swe-workflow-skills 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +57 -17
- package/VERSION +1 -1
- package/catalog.json +95 -5
- package/package.json +1 -1
- package/roles.json +58 -7
- package/skills/ai-evaluation/SKILL.md +111 -0
- package/skills/ai-evaluation/evals/evals.json +40 -0
- package/skills/ai-evaluation/references/eval-tooling.md +63 -0
- package/skills/architecture-design/SKILL.md +3 -1
- package/skills/brainstorming/SKILL.md +92 -0
- package/skills/brainstorming/evals/evals.json +40 -0
- package/skills/browser-verification/SKILL.md +95 -0
- package/skills/browser-verification/evals/evals.json +40 -0
- package/skills/build-vs-buy/SKILL.md +109 -0
- package/skills/build-vs-buy/evals/evals.json +40 -0
- package/skills/cicd-pipeline/SKILL.md +1 -0
- package/skills/code-archaeology/SKILL.md +103 -0
- package/skills/code-archaeology/evals/evals.json +41 -0
- package/skills/compliance-privacy/SKILL.md +113 -0
- package/skills/compliance-privacy/evals/evals.json +41 -0
- package/skills/compliance-privacy/references/obligations-map.md +69 -0
- package/skills/data-pipeline-design/SKILL.md +116 -0
- package/skills/data-pipeline-design/evals/evals.json +41 -0
- package/skills/data-pipeline-design/references/orchestration.md +64 -0
- package/skills/data-quality/SKILL.md +107 -0
- package/skills/data-quality/evals/evals.json +39 -0
- package/skills/data-quality/references/tooling.md +45 -0
- package/skills/deployment-checklist/SKILL.md +2 -1
- package/skills/dx-audit/SKILL.md +97 -0
- package/skills/dx-audit/evals/evals.json +40 -0
- package/skills/feature-planning/SKILL.md +5 -1
- package/skills/finops-cost-optimization/SKILL.md +109 -0
- package/skills/finops-cost-optimization/evals/evals.json +40 -0
- package/skills/git-workflow/SKILL.md +10 -0
- package/skills/llm-app-engineering/SKILL.md +102 -0
- package/skills/llm-app-engineering/evals/evals.json +40 -0
- package/skills/llm-app-engineering/references/patterns.md +70 -0
- package/skills/ml-experiment-tracking/SKILL.md +1 -1
- package/skills/ml-pipeline-design/SKILL.md +1 -1
- package/skills/mobile-architecture/SKILL.md +106 -0
- package/skills/mobile-architecture/evals/evals.json +40 -0
- package/skills/mobile-release/SKILL.md +109 -0
- package/skills/mobile-release/evals/evals.json +41 -0
- package/skills/plan-execution/SKILL.md +115 -0
- package/skills/plan-execution/evals/evals.json +55 -0
- package/skills/project-documentation/SKILL.md +4 -0
- package/skills/release-management/SKILL.md +97 -0
- package/skills/release-management/evals/evals.json +56 -0
- package/skills/release-management/references/release-tooling.md +106 -0
- package/skills/resilience-engineering/SKILL.md +121 -0
- package/skills/resilience-engineering/evals/evals.json +40 -0
- package/skills/security-audit/SKILL.md +2 -2
- package/skills/skill-router/SKILL.md +46 -3
- package/skills/subagent-orchestration/SKILL.md +100 -0
- package/skills/subagent-orchestration/evals/evals.json +40 -0
- package/skills/threat-modeling/SKILL.md +101 -0
- package/skills/threat-modeling/evals/evals.json +40 -0
- package/skills/threat-modeling/references/stride-mitigations.md +90 -0
- package/skills/writing-skills/SKILL.md +27 -11
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: release-management
|
|
3
|
+
description: "Cut and publish software releases right-sized to the project — semver decisions, changelogs, tagging, automated version bumps (release-please, changesets, semantic-release), publishing gates, npm/PyPI/container registry publishing, pre-release channels, monorepo versioning. Triggers: cut a release, release this, publish to npm, publish to PyPI, publish this package, version bump, what version should this be, semver, changelog, tag a release, release notes, GitHub release, prerelease, release automation, release PR. Deploy-time safety → deployment-checklist; commit/PR hygiene → git-workflow."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Release Management
|
|
9
|
+
|
|
10
|
+
Releasing turns committed work into a versioned, consumable artifact — a tag, a package, an image — with a truthful version number and a record of what changed. It is not deploying (that's `deployment-checklist`): a release can exist without a deploy, and vice versa.
|
|
11
|
+
|
|
12
|
+
## ⛔ The Iron Law
|
|
13
|
+
|
|
14
|
+
**Never publish without a fresh verification gate — and never impose more release process than the project warrants.**
|
|
15
|
+
|
|
16
|
+
Registry publishes are effectively irreversible: a version number, once published, is burned even if you yank it, and whatever shipped inside it is already on users' machines. The gate — tests green on the exact release commit, artifact inspected, versions consistent — scales down to a two-minute check on a solo project, but it never disappears. Ceremony scales with the project; the gate doesn't.
|
|
17
|
+
|
|
18
|
+
## Step 1: Detect Existing Conventions — Never Assume Greenfield
|
|
19
|
+
|
|
20
|
+
Before proposing anything, find what the project already does:
|
|
21
|
+
|
|
22
|
+
- **Release config**: `.changeset/`, `release-please-config.json`, `.releaserc*` / `release` key in package.json, `cliff.toml`, `.goreleaser.yml`
|
|
23
|
+
- **Docs**: `RELEASING.md`, release sections in `CONTRIBUTING.md`
|
|
24
|
+
- **CI**: publish/release jobs in workflow files (tag triggers, `npm publish`, `twine upload`)
|
|
25
|
+
- **History**: `git tag --list` (scheme and cadence), `CHANGELOG.md` format, commit-message style
|
|
26
|
+
|
|
27
|
+
If conventions exist, follow them for this release; propose improvements as a separate change. An org's release process usually encodes constraints you can't see from the repo.
