swe-workflow-skills 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (177) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +144 -0
  3. package/VERSION +1 -0
  4. package/bin/cli.mjs +44 -0
  5. package/catalog.json +225 -0
  6. package/commands/role.md +34 -0
  7. package/hooks/session-start.mjs +118 -0
  8. package/install.mjs +318 -0
  9. package/package.json +47 -0
  10. package/roles.json +194 -0
  11. package/scripts/resolve.mjs +296 -0
  12. package/skills/accessibility-design/SKILL.md +128 -0
  13. package/skills/accessibility-design/evals/evals.json +51 -0
  14. package/skills/accessibility-design/references/accessibility-patterns.md +321 -0
  15. package/skills/api-design/SKILL.md +144 -0
  16. package/skills/api-design/evals/evals.json +48 -0
  17. package/skills/api-design/references/rest-conventions.md +147 -0
  18. package/skills/api-design/templates/api-spec.md +156 -0
  19. package/skills/architecture-design/SKILL.md +86 -0
  20. package/skills/architecture-design/evals/evals.json +44 -0
  21. package/skills/architecture-design/references/clean-architecture.md +147 -0
  22. package/skills/architecture-design/references/component-principles.md +129 -0
  23. package/skills/architecture-design/references/principles.md +81 -0
  24. package/skills/architecture-design/references/solid-principles.md +106 -0
  25. package/skills/architecture-design/templates/adr.md +63 -0
  26. package/skills/architecture-documentation/SKILL.md +126 -0
  27. package/skills/architecture-documentation/evals/evals.json +44 -0
  28. package/skills/architecture-documentation/references/abstraction-levels.md +91 -0
  29. package/skills/architecture-documentation/references/diagram-tooling.md +141 -0
  30. package/skills/architecture-documentation/templates/architecture-doc.md +171 -0
  31. package/skills/bug-investigating/SKILL.md +133 -0
  32. package/skills/bug-investigating/evals/evals.json +56 -0
  33. package/skills/bug-investigating/references/common-bugs.md +62 -0
  34. package/skills/bug-investigating/references/debugging-patterns.md +94 -0
  35. package/skills/cicd-pipeline/SKILL.md +87 -0
  36. package/skills/cicd-pipeline/evals/evals.json +34 -0
  37. package/skills/cicd-pipeline/references/pipeline-patterns.md +206 -0
  38. package/skills/cicd-pipeline/templates/github-actions.md +206 -0
  39. package/skills/code-reviewing/SKILL.md +92 -0
  40. package/skills/code-reviewing/evals/evals.json +62 -0
  41. package/skills/code-reviewing/references/error-handling.md +108 -0
  42. package/skills/code-reviewing/references/review-checklist.md +144 -0
  43. package/skills/configuration-strategy/SKILL.md +109 -0
  44. package/skills/configuration-strategy/evals/evals.json +41 -0
  45. package/skills/configuration-strategy/references/config-patterns.md +161 -0
  46. package/skills/containerization/SKILL.md +90 -0
  47. package/skills/containerization/evals/evals.json +36 -0
  48. package/skills/containerization/references/dockerfile-patterns.md +168 -0
  49. package/skills/containerization/templates/dockerfile.md +154 -0
  50. package/skills/data-modeling/SKILL.md +83 -0
  51. package/skills/data-modeling/evals/evals.json +43 -0
  52. package/skills/data-modeling/references/conventions.md +57 -0
  53. package/skills/data-modeling/templates/schema.md +120 -0
  54. package/skills/dependency-impact-analysis/SKILL.md +113 -0
  55. package/skills/dependency-impact-analysis/evals/evals.json +41 -0
  56. package/skills/dependency-impact-analysis/references/impact-patterns.md +150 -0
  57. package/skills/dependency-management/SKILL.md +161 -0
  58. package/skills/dependency-management/evals/evals.json +48 -0
  59. package/skills/dependency-management/references/evaluation-checklist.md +127 -0
  60. package/skills/deployment-checklist/SKILL.md +132 -0
  61. package/skills/deployment-checklist/evals/evals.json +58 -0
  62. package/skills/deployment-checklist/references/pre-deploy-gates.md +91 -0
  63. package/skills/deployment-repo/SKILL.md +190 -0
  64. package/skills/deployment-repo/evals/evals.json +44 -0
  65. package/skills/deployment-repo/references/deployment-repo-patterns.md +258 -0
  66. package/skills/deployment-repo/references/version-compatibility.md +227 -0
  67. package/skills/deployment-repo/templates/deployment-repo-structure.md +226 -0
  68. package/skills/effort-estimation/SKILL.md +95 -0
  69. package/skills/effort-estimation/evals/evals.json +32 -0
  70. package/skills/effort-estimation/references/estimation-methods.md +154 -0
  71. package/skills/feature-planning/SKILL.md +84 -0
  72. package/skills/feature-planning/evals/evals.json +44 -0
  73. package/skills/feature-planning/templates/plan.md +55 -0
  74. package/skills/feature-planning/templates/task.md +26 -0
  75. package/skills/frontend-architecture/SKILL.md +154 -0
  76. package/skills/frontend-architecture/evals/evals.json +34 -0
  77. package/skills/frontend-architecture/references/component-patterns.md +264 -0
