `architecture-design` — when the surviving questions are structural
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "brainstorming",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "We want to improve developer onboarding at our company — new hires take about two months to ship their first meaningful change. I'm not sure where to start. Can we brainstorm?",
|
|
7
|
+
"expected_output": "Runs a Socratic divergent session: probes the problem first (where the two months actually go, for whom, what 'onboarded' means), separates real from inherited constraints, generates a broad and varied option set without evaluating mid-stream, deliberately includes wildcards (do-nothing/process-change, tiny-scope, buy-instead-of-build), then converges with named criteria and hands the 1–3 survivors to prd-writing or feature-planning with a parking lot for the rest",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Asks clarifying/Socratic questions about the underlying problem (where the time goes, for whom, what success looks like) before or while generating ideas, rather than immediately listing solutions",
|
|
10
|
+
"Generates a genuinely diverse option set spanning different kinds of interventions (e.g. docs, tooling, process, people/mentoring), not variations of a single idea",
|
|
11
|
+
"Does not evaluate, score, or eliminate ideas during the divergent generation phase",
|
|
12
|
+
"Includes at least one wildcard option such as a no-build/process change, a radically smaller-scope version, or buying/adopting instead of building",
|
|
13
|
+
"Converges using explicitly named selection criteria (e.g. impact, effort, reversibility) and identifies 1–3 candidates plus a parking lot, with a handoff toward prd-writing, feature-planning, or project-proposal"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "I've decided we need to build a custom internal chat app for our 40-person company. Let's brainstorm features for it.",
|
|
19
|
+
"expected_output": "Widens before narrowing: probes the problem behind the already-chosen solution (what's failing with current communication, why existing tools don't fit), surfaces that 'build a custom chat app' is a solution not a problem, raises alternatives including buying/adopting existing tools (routing a serious buy-vs-build comparison to build-vs-buy), distinguishes real from assumed constraints — and still delivers the requested feature ideation rather than refusing or lecturing",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Probes the problem behind the chosen solution (what communication need is unmet, why existing tools fall short) instead of only listing features",
|
|
22
|
+
"Surfaces at least one alternative to building a custom chat app, such as adopting or configuring an existing tool, and mentions build-vs-buy for that comparison",
|
|
23
|
+
"Questions or tests the constraints/assumptions behind the decision (e.g. why custom, why now) and distinguishes real constraints from inherited ones",
|
|
24
|
+
"Still provides the requested divergent feature ideation for the chat app rather than refusing to engage with the user's framing",
|
|
25
|
+
"Does not converge on a final feature list without naming selection criteria first"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "We've settled on building a CLI tool that syncs our design tokens to code. Break it into tasks with acceptance criteria and dependencies so the team can start next sprint.",
|
|
31
|
+
"expected_output": "Recognizes that ideation is complete and the user is asking for convergent task breakdown — refers to feature-planning for the scoped tasks, acceptance criteria, and dependency mapping rather than reopening divergent exploration",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request as convergent planning of an already-chosen idea, not ideation",
|
|
34
|
+
"Refers to the feature-planning skill for the task breakdown, acceptance criteria, and dependencies",
|
|
35
|
+
"Does not restart divergent idea generation or question the settled decision as the main response",
|
|
36
|
+
"States or implies the boundary: brainstorming opens the option space before a decision; feature-planning structures the work after it"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -0,0 +1,95 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: browser-verification
|
|
3
|
+
description: "Verify a web app change by driving the real UI in a browser — reproduce the user flow end to end, watch console errors and network failures, exercise loading/error/empty states, capture screenshots as evidence. Use before claiming a UI change works. Triggers: check it in the browser, verify the UI, click through the flow, console errors, test it like a user, smoke test the frontend. Designing persistent test suites → test-suite-design; the generic done-gate → verification-before-completion (this is its browser-specific practice)."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Browser Verification
|
|
9
|
+
|
|
10
|
+
Prove a web change works by *being the user*, not by reading the diff. Passing
|
|
11
|
+
unit tests and a clean build say the code is consistent with itself — they say
|
|
12
|
+
nothing about the page actually rendering, the handler actually firing, or the
|
|
13
|
+
API call actually succeeding with real wiring. This skill is the
|
|
14
|
+
browser-specific practice of `verification-before-completion`: the claim "the
|
|
15
|
+
UI works" requires having driven the UI, in this session, with the evidence
|
|
16
|
+
captured. Boundary: `test-suite-design` builds *persistent* automated suites;
|
|
17
|
+
this skill is the verification pass you run on the change in front of you
|
|
18
|
+
(what it finds often becomes a suite case afterward).