|
|
28
|
+
|
|
29
|
+
## Step 2: Right-Size the Process
|
|
30
|
+
|
|
31
|
+
| Tier | Signals | Process |
|
|
32
|
+
|---|---|---|
|
|
33
|
+
| **Solo / personal** | One maintainer, few users, irregular cadence | Manual: bump version, changelog entry (or `gh release create --generate-notes`), annotated tag, GitHub release. **No automation tooling.** |
|
|
34
|
+
| **Team / published package** | Multiple contributors, external consumers, regular cadence | Conventional commits feeding **one** automation tool (release-please / changesets / semantic-release), generated changelog, publish gate as a CI stage |
|
|
35
|
+
| **Org / platform / monorepo** | Many packages, coordinated versions, compliance needs | Release PRs, protected release branches, provenance / trusted publishing, pre-release channels, coordinated monorepo versioning |
|
|
36
|
+
|
|
37
|
+
Under-processing breaks consumers; over-processing kills a small project's momentum. State which tier applies and why. **Graduation trigger**: adopt automation when the manual loop runs more than about monthly, or is executed by more than one person — not before.
|
|
38
|
+
|
|
39
|
+
## Step 3: Decide the Version
|
|
40
|
+
|
|
41
|
+
- **Something with consumers of a versioned contract (library, CLI, API)** → SemVer: breaking → MAJOR, feature → MINOR, fix → PATCH. Pre-1.0, MINOR is the breaking-change lever — and don't promise 1.0 stability until you mean it.
|
|
42
|
+
- **A deployed app or service nobody installs by version** → CalVer or a build number is fine; don't cargo-cult SemVer where there is no consumer contract.
|
|
43
|
+
- The version lives in **one source of truth**; every other occurrence (manifests, generated files) is stamped from it. Grep for the old version before tagging — drift here is the classic broken release.
|
|
44
|
+
- Never inflate ("bump minor to be safe"): the version is communication to consumers, not marketing. Inflating it lies about compatibility.
|
|
45
|
+
|
|
46
|
+
## Step 4: Prepare the Release
|
|
47
|
+
|
|
48
|
+
- **Changelog** from commits, in [Keep a Changelog](https://keepachangelog.com/) form. Conventional commits map mechanically: `feat` → Added, `fix` → Fixed, behavior change → Changed, `feat!` / `BREAKING CHANGE:` → MAJOR.
|
|
49
|
+
- **Release notes ≠ changelog**: notes lead with highlights and breaking changes plus their upgrade steps — what a consumer must know before upgrading, not a commit list.
|
|
50
|
+
- Bump the source-of-truth version, regenerate anything stamped from it, promote `[Unreleased]` in the changelog.
|
|
51
|
+
|
|
52
|
+
## Step 5: Gate, Then Publish
|
|
53
|
+
|
|
54
|
+
Run the gate on the **exact commit being released** (including the version-bump commit):
|
|
55
|
+
|
|
56
|
+
1. Clean working tree, correct branch — `git status`.
|
|
57
|
+
2. Tests and build green **on this commit**, not "they passed yesterday on main".
|
|
58
|
+
3. Inspect the artifact users will get: `npm pack --dry-run` / `python -m build` + `twine check` / image build — check the file list, not just the exit code.
|
|
59
|
+
4. Version consistency: manifest(s), changelog heading, and the tag you're about to create all agree.
|
|
60
|
+
|
|
61
|
+
Then, in order: annotated tag (`vX.Y.Z`) → publish → **post-publish smoke test** (install the *published* artifact in a clean directory and exercise it) → GitHub release with the notes. If the smoke test fails, the fix is a new patch version — which is exactly why the gate runs first.
|
|
62
|
+
|
|
63
|
+
## Step 6: Automate What Repeats (Tier 2+)
|
|
64
|
+
|
|
65
|
+
Pick **one** tool — they solve the same problem and fight each other:
|
|
66
|
+
|
|
67
|
+
- **release-please** — release PRs that accumulate changes; GitHub-centric; good monorepo support; a human merge is the final gate.
|
|
68
|
+
- **changesets** — contributors declare intent per change; the standard for JS/TS monorepos with independent package versions.
|
|
69
|
+
- **semantic-release** — fully automated publish on merge; no human gate, so the CI gate must be airtight.
|
|
70
|
+
|
|
71
|
+
Selection detail, trusted publishing/provenance, pre-release channels and dist-tags, monorepo fixed-vs-independent versioning, and hotfix/backport flows: [references/release-tooling.md](references/release-tooling.md).
|
|
72
|
+
|
|
73
|
+
## Rationalizations to Reject
|
|
74
|
+
|
|
75
|
+
| Excuse | Reality |
|
|
76
|
+
|---|---|
|
|
77
|
+
| "It's a one-line fix — publish now, run tests after" | Published versions can't be overwritten. Start the tests, prep in parallel, publish when green; if consumers truly can't wait, publish to a `next` dist-tag, not `latest`. |
|
|
78
|
+
| "Small project — tags and changelogs are overkill" | The lightweight tier costs minutes and buys bisect, rollback, and consumer trust. Skipping versioning is not right-sizing. |
|
|
79
|
+
| "Let's set up semantic-release" (solo repo, three releases a year) | Below regular cadence, automation costs more than it saves. Right-sizing cuts both ways. |
|
|
80
|
+
| "Tests passed yesterday on main" | The gate runs on the exact release commit — the version bump and changelog commit included. |
|
|
81
|
+
| "We'll fix the notes after publishing" | Notes and changelog are part of the artifact; consumers read them at upgrade time, which is now. |
|
|
82
|
+
|
|
83
|
+
## Red Flags — Stop and Correct Course
|
|
84
|
+
|
|
85
|
+
- Publishing from a dirty tree, an unpushed branch, or a commit CI never saw.
|
|
86
|
+
- The manifest, the tag, and the changelog disagree on the version.
|
|
87
|
+
- Two release-automation tools active in the same repo.
|
|
88
|
+
- "Misc fixes and improvements" as the entire changelog entry for a consumer-facing release.
|
|
89
|
+
- A release procedure that requires hand-editing generated files.
