swe-workflow-skills 0.1.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +58 -17
- package/VERSION +1 -1
- package/catalog.json +113 -8
- package/commands/role.md +14 -2
- package/install.mjs +23 -3
- package/package.json +2 -2
- package/roles.json +72 -7
- package/scripts/resolve.mjs +8 -3
- package/skills/ai-evaluation/SKILL.md +112 -0
- package/skills/ai-evaluation/evals/evals.json +40 -0
- package/skills/ai-evaluation/references/eval-tooling.md +63 -0
- package/skills/architecture-design/SKILL.md +3 -1
- package/skills/brainstorming/SKILL.md +92 -0
- package/skills/brainstorming/evals/evals.json +40 -0
- package/skills/browser-verification/SKILL.md +95 -0
- package/skills/browser-verification/evals/evals.json +40 -0
- package/skills/build-vs-buy/SKILL.md +109 -0
- package/skills/build-vs-buy/evals/evals.json +40 -0
- package/skills/cicd-pipeline/SKILL.md +1 -0
- package/skills/code-archaeology/SKILL.md +103 -0
- package/skills/code-archaeology/evals/evals.json +41 -0
- package/skills/code-reviewing/SKILL.md +13 -3
- package/skills/compliance-privacy/SKILL.md +113 -0
- package/skills/compliance-privacy/evals/evals.json +41 -0
- package/skills/compliance-privacy/references/obligations-map.md +69 -0
- package/skills/data-pipeline-design/SKILL.md +116 -0
- package/skills/data-pipeline-design/evals/evals.json +41 -0
- package/skills/data-pipeline-design/references/orchestration.md +64 -0
- package/skills/data-quality/SKILL.md +107 -0
- package/skills/data-quality/evals/evals.json +39 -0
- package/skills/data-quality/references/tooling.md +45 -0
- package/skills/deployment-checklist/SKILL.md +2 -1
- package/skills/dx-audit/SKILL.md +97 -0
- package/skills/dx-audit/evals/evals.json +40 -0
- package/skills/effort-estimation/SKILL.md +24 -67
- package/skills/exploratory-data-analysis/SKILL.md +110 -0
- package/skills/exploratory-data-analysis/evals/evals.json +43 -0
- package/skills/feature-planning/SKILL.md +5 -1
- package/skills/finops-cost-optimization/SKILL.md +109 -0
- package/skills/finops-cost-optimization/evals/evals.json +40 -0
- package/skills/git-workflow/SKILL.md +31 -14
- package/skills/llm-app-engineering/SKILL.md +102 -0
- package/skills/llm-app-engineering/evals/evals.json +40 -0
- package/skills/llm-app-engineering/references/patterns.md +70 -0
- package/skills/ml-experiment-tracking/SKILL.md +1 -1
- package/skills/ml-pipeline-design/SKILL.md +8 -2
- package/skills/ml-pipeline-design/evals/evals.json +10 -0
- package/skills/mobile-architecture/SKILL.md +106 -0
- package/skills/mobile-architecture/evals/evals.json +40 -0
- package/skills/mobile-release/SKILL.md +109 -0
- package/skills/mobile-release/evals/evals.json +41 -0
- package/skills/notebook-to-production/SKILL.md +89 -0
- package/skills/notebook-to-production/evals/evals.json +42 -0
- package/skills/plan-execution/SKILL.md +115 -0
- package/skills/plan-execution/evals/evals.json +55 -0
- package/skills/project-documentation/SKILL.md +8 -1
- package/skills/project-review/SKILL.md +13 -3
- package/skills/release-management/SKILL.md +97 -0
- package/skills/release-management/evals/evals.json +56 -0
- package/skills/release-management/references/release-tooling.md +106 -0
- package/skills/resilience-engineering/SKILL.md +121 -0
- package/skills/resilience-engineering/evals/evals.json +40 -0
- package/skills/security-audit/SKILL.md +14 -3
- package/skills/skill-router/SKILL.md +57 -4
- package/skills/statistical-analysis/SKILL.md +93 -0
- package/skills/statistical-analysis/evals/evals.json +43 -0
- package/skills/strategic-review/SKILL.md +16 -2
- package/skills/subagent-orchestration/SKILL.md +100 -0
- package/skills/subagent-orchestration/evals/evals.json +40 -0
- package/skills/technical-debt-review/SKILL.md +12 -2
- package/skills/threat-modeling/SKILL.md +101 -0
- package/skills/threat-modeling/evals/evals.json +40 -0
- package/skills/threat-modeling/references/stride-mitigations.md +90 -0
- package/skills/writing-skills/SKILL.md +48 -16
|
@@ -1,92 +1,49 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: effort-estimation
|
|
3
|
-
description: "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning.
|
|
3
|
+
description: "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning."
|
|
4
|
+
when_to_use: "Triggers: estimate this, how long will this take, story points, t-shirt sizing, effort estimation, capacity planning, sprint planning, budget estimate, forecast, velocity, when will this be done."
|
|
4
5
|
model: haiku
|
|
5
6
|
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
7
|
---
|
|
7
8
|
|
|
8
9
|
# Effort Estimation
|
|
9
10
|
|
|
10
|
-
Produce honest, useful estimates
|
|
11
|
-
|
|
12
|
-
## Core Philosophy
|
|
13
|
-
|
|
14
|
-
**Estimates are forecasts, not commitments.** They communicate "based on what we know today, here's our best guess at the range of effort." They should always include uncertainty ranges, and they should improve as you learn more.
|
|
11
|
+
Produce honest, useful estimates without false precision. Estimates are forecasts,
|
|
12
|
+
not commitments — always ranges, always improving as you learn more.
|
|
15
13
|
|
|
16
14
|
## Workflow
|
|
17
15
|
|
|
18
16
|
### Step 1: Ensure Tasks Are Defined
|
|
19
17
|
|
|
20
|
-
You can't estimate undefined work.
