swe-workflow-skills 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -1,10 +1,10 @@
1
1
  # SWE Workflow Skills for Claude Code
2
2
 
3
3
  [![roles-check](https://github.com/SWEStash/swe-workflow-skills/actions/workflows/roles-check.yml/badge.svg)](https://github.com/SWEStash/swe-workflow-skills/actions/workflows/roles-check.yml)
4
- ![skills](https://img.shields.io/badge/skills-62-blue)
4
+ ![skills](https://img.shields.io/badge/skills-65-blue)
5
5
  [![license: MIT](https://img.shields.io/badge/license-MIT-yellow.svg)](LICENSE)
6
6
 
7
- A curated library of **62 Claude Code Agent Skills** that walk Claude through the
7
+ A curated library of **65 Claude Code Agent Skills** that walk Claude through the
8
8
  software lifecycle the way a disciplined senior engineer would — planning, design,
9
9
  TDD, review, security, deployment, incidents, and the project-management work around
10
10
  them.
@@ -43,8 +43,8 @@ full-SDLC breadth that popular collections don't cover:
43
43
  know of aim for (they tend to go deep on the coding inner loop; see
44
44
  [Acknowledgements](#acknowledgements)).
45
45
  - **Role-scoped.** `/role backend` (or `frontend`, `devops`, `ml`, `ai`, `data`,
46
- `security`, `architect`, `em`, `pm`, `strategy`, `qa`, `mobile`, `designer`) promotes
47
- a working set to auto-trigger; the rest stay one route away.
46
+ `data-scientist`, `security`, `architect`, `em`, `pm`, `strategy`, `qa`, `mobile`,
47
+ `designer`) promotes a working set to auto-trigger; the rest stay one route away.
48
48
  - **Cross-platform install.** The installer and SessionStart hook are **pure Node** — the
49
49
  one runtime Claude Code already requires — so they run identically on Linux, macOS, and
50
50
  Windows (no bash, Python, or `sed`).
@@ -62,7 +62,7 @@ web, claude.ai chat, and Cowork):
62
62
  **Want the whole library with the orchestrator** (CLI) — no clone needed:
63
63
 
64
64
  ```bash
65
- npx swe-workflow-skills install --global # all 62 skills + router + /role + the SessionStart hook
65
+ npx swe-workflow-skills install --global # all 65 skills + router + /role + the SessionStart hook
66
66
  ```
67
67
 
68
68
  Or from a clone: `node install.mjs --global`.
@@ -120,7 +120,7 @@ review) live in the `skill-router` skill and **[ROLES.md](docs/ROLES.md)**.
120
120
 
121
121
  ## What's included
122
122
 
123
- 62 skills — **[full catalog → SKILLS.md](docs/SKILLS.md)**:
123
+ 65 skills — **[full catalog → SKILLS.md](docs/SKILLS.md)**:
124
124
 
125
125
  | Area | Count | Examples |
126
126
  |------|-------|----------|
@@ -130,6 +130,7 @@ review) live in the `skill-router` skill and **[ROLES.md](docs/ROLES.md)**.
130
130
  | Design | 3 | ui-ux-design, frontend-architecture, accessibility-design |
131
131
  | MLOps | 3 | ml-pipeline-design, ml-experiment-tracking, ml-model-deployment |
132
132
  | AI Engineering | 2 | llm-app-engineering, ai-evaluation |
133
+ | Data Science | 3 | exploratory-data-analysis, statistical-analysis, notebook-to-production |
133
134
  | Data Engineering | 2 | data-pipeline-design, data-quality |
134
135
  | Mobile | 2 | mobile-architecture, mobile-release |
135
136
  | Evaluation & Monitoring | 2 | observability-design, test-data-strategy |
package/VERSION CHANGED
@@ -1 +1 @@
1
- 0.2.0
1
+ 0.3.0
package/catalog.json CHANGED
@@ -8,7 +8,7 @@
8
8
  },
9
9
  {
10
10
  "name": "ai-evaluation",
11
- "description": "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness, answer relevance, context precision/recall) with ragas/deepeval/promptfoo, LLM-as-judge design and calibration, eval regression gates in CI, online A/B and human feedback. Triggers: evaluate the model, eval my chatbot, RAG evals, ragas, LLM as judge, golden dataset, eval suite, is the new prompt better, hallucination rate, benchmark our AI app. Logging/comparing runs → ml-experiment-tracking; building the app → llm-app-engineering.",
11
+ "description": "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness, relevance, context precision/recall) with ragas/deepeval/promptfoo, LLM-as-judge design and calibration, eval regression gates in CI, online A/B and human feedback. Logging/comparing runs → ml-experiment-tracking; building the app → llm-app-engineering; general experiment statistics → statistical-analysis. Triggers: evaluate the model, eval my chatbot, RAG evals, ragas, LLM as judge, golden dataset, eval suite, is the new prompt better, hallucination rate, benchmark our AI app.",
12
12
  "path": "ai-evaluation/SKILL.md"
13
13
  },
14
14
  {
@@ -121,6 +121,11 @@
121
121
  "description": "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning. Triggers: estimate this, how long will this take, story points, t-shirt sizing, effort estimation, capacity planning, sprint planning, budget estimate, forecast, velocity, when will this be done.",
122
122
  "path": "effort-estimation/SKILL.md"
123
123
  },
124
+ {
125
+ "name": "exploratory-data-analysis",
126
