swe-workflow-skills 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +144 -0
- package/VERSION +1 -0
- package/bin/cli.mjs +44 -0
- package/catalog.json +225 -0
- package/commands/role.md +34 -0
- package/hooks/session-start.mjs +118 -0
- package/install.mjs +318 -0
- package/package.json +47 -0
- package/roles.json +194 -0
- package/scripts/resolve.mjs +296 -0
- package/skills/accessibility-design/SKILL.md +128 -0
- package/skills/accessibility-design/evals/evals.json +51 -0
- package/skills/accessibility-design/references/accessibility-patterns.md +321 -0
- package/skills/api-design/SKILL.md +144 -0
- package/skills/api-design/evals/evals.json +48 -0
- package/skills/api-design/references/rest-conventions.md +147 -0
- package/skills/api-design/templates/api-spec.md +156 -0
- package/skills/architecture-design/SKILL.md +86 -0
- package/skills/architecture-design/evals/evals.json +44 -0
- package/skills/architecture-design/references/clean-architecture.md +147 -0
- package/skills/architecture-design/references/component-principles.md +129 -0
- package/skills/architecture-design/references/principles.md +81 -0
- package/skills/architecture-design/references/solid-principles.md +106 -0
- package/skills/architecture-design/templates/adr.md +63 -0
- package/skills/architecture-documentation/SKILL.md +126 -0
- package/skills/architecture-documentation/evals/evals.json +44 -0
- package/skills/architecture-documentation/references/abstraction-levels.md +91 -0
- package/skills/architecture-documentation/references/diagram-tooling.md +141 -0
- package/skills/architecture-documentation/templates/architecture-doc.md +171 -0
- package/skills/bug-investigating/SKILL.md +133 -0
- package/skills/bug-investigating/evals/evals.json +56 -0
- package/skills/bug-investigating/references/common-bugs.md +62 -0
- package/skills/bug-investigating/references/debugging-patterns.md +94 -0
- package/skills/cicd-pipeline/SKILL.md +87 -0
- package/skills/cicd-pipeline/evals/evals.json +34 -0
- package/skills/cicd-pipeline/references/pipeline-patterns.md +206 -0
- package/skills/cicd-pipeline/templates/github-actions.md +206 -0
- package/skills/code-reviewing/SKILL.md +92 -0
- package/skills/code-reviewing/evals/evals.json +62 -0
- package/skills/code-reviewing/references/error-handling.md +108 -0
- package/skills/code-reviewing/references/review-checklist.md +144 -0
- package/skills/configuration-strategy/SKILL.md +109 -0
- package/skills/configuration-strategy/evals/evals.json +41 -0
- package/skills/configuration-strategy/references/config-patterns.md +161 -0
- package/skills/containerization/SKILL.md +90 -0
- package/skills/containerization/evals/evals.json +36 -0
- package/skills/containerization/references/dockerfile-patterns.md +168 -0
- package/skills/containerization/templates/dockerfile.md +154 -0
- package/skills/data-modeling/SKILL.md +83 -0
- package/skills/data-modeling/evals/evals.json +43 -0
- package/skills/data-modeling/references/conventions.md +57 -0
- package/skills/data-modeling/templates/schema.md +120 -0
- package/skills/dependency-impact-analysis/SKILL.md +113 -0
- package/skills/dependency-impact-analysis/evals/evals.json +41 -0
- package/skills/dependency-impact-analysis/references/impact-patterns.md +150 -0
- package/skills/dependency-management/SKILL.md +161 -0
- package/skills/dependency-management/evals/evals.json +48 -0
- package/skills/dependency-management/references/evaluation-checklist.md +127 -0
- package/skills/deployment-checklist/SKILL.md +132 -0
- package/skills/deployment-checklist/evals/evals.json +58 -0
- package/skills/deployment-checklist/references/pre-deploy-gates.md +91 -0
- package/skills/deployment-repo/SKILL.md +190 -0
- package/skills/deployment-repo/evals/evals.json +44 -0
- package/skills/deployment-repo/references/deployment-repo-patterns.md +258 -0
- package/skills/deployment-repo/references/version-compatibility.md +227 -0
- package/skills/deployment-repo/templates/deployment-repo-structure.md +226 -0
- package/skills/effort-estimation/SKILL.md +95 -0
- package/skills/effort-estimation/evals/evals.json +32 -0
- package/skills/effort-estimation/references/estimation-methods.md +154 -0
- package/skills/feature-planning/SKILL.md +84 -0
- package/skills/feature-planning/evals/evals.json +44 -0
- package/skills/feature-planning/templates/plan.md +55 -0
- package/skills/feature-planning/templates/task.md +26 -0
- package/skills/frontend-architecture/SKILL.md +154 -0
- package/skills/frontend-architecture/evals/evals.json +34 -0
- package/skills/frontend-architecture/references/component-patterns.md +264 -0
- package/skills/frontend-architecture/templates/folder-structure.md +203 -0
- package/skills/git-workflow/SKILL.md +127 -0
- package/skills/git-workflow/evals/evals.json +44 -0
- package/skills/git-workflow/references/conventions.md +142 -0
- package/skills/git-workflow/templates/pull-request.md +57 -0
- package/skills/gitops-delivery/SKILL.md +319 -0
- package/skills/gitops-delivery/evals/evals.json +44 -0
- package/skills/gitops-delivery/references/gitops-patterns.md +478 -0
- package/skills/gitops-delivery/templates/gitops-config.md +196 -0
- package/skills/incident-response/SKILL.md +130 -0
- package/skills/incident-response/evals/evals.json +55 -0
- package/skills/incident-response/references/communication-templates.md +134 -0
- package/skills/incident-response/references/severity-levels.md +77 -0
- package/skills/incident-response/templates/incident-timeline.md +57 -0
- package/skills/infrastructure-as-code/SKILL.md +86 -0
- package/skills/infrastructure-as-code/evals/evals.json +33 -0
- package/skills/infrastructure-as-code/references/iac-patterns.md +179 -0
- package/skills/infrastructure-as-code/templates/terraform-module.md +158 -0
- package/skills/metrics-and-okrs/SKILL.md +113 -0
- package/skills/metrics-and-okrs/evals/evals.json +33 -0
- package/skills/metrics-and-okrs/references/metric-catalog.md +90 -0
- package/skills/metrics-and-okrs/templates/okr-document.md +61 -0
- package/skills/ml-experiment-tracking/SKILL.md +96 -0
- package/skills/ml-experiment-tracking/evals/evals.json +32 -0
- package/skills/ml-experiment-tracking/references/tracking-tools.md +127 -0
- package/skills/ml-model-deployment/SKILL.md +106 -0
- package/skills/ml-model-deployment/evals/evals.json +34 -0
- package/skills/ml-model-deployment/references/serving-patterns.md +162 -0
- package/skills/ml-pipeline-design/SKILL.md +162 -0
- package/skills/ml-pipeline-design/evals/evals.json +34 -0