  78. package/skills/frontend-architecture/templates/folder-structure.md +203 -0
  79. package/skills/git-workflow/SKILL.md +127 -0
  80. package/skills/git-workflow/evals/evals.json +44 -0
  81. package/skills/git-workflow/references/conventions.md +142 -0
  82. package/skills/git-workflow/templates/pull-request.md +57 -0
  83. package/skills/gitops-delivery/SKILL.md +319 -0
  84. package/skills/gitops-delivery/evals/evals.json +44 -0
  85. package/skills/gitops-delivery/references/gitops-patterns.md +478 -0
  86. package/skills/gitops-delivery/templates/gitops-config.md +196 -0
  87. package/skills/incident-response/SKILL.md +130 -0
  88. package/skills/incident-response/evals/evals.json +55 -0
  89. package/skills/incident-response/references/communication-templates.md +134 -0
  90. package/skills/incident-response/references/severity-levels.md +77 -0
  91. package/skills/incident-response/templates/incident-timeline.md +57 -0
  92. package/skills/infrastructure-as-code/SKILL.md +86 -0
  93. package/skills/infrastructure-as-code/evals/evals.json +33 -0
  94. package/skills/infrastructure-as-code/references/iac-patterns.md +179 -0
  95. package/skills/infrastructure-as-code/templates/terraform-module.md +158 -0
  96. package/skills/metrics-and-okrs/SKILL.md +113 -0
  97. package/skills/metrics-and-okrs/evals/evals.json +33 -0
  98. package/skills/metrics-and-okrs/references/metric-catalog.md +90 -0
  99. package/skills/metrics-and-okrs/templates/okr-document.md +61 -0
  100. package/skills/ml-experiment-tracking/SKILL.md +96 -0
  101. package/skills/ml-experiment-tracking/evals/evals.json +32 -0
  102. package/skills/ml-experiment-tracking/references/tracking-tools.md +127 -0
  103. package/skills/ml-model-deployment/SKILL.md +106 -0
  104. package/skills/ml-model-deployment/evals/evals.json +34 -0
  105. package/skills/ml-model-deployment/references/serving-patterns.md +162 -0
  106. package/skills/ml-pipeline-design/SKILL.md +162 -0
  107. package/skills/ml-pipeline-design/evals/evals.json +34 -0
  108. package/skills/ml-pipeline-design/references/pipeline-components.md +174 -0
  109. package/skills/observability-design/SKILL.md +162 -0
  110. package/skills/observability-design/evals/evals.json +52 -0
  111. package/skills/observability-design/references/logging-patterns.md +229 -0
  112. package/skills/observability-design/references/slo-framework.md +151 -0
  113. package/skills/observability-design/templates/slo-document.md +80 -0
  114. package/skills/performance-optimization/SKILL.md +83 -0
  115. package/skills/performance-optimization/evals/evals.json +47 -0
  116. package/skills/performance-optimization/references/bottleneck-patterns.md +256 -0
  117. package/skills/performance-optimization/references/concurrency.md +101 -0
  118. package/skills/prd-writing/SKILL.md +109 -0
  119. package/skills/prd-writing/evals/evals.json +33 -0
  120. package/skills/prd-writing/references/prd-examples.md +132 -0
  121. package/skills/prd-writing/templates/prd.md +71 -0
  122. package/skills/prd-writing/templates/rfc.md +79 -0
  123. package/skills/project-documentation/SKILL.md +104 -0
  124. package/skills/project-documentation/evals/evals.json +48 -0
  125. package/skills/project-documentation/references/contributing-guide.md +100 -0
  126. package/skills/project-documentation/templates/changelog.md +59 -0
  127. package/skills/project-documentation/templates/readme.md +121 -0
  128. package/skills/project-proposal/SKILL.md +90 -0
  129. package/skills/project-proposal/evals/evals.json +31 -0
  130. package/skills/project-proposal/references/proposal-examples.md +140 -0
  131. package/skills/project-proposal/templates/proposal.md +76 -0
  132. package/skills/project-review/SKILL.md +111 -0
  133. package/skills/project-review/evals/evals.json +42 -0
  134. package/skills/refactoring/SKILL.md +90 -0
  135. package/skills/refactoring/evals/evals.json +44 -0
  136. package/skills/refactoring/references/transformations.md +132 -0
  137. package/skills/retrospective/SKILL.md +157 -0
  138. package/skills/retrospective/evals/evals.json +34 -0
  139. package/skills/retrospective/references/facilitation-guide.md +130 -0
  140. package/skills/retrospective/templates/post-mortem.md +121 -0
  141. package/skills/rollback-strategy/SKILL.md +116 -0
  142. package/skills/rollback-strategy/evals/evals.json +55 -0
  143. package/skills/rollback-strategy/references/rollback-patterns.md +125 -0
  144. package/skills/rollback-strategy/templates/rollback-plan.md +69 -0
  145. package/skills/security-audit/SKILL.md +146 -0
  146. package/skills/security-audit/evals/evals.json +66 -0
  147. package/skills/security-audit/references/owasp-top-10.md +167 -0
  148. package/skills/security-audit/templates/security-report.md +79 -0
  149. package/skills/skill-router/SKILL.md +171 -0
  150. package/skills/skill-router/evals/evals.json +39 -0
