swe-workflow-skills 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (74) hide show
  1. package/README.md +58 -17
  2. package/VERSION +1 -1
  3. package/catalog.json +113 -8
  4. package/commands/role.md +14 -2
  5. package/install.mjs +23 -3
  6. package/package.json +2 -2
  7. package/roles.json +72 -7
  8. package/scripts/resolve.mjs +8 -3
  9. package/skills/ai-evaluation/SKILL.md +112 -0
  10. package/skills/ai-evaluation/evals/evals.json +40 -0
  11. package/skills/ai-evaluation/references/eval-tooling.md +63 -0
  12. package/skills/architecture-design/SKILL.md +3 -1
  13. package/skills/brainstorming/SKILL.md +92 -0
  14. package/skills/brainstorming/evals/evals.json +40 -0
  15. package/skills/browser-verification/SKILL.md +95 -0
  16. package/skills/browser-verification/evals/evals.json +40 -0
  17. package/skills/build-vs-buy/SKILL.md +109 -0
  18. package/skills/build-vs-buy/evals/evals.json +40 -0
  19. package/skills/cicd-pipeline/SKILL.md +1 -0
  20. package/skills/code-archaeology/SKILL.md +103 -0
  21. package/skills/code-archaeology/evals/evals.json +41 -0
  22. package/skills/code-reviewing/SKILL.md +13 -3
  23. package/skills/compliance-privacy/SKILL.md +113 -0
  24. package/skills/compliance-privacy/evals/evals.json +41 -0
  25. package/skills/compliance-privacy/references/obligations-map.md +69 -0
  26. package/skills/data-pipeline-design/SKILL.md +116 -0
  27. package/skills/data-pipeline-design/evals/evals.json +41 -0
  28. package/skills/data-pipeline-design/references/orchestration.md +64 -0
  29. package/skills/data-quality/SKILL.md +107 -0
  30. package/skills/data-quality/evals/evals.json +39 -0
  31. package/skills/data-quality/references/tooling.md +45 -0
  32. package/skills/deployment-checklist/SKILL.md +2 -1
  33. package/skills/dx-audit/SKILL.md +97 -0
  34. package/skills/dx-audit/evals/evals.json +40 -0
  35. package/skills/effort-estimation/SKILL.md +24 -67
  36. package/skills/exploratory-data-analysis/SKILL.md +110 -0
  37. package/skills/exploratory-data-analysis/evals/evals.json +43 -0
  38. package/skills/feature-planning/SKILL.md +5 -1
  39. package/skills/finops-cost-optimization/SKILL.md +109 -0
  40. package/skills/finops-cost-optimization/evals/evals.json +40 -0
  41. package/skills/git-workflow/SKILL.md +31 -14
  42. package/skills/llm-app-engineering/SKILL.md +102 -0
  43. package/skills/llm-app-engineering/evals/evals.json +40 -0
  44. package/skills/llm-app-engineering/references/patterns.md +70 -0
  45. package/skills/ml-experiment-tracking/SKILL.md +1 -1
  46. package/skills/ml-pipeline-design/SKILL.md +8 -2
  47. package/skills/ml-pipeline-design/evals/evals.json +10 -0
  48. package/skills/mobile-architecture/SKILL.md +106 -0
  49. package/skills/mobile-architecture/evals/evals.json +40 -0
  50. package/skills/mobile-release/SKILL.md +109 -0
  51. package/skills/mobile-release/evals/evals.json +41 -0
  52. package/skills/notebook-to-production/SKILL.md +89 -0
  53. package/skills/notebook-to-production/evals/evals.json +42 -0
  54. package/skills/plan-execution/SKILL.md +115 -0
  55. package/skills/plan-execution/evals/evals.json +55 -0
  56. package/skills/project-documentation/SKILL.md +8 -1
  57. package/skills/project-review/SKILL.md +13 -3
  58. package/skills/release-management/SKILL.md +97 -0
  59. package/skills/release-management/evals/evals.json +56 -0
  60. package/skills/release-management/references/release-tooling.md +106 -0
  61. package/skills/resilience-engineering/SKILL.md +121 -0
  62. package/skills/resilience-engineering/evals/evals.json +40 -0
  63. package/skills/security-audit/SKILL.md +14 -3
  64. package/skills/skill-router/SKILL.md +57 -4
  65. package/skills/statistical-analysis/SKILL.md +93 -0
  66. package/skills/statistical-analysis/evals/evals.json +43 -0
  67. package/skills/strategic-review/SKILL.md +16 -2
  68. package/skills/subagent-orchestration/SKILL.md +100 -0
  69. package/skills/subagent-orchestration/evals/evals.json +40 -0
  70. package/skills/technical-debt-review/SKILL.md +12 -2
  71. package/skills/threat-modeling/SKILL.md +101 -0
  72. package/skills/threat-modeling/evals/evals.json +40 -0
  73. package/skills/threat-modeling/references/stride-mitigations.md +90 -0
  74. package/skills/writing-skills/SKILL.md +48 -16
@@ -0,0 +1,116 @@
1
+ ---
2
+ name: data-pipeline-design
3
+ description: "Design batch and streaming data pipelines — ELT into a warehouse/lakehouse, dbt and analytics engineering (staging/intermediate/marts layers), orchestration with Airflow or Dagster, idempotent loads, incremental models, backfills, CDC ingestion. Triggers: data pipeline, ELT, ETL, dbt models, data warehouse, Snowflake, BigQuery, ingest into the warehouse, Airflow DAG, Dagster, Kafka streaming, backfill, incremental load, nightly job duplicates rows. ML training/feature pipelines → ml-pipeline-design; validating the data → data-quality."