- package/skills/ml-pipeline-design/references/pipeline-components.md +174 -0
- package/skills/observability-design/SKILL.md +162 -0
- package/skills/observability-design/evals/evals.json +52 -0
- package/skills/observability-design/references/logging-patterns.md +229 -0
- package/skills/observability-design/references/slo-framework.md +151 -0
- package/skills/observability-design/templates/slo-document.md +80 -0
- package/skills/performance-optimization/SKILL.md +83 -0
- package/skills/performance-optimization/evals/evals.json +47 -0
- package/skills/performance-optimization/references/bottleneck-patterns.md +256 -0
- package/skills/performance-optimization/references/concurrency.md +101 -0
- package/skills/prd-writing/SKILL.md +109 -0
- package/skills/prd-writing/evals/evals.json +33 -0
- package/skills/prd-writing/references/prd-examples.md +132 -0
- package/skills/prd-writing/templates/prd.md +71 -0
- package/skills/prd-writing/templates/rfc.md +79 -0
- package/skills/project-documentation/SKILL.md +104 -0
- package/skills/project-documentation/evals/evals.json +48 -0
- package/skills/project-documentation/references/contributing-guide.md +100 -0
- package/skills/project-documentation/templates/changelog.md +59 -0
- package/skills/project-documentation/templates/readme.md +121 -0
- package/skills/project-proposal/SKILL.md +90 -0
- package/skills/project-proposal/evals/evals.json +31 -0
- package/skills/project-proposal/references/proposal-examples.md +140 -0
- package/skills/project-proposal/templates/proposal.md +76 -0
- package/skills/project-review/SKILL.md +111 -0
- package/skills/project-review/evals/evals.json +42 -0
- package/skills/refactoring/SKILL.md +90 -0
- package/skills/refactoring/evals/evals.json +44 -0
- package/skills/refactoring/references/transformations.md +132 -0
- package/skills/retrospective/SKILL.md +157 -0
- package/skills/retrospective/evals/evals.json +34 -0
- package/skills/retrospective/references/facilitation-guide.md +130 -0
- package/skills/retrospective/templates/post-mortem.md +121 -0
- package/skills/rollback-strategy/SKILL.md +116 -0
- package/skills/rollback-strategy/evals/evals.json +55 -0
- package/skills/rollback-strategy/references/rollback-patterns.md +125 -0
- package/skills/rollback-strategy/templates/rollback-plan.md +69 -0
- package/skills/security-audit/SKILL.md +146 -0
- package/skills/security-audit/evals/evals.json +66 -0
- package/skills/security-audit/references/owasp-top-10.md +167 -0
- package/skills/security-audit/templates/security-report.md +79 -0
- package/skills/skill-router/SKILL.md +171 -0
- package/skills/skill-router/evals/evals.json +39 -0
- package/skills/strategic-review/SKILL.md +106 -0
- package/skills/strategic-review/evals/evals.json +42 -0
- package/skills/strategic-review/templates/full-review-prompt.md +84 -0
- package/skills/tdd-workflow/SKILL.md +147 -0
- package/skills/tdd-workflow/evals/evals.json +58 -0
- package/skills/tdd-workflow/references/test-quality.md +71 -0
- package/skills/technical-debt-review/SKILL.md +113 -0
- package/skills/technical-debt-review/evals/evals.json +41 -0
- package/skills/technical-debt-review/references/debt-taxonomy.md +124 -0
- package/skills/technical-debt-review/templates/debt-audit.md +85 -0
- package/skills/test-data-strategy/SKILL.md +129 -0
- package/skills/test-data-strategy/evals/evals.json +49 -0
- package/skills/test-data-strategy/references/data-generation-patterns.md +341 -0
- package/skills/test-suite-design/SKILL.md +137 -0
- package/skills/test-suite-design/evals/evals.json +69 -0
- package/skills/test-suite-design/references/test-infrastructure.md +175 -0
- package/skills/test-suite-design/references/testing-pyramid.md +140 -0
- package/skills/ui-ux-design/SKILL.md +117 -0
- package/skills/ui-ux-design/evals/evals.json +35 -0
- package/skills/ui-ux-design/references/interaction-patterns.md +145 -0
- package/skills/ui-ux-design/templates/screen-spec.md +97 -0
- package/skills/verification-before-completion/SKILL.md +85 -0
- package/skills/verification-before-completion/evals/evals.json +53 -0
- package/skills/writing-skills/SKILL.md +87 -0
- package/skills/writing-skills/evals/evals.json +41 -0
- package/skills/writing-skills/references/pressure-testing.md +69 -0
- package/uninstall.mjs +182 -0
|
@@ -0,0 +1,171 @@
|
|
|
1
|
+
# Architecture Documentation — Repository Structure Template
|
|
2
|
+
|
|
3
|
+
## Recommended Directory Layout
|
|
4
|
+
|
|
5
|
+
```
|
|
6
|
+
docs/
|
|
7
|
+
architecture/
|
|
8
|
+
README.md # Index: what's here, how to navigate, conventions used
|
|
9
|
+
glossary.md # Shared vocabulary — authoritative names for all systems
|
|
10
|
+
|
|
11
|
+
canonical/ # Source-of-truth structural diagrams (C4 model)
|
|
12
|
+
system-context.{puml|dsl|mmd} # Level 1: system + users + external dependencies
|
|
13
|
+
container-{system-name}.{ext} # Level 2: services, data stores, message brokers
|
|
14
|
+
component-{service-name}.{ext} # Level 3: internal structure (only if needed)
|
|
15
|
+
|
|
16
|
+
runtime/ # Operational behavior diagrams
|
|
17
|
+
flows/ # Data and request flows
|
|
18
|
+
{flow-name}.{d2|mmd|puml} # e.g., checkout-flow.d2, rag-pipeline.d2
|
|
19
|
+
infra/ # Deployment and infrastructure topology
|
|
20
|
+
{environment}-topology.{d2|mmd} # e.g., production-topology.d2
|
|
21
|
+
sequences/ # Sequence diagrams for key interactions
|
|
22
|
+
{interaction-name}.{ext} # e.g., auth-handshake.puml
|
|
23
|
+
|
|
24
|
+
conceptual/ # Communication and onboarding diagrams
|
|
25
|
+
overview-{audience}.md # e.g., overview-new-hires.md (with Mermaid)
|
|
26
|
+
{topic}.md # e.g., data-flow-simplified.md
|
|
27
|
+
|
|
28
|
+
decisions/ # ADRs (managed by architecture-design skill)
|
|
29
|
+
ADR-001-{title}.md
|
|
30
|
+
ADR-002-{title}.md
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
### Multi-Repo Variant
|
|
34
|
+
|
|
35
|
+
For systems spanning multiple repositories, either:
|
|
36
|
+
|
|
37
|
+
**A) Central docs repo** — One repo holds all architecture docs. Services reference it.
|
|
38
|
+
```
|
|
39
|
+
architecture-docs/ # Dedicated repo
|
|
40
|
+
canonical/ # Cross-system C4 diagrams
|
|
41
|
+
runtime/ # Cross-service flows
|
|
42
|
+
decisions/ # Cross-cutting ADRs
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
**B) Co-located per service** — Each repo has its own `docs/architecture/` with service-scoped diagrams. A top-level repo or wiki holds the system context and cross-service views.