  151. package/skills/strategic-review/SKILL.md +106 -0
  152. package/skills/strategic-review/evals/evals.json +42 -0
  153. package/skills/strategic-review/templates/full-review-prompt.md +84 -0
  154. package/skills/tdd-workflow/SKILL.md +147 -0
  155. package/skills/tdd-workflow/evals/evals.json +58 -0
  156. package/skills/tdd-workflow/references/test-quality.md +71 -0
  157. package/skills/technical-debt-review/SKILL.md +113 -0
  158. package/skills/technical-debt-review/evals/evals.json +41 -0
  159. package/skills/technical-debt-review/references/debt-taxonomy.md +124 -0
  160. package/skills/technical-debt-review/templates/debt-audit.md +85 -0
  161. package/skills/test-data-strategy/SKILL.md +129 -0
  162. package/skills/test-data-strategy/evals/evals.json +49 -0
  163. package/skills/test-data-strategy/references/data-generation-patterns.md +341 -0
  164. package/skills/test-suite-design/SKILL.md +137 -0
  165. package/skills/test-suite-design/evals/evals.json +69 -0
  166. package/skills/test-suite-design/references/test-infrastructure.md +175 -0
  167. package/skills/test-suite-design/references/testing-pyramid.md +140 -0
  168. package/skills/ui-ux-design/SKILL.md +117 -0
  169. package/skills/ui-ux-design/evals/evals.json +35 -0
  170. package/skills/ui-ux-design/references/interaction-patterns.md +145 -0
  171. package/skills/ui-ux-design/templates/screen-spec.md +97 -0
  172. package/skills/verification-before-completion/SKILL.md +85 -0
  173. package/skills/verification-before-completion/evals/evals.json +53 -0
  174. package/skills/writing-skills/SKILL.md +87 -0
  175. package/skills/writing-skills/evals/evals.json +41 -0
  176. package/skills/writing-skills/references/pressure-testing.md +69 -0
  177. package/uninstall.mjs +182 -0
@@ -0,0 +1,31 @@
1
+ {
2
+ "skill_name": "project-proposal",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "I want to propose migrating our monolithic Django app to microservices. Our CTO is skeptical and wants to see a business case. We have 15 engineers, the app serves 50K users, and deployments take 2 hours with frequent rollbacks. Help me write the proposal.",
7
+ "expected_output": "Should produce a concise proposal with clear problem statement (deployment pain, not just 'microservices are trendy'), alternatives including 'do nothing' and 'modular monolith', honest risk assessment, and measurable success criteria.",
8
+ "assertions": [
9
+ "Frames the problem as deployment pain and team scalability, not 'microservices are better'",
10
+ "Includes 'do nothing' and 'modular monolith' as alternatives",
11
+ "Provides rough effort estimate in person-weeks with a range",
12
+ "Risk assessment includes distributed system complexity and team skill gaps",
13
+ "Success criteria are measurable (deploy time, rollback rate, team velocity)",
14
+ "Keeps the proposal to 1-2 pages equivalent",
15
+ "Does NOT assume microservices are the right answer — presents it objectively"
16
+ ]
17
+ },
18
+ {
19
+ "id": 2,
20
+ "prompt": "Write a project proposal for adding a real-time chat feature to our SaaS product. Budget approval needed from the VP of Engineering.",
21
+ "expected_output": "Should ask clarifying questions about the business case before writing, then produce a structured proposal.",
22
+ "assertions": [
23
+ "Asks about the business justification (why chat? user demand data?)",
24
+ "Asks about build vs buy (Sendbird, Stream, custom WebSocket)",
25
+ "Includes build vs buy as alternatives",
26
+ "Estimates account for ongoing operational cost (not just build cost)",
27
+ "Risk section addresses real-time infrastructure complexity"
28
+ ]
29
+ }
30
+ ]
31
+ }
@@ -0,0 +1,140 @@
1
+ # Project Proposal Examples
2
+
3
+ ## Calibrating Depth by Project Scale
4
+
5
+ A proposal for a 1-week internal tool looks very different from a proposal for a 6-month platform investment. Match depth to stakes:
6
+
7
+ | Scale | Team size | Duration | Proposal length | Business case depth |
8
+ |-------|-----------|----------|-----------------|---------------------|
9
+ | Small | 1-2 engineers | < 2 weeks | Half a page | Problem + 1 metric |
10
+ | Medium | 2-5 engineers | 2-8 weeks | 1 page | Full problem, ROI estimate |
11
+ | Large | 5+ engineers or cross-team | 2+ months | 1-2 pages | Full business case, risk table |
12
+
13
+ ---
14
+
15
+ ## Small Scale: Quick-Start Proposal
16
+
17
+ **Proposal**: Automate weekly dependency audit
18
+
19
+ **Problem**: Our team manually checks `npm audit` and `pip audit` each Monday. This takes ~45 minutes and often gets skipped when the team is busy. Three unaddressed vulnerabilities slipped into production last quarter.
20
+
21
+ **Solution**: Add a weekly scheduled CI job that runs security audits and opens a GitHub issue with findings if new critical/high vulnerabilities exist. Auto-closes the issue when the audit passes.
22
+
23
+ **Estimate**: 1 engineer, 3 days.