+ "description": "Explore and profile an unfamiliar dataset before modeling or analysis — structural profiling, missingness structure, distributions and outliers, feature–target relationships, leakage awareness, and explicit hypothesis generation. Pipeline-level data trust (broken dashboards, tests, contracts, freshness) → data-quality; formal inference on the hypotheses → statistical-analysis. Triggers: explore this dataset, EDA, profile the data, what's in this data, first look at the data, understand this CSV, distributions, outliers, missing values, correlation, data leakage.",
127
+ "path": "exploratory-data-analysis/SKILL.md"
128
+ },
124
129
  {
125
130
  "name": "feature-planning",
126
131
  "description": "Break features into well-scoped tasks with acceptance criteria, risk assessment, and dependency mapping. Triggers: plan this, break this down, scope this feature, create tasks for, sprint planning, how should I implement this feature, user stories, acceptance criteria, dependency mapping, feature breakdown. Creates the plan — executing an already-approved plan checkpoint by checkpoint → plan-execution.",
@@ -178,7 +183,7 @@
178
183
  },
179
184
  {
180
185
  "name": "ml-pipeline-design",
181
- "description": "Design reproducible ML training and data pipelines — ingestion, validation, feature engineering, training, evaluation, continuous training orchestration. Triggers: training pipeline, ML data pipeline, feature engineering, ETL for ML, continuous training, data validation, feature store, preprocessing, notebook to pipeline, orchestrate training, Kubeflow, pipeline DAG, point-in-time features. Analytics/BI ELT and dbt warehouse pipelines → data-pipeline-design.",
186
+ "description": "Design reproducible ML training and data pipelines — ingestion, validation, feature engineering, training, evaluation, continuous training orchestration. Analytics/BI ELT and dbt warehouse pipelines → data-pipeline-design; refactoring general analysis/reporting notebooks (no model training) to production code → notebook-to-production. Triggers: training pipeline, ML data pipeline, feature engineering, ETL for ML, continuous training, data validation, feature store, preprocessing, notebook to training pipeline, orchestrate training, Kubeflow, pipeline DAG, point-in-time features.",
182
187
  "path": "ml-pipeline-design/SKILL.md"
183
188
  },
184
189
  {
@@ -191,6 +196,11 @@
191
196
  "description": "Ship mobile apps through the app stores — signing and provisioning, store review and rejection handling, phased/staged rollouts with halt criteria, crash monitoring, versioning and build numbers, beta channels (TestFlight, Play tracks), forced updates, and the no-instant-rollback reality of mobile. Triggers: app store release, publish to App Store, Play Store, TestFlight, staged rollout, app review rejected, code signing, provisioning profile, mobile release, hotfix a mobile bug. General semver/registry/library publishing → release-management.",
192
197
  "path": "mobile-release/SKILL.md"
193
198
  },
199
+ {
200
+ "name": "notebook-to-production",
201
+ "description": "Refactor analysis notebooks into production-grade code — triage what deserves productionizing, extract modules with tests, parameterize hardcoded values, pin environments for reproducibility, and schedule unattended runs with alerting. Owns general analysis/reporting notebooks; notebooks that feed model TRAINING (feature engineering + training DAGs, scheduled retraining) → ml-pipeline-design. Triggers: productionize this notebook, notebook to script, notebook to module, refactor my notebook, parameterize notebook, papermill, schedule this analysis, reproducible analysis, notebook is a mess.",
202
+ "path": "notebook-to-production/SKILL.md"
203
+ },
194
204
  {
195
205
  "name": "observability-design",
196
206
  "description": "Design production observability — SLIs, SLOs, SLAs, error budgets, OpenTelemetry traces/metrics/logs, structured logging, alerting, dashboards. Triggers: SLO, SLI, SLA, error budget, observability, monitoring, OpenTelemetry, OTel, tracing, distributed tracing, structured logging, alerting, dashboard, metrics, correlation ID, alert fatigue.",
@@ -223,7 +233,7 @@
223
233
  },
224
234
  {
225
235
  "name": "project-review",
226
- "description": "Review a built project's execution health before a milestone — scope alignment, roadmap / execution-plan adherence, implementation maturity (what's production-ready vs stub/deferred), and the evidence it actually works (tests, coverage, validation results, changelog). Triggers: project review, execution review, are we on track, implementation vs roadmap, scope drift, readiness review, what's actually built, validation results review, pre-launch review. Use strategic-review for vision/positioning/market; technical-debt-review for a pure code-health audit.",
236
+ "description": "Review a built project's execution health before a milestone — scope alignment, roadmap / execution-plan adherence, implementation maturity (what's production-ready vs stub/deferred), and the evidence it actually works (tests, coverage, validation results, changelog). Use strategic-review for vision/positioning/market; technical-debt-review for a pure code-health audit. Triggers: project review, execution review, are we on track, implementation vs roadmap, scope drift, readiness review, what's actually built, validation results review, pre-launch review.",