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
- Acceptance criteria exist for each task
|
|
24
|
-
- Technical approach is at least sketched (spikes completed for unknowns)
|
|
25
|
-
|
|
26
|
-
If the work is too vague to estimate, say so. "I can't estimate this until we do a spike" is a valid and responsible answer.
|
|
27
|
-
|
|
28
|
-
### Step 2: Choose the Estimation Method
|
|
29
|
-
|
|
30
|
-
| Method | Best For | Precision | Speed |
|
|
31
|
-
|--------|----------|-----------|-------|
|
|
32
|
-
| **T-shirt sizing** | Roadmap planning, early-stage sizing, large backlogs | Low (ranges) | Very fast |
|
|
33
|
-
| **Story points** (Fibonacci) | Sprint planning, velocity tracking, mature teams | Medium (relative) | Moderate |
|
|
34
|
-
| **Three-point estimation** | High-stakes estimates, budget requests, uncertain work | High (ranges with confidence) | Slow |
|
|
35
|
-
| **Time-based** | Well-understood tasks with low uncertainty | High (hours/days) | Moderate |
|
|
36
|
-
|
|
37
|
-
**Default recommendation**: T-shirt sizing for roadmap/quarter planning, story points for sprint planning. Three-point for budget requests and stakeholder communication.
|
|
18
|
+
You can't estimate undefined work. Tasks must be broken down (use `feature-planning`
|
|
19
|
+
if not), have acceptance criteria, and have at least a sketched technical approach.
|
|
20
|
+
"I can't estimate this until we do a spike" is a valid and responsible answer.
|
|
38
21
|
|
|
39
|
-
### Step
|
|
22
|
+
### Step 2: Choose the Method
|
|
40
23
|
|
|
41
|
-
|
|
24
|
+
T-shirt sizing for roadmap and early-stage sizing; story points (Fibonacci) for
|
|
25
|
+
sprint planning and velocity tracking; three-point estimation for budget requests
|
|
26
|
+
and high-uncertainty, high-stakes work; time-based only for well-understood tasks.
|
|
27
|
+
See [references/estimation-methods.md](references/estimation-methods.md) for
|
|
28
|
+
detailed guidance on each method.
|
|
42
29
|
|
|
43
|
-
|
|
30
|
+
### Step 3: Apply It
|
|
44
31
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
5. **Re-estimate when you learn more.** Initial estimates are educated guesses. Update them as spikes complete and requirements clarify.
|
|
32
|
+
Estimate per task, not the project as a single unit; relative to known work rather
|
|
33
|
+
than in absolute terms; as a team where possible (the familiarity gap between
|
|
34
|
+
estimators reveals hidden complexity); with uncertainty explicit. Re-estimate when
|
|
35
|
+
spikes complete or requirements clarify.
|
|
50
36
|
|
|
51
|
-
### Step 4:
|
|
37
|
+
### Step 4: Translate for Stakeholders
|
|
52
38
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
```
|
|
57
|
-
Estimated story points for the project: 85
|
|
58
|
-
Team velocity: ~30 points per sprint (2-week sprints)
|
|
59
|
-
Sprints needed: 85 / 30 = ~3 sprints = 6 weeks
|
|
60
|
-
|
|
61
|
-
Add buffer for unknowns (20-30%): 7-8 weeks
|
|
62
|
-
Communicate as range: "6-8 weeks with the current team"
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
**From effort to cost:**
|
|
66
|
-
```
|
|
67
|
-
Effort estimate: 12-16 person-weeks
|
|
68
|
-
Team loaded cost: $X per person-week
|
|
69
|
-
Total: 12 × $X to 16 × $X
|
|
70
|
-
Communicate as range: "$A - $B"
|
|
71
|
-
```
|
|
72
|
-
|
|
73
|
-
**Always provide ranges, never single numbers.** A single number becomes a commitment; a range communicates confidence.
|
|
39
|
+
Convert to time or cost via team velocity or loaded cost, add a 20-30% buffer for
|
|
40
|
+
unknowns, and communicate a range in stakeholder language — weeks and dollars, not
|
|
41
|
+
story points. A single number becomes a commitment; a range communicates confidence.
|
|
74
42
|
|
|
75
43
|
### Step 5: Track and Calibrate
|
|
76
44
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
- Compare estimated vs actual effort
|
|
80
|
-
- Identify systematic patterns (always overestimate UI? Always underestimate integrations?)
|
|
81
|
-
- Adjust team velocity based on recent data (use the last 3-5 sprints, not all-time average)
|
|
82
|
-
|
|
83
|
-
## Common Estimation Traps
|
|
84
|
-
|
|
85
|
-
- **Anchoring**: The first number said influences everyone else. Use blind estimation (planning poker, simultaneous reveal).
|
|
86
|
-
- **Planning fallacy**: People consistently underestimate. Use historical data to calibrate.
|
|
87
|
-
- **Scope creep blindness**: Estimate the work as defined, then add buffer for scope growth — it always grows.
|
|
88
|
-
- **Hero planning**: Estimating based on the best-case scenario with the best developer with zero interruptions. Estimate for a typical day with meetings and context switches.
|
|
89
|
-
- **Precision theater**: Saying "47 hours" when you mean "roughly a week." False precision erodes trust faster than honest ranges.
|
|
45
|
+
Compare estimated vs actual each sprint, look for systematic bias, and recalibrate
|
|
46
|
+
velocity on the last 3-5 sprints, not the all-time average.
|
|
90
47
|
|
|
91
48
|
## Principles Applied
|
|
92
49
|
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: exploratory-data-analysis
|
|
3
|
+
description: "Explore and profile an unfamiliar dataset before modeling or analysis — structural profiling, missingness structure, distributions and outliers, feature–target relationships, leakage awareness, and explicit hypothesis generation. Pipeline-level data trust (broken dashboards, tests, contracts, freshness) → data-quality; formal inference on the hypotheses → statistical-analysis."