24
+
25
+ **Cost**: Zero infrastructure cost (existing CI minutes). Saves ~3 engineer-hours/month.
26
+
27
+ **Success**: Zero manually-skipped audits. Vulnerabilities detected within 7 days of publication.
28
+
29
+ ---
30
+
31
+ What makes this good: Problem is concrete ("three slipped into production"), solution is tiny in scope, estimate is honest, success is measurable. No risk table needed for a 3-day project.
32
+
33
+ ---
34
+
35
+ ## Medium Scale: Full Proposal
36
+
37
+ **Proposal**: Customer-Facing Usage Dashboard
38
+
39
+ **Problem**
40
+
41
+ Enterprise customers currently email support to ask "how many API calls did we make this month?" Support handles ~40 such requests per month (4 hours of engineer time). 3 churned customers cited "poor visibility into usage" in exit surveys. Without usage visibility, customers don't know when they're approaching plan limits until they hit them — causing unexpected billing surprises.
42
+
43
+ **Solution**
44
+
45
+ Build a usage dashboard in the customer portal showing:
46
+ - API calls (daily/weekly/monthly)
47
+ - Current period usage vs. plan limit
48
+ - Per-endpoint breakdown
49
+ - Downloadable CSV for billing reconciliation
50
+
51
+ Usage data already exists in our analytics database. This is a read-only UI over existing data.
52
+
53
+ **Scope**
54
+
55
+ Included: Web dashboard, email alerts at 80%/100% of plan limits, CSV export
56
+ Excluded: Real-time updates (batch refresh every hour is sufficient), mobile app, per-user breakdown within an org
57
+
58
+ **Estimate**
59
+
60
+ - 2 engineers, 4 weeks
61
+ - Design: 1 week (1 designer)
62
+ - Infrastructure: No new services; read from existing analytics DB
63
+
64
+ **Risks**
65
+
66
+ | Risk | Probability | Impact | Mitigation |
67
+ |------|-------------|--------|------------|
68
+ | Analytics DB performance (high-read queries) | Medium | Medium | Add read replica; query pre-aggregated tables |
69
+ | Scope expansion (customers request more metrics) | High | Low | Strict non-goals; defer to v2 |
70
+ | Data accuracy concerns | Low | High | Display data freshness timestamp; add reconciliation note |
71
+
72
+ **Success Criteria**
73
+
74
+ - Support requests about usage drop by 80% within 60 days of launch
75
+ - Customer satisfaction score (CSAT) for billing/usage queries improves
76
+ - Zero plan limit surprises in first 90 days post-launch
77
+
78
+ ---
79
+
80
+ ## Large Scale: Platform Investment Proposal
81
+
82
+ **Proposal**: Migrate Authentication to a Centralized Auth Service
83
+
84
+ **Problem**
85
+
86
+ Authentication logic is currently duplicated across 4 services (API, admin panel, mobile backend, partner portal). Last quarter:
87
+ - A JWT signing key rotation took 3 days because it required coordinated deploys across all 4 services
88
+ - An auth bug was fixed in 2 of 4 services; the other 2 remained vulnerable for 11 days
89
+ - Onboarding a 5th service (analytics API) would require duplicating auth logic again
90
+
91
+ Security team has flagged our auth architecture as high-risk in the last two security reviews.
92
+
93
+ **Solution**
94
+
95
+ Build a centralized auth service (OAuth2/OIDC server) that issues JWTs. All services validate tokens against a shared public key. Services no longer implement auth — they only validate tokens.
96
+
97
+ **Architecture summary**:
98
+ - Auth Service: issues tokens, handles login/logout/refresh, manages sessions
99
+ - All other services: validate token signature + claims only (stateless validation)
100
+ - Migration: phased, service by service, with backwards compatibility
101
+
102
+ **Alternatives Considered**
103
+
104
+ 1. **Status quo + better coordination**: Document the auth pattern, add cross-service testing. Lower effort but doesn't eliminate duplication or key rotation pain.
105
+ 2. **Adopt a managed auth provider (Auth0, Cognito)**: Faster to implement, reduces maintenance burden. Rejected: $8,000/month at our user volume, and we'd lose control of session data (compliance concern).
106
+ 3. **Centralized auth service** (proposed): Higher upfront cost, eliminates duplication, solves key rotation, enables SSO as future option.
107
+
108
+ **Estimate**
109
+
110
+ - 3 engineers + 1 security engineer, 3 months
111
+ - Phase 1 (auth service + API migration): 6 weeks
112
+ - Phase 2 (remaining 3 services): 6 weeks
113
+ - Infrastructure: +$200/month for dedicated auth service instances
114
+
115
+ **Risks**
116
+
117
+ | Risk | Probability | Impact | Mitigation |
118
+ |------|-------------|--------|------------|
119
+ | Auth service becomes single point of failure | Low | Critical | Multi-region deploy; circuit breakers in all services |
120
+ | Migration breaks a service | Medium | High | Feature flag per service; rollback is re-enable old auth path |
121
+ | Team expertise gap (OAuth2/OIDC) | Medium | Medium | Security engineer on team; use established library (Hydra or Keycloak) |
122
+ | Scope expansion (add SSO, MFA) | High | Medium | Strict phase gating; SSO is explicitly v2 |
123
+
124
+ **Success Criteria**
125
+
126
+ - Key rotation takes < 1 hour (down from 3 days)
127
+ - Auth vulnerabilities are patched in all services within 24 hours of discovery
128
+ - New services require < 1 day to integrate auth (vs. current 2+ weeks)
129
+ - Zero auth-related incidents in the 90 days following full rollout
130
+
131
+ ---
132
+
133
+ ## What to Cut When Time Is Short
134
+
135
+ If stakeholders need a decision quickly, prioritize in this order:
136
+ 1. **Problem statement + impact** — without this, there's no decision to make
137
+ 2. **Estimate** — stakeholders need to know the cost
138
+ 3. **Success criteria** — how will we know it worked?