|
|
19
|
+
|
|
20
|
+
## Workflow
|
|
21
|
+
|
|
22
|
+
### Step 1: Define the Flow That Proves the Change
|
|
23
|
+
|
|
24
|
+
Name the user-visible behavior the change promises ("submitting the form shows
|
|
25
|
+
the success toast and the new record appears in the list") and the shortest
|
|
26
|
+
real path to it. That flow — not "the page loads" — is what verification means.
|
|
27
|
+
Include what should *stop* happening for bug fixes (the old broken behavior,
|
|
28
|
+
reproduced first if possible).
|
|
29
|
+
|
|
30
|
+
### Step 2: Run the Real App in a Realistic State
|
|
31
|
+
|
|
32
|
+
Launch the actual stack the change ships in (dev server + backend + seeded
|
|
33
|
+
data), not a mental model of it. State matters: an empty database hides list
|
|
34
|
+
rendering bugs; a logged-out session hides authz redirects. Seed what the flow
|
|
35
|
+
needs — including a user in the right role.
|
|
36
|
+
|
|
37
|
+
### Step 3: Drive the Flow Like a User
|
|
38
|
+
|
|
39
|
+
Automate the drive with a browser tool (Playwright or the environment's
|
|
40
|
+
browser automation) or click it manually — but *interact*: navigate, type into
|
|
41
|
+
the fields, submit, wait for the response, observe the outcome. Prefer
|
|
42
|
+
selectors a user would recognize (roles, labels, text) over brittle internals.
|
|
43
|
+
Loading a URL and seeing HTTP 200 is not driving the flow — most UI bugs live
|
|
44
|
+
after first paint.
|
|
45
|
+
|
|
46
|
+
### Step 4: Watch All Three Evidence Channels
|
|
47
|
+
|
|
48
|
+
The page can *look* right while failing. During the drive, check:
|
|
49
|
+
|
|
50
|
+
- **Console** — errors and warnings that fired during the flow (a caught-and-
|
|
51
|
+
swallowed error today is the un-reproducible bug report next week).
|
|
52
|
+
- **Network** — the requests the flow triggered: right endpoints, right
|
|
53
|
+
payloads, right status codes; no 4xx/5xx, no CORS failures, no retry loops.
|
|
54
|
+
- **UI state** — the visible outcome: content correct, no layout collapse, no
|
|
55
|
+
infinite spinner masquerading as "loading".
|
|
56
|
+
|
|
57
|
+
### Step 5: Exercise Beyond the Happy Path
|
|
58
|
+
|
|
59
|
+
The states users hit that developers don't: **error** (kill the backend or
|
|
60
|
+
force a 500 — does the UI degrade or white-screen?), **empty** (zero items),
|
|
61
|
+
**loading** (throttle and look — flicker? layout shift?), **repeat actions**
|
|
62
|
+
(double-submit, back button, refresh mid-flow), and at least one non-desktop
|
|
63
|
+
viewport if the change touches layout. Scope to what the change plausibly
|
|
64
|
+
affects — a copy tweak doesn't need the full matrix; a checkout-flow change
|
|
65
|
+
does. (`ui-ux-design` owns designing these states; this skill verifies them.)
|
|
66
|
+
|
|
67
|
+
### Step 6: Capture Evidence and Report Precisely
|
|
68
|
+
|
|
69
|
+
Screenshot the key outcomes (success state, plus anything broken), keep the
|
|
70
|
+
console/network findings, and report in evidence terms: "drove signup →
|
|
71
|
+
dashboard with a fresh user; form validates, POST /users returns 201, toast
|
|
72
|
+
renders, zero console errors — screenshot attached" beats "the UI works".