4
+ model: opus
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # Data Pipeline Design
9
+
10
+ Design pipelines that move and transform data for analytics — and stay correct
11
+ when they fail, rerun, and backfill, because they will. The two design
12
+ properties that separate a pipeline from a script: **idempotency** (any run can
13
+ be repeated safely) and **parameterization** (any time window can be processed
14
+ by the same code). Boundaries: pipelines feeding *model training* (features,
15
+ point-in-time correctness) belong to `ml-pipeline-design`; *validating* the
16
+ data this pipeline moves belongs to `data-quality`.
17
+
18
+ ## Workflow
19
+
20
+ ### Step 1: Map Sources, Consumers, and Freshness
21
+
22
+ List each source (databases, SaaS APIs, event streams), each consumer
23
+ (dashboards, reverse ETL, downstream teams), and the freshness each consumer
24
+ actually needs. Freshness drives everything: daily batch is an order of
25
+ magnitude cheaper to build and operate than streaming — don't buy streaming
26
+ because "real-time" sounds better; buy it when a consumer decision genuinely
27
+ changes within minutes.
28
+
29
+ ### Step 2: Choose ELT (and Say Why)
30
+
31
+ For a cloud warehouse (Snowflake, BigQuery, Redshift, Databricks), default to
32
+ **ELT**: land raw data unchanged, transform inside the warehouse with SQL/dbt.
33
+ The reasons are operational, not fashionable — raw history means transform bugs
34
+ are fixed by *re-running transforms*, not re-extracting from sources; the
35
+ warehouse scales the compute; transformations become versioned, testable SQL.
36
+ Classic ETL survives where data must be cleaned/redacted before it may land
37
+ (PII, compliance) or the target isn't a warehouse.
38
+
39
+ ### Step 3: Don't Hand-Roll Extraction
40
+
41
+ Ingestion is undifferentiated heavy lifting with long tail of pain (API
42
+ pagination, rate limits, schema changes, backpressure):
43
+
44
+ - **SaaS/DB sources**: managed or open connectors first — Fivetran/Airbyte/dlt.
45
+ Hand-write only when no connector exists or volume/cost forces it.
46
+ - **Operational DBs at scale**: CDC (Debezium or the warehouse-native
47
+ equivalent) instead of daily full dumps or fragile `updated_at` queries.
48
+ - **Events**: land the stream (Kafka → object storage/warehouse) raw; process
49
+ micro-batch unless Step 1 proved sub-minute freshness is needed.
50
+
51
+ ### Step 4: Layer the Transforms (dbt)
52
+
53
+ - **Staging** — 1:1 with sources: rename, cast, deduplicate. No business logic.
54
+ - **Intermediate** — joins and business logic, composable, not exposed to BI.
55
+ - **Marts** — consumer-facing facts/dimensions, one per business domain.
56
+
57
+ Each layer only reads from the one below; BI tools read only marts. This is
58
+ SRP for SQL: when a number is wrong, the layer tells you where to look. Schema
59
+ design for the marts themselves is `data-modeling`'s domain.
60
+
61
+ ### Step 5: Make Every Run Idempotent
62
+
63
+ The Iron Rule of pipelines: **a rerun must produce the same result as one
64
+ run.** Append-only loads fail this and produce the classic duplicate-rows-
65
+ after-retry incident. Choose a write pattern per table:
66
+
67
+ - **Delete + insert by partition** (or `INSERT OVERWRITE`): simplest, right
68
+ default for date-partitioned facts.
69
+ - **Merge/upsert on a unique key**: for mutable entities and late updates —
70
+ requires a true unique key (enforce it via `data-quality` tests).
71
+ - **Full refresh**: fine while small; flip to incremental on cost, not pride.
72
+
73
+ In dbt: `incremental` materialization with `unique_key` set — and always define
74
+ the full-refresh path (`--full-refresh` must work, or you can't recover from a
75
+ logic bug).
76
+
77
+ ### Step 6: Parameterize Time — Backfill Is a First-Class Case
78
+
79
+ Every run processes an explicit **logical window** passed in by the
80
+ orchestrator (`WHERE event_date = {{ ds }}`) — never `CURRENT_DATE - 1` inside
81
+ the SQL, which makes yesterday's failure unreproducible today. Then backfill is
82
+ not a special script: it's the same job over a range, natively supported by
83
+ the orchestrator (Airflow `backfill`, Dagster partitioned assets). If
84
+ backfilling means hand-editing dates, Steps 5–6 were skipped.
85
+
86
+ Handle **late-arriving data** explicitly: reprocess a trailing lookback window
87
+ (e.g. the last 3 days) each run, or track a watermark — pick per source based
88
+ on how late its data actually arrives.