139
+ 4. **Risks** — what could go wrong?
140
+ 5. **Alternatives** — can be verbal rather than written for small proposals
@@ -0,0 +1,76 @@
1
+ # Project Proposal Template
2
+
3
+ ```markdown
4
+ # Project Proposal: [Project Name]
5
+
6
+ **Author**: [Name]
7
+ **Date**: [YYYY-MM-DD]
8
+ **Status**: Draft | In Review | Approved | Rejected
9
+ **Decision by**: [Date needed]
10
+
11
+ ## Problem
12
+
13
+ [2-3 sentences: What problem exists, who has it, and what's the impact of not solving it?
14
+ Include data if available: "Support receives ~40 tickets/week about X, costing ~$Y/month."]
15
+
16
+ ## Proposed Solution
17
+
18
+ [1-2 paragraphs: What we'll build, at a high level. Not a technical spec — just enough
19
+ for a stakeholder to understand the approach.]
20
+
21
+ ### Scope
22
+
23
+ **In scope:**
24
+ - [What's included]
25
+
26
+ **Out of scope:**
27
+ - [What's explicitly excluded — important for setting expectations]
28
+
29
+ ### Alternatives Considered
30
+
31
+ | Option | Pros | Cons | Why not? |
32
+ |--------|------|------|----------|
33
+ | Do nothing | No cost | Problem persists | [Impact of inaction] |
34
+ | [Alternative A] | [Pros] | [Cons] | [Reason rejected] |
35
+ | [Alternative B] | [Pros] | [Cons] | [Reason rejected] |
36
+
37
+ ## Estimates
38
+
39
+ | Item | Estimate |
40
+ |------|----------|
41
+ | Team size | [N] engineers, [N] designer |
42
+ | Duration | [X-Y] weeks |
43
+ | Infrastructure cost | $[X]/month |
44
+ | Third-party tools | $[X]/month |
45
+ | Total estimated investment | ~[X] person-weeks |
46
+
47
+ ## Risks
48
+
49
+ | Risk | Probability | Impact | Mitigation |
50
+ |------|-------------|--------|------------|
51
+ | [Risk 1] | Med | High | [Strategy] |
52
+ | [Risk 2] | Low | High | [Strategy] |
53
+ | [Risk 3] | High | Med | [Strategy] |
54
+
55
+ ## Success Criteria
56
+
57
+ | Metric | Current | Target | Measured After |
58
+ |--------|---------|--------|----------------|
59
+ | [Metric 1] | [Baseline] | [Goal] | [Timeframe] |
60
+ | [Metric 2] | [Baseline] | [Goal] | [Timeframe] |
61
+
62
+ ## Timeline (Rough)
63
+
64
+ - **Week 1-2**: [Phase 1 — e.g., Design + technical spike]
65
+ - **Week 3-5**: [Phase 2 — e.g., Core implementation]
66
+ - **Week 6**: [Phase 3 — e.g., Testing + launch]
67
+
68
+ ## Decision Requested
69
+
70
+ [What you need from stakeholders: approval to proceed, budget allocation,
71
+ resource commitment, or feedback on approach.]
72
+
73
+ ## References
74
+
75
+ - [Related documents, prior research, competitive analysis]
76
+ ```
@@ -0,0 +1,111 @@
1
+ ---
2
+ name: project-review
3
+ description: "Review a built project's execution health before a milestone — scope alignment, roadmap / execution-plan adherence, implementation maturity (what's production-ready vs stub/deferred), and the evidence it actually works (tests, coverage, validation results, changelog). Triggers: project review, execution review, are we on track, implementation vs roadmap, scope drift, readiness review, what's actually built, validation results review, pre-launch review. Use strategic-review for vision/positioning/market; technical-debt-review for a pure code-health audit."
4
+ model: opus
5
+ allowed-tools: Read, Grep, Glob, WebFetch, Write, Edit
6
+ ---
7
+
8
+ # Project Review
9
+
10
+ Assess how a project is actually executing against its own plan — what's built,
11
+ what's claimed, what's proven, and where the gaps are. The output is an honest,
12
+ prioritized execution picture a decision-maker can act on, not a code-by-code
13
+ critique. The discipline is **separating "built" from "validated" from
14
+ "planned"** and refusing to let any of the three stand in for the others.
15
+
16
+ This is the **execution lens**. For vision, positioning, and market, run
17
+ `strategic-review`; the two compose into a full pre-public / pre-milestone review
18
+ (see [templates/full-review-prompt.md](../strategic-review/templates/full-review-prompt.md)).