227
237
  "path": "project-review/SKILL.md"
228
238
  },
229
239
  {
@@ -253,17 +263,22 @@
253
263
  },
254
264
  {
255
265
  "name": "security-audit",
256
- "description": "Comprehensive security analysis — OWASP Top 10, auth/authz flows, injection vulnerabilities, data exposure, secrets detection, dependency CVEs, hardening recommendations. Triggers: security audit, vulnerability, is this secure, security review, pentest prep, OWASP, harden this, check for vulnerabilities, injection, XSS, CSRF, auth security. Reviews EXISTING code/config — design-time analysis of a system not yet built → threat-modeling.",
266
+ "description": "Comprehensive security analysis — OWASP Top 10, auth/authz flows, injection vulnerabilities, data exposure, secrets detection, dependency CVEs, hardening recommendations. Reviews EXISTING code/config — design-time analysis of a system not yet built → threat-modeling. Triggers: security audit, vulnerability, is this secure, security review, pentest prep, OWASP, harden this, check for vulnerabilities, injection, XSS, CSRF, auth security.",
257
267
  "path": "security-audit/SKILL.md"
258
268
  },
259
269
  {
260
270
  "name": "skill-router",
261
- "description": "Orchestrator and entry point for the swe-workflow skills library — consult FIRST when starting any non-trivial software task; most skills load name-only and only activate when invoked here. Triggers: starting a feature, planning, an architecture or design decision, implementing, debugging, reviewing, refactoring, testing, security, deployment, an incident, shipping, or unsure which skill fits. Routes intent to the right skill(s) and invokes them by name; shows the Golden Path chains.",
271
+ "description": "Orchestrator and entry point for the swe-workflow skills library — consult FIRST when starting any non-trivial software task; most skills load name-only and only activate when invoked here. Routes intent to the right skill(s) and invokes them by name; shows the Golden Path chains. Triggers: starting a feature, planning, an architecture or design decision, implementing, debugging, reviewing, refactoring, testing, security, deployment, an incident, shipping, or unsure which skill fits.",
262
272
  "path": "skill-router/SKILL.md"
263
273
  },
274
+ {
275
+ "name": "statistical-analysis",
276
+ "description": "Design and analyze experiments and statistical tests — test selection with stated assumptions, sample size and power, effect sizes and confidence intervals over bare p-values, and pitfall discipline (multiple comparisons, p-hacking, peeking/optional stopping). Owns experiment statistics generally; live A/B evaluation of AI/LLM apps (quality metrics, judges, feedback) → ai-evaluation. Triggers: hypothesis test, t-test, chi-square, p-value, statistical significance, confidence interval, sample size, power analysis, design an experiment, A/B test, multiple comparisons, is this difference real.",
277
+ "path": "statistical-analysis/SKILL.md"
278
+ },
264
279
  {
265
280
  "name": "strategic-review",
266
- "description": "Review a project's strategic position before going public, launching, or raising — vision, mission, value proposition, scope positioning, the defensible wedge, and a live competitive / market comparative analysis. Triggers: strategic review, positioning, go public, go-to-market, market analysis, competitive landscape, value proposition, is there a moat, who are our competitors, platform absorption risk, market positioning, comparable products. Use project-review for execution/roadmap/implementation health; delegates deep market scans to deep-research.",
281
+ "description": "Review a project's strategic position before going public, launching, or raising — vision, mission, value proposition, scope positioning, the defensible wedge, and a live competitive / market comparative analysis. Use project-review for execution/roadmap/implementation health; delegates deep market scans to deep-research. Triggers: strategic review, positioning, go public, go-to-market, market analysis, competitive landscape, value proposition, is there a moat, who are our competitors, platform absorption risk, market positioning, comparable products.",
267
282
  "path": "strategic-review/SKILL.md"
268
283
  },
269
284
  {
package/commands/role.md CHANGED
@@ -8,10 +8,21 @@ disable-model-invocation: true
8
8
 
9
9
  The user is managing the active swe-workflow skill role. The requested role argument is: `$ARGUMENTS`
10
10
 
11
- Run this script exactly once via Bash, then report the result to the user concisely (the new active role, and that the change hot-reloads so it applies to the next prompt):
11
+ **Validate the argument before running anything.** It must be empty or match
12
+ `^[a-z0-9_-]{1,32}$` (role keys are short kebab-case names). If it does not match —
13
+ any spaces, quotes, `$`, backticks, slashes, or other characters — do NOT run the
14
+ script below with it: reply that the role name is invalid and show the available
15
+ roles by running only `node "@@RESOLVE@@" roles` (with `ROLES_JSON="@@ROLES@@"`
16
+ exported).