89
+
90
+ ### Step 7: Orchestrate and Operate
91
+
92
+ Pick **one** orchestrator and make a recommendation, not a brochure: Dagster
93
+ for a dbt-centric greenfield stack (asset/partition model matches warehouse
94
+ thinking, first-class dbt integration); Airflow where the org already runs it
95
+ or needs its ecosystem breadth (comparison and managed options:
96
+ [references/orchestration.md](references/orchestration.md)). Then wire in
97
+ operations: retries with alerting on final failure (`observability-design`),
98
+ quality checks between layers (`data-quality`), and cost visibility per model —
99
+ warehouses make it very easy to spend quietly.
100
+
101
+ ## Principles Applied
102
+
103
+ - **KISS**: batch over streaming, connectors over custom extractors, SQL over
104
+ a framework — until a measured requirement says otherwise.
105
+ - **DRY**: one parameterized job for daily runs *and* backfills; logic lives
106
+ once, in the transform layer, not copied into extraction scripts.
107
+ - **YAGNI**: no lakehouse/streaming/metadata-platform buildout for a stack
108
+ whose consumers refresh dashboards daily.
109
+
110
+ ## Cross-Skill References
111
+
112
+ - `data-quality` — tests, contracts, and freshness checks between the layers
113
+ - `data-modeling` — the schema design of the marts this pipeline produces
114
+ - `ml-pipeline-design` — when the consumer is model training, not BI
115
+ - `observability-design` — pipeline SLOs, alerting, run-level monitoring
116
+ - `architecture-design` — ADRs for the costly-to-reverse platform choices
@@ -0,0 +1,41 @@
1
+ {
2
+ "skill_name": "data-pipeline-design",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "We need to get data from Postgres and Stripe into Snowflake for BI dashboards. Design the pipeline — the team is considering dbt plus Airflow or Dagster.",
7
+ "expected_output": "Designs an ELT pipeline: extraction/connector choice for both sources, raw load into Snowflake, dbt layering (staging → intermediate → marts), a reasoned Airflow-vs-Dagster recommendation, idempotent incremental models, and a backfill story — not just the initial full load",
8
+ "assertions": [
9
+ "Recommends ELT (load raw, transform in-warehouse) and explains why it fits a Snowflake + dbt stack",
10
+ "Designs dbt layering: raw/staging models, intermediate transformations, and marts for BI consumption",
11
+ "Makes a reasoned orchestrator recommendation (Airflow vs Dagster) instead of listing both neutrally",
12
+ "Designs for idempotency: reruns must not duplicate or corrupt data (incremental models with unique keys, merge or delete+insert patterns)",
13
+ "Covers incremental loading and a backfill strategy (parameterized date ranges or partitions), not just the initial full load",
14
+ "Addresses extraction from the sources concretely (managed connector such as Fivetran/Airbyte/dlt, or CDC) rather than hand-waving ingestion"
15
+ ]
16
+ },
17
+ {
18
+ "id": 2,
19
+ "prompt": "Our nightly job loads yesterday's orders into the warehouse. When it fails midway and we rerun it, we get duplicate rows — and backfilling last month means manually editing the date in the script 30 times. Fix the design.",
20
+ "expected_output": "Identifies the non-idempotent append-only load as the root cause; converts the job to an idempotent write pattern (delete+insert by partition, merge/upsert on a key, or partition overwrite) parameterized over a logical date, so backfill becomes running the same job over a range via the orchestrator — with a lookback window for late-arriving data",
21
+ "assertions": [
22
+ "Identifies the root cause as a non-idempotent, append-only load",
23
+ "Proposes an idempotent write pattern: delete+insert by partition, merge/upsert on a unique key, or partition-overwrite semantics",
24
+ "Parameterizes the run over a logical date/window so any day can be run or re-run identically (backfill = the same job over a range)",
25
+ "Recommends orchestrator-native backfill (or an equivalent parameterized range run) over hand-edited scripts",
26
+ "Considers late-arriving or corrected data (lookback window, watermark, or reprocessing policy), not just the happy path"
27
+ ]
28
+ },
29
+ {
30
+ "id": 3,
31
+ "prompt": "Design the data pipeline that produces training features for our churn model — we need point-in-time correct features and a training set refreshed weekly.",
32
+ "expected_output": "Recognizes this as an ML training/feature pipeline, not analytics ELT — hands off to ml-pipeline-design, flagging point-in-time correctness/leakage as the ML-specific concern that a BI-oriented warehouse design does not address",
33
+ "assertions": [
34
+ "Recognizes this is an ML training/feature pipeline, not an analytics/BI ELT pipeline",
35
+ "Refers to the ml-pipeline-design skill for feature engineering and training orchestration",
36
+ "Flags point-in-time correctness / data leakage as the ML-specific concern that distinguishes this from BI work",
37
+ "Does not answer with a BI-oriented warehouse/dbt marts design as the primary solution"
38
+ ]
39
+ }
40
+ ]
41
+ }
@@ -0,0 +1,64 @@
1
+ # Orchestration — Choosing and Using the Scheduler
2
+
3
+ Versions and managed offerings change; check current docs before committing.
4
+ The selection logic is stable.