|
|
4
|
+
when_to_use: "Triggers: explore this dataset, EDA, profile the data, what's in this data, first look at the data, understand this CSV, distributions, outliers, missing values, correlation, data leakage."
|
|
5
|
+
model: sonnet
|
|
6
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Exploratory Data Analysis
|
|
10
|
+
|
|
11
|
+
Understand a dataset before trusting it with a model or a decision. The output
|
|
12
|
+
of EDA is not a pile of statistics — it is a documented understanding: what the
|
|
13
|
+
data is, what's wrong or surprising in it, and a set of explicit hypotheses to
|
|
14
|
+
test next. Every step below feeds that document.
|
|
15
|
+
|
|
16
|
+
## Workflow
|
|
17
|
+
|
|
18
|
+
### 1. Frame the goal and the grain
|
|
19
|
+
|
|
20
|
+
Before profiling anything, write down what decision or model this data will
|
|
21
|
+
feed, and establish the **grain**: what does one row represent (an order? a
|
|
22
|
+
customer? a customer-month?)? Duplicate keys and mixed grains invalidate every
|
|
23
|
+
later statistic. If the eventual use is prediction, note *when* the prediction
|
|
24
|
+
would be made — that timestamp drives the leakage checks in step 5.
|
|
25
|
+
|
|
26
|
+
### 2. Profile structurally
|
|
27
|
+
|
|
28
|
+
Column types, ranges, cardinality, and summary statistics for every column —
|
|
29
|
+
cheaply, before any deep dive. Triage wide tables by metadata first (null rate,
|
|
30
|
+
cardinality, type) and prioritize columns by relevance to the goal; don't
|
|
31
|
+
profile 400 columns equally.
|
|
32
|
+
|
|
33
|
+
If the data doesn't fit in memory: push aggregations down to the warehouse
|
|
34
|
+
(SQL), or use an out-of-core/lazy engine (DuckDB, Polars). When you sample,
|
|
35
|
+
**sample representatively** — random or stratified, never `head()` (files are
|
|
36
|
+
usually ordered by time or id) — and state the caveat that rare events and
|
|
37
|
+
extreme outliers can be missed under sampling; verify those against the full
|
|
38
|
+
data with targeted queries.
|
|
39
|
+
|
|
40
|
+
### 3. Map the missingness structure
|
|
41
|
+
|
|
42
|
+
Null counts are the start, not the answer. Distinguish:
|
|
43
|
+
|
|
44
|
+
- **Random gaps** — sporadic nulls, roughly uniform across segments.
|
|
45
|
+
- **Structural missingness** — a column populated only for some segment, after
|
|
46
|
+
some date, or by some source system. Cross-tab null rates against segments
|
|
47
|
+
and time to find these.
|
|
48
|
+
- **Informative missingness** — where the *fact* that a value is missing
|
|
49
|
+
predicts the outcome (e.g., income missing for churned users). Flag it; it
|
|
50
|
+
may be a feature, or it may be leakage.
|
|
51
|
+
|
|
52
|
+
Also check for disguised missing values: sentinel codes (0, -1, 999,
|
|
53
|
+
"unknown", empty string) that aren't NULL.
|
|
54
|
+
|
|
55
|
+
### 4. Distributions and outliers
|
|
56
|
+
|
|
57
|
+
For key numeric columns: quantiles, histograms, and an outlier pass (IQR or
|
|
58
|
+
similar). For categoricals: frequency tables and rare-level counts. Decide for
|
|
59
|
+
each outlier cluster whether it is a data error, a unit mismatch, or a genuine
|
|
60
|
+
tail — **never drop outliers before classifying them**; genuine tails are often
|
|
61
|
+
the interesting part. Check skew before assuming any statistic (mean, std) is
|
|
62
|
+
representative.
|
|
63
|
+
|
|
64
|
+
### 5. Target definition, balance, and leakage
|
|
65
|
+
|
|
66
|
+
If the data will feed a model:
|
|
67
|
+
|
|
68
|
+
- **Define the target explicitly** (e.g., "churn = no order in 90 days after
|
|
69
|
+
cutoff") and check its **class balance** — a 2% positive rate changes the
|
|
70
|
+
whole modeling and evaluation approach downstream.
|
|
71
|
+
- **Hunt for leakage**: any column recorded at-or-after the outcome
|
|
72
|
+
(cancellation reason, final status, updated_at aggregates), and proxies that
|
|
73
|
+
encode the outcome indirectly. Test: "would this value exist at prediction
|
|
74
|
+
time?" If unsure, trace how the column is produced. A too-good correlation
|
|
75
|
+
with the target is a leakage smell, not a win.
|
|
76
|
+
|
|
77
|
+
### 6. Relationships, not just profiles
|
|
78
|
+
|
|
79
|
+
Univariate profiles alone don't generate hypotheses. Examine bivariate
|
|
80
|
+
structure: correlations among candidate features, and each candidate feature
|
|
81
|
+
against the target (grouped rates, means by decile, simple cross-tabs). Note
|
|
82
|
+
confounders — a feature↔target association may be explained by segment or
|
|
83
|
+
time. This is where most real hypotheses come from.
|
|
84
|
+
|
|
85
|
+
### 7. Write the hypotheses and hand off
|
|
86
|
+
|
|
87
|
+
Close with a short findings document: data issues found, columns excluded and
|
|
88
|
+
why (especially leakage suspects), and **explicit hypotheses phrased as
|
|
89
|
+
testable statements** ("weekend signups churn more", "the price effect is
|
|
90
|
+
driven by segment X") plus open questions for the data owners. Formal testing
|
|
91
|
+
of those hypotheses is `statistical-analysis` territory; feature/training
|
|
92
|
+
pipeline work is `ml-pipeline-design`.
|
|
93
|
+
|
|
94
|
+
## Principles
|
|
95
|
+
|
|
96
|
+
- **KISS**: value counts and group-by rates beat clever visualizations for
|
|
97
|
+
finding problems fast.