17
+
18
+ If the argument is valid, run this script exactly once via Bash, replacing
19
+ `__ROLE__` with the validated argument (or with nothing when no argument was
20
+ given), then report the result to the user concisely (the new active role, and
21
+ that the change hot-reloads so it applies to the next prompt):
12
22
 
13
23
  ```bash
14
- ROLE="$ARGUMENTS"
24
+ ROLE="__ROLE__"
25
+ case "$ROLE" in *[!a-zA-Z0-9_-]*) echo "invalid role name" >&2; exit 1;; esac
15
26
  RESOLVE="@@RESOLVE@@"; SKILLS="@@SKILLS@@"; SETTINGS="@@SETTINGS@@"
16
27
  ROLES="@@ROLES@@"; ACTIVE="@@ACTIVE_ROLE@@"
17
28
  export ROLES_JSON="$ROLES"
@@ -32,3 +43,4 @@ fi
32
43
  Notes:
33
44
  - `skillOverrides` and the skill listing hot-reload when `settings.local.json` changes, so the new auto-trigger set takes effect on the next prompt without a restart.
34
45
  - This command is for the full (all-skills) CLI install. Hard-subset (`--role`) installs and the per-role marketplace plugins don't need it.
46
+ - Security: the script deliberately never embeds `$ARGUMENTS` directly (slash-command templates interpolate it as text, so a crafted argument would execute in the shell). The value reaches the script only via the validated `__ROLE__` transfer above; the in-script `case` guard is defense-in-depth.
package/install.mjs CHANGED
@@ -161,6 +161,17 @@ if (role) {
161
161
  }
162
162
  }
163
163
 
164
+ // Positional args must be exact skill names, never paths: a traversal like
165
+ // `install.mjs ../..` would pass the isDir guard below and the clean-copy rmSync
166
+ // would then delete outside the destination. Reject before touching anything.
167
+ if (selected.length > 0) {
168
+ const known = new Set(listSkillDirs());
169
+ const bad = selected.filter((s) => !known.has(s));
170
+ if (bad.length > 0) {
171
+ fatal(`unknown skill(s): ${bad.join(", ")}. Run 'install.mjs --list' to see skills.`);
172
+ }
173
+ }
174
+
164
175
  // ---- resolve destination ---------------------------------------------------
165
176
 
166
177
  let claudeDir;
@@ -298,15 +309,24 @@ function copyIfExists(src, destPath) {
298
309
  if (existsSync(src)) cpSync(src, destPath);
299
310
  }
300
311
 
301
- // The SessionStart block to merge into settings.json. JSON.stringify keeps the path
302
- // correctly escaped on every OS (Windows backslashes included).
312
+ // Double-quote a path for the POSIX shell that runs the hook command, escaping the
313
+ // chars that stay active inside double quotes (\ $ ` "). Without the $/` escapes, a
314
+ // config path containing e.g. `$(cmd)` would run that command substitution at every
315
+ // session start. For \ and " this produces exactly what JSON.stringify used to (so
316
+ // Windows paths render unchanged); cmd.exe keeps the backslash before $/`, but paths
317
+ // with those chars are effectively POSIX-only.
318
+ function shellQuote(p) {
319
+ return '"' + p.replace(/[\\$`"]/g, (c) => "\\" + c) + '"';
320
+ }
321
+
322
+ // The SessionStart block to merge into settings.json.
303
323
  function hookSnippet(path) {
304
324
  const block = {
305
325
  hooks: {
306
326
  SessionStart: [
307
327
  {
308
328
  matcher: "startup|resume|clear|compact",
309
- hooks: [{ type: "command", command: `node ${JSON.stringify(path)}` }],
329
+ hooks: [{ type: "command", command: `node ${shellQuote(path)}` }],
310
330
  },
311
331
  ],
312
332
  },
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "swe-workflow-skills",
3
- "version": "0.2.0",
4
- "description": "A curated library of 44 Claude Code Agent Skills for the software lifecycle, with orchestrator-routed activation that scales past the skill-listing budget.",
3
+ "version": "0.3.0",
4
+ "description": "A curated library of Claude Code Agent Skills covering the full software lifecycle, with orchestrator-routed activation that scales past the skill-listing budget.",
5
5
  "type": "module",
6
6
  "bin": {
7
7
  "swe-workflow-skills": "bin/cli.mjs"
package/roles.json CHANGED
@@ -127,6 +127,20 @@
127
127
  "observability-design"
128
128
  ]
129
129
  },
130
+ "data-scientist": {
131
+ "label": "Data Scientist",
132
+ "description": "Skills for exploratory data analysis, statistical rigor, notebook productionization, and the experiment-tracking/data-quality/modeling work around them.",
133
+ "core": "technical",
134
+ "skills": [
135
+ "exploratory-data-analysis",
136
+ "statistical-analysis",
137
+ "notebook-to-production",
138
+ "ml-experiment-tracking",
139
+ "data-quality",
140
+ "data-modeling",
141
+ "ai-evaluation"
142
+ ]
143
+ },
130
144
  "security": {
131
145
  "label": "Security Engineer",
132
146
  "description": "Skills for design-time threat modeling, security audits, dependency/CVE management, blast-radius analysis, and incident handling.",
@@ -104,10 +104,15 @@ function sortKeysDeep(value) {
104
104
 
105
105
  export function loadSettings(settingsPath) {
106
106
  if (existsSync(settingsPath) && statSync(settingsPath).isFile()) {
107
+ const text = readFileSync(settingsPath, "utf-8");
107
108
  try {
108
- return JSON.parse(readFileSync(settingsPath, "utf-8")) || {};
109
- } catch {
110
- return {};
109
+ return JSON.parse(text) || {};
110
+ } catch (e) {
111
+ // A corrupt (e.g. hand-edited) file must NOT read as empty: downstream
112
+ // writers would rebuild it from {} and silently destroy the user's
113
+ // settings. Throw so callers skip the write (the SessionStart hook
114
+ // catches this and leaves the file alone; the CLI surfaces it).