5
+
6
+ ## Airflow vs Dagster vs the rest
7
+
8
+ | | Airflow | Dagster |
9
+ |---|---|---|
10
+ | Mental model | Tasks in a DAG; scheduler runs tasks | Software-defined **assets** (tables/files) with partitions; runs materialize assets |
11
+ | dbt integration | Via operators (Cosmos et al.) — workable | First-class: each dbt model becomes an asset with its own lineage/partitions |
12
+ | Backfill | `airflow backfill` over execution dates | Partitioned assets — backfill = materialize missing partitions, UI-native |
13
+ | Ecosystem | Enormous (every provider has an operator); huge hiring pool | Younger, smaller, growing; strong local dev experience |
14
+ | Managed | MWAA (AWS), Cloud Composer (GCP), Astronomer | Dagster+ |
15
+
16
+ Recommendation logic:
17
+
18
+ - **Greenfield, warehouse/dbt-centric** → Dagster. The asset+partition model
19
+ *is* Steps 5–6 of the skill (idempotent, parameterized, backfillable) encoded
20
+ in the orchestrator; you fight the framework less.
21
+ - **Org already runs Airflow, or the pipeline is mostly "call these seven
22
+ systems in order"** → Airflow. Operational familiarity and operator breadth
23
+ beat elegance; don't run two orchestrators for one team.
24
+ - **All-in on one vendor stack** → the platform-native option (Databricks
25
+ Workflows, Snowflake Tasks) is acceptable glue; you trade portability.
26
+ - **Cron + a queue** is fine for one or two jobs — adopt an orchestrator when
27
+ you need dependencies, backfill, and retry visibility, which is usually at
28
+ the third job.
29
+
30
+ Whatever the choice: schedules trigger *logical windows*, tasks are
31
+ idempotent, retries are bounded and alert on final failure, and secrets come
32
+ from the platform's secret backend (`configuration-strategy`), never DAG code.
33
+
34
+ ## Ingestion tool notes
35
+
36
+ - **Fivetran**: managed, broadest connector catalog, per-row pricing that gets
37
+ real at volume. Buy when engineer time is the scarce resource.
38
+ - **Airbyte**: open-source + cloud; connector quality varies — test the
39
+ specific connectors you need, especially for incremental correctness.
40
+ - **dlt**: Python library, connectors-as-code, great for API sources a
41
+ framework doesn't cover; you own the runtime.
42
+ - **CDC (Debezium / native)**: when daily snapshots lose intermediate states
43
+ or full dumps are too heavy. Operationally nontrivial (snapshotting, schema
44
+ evolution, tombstones) — budget for it.
45
+
46
+ ## Streaming — only after Step 1 says so
47
+
48
+ - Micro-batch (5–15 min) covers most "real-time" dashboard asks at batch-like
49
+ complexity; genuine streaming (Flink, Spark Structured Streaming,
50
+ Materialize) is for operational decisions made in seconds-to-minutes.
51
+ - Streaming reintroduces every hard problem batch solved for you: exactly-once
52
+ vs at-least-once delivery, watermarks for late events, state management,
53
+ replay. Idempotent sinks (merge on key) make at-least-once livable — design
54
+ the sink first.
55
+ - Keep the raw stream landed to cheap storage regardless; it's your backfill
56
+ and reprocessing escape hatch.
57
+
58
+ ## Warehouse cost hygiene
59
+
60
+ - Tag/attribute compute per model or job from day one (dbt does this cheaply).
61
+ - Incremental models exist for cost as much as latency — flip when a full
62
+ refresh's bill, not its runtime, annoys you.
63
+ - Watch for accidental cross-joins and full scans in staging layers; the
64
+ warehouse will happily execute them nightly forever.
@@ -0,0 +1,107 @@
1
+ ---
2
+ name: data-quality
3
+ description: "Keep warehouse and pipeline data trustworthy — dbt tests, expectations (Great Expectations/Soda), data contracts with upstream producers, source freshness, schema-drift and volume anomaly detection, lineage and blast radius, severity and alerting. Triggers: data quality, bad data in dashboards, data validation, dbt tests, data contract, schema drift, stale data, freshness check, duplicate rows, nulls in the warehouse, data lineage, data SLA, upstream schema change broke us. Generating test/synthetic data → test-data-strategy; schema design → data-modeling."
4
+ model: sonnet
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # Data Quality
9
+
10
+ Make bad data **loud**: caught at the boundary where it enters, blocking what
11
+ must not ship, alerting someone who owns the fix — instead of being discovered
12
+ by a stakeholder in a dashboard. Boundaries: *generating* fake/test data is
13
+ `test-data-strategy`; *designing* the schema is `data-modeling`; this skill
14
+ keeps the real data flowing through pipelines trustworthy.
15
+
16
+ ## Workflow
17
+
18
+ ### Step 1: Start From Incidents, Not Inventory
19
+
20
+ Don't blanket every column with tests. List the recent data incidents (wrong
21
+ dashboard numbers, silent breakage) and the tables where an error costs real
22
+ money or trust — revenue marts, ML features, anything an exec reads. Each
23
+ known symptom maps to a check: nulls → `not_null`, duplicates → `unique`,
24
+ staleness → freshness, broken joins → `relationships`. Wins from day one, and
25
+ the suite grows the same way tests do after bugs — every new incident adds a
26
+ check that would have caught it.
