swe-workflow-skills 0.2.0 → 0.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +7 -6
- package/VERSION +1 -1
- package/catalog.json +21 -6
- package/commands/role.md +14 -2
- package/install.mjs +23 -3
- package/package.json +2 -2
- package/roles.json +14 -0
- package/scripts/resolve.mjs +8 -3
- package/skills/ai-evaluation/SKILL.md +2 -1
- package/skills/code-reviewing/SKILL.md +13 -3
- package/skills/effort-estimation/SKILL.md +24 -67
- package/skills/exploratory-data-analysis/SKILL.md +110 -0
- package/skills/exploratory-data-analysis/evals/evals.json +43 -0
- package/skills/git-workflow/SKILL.md +21 -14
- package/skills/ml-pipeline-design/SKILL.md +8 -2
- package/skills/ml-pipeline-design/evals/evals.json +10 -0
- package/skills/notebook-to-production/SKILL.md +89 -0
- package/skills/notebook-to-production/evals/evals.json +42 -0
- package/skills/project-documentation/SKILL.md +7 -4
- package/skills/project-review/SKILL.md +13 -3
- package/skills/security-audit/SKILL.md +13 -2
- package/skills/skill-router/SKILL.md +11 -1
- package/skills/statistical-analysis/SKILL.md +93 -0
- package/skills/statistical-analysis/evals/evals.json +43 -0
- package/skills/strategic-review/SKILL.md +16 -2
- package/skills/technical-debt-review/SKILL.md +12 -2
- package/skills/writing-skills/SKILL.md +36 -20
package/README.md
CHANGED
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
# SWE Workflow Skills for Claude Code
|
|
2
2
|
|
|
3
3
|
[](https://github.com/SWEStash/swe-workflow-skills/actions/workflows/roles-check.yml)
|
|
4
|
-

|
|
5
5
|
[](LICENSE)
|
|
6
6
|
|
|
7
|
-
A curated library of **
|
|
7
|
+
A curated library of **65 Claude Code Agent Skills** that walk Claude through the
|
|
8
8
|
software lifecycle the way a disciplined senior engineer would — planning, design,
|
|
9
9
|
TDD, review, security, deployment, incidents, and the project-management work around
|
|
10
10
|
them.
|
|
@@ -43,8 +43,8 @@ full-SDLC breadth that popular collections don't cover:
|
|
|
43
43
|
know of aim for (they tend to go deep on the coding inner loop; see
|
|
44
44
|
[Acknowledgements](#acknowledgements)).
|
|
45
45
|
- **Role-scoped.** `/role backend` (or `frontend`, `devops`, `ml`, `ai`, `data`,
|
|
46
|
-
`security`, `architect`, `em`, `pm`, `strategy`, `qa`, `mobile`,
|
|
47
|
-
a working set to auto-trigger; the rest stay one route away.
|
|
46
|
+
`data-scientist`, `security`, `architect`, `em`, `pm`, `strategy`, `qa`, `mobile`,
|
|
47
|
+
`designer`) promotes a working set to auto-trigger; the rest stay one route away.
|
|
48
48
|
- **Cross-platform install.** The installer and SessionStart hook are **pure Node** — the
|
|
49
49
|
one runtime Claude Code already requires — so they run identically on Linux, macOS, and
|
|
50
50
|
Windows (no bash, Python, or `sed`).
|
|
@@ -62,7 +62,7 @@ web, claude.ai chat, and Cowork):
|
|
|
62
62
|
**Want the whole library with the orchestrator** (CLI) — no clone needed:
|
|
63
63
|
|
|
64
64
|
```bash
|
|
65
|
-
npx swe-workflow-skills install --global # all
|
|
65
|
+
npx swe-workflow-skills install --global # all 65 skills + router + /role + the SessionStart hook
|
|
66
66
|
```
|
|
67
67
|
|
|
68
68
|
Or from a clone: `node install.mjs --global`.
|
|
@@ -120,7 +120,7 @@ review) live in the `skill-router` skill and **[ROLES.md](docs/ROLES.md)**.