115
+ throw new Error(`unparseable JSON in ${settingsPath} — fix or remove it (${e.message})`);
111
116
  }
112
117
  }
113
118
  return {};
@@ -1,6 +1,7 @@
1
1
  ---
2
2
  name: ai-evaluation
3
- description: "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness, answer relevance, context precision/recall) with ragas/deepeval/promptfoo, LLM-as-judge design and calibration, eval regression gates in CI, online A/B and human feedback. Triggers: evaluate the model, eval my chatbot, RAG evals, ragas, LLM as judge, golden dataset, eval suite, is the new prompt better, hallucination rate, benchmark our AI app. Logging/comparing runs → ml-experiment-tracking; building the app → llm-app-engineering."
3
+ description: "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness, relevance, context precision/recall) with ragas/deepeval/promptfoo, LLM-as-judge design and calibration, eval regression gates in CI, online A/B and human feedback. Logging/comparing runs → ml-experiment-tracking; building the app → llm-app-engineering; general experiment statistics → statistical-analysis."
4
+ when_to_use: "Triggers: evaluate the model, eval my chatbot, RAG evals, ragas, LLM as judge, golden dataset, eval suite, is the new prompt better, hallucination rate, benchmark our AI app."
4
5
  model: sonnet
5
6
  allowed-tools: Read, Grep, Glob, Write, Edit, Bash
6
7
  ---
@@ -1,6 +1,7 @@
1
1
  ---
2
2
  name: code-reviewing
3
- description: "Structured code reviews enforcing DRY, KISS, YAGNI, SRP, best practices, and project conventions. Triggers: review this code, code review, check my code, what do you think of this implementation, review this PR, is this code good, feedback on my code, review staged changes before commit."
3
+ description: "Structured code reviews enforcing DRY, KISS, YAGNI, SRP, best practices, and project conventions."
4
+ when_to_use: "Triggers: review this code, code review, check my code, what do you think of this implementation, review this PR, is this code good, feedback on my code, review staged changes before commit."
4
5
  model: sonnet
5
6
  allowed-tools: Read, Grep, Glob, Write, Edit
6
7
  ---
@@ -13,10 +14,19 @@ Perform thorough, constructive code reviews that catch bugs, enforce principles,
13
14
 
14
15
  ### Step 1: Understand the Context
15
16
 
16
- Before reviewing line-by-line, understand the big picture:
17
+ Working-tree changes right now (live at skill load; empty when the tree is clean,
18
+ this isn't a git repo, or the review targets something else — e.g. pasted code or
19
+ a PR):
20
+
21
+ !`git diff --stat 2>/dev/null || true`
22
+
23
+ If the summary above is empty or irrelevant to what you were asked to review,
24
+ proceed with the code as provided. Before reviewing line-by-line, understand the
25
+ big picture:
17
26
 
18
27
  - **What is this code supposed to do?** Read the PR description, linked issue, or ask the user.
19
- - **What changed?** If reviewing a diff, understand the scope of changes.
28
+ - **What changed?** If reviewing a diff, understand the scope of changes — run the
29
+ full `git diff` (or `git diff --staged`) when the stat summary isn't enough.
20
30
  - **What's the surrounding code like?** Read adjacent files for conventions and patterns.
21
31
 
22
32
  ### Step 2: First Pass — Structural Review
@@ -1,92 +1,49 @@
1
1
  ---
2
2
  name: effort-estimation
3
- description: "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning. Triggers: estimate this, how long will this take, story points, t-shirt sizing, effort estimation, capacity planning, sprint planning, budget estimate, forecast, velocity, when will this be done."
3
+ description: "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning."
4
+ when_to_use: "Triggers: estimate this, how long will this take, story points, t-shirt sizing, effort estimation, capacity planning, sprint planning, budget estimate, forecast, velocity, when will this be done."
4
5
  model: haiku
5
6
  allowed-tools: Read, Grep, Glob, Write, Edit
6
7
  ---
7
8
 
8
9
  # Effort Estimation
9
10
 
10
- Produce honest, useful estimates that help teams plan without creating false precision. Estimation in agile is about making informed decisions under uncertainty, not predicting the future exactly.
11
-
12
- ## Core Philosophy
13
-
14
- **Estimates are forecasts, not commitments.** They communicate "based on what we know today, here's our best guess at the range of effort." They should always include uncertainty ranges, and they should improve as you learn more.