|
|
46
|
+
|
|
47
|
+
Choose A when: a single team owns architecture docs, or the system context is the primary audience.
|
|
48
|
+
Choose B when: teams own their services end-to-end and update docs alongside code.
|
|
49
|
+
|
|
50
|
+
---
|
|
51
|
+
|
|
52
|
+
## Glossary Template
|
|
53
|
+
|
|
54
|
+
The glossary is the single source of truth for system element names. Every diagram must use these names exactly.
|
|
55
|
+
|
|
56
|
+
```yaml
|
|
57
|
+
# docs/architecture/glossary.md (or glossary.yaml)
|
|
58
|
+
|
|
59
|
+
systems:
|
|
60
|
+
payments-platform:
|
|
61
|
+
description: Processes payments and manages billing
|
|
62
|
+
owner: team-payments
|
|
63
|
+
repo: github.com/org/payments
|
|
64
|
+
|
|
65
|
+
services:
|
|
66
|
+
payments-api:
|
|
67
|
+
system: payments-platform
|
|
68
|
+
description: REST API for payment operations
|
|
69
|
+
tech: Node.js / Express
|
|
70
|
+
|
|
71
|
+
payment-worker:
|
|
72
|
+
system: payments-platform
|
|
73
|
+
description: Async payment processing
|
|
74
|
+
tech: Node.js
|
|
75
|
+
|
|
76
|
+
data-stores:
|
|
77
|
+
payments-db:
|
|
78
|
+
system: payments-platform
|
|
79
|
+
description: Transaction and billing storage
|
|
80
|
+
tech: PostgreSQL
|
|
81
|
+
|
|
82
|
+
payment-queue:
|
|
83
|
+
system: payments-platform
|
|
84
|
+
description: Job queue for async payment processing
|
|
85
|
+
tech: Redis
|
|
86
|
+
|
|
87
|
+
external-systems:
|
|
88
|
+
stripe:
|
|
89
|
+
description: Payment gateway provider
|
|
90
|
+
integration: REST API
|
|
91
|
+
|
|
92
|
+
bank-api:
|
|
93
|
+
description: Account verification service
|
|
94
|
+
integration: REST API
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
**Rules:**
|
|
98
|
+
- Same names used in C4, runtime, and conceptual diagrams — no aliasing
|
|
99
|
+
- New services must be added to the glossary before appearing in any diagram
|
|
100
|
+
- The glossary is the authority — if a name isn't here, it shouldn't be in a diagram
|
|
101
|
+
|
|
102
|
+
---
|
|
103
|
+
|
|
104
|
+
## Architecture README Template
|
|
105
|
+
|
|
106
|
+
```markdown
|
|
107
|
+
# Architecture Documentation
|
|
108
|
+
|
|
109
|
+
## How to Read These Docs
|
|
110
|
+
|
|
111
|
+
This directory contains architecture documentation at three abstraction levels:
|
|
112
|
+
|
|
113
|
+
- **`canonical/`** — Source of truth for system structure (C4 model). Start here.
|
|
114
|
+
- **`runtime/`** — How the system behaves: data flows, deployment topology, key interactions.
|
|
115
|
+
- **`conceptual/`** — Simplified overviews for onboarding and communication. Not authoritative.
|
|
116
|
+
- **`../decisions/`** — Architecture Decision Records (ADRs) explaining why the architecture looks this way.
|
|
117
|
+
|
|
118
|
+
## Conventions
|
|
119
|
+
|
|
120
|
+
- **Naming**: All diagrams use names from `glossary.md`. No aliases or renames.
|
|
121
|
+
- **Tools**: [List your chosen tools, e.g., "C4-PlantUML for canonical, D2 for runtime, Mermaid for conceptual"]
|
|
122
|
+
- **Rendering**: [How to render diagrams, e.g., "Mermaid renders in GitHub. Run `make diagrams` for PlantUML/D2."]
|
|
123
|
+
|
|
124
|
+
## Diagram Index
|
|
125
|
+
|
|
126
|
+
| Diagram | Level | Description | Last Updated |
|
|
127
|
+
|---------|-------|-------------|--------------|
|
|
128
|
+
| [System Context](canonical/system-context.puml) | Canonical | Top-level system view | YYYY-MM-DD |
|
|
129
|
+
| [Containers](canonical/container-payments.puml) | Canonical | Services and data stores | YYYY-MM-DD |
|
|
130
|
+
| [Checkout Flow](runtime/flows/checkout-flow.d2) | Runtime | End-to-end checkout sequence | YYYY-MM-DD |
|
|
131
|
+
| [Production Topology](runtime/infra/production-topology.d2) | Runtime | K8s cluster layout | YYYY-MM-DD |
|
|
132
|
+
| [New Hire Overview](conceptual/overview-new-hires.md) | Conceptual | Simplified system map | YYYY-MM-DD |
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
---
|
|
136
|
+
|
|
137
|
+
## Validation Checklist
|
|
138
|
+
|
|
139
|
+
Use this checklist when reviewing architecture documentation for completeness:
|
|
140
|
+
|
|
141
|
+
### Structure
|
|
142
|
+
- [ ] `docs/architecture/` directory exists with canonical/, runtime/, and conceptual/ subdirectories (as needed)
|
|
143
|
+
- [ ] `glossary.md` exists with all system element names
|
|
144
|
+
- [ ] `README.md` exists with navigation guide and diagram index
|
|
145
|
+
|
|
146
|
+
### Canonical Diagrams
|
|
147
|
+
- [ ] System context diagram exists showing users and external dependencies
|
|
148
|
+
- [ ] Container diagram exists for each system with multiple services
|
|
149
|
+
- [ ] All services and data stores in the codebase appear in canonical diagrams
|
|
150
|
+
- [ ] Each canonical diagram has a title and last-updated date
|
|
151
|
+
|
|
152
|
+
### Runtime Diagrams (if applicable)
|
|
153
|
+
- [ ] Runtime diagrams reference only elements from canonical diagrams (infrastructure-only components excepted)
|
|
154
|
+
- [ ] Key data flows and interactions are documented
|
|
155
|
+
- [ ] Deployment topology matches actual infrastructure
|
|
156
|
+
|
|
157
|
+
### Naming Consistency
|
|
158
|
+
- [ ] All element names match the glossary exactly
|
|
159
|
+
- [ ] No diagram introduces new system names not in the glossary
|
|
160
|
+
- [ ] File names follow the established convention
|
|
161
|
+
|
|
162
|
+
### Traceability
|
|
163
|
+
- [ ] ADRs that changed architecture reference affected diagrams
|
|
164
|
+
- [ ] Canonical diagrams link to relevant ADRs in annotations or comments
|
|
165
|
+
- [ ] Runtime diagrams are traceable to canonical elements
|
|
166
|
+
|
|
167
|
+
### Maintenance
|
|
168
|
+
- [ ] Diagrams are version-controlled as text files
|
|
169
|
+
- [ ] Diagrams render correctly (manually verified or CI-checked)
|
|
170
|
+
- [ ] Conceptual diagrams are labeled as non-canonical
|
|
171
|
+
- [ ] Review cadence is documented (e.g., quarterly for canonical)
|
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bug-investigating
|
|
3
|
+
description: "Systematic debugging and root cause analysis using structured methodology — reproduce, isolate, hypothesize, verify. Triggers: this doesn't work, I'm getting an error, something is broken, bug, debug this, why is this happening, unexpected behavior, regression, root cause, stack trace, error message."