19
+
20
+ ## Ground rule: cite or label
21
+
22
+ Every claim is either **confirmed** (cite the file/path/command output that proves
23
+ it) or **inferred** (say so, and say from what). A reviewer who blurs the two is
24
+ worse than no reviewer — the decision-maker can't tell evidence from optimism.
25
+ Never report a capability as working unless you saw it work or saw a test that
26
+ exercises it.
27
+
28
+ ## Step 1: Inventory the claims and the plan
29
+
30
+ Read the project's own statements of intent before judging anything:
31
+
32
+ - **Scope & status claims** — README, vision/strategy docs, roadmap, execution
33
+ plan, CHANGELOG, milestone/issue tracker. What does the project say it is, what
34
+ phase does it say it's in, and what does it promise for the milestone in question?
35
+ - **The hard boundaries** — declared scope and explicit non-goals. These are what
36
+ you measure scope drift against.
37
+
38
+ Capture this as the baseline. Everything downstream is "reality vs this baseline."
39
+
40
+ ## Step 2: Map implementation maturity
41
+
42
+ Walk the actual code/artifacts and classify each major component:
43
+
44
+ | Tier | Meaning | Signals |
45
+ |------|---------|---------|
46
+ | **Production-ready** | Built, integrated, tested | Real implementation, callers, tests, in CI |
47
+ | **Functional / thin** | Works but unproven or partial | Implemented, light/no tests, edge cases open |
48
+ | **Stub / scaffold** | Shape exists, behavior doesn't | `TODO`, `NotImplemented`, empty handlers, returns mock data |
49
+ | **Deferred / absent** | Named in the plan, not started | Referenced in docs/roadmap, no code |
50
+
51
+ Be specific: name the package/module/path and the tier. The deliverable is a
52
+ maturity map, not a vibe. Grep for stub markers (`TODO`, `FIXME`, `raise
53
+ NotImplementedError`, `throw new Error("not implemented")`, `pass # stub`).
54
+
55
+ ## Step 3: Reconcile against the roadmap — and find the drift
56
+
57
+ Lay the maturity map over the plan from Step 1:
58
+
59
+ - **Ahead / behind** — where is the code further along than the docs admit (common,
60
+ and a sign the strategy doc is stale), and where is it behind a milestone it
61
+ claims to have hit?
62
+ - **Scope drift** — what got built that isn't in scope? What's in scope but
63
+ silently dropped? What crossed a declared non-goal boundary?
64
+ - **Sequencing risk** — is load-bearing work scheduled after the milestone that
65
+ depends on it?
66
+
67
+ ## Step 4: Review the evidence it works
68
+
69
+ This is where most reviews are too generous. "The code is built" is not "the
70
+ concept is validated." Assess the evidence chain:
71
+
72
+ - **Tests** — do they exist for the load-bearing paths, or only happy paths?
73
+ Coverage numbers if available; quality, not just quantity.
74
+ - **Validation / experimental results** — if the project ran its own validation
75
+ (efficacy data, benchmarks, A/B results, user trials), read the *actual numbers*
76
+ and report what they say, including when they're **negative or inconclusive**.
77
+ Foreground an uncomfortable result; don't bury it.
78
+ - **CI / checks** — does the pipeline actually gate, or is it advisory?
79
+ - **The built-vs-validated gap** — state it explicitly: which capabilities are
80
+ built but unproven, and what evidence would close the gap?
81
+
82
+ ## Step 5: Prioritized execution findings
83
+
84
+ Produce ranked, severity-tagged findings, each tied to its evidence:
85
+
86
+ - **Severity** — Critical (blocks the milestone / claim is false) / High (material
87
+ risk) / Medium (should fix) / Low (note it).
88
+ - **Each finding**: what, the evidence (cited), why it matters for the milestone,
89
+ and the smallest action that addresses it.
90
+ - **An execution scorecard** — maturity, roadmap-adherence, evidence-strength,
91
+ each rated with a one-line justification, so the reader gets the picture at a glance.
92
+
93
+ For the rendered deliverable (interactive HTML report, dashboards, sortable
94
+ findings table), hand off to `artifact-design`. Default to writing it to a
95
+ gitignored location (e.g. `.local/`) unless told otherwise.
96
+
97
+ ## Principles Applied
98
+
99
+ - **Honesty over comfort** — a review that flatters the plan is worthless; lead
100
+ with the most load-bearing problem, even when it undercuts the project's thesis.
101
+ - **Evidence over assertion** — confirmed vs inferred, always; cite the source.
102
+ - **Prioritize** — a ranked short list of what matters beats an exhaustive catalog.
103
+ - **Right altitude** — execution health, not line-level nits (that's `code-reviewing`).
104
+
105
+ ## Cross-Skill References
106
+
107
+ - `strategic-review` — the other half of a pre-public review: vision, positioning, market.
108
+ - `technical-debt-review` — when the question is purely codebase health / remediation roadmap.
109
+ - `code-reviewing` — for a specific diff or PR, not a whole-project assessment.
110
+ - `metrics-and-okrs` — to turn findings into measurable readiness gates.
111
+ - `artifact-design` — to render the review as a polished interactive report.