11
+ Produce honest, useful estimates without false precision. Estimates are forecasts,
12
+ not commitments — always ranges, always improving as you learn more.
15
13
 
16
14
  ## Workflow
17
15
 
18
16
  ### Step 1: Ensure Tasks Are Defined
19
17
 
20
- You can't estimate undefined work. Before estimating, ensure:
21
-
22
- - Tasks are broken down (use `feature-planning` if not)
23
- - Acceptance criteria exist for each task
24
- - Technical approach is at least sketched (spikes completed for unknowns)
25
-
26
- If the work is too vague to estimate, say so. "I can't estimate this until we do a spike" is a valid and responsible answer.
27
-
28
- ### Step 2: Choose the Estimation Method
29
-
30
- | Method | Best For | Precision | Speed |
31
- |--------|----------|-----------|-------|
32
- | **T-shirt sizing** | Roadmap planning, early-stage sizing, large backlogs | Low (ranges) | Very fast |
33
- | **Story points** (Fibonacci) | Sprint planning, velocity tracking, mature teams | Medium (relative) | Moderate |
34
- | **Three-point estimation** | High-stakes estimates, budget requests, uncertain work | High (ranges with confidence) | Slow |
35
- | **Time-based** | Well-understood tasks with low uncertainty | High (hours/days) | Moderate |
36
-
37
- **Default recommendation**: T-shirt sizing for roadmap/quarter planning, story points for sprint planning. Three-point for budget requests and stakeholder communication.
18
+ You can't estimate undefined work. Tasks must be broken down (use `feature-planning`
19
+ if not), have acceptance criteria, and have at least a sketched technical approach.
20
+ "I can't estimate this until we do a spike" is a valid and responsible answer.
38
21
 
39
- ### Step 3: Apply the Method
22
+ ### Step 2: Choose the Method
40
23
 
41
- See [references/estimation-methods.md](references/estimation-methods.md) for detailed guidance on each method.
24
+ T-shirt sizing for roadmap and early-stage sizing; story points (Fibonacci) for
25
+ sprint planning and velocity tracking; three-point estimation for budget requests
26
+ and high-uncertainty, high-stakes work; time-based only for well-understood tasks.
27
+ See [references/estimation-methods.md](references/estimation-methods.md) for
28
+ detailed guidance on each method.
42
29
 
43
- **Key principles across all methods:**
30
+ ### Step 3: Apply It
44
31
 
45
- 1. **Estimate as a team**, not individually. The person most and least familiar with the area should both contribute the gap reveals hidden complexity.
46
- 2. **Estimate relative to known work**, not in absolute terms. "This is about twice as hard as that login feature we built" is more accurate than "this will take 3 days."
47
- 3. **Include uncertainty explicitly.** "3-5 days" is more honest than "4 days."
48
- 4. **Estimate the work, not the worker.** Story points measure the task's size, not who's doing it.
49
- 5. **Re-estimate when you learn more.** Initial estimates are educated guesses. Update them as spikes complete and requirements clarify.
32
+ Estimate per task, not the project as a single unit; relative to known work rather
33
+ than in absolute terms; as a team where possible (the familiarity gap between
34
+ estimators reveals hidden complexity); with uncertainty explicit. Re-estimate when
35
+ spikes complete or requirements clarify.
50
36
 
51
- ### Step 4: Handle Budget and Timeline Requests
37
+ ### Step 4: Translate for Stakeholders
52
38
 
53
- When stakeholders need dates or dollars, translate estimates thoughtfully:
54
-
55
- **From story points to time:**
56
- ```
57
- Estimated story points for the project: 85
58
- Team velocity: ~30 points per sprint (2-week sprints)
59
- Sprints needed: 85 / 30 = ~3 sprints = 6 weeks
60
-
61
- Add buffer for unknowns (20-30%): 7-8 weeks
62
- Communicate as range: "6-8 weeks with the current team"
63
- ```
64
-
65
- **From effort to cost:**
66
- ```
67
- Effort estimate: 12-16 person-weeks
68
- Team loaded cost: $X per person-week
69
- Total: 12 × $X to 16 × $X
70
- Communicate as range: "$A - $B"
71
- ```
72
-
73
- **Always provide ranges, never single numbers.** A single number becomes a commitment; a range communicates confidence.
39
+ Convert to time or cost via team velocity or loaded cost, add a 20-30% buffer for
40
+ unknowns, and communicate a range in stakeholder language — weeks and dollars, not
41
+ story points. A single number becomes a commitment; a range communicates confidence.
74
42
 
75
43
  ### Step 5: Track and Calibrate
76
44
 
77
- Estimates improve with feedback. After each sprint or project:
78
-
79
- - Compare estimated vs actual effort
80
- - Identify systematic patterns (always overestimate UI? Always underestimate integrations?)
81
- - Adjust team velocity based on recent data (use the last 3-5 sprints, not all-time average)
82
-
83
- ## Common Estimation Traps
84
-
85
- - **Anchoring**: The first number said influences everyone else. Use blind estimation (planning poker, simultaneous reveal).