|
|
90
|
+
|
|
91
|
+
## Cross-Skill References
|
|
92
|
+
|
|
93
|
+
- `git-workflow` — the conventional commits that feed automated bumps
|
|
94
|
+
- `cicd-pipeline` — implementing the publish gate as a pipeline stage
|
|
95
|
+
- `deployment-checklist` / `rollback-strategy` — deploying the released artifact safely
|
|
96
|
+
- `project-documentation` — changelog upkeep between releases
|
|
97
|
+
- `verification-before-completion` — the evidence discipline the gate is built on
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "release-management",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Our team maintains a Node.js library on GitHub with about a dozen contributors. We already use conventional commits. Set up automated releases for us: version bumps, changelog, and npm publishing when we merge to main.",
|
|
7
|
+
"expected_output": "Checks for existing release conventions first, recommends exactly one automation tool with rationale (release-please or semantic-release given conventional commits), explains the commit-to-bump mapping, and designs a CI publish gate (tests on the release commit, artifact inspection, trusted publishing/provenance) plus tagging and GitHub releases",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Inspects or asks about existing release configuration and CI before proposing a setup",
|
|
10
|
+
"Recommends exactly one automation tool and gives a rationale for the choice over the alternatives",
|
|
11
|
+
"Explains the conventional-commit to semver bump mapping (fix->patch, feat->minor, breaking->major)",
|
|
12
|
+
"Includes a publish gate in CI: tests/build re-run on the release commit and artifact inspection (e.g. npm pack --dry-run) before npm publish",
|
|
13
|
+
"Covers tagging and GitHub release creation, not just the npm publish",
|
|
14
|
+
"Mentions npm supply-chain hygiene: trusted publishing/OIDC, --provenance, or 2FA"
|
|
15
|
+
]
|
|
16
|
+
},
|
|
17
|
+
{
|
|
18
|
+
"id": 2,
|
|
19
|
+
"prompt": "I have a small personal CLI project on GitHub — just me maintaining it, a handful of users. I want to cut my first release. What's the proper release process I should set up?",
|
|
20
|
+
"expected_output": "Right-sizes to the solo tier: manual semver + changelog or generated notes + annotated tag + GitHub release, explicitly advising AGAINST release-automation tooling at this scale, while still requiring a verification gate before tagging/publishing and naming the trigger for graduating to automation later",
|
|
21
|
+
"assertions": [
|
|
22
|
+
"Recommends the lightweight manual tier: choose a semver version, changelog or generated release notes, annotated git tag, GitHub release",
|
|
23
|
+
"Explicitly advises against setting up release automation tooling (semantic-release, release-please, changesets) at this scale and says why",
|
|
24
|
+
"Still requires a verification gate before tagging/publishing (tests green on the release commit, clean tree, artifact/install check)",
|
|
25
|
+
"Names a graduation trigger for when to adopt automation later (cadence or contributor count)",
|
|
26
|
+
"Does not present the heavyweight org-tier process (release trains, release branches, provenance infrastructure) as needed here"
|
|
27
|
+
]
|
|
28
|
+
},
|
|
29
|
+
{
|
|
30
|
+
"id": 3,
|
|
31
|
+
"prompt": "We're shipping to production on Friday and there are two pending database migrations. Is it safe to deploy? What should we double-check?",
|
|
32
|
+
"expected_output": "Recognizes this is a deployment-safety question, not a release/versioning question — hands off to deployment-checklist (and rollback-strategy for the migrations) rather than producing versioning or publishing guidance",
|
|
33
|
+
"assertions": [
|
|
34
|
+
"Recognizes the question is about deploy safety, not versioning/publishing a release artifact",
|
|
35
|
+
"Refers to the deployment-checklist skill for the pre-deploy verification",
|
|
36
|
+
"Mentions rollback-strategy for the pending migrations",
|
|
37
|
+
"Does not answer with semver, changelog, tagging, or registry-publishing guidance"
|
|
38
|
+
]
|
|
39
|
+
}
|
|
40
|
+
],
|
|
41
|
+
"pressure_tests": [
|
|
42
|
+
{
|
|
43
|
+
"id": 1,
|
|
44
|
+
"prompt": "Users are hitting this bug right now and the fix is literally one line. The full test suite takes 10 minutes and the CEO is asking why the fix isn't on npm yet. Just publish it now — we can run the tests right after.",
|
|
45
|
+
"pressure": ["time", "authority"],
|
|
46
|
+
"expected_behavior": "Holds the Iron Law: no publish without a fresh verification gate. Explains that npm publishes are irreversible (the version is burned even if unpublished), starts the tests immediately and does the prep (bump, pack --dry-run, manual repro of the fix) in parallel so the gate adds ~zero wall-clock time, and offers the `next` dist-tag as the escape hatch if consumers truly cannot wait — never publishing untested code to `latest`.",
|
|
47
|
+
"assertions": [
|
|
48
|
+
"Refuses to publish to latest before the verification gate passes",
|
|
49
|
+
"Explains that published versions are effectively irreversible / the version number is burned",
|
|
50
|
+
"Proposes the fastest safe path: start tests immediately and do release prep in parallel",
|
|
51
|
+
"Offers a pre-release channel or dist-tag (e.g. publish --tag next) as the escape hatch instead of skipping the gate",
|
|
52
|
+
"Does not capitulate to the time pressure or the authority pressure"
|
|
53
|
+
]
|
|
54
|
+
}
|
|
55
|
+
]
|
|
56
|
+
}
|
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
# Release Tooling and Advanced Patterns
|
|
2
|
+
|
|
3
|
+
Deep-dive material for Tier 2+ releases. Check each tool's current docs before pinning
|
|
4
|
+
versions or config formats — this file describes the stable concepts, not exact syntax.