|
|
98
|
+
- **YAGNI**: profile to the goal — an exhaustive 400-column report nobody reads
|
|
99
|
+
is not EDA.
|
|
100
|
+
- **Honest accounting**: record what you did NOT check (columns skipped,
|
|
101
|
+
sample-size limits) in the findings doc.
|
|
102
|
+
|
|
103
|
+
## Cross-skill boundaries
|
|
104
|
+
|
|
105
|
+
- Bad data in a *pipeline or dashboard* (freshness, contracts, dbt tests,
|
|
106
|
+
lineage) → **data-quality** — that's an operational trust problem, not
|
|
107
|
+
exploration of an unfamiliar dataset.
|
|
108
|
+
- Formal hypothesis testing, experiment design, significance → **statistical-analysis**.
|
|
109
|
+
- Turning the analysis into scheduled production code → **notebook-to-production**.
|
|
110
|
+
- Schema design for storing the data → **data-modeling**.
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "exploratory-data-analysis",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "I just got a CSV export of our customer orders — about 200k rows, 30 columns — and I've never seen this data before. We eventually want a churn model out of it. Where do I start?",
|
|
7
|
+
"expected_output": "Should run a structured EDA workflow: profile columns first, examine missingness patterns and distributions, look at the target definition and class balance, flag potential leakage columns, and turn findings into explicit hypotheses — not jump to modeling.",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Profiles the dataset first (column types, ranges, cardinality, summary statistics) before giving any modeling advice",
|
|
10
|
+
"Examines missingness patterns and distinguishes random gaps from structural ones (e.g., a column only populated for some segment)",
|
|
11
|
+
"Checks distributions and flags outliers or skew with concrete methods (quantiles, histograms, IQR or similar)",
|
|
12
|
+
"Warns about target leakage — columns that would not be available at prediction time must be identified and excluded",
|
|
13
|
+
"Examines how the churn target would be defined and its class balance before any modeling",
|
|
14
|
+
"Looks at relationships between candidate features and the target, not just univariate profiles",
|
|
15
|
+
"Produces explicit hypotheses or follow-up questions from the findings rather than only reporting statistics"
|
|
16
|
+
]
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
"id": 2,
|
|
20
|
+
"prompt": "I need to understand a warehouse extract with 400 columns and 3 million rows by Friday, and pandas kills my laptop when I load it. What's the plan?",
|
|
21
|
+
"expected_output": "Should scale the EDA workflow instead of abandoning it: triage columns cheaply first, work on a representative sample or push aggregations to the warehouse, and prioritize by the analysis goal rather than exhaustively profiling everything.",
|
|
22
|
+
"assertions": [
|
|
23
|
+
"Recommends sampling or chunked/out-of-core processing instead of loading everything into memory",
|
|
24
|
+
"Notes the sample must be representative (random or stratified) and flags the caveat that rare events and outliers can be missed under sampling",
|
|
25
|
+
"Triages the 400 columns cheaply (types, null rates, cardinality) before deep-diving any of them",
|
|
26
|
+
"Prioritizes columns by relevance to the stated goal rather than profiling all 400 equally",
|
|
27
|
+
"Suggests pushing heavy aggregations down to the warehouse via SQL, or using a lazy/out-of-core engine (e.g., Polars, DuckDB, Dask)",
|
|
28
|
+
"Still covers the core EDA checklist (types, missingness, distributions, key relationships) on the reduced view"
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
"id": 3,
|
|
33
|
+
"prompt": "Our finance dashboard has shown wrong revenue numbers all week — the nightly job loads orders into the warehouse and something is off upstream. Can you help me analyze the data and find the problem?",
|
|
34
|
+
"expected_output": "Should recognize this as a pipeline-level data-trust problem, not exploration of an unfamiliar dataset — hand off to the data-quality skill (dbt tests, freshness, schema drift, contracts, lineage) rather than starting a dataset-profiling workflow.",
|
|
35
|
+
"assertions": [
|
|
36
|
+
"Recognizes this as a data-quality / pipeline-trust problem rather than exploratory analysis of a new dataset",
|
|
37
|
+
"Hands off to or invokes the data-quality skill instead of running a generic EDA workflow",
|
|
38
|
+
"Points at concrete data-quality directions (dbt tests, source freshness, schema drift, upstream contract, lineage/blast radius) as the right path",
|
|
39
|
+
"Does not respond with a dataset-profiling/distributions workflow as the primary answer"
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
]
|
|
43
|
+
}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: feature-planning
|
|
3
|
-
description: "Break features into well-scoped tasks with acceptance criteria, risk assessment, and dependency mapping. Triggers: plan this, break this down, scope this feature, create tasks for, sprint planning, how should I implement this feature, user stories, acceptance criteria, dependency mapping, feature breakdown."
|
|
3
|
+
description: "Break features into well-scoped tasks with acceptance criteria, risk assessment, and dependency mapping. Triggers: plan this, break this down, scope this feature, create tasks for, sprint planning, how should I implement this feature, user stories, acceptance criteria, dependency mapping, feature breakdown. Creates the plan — executing an already-approved plan checkpoint by checkpoint → plan-execution."
|
|
4
4
|
model: sonnet
|
|
5
5
|
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
6
|
---
|
|
@@ -82,3 +82,7 @@ Output the complete plan using the template at [templates/plan.md](templates/pla
|
|
|
82
82
|
If the feature involves architectural decisions (new services, database changes, API design), suggest using the `architecture-design` skill before finalizing the plan.
|
|
83
83
|
|
|
84
84
|
If the feature requires data model changes, suggest using the `data-modeling` skill for that portion.
|
|
85
|
+
|
|
86
|
+
If the idea itself is still fuzzy — the user is exploring what to build rather than how — run `brainstorming` first; this skill converges, that one diverges.
|
|
87
|
+
|
|
88
|
+
Once the plan is approved and execution begins, the `plan-execution` skill takes over: checkpointed batches, verification evidence per checkpoint, and drift-triggered re-planning (which loops back here).