86
- - **Planning fallacy**: People consistently underestimate. Use historical data to calibrate.
87
- - **Scope creep blindness**: Estimate the work as defined, then add buffer for scope growth — it always grows.
88
- - **Hero planning**: Estimating based on the best-case scenario with the best developer with zero interruptions. Estimate for a typical day with meetings and context switches.
89
- - **Precision theater**: Saying "47 hours" when you mean "roughly a week." False precision erodes trust faster than honest ranges.
45
+ Compare estimated vs actual each sprint, look for systematic bias, and recalibrate
46
+ velocity on the last 3-5 sprints, not the all-time average.
90
47
 
91
48
  ## Principles Applied
92
49
 
@@ -0,0 +1,110 @@
1
+ ---
2
+ name: exploratory-data-analysis
3
+ description: "Explore and profile an unfamiliar dataset before modeling or analysis — structural profiling, missingness structure, distributions and outliers, feature–target relationships, leakage awareness, and explicit hypothesis generation. Pipeline-level data trust (broken dashboards, tests, contracts, freshness) → data-quality; formal inference on the hypotheses → statistical-analysis."
4
+ when_to_use: "Triggers: explore this dataset, EDA, profile the data, what's in this data, first look at the data, understand this CSV, distributions, outliers, missing values, correlation, data leakage."
5
+ model: sonnet
6
+ allowed-tools: Read, Grep, Glob, Write, Edit, Bash
7
+ ---
8
+
9
+ # Exploratory Data Analysis
10
+
11
+ Understand a dataset before trusting it with a model or a decision. The output
12
+ of EDA is not a pile of statistics — it is a documented understanding: what the
13
+ data is, what's wrong or surprising in it, and a set of explicit hypotheses to
14
+ test next. Every step below feeds that document.
15
+
16
+ ## Workflow
17
+
18
+ ### 1. Frame the goal and the grain
19
+
20
+ Before profiling anything, write down what decision or model this data will
21
+ feed, and establish the **grain**: what does one row represent (an order? a
22
+ customer? a customer-month?)? Duplicate keys and mixed grains invalidate every
23
+ later statistic. If the eventual use is prediction, note *when* the prediction
24
+ would be made — that timestamp drives the leakage checks in step 5.
25
+
26
+ ### 2. Profile structurally
27
+
28
+ Column types, ranges, cardinality, and summary statistics for every column —
29
+ cheaply, before any deep dive. Triage wide tables by metadata first (null rate,
30
+ cardinality, type) and prioritize columns by relevance to the goal; don't
31
+ profile 400 columns equally.
32
+
33
+ If the data doesn't fit in memory: push aggregations down to the warehouse
34
+ (SQL), or use an out-of-core/lazy engine (DuckDB, Polars). When you sample,
35
+ **sample representatively** — random or stratified, never `head()` (files are
36
+ usually ordered by time or id) — and state the caveat that rare events and
37
+ extreme outliers can be missed under sampling; verify those against the full
38
+ data with targeted queries.
39
+
40
+ ### 3. Map the missingness structure
41
+
42
+ Null counts are the start, not the answer. Distinguish:
43
+
44
+ - **Random gaps** — sporadic nulls, roughly uniform across segments.
45
+ - **Structural missingness** — a column populated only for some segment, after
46
+ some date, or by some source system. Cross-tab null rates against segments
47
+ and time to find these.
48
+ - **Informative missingness** — where the *fact* that a value is missing
49
+ predicts the outcome (e.g., income missing for churned users). Flag it; it
50
+ may be a feature, or it may be leakage.
51
+
52
+ Also check for disguised missing values: sentinel codes (0, -1, 999,
53
+ "unknown", empty string) that aren't NULL.
54
+
55
+ ### 4. Distributions and outliers
56
+
57
+ For key numeric columns: quantiles, histograms, and an outlier pass (IQR or
58
+ similar). For categoricals: frequency tables and rare-level counts. Decide for
59
+ each outlier cluster whether it is a data error, a unit mismatch, or a genuine
60
+ tail — **never drop outliers before classifying them**; genuine tails are often
61
+ the interesting part. Check skew before assuming any statistic (mean, std) is
62
+ representative.
63
+
64
+ ### 5. Target definition, balance, and leakage
65
+
66
+ If the data will feed a model:
67
+
68
+ - **Define the target explicitly** (e.g., "churn = no order in 90 days after
69
+ cutoff") and check its **class balance** — a 2% positive rate changes the
70
+ whole modeling and evaluation approach downstream.
71
+ - **Hunt for leakage**: any column recorded at-or-after the outcome
72
+ (cancellation reason, final status, updated_at aggregates), and proxies that
73
+ encode the outcome indirectly. Test: "would this value exist at prediction
74
+ time?" If unsure, trace how the column is produced. A too-good correlation
75
+ with the target is a leakage smell, not a win.