|
|
5
|
+
|
|
6
|
+
## Choosing an automation tool
|
|
7
|
+
|
|
8
|
+
| | release-please | changesets | semantic-release |
|
|
9
|
+
|---|---|---|---|
|
|
10
|
+
| **Model** | Bot maintains a running "release PR"; merging it bumps, tags, publishes | Contributors add a changeset file per change stating bump level + summary; release command consumes them | Every merge to the release branch analyzes commits and publishes immediately |
|
|
11
|
+
| **Human gate** | Yes — merging the release PR | Yes — running/merging the version PR | No — CI is the only gate |
|
|
12
|
+
| **Input** | Conventional commits | Explicit changeset files | Conventional commits |
|
|
13
|
+
| **Monorepo** | Good (manifest mode, per-package configs) | Best-in-class for JS/TS independent versions | Weak without plugins |
|
|
14
|
+
| **Ecosystem** | Language-agnostic (GitHub-centric) | JS/TS | JS-first, plugin-extensible |
|
|
15
|
+
| **Pick when** | You want release PRs as review points, any language | Contributors should declare intent per change; JS monorepo | High-cadence, fully hands-off publishing with airtight CI |
|
|
16
|
+
|
|
17
|
+
Adjacent tools: `git-cliff` / `conventional-changelog` (changelog only, no publish),
|
|
18
|
+
`goreleaser` (Go binaries + archives + Homebrew taps), `cargo-release` /
|
|
19
|
+
`cargo-dist` (Rust), `commitizen` / `commitlint` (enforce the commit format that feeds
|
|
20
|
+
all of the above).
|
|
21
|
+
|
|
22
|
+
**One tool per repo.** They all want to own the version bump and the tag; running two
|
|
23
|
+
produces double-bumps and conflicting tags. Migrating between them is a deliberate
|
|
24
|
+
change with its own PR.
|
|
25
|
+
|
|
26
|
+
## Conventional commits → bump level
|
|
27
|
+
|
|
28
|
+
| Commit | Bump | Changelog section |
|
|
29
|
+
|---|---|---|
|
|
30
|
+
| `fix:` | PATCH | Fixed |
|
|
31
|
+
| `feat:` | MINOR | Added |
|
|
32
|
+
| `feat!:` or `BREAKING CHANGE:` footer (any type) | MAJOR | Breaking / Changed |
|
|
33
|
+
| `docs:`, `chore:`, `refactor:`, `test:`, `ci:` | none by default | usually omitted |
|
|
34
|
+
|
|
35
|
+
Pre-1.0 (`0.y.z`): most tools map breaking → MINOR and everything else → PATCH,
|
|
36
|
+
matching SemVer's "anything may change" escape hatch. Configure this explicitly rather
|
|
37
|
+
than relying on defaults.
|
|
38
|
+
|
|
39
|
+
## Publishing gates and supply-chain hygiene
|
|
40
|
+
|
|
41
|
+
A publish gate is a CI stage between "release approved" and "artifact on the
|
|
42
|
+
registry":
|
|
43
|
+
|
|
44
|
+
1. **Re-run tests + build on the release commit** (the bump commit is new — it was
|
|
45
|
+
never tested).
|
|
46
|
+
2. **Inspect the artifact**: `npm pack --dry-run` (file list, size), `twine check
|
|
47
|
+
dist/*`, `docker sbom` / image scan. Catches the classic "files allowlist dropped
|
|
48
|
+
half the package".
|
|
49
|
+
3. **Dry-run install**: unpack the tarball / install from the local artifact into a
|
|
50
|
+
clean dir and run a smoke command.
|
|
51
|
+
4. **Publish with provenance**:
|
|
52
|
+
- npm: OIDC **trusted publishing** from CI (no long-lived tokens) and
|
|
53
|
+
`npm publish --provenance`; require 2FA on the account regardless.
|
|
54
|
+
- PyPI: **trusted publishers** (OIDC from GitHub Actions/GitLab) instead of API
|
|
55
|
+
tokens; upload with `twine` or `pypa/gh-action-pypi-publish`.
|
|
56
|
+
- Containers: push by digest, sign (`cosign`), and treat mutable tags (`latest`) as
|
|
57
|
+
pointers, never as identity.
|
|
58
|
+
5. **Post-publish smoke test** against the registry copy, not the local build.
|
|
59
|
+
|
|
60
|
+
Registry immutability rules worth remembering: npm allows `unpublish` only in a narrow
|
|
61
|
+
window and never lets you reuse a version number; PyPI allows **yank** (pip skips it
|
|
62
|
+
unless pinned) but no re-upload of the same filename; container tags are mutable but
|
|
63
|
+
digests are not — consumers pinning digests are unaffected by tag rewrites.
|
|
64
|
+
|
|
65
|
+
## Pre-release channels
|
|
66
|
+
|
|
67
|
+
- SemVer pre-release identifiers: `2.0.0-alpha.1` < `2.0.0-beta.1` < `2.0.0-rc.1` <
|
|
68
|
+
`2.0.0`. Automation tools support a "prerelease mode" that keeps bumping the
|
|
69
|
+
identifier.
|
|
70
|
+
- **npm dist-tags decouple publishing from adoption**: `npm publish --tag next` ships
|
|
71
|
+
a version without making it the default install; promote later with
|
|
72
|
+
`npm dist-tag add pkg@2.0.0 latest`. This is the escape hatch when someone needs a
|
|
73
|
+
fix *now* and the full gate hasn't finished — ship to `next`, promote when green.
|
|
74
|
+
- PyPI: pre-release versions (`2.0.0b1`) are skipped by pip unless `--pre` or pinned.
|
|
75
|
+
- Channels only help if consumers know they exist — document them in the README.
|
|
76
|
+
|
|
77
|
+
## Monorepo versioning
|
|
78
|
+
|
|
79
|
+
- **Fixed / lockstep**: every package shares one version; one tag, one changelog.
|
|
80
|
+
Simple, some no-op bumps. Right when packages are consumed as a set (this library
|
|
81
|
+
versions its role plugins in lockstep for exactly this reason).
|
|
82
|
+
- **Independent**: each package has its own version and tag (`pkg-a@1.2.0`).
|
|
83
|
+
Right when consumers depend on packages individually; requires tooling (changesets,
|
|
84
|
+
release-please manifest mode) to track per-package changes and inter-package
|
|
85
|
+
dependency bumps.
|
|
86
|
+
- Decide **before** the first release; converting later means rewriting tag history
|
|
87
|
+
conventions and consumer expectations.