|
|
|
120
120
|
|
|
121
121
|
## What's included
|
|
122
122
|
|
|
123
|
-
|
|
123
|
+
65 skills — **[full catalog → SKILLS.md](docs/SKILLS.md)**:
|
|
124
124
|
|
|
125
125
|
| Area | Count | Examples |
|
|
126
126
|
|------|-------|----------|
|
|
@@ -130,6 +130,7 @@ review) live in the `skill-router` skill and **[ROLES.md](docs/ROLES.md)**.
|
|
|
130
130
|
| Design | 3 | ui-ux-design, frontend-architecture, accessibility-design |
|
|
131
131
|
| MLOps | 3 | ml-pipeline-design, ml-experiment-tracking, ml-model-deployment |
|
|
132
132
|
| AI Engineering | 2 | llm-app-engineering, ai-evaluation |
|
|
133
|
+
| Data Science | 3 | exploratory-data-analysis, statistical-analysis, notebook-to-production |
|
|
133
134
|
| Data Engineering | 2 | data-pipeline-design, data-quality |
|
|
134
135
|
| Mobile | 2 | mobile-architecture, mobile-release |
|
|
135
136
|
| Evaluation & Monitoring | 2 | observability-design, test-data-strategy |
|
package/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
0.
|
|
1
|
+
0.3.0
|
package/catalog.json
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
},
|
|
9
9
|
{
|
|
10
10
|
"name": "ai-evaluation",
|
|
11
|
-
"description": "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness,
|
|
11
|
+
"description": "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness, relevance, context precision/recall) with ragas/deepeval/promptfoo, LLM-as-judge design and calibration, eval regression gates in CI, online A/B and human feedback. Logging/comparing runs → ml-experiment-tracking; building the app → llm-app-engineering; general experiment statistics → statistical-analysis. Triggers: evaluate the model, eval my chatbot, RAG evals, ragas, LLM as judge, golden dataset, eval suite, is the new prompt better, hallucination rate, benchmark our AI app.",
|
|
12
12
|
"path": "ai-evaluation/SKILL.md"
|
|
13
13
|
},
|
|
14
14
|
{
|
|
@@ -121,6 +121,11 @@
|
|
|
121
121
|
"description": "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning. Triggers: estimate this, how long will this take, story points, t-shirt sizing, effort estimation, capacity planning, sprint planning, budget estimate, forecast, velocity, when will this be done.",
|
|
122
122
|
"path": "effort-estimation/SKILL.md"
|
|
123
123
|
},
|
|
124
|
+
{
|
|
125
|
+
"name": "exploratory-data-analysis",
|
|
126
|
+
"description": "Explore and profile an unfamiliar dataset before modeling or analysis — structural profiling, missingness structure, distributions and outliers, feature–target relationships, leakage awareness, and explicit hypothesis generation. Pipeline-level data trust (broken dashboards, tests, contracts, freshness) → data-quality; formal inference on the hypotheses → statistical-analysis. Triggers: explore this dataset, EDA, profile the data, what's in this data, first look at the data, understand this CSV, distributions, outliers, missing values, correlation, data leakage.",
|
|
127
|
+
"path": "exploratory-data-analysis/SKILL.md"
|
|
128
|
+
},
|
|
124
129
|
{
|
|
125
130
|
"name": "feature-planning",
|
|
126
131
|
"description": "Break features into well-scoped tasks with acceptance criteria, risk assessment, and dependency mapping. Triggers: plan this, break this down, scope this feature, create tasks for, sprint planning, how should I implement this feature, user stories, acceptance criteria, dependency mapping, feature breakdown. Creates the plan — executing an already-approved plan checkpoint by checkpoint → plan-execution.",
|
|
@@ -178,7 +183,7 @@
|
|
|
178
183
|
},
|
|
179
184
|
{
|
|
180
185
|
"name": "ml-pipeline-design",
|
|
181
|
-
"description": "Design reproducible ML training and data pipelines — ingestion, validation, feature engineering, training, evaluation, continuous training orchestration. Triggers: training pipeline, ML data pipeline, feature engineering, ETL for ML, continuous training, data validation, feature store, preprocessing, notebook to pipeline, orchestrate training, Kubeflow, pipeline DAG, point-in-time features.