|
|
73
|
+
Anything found but not fixed is reported, not silently absorbed. If the flow
|
|
74
|
+
proved valuable to verify, feed it to `test-suite-design` as a candidate e2e
|
|
75
|
+
case so next time it verifies itself.
|
|
76
|
+
|
|
77
|
+
## Principles Applied
|
|
78
|
+
|
|
79
|
+
- **The rendered page is the truth**: code review and unit tests approximate
|
|
80
|
+
it; only the browser confirms it.
|
|
81
|
+
- **Interaction over inspection**: most UI bugs are reachable only by doing
|
|
82
|
+
what a user does, in order.
|
|
83
|
+
- **Evidence, not impressions**: a screenshot with zero console errors is a
|
|
84
|
+
verification; "looked fine" is a mood.
|
|
85
|
+
|
|
86
|
+
## Cross-Skill References
|
|
87
|
+
|
|
88
|
+
- `verification-before-completion` — the generic evidence gate this skill
|
|
89
|
+
instantiates for web UIs
|
|
90
|
+
- `test-suite-design` — turning one-off verification flows into persistent e2e coverage
|
|
91
|
+
- `ui-ux-design` — designing the loading/error/empty states verified here
|
|
92
|
+
- `accessibility-design` — the deeper a11y pass when the change touches
|
|
93
|
+
interaction patterns
|
|
94
|
+
- `bug-investigating` — when verification finds something broken and the cause
|
|
95
|
+
isn't obvious
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "browser-verification",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "I just finished implementing the new signup form (client validation + POST to /api/users + success toast). Unit tests pass. Can you verify it actually works in the browser before I open the PR?",
|
|
7
|
+
"expected_output": "Defines the proving flow (fill form → submit → 201 → toast → user exists), runs the real stack with seeded/realistic state, drives the flow interactively (typing, submitting — not just loading the page), watches console errors, network requests (endpoint, payload, status), and UI state, exercises validation errors and double-submit, and reports with evidence (screenshots, zero-console-errors statement, observed network results) rather than 'looks good'",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Defines the user-visible flow that proves the change (form fill → submit → success), not just that the page loads",
|
|
10
|
+
"Runs the actual app stack with realistic state and drives the flow interactively — typing into fields and submitting, via automation or manual clicking",
|
|
11
|
+
"Checks all three evidence channels: console errors, network requests (endpoint/payload/status), and the rendered UI outcome",
|
|
12
|
+
"Exercises non-happy paths relevant to the change, such as validation errors and double-submit or backend failure",
|
|
13
|
+
"Reports in evidence terms — screenshots and observed results (e.g. 'POST /api/users returned 201, toast rendered, zero console errors') — before declaring it works"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "QA says the orders dashboard 'sometimes shows nothing' but every time I open it, it looks fine and there are no errors in our logs. Verify whether the page is actually broken.",
|
|
19
|
+
"expected_output": "Recognizes 'works on my visit' isn't verification of the failure condition: reproduces the states where lists show nothing — empty data, slow API (throttled loading state), failed request (5xx/CORS with the error swallowed client-side), auth/role differences, race on refresh/back — while watching the browser console and network tab (server logs won't show client-side failures), and either reproduces it with evidence or reports precisely which states were exercised and ruled out",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Recognizes that the page rendering fine on one visit does not rule out state-dependent failure, and enumerates candidate states: empty data, slow/failed API responses, auth/role differences, or refresh/back races",
|
|
22
|
+
"Uses browser-side evidence (console, network tab) explicitly noting that server logs miss client-side failures like swallowed errors or CORS",
|
|
23
|
+
"Manipulates state to reproduce — seeding empty data, throttling, or forcing API failure — rather than only reloading the page",
|
|
24
|
+
"Checks the loading and empty states specifically (infinite spinner or blank-on-empty are classic 'shows nothing' causes)",
|
|
25
|
+
"Concludes with evidence: either a reproduced failure with its trigger, or a precise list of exercised-and-passing states — not 'seems fine'"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "We need proper automated e2e coverage for our whole checkout funnel — browse, cart, payment, confirmation — running in CI on every PR. Set up the test strategy.",
|
|
31
|
+
"expected_output": "Recognizes this as designing a persistent automated test suite — refers to test-suite-design for the e2e strategy/infrastructure (and cicd-pipeline for the CI wiring), stating the boundary: browser-verification is the one-off evidence pass on the change in front of you; persistent suites are test-suite-design's domain",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request as persistent automated e2e suite design, not a one-off verification pass",
|
|
34
|
+
"Refers to the test-suite-design skill for the suite strategy (optionally cicd-pipeline for CI integration)",
|
|
35
|
+
"Does not respond with a single manual/ad-hoc browser verification session as the answer",
|
|
36
|
+
"States or implies the boundary: browser-verification verifies the change at hand; test-suite-design builds the lasting coverage"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: build-vs-buy
|
|
3
|
+
description: "Decide whether to build in-house, buy a vendor/SaaS product, or adopt OSS — core-vs-commodity framing, multi-year total cost of ownership, integration and maintenance burden, vendor viability, lock-in and exit costs. Triggers: build vs buy, build or buy, vendor evaluation, SaaS vs in-house, should we adopt this open source, TCO, total cost of ownership, lock-in, exit cost, make or buy, off the shelf. Internal-structure decisions (patterns, service boundaries, ADRs for your own code) → architecture-design."