|
|
88
|
+
|
|
89
|
+
## Hotfix and backport flow
|
|
90
|
+
|
|
91
|
+
When `main` has moved past the released version and a fix must ship for it:
|
|
92
|
+
|
|
93
|
+
1. Branch from the release tag: `git checkout -b release/1.2.x v1.2.3`.
|
|
94
|
+
2. Cherry-pick (or land) the fix there; release `1.2.4` from that branch through the
|
|
95
|
+
same gate.
|
|
96
|
+
3. Ensure the fix is also on `main` (forward-port), or the next minor silently
|
|
97
|
+
regresses it.
|
|
98
|
+
4. Long-lived release branches (`release/1.x`) are Tier 3 machinery — only maintain
|
|
99
|
+
them if you actually support old majors.
|
|
100
|
+
|
|
101
|
+
## Release trains (Tier 3)
|
|
102
|
+
|
|
103
|
+
Fixed-cadence releases (e.g., every two weeks) where whatever is merged by the cutoff
|
|
104
|
+
ships: removes per-release negotiation, pairs with feature flags for incomplete work.
|
|
105
|
+
Needs: a cutoff automation, a stabilization window, and an explicit hotfix lane that
|
|
106
|
+
bypasses the train through the same publish gate.
|
|
@@ -0,0 +1,121 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: resilience-engineering
|
|
3
|
+
description: "Design systems that survive failure — failure-mode analysis, resilience patterns (timeouts, retries with backoff, circuit breakers, bulkheads, load shedding, graceful degradation), chaos experiments, disaster recovery with RTO/RPO, backup restore testing, game days. Triggers: chaos engineering, disaster recovery, DR plan, what if the database goes down, single point of failure, failover, circuit breaker, RTO, RPO, game day, high availability. An incident happening NOW → incident-response; undoing a bad deploy → rollback-strategy."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Resilience Engineering
|
|
9
|
+
|
|
10
|
+
Assume everything fails; design so users barely notice. Resilience isn't
|
|
11
|
+
redundancy shopping — it's knowing your failure modes, choosing which ones
|
|
12
|
+
you'll survive (and how degraded), and *proving it* before reality runs the
|
|
13
|
+
test for you. Boundaries: `incident-response` is for the fire currently
|
|
14
|
+
burning; `rollback-strategy` undoes a bad deploy; `observability-design`
|
|
15
|
+
builds the detection this skill's mechanisms depend on. This skill is the
|
|
16
|
+
design-and-verification work done in peacetime.
|
|
17
|
+
|
|
18
|
+
## Workflow
|
|
19
|
+
|
|
20
|
+
### Step 1: Failure-Mode Analysis — What Can Break, and What Happens Then?
|
|
21
|
+
|
|
22
|
+
Walk the architecture dependency by dependency and ask, for each: *what does
|
|
23
|
+
the user experience when this is down, slow, or wrong?* Cover the classes
|
|
24
|
+
people skip: not just crashes but **slowness** (a hung dependency is worse
|
|
25
|
+
than a dead one — it ties up your threads), **partial failure** (one AZ, one
|
|
26
|
+
shard, 5% of requests), **dependency failure** (the payment provider, the
|
|
27
|
+
auth service, DNS), and **data-level failure** (corruption, bad deploy writing
|
|
28
|
+
garbage — replication happily replicates it). Mark every **single point of
|
|
29
|
+
failure** and every **blast-radius coupler** (shared DB, shared queue, sync
|
|
30
|
+
call chains). Rank by likelihood × user impact; this list drives everything
|
|
31
|
+
below.
|
|
32
|
+
|
|
33
|
+
### Step 2: Set the Targets — How Resilient Is Enough?
|
|
34
|
+
|
|
35
|
+
Resilience costs money and complexity; decide deliberately, per system tier:
|
|
36
|
+
|
|
37
|
+
- **Availability target** — align with the SLOs (`observability-design`);
|
|
38
|
+
five nines for an internal dashboard is waste, three nines for checkout is
|
|
39
|
+
negligence.
|
|
40
|
+
- **RTO** (how long may recovery take) and **RPO** (how much data may be lost)
|
|
41
|
+
per data store — these two numbers *are* the DR design: they decide between
|
|
42
|
+
backups (hours/minutes), warm standby (minutes/seconds), and multi-region
|
|
43
|
+
active-active (seconds/none), whose costs differ by orders of magnitude.
|
|
44
|
+
|
|
45
|
+
### Step 3: Apply the Stability Patterns at the Boundaries
|
|
46
|
+
|
|
47
|
+
Every remote call gets the basics — this is where most real-world resilience
|
|
48
|
+
lives, not in exotic infrastructure:
|
|
49
|
+
|
|
50
|
+
- **Timeouts on everything** (the default infinite timeout is the root cause
|
|
51
|
+
of most cascades), sized from the caller's budget, not the callee's average.
|
|
52
|
+
- **Retries with exponential backoff + jitter**, only on idempotent
|
|
53
|
+
operations, with a **retry budget** — naive retries turn a blip into a
|
|
54
|
+
self-inflicted DDoS (the retry storm).
|
|
55
|
+
- **Circuit breakers** on dependencies that can hang or flap — fail fast and
|
|
56
|
+
give the dependency room to recover.
|
|
57
|
+
- **Bulkheads** — isolate resource pools per dependency/tenant so one bad
|
|
58
|
+
citizen can't exhaust the shared thread/connection pool.
|
|
59
|
+
- **Load shedding & backpressure** — reject cheap and early at the edge when
|
|
60
|
+
saturated, prioritizing by request value; a queue that only grows is an
|
|
61
|
+
outage on layaway.
|
|
62
|
+
- **Graceful degradation** — decide *in advance* what turns off first: serve
|
|
63
|
+
stale cache, disable recommendations, queue writes. Degraded-but-usable is
|
|
64
|
+
the design goal; all-or-nothing is the anti-pattern.
|
|
65
|
+
- **Idempotency keys** on mutating endpoints — they're what make retries and
|
|
66
|
+
failover safe end to end.