|
|
4
|
+
model: opus
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# Bug Investigating
|
|
9
|
+
|
|
10
|
+
Guide systematic debugging to find root causes, not just symptoms. Good debugging is methodical — form hypotheses, test them, narrow down, and verify the fix.
|
|
11
|
+
|
|
12
|
+
## ⛔ The Iron Law
|
|
13
|
+
|
|
14
|
+
**No fix without a confirmed root cause and a failing test that reproduces the bug.**
|
|
15
|
+
|
|
16
|
+
A change that makes the symptom disappear without an explanation of *why* it worked is a guess, not a fix — and guesses regress. If you can't articulate the mechanism that produced the wrong behavior, you have not found the root cause yet.
|
|
17
|
+
|
|
18
|
+
## Workflow
|
|
19
|
+
|
|
20
|
+
### Step 1: Gather Evidence
|
|
21
|
+
|
|
22
|
+
Before guessing at causes, collect information:
|
|
23
|
+
|
|
24
|
+
- **What is the expected behavior?** What should happen?
|
|
25
|
+
- **What is the actual behavior?** What happens instead?
|
|
26
|
+
- **When did it start?** Did it work before? What changed?
|
|
27
|
+
- **Is it reproducible?** Always, sometimes, only under certain conditions?
|
|
28
|
+
- **Error messages and stack traces?** Read them carefully — they usually point to the right area.
|
|
29
|
+
|
|
30
|
+
If the user provides a vague report ("it's broken"), ask these questions before investigating. A well-defined bug is half-solved.
|
|
31
|
+
|
|
32
|
+
### Step 2: Reproduce the Bug
|
|
33
|
+
|
|
34
|
+
Reproduction is the most important step. If you can't reproduce it, you can't verify the fix.
|
|
35
|
+
|
|
36
|
+
1. Follow the user's steps to trigger the bug
|
|
37
|
+
2. Identify the minimum reproduction case — strip away everything irrelevant
|
|
38
|
+
3. Document the exact steps to reproduce
|
|
39
|
+
|
|
40
|
+
If it's intermittent, look for:
|
|
41
|
+
- Race conditions (timing-dependent)
|
|
42
|
+
- State-dependent bugs (order of operations)
|
|
43
|
+
- Environment-dependent bugs (config, versions, OS)
|
|
44
|
+
|
|
45
|
+
### Step 3: Form Hypotheses
|
|
46
|
+
|
|
47
|
+
Based on the evidence, list 2-5 likely causes, ordered by probability. For each hypothesis:
|
|
48
|
+
|
|
49
|
+
- What would be true if this hypothesis is correct?
|
|
50
|
+
- What quick test can confirm or eliminate it?
|
|
51
|
+
|
|
52
|
+
Good hypotheses come from:
|
|
53
|
+
- Reading the error message and stack trace carefully
|
|
54
|
+
- Checking what changed recently (`git log`, `git diff`)
|
|
55
|
+
- Examining the code path the failing scenario exercises
|
|
56
|
+
- Looking at similar past bugs
|
|
57
|
+
|
|
58
|
+
### Step 4: Binary Search for the Cause
|
|
59
|
+
|
|
60
|
+
Narrow down systematically:
|
|
61
|
+
|
|
62
|
+
**In code**: Add logging/breakpoints at the midpoint of the suspected code path. Is the state correct at that point? If yes, the bug is in the second half. If no, the first half.
|
|
63
|
+
|
|
64
|
+
**In time**: If it worked before, use `git bisect` to find the commit that introduced the regression:
|
|
65
|
+
```bash
|
|
66
|
+
git bisect start
|
|
67
|
+
git bisect bad # current state is broken
|
|
68
|
+
git bisect good <hash> # this commit was working
|
|
69
|
+
# Git checks out the midpoint — test and report good/bad
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
**In data**: If the bug depends on input, narrow down which input triggers it. Test boundary values, null/empty cases, and special characters.
|
|
73
|
+
|
|
74
|
+
### Step 5: Verify the Root Cause
|
|
75
|
+
|
|
76
|
+
Before fixing, confirm you've found the actual root cause, not a symptom:
|
|
77
|
+
|
|
78
|
+
- Can you explain *why* this code produces the wrong behavior?
|
|
79
|
+
- Does the explanation account for all observed symptoms?
|
|
80
|
+
- If you remove/change the suspected cause, does the bug disappear?
|
|
81
|
+
|
|
82
|
+
If you can't explain why, you haven't found the root cause yet.
|
|
83
|
+
|
|
84
|
+
### Step 6: Fix and Verify
|
|
85
|
+
|
|
86
|
+
1. **Write a failing test** that reproduces the bug (this is your regression test)
|
|
87
|
+
2. **Apply the minimal fix** — change as little as possible
|
|
88
|
+
3. **Run the test** — it should now pass
|
|
89
|
+
4. **Run the full test suite** — the fix shouldn't break anything else
|
|
90
|
+
5. **Document** what caused the bug and why the fix works
|
|
91
|
+
|
|
92
|
+
See [references/common-bugs.md](references/common-bugs.md) for patterns of frequently encountered bugs by language/framework.