|
|
4
|
+
model: opus
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, WebFetch, WebSearch
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Build vs Buy
|
|
9
|
+
|
|
10
|
+
Make the build/buy/adopt decision on total cost and strategic fit, not on
|
|
11
|
+
whichever option the room already favors. The two systematic errors this skill
|
|
12
|
+
exists to counter: engineers underestimate the *ongoing* cost of building
|
|
13
|
+
(maintenance routinely exceeds the initial build within a few years), and
|
|
14
|
+
everyone underestimates the *exit* cost of buying (discovered only when
|
|
15
|
+
leaving). Boundary: this skill decides whether the capability comes from
|
|
16
|
+
outside; how you structure your own code is `architecture-design`'s ADR
|
|
17
|
+
territory, and vetting an individual library is `dependency-management`.
|
|
18
|
+
|
|
19
|
+
## Workflow
|
|
20
|
+
|
|
21
|
+
### Step 1: Frame the Capability — Core or Commodity?
|
|
22
|
+
|
|
23
|
+
Name the capability precisely, then ask the question that dominates the whole
|
|
24
|
+
decision: **does doing this better than anyone else win you customers?** If yes
|
|
25
|
+
(core differentiator), building earns strategic control; if it's commodity
|
|
26
|
+
plumbing (auth, feature flags, payments, analytics infra, CRUD admin), every
|
|
27
|
+
engineer-month spent building it is a month not spent on what differentiates
|
|
28
|
+
you. Then split requirements into *must-have* and *nice-to-have* — a vendor
|
|
29
|
+
covering 90% of must-haves usually beats a build covering 100% of a wishlist.
|
|
30
|
+
|
|
31
|
+
### Step 2: Inventory the Real Options
|
|
32
|
+
|
|
33
|
+
There are usually more than two:
|
|
34
|
+
|
|
35
|
+
- **Build** in-house
|
|
36
|
+
- **Buy** a vendor/SaaS product
|
|
37
|
+
- **Adopt** OSS self-hosted (you're not buying — you're taking an operations job)
|
|
38
|
+
- **Hybrid** — buy/adopt the commodity core, build the thin differentiating layer
|
|
39
|
+
- **Defer** — do nothing yet; a legitimate option when the need is unproven
|
|
40
|
+
|
|
41
|
+
Verify current facts (pricing, licensing, maintenance status) with live sources
|
|
42
|
+
— vendor pricing pages and OSS repos, not memory.
|
|
43
|
+
|
|
44
|
+
### Step 3: TCO Over 3 Years — Not the Sticker Price
|
|
45
|
+
|
|
46
|
+
Cost each finalist over a 3-year horizon; year-1 comparisons systematically
|
|
47
|
+
favor building (the build cost is visible, the ownership cost isn't):
|
|
48
|
+
|
|
49
|
+
- **Build**: initial engineering + **ongoing ownership** (maintenance, on-call,
|
|
50
|
+
security patching, feature parity as needs grow — commonly comparable to the
|
|
51
|
+
initial build per year for actively-used systems) + **opportunity cost** (what
|
|
52
|
+
those engineers would otherwise ship — usually the largest and least-counted line).