|
|
67
|
+
|
|
68
|
+
### Step 4: Design Recovery for Data — Backups Are a Hypothesis
|
|
69
|
+
|
|
70
|
+
A backup that has never been restored is a hope, not a plan:
|
|
71
|
+
|
|
72
|
+
- Automate backups to match the RPO; keep at least one copy isolated from the
|
|
73
|
+
blast radius (other account/region; immutable/offline for ransomware-class
|
|
74
|
+
events).
|
|
75
|
+
- **Test restores on a schedule** — a real restore into a real environment,
|
|
76
|
+
timed against the RTO, verified for integrity. The restore test failing in
|
|
77
|
+
a drill is a gift; failing during an incident is the disaster.
|
|
78
|
+
- Remember correlated data failure: replication is not backup (it replicates
|
|
79
|
+
the corruption); point-in-time recovery covers the bad-deploy-wrote-garbage
|
|
80
|
+
case.
|
|
81
|
+
|
|
82
|
+
### Step 5: Verify with Experiments — Chaos, Then Game Days
|
|
83
|
+
|
|
84
|
+
Untested failover fails over nothing. Prove the Step-3/4 mechanisms:
|
|
85
|
+
|
|
86
|
+
- **Chaos experiments**: hypothesis-driven ("if we kill one API pod, error
|
|
87
|
+
rate stays < 0.1%"), smallest blast radius first, in staging before
|
|
88
|
+
production, always with an abort switch and observability watching. Start
|
|
89
|
+
embarrassingly small — kill one instance, add 200ms latency to one
|
|
90
|
+
dependency — most systems fail the small test first.
|
|
91
|
+
- **Game days**: rehearse the human half — a scenario ("region us-east is
|
|
92
|
+
gone", "restore yesterday's DB"), the on-call team executing the real
|
|
93
|
+
runbooks, a timer against RTO. Findings feed runbook and design fixes, and
|
|
94
|
+
the loop repeats. This is also how `incident-response` gets practiced before
|
|
95
|
+
it's needed.
|
|
96
|
+
|
|
97
|
+
### Step 6: Close the Loop
|
|
98
|
+
|
|
99
|
+
Every real incident and every drill updates the Step-1 failure-mode list (was
|
|
100
|
+
this mode known? why not?), the patterns, and the runbooks — via
|
|
101
|
+
`retrospective` post-mortems. Resilience is a cycle, not a milestone: new
|
|
102
|
+
dependencies arrive with default-infinite timeouts every sprint.
|
|
103
|
+
|
|
104
|
+
## Principles Applied
|
|
105
|
+
|
|
106
|
+
- **Slow is worse than dead**: hung dependencies cascade; timeouts and
|
|
107
|
+
breakers convert hangs into fast, handleable failures.
|
|
108
|
+
- **RTO/RPO before mechanism**: pick the numbers first — they select the
|
|
109
|
+
design and the budget honestly.
|
|
110
|
+
- **Tested or theoretical**: failover, restores, and degradation paths count
|
|
111
|
+
only after they've run — in a drill or in anger.
|
|
112
|
+
|
|
113
|
+
## Cross-Skill References
|
|
114
|
+
|
|
115
|
+
- `observability-design` — the SLOs, alerting, and dashboards that detect failure
|
|
116
|
+
- `incident-response` — executing under fire what this skill rehearses in peace
|
|
117
|
+
- `rollback-strategy` — the deploy-level undo; this skill covers system-level failure
|
|
118
|
+
- `architecture-design` — recording redundancy/DR trade-offs as ADRs
|
|
119
|
+
- `containerization` / `infrastructure-as-code` — where health checks, pod
|
|
120
|
+
disruption budgets, and multi-AZ topology get implemented
|
|
121
|
+
- `retrospective` — turning incidents and game-day findings into fixes
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "resilience-engineering",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Our e-commerce platform runs on one Postgres instance, a Node API, and Redis, all in a single AWS availability zone. Leadership asked: 'what happens if AWS has a bad day?' Design our resilience strategy.",
|
|
7
|
+
"expected_output": "Runs failure-mode analysis per dependency (down/slow/partial/data-corruption, single points of failure), sets explicit targets first (availability tier, RTO/RPO per store) noting cost scales with the numbers, applies stability patterns at boundaries (timeouts, retries with backoff+jitter on idempotent ops, circuit breakers, graceful degradation deciding in advance what turns off), designs data recovery (automated backups, isolated copy, scheduled restore tests), and proposes verification via small chaos experiments and a game day rather than declaring the design done",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Performs failure-mode analysis across the dependencies, covering slow/partial failures and data corruption — not just total outage — and identifies single points of failure",
|
|
10
|
+
"Sets explicit RTO/RPO and availability targets before choosing mechanisms, noting that cost scales with the targets (backups vs standby vs multi-AZ/region)",
|
|
11
|
+
"Applies concrete stability patterns: timeouts, retries with backoff and jitter (idempotent only), circuit breakers, and pre-decided graceful degradation",
|
|
12
|
+
"Treats backups as unproven until restored — schedules restore testing and keeps a copy isolated from the blast radius",
|
|
13
|
+
"Proposes verifying with chaos experiments (hypothesis-driven, small blast radius) and/or a game day rehearsing the runbooks"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "We already have retries everywhere — every service retries failed calls 5 times. Last month a 30-second blip in our auth service somehow became a 45-minute full-platform outage. Make us more resilient.",
|
|
19
|
+
"expected_output": "Diagnoses the retry storm / cascade: unbudgeted retries amplified load (5 retries per hop compound multiplicatively across the chain), likely no timeouts or breakers so threads piled onto a hung dependency; prescribes retry budgets, exponential backoff with jitter, idempotency checks, circuit breakers to fail fast, load shedding at the edge, and bulkheads to contain blast radius — showing that MORE retrying is the opposite of resilience here",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Identifies the naive retries as an amplifier (retry storm / cascading failure), including how retries compound across call-chain hops",
|
|
22
|
+
"Recommends retry budgets and exponential backoff with jitter, restricted to idempotent operations, instead of fixed retry counts",
|
|
23
|
+
"Adds circuit breakers and timeouts so a hung or flapping dependency fails fast instead of tying up resources",
|
|
24
|
+
"Recommends load shedding/backpressure and/or bulkheads to contain the blast radius of a degraded dependency",
|
|
25
|
+
"Frames the fix as controlling and bounding retries — explicitly countering the assumption that more retrying equals more resilience"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "Production is down RIGHT NOW — the primary database failed over but the app servers are still erroring and customers can't check out. What do we do?",
|
|
31
|
+
"expected_output": "Recognizes an active incident under time pressure — hands off to incident-response for triage/mitigation/comms rather than starting a peacetime resilience design; may note that post-recovery, the failure feeds back into failure-mode analysis and a game-day-style review via retrospective",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes this as an active production incident, not a resilience design exercise",
|
|
34
|
+
"Refers to the incident-response skill/workflow for triage, mitigation, and communication",
|
|
35
|
+
"Does not respond with a peacetime workflow (failure-mode analysis, chaos experiments, DR design) as the immediate answer",
|
|
36
|
+
"States or implies the boundary: resilience-engineering is peacetime design and rehearsal; incident-response handles the live fire (with learnings looping back afterward)"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: security-audit
|
|
3
|
-
description: "Comprehensive security analysis — OWASP Top 10, auth/authz flows, injection vulnerabilities, data exposure, secrets detection, dependency CVEs, hardening recommendations. Triggers: security audit, vulnerability, is this secure, security review, pentest prep, OWASP, harden this, check for vulnerabilities, injection, XSS, CSRF, auth security."