|
|
93
|
+
|
|
94
|
+
## Principles Applied
|
|
95
|
+
|
|
96
|
+
- **Methodical over intuition**: Resist the urge to guess and change things. Every action is a test of a hypothesis.
|
|
97
|
+
- **Binary search mindset**: Always cut the problem space in half. Don't narrow from the edges — bisect from the middle.
|
|
98
|
+
- **Root cause vs. symptom**: A null check that masks a null isn't a fix. Understand *why* the unexpected state exists.
|
|
99
|
+
- **Reproducibility before fixes**: If you can't reproduce the bug reliably, you can't verify the fix. Spend time here first.
|
|
100
|
+
- **Minimal fix**: Change the least amount of code that fixes the root cause. Broad changes introduce new bugs.
|
|
101
|
+
|
|
102
|
+
## Anti-patterns in Debugging
|
|
103
|
+
|
|
104
|
+
- **Shotgun debugging**: Changing random things and hoping. Always have a hypothesis.
|
|
105
|
+
- **Blame debugging**: Assuming the bug is in someone else's code (library, framework, OS). Start with your code.
|
|
106
|
+
- **Printf-only debugging**: Print statements are fine, but use a debugger for complex state issues.
|
|
107
|
+
- **Fix the symptom**: Adding a null check instead of understanding why the value is null.
|
|
108
|
+
- **Fixing without a test**: You'll be back here in a month.
|
|
109
|
+
|
|
110
|
+
See [references/debugging-patterns.md](references/debugging-patterns.md) for hypothesis-driven debugging technique and language-specific tips.
|
|
111
|
+
|
|
112
|
+
## Rationalizations to reject
|
|
113
|
+
|
|
114
|
+
| Excuse | Reality |
|
|
115
|
+
|--------|---------|
|
|
116
|
+
| "This null check will probably fix it" | If you can't explain why the value is null, you're masking a symptom — it will resurface elsewhere. |
|
|
117
|
+
| "It's probably flaky / the library's fault" | Start in your own code. Blame is not a diagnosis. |
|
|
118
|
+
| "I can't reproduce it, but this should help" | Unreproduced means unverifiable — you won't know if the change actually worked. |
|
|
119
|
+
| "Let me just try a few things" | Shotgun debugging. Every change must test a stated hypothesis. |
|
|
120
|
+
| "The fix is obvious, no need for a test" | Without a regression test, the bug comes back and nobody notices. |
|
|
121
|
+
|
|
122
|
+
## Red flags — stop and correct course
|
|
123
|
+
|
|
124
|
+
- Changing code without a written hypothesis.
|
|
125
|
+
- Proposing a fix before you've reproduced the bug.
|
|
126
|
+
- The fix works but you can't explain the mechanism.
|
|
127
|
+
- Adding defensive checks at the symptom instead of the source.
|
|
128
|
+
|
|
129
|
+
## Cross-Skill References
|
|
130
|
+
|
|
131
|
+
- `incident-response` — use instead when production is actively down and users are impacted (time-pressured response)
|
|
132
|
+
- `tdd-workflow` — write the regression test (Step 6) using the TDD workflow
|
|
133
|
+
- `verification-before-completion` — confirm the reproducing test passes before claiming the fix
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "bug-investigating",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "My API endpoint returns 200 but the data is wrong. The user's email shows as null even though it's in the database. Here's the endpoint:\n\napp.get('/users/:id', async (req, res) => {\n const user = await db.users.findUnique({\n where: { id: req.params.id },\n select: { name: true, createdAt: true }\n });\n res.json(user);\n});",
|
|
7
|
+
"expected_output": "Should identify the root cause: the select clause explicitly omits email. Should not suggest database fixes or complex debugging when the code clearly shows the issue.",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Identifies the root cause: select clause doesn't include email",
|
|
10
|
+
"Does not suggest database investigation as first step",
|
|
11
|
+
"Explains why the bug manifests as null (field not selected)",
|
|
12
|
+
"Suggests adding email to the select clause or removing select to return all fields",
|
|
13
|
+
"Recommends writing a regression test"
|
|
14
|
+
]
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
"id": 2,
|
|
18
|
+
"prompt": "something broke in production, users are complaining about slow loading. it was fine yesterday. help!",
|
|
19
|
+
"expected_output": "Should systematically gather evidence before jumping to conclusions. Ask what changed, check recent deployments, look at metrics.",
|
|
20
|
+
"assertions": [
|
|
21
|
+
"Asks clarifying questions (what changed, recent deploys, error messages)",
|
|
22
|
+
"Suggests checking recent git commits/deploys",
|
|
23
|
+
"Recommends looking at metrics/monitoring before code",
|
|
24
|
+
"Does not immediately suggest code fixes without evidence",
|
|
25
|
+
"Suggests checking for N+1 queries or new external calls as common causes of sudden slowness"
|
|
26
|
+
]
|
|
27
|
+
},
|
|
28
|
+
{
|
|
29
|
+
"id": 3,
|
|
30
|
+
"prompt": "I'm getting this error intermittently: 'SequelizeConnectionError: Connection pool exhausted'. It happens about 10 times a day, always during peak hours. Restarting the server fixes it temporarily.",
|
|
31
|
+
"expected_output": "Should recognize this as a connection leak pattern, not suggest increasing pool size as the primary fix, and guide toward finding the code that doesn't return connections.",
|
|
32
|
+
"assertions": [
|
|
33
|
+
"Identifies this as a connection leak (not just a pool size issue)",
|
|
34
|
+
"Does NOT primarily recommend just increasing pool size",
|
|
35
|
+
"Suggests searching for database calls that might not close connections (missing finally blocks, unhandled promise rejections)",
|
|
36
|
+
"Recommends checking for transactions that aren't committed/rolled back",
|
|
37
|
+
"Explains why restart temporarily fixes it (pool is recreated)",
|
|
38
|
+
"Suggests adding connection pool monitoring"
|
|
39
|
+
]
|
|
40
|
+
}
|
|
41
|
+
],
|
|
42
|
+
"pressure_tests": [
|
|
43
|
+
{
|
|
44
|
+
"id": 1,
|
|
45
|
+
"prompt": "Production throws a NullPointerException sometimes. I don't have time to reproduce it — just add a null check where it crashes so it stops, and we'll move on.",
|
|
46
|
+
"pressure": ["time"],
|
|
47
|
+
"expected_behavior": "Holds the Iron Law: no fix without a confirmed root cause. Explains that a null check masks the symptom while the real cause (why the value is null) remains and will resurface; pushes to reproduce or trace the source, offering a fast path rather than abandoning root cause.",
|
|
48
|
+
"assertions": [
|
|
49
|
+
"Does NOT simply add the null check and move on",
|
|
50
|
+
"Explains masking the symptom vs fixing the root cause",
|
|
51
|
+
"Pushes to reproduce the bug or find why the value is null",
|
|
52
|
+
"Offers a fast route to root cause under time pressure rather than skipping it"
|
|
53
|
+
]
|
|
54
|
+
}
|
|
55
|
+
]
|
|
56
|
+
}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
# Common Bug Patterns
|
|
2
|
+
|
|
3
|
+
## Contents
|
|
4
|
+
- Universal patterns
|
|
5
|
+
- Async and concurrency bugs
|
|
6
|
+
- Data and state bugs
|
|
7
|
+
- Integration bugs
|
|
8
|
+
- Environment bugs
|
|
9
|
+
|
|
10
|
+
## Universal Patterns
|
|
11
|
+
|
|
12
|
+
**Off-by-one errors**: Loops that iterate one too many or too few times. Check `<` vs `<=`, `0` vs `1` starting indexes, and fence-post problems.