27
+
28
+ ### Step 2: Check at the Right Layer — Boundary First
29
+
30
+ Where a check runs matters as much as what it checks:
31
+
32
+ - **Ingestion boundary (sources)**: schema, freshness, volume, primary-key
33
+ integrity — catch bad inputs *before* transforms consume them. One failed
34
+ source check beats fifty downstream test failures at 6 a.m.
35
+ - **Transform layers (staging → marts)**: uniqueness/not-null on the grain of
36
+ each model, relationship tests on joins, accepted values on enums.
37
+ - **Consumer edge (marts/metrics)**: business-rule assertions — "revenue is
38
+ never negative", "row count within N% of the 7-day average".
39
+
40
+ In dbt this is: source `freshness` + source tests, generic tests on models
41
+ (`unique`, `not_null`, `relationships`, `accepted_values`), singular SQL tests
42
+ for business rules. Dedicated tools (Great Expectations, Soda) earn their keep
43
+ outside dbt-land or when non-engineers must own the rules:
44
+ [references/tooling.md](references/tooling.md).
45
+
46
+ ### Step 3: Assign Severity — What Blocks vs What Warns
47
+
48
+ A suite where everything fails the build gets muted within a month; a suite
49
+ where nothing blocks is decoration. Decide per check:
50
+
51
+ - **error** — data is unusable or contaminating (duplicate keys in a revenue
52
+ mart, failed contract at ingestion): the pipeline stops, downstream models
53
+ don't build on poisoned input.
54
+ - **warn** — degraded but usable (slightly stale, volume dip within reason):
55
+ alert, keep flowing.
56
+
57
+ dbt: `severity:` config with `error_if`/`warn_if` thresholds. Revisit
58
+ severities after each incident and each false alarm.
59
+
60
+ ### Step 4: Route Failures to an Owner
61
+
62
+ A failing check nobody sees is identical to no check. Every table (or domain)
63
+ has a named owner; alerts go where that owner works (Slack channel per domain,
64
+ pager only for `error`-severity on critical marts), and each alert says what
65
+ failed, on which table, and the blast radius (Step 5). Track
66
+ time-to-detection and time-to-fix for data incidents — that's the metric this
67
+ whole skill improves (`observability-design` for the SLO framing).
68
+
69
+ ### Step 5: Use Lineage to Scope Blast Radius
70
+
71
+ When a check fails, the first question is "what downstream is now wrong?" —
72
+ lineage (dbt's DAG, `dbt ls --select my_model+`, or a catalog tool) answers
73
+ which models, dashboards, and consumers sit downstream of the failure. Use it
74
+ to: prioritize fixes by consumer impact, notify affected dashboard owners
75
+ proactively, and decide what to rebuild after the fix. If you can't answer
76
+ "what breaks if this table is wrong?", invest in lineage before more checks.
77
+
78
+ ### Step 6: Contract the Upstream Boundary
79
+
80
+ Downstream tests detect what upstream producers break; **contracts prevent
81
+ it.** When an external team owns the source: agree schema + semantics + SLA
82
+ explicitly (a versioned artifact — dbt model contracts, JSON Schema/protobuf in
83
+ a registry), enforce at ingestion so violations fail loudly at entry, and shift
84
+ left — contract validation in the *producer's* CI, so a breaking rename fails
85
+ their build, not your 6 a.m. run. Breaking changes get a version bump and a
86
+ deprecation window, coordinated like an API change
87
+ (`dependency-impact-analysis` thinking, applied to data). Back it with
88
+ schema-drift detection and volume/distribution anomaly checks for what
89
+ enforcement can't see.
90
+
91
+ ## Principles Applied
92
+
93
+ - **YAGNI**: checks earn their place by a failure mode you've seen or can't
94
+ afford — blanket-testing every column produces alert fatigue, the failure
95
+ mode that kills quality programs.
96
+ - **Fail loudly at the boundary**: the cost of bad data grows with every layer
97
+ it flows through undetected.
98
+ - **DRY**: one contract at the source replaces N teams' defensive checks
99
+ against the same breakage.