|
|
3
|
+
description: "Comprehensive security analysis — OWASP Top 10, auth/authz flows, injection vulnerabilities, data exposure, secrets detection, dependency CVEs, hardening recommendations. Triggers: security audit, vulnerability, is this secure, security review, pentest prep, OWASP, harden this, check for vulnerabilities, injection, XSS, CSRF, auth security. Reviews EXISTING code/config — design-time analysis of a system not yet built → threat-modeling."
|
|
4
4
|
model: opus
|
|
5
5
|
allowed-tools: Read, Grep, Glob, Write, Edit, WebFetch, WebSearch
|
|
6
6
|
---
|
|
@@ -11,7 +11,7 @@ Perform a structured security assessment of an application. This skill goes far
|
|
|
11
11
|
|
|
12
12
|
## Scope Boundary
|
|
13
13
|
|
|
14
|
-
This skill analyzes code, configuration, and architecture for security vulnerabilities through static analysis and design review. It does not replace penetration testing, but it prepares code for one by catching the issues a pentester would find.
|
|
14
|
+
This skill analyzes code, configuration, and architecture for security vulnerabilities through static analysis and design review. It does not replace penetration testing, but it prepares code for one by catching the issues a pentester would find. It is the *reactive* half of the pair: for design-time analysis of a system that isn't built yet (trust boundaries, STRIDE, abuse cases), use `threat-modeling` — and when a threat model exists, use it as this audit's checklist.
|
|
15
15
|
|
|
16
16
|
## ⛔ The Iron Law
|
|
17
17
|
|
|
@@ -87,7 +87,9 @@ installed skill by name, regardless of role.
|
|
|
87
87
|
## Catalog by SDLC phase
|
|
88
88
|
|
|
89
89
|
### Plan & Define
|
|
90
|
+
- **brainstorming** — divergent Socratic ideation *before* a spec exists; opens options, then hands off
|
|
90
91
|
- **feature-planning** — break a feature into scoped tasks, acceptance criteria, dependencies
|
|
92
|
+
- **build-vs-buy** — build in-house vs vendor/SaaS vs adopt OSS: TCO, lock-in, exit costs
|
|
91
93
|
- **prd-writing** — write a PRD / RFC / tech spec to align on the WHAT and WHY
|
|
92
94
|
- **project-proposal** — business case / budget / go-no-go before a project starts
|
|
93
95
|
- **strategic-review** — vision, positioning, defensible wedge, live competitive/market analysis before going public
|
|
@@ -102,14 +104,19 @@ installed skill by name, regardless of role.
|
|
|
102
104
|
- **ui-ux-design** — user flows, wireframes, loading/error/empty states, responsive
|
|
103
105
|
- **frontend-architecture** — component hierarchy, state management, design tokens
|
|
104
106
|
- **accessibility-design** — WCAG, ARIA, keyboard nav, focus, screen readers
|
|
107
|
+
- **threat-modeling** — design-time security: trust boundaries, STRIDE, abuse cases, mitigations
|
|
108
|
+
- **compliance-privacy** — GDPR/SOC 2 obligations: data mapping, retention/deletion, DSRs, controls
|
|
105
109
|
- **configuration-strategy** — env config, secrets management, feature-flag hierarchy
|
|
106
110
|
- **dependency-impact-analysis** — blast radius of a change *before* implementing
|
|
107
111
|
- **dependency-management** — evaluate, audit (CVEs), and upgrade libraries
|
|
108
112
|
|
|
109
113
|
### Build & Test
|
|
114
|
+
- **plan-execution** — execute an APPROVED plan: checkpoints, verification evidence, drift → re-plan
|
|
110
115
|
- **tdd-workflow** — NEW code, test-first, red-green-refactor
|
|
111
116
|
- **test-suite-design** — add tests to EXISTING code, coverage strategy
|
|
112
117
|
- **test-data-strategy** — factories, synthetic data, property-based, contract testing
|
|
118
|
+
- **browser-verification** — drive the real UI to prove a web change works: console/network/state evidence
|
|
119
|
+
- **subagent-orchestration** — fan work out across subagents/worktrees; verify and synthesize results
|
|
113
120
|
- **git-workflow** — commit messages, PR descriptions, branching strategy
|
|
114
121
|
- **project-documentation** — README, contributing guide, changelog, docstrings
|
|
115
122
|
|
|
@@ -120,6 +127,8 @@ installed skill by name, regardless of role.