|
|
13
|
+
|
|
14
|
+
**Null/undefined reference**: Accessing a property of something that doesn't exist. Check: is the variable initialized? Could the query return no results? Is the API response missing a field?
|
|
15
|
+
|
|
16
|
+
**Type coercion**: Implicit conversions producing unexpected results. JavaScript `"5" + 3 === "53"`, Python `"5" * 3 === "555"`. Use strict equality and explicit conversions.
|
|
17
|
+
|
|
18
|
+
**Operator precedence**: `a || b && c` doesn't evaluate left-to-right in most languages. When in doubt, use parentheses.
|
|
19
|
+
|
|
20
|
+
**Mutable default arguments**: In Python, `def fn(items=[])` shares the same list across all calls. Use `None` as default and create inside the function.
|
|
21
|
+
|
|
22
|
+
## Async and Concurrency Bugs
|
|
23
|
+
|
|
24
|
+
**Unhandled promise rejection**: An async function throws, but nothing catches it. In Node.js, this can crash the process. Always add `.catch()` or use try/catch with await.
|
|
25
|
+
|
|
26
|
+
**Race condition**: Two operations depend on shared state, and the result varies based on timing. Signs: intermittent failures, works in debugger but fails at full speed. Fix: use locks, queues, or redesign to eliminate shared mutable state.
|
|
27
|
+
|
|
28
|
+
**Deadlock**: Two processes each wait for a resource the other holds. Signs: system hangs, no errors, no progress. Fix: consistent lock ordering, timeouts.
|
|
29
|
+
|
|
30
|
+
**Stale closure**: A callback captures a variable that changes before the callback runs. Common in loops with async operations. Fix: use block scoping (`let` in JS) or pass the value explicitly.
|
|
31
|
+
|
|
32
|
+
**N+1 query**: A loop makes one database query per item instead of a batch query. Signs: slow page load that scales with data size. Fix: eager loading, batch queries.
|
|
33
|
+
|
|
34
|
+
## Data and State Bugs
|
|
35
|
+
|
|
36
|
+
**State mutation side effect**: A function modifies an object that the caller didn't expect to change. Signs: object has wrong values "mysteriously". Fix: clone inputs or use immutable data structures.
|
|
37
|
+
|
|
38
|
+
**Timezone confusion**: Storing or comparing dates without consistent timezone handling. Signs: off-by-one-day errors, times shifted by a few hours. Fix: store everything in UTC, convert only for display.
|
|
39
|
+
|
|
40
|
+
**Encoding issues**: Characters display as garbage or question marks. Signs: works with ASCII, breaks with accented or CJK characters. Fix: use UTF-8 everywhere, specify encoding explicitly.
|
|
41
|
+
|
|
42
|
+
**Floating point precision**: `0.1 + 0.2 !== 0.3` in most languages. Fix: use integer arithmetic (cents instead of dollars), decimal libraries, or epsilon comparison.
|
|
43
|
+
|
|
44
|
+
**Cache staleness**: Application shows outdated data because a cache wasn't invalidated. Signs: data updates "eventually" or "after restart". Fix: explicit cache invalidation on writes.
|
|
45
|
+
|
|
46
|
+
## Integration Bugs
|
|
47
|
+
|
|
48
|
+
**API contract mismatch**: The client sends/expects data in a different format than the server provides. Signs: null fields, 400 errors, missing data. Fix: check the actual request/response (not the docs — they may be wrong).
|
|
49
|
+
|
|
50
|
+
**Connection pooling exhaustion**: Database connections aren't returned to the pool. Signs: app works fine, then suddenly can't connect to DB after running for a while. Fix: ensure connections are closed in finally blocks.
|
|
51
|
+
|
|
52
|
+
**Retry without idempotency**: A failed request is retried, but the original request actually succeeded. Signs: duplicate records, double charges. Fix: use idempotency keys.
|
|
53
|
+
|
|
54
|
+
**CORS**: Browser blocks a cross-origin request. Signs: works in Postman/curl, fails in browser. Fix: configure CORS headers on the server, not by disabling browser security.
|
|
55
|
+
|
|
56
|
+
## Environment Bugs
|
|
57
|
+
|
|
58
|
+
**Works on my machine**: Code behaves differently across environments. Common causes: different dependency versions, environment variable differences, OS-specific behavior (file paths, line endings).
|
|
59
|
+
|
|
60
|
+
**Missing environment variable**: App crashes or behaves unexpectedly because a config value isn't set. Fix: fail fast at startup with clear error messages for required config.
|
|
61
|
+
|
|
62
|
+
**Dependency version conflict**: Two packages require incompatible versions of a shared dependency. Signs: strange runtime errors that don't match the code. Fix: use lockfiles, check `node_modules` or `site-packages` for unexpected versions.
|
|
@@ -0,0 +1,94 @@
|
|
|
1
|
+
# Debugging Patterns
|
|
2
|
+
|
|
3
|
+
## Hypothesis-Driven Debugging
|
|
4
|
+
|
|
5
|
+
The scientific method applied to bugs:
|
|
6
|
+
|
|
7
|
+
1. **Observe**: Collect all available evidence (error messages, logs, stack traces, reproduction steps)
|
|
8
|
+
2. **Hypothesize**: Form a falsifiable explanation — "I think X is happening because Y"
|
|
9
|
+
3. **Predict**: "If my hypothesis is correct, then when I do Z, I should see W"
|
|
10
|
+
4. **Test**: Run the experiment — add a log, check a value, change an input
|
|
11
|
+
5. **Conclude**: If the prediction was wrong, update or discard the hypothesis
|
|
12
|
+
|
|
13
|
+
Never skip step 3. A test without a prediction teaches you nothing useful — you don't know what result would confirm or deny the hypothesis.