100
+
101
+ ## Cross-Skill References
102
+
103
+ - `data-pipeline-design` — the pipeline these checks are embedded in
104
+ - `data-modeling` — constraints and grain the checks assert (unique keys exist by design)
105
+ - `test-data-strategy` — generating synthetic/fixture data for testing pipelines
106
+ - `observability-design` — alerting design, SLOs, avoiding alert fatigue
107
+ - `incident-response` — when bad data has already reached production consumers
@@ -0,0 +1,39 @@
1
+ {
2
+ "skill_name": "data-quality",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "Stakeholders keep finding bad numbers in our dashboards — null customer IDs, duplicated orders, and data that's a day stale. We're on dbt + Snowflake. Set up data quality checks.",
7
+ "expected_output": "Maps each symptom to a concrete check (not_null/unique dbt tests, source freshness), places checks at the ingestion boundary first and critical marts second, assigns severity (error blocks, warn alerts), routes failures to an owner, and uses lineage to scope which downstream models and dashboards a failure affects",
8
+ "assertions": [
9
+ "Maps each reported symptom to a concrete check: not_null/unique dbt tests for the IDs and duplicates, and source freshness checks for the staleness",
10
+ "Places checks at the right layers: the source/ingestion boundary first, then critical marts — not only on the final dashboards",
11
+ "Assigns severity levels (error vs warn) and defines what blocks the pipeline versus what only alerts",
12
+ "Sets up alerting and ownership so failures reach someone who acts, instead of failing silently",
13
+ "Uses lineage to scope blast radius — which downstream models or dashboards a failing check affects"
14
+ ]
15
+ },
16
+ {
17
+ "id": 2,
18
+ "prompt": "An upstream team owns the events we ingest and keeps renaming columns and changing types without telling us. Our pipeline breaks silently every few weeks. What should we put in place?",
19
+ "expected_output": "Proposes a producer/consumer data contract (schema, types, semantics, SLA) enforced at the ingestion boundary so violations fail loudly at entry; shifts validation left into the producer's CI or publish path; adds versioning/deprecation windows for breaking changes; and backstops enforcement with schema-drift and volume/distribution anomaly detection",
20
+ "assertions": [
21
+ "Proposes an explicit data contract between producer and consumer (schema, types, semantics, SLAs), not just more downstream tests",
22
+ "Enforces the schema at the ingestion boundary so violations fail loudly at entry instead of propagating silently",
23
+ "Shifts checks left: contract validation in the producer's CI or at publish time",
24
+ "Covers change management for breaking changes: contract versioning or a deprecation window",
25
+ "Adds detection for what enforcement misses: schema-drift alerts or anomaly checks on volume/distributions"
26
+ ]
27
+ },
28
+ {
29
+ "id": 3,
30
+ "prompt": "We need realistic but fake customer data to seed staging so QA can test the checkout flow — GDPR means we can't copy production.",
31
+ "expected_output": "Recognizes this as generating synthetic/test data, not validating production data — hands off to test-data-strategy (factories, synthetic generation, anonymization) rather than proposing expectations, contracts, or freshness checks",
32
+ "assertions": [
33
+ "Recognizes this is about generating test/synthetic data, not validating production data quality",
34
+ "Refers to the test-data-strategy skill for factories, synthetic data generation, and GDPR-safe anonymization",
35
+ "Does not answer with data-quality machinery (expectations, contracts, freshness checks) as the solution"
36
+ ]
37
+ }
38
+ ]
39
+ }
@@ -0,0 +1,45 @@
1
+ # Data Quality Tooling — Selection Notes
2
+
3
+ Tool capabilities shift quickly; verify against current docs. The placement
4
+ logic is stable.
5
+
6
+ ## Picking the enforcement layer
7
+
8
+ | Tool | Shape | Choose when |
9
+ |---|---|---|
10
+ | **dbt tests** | YAML generic tests + singular SQL tests, run with the transforms | You're already on dbt. Zero new infrastructure; tests version with the models; severity/thresholds built in. The default. |
11
+ | **dbt model contracts** | Enforced column names/types on a model; breaks the *producer's* build | A dbt model is consumed across team boundaries — the contract fails the producing project's CI, which is the shift-left goal. |
12
+ | **Great Expectations** | Python expectation suites + data docs, runs anywhere | Checks must run outside the warehouse/dbt (files, in-flight DataFrames, non-dbt pipelines), or you need its rich expectation vocabulary and generated documentation. Heavier to operate. |
13
+ | **Soda (Core/Cloud)** | Declarative checks YAML (SodaCL), CLI + SaaS | Non-engineers own quality rules, or checks span multiple stores with one syntax; Cloud adds anomaly detection and incident routing. |
14
+ | **Elementary / observability platforms (Monte Carlo, Metaplane…)** | Monitor the warehouse from metadata: freshness, volume, schema drift, distribution anomalies | You want detection you didn't hand-write — anomaly monitoring across many tables — and (platforms) column-level lineage + incident management. Elementary is the dbt-native OSS entry point. |
15
+
16
+ Layering that works in practice: **dbt tests + source freshness** as the
17
+ foundation; **contracts** at team boundaries; **one anomaly/observability
18
+ layer** for the unknown-unknowns. Adding a second tool in the same layer buys
19
+ maintenance, not coverage.
20
+
21
+ ## Contract mechanics by boundary type
22
+
23
+ - **Event streams**: schema registry (Avro/Protobuf/JSON Schema) with
24
+ compatibility mode set (backward at minimum); producers can't publish a
25
+ breaking schema. The strongest enforcement available — use it if events are
26
+ the interface.
27
+ - **Warehouse-to-warehouse (dbt ↔ dbt)**: dbt model contracts + versioned
28
+ models (`v2` with a deprecation window) on the shared models.
29
+ - **API/file drops from another org**: JSON Schema validated at ingestion;
30
+ reject-and-alert (dead-letter the bad batch) rather than best-effort
31
+ parsing.
32
+ - The social half matters as much: a named producer contact, a change-notice
33
+ channel, and the contract in a repo both teams can PR.
34
+
35
+ ## Anomaly checks worth having before "ML-powered" anything
36
+
37
+ - Row count vs trailing 7/28-day window (volume drops are the most common
38
+ silent failure).
39
+ - Freshness vs declared SLA per source.
40
+ - Schema diff vs last run (added/removed/retyped columns) with an explicit
41
+ allowlist flow.
42
+ - Null-rate and distinct-count drift on business-critical columns.
43
+
44
+ These four catch the large majority of real incidents; statistical/ML anomaly
45
+ detection is a refinement, not a starting point.