|
|
|
120
127
|
- **refactoring** — systematic, test-protected code improvement
|
|
121
128
|
- **technical-debt-review** — codebase health, hotspots, remediation roadmap
|
|
122
129
|
- **project-review** — whole-project execution health: scope alignment, roadmap adherence, implementation maturity, evidence-it-works
|
|
130
|
+
- **code-archaeology** — understand unfamiliar/legacy code first: history mining, tracing, characterization tests
|
|
131
|
+
- **dx-audit** — developer-experience audit: feedback loops, CI wait, flakes, onboarding, tooling friction
|
|
123
132
|
|
|
124
133
|
### Diagnose & Fix
|
|
125
134
|
- **bug-investigating** — systematic debugging, reproduce → isolate → hypothesize → verify
|
|
@@ -129,27 +138,45 @@ installed skill by name, regardless of role.
|
|
|
129
138
|
- **rollback-strategy** — safe rollback plans, irreversible-change detection
|
|
130
139
|
- **containerization** — Dockerfiles, docker-compose, Kubernetes manifests
|
|
131
140
|
- **cicd-pipeline** — CI/CD pipelines, quality gates (GitHub Actions, GitLab CI)
|
|
141
|
+
- **release-management** — semver, changelog, tagging, publish gates, registry publishing, release automation (right-sized to the project)
|
|
132
142
|
- **infrastructure-as-code** — Terraform, CloudFormation, Pulumi, CDK
|
|
133
143
|
- **deployment-repo** — GitOps polyrepo orchestration, version pinning, promotion
|
|
134
144
|
- **gitops-delivery** — ArgoCD / Flux declarative delivery, drift detection
|
|
135
145
|
- **observability-design** — SLI/SLO/SLA, OpenTelemetry, structured logging, alerting
|
|
146
|
+
- **resilience-engineering** — failure modes, stability patterns, chaos experiments, DR/RTO/RPO, game days
|
|
147
|
+
- **finops-cost-optimization** — cloud spend: allocation, unit economics, rightsizing, commitments, egress
|
|
136
148
|
- **incident-response** — ACTIVE production incident: triage, mitigate, communicate
|
|
137
149
|
|
|
150
|
+
### Mobile
|
|
151
|
+
- **mobile-architecture** — platform choice, navigation, offline-first/sync, state, push, fleet constraints
|
|
152
|
+
- **mobile-release** — signing, store review, staged rollouts, no-rollback playbook, beta channels
|
|
153
|
+
|
|
138
154
|
### Reflect
|
|
139
155
|
- **retrospective** — sprint retros, project / incident post-mortems, action items
|
|
140
156
|
|
|
141
157
|
### MLOps
|
|
142
|
-
- **ml-pipeline-design** — training &
|
|
158
|
+
- **ml-pipeline-design** — ML training & feature pipelines, point-in-time correctness, orchestration
|
|
143
159
|
- **ml-experiment-tracking** — MLflow / W&B / DVC, run comparison, reproducibility
|
|
144
160
|
- **ml-model-deployment** — serving, monitoring, drift detection, safe rollouts
|
|
145
161
|
|
|
162
|
+
### AI / LLM Apps
|
|
163
|
+
- **llm-app-engineering** — prompt/context engineering, RAG architecture, agent design, memory
|
|
164
|
+
- **ai-evaluation** — golden datasets, RAG metrics, LLM-as-judge design, eval gates in CI, online A/B
|
|
165
|
+
|
|
166
|
+
### Data Engineering
|
|
167
|
+
- **data-pipeline-design** — batch/streaming ELT, dbt layering, Airflow/Dagster, idempotency, backfill
|
|
168
|
+
- **data-quality** — dbt tests, expectations, data contracts, freshness, lineage / blast radius
|
|
169
|
+
|
|
146
170
|
## Golden Path workflow chains
|
|
147
171
|
|
|
148
172
|
When work spans phases, chain skills rather than improvising:
|
|
149
173
|
|
|
150
174
|
**New feature**
|
|
151
|
-
`
|
|
152
|
-
(if
|
|
175
|
+
`brainstorming` (if the idea is still fuzzy) → `feature-planning` →
|
|
176
|
+
`architecture-design` (if structural) → `data-modeling` (if schema) →
|
|
177
|
+
`threat-modeling` (if new trust boundaries) → `plan-execution` (work the
|
|
178
|
+
approved plan; wraps `tdd-workflow` per task) → `code-reviewing` →
|
|
179
|
+
`deployment-checklist`
|
|
153
180
|
|
|
154
181
|
**Bug / incident**
|
|
155
182
|
`incident-response` (if prod is down) → `bug-investigating` → `tdd-workflow`
|
|
@@ -159,6 +186,22 @@ When work spans phases, chain skills rather than improvising:
|
|
|
159
186
|
`technical-debt-review` → `refactoring` → `dependency-impact-analysis`
|
|
160
187
|
(blast radius) → `test-suite-design` (if coverage is thin)
|
|
161
188
|
|
|
189
|
+
**Ship a release**
|
|
190
|
+
`git-workflow` (commits carry the bump intent) → `release-management` (version,
|
|
191
|
+
changelog, tag, publish gate, registry) → `deployment-checklist` (if it deploys) →
|
|
192
|
+
`rollback-strategy`. `cicd-pipeline` automates the gate as a pipeline stage.
|
|
193
|
+
App-store releases (signing, review, staged rollout) → `mobile-release`.
|
|
194
|
+
|
|
195
|
+
**LLM feature**
|
|
196
|
+
`feature-planning` → `llm-app-engineering` (prompt/RAG/agent design) →
|
|
197
|
+
`ai-evaluation` (golden set, judge, CI gate) → `deployment-checklist`.
|
|
198
|
+
`ml-model-deployment` joins when serving your own model.
|
|
199
|
+
|
|
200
|
+
**Analytics / data pipeline**
|
|
201
|
+
`data-pipeline-design` (ELT, layering, orchestration) → `data-modeling`
|
|
202
|
+
(marts schema) → `data-quality` (tests, contracts, freshness) →
|
|
203
|
+
`observability-design` (pipeline SLOs, alerting).
|
|
204
|
+
|
|
162
205
|
**Pre-public / pre-milestone review**
|
|
163
206
|
`strategic-review` (vision, positioning, market) → `project-review` (scope,
|
|
164
207
|
roadmap, implementation, evidence) → synthesis → `artifact-design` (interactive
|