@@ -0,0 +1,42 @@
1
+ {
2
+ "skill_name": "project-review",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "We're about to go public with our toolkit. It's spread across a strategy repo, a core implementation repo, and a validation harness. Before we announce, review where the project actually stands against its roadmap — what's really built, what's still a stub, and whether our own validation backs up the claims.",
7
+ "expected_output": "A structured execution review: inventories the project's own scope/roadmap claims, maps implementation maturity by component (production-ready vs stub/deferred), reconciles against the roadmap to surface ahead/behind and scope drift, reads the actual validation results (including negative ones), and produces prioritized severity-tagged findings with an execution scorecard.",
8
+ "assertions": [
9
+ "Starts by inventorying the project's own claims/scope/roadmap before judging",
10
+ "Maps implementation maturity by component into tiers (production-ready / thin / stub / deferred), naming specific paths",
11
+ "Explicitly distinguishes what is built from what is validated from what is planned",
12
+ "Reads and reports the actual validation/evidence results, including negative or inconclusive ones, rather than assuming success",
13
+ "Surfaces scope drift and roadmap mismatches (ahead-of-docs or behind-a-claimed-milestone)",
14
+ "Produces prioritized, severity-tagged findings tied to cited evidence, not an exhaustive nit list",
15
+ "Defers vision/positioning/market questions to strategic-review rather than answering them here"
16
+ ]
17
+ },
18
+ {
19
+ "id": 2,
20
+ "prompt": "Our strategy doc says the project is still 'pre-development', but I think engineering has actually built most of phase 1 already. Can you review the real state? Also a lot of the docs claim features that I'm not sure are real.",
21
+ "expected_output": "Recognizes the docs may be stale or over-claiming and treats code as the source of truth: maps what's actually implemented vs what docs claim, flags both directions of mismatch (built-but-undocumented and claimed-but-absent), and labels each finding confirmed vs inferred with a cited source.",
22
+ "assertions": [
23
+ "Treats the actual code/artifacts as ground truth when docs and reality conflict",
24
+ "Flags claimed-but-absent features (documentation over-claiming) as findings",
25
+ "Flags built-but-understated work (code ahead of the stated status) as findings",
26
+ "Labels each conclusion as confirmed (with a cited source) or inferred",
27
+ "Greps for stub/not-implemented markers rather than trusting prose descriptions of capability"
28
+ ]
29
+ },
30
+ {
31
+ "id": 3,
32
+ "prompt": "There's a 20-line function in our payments module with a bug. Can you review it and tell me how to fix it?",
33
+ "expected_output": "Recognizes this is a single small code change, not a project-level execution review — redirects to code-reviewing / bug-investigating rather than launching the full review workflow.",
34
+ "assertions": [
35
+ "Recognizes this is a narrow, single-unit task, not a whole-project execution review",
36
+ "Does not launch the full project-review workflow (claims inventory, maturity map, etc.)",
37
+ "Redirects to code-reviewing or bug-investigating as the right-altitude skill",
38
+ "Can still help with the specific function, scoped appropriately"
39
+ ]
40
+ }
41
+ ]
42
+ }
@@ -0,0 +1,90 @@
1
+ ---
2
+ name: refactoring
3
+ description: "Systematic code improvement via design principles, smell detection, and safe transformation patterns. Triggers: refactor this, clean this up, simplify this code, reduce complexity, extract this, this code is messy, tech debt, improve this code, code smell, rename, extract function, dead code."
4
+ model: sonnet
5
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
+ ---
7
+
8
+ # Refactoring
9
+
10
+ Guide safe, incremental code improvements that preserve behavior while enhancing design. Refactoring is disciplined — every change is small, tested, and reversible.
11
+
12
+ ## Core Rule
13
+
14
+ **Never change behavior and structure in the same step.** Either you're adding a feature (behavior change) or you're refactoring (structure change). Mixing them creates bugs that are hard to trace.
15
+
16
+ ## Workflow
17
+
18
+ ### Step 1: Ensure Test Coverage
19
+
20
+ Before refactoring anything, verify that tests exist for the behavior you're about to restructure. If tests are missing:
21
+
22
+ 1. Write characterization tests that document current behavior (even if the behavior has quirks)
23
+ 2. Run them and confirm they pass
24
+ 3. Only then begin refactoring
25
+
26
+ If the user resists writing tests first, explain: refactoring without tests is not refactoring, it's rewriting with hope.
27
+
28
+ ### Step 2: Identify Smells
29
+
30
+ Read the code and identify code smells. Prioritize by impact — don't try to fix everything at once. The most common smells, roughly ordered by severity:
31
+
32
+ 1. **Long function** (>30 lines) → Extract method
33
+ 2. **Duplicated logic** → Extract and share
34
+ 3. **Deep nesting** (>3 levels) → Early returns, extract method
35
+ 4. **Long parameter list** (>4 params) → Introduce parameter object
36
+ 5. **Feature envy** → Move method to the class it uses most
37
+ 6. **Primitive obsession** → Introduce domain types
38
+ 7. **Shotgun surgery** → Consolidate related logic
39
+ 8. **Divergent change** → Split class by responsibility
40
+
41
+ See [references/transformations.md](references/transformations.md) for the complete catalog of safe transformations.