76
+
77
+ ### 6. Relationships, not just profiles
78
+
79
+ Univariate profiles alone don't generate hypotheses. Examine bivariate
80
+ structure: correlations among candidate features, and each candidate feature
81
+ against the target (grouped rates, means by decile, simple cross-tabs). Note
82
+ confounders — a feature↔target association may be explained by segment or
83
+ time. This is where most real hypotheses come from.
84
+
85
+ ### 7. Write the hypotheses and hand off
86
+
87
+ Close with a short findings document: data issues found, columns excluded and
88
+ why (especially leakage suspects), and **explicit hypotheses phrased as
89
+ testable statements** ("weekend signups churn more", "the price effect is
90
+ driven by segment X") plus open questions for the data owners. Formal testing
91
+ of those hypotheses is `statistical-analysis` territory; feature/training
92
+ pipeline work is `ml-pipeline-design`.
93
+
94
+ ## Principles
95
+
96
+ - **KISS**: value counts and group-by rates beat clever visualizations for
97
+ finding problems fast.
98
+ - **YAGNI**: profile to the goal — an exhaustive 400-column report nobody reads
99
+ is not EDA.
100
+ - **Honest accounting**: record what you did NOT check (columns skipped,
101
+ sample-size limits) in the findings doc.
102
+
103
+ ## Cross-skill boundaries
104
+
105
+ - Bad data in a *pipeline or dashboard* (freshness, contracts, dbt tests,
106
+ lineage) → **data-quality** — that's an operational trust problem, not
107
+ exploration of an unfamiliar dataset.
108
+ - Formal hypothesis testing, experiment design, significance → **statistical-analysis**.
109
+ - Turning the analysis into scheduled production code → **notebook-to-production**.
110
+ - Schema design for storing the data → **data-modeling**.
@@ -0,0 +1,43 @@
1
+ {
2
+ "skill_name": "exploratory-data-analysis",
3
+ "evals": [
4
+ {
5
+ "id": 1,
6
+ "prompt": "I just got a CSV export of our customer orders — about 200k rows, 30 columns — and I've never seen this data before. We eventually want a churn model out of it. Where do I start?",
7
+ "expected_output": "Should run a structured EDA workflow: profile columns first, examine missingness patterns and distributions, look at the target definition and class balance, flag potential leakage columns, and turn findings into explicit hypotheses — not jump to modeling.",
8
+ "assertions": [
9
+ "Profiles the dataset first (column types, ranges, cardinality, summary statistics) before giving any modeling advice",
10
+ "Examines missingness patterns and distinguishes random gaps from structural ones (e.g., a column only populated for some segment)",
11
+ "Checks distributions and flags outliers or skew with concrete methods (quantiles, histograms, IQR or similar)",
12
+ "Warns about target leakage — columns that would not be available at prediction time must be identified and excluded",
13
+ "Examines how the churn target would be defined and its class balance before any modeling",
14
+ "Looks at relationships between candidate features and the target, not just univariate profiles",
15
+ "Produces explicit hypotheses or follow-up questions from the findings rather than only reporting statistics"
16
+ ]
17
+ },
18
+ {
19
+ "id": 2,
20
+ "prompt": "I need to understand a warehouse extract with 400 columns and 3 million rows by Friday, and pandas kills my laptop when I load it. What's the plan?",
21
+ "expected_output": "Should scale the EDA workflow instead of abandoning it: triage columns cheaply first, work on a representative sample or push aggregations to the warehouse, and prioritize by the analysis goal rather than exhaustively profiling everything.",
22
+ "assertions": [
23
+ "Recommends sampling or chunked/out-of-core processing instead of loading everything into memory",
24
+ "Notes the sample must be representative (random or stratified) and flags the caveat that rare events and outliers can be missed under sampling",
25
+ "Triages the 400 columns cheaply (types, null rates, cardinality) before deep-diving any of them",
26
+ "Prioritizes columns by relevance to the stated goal rather than profiling all 400 equally",
27
+ "Suggests pushing heavy aggregations down to the warehouse via SQL, or using a lazy/out-of-core engine (e.g., Polars, DuckDB, Dask)",
28
+ "Still covers the core EDA checklist (types, missingness, distributions, key relationships) on the reduced view"
29
+ ]
30
+ },
31
+ {
32
+ "id": 3,
33
+ "prompt": "Our finance dashboard has shown wrong revenue numbers all week — the nightly job loads orders into the warehouse and something is off upstream. Can you help me analyze the data and find the problem?",
34
+ "expected_output": "Should recognize this as a pipeline-level data-trust problem, not exploration of an unfamiliar dataset — hand off to the data-quality skill (dbt tests, freshness, schema drift, contracts, lineage) rather than starting a dataset-profiling workflow.",
35
+ "assertions": [
36
+ "Recognizes this as a data-quality / pipeline-trust problem rather than exploratory analysis of a new dataset",
37
+ "Hands off to or invokes the data-quality skill instead of running a generic EDA workflow",
38
+ "Points at concrete data-quality directions (dbt tests, source freshness, schema drift, upstream contract, lineage/blast radius) as the right path",
39
+ "Does not respond with a dataset-profiling/distributions workflow as the primary answer"
40
+ ]
41
+ }
42
+ ]
43
+ }