|
|
53
|
+
- **Buy**: subscription *at projected usage*, not today's (model the pricing
|
|
54
|
+
curve at 3× growth — usage-based pricing is where vendors recover their
|
|
55
|
+
discounts) + integration + admin.
|
|
56
|
+
- **Adopt (OSS)**: hosting + operations + upgrades + security response + the
|
|
57
|
+
expertise to run it; "free" describes the license, not the ownership.
|
|
58
|
+
- **Everyone forgets**: migration of existing data/flows, training, compliance
|
|
59
|
+
and security review, vendor management overhead.
|
|
60
|
+
|
|
61
|
+
### Step 4: Risk — Lock-in, Exit, and Viability
|
|
62
|
+
|
|
63
|
+
Write the **exit plan now**, while you have leverage — the exit cost you can't
|
|
64
|
+
estimate is the one that traps you:
|
|
65
|
+
|
|
66
|
+
- What does leaving take? Data export (format? completeness? egress fees?),
|
|
67
|
+
proprietary APIs/features you'd re-implement, contract terms (lock-in period,
|
|
68
|
+
auto-renewal, price-increase caps).
|
|
69
|
+
- **Vendor viability**: funding/profitability, roadmap alignment, acquisition
|
|
70
|
+
risk, what happens to your data if they fold.
|
|
71
|
+
- **OSS health**: maintainer bus factor, release cadence, CVE responsiveness,
|
|
72
|
+
license (copyleft implications, and watch relicensing-to-source-available
|
|
73
|
+
history in the space) — delegate a deep package-level check to `dependency-management`.
|
|
74
|
+
- **Build risk** is real too: key-person dependency, and the "internal vendor"
|
|
75
|
+
failure mode — a team obligated to maintain a product nobody funds.
|
|
76
|
+
|
|
77
|
+
### Step 5: Decide and Record
|
|
78
|
+
|
|
79
|
+
Score the finalists in a weighted matrix — criteria and weights fixed *before*
|
|
80
|
+
scoring (after, the matrix just rationalizes the favorite). State a clear
|
|
81
|
+
recommendation with the dominant reasons, name the runner-up and what would
|
|
82
|
+
have flipped the decision, and set a **revisit trigger** ("revisit if usage
|
|
83
|
+
exceeds X / pricing changes >Y% / the maintainer goes dark"). Record it like an
|
|
84
|
+
ADR — decision, context, alternatives, consequences — so the next team
|
|
85
|
+
understands *why*, not just *what*.
|
|
86
|
+
|
|
87
|
+
### Step 6: De-risk Before Committing
|
|
88
|
+
|
|
89
|
+
For close calls or large commitments, run a time-boxed pilot against your top
|
|
90
|
+
must-haves and your real data volumes before signing multi-year terms or
|
|
91
|
+
staffing a build. A two-week PoC is the cheapest insurance in this workflow —
|
|
92
|
+
and pilot the *exit* too (run the data export once and look at what comes out).
|
|
93
|
+
|
|
94
|
+
## Principles Applied
|
|
95
|
+
|
|
96
|
+
- **Commodity → buy bias; differentiator → build bias** — most wrong decisions
|
|
97
|
+
invert this because building is more fun than integrating.
|
|
98
|
+
- **Compare TCO, not sticker price** — the build's cost is mostly after launch;
|
|
99
|
+
the vendor's is mostly at renewal and exit.
|
|
100
|
+
- **A decision without a revisit trigger is dogma** — pricing, vendors, and
|
|
101
|
+
your scale all change.