|
|
186
|
+
"description": "Design reproducible ML training and data pipelines — ingestion, validation, feature engineering, training, evaluation, continuous training orchestration. Analytics/BI ELT and dbt warehouse pipelines → data-pipeline-design; refactoring general analysis/reporting notebooks (no model training) to production code → notebook-to-production. Triggers: training pipeline, ML data pipeline, feature engineering, ETL for ML, continuous training, data validation, feature store, preprocessing, notebook to training pipeline, orchestrate training, Kubeflow, pipeline DAG, point-in-time features.",
|
|
182
187
|
"path": "ml-pipeline-design/SKILL.md"
|
|
183
188
|
},
|
|
184
189
|
{
|
|
@@ -191,6 +196,11 @@
|
|
|
191
196
|
"description": "Ship mobile apps through the app stores — signing and provisioning, store review and rejection handling, phased/staged rollouts with halt criteria, crash monitoring, versioning and build numbers, beta channels (TestFlight, Play tracks), forced updates, and the no-instant-rollback reality of mobile. Triggers: app store release, publish to App Store, Play Store, TestFlight, staged rollout, app review rejected, code signing, provisioning profile, mobile release, hotfix a mobile bug. General semver/registry/library publishing → release-management.",
|
|
192
197
|
"path": "mobile-release/SKILL.md"
|
|
193
198
|
},
|
|
199
|
+
{
|
|
200
|
+
"name": "notebook-to-production",
|
|
201
|
+
"description": "Refactor analysis notebooks into production-grade code — triage what deserves productionizing, extract modules with tests, parameterize hardcoded values, pin environments for reproducibility, and schedule unattended runs with alerting. Owns general analysis/reporting notebooks; notebooks that feed model TRAINING (feature engineering + training DAGs, scheduled retraining) → ml-pipeline-design. Triggers: productionize this notebook, notebook to script, notebook to module, refactor my notebook, parameterize notebook, papermill, schedule this analysis, reproducible analysis, notebook is a mess.",
|
|
202
|
+
"path": "notebook-to-production/SKILL.md"
|
|
203
|
+
},
|
|
194
204
|
{
|
|
195
205
|
"name": "observability-design",
|
|
196
206
|
"description": "Design production observability — SLIs, SLOs, SLAs, error budgets, OpenTelemetry traces/metrics/logs, structured logging, alerting, dashboards. Triggers: SLO, SLI, SLA, error budget, observability, monitoring, OpenTelemetry, OTel, tracing, distributed tracing, structured logging, alerting, dashboard, metrics, correlation ID, alert fatigue.",
|
|
@@ -223,7 +233,7 @@
|
|
|
223
233
|
},
|
|
224
234
|
{
|
|
225
235
|
"name": "project-review",
|
|
226
|
-
"description": "Review a built project's execution health before a milestone — scope alignment, roadmap / execution-plan adherence, implementation maturity (what's production-ready vs stub/deferred), and the evidence it actually works (tests, coverage, validation results, changelog). Triggers: project review, execution review, are we on track, implementation vs roadmap, scope drift, readiness review, what's actually built, validation results review, pre-launch review.
|
|
236
|
+
"description": "Review a built project's execution health before a milestone — scope alignment, roadmap / execution-plan adherence, implementation maturity (what's production-ready vs stub/deferred), and the evidence it actually works (tests, coverage, validation results, changelog). Use strategic-review for vision/positioning/market; technical-debt-review for a pure code-health audit. Triggers: project review, execution review, are we on track, implementation vs roadmap, scope drift, readiness review, what's actually built, validation results review, pre-launch review.",
|
|
227
237
|
"path": "project-review/SKILL.md"
|
|
228
238
|
},
|
|
229
239
|
{
|
|
@@ -253,17 +263,22 @@
|
|
|
253
263
|
},
|
|
254
264
|
{
|
|
255
265
|
"name": "security-audit",
|
|
256
|
-
"description": "Comprehensive security analysis — OWASP Top 10, auth/authz flows, injection vulnerabilities, data exposure, secrets detection, dependency CVEs, hardening recommendations. Triggers: security audit, vulnerability, is this secure, security review, pentest prep, OWASP, harden this, check for vulnerabilities, injection, XSS, CSRF, auth security.