@@ -69,7 +69,7 @@ Walk through each section. Check items by reading code, running commands, and ve
69
69
  #### Documentation
70
70
  - [ ] README updated if setup steps changed
71
71
  - [ ] API documentation updated for new/changed endpoints
72
- - [ ] CHANGELOG updated (if project uses one)
72
+ - [ ] Release cut correctly, if this deploy ships one — version, changelog, tag consistent (see `release-management`)
73
73
  - [ ] Breaking changes are clearly communicated
74
74
 
75
75
  ### Step 3: Report
@@ -126,6 +126,7 @@ See [references/pre-deploy-gates.md](references/pre-deploy-gates.md) for environ
126
126
 
127
127
  ## Cross-Skill References
128
128
 
129
+ - `release-management` — cutting the versioned release (semver, changelog, tag, publish) that this checklist deploys
129
130
  - `rollback-strategy` — design the rollback plan before deploying (required for High-risk changes)
130
131
  - `configuration-strategy` — verify all environment variables and feature flags are configured correctly
131
132
  - `incident-response` — use if the deployment causes a production incident
@@ -0,0 +1,97 @@
1
+ ---
2
+ name: dx-audit
3
+ description: "Audit and improve developer experience — inner-loop feedback (build/test/reload times), CI wait and queue times, flaky tests, local environment setup, onboarding time-to-first-PR, tooling friction, docs discoverability; produce a prioritized remediation plan. Triggers: developer experience, DX audit, devex, builds are slow, CI takes forever, flaky tests, onboarding takes weeks, tooling friction, developer productivity, engineers are frustrated. Code health/debt hotspots → technical-debt-review; designing one pipeline → cicd-pipeline."
4
+ model: sonnet
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # DX Audit
9
+
10
+ Find and fix the friction that taxes every engineer, every day. Developer
11
+ experience compounds: a 10-minute CI queue on a 20-person team burns weeks of
12
+ engineering time per month, and worse, it changes *behavior* — engineers batch
13
+ changes, skip test runs, and avoid touching areas with slow feedback.
14
+ Boundary: `technical-debt-review` audits the *code's* health; this skill audits
15
+ the *workflow around* the code — loops, tooling, environments, and onboarding.
16
+
17
+ ## Workflow
18
+
19
+ ### Step 1: Measure the Loops — Numbers Before Anecdotes
20
+
21
+ Quantify the feedback loops before collecting opinions, so the audit ranks by
22
+ data and the improvement is provable later:
23
+
24
+ - **Inner loop**: cold build, incremental build, single-test run, hot-reload —
25
+ time them yourself in the actual repo.
26
+ - **Outer loop**: CI wall-clock (queue + run, from real recent pipelines), PR
27
+ time-to-first-review and time-to-merge, deploy lead time (DORA overlap —
28
+ `metrics-and-okrs`).
29
+ - **Flake rate**: retries and "re-run job" clicks per week; a 5%-flaky suite
30
+ means engineers already ignore red.
31
+ - **Onboarding**: time from laptop to first merged PR for recent joiners.
32
+
33
+ ### Step 2: Collect the Friction Log
34
+
35
+ Then ask the engineers — a lightweight survey or five 15-minute conversations:
36
+ "what wastes your time every day?", "what do you avoid doing because it's
37
+ painful?", "what would you fix first?". The second question matters most:
38
+ avoidance signals (never running the full suite locally, dreading a service's
39
+ local setup, batching deploys) reveal costs the timers can't see. Recurring
40
+ themes + Step-1 numbers = the finding list.
41
+
42
+ ### Step 3: Audit the Inner Loop
43
+
44
+ The highest-frequency loop gets the deepest look: Is the dev environment
45
+ reproducible in one command (or is setup a wiki page of drift-prone steps)?
46
+ Can you run one test in seconds without the world? Does hot-reload actually
47
+ work? Is the IDE experience functional (types, go-to-def, lint-on-save)? Are
48
+ common tasks (reset DB, seed data, run service X) scripted or tribal
49
+ knowledge? Every manual step here multiplies by invocations-per-day.
50
+
51
+ ### Step 4: Audit the Outer Loop
52
+
53
+ - **CI**: queue time vs run time (capacity vs speed problems differ), cache
54
+ hit rates, test parallelization/sharding, whether PRs run only affected
55
+ targets — delegate pipeline redesign to `cicd-pipeline`.
56
+ - **Flakes**: quarantine policy (a flaky test in the merge gate is a tax on
57
+ everyone), ownership for fixing, `test-suite-design` for structural causes.
58
+ - **Review latency**: are PRs waiting on people or on process (required
59
+ approvals, codeowner bottlenecks)?
60
+ - **Docs**: can an engineer answer "how do I X here?" without interrupting a
61
+ senior — README freshness, runbooks, `project-documentation`.
62
+
63
+ ### Step 5: Prioritize by Tax, Not by Annoyance
64
+
65
+ Score each finding as **time-cost × frequency × people affected** (daily
66
+ 10-second cuts beat monthly 10-minute ones), weighted by behavior distortion
67
+ (anything that makes engineers *skip verification* is top-tier regardless of
68
+ seconds). Produce the remediation list: quick wins first (cache config, test
69
+ sharding, a `make dev` script) to build credibility, structural items
70
+ (environment overhaul, CI capacity) as scheduled work with owners.