|
|
@@ -0,0 +1,109 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: finops-cost-optimization
|
|
3
|
+
description: "Understand and reduce cloud spend — cost visibility and allocation (tagging, ownership), unit economics, rightsizing, autoscaling, commitment discounts (reserved instances, savings plans), storage/egress traps, architecture cost review, budgets and anomaly alerts. Triggers: cloud costs, AWS bill, cut costs, cost optimization, FinOps, why is our bill so high, rightsizing, reserved instances, savings plan, egress fees, cost per customer. Whether to build or buy a capability → build-vs-buy; making code faster → performance-optimization."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash, WebFetch, WebSearch
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# FinOps & Cost Optimization
|
|
9
|
+
|
|
10
|
+
Treat cloud cost as an engineering metric — observable, attributed, and
|
|
11
|
+
optimized with the same rigor as latency. The failure mode this skill counters:
|
|
12
|
+
nobody owns the bill, so it only gets attention as a quarterly surprise, and
|
|
13
|
+
the response is a panicked freeze instead of systematic reduction. Boundaries:
|
|
14
|
+
`performance-optimization` makes code faster (sometimes cheaper as a side
|
|
15
|
+
effect); `build-vs-buy` decides whether to run the capability at all; this
|
|
16
|
+
skill optimizes what you *do* run.
|
|
17
|
+
|
|
18
|
+
## Workflow
|
|
19
|
+
|
|
20
|
+
### Step 1: Visibility Before Optimization
|
|
21
|
+
|
|
22
|
+
You can't cut what you can't attribute. Establish first:
|
|
23
|
+
|
|
24
|
+
- **Allocation**: tag/label resources by service, team, and environment;
|
|
25
|
+
measure the untagged remainder and drive it down — an 40%-unattributed bill
|
|
26
|
+
makes every later step guesswork.
|
|
27
|
+
- **The big rocks**: rank spend by service and by resource type. Cloud bills
|
|
28
|
+
follow a power law; the top 5 line items usually carry most of the total.
|
|
29
|
+
Optimizing anything outside them is procrastination with charts.
|
|
30
|
+
- **Trend vs events**: is spend growing with usage (fine, if unit costs hold),
|
|
31
|
+
or did it step-change with a deploy (an incident with a dollar signature)?
|
|
32
|
+
|
|
33
|
+
Pull real billing data (cost explorer exports, `infracost` on IaC diffs, the
|
|
34
|
+
provider CLIs) — never optimize from memory of last quarter's bill.
|
|
35
|
+
|
|
36
|
+
### Step 2: Define Unit Economics
|
|
37
|
+
|
|
38
|
+
Total spend is noise; **cost per unit of value** — per customer, per request,
|
|
39
|
+
per GB processed, per model inference — is signal. A bill that doubles while
|
|
40
|
+
customers triple is a win. Pick 1–3 unit metrics with the team, compute them
|
|
41
|
+
from the Step-1 allocation, and make them the number optimization is judged by.
|
|
42
|
+
This is also what connects engineering to the business conversation
|
|
43
|
+
(`metrics-and-okrs`).
|
|
44
|
+
|
|
45
|
+
### Step 3: Harvest the Waste (no architecture changes)
|
|
46
|
+
|
|
47
|
+
The reliable first wins, in typical order of return:
|
|
48
|
+
|
|
49
|
+
- **Orphans**: unattached volumes/IPs, forgotten environments, snapshots-forever,
|
|
50
|
+
idle dev clusters running nights and weekends (schedule them off).
|
|
51
|
+
- **Rightsizing**: instances/databases provisioned for imagined peak — check
|
|
52
|
+
actual utilization (single-digit CPU on a large instance is a purchase order
|
|
53
|
+
for the cloud provider, not capacity planning).
|
|
54
|
+
- **Storage classes & lifecycle**: hot-tier data nobody has read in a year;
|
|
55
|
+
logs and backups with no expiry — lifecycle policies are one-line fixes.
|
|
56
|
+
- **Non-prod parity**: staging doesn't need production's instance sizes,
|
|
57
|
+
replica counts, or retention.
|
|
58
|
+
|
|
59
|
+
### Step 4: Buy Commitment for the Stable Baseline
|
|
60
|
+
|
|
61
|
+
After rightsizing (never before — you'd lock in the waste): cover the stable,
|
|
62
|
+
predictable baseline with reserved instances / savings plans / committed-use
|
|
63
|
+
discounts, and keep the spiky remainder on-demand or spot (spot for
|
|
64
|
+
interruption-tolerant work: batch, CI, stateless workers). Start conservative
|
|
65
|
+
(cover well under 100% of the baseline) and ratchet up as forecasts prove out —
|
|
66
|
+
over-commitment converts a variable cost into a fixed regret.
|
|
67
|
+
|
|
68
|
+
### Step 5: Review the Architecture's Cost Shape
|
|
69
|
+
|
|
70
|
+
Some spend is structural, and only architecture changes move it:
|
|
71
|
+
|
|
72
|
+
- **Egress and cross-zone/region chatter** — the classic invisible line item;
|
|
73
|
+
co-locate chatty services, cache at the edge, compress.
|
|
74
|
+
- **Per-invocation pricing at scale** — serverless that grew past the
|
|
75
|
+
crossover where instances are cheaper (and vice versa: idle instances that
|
|
76
|
+
should be serverless).
|
|
77
|
+
- **Managed-premium vs ops-burden** — the managed service's markup is often
|
|
78
|
+
worth it (that's a `build-vs-buy` call when it gets big).
|
|
79
|
+
- **Data pipelines** — scan-based pricing (warehouse queries over unpartitioned
|
|
80
|
+
tables) and always-on streaming for hourly-batch needs (`data-pipeline-design`).
|
|
81
|
+
|
|
82
|
+
Cost these with current provider pricing (verify live — pricing changes), and
|
|
83
|
+
record significant trade-offs as ADRs (`architecture-design`).