|
|
266
|
+
"description": "Comprehensive security analysis — OWASP Top 10, auth/authz flows, injection vulnerabilities, data exposure, secrets detection, dependency CVEs, hardening recommendations. Reviews EXISTING code/config — design-time analysis of a system not yet built → threat-modeling. Triggers: security audit, vulnerability, is this secure, security review, pentest prep, OWASP, harden this, check for vulnerabilities, injection, XSS, CSRF, auth security.",
|
|
257
267
|
"path": "security-audit/SKILL.md"
|
|
258
268
|
},
|
|
259
269
|
{
|
|
260
270
|
"name": "skill-router",
|
|
261
|
-
"description": "Orchestrator and entry point for the swe-workflow skills library — consult FIRST when starting any non-trivial software task; most skills load name-only and only activate when invoked here. Triggers: starting a feature, planning, an architecture or design decision, implementing, debugging, reviewing, refactoring, testing, security, deployment, an incident, shipping, or unsure which skill fits.
|
|
271
|
+
"description": "Orchestrator and entry point for the swe-workflow skills library — consult FIRST when starting any non-trivial software task; most skills load name-only and only activate when invoked here. Routes intent to the right skill(s) and invokes them by name; shows the Golden Path chains. Triggers: starting a feature, planning, an architecture or design decision, implementing, debugging, reviewing, refactoring, testing, security, deployment, an incident, shipping, or unsure which skill fits.",
|
|
262
272
|
"path": "skill-router/SKILL.md"
|
|
263
273
|
},
|
|
274
|
+
{
|
|
275
|
+
"name": "statistical-analysis",
|
|
276
|
+
"description": "Design and analyze experiments and statistical tests — test selection with stated assumptions, sample size and power, effect sizes and confidence intervals over bare p-values, and pitfall discipline (multiple comparisons, p-hacking, peeking/optional stopping). Owns experiment statistics generally; live A/B evaluation of AI/LLM apps (quality metrics, judges, feedback) → ai-evaluation. Triggers: hypothesis test, t-test, chi-square, p-value, statistical significance, confidence interval, sample size, power analysis, design an experiment, A/B test, multiple comparisons, is this difference real.",
|
|
277
|
+
"path": "statistical-analysis/SKILL.md"
|
|
278
|
+
},
|
|
264
279
|
{
|
|
265
280
|
"name": "strategic-review",
|
|
266
|
-
"description": "Review a project's strategic position before going public, launching, or raising — vision, mission, value proposition, scope positioning, the defensible wedge, and a live competitive / market comparative analysis. Triggers: strategic review, positioning, go public, go-to-market, market analysis, competitive landscape, value proposition, is there a moat, who are our competitors, platform absorption risk, market positioning, comparable products.
|
|
281
|
+
"description": "Review a project's strategic position before going public, launching, or raising — vision, mission, value proposition, scope positioning, the defensible wedge, and a live competitive / market comparative analysis. Use project-review for execution/roadmap/implementation health; delegates deep market scans to deep-research. Triggers: strategic review, positioning, go public, go-to-market, market analysis, competitive landscape, value proposition, is there a moat, who are our competitors, platform absorption risk, market positioning, comparable products.",
|
|
267
282
|
"path": "strategic-review/SKILL.md"
|
|
268
283
|
},
|
|
269
284
|
{
|
package/commands/role.md
CHANGED
|
@@ -8,10 +8,21 @@ disable-model-invocation: true
|
|
|
8
8
|
|
|
9
9
|
The user is managing the active swe-workflow skill role. The requested role argument is: `$ARGUMENTS`
|
|
10
10
|
|
|
11
|
-
|
|
11
|
+
**Validate the argument before running anything.** It must be empty or match
|
|
12
|
+
`^[a-z0-9_-]{1,32}$` (role keys are short kebab-case names). If it does not match —
|
|
13
|
+
any spaces, quotes, `$`, backticks, slashes, or other characters — do NOT run the
|
|
14
|
+
script below with it: reply that the role name is invalid and show the available
|
|
15
|
+
roles by running only `node "@@RESOLVE@@" roles` (with `ROLES_JSON="@@ROLES@@"`
|
|
16
|
+
exported).