71
+
72
+ ### Step 6: Prove It and Keep It
73
+
74
+ Re-measure the Step-1 numbers after the fixes — DX work is uniquely easy to
75
+ verify, so verify it. Then keep the loop honest: track 2–3 DX metrics
76
+ continuously (CI p50/p95, flake rate, onboarding time), set a budget
77
+ ("CI > 10 min is a defect"), and re-run the friction survey a couple of times
78
+ a year. DX decays by default — every new service adds setup steps and CI
79
+ minutes unless something pushes back.
80
+
81
+ ## Principles Applied
82
+
83
+ - **Frequency beats magnitude**: optimize the loop that runs 50×/day before
84
+ the one that runs weekly.
85
+ - **Avoidance is the loudest signal**: what engineers won't do reveals more
86
+ than what they complain about.
87
+ - **Measured before and after**: a DX improvement that can't show the numbers
88
+ moved is an opinion.
89
+
90
+ ## Cross-Skill References
91
+
92
+ - `technical-debt-review` — the code-health complement to this workflow audit
93
+ - `cicd-pipeline` — redesigning the pipeline the audit flagged
94
+ - `test-suite-design` — structural fixes for slow or flaky suites
95
+ - `project-documentation` — the docs/onboarding gaps surfaced in Step 4
96
+ - `metrics-and-okrs` — DORA metrics and making DX goals measurable
97
+ - `retrospective` — mining recurring friction from team retros
@@ -0,0 +1,40 @@
1
+ {
2
+ "skill_name": "dx-audit",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "Our 25-person engineering team feels slow. CI takes ~35 minutes, people complain about local setup, and new hires seem to take forever to become productive. Run a DX audit and tell us what to fix.",
7
+ "expected_output": "Measures the loops first (inner-loop timings, CI queue vs run time, flake rate, PR cycle time, onboarding time-to-first-merge), collects a friction log from engineers with attention to avoidance behavior, audits inner loop (one-command env, single-test speed) and outer loop (CI caching/sharding, flake quarantine, review latency, docs), prioritizes by time-cost × frequency × people with quick wins first, and commits to re-measuring the same numbers after fixes",
8
+ "assertions": [
9
+ "Quantifies the feedback loops with real measurements (build/test times, CI queue vs run, flake rate, PR cycle, onboarding time) before prescribing fixes",
10
+ "Collects friction from the engineers themselves (survey/interviews) and pays attention to avoidance behavior, not just complaints",
11
+ "Audits both the inner loop (env setup, single-test runs, hot reload, scripted common tasks) and the outer loop (CI caching/parallelization, flaky-test policy, review latency, docs)",
12
+ "Prioritizes findings by frequency × time-cost × people affected, sequencing quick wins before structural work, with owners",
13
+ "Plans to re-measure the baseline numbers after remediation and keep 2–3 DX metrics tracked continuously"
14
+ ]
15
+ },
16
+ {
17
+ "id": 2,
18
+ "prompt": "Management says our DX is fine because nobody's complaining, but I notice engineers never run the full test suite locally, deploys pile up on Fridays, and everyone SSHes into a shared staging box to test things. Is there a DX problem here?",
19
+ "expected_output": "Reads the avoidance signals as the loudest DX evidence: skipping the local suite implies it's too slow/flaky (verification is being skipped — top-tier severity), deploy batching implies the deploy loop is painful or risky, shared-staging testing implies local environments can't reproduce reality; quantifies each to confirm, and explains why absence of complaints doesn't mean absence of tax (normalized friction becomes invisible)",
20
+ "assertions": [
21
+ "Identifies the described behaviors as avoidance signals that indicate DX problems despite the absence of complaints",
22
+ "Infers the likely underlying causes: local suite too slow or flaky, painful/risky deploy loop, local environments unable to reproduce reality",
23
+ "Flags that engineers skipping verification (not running tests locally) is especially severe because it distorts quality behavior",
24
+ "Proposes measuring to confirm (suite runtime, flake rate, deploy lead time, env setup) rather than acting on inference alone",
25
+ "Explains why normalized friction stops generating complaints (habituation), so surveys must ask about avoidance, not just satisfaction"
26
+ ]
27
+ },
28
+ {
29
+ "id": 3,
30
+ "prompt": "Our checkout module is a nightmare of spaghetti code — cyclomatic complexity through the roof, no tests, God classes everywhere. Audit it and give us a prioritized cleanup roadmap.",
31
+ "expected_output": "Recognizes this as a code-health/debt assessment, not a workflow-friction audit — refers to technical-debt-review for the hotspot analysis and remediation roadmap, stating the boundary: dx-audit covers the workflow around the code (loops, tooling, environments); technical-debt-review covers the code itself",
32
+ "assertions": [
33
+ "Recognizes the request as a code-health/technical-debt assessment, not a developer-workflow audit",
34
+ "Refers to the technical-debt-review skill for the hotspot analysis and cleanup roadmap",
35
+ "Does not produce a DX workflow audit (CI timings, onboarding, tooling friction) as the answer",
36
+ "States or implies the boundary: dx-audit audits the workflow around the code; technical-debt-review audits the code's health"
37
+ ]
38
+ }
39
+ ]
40
+ }