|
|
84
|
+
|
|
85
|
+
### Step 6: Keep It Continuous
|
|
86
|
+
|
|
87
|
+
- **Budgets + anomaly alerts** per team/service, routed to the owning team —
|
|
88
|
+
a cost regression is a defect, detected in days not quarters.
|
|
89
|
+
- **Cost in the deploy loop**: IaC cost diffs (e.g. infracost) in PRs makes
|
|
90
|
+
cost visible at decision time.
|
|
91
|
+
- **A monthly 30-minute review** of the unit metrics and top movers beats an
|
|
92
|
+
annual cost-cutting project.
|
|
93
|
+
|
|
94
|
+
## Principles Applied
|
|
95
|
+
|
|
96
|
+
- **Attribution before optimization** — unowned costs never stay cut.
|
|
97
|
+
- **Unit economics over totals** — growth should raise the bill; only rising
|
|
98
|
+
*unit* cost is a problem.
|
|
99
|
+
- **Biggest line item first** — a 10% cut of the top item beats a 90% cut of
|
|
100
|
+
the tenth.
|
|
101
|
+
|
|
102
|
+
## Cross-Skill References
|
|
103
|
+
|
|
104
|
+
- `build-vs-buy` — whether to run the capability at all; managed-vs-self-hosted TCO
|
|
105
|
+
- `performance-optimization` — efficiency work that reduces compute per request
|
|
106
|
+
- `architecture-design` — recording cost-driven structural decisions as ADRs
|
|
107
|
+
- `observability-design` — the metrics/alerting machinery cost signals ride on
|
|
108
|
+
- `data-pipeline-design` — cost-shaping batch/streaming and warehouse workloads
|
|
109
|
+
- `metrics-and-okrs` — tying unit economics to business metrics
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "finops-cost-optimization",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Our AWS bill jumped from $18k to $31k/month over the last two quarters and leadership wants it 'fixed'. Where do we start?",
|
|
7
|
+
"expected_output": "Starts with visibility, not cuts: attribute the spend (tagging/allocation), rank the top line items, and separate usage-driven growth from step-change regressions; defines unit economics (cost per customer/request) as the real judge; then harvests waste in order of return (orphans, rightsizing from actual utilization, storage lifecycle, non-prod schedules), only then commitment discounts on the post-rightsizing baseline, plus budgets/anomaly alerts so the next jump is caught in days",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Establishes visibility and attribution first (tagging/allocation, ranking top line items from real billing data) before proposing any cuts",
|
|
10
|
+
"Distinguishes usage-driven growth from step-change regressions and/or introduces unit economics (cost per customer/request) rather than treating the total as the metric",
|
|
11
|
+
"Proposes concrete waste harvesting: orphaned resources, rightsizing based on actual utilization, storage lifecycle policies, or scheduling non-prod environments off",
|
|
12
|
+
"Recommends commitment discounts (RIs/savings plans) only after rightsizing, covering a conservative stable baseline",
|
|
13
|
+
"Sets up continuous guardrails: budgets and anomaly alerts routed to owning teams, and/or cost checks in the deploy loop"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "Our bill is dominated by data transfer: about 40% is inter-AZ traffic and NAT gateway charges between our microservices, and the rest of the top items are a Kafka cluster and a data warehouse where queries scan whole tables. Rightsizing won't move these. What are our options?",
|
|
19
|
+
"expected_output": "Recognizes structural/architectural cost shape: co-locating chatty services or reworking cross-AZ topology (weighing the availability trade-off), VPC endpoints / NAT alternatives, compression; warehouse scan costs via partitioning/clustering and incremental models; evaluates whether always-on streaming matches the actual latency need; recommends costing options with live pricing and recording the trade-offs as ADRs since these decisions trade resilience/latency for money",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Recognizes these as architecture-shaped costs that rightsizing cannot fix and addresses the egress/inter-AZ problem specifically (co-location, topology, VPC endpoints, compression)",
|
|
22
|
+
"Notes the availability/resilience trade-off in reducing cross-AZ traffic rather than recommending single-AZ blindly",
|
|
23
|
+
"Addresses the warehouse scan costs structurally (partitioning, clustering, incremental models) rather than only suggesting fewer queries",
|
|
24
|
+
"Questions whether the always-on streaming infrastructure matches the actual latency requirement (batch vs streaming)",
|
|
25
|
+
"Recommends verifying costs against current provider pricing and/or recording significant cost-driven decisions as ADRs"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "Our checkout API's p99 latency is 4 seconds and profiling shows an N+1 query pattern plus a missing index. Can you help optimize it?",
|
|
31
|
+
"expected_output": "Recognizes this as code/query performance work, not cloud-spend optimization — refers to performance-optimization for the N+1 and indexing work, noting the boundary: performance-optimization makes code faster (sometimes cheaper as a side effect); finops-cost-optimization attributes and reduces cloud spend",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Recognizes the request as application performance optimization, not cloud cost management",
|
|
34
|
+
"Refers to the performance-optimization skill for the N+1/indexing work",
|
|
35
|
+
"Does not produce a FinOps workflow (tagging, rightsizing, commitments) as the answer",
|
|
36
|
+
"States or implies the boundary: performance-optimization owns making code fast; finops-cost-optimization owns understanding and reducing spend"
|
|
37
|
+
]
|
|
38
|
+
}
|
|
39
|
+
]
|
|
40
|
+
}
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: git-workflow
|
|
3
|
-
description: "Write commit messages, PR descriptions, and manage branching strategy following conventional commits.
|
|
3
|
+
description: "Write commit messages, PR descriptions, and manage branching strategy following conventional commits."
|
|
4
|
+
when_to_use: "Triggers: write a commit message, commit this, PR description, pull request, branching strategy, git workflow, squash commits, rebase, conventional commits, how should I commit this, review staged changes."