|
|
17
|
+
|
|
18
|
+
If the argument is valid, run this script exactly once via Bash, replacing
|
|
19
|
+
`__ROLE__` with the validated argument (or with nothing when no argument was
|
|
20
|
+
given), then report the result to the user concisely (the new active role, and
|
|
21
|
+
that the change hot-reloads so it applies to the next prompt):
|
|
12
22
|
|
|
13
23
|
```bash
|
|
14
|
-
ROLE="
|
|
24
|
+
ROLE="__ROLE__"
|
|
25
|
+
case "$ROLE" in *[!a-zA-Z0-9_-]*) echo "invalid role name" >&2; exit 1;; esac
|
|
15
26
|
RESOLVE="@@RESOLVE@@"; SKILLS="@@SKILLS@@"; SETTINGS="@@SETTINGS@@"
|
|
16
27
|
ROLES="@@ROLES@@"; ACTIVE="@@ACTIVE_ROLE@@"
|
|
17
28
|
export ROLES_JSON="$ROLES"
|
|
@@ -32,3 +43,4 @@ fi
|
|
|
32
43
|
Notes:
|
|
33
44
|
- `skillOverrides` and the skill listing hot-reload when `settings.local.json` changes, so the new auto-trigger set takes effect on the next prompt without a restart.
|
|
34
45
|
- This command is for the full (all-skills) CLI install. Hard-subset (`--role`) installs and the per-role marketplace plugins don't need it.
|
|
46
|
+
- Security: the script deliberately never embeds `$ARGUMENTS` directly (slash-command templates interpolate it as text, so a crafted argument would execute in the shell). The value reaches the script only via the validated `__ROLE__` transfer above; the in-script `case` guard is defense-in-depth.
|
package/install.mjs
CHANGED
|
@@ -161,6 +161,17 @@ if (role) {
|
|
|
161
161
|
}
|
|
162
162
|
}
|
|
163
163
|
|
|
164
|
+
// Positional args must be exact skill names, never paths: a traversal like
|
|
165
|
+
// `install.mjs ../..` would pass the isDir guard below and the clean-copy rmSync
|
|
166
|
+
// would then delete outside the destination. Reject before touching anything.
|
|
167
|
+
if (selected.length > 0) {
|
|
168
|
+
const known = new Set(listSkillDirs());
|
|
169
|
+
const bad = selected.filter((s) => !known.has(s));
|
|
170
|
+
if (bad.length > 0) {
|
|
171
|
+
fatal(`unknown skill(s): ${bad.join(", ")}. Run 'install.mjs --list' to see skills.`);
|
|
172
|
+
}
|
|
173
|
+
}
|
|
174
|
+
|
|
164
175
|
// ---- resolve destination ---------------------------------------------------
|
|
165
176
|
|
|
166
177
|
let claudeDir;
|
|
@@ -298,15 +309,24 @@ function copyIfExists(src, destPath) {
|
|
|
298
309
|
if (existsSync(src)) cpSync(src, destPath);
|
|
299
310
|
}
|
|
300
311
|
|
|
301
|
-
//
|
|
302
|
-
//
|
|
312
|
+
// Double-quote a path for the POSIX shell that runs the hook command, escaping the
|
|
313
|
+
// chars that stay active inside double quotes (\ $ ` "). Without the $/` escapes, a
|
|
314
|
+
// config path containing e.g. `$(cmd)` would run that command substitution at every
|
|
315
|
+
// session start. For \ and " this produces exactly what JSON.stringify used to (so
|
|
316
|
+
// Windows paths render unchanged); cmd.exe keeps the backslash before $/`, but paths
|
|
317
|
+
// with those chars are effectively POSIX-only.
|
|
318
|
+
function shellQuote(p) {
|
|
319
|
+
return '"' + p.replace(/[\\$`"]/g, (c) => "\\" + c) + '"';
|
|
320
|
+
}
|
|
321
|
+
|
|
322
|
+
// The SessionStart block to merge into settings.json.