|
|
14
|
+
|
|
15
|
+
## Narrowing Techniques
|
|
16
|
+
|
|
17
|
+
### Binary search in code
|
|
18
|
+
Add an assertion or log at the midpoint of the suspected code path. If state is correct there, the bug is downstream. If wrong, upstream. Repeat until the exact line is isolated.
|
|
19
|
+
|
|
20
|
+
### Git bisect (regression bugs)
|
|
21
|
+
```bash
|
|
22
|
+
git bisect start
|
|
23
|
+
git bisect bad # current commit is broken
|
|
24
|
+
git bisect good <hash> # this commit was known-good
|
|
25
|
+
# git checks out midpoint — test it, then:
|
|
26
|
+
git bisect good # or: git bisect bad
|
|
27
|
+
# Repeat until git identifies the culprit commit
|
|
28
|
+
git bisect reset # return to HEAD
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
### Input reduction (data-dependent bugs)
|
|
32
|
+
Start with the full failing input. Remove half of it. Still fails? Remove another half. When it passes, the removed part was essential. Binary search until you have the minimum failing case.
|
|
33
|
+
|
|
34
|
+
## Bug Categories and Where to Look
|
|
35
|
+
|
|
36
|
+
### Off-by-one errors
|
|
37
|
+
- Loop bounds: `< len` vs `<= len`, `0` vs `1` as starting index
|
|
38
|
+
- String/array slicing: `[0:n]` vs `[0:n+1]`
|
|
39
|
+
- Fence-post problems: n items need n-1 gaps, or n+1 fences
|
|
40
|
+
- Symptom: Wrong count, missing last element, processing one extra item
|
|
41
|
+
|
|
42
|
+
### Null / undefined reference
|
|
43
|
+
- Cause: Assuming a value exists when it can be absent
|
|
44
|
+
- Check: Where does this value come from? Can that source ever return null?
|
|
45
|
+
- Fix: Validate at the boundary where data enters, not at every use site
|
|
46
|
+
|
|
47
|
+
### Type coercion / comparison bugs
|
|
48
|
+
- JavaScript `==` vs `===`, Python `is` vs `==`
|
|
49
|
+
- Integer vs float comparison (`0.1 + 0.2 != 0.3`)
|
|
50
|
+
- String-to-number coercion in dynamic languages
|
|
51
|
+
|
|
52
|
+
### Race conditions
|
|
53
|
+
- Symptom: Intermittent failure, passes when you add logging (logging adds timing)
|
|
54
|
+
- Look for: Shared mutable state accessed from multiple threads/async contexts
|
|
55
|
+
- Tools: Thread sanitizers, sleep injection to exaggerate timing windows
|
|
56
|
+
|
|
57
|
+
### State mutation bugs
|
|
58
|
+
- Symptom: Correct result first call, wrong result on second call
|
|
59
|
+
- Look for: Global state, cached values that aren't invalidated, objects mutated in place
|
|
60
|
+
|
|
61
|
+
### N+1 query bugs
|
|
62
|
+
- Symptom: Slow with many records, fast with few
|
|
63
|
+
- Look for: Database queries inside loops
|
|
64
|
+
- Tool: Query logging (`EXPLAIN ANALYZE`, ORM query counting in tests)
|
|
65
|
+
|
|
66
|
+
### Async / Promise bugs (JavaScript/TypeScript)
|
|
67
|
+
- Unhandled promise rejection: Missing `await` or `.catch()`
|
|
68
|
+
- Stale closure: `async` callback captures variable value at creation time, not call time
|
|
69
|
+
- Fire-and-forget: `async` function called without `await`, caller proceeds before it completes
|
|
70
|
+
|
|
71
|
+
## Language-Specific Tips
|
|
72
|
+
|
|
73
|
+
### JavaScript / TypeScript
|
|
74
|
+
- `console.dir(obj, {depth: null})` — print nested objects fully
|
|
75
|
+
- `debugger` statement + Chrome DevTools or Node `--inspect`
|
|
76
|
+
- `JSON.stringify(obj, null, 2)` for serializable objects
|
|
77
|
+
- TypeScript: Read the type error message carefully — it tells you exactly what's wrong
|
|
78
|
+
|
|
79
|
+
### Python
|
|
80
|
+
- `import pdb; pdb.set_trace()` — interactive debugger
|
|
81
|
+
- `breakpoint()` — Python 3.7+ shorthand
|
|
82
|
+
- `print(repr(value))` — shows exact type and value, including whitespace
|
|
83
|
+
- `traceback.print_exc()` — print exception from except block
|
|
84
|
+
|
|
85
|
+
### Go
|
|
86
|
+
- `fmt.Printf("%+v\n", struct)` — print struct with field names
|
|
87
|
+
- `fmt.Printf("%T\n", value)` — print type
|
|
88
|
+
- Delve debugger: `dlv debug ./cmd/myapp`
|
|
89
|
+
- Race detector: `go test -race ./...`
|
|
90
|
+
|
|
91
|
+
### SQL
|
|
92
|
+
- `EXPLAIN ANALYZE <query>` — shows actual execution plan and row counts
|
|
93
|
+
- Check for sequential scans on large tables (missing index)
|
|
94
|
+
- Check for `N+1` by counting queries in test logs
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: cicd-pipeline
|
|
3
|
+
description: "Design CI/CD pipelines for automated build, test, deploy — GitHub Actions, GitLab CI, quality gates. Triggers: CI/CD, pipeline, GitHub Actions, GitLab CI, workflow, automated deployment, build pipeline, continuous integration, continuous deployment, automate tests on PR, deploy automatically, quality gate."
|
|
4
|
+
model: sonnet
|
|
5
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
# CI/CD Pipeline Design
|
|
9
|
+
|
|
10
|
+
Design and write CI/CD pipelines that automate build, test, and deployment with appropriate quality gates. Good pipelines are fast, reliable, and catch problems before they reach production.
|
|
11
|
+
|
|
12
|
+
## Workflow
|
|
13
|
+
|
|
14
|
+
### Step 1: Understand the Requirements
|
|
15
|
+
|
|
16
|
+
Before writing pipeline configuration, establish:
|
|
17
|
+
|
|
18
|
+
- **Platform**: GitHub Actions, GitLab CI, Jenkins, CircleCI, etc.
|
|
19
|
+
- **Triggers**: On push, on PR, on tag, on schedule, manual?
|
|
20
|
+
- **Stages needed**: Lint → Test → Build → Deploy? Security scan? Performance test?
|
|
21
|
+
- **Environments**: Staging, production? Approval gates between them?
|
|
22
|
+
- **Artifacts**: Docker images, npm packages, binaries? Where do they go?
|
|
23
|
+
- **Secrets**: What credentials are needed and how are they managed?