|
|
4
5
|
model: haiku
|
|
5
6
|
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
7
|
---
|
|
@@ -13,11 +14,13 @@ Help write clear commit messages, structured PR descriptions, and manage branchi
|
|
|
13
14
|
|
|
14
15
|
### Step 1: Analyze the Changes
|
|
15
16
|
|
|
16
|
-
|
|
17
|
+
Currently staged (live at skill load; empty when nothing is staged, this isn't a
|
|
18
|
+
git repo, or injection is disabled):
|
|
17
19
|
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
20
|
+
!`git diff --staged --stat 2>/dev/null || true`
|
|
21
|
+
|
|
22
|
+
If the summary above is empty or not enough to understand the change, run
|
|
23
|
+
`git diff --staged` yourself for the full diff.
|
|
21
24
|
|
|
22
25
|
Identify:
|
|
23
26
|
- **What changed?** (files modified, functions added/removed, logic altered)
|
|
@@ -52,6 +55,10 @@ Use the Conventional Commits format — see [references/conventions.md](referenc
|
|
|
52
55
|
- Breaking changes: `BREAKING CHANGE: description`
|
|
53
56
|
- Co-authors: `Co-authored-by: Name <email>`
|
|
54
57
|
|
|
58
|
+
Commit types are not just style — in automated release flows they drive the version:
|
|
59
|
+
`fix` → PATCH, `feat` → MINOR, `feat!`/`BREAKING CHANGE:` → MAJOR. A mislabeled type
|
|
60
|
+
mis-versions the next release (see `release-management`).
|
|
61
|
+
|
|
55
62
|
### Step 3: Validate
|
|
56
63
|
|
|
57
64
|
Before committing, check:
|
|
@@ -64,14 +71,17 @@ Before committing, check:
|
|
|
64
71
|
|
|
65
72
|
### Step 1: Analyze the Branch
|
|
66
73
|
|
|
67
|
-
|
|
74
|
+
Branch state vs the default branch (live at skill load; tries `main` then
|
|
75
|
+
`master`):
|
|
68
76
|
|
|
69
|
-
|
|
70
|
-
git log main..HEAD --oneline
|
|
71
|
-
git diff main...HEAD --stat
|
|
72
|
-
```
|
|
77
|
+
!`git log main..HEAD --oneline 2>/dev/null || git log master..HEAD --oneline 2>/dev/null || true`
|
|
73
78
|
|
|
74
|
-
|
|
79
|
+
!`git diff main...HEAD --stat 2>/dev/null || git diff master...HEAD --stat 2>/dev/null || true`
|
|
80
|
+
|
|
81
|
+
If the output above is empty or the repo uses a different default branch, run the
|
|
82
|
+
equivalents against the actual base branch. Understand the full scope of changes
|
|
83
|
+
across all commits — run the full `git diff <base>...HEAD` when the stat summary
|
|
84
|
+
isn't enough.
|
|
75
85
|
|
|
76
86
|
### Step 2: Write the PR Description
|
|
77
87
|
|
|
@@ -102,9 +112,10 @@ Help set up or improve branching conventions. Ask about team size and release ca
|
|
|
102
112
|
|
|
103
113
|
**For small teams (1-5 devs) or continuous deployment:**
|
|
104
114
|
- `main` — always deployable
|
|
105
|
-
- `feat
|
|
106
|
-
-
|
|
107
|
-
|
|
115
|
+
- Branch naming: `feat/<description>`, `fix/<description>` — short-lived (1-3 days)
|
|
116
|
+
- Merge to main via PR — **squash-merge by default** (one clean commit per logical
|
|
117
|
+
change on main); one approval is the right review bar at this size
|
|
118
|
+
- Deploy from main
|
|
108
119
|
|
|
109
120
|
**For medium teams (5-15 devs) or scheduled releases:**
|
|
110
121
|
- `main` — production
|
|
@@ -125,3 +136,9 @@ See [references/conventions.md](references/conventions.md) for branch naming con
|
|
|
125
136
|
- **KISS**: One commit = one logical change. Don't bundle unrelated changes.
|
|
126
137
|
- **DRY**: If you're writing the same commit message pattern repeatedly, you might be making commits too granular or too broad.
|
|
127
138
|
- **Functional Independence**: Each PR should be independently deployable when possible. Avoid PRs that depend on other unmerged PRs.
|
|
139
|
+
|
|
140
|
+
## Cross-Skill References
|
|
141
|
+
|
|
142
|
+
- `release-management` — cutting the release these commits accumulate into: semver, changelog, tagging, publishing
|
|
143
|
+
- `code-reviewing` — reviewing the PR the description introduces
|
|
144
|
+
- `verification-before-completion` — run the proving commands before pushing or opening the PR
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: llm-app-engineering
|
|
3
|
+
description: "Design and build LLM-powered applications — prompt and context engineering, RAG architecture (chunking, hybrid retrieval, reranking, grounded prompts), agent design (tool surfaces, planning, sub-agents), and memory. Triggers: build a chatbot, LLM app, AI assistant, prompt engineering, system prompt, RAG design, chunking, embeddings, vector database, semantic search, AI agent, tool calling, agent memory, context window, hallucinations. Measuring quality → ai-evaluation; model serving/inference infra → ml-model-deployment."
|
|
4
|
+
model: opus
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# LLM App Engineering
|
|
9
|
+
|
|
10
|
+
Design LLM applications as **systems, not prompts**: what goes into the context
|
|
11
|
+
window, what the model is allowed to do, and what happens when it's wrong. The
|
|
12
|
+
model is the one component you don't control — engineer everything around it.
|
|
13
|
+
This skill designs and builds; proving a change helped is `ai-evaluation`'s job,
|
|
14
|
+
and no design below is "done" until it has an eval harness.
|
|
15
|
+
|
|
16
|
+
## Workflow
|
|
17
|
+
|
|
18
|
+
### Step 1: Choose the Simplest Sufficient Architecture
|
|
19
|
+
|
|
20
|
+
Escalate only when the previous rung measurably fails:
|
|
21
|
+
|
|
22
|
+
1. **Single prompt** — the task fits in one call with instructions + input.