|
|
303
323
|
function hookSnippet(path) {
|
|
304
324
|
const block = {
|
|
305
325
|
hooks: {
|
|
306
326
|
SessionStart: [
|
|
307
327
|
{
|
|
308
328
|
matcher: "startup|resume|clear|compact",
|
|
309
|
-
hooks: [{ type: "command", command: `node ${
|
|
329
|
+
hooks: [{ type: "command", command: `node ${shellQuote(path)}` }],
|
|
310
330
|
},
|
|
311
331
|
],
|
|
312
332
|
},
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "swe-workflow-skills",
|
|
3
|
-
"version": "0.
|
|
4
|
-
"description": "A curated library of
|
|
3
|
+
"version": "0.3.0",
|
|
4
|
+
"description": "A curated library of Claude Code Agent Skills covering the full software lifecycle, with orchestrator-routed activation that scales past the skill-listing budget.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
7
7
|
"swe-workflow-skills": "bin/cli.mjs"
|
package/roles.json
CHANGED
|
@@ -127,6 +127,20 @@
|
|
|
127
127
|
"observability-design"
|
|
128
128
|
]
|
|
129
129
|
},
|
|
130
|
+
"data-scientist": {
|
|
131
|
+
"label": "Data Scientist",
|
|
132
|
+
"description": "Skills for exploratory data analysis, statistical rigor, notebook productionization, and the experiment-tracking/data-quality/modeling work around them.",
|
|
133
|
+
"core": "technical",
|
|
134
|
+
"skills": [
|
|
135
|
+
"exploratory-data-analysis",
|
|
136
|
+
"statistical-analysis",
|
|
137
|
+
"notebook-to-production",
|
|
138
|
+
"ml-experiment-tracking",
|
|
139
|
+
"data-quality",
|
|
140
|
+
"data-modeling",
|
|
141
|
+
"ai-evaluation"
|
|
142
|
+
]
|
|
143
|
+
},
|
|
130
144
|
"security": {
|
|
131
145
|
"label": "Security Engineer",
|
|
132
146
|
"description": "Skills for design-time threat modeling, security audits, dependency/CVE management, blast-radius analysis, and incident handling.",
|
package/scripts/resolve.mjs
CHANGED
|
@@ -104,10 +104,15 @@ function sortKeysDeep(value) {
|
|
|
104
104
|
|
|
105
105
|
export function loadSettings(settingsPath) {
|
|
106
106
|
if (existsSync(settingsPath) && statSync(settingsPath).isFile()) {
|
|
107
|
+
const text = readFileSync(settingsPath, "utf-8");
|
|
107
108
|
try {
|
|
108
|
-
return JSON.parse(
|
|
109
|
-
} catch {
|
|
110
|
-
|
|
109
|
+
return JSON.parse(text) || {};
|
|
110
|
+
} catch (e) {
|
|
111
|
+
// A corrupt (e.g. hand-edited) file must NOT read as empty: downstream
|
|
112
|
+
// writers would rebuild it from {} and silently destroy the user's
|
|
113
|
+
// settings. Throw so callers skip the write (the SessionStart hook
|
|
114
|
+
// catches this and leaves the file alone; the CLI surfaces it).
|
|
115
|
+
throw new Error(`unparseable JSON in ${settingsPath} — fix or remove it (${e.message})`);
|
|
111
116
|
}
|
|
112
117
|
}
|
|
113
118
|
return {};
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: ai-evaluation
|
|
3
|
-
description: "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness,
|
|
3
|
+
description: "Define how to evaluate ML models and GenAI/LLM apps — golden datasets, offline metrics, RAG evaluation (faithfulness, relevance, context precision/recall) with ragas/deepeval/promptfoo, LLM-as-judge design and calibration, eval regression gates in CI, online A/B and human feedback. Logging/comparing runs → ml-experiment-tracking; building the app → llm-app-engineering; general experiment statistics → statistical-analysis."
|
|
4
|
+
when_to_use: "Triggers: evaluate the model, eval my chatbot, RAG evals, ragas, LLM as judge, golden dataset, eval suite, is the new prompt better, hallucination rate, benchmark our AI app."