42
+
43
+ ### Step 3: Plan the Sequence
44
+
45
+ Order refactoring steps so that each step:
46
+ - Is small enough to verify easily
47
+ - Keeps all tests green
48
+ - Makes the next step easier
49
+
50
+ A good sequence often looks like:
51
+ 1. Rename for clarity (cheapest, highest readability impact)
52
+ 2. Extract helpers to reduce function length
53
+ 3. Consolidate duplicates using the extracted helpers
54
+ 4. Move methods to better homes
55
+ 5. Simplify interfaces
56
+
57
+ ### Step 4: Execute — One Step at a Time
58
+
59
+ For each transformation:
60
+
61
+ 1. **Explain** what you're about to do and why
62
+ 2. **Apply** the single transformation
63
+ 3. **Run tests** and confirm green
64
+ 4. **Show the diff** to the user
65
+
66
+ If tests break, undo immediately. A failing test after refactoring means the transformation changed behavior — that's a bug, not a test to fix.
67
+
68
+ ### Step 5: Review the Result
69
+
70
+ After completing the planned sequence:
71
+
72
+ - Compare before/after: Is the intent clearer? Is the code simpler?
73
+ - Run the full test suite
74
+ - Check that no public API changed (unless that was the goal)
75
+ - Look for any new smells introduced by the refactoring
76
+
77
+ ## Principles Applied
78
+
79
+ - **DRY**: Eliminate duplication discovered during refactoring
80
+ - **KISS**: Every transformation should make the code simpler, not more abstract
81
+ - **SRP**: Each extracted function/class should have one reason to change
82
+ - **YAGNI**: Don't introduce abstractions for hypothetical future needs during refactoring
83
+ - **Functional Independence**: Refactoring should reduce coupling, not increase it
84
+ - **Boy Scout Rule**: Leave the code cleaner than you found it — every refactoring session should improve the surrounding code slightly, not just the target. Small cleanups (renaming, removing dead code) near the area you're working in compound over time.
85
+ - **Kent Beck's 4 Rules of Simple Design**: After refactoring, the code should: (1) pass all tests, (2) reveal intention clearly, (3) contain no duplication, (4) use the fewest classes and methods needed. Apply these as a checklist during Step 5 review.
86
+
87
+ ## Cross-Skill References
88
+
89
+ - `technical-debt-review` — use to identify which areas are worth refactoring at a strategic level before starting
90
+ - `dependency-impact-analysis` — use before refactoring a shared component or public interface to understand blast radius
@@ -0,0 +1,44 @@
1
+ {
2
+ "skill_name": "refactoring",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "Refactor this JavaScript function:\n\nfunction processData(data, type, format, verbose, dryRun) {\n let result = [];\n for (let i = 0; i < data.length; i++) {\n if (type === 'user') {\n if (data[i].age > 18) {\n if (data[i].active) {\n if (format === 'json') {\n result.push(JSON.stringify(data[i]));\n } else if (format === 'csv') {\n result.push(`${data[i].name},${data[i].age},${data[i].email}`);\n } else {\n result.push(data[i].toString());\n }\n }\n }\n } else if (type === 'order') {\n if (data[i].total > 0) {\n if (data[i].status !== 'cancelled') {\n if (format === 'json') {\n result.push(JSON.stringify(data[i]));\n } else if (format === 'csv') {\n result.push(`${data[i].id},${data[i].total},${data[i].status}`);\n } else {\n result.push(data[i].toString());\n }\n }\n }\n }\n if (verbose) console.log(`Processed item ${i}`);\n }\n if (!dryRun) {\n saveToFile(result);\n }\n return result;\n}",
7
+ "expected_output": "Should identify multiple smells (deep nesting, long parameter list, duplicated formatting logic, SRP violation), check for tests first, then apply transformations one at a time.",
8
+ "assertions": [
9
+ "Asks about or checks for existing tests before refactoring",
10
+ "Identifies deep nesting as the primary smell",
11
+ "Identifies duplicated format logic between user and order branches",
12
+ "Identifies long parameter list (5 params)",
13
+ "Applies early returns to flatten nesting",
14
+ "Extracts formatting logic into a shared function",
15
+ "Introduces a parameter object or options pattern",
16
+ "Shows each transformation step separately",
17
+ "Runs or suggests running tests between steps"
18
+ ]
19
+ },
20
+ {
21
+ "id": 2,
22
+ "prompt": "I want to refactor this module but there are no tests. What should I do?",
23
+ "expected_output": "Should insist on writing characterization tests first, explain why, and help write them before any refactoring begins.",
24
+ "assertions": [
25
+ "Does not start refactoring without tests",
26
+ "Explains characterization tests and their purpose",
27
+ "Offers to help write the characterization tests",
28
+ "Tests document current behavior, including quirks"
29
+ ]
30
+ },
31
+ {
32
+ "id": 3,
33
+ "prompt": "Can you refactor my entire codebase to use better patterns?",
34
+ "expected_output": "Should push back on the scope — suggest identifying the highest-impact areas first, then refactoring incrementally. Should not attempt a sweeping rewrite.",
35
+ "assertions": [
36
+ "Does not attempt to refactor everything at once",
37
+ "Suggests identifying highest-impact areas first",
38
+ "Recommends incremental approach",
39
+ "Asks which areas cause the most pain or confusion",
40
+ "Applies KISS to the refactoring process itself"
41
+ ]
42
+ }
43
+ ]
44
+ }