|
|
24
|
+
|
|
25
|
+
### Step 2: Design the Pipeline Stages
|
|
26
|
+
|
|
27
|
+
Follow the "fail fast" principle — cheapest and fastest checks run first:
|
|
28
|
+
|
|
29
|
+
```
|
|
30
|
+
1. Lint & Format (seconds) → Catch style issues immediately
|
|
31
|
+
2. Unit Tests (seconds) → Catch logic errors
|
|
32
|
+
3. Build (minutes) → Confirm it compiles/bundles
|
|
33
|
+
4. Integration Tests (minutes) → Catch wiring issues
|
|
34
|
+
5. Security Scan (minutes) → Catch vulnerabilities
|
|
35
|
+
6. Deploy to Staging (minutes) → Validate in real environment
|
|
36
|
+
7. Deploy to Prod (minutes) → With approval gate
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
Parallelize independent stages. Lint, unit tests, and security scans can run simultaneously.
|
|
40
|
+
|
|
41
|
+
**Multi-repo / deployment repo pattern:** If this service is part of a polyrepo with a deployment repo, the pipeline's deploy stages may update version pins in the deployment repo (via PR or `repository_dispatch`) rather than deploying directly to infrastructure. The deployment repo's own CI handles validation and promotion across environments. See `deployment-repo` for the orchestration pattern and `gitops-delivery` for automated cross-repo triggers.
|
|
42
|
+
|
|
43
|
+
### Step 3: Write the Configuration
|
|
44
|
+
|
|
45
|
+
Write the pipeline config for the target platform. Use [templates/github-actions.md](templates/github-actions.md) as a starting point for GitHub Actions PR validation and production deploy workflows, plus a GitLab CI equivalent.
|
|
46
|
+
|
|
47
|
+
Key best practices:
|
|
48
|
+
- **Cache dependencies** — Cache node_modules, pip packages, Go modules between runs
|
|
49
|
+
- **Pin action/image versions** — Use SHA hashes or exact tags, not `@latest` or `@main`
|
|
50
|
+
- **Minimize secrets scope** — Only expose secrets to the jobs that need them
|
|
51
|
+
- **Use matrix builds** — Test across Node versions, OS variants, or Python versions when applicable
|
|
52
|
+
- **Set timeouts** — Prevent stuck jobs from consuming runner minutes indefinitely
|
|
53
|
+
- **Reusable workflows** — Extract common patterns into shared workflow files
|
|
54
|
+
|
|
55
|
+
### Step 4: Add Quality Gates
|
|
56
|
+
|
|
57
|
+
Quality gates prevent bad code from advancing:
|
|
58
|
+
|
|
59
|
+
- **Required checks** — Tests and lint must pass before PR merge
|
|
60
|
+
- **Coverage thresholds** — Fail if coverage drops below the floor
|
|
61
|
+
- **Security scan** — Block deploys with critical vulnerabilities
|
|
62
|
+
- **Approval gates** — Require manual approval for production deploys
|
|
63
|
+
- **Smoke tests** — Automated health checks after deployment
|
|
64
|
+
|
|
65
|
+
### Step 5: Validate
|
|
66
|
+
|
|
67
|
+
- [ ] Pipeline triggers correctly on the intended events
|
|
68
|
+
- [ ] Failing tests actually block the pipeline (not just warnings)
|
|
69
|
+
- [ ] Secrets are not exposed in logs
|
|
70
|
+
- [ ] Cache is working (second run is faster)
|
|
71
|
+
- [ ] Deploy steps have appropriate environment protections
|
|
72
|
+
- [ ] Rollback mechanism exists
|
|
73
|
+
|
|
74
|
+
## Principles Applied
|
|
75
|
+
|
|
76
|
+
- **KISS**: Start with a single-file pipeline. Split into reusable workflows only when duplication appears.
|
|
77
|
+
- **DRY**: Extract repeated steps into composite actions or shared workflows.
|
|
78
|
+
- **Fail fast**: Order stages by speed and likelihood of failure.
|
|
79
|
+
- **YAGNI**: Don't add matrix builds across 5 Node versions if you only support one.
|
|
80
|
+
|
|
81
|
+
## Cross-Skill References
|
|
82
|
+
|
|
83
|
+
- `deployment-repo` — for multi-service systems, the deployment repo handles system-level CI (contract tests, E2E, promotion)
|
|
84
|
+
- `gitops-delivery` — pull-based delivery as an alternative to CI-driven `kubectl apply` / `helm upgrade`
|
|
85
|
+
- `deployment-checklist` — pre-deployment verification gates to incorporate into the pipeline
|
|
86
|
+
- `security-audit` — security scanning stages and SAST/DAST integration
|
|
87
|
+
- `verification-before-completion` — run the proving commands locally before relying on the pipeline to catch failures
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "cicd-pipeline",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "Set up a GitHub Actions CI/CD pipeline for our TypeScript Express API. We use PostgreSQL, run tests with Jest, build a Docker image, and deploy to AWS ECS. We want PR checks and auto-deploy to staging on merge to main, with manual approval for production.",
|
|
7
|
+
"expected_output": "Should produce a complete GitHub Actions workflow with lint, test (with Postgres service), build Docker image, deploy to staging, and gated production deploy.",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Lint and test run in parallel",
|
|
10
|
+
"PostgreSQL service container configured with health check",
|
|
11
|
+
"Dependencies are cached",
|
|
12
|
+
"Docker build uses multi-stage and caching",
|
|
13
|
+
"Staging deploys automatically on main push",
|
|
14
|
+
"Production deploy requires manual approval (environment protection)",
|
|
15
|
+
"Smoke test after each deployment",
|
|
16
|
+
"All jobs have timeouts",
|
|
17
|
+
"Action versions are pinned"
|
|
18
|
+
]
|
|
19
|
+
},
|
|
20
|
+
{
|
|
21
|
+
"id": 2,
|
|
22
|
+
"prompt": "Our CI pipeline takes 35 minutes. It runs lint, unit tests, integration tests, e2e tests, security scan, build, and deploy all sequentially. How can we speed it up?",
|
|
23
|
+
"expected_output": "Should identify parallelization opportunities, caching improvements, and suggest restructuring. Should not suggest skipping tests.",
|
|
24
|
+
"assertions": [
|
|
25
|
+
"Identifies that lint, unit tests, and security scan can run in parallel",
|
|
26
|
+
"Recommends dependency caching",
|
|
27
|
+
"Suggests splitting integration and e2e tests from unit tests",
|
|
28
|
+
"Does NOT suggest removing or skipping tests",
|
|
29
|
+
"Recommends concurrency control to cancel outdated runs",
|
|
30
|
+
"Provides a restructured pipeline diagram"
|
|
31
|
+
]
|
|
32
|
+
}
|
|
33
|
+
]
|
|
34
|
+
}
|