|
|
23
|
+
2. **+ RAG** — the answer needs knowledge that doesn't fit in the prompt or
|
|
24
|
+
changes independently of deploys.
|
|
25
|
+
3. **+ Tools** — the model must act (query, search, write) — not just answer.
|
|
26
|
+
4. **Agent loop** — the path to the goal is genuinely unpredictable in advance.
|
|
27
|
+
Most "agents" that fail are workflows that should have been a fixed pipeline
|
|
28
|
+
with one or two LLM steps.
|
|
29
|
+
|
|
30
|
+
### Step 2: Engineer the Prompt as an Interface
|
|
31
|
+
|
|
32
|
+
- Structure: role and constraints → domain context → task → output format.
|
|
33
|
+
Put stable content first (prompt caching) and the volatile input last.
|
|
34
|
+
- State what to do on failure: "if the context doesn't contain the answer, say
|
|
35
|
+
so" — the unhappy path is where LLM apps lose user trust.
|
|
36
|
+
- Version prompts in git like code; a prompt change is a deploy and goes
|
|
37
|
+
through the same eval gate (`ai-evaluation`).
|
|
38
|
+
|
|
39
|
+
### Step 3: RAG — Design Retrieval Before Generation
|
|
40
|
+
|
|
41
|
+
Most bad RAG answers are retrieval failures wearing a generation costume.
|
|
42
|
+
|
|
43
|
+
- **Chunking**: split on document structure (headings, sections, one
|
|
44
|
+
ticket+resolution per chunk), not fixed character counts; attach metadata
|
|
45
|
+
(source, date, product area) for filtering and citations.
|
|
46
|
+
- **Retrieval**: hybrid (BM25 + vector) as the default — pure vector search
|
|
47
|
+
misses exact identifiers, SKUs, and error codes; filter by metadata, then
|
|
48
|
+
**rerank** the candidate set (retrieve ~20–50, keep the top 5–10).
|
|
49
|
+
- **Context budget** (decide, don't default): how many chunks fit, in what
|
|
50
|
+
order (most relevant near the question), the relevance floor below which a
|
|
51
|
+
chunk is dropped, and the behavior when nothing clears it — say "I don't
|
|
52
|
+
know" rather than pad the context with noise.
|
|
53
|
+
- **Grounding prompt**: answer only from the provided context, cite which
|
|
54
|
+
source supports each claim, refuse when unsupported.
|
|
55
|
+
|
|
56
|
+
### Step 4: Agents — Design the Tool Surface and the Loop
|
|
57
|
+
|
|
58
|
+
- **Tools**: few and sharply distinct beat many and overlapping — every tool
|
|
59
|
+
description competes for the model's attention on every step. Name by
|
|
60
|
+
intent (`search_orders`, not `api_call`); make each tool's failure return a
|
|
61
|
+
message the model can act on, not a stack trace.
|
|
62
|
+
- **Decomposition**: long tasks fail as one monolithic loop with 25 tools;
|
|
63
|
+
split into phases or sub-agents, each with a scoped toolset, and pass
|
|
64
|
+
structured summaries between them — not raw transcripts.
|
|
65
|
+
- **Guardrails**: cap iterations, budget tokens per task, and validate
|
|
66
|
+
side-effecting tool calls (or require confirmation) — an agent retrying a
|
|
67
|
+
failed write in a loop is the classic production incident.
|
|
68
|
+
|
|
69
|
+
### Step 5: Memory — Externalize State
|
|
70
|
+
|
|
71
|
+
The context window is a scarce cache, not a database. For long-horizon work:
|
|
72
|
+
keep a plan/scratchpad file the agent re-reads and updates; summarize or
|
|
73
|
+
compact stale history instead of letting it scroll off; store durable facts
|
|
74
|
+
(user preferences, decisions) outside the window and retrieve them like RAG.
|
|
75
|
+
|
|
76
|
+
### Step 6: Wire In Evaluation Before Shipping
|
|
77
|
+
|
|
78
|
+
Hand the design to `ai-evaluation`: a golden dataset (including unanswerable
|
|
79
|
+
and adversarial cases), RAG-stage metrics (retrieval vs generation scored
|
|
80
|
+
separately), agent task-success rate, and a CI regression gate. "The answers
|
|
81
|
+
feel better" is not evidence; a design without an eval harness is a prototype.
|
|
82
|
+
|
|
83
|
+
Deeper pattern detail (chunking table, reranking, memory patterns, failure
|
|
84
|
+
modes): [references/patterns.md](references/patterns.md).
|
|
85
|
+
|
|
86
|
+
## Principles Applied
|
|
87
|
+
|
|
88
|
+
- **KISS**: every architecture rung you skip is a class of failure you never
|
|
89
|
+
have to debug. Workflows beat agents when the path is predictable.
|
|
90
|
+
- **YAGNI**: no vector DB before checking whether the corpus fits in the
|
|
91
|
+
prompt; no agent framework before a plain loop with 3 tools fails.
|
|
92
|
+
- **SRP for tools**: one tool, one capability — overlapping tools force the
|
|
93
|
+
model to guess, and it will guess differently each run.
|
|
94
|
+
|
|
95
|
+
## Cross-Skill References
|
|
96
|
+
|
|
97
|
+
- `ai-evaluation` — golden datasets, RAG metrics, judges, eval gates (the
|
|
98
|
+
measurement half of every step above)
|
|
99
|
+
- `ml-model-deployment` — serving, monitoring, and drift once the app ships
|
|
100
|
+
- `api-design` — the contract around the LLM feature (streaming, errors, timeouts)
|
|
101
|
+
- `security-audit` — prompt injection, data exfiltration via tools, output handling
|
|
102
|
+
- `architecture-design` — ADRs for costly-to-reverse choices (vector store, framework)
|