|
|
102
|
+
|
|
103
|
+
## Cross-Skill References
|
|
104
|
+
|
|
105
|
+
- `architecture-design` — internal-structure decisions and the ADR format
|
|
106
|
+
- `dependency-management` — deep evaluation of a specific library/package
|
|
107
|
+
- `project-proposal` — wrap the decision in a business case for approval
|
|
108
|
+
- `effort-estimation` — sizing the build option honestly
|
|
109
|
+
- `strategic-review` — when the decision touches positioning or the moat
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "build-vs-buy",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "We need feature flags for our product (SaaS, ~15 engineers, growing fast). Should we build our own flag service, buy LaunchDarkly, or self-host an open-source option like Unleash? Help me decide.",
|
|
7
|
+
"expected_output": "Frames feature flags as commodity infrastructure (core-vs-differentiator test), compares all three options on a multi-year TCO including ongoing ownership for build, projected-usage pricing for buy, and operations burden for self-hosted OSS, examines lock-in and exit costs plus vendor/OSS health, and lands on a clear recommendation recorded like an ADR with a revisit trigger",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Applies the core-vs-commodity framing — asks or determines whether feature flags differentiate this product (they don't) and lets that bias the decision",
|
|
10
|
+
"Compares build, buy, and OSS-adopt on total cost of ownership over a multi-year horizon, including ongoing maintenance/ownership for build and operations burden for self-hosted OSS — not just sticker price",
|
|
11
|
+
"Models the buy option at projected usage/growth, not only today's seat or flag count",
|
|
12
|
+
"Addresses lock-in and exit costs (data/config export, proprietary features, contract terms) and vendor or OSS project health",
|
|
13
|
+
"Concludes with a clear recommendation, the runner-up and what would flip it, and a revisit trigger — recorded in an ADR-like decision format"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "Our data team already spent two quarters building about 60% of an in-house analytics pipeline (ingestion works, transformation layer is half done). Meanwhile Fivetran + Snowflake + dbt Cloud would cover everything we planned for roughly $8k/month. Do we finish the build or switch? Leadership hates the idea of throwing away six months of work.",
|
|
19
|
+
"expected_output": "Treats the six months as sunk cost and evaluates only forward-looking costs: remaining build effort plus perpetual ownership (maintenance, on-call, feature parity) and the team's opportunity cost, versus migration effort plus the subscription at projected data volumes — including the vendor stack's lock-in/exit profile — and gives a clear recommendation with reasoning rather than an 'it depends' hedge",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Explicitly identifies the completed 60% as sunk cost and excludes it from the forward-looking comparison",
|
|
22
|
+
"Compares remaining-build-plus-ongoing-ownership cost (maintenance, on-call, opportunity cost of the data team) against migration-plus-subscription cost",
|
|
23
|
+
"Models the managed stack's subscription at projected data growth and examines its lock-in and exit costs, not just the $8k/month figure",
|
|
24
|
+
"Considers what the team would work on instead (opportunity cost) as a first-class factor in the decision",
|
|
25
|
+
"Delivers a clear, justified recommendation with a revisit trigger instead of an evasive 'it depends'"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "Should our order service use event sourcing or a plain CRUD model, and is it time to split it out of the monolith into its own microservice?",
|
|
31
|
+
"expected_output": "Recognizes these as internal-structure architectural decisions about the team's own code — pattern choice and service boundaries — and refers to architecture-design for an ADR-driven trade-off analysis, without running a vendor/TCO evaluation",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request as internal architecture (pattern choice, service boundaries), not a build/buy/adopt sourcing decision",
|
|
34
|
+
"Refers to the architecture-design skill and its ADR workflow for the decision",
|
|
35
|
+
"Does not produce a vendor evaluation, TCO analysis, or lock-in assessment for this request",
|
|
36
|
+
"States or implies the boundary: build-vs-buy decides where a capability comes from; architecture-design decides how your own system is structured"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -83,5 +83,6 @@ Quality gates prevent bad code from advancing:
|
|
|
83
83
|
- `deployment-repo` — for multi-service systems, the deployment repo handles system-level CI (contract tests, E2E, promotion)
|
|
84
84
|
- `gitops-delivery` — pull-based delivery as an alternative to CI-driven `kubectl apply` / `helm upgrade`
|
|
85
85
|
- `deployment-checklist` — pre-deployment verification gates to incorporate into the pipeline
|
|
86
|
+
- `release-management` — the release stage itself: version bumps, changelog, tagging, publish gates, registry publishing (the pipeline automates what that skill decides)
|
|
86
87
|
- `security-audit` — security scanning stages and SAST/DAST integration
|
|
87
88
|
- `verification-before-completion` — run the proving commands locally before relying on the pipeline to catch failures
|