|
|
4
5
|
model: sonnet
|
|
5
6
|
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
6
7
|
---
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: code-reviewing
|
|
3
|
-
description: "Structured code reviews enforcing DRY, KISS, YAGNI, SRP, best practices, and project conventions.
|
|
3
|
+
description: "Structured code reviews enforcing DRY, KISS, YAGNI, SRP, best practices, and project conventions."
|
|
4
|
+
when_to_use: "Triggers: review this code, code review, check my code, what do you think of this implementation, review this PR, is this code good, feedback on my code, review staged changes before commit."
|
|
4
5
|
model: sonnet
|
|
5
6
|
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
7
|
---
|
|
@@ -13,10 +14,19 @@ Perform thorough, constructive code reviews that catch bugs, enforce principles,
|
|
|
13
14
|
|
|
14
15
|
### Step 1: Understand the Context
|
|
15
16
|
|
|
16
|
-
|
|
17
|
+
Working-tree changes right now (live at skill load; empty when the tree is clean,
|
|
18
|
+
this isn't a git repo, or the review targets something else — e.g. pasted code or
|
|
19
|
+
a PR):
|
|
20
|
+
|
|
21
|
+
!`git diff --stat 2>/dev/null || true`
|
|
22
|
+
|
|
23
|
+
If the summary above is empty or irrelevant to what you were asked to review,
|
|
24
|
+
proceed with the code as provided. Before reviewing line-by-line, understand the
|
|
25
|
+
big picture:
|
|
17
26
|
|
|
18
27
|
- **What is this code supposed to do?** Read the PR description, linked issue, or ask the user.
|
|
19
|
-
- **What changed?** If reviewing a diff, understand the scope of changes
|
|
28
|
+
- **What changed?** If reviewing a diff, understand the scope of changes — run the
|
|
29
|
+
full `git diff` (or `git diff --staged`) when the stat summary isn't enough.
|
|
20
30
|
- **What's the surrounding code like?** Read adjacent files for conventions and patterns.
|
|
21
31
|
|
|
22
32
|
### Step 2: First Pass — Structural Review
|
|
@@ -1,92 +1,49 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: effort-estimation
|
|
3
|
-
description: "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning.
|
|
3
|
+
description: "Estimate engineering effort with agile techniques — story points, t-shirt sizing, three-point estimation, capacity planning."
|
|
4
|
+
when_to_use: "Triggers: estimate this, how long will this take, story points, t-shirt sizing, effort estimation, capacity planning, sprint planning, budget estimate, forecast, velocity, when will this be done."
|
|
4
5
|
model: haiku
|
|
5
6
|
allowed-tools: Read, Grep, Glob, Write, Edit
|
|
6
7
|
---
|
|
7
8
|
|
|
8
9
|
# Effort Estimation
|
|
9
10
|
|
|
10
|
-
Produce honest, useful estimates
|
|
11
|
-
|
|
12
|
-
## Core Philosophy
|
|
13
|
-
|
|
14
|
-
**Estimates are forecasts, not commitments.** They communicate "based on what we know today, here's our best guess at the range of effort." They should always include uncertainty ranges, and they should improve as you learn more.
|
|
11
|
+
Produce honest, useful estimates without false precision. Estimates are forecasts,
|
|
12
|
+
not commitments — always ranges, always improving as you learn more.
|
|
15
13
|
|
|
16
14
|
## Workflow
|
|
17
15
|
|
|
18
16
|
### Step 1: Ensure Tasks Are Defined
|
|
19
17
|
|
|
20
|
-
You can't estimate undefined work.
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
- Acceptance criteria exist for each task
|
|
24
|
-
- Technical approach is at least sketched (spikes completed for unknowns)
|
|
25
|
-
|
|
26
|
-
If the work is too vague to estimate, say so. "I can't estimate this until we do a spike" is a valid and responsible answer.
|
|
27
|
-
|
|
28
|
-
### Step 2: Choose the Estimation Method
|
|
29
|
-
|
|
30
|
-
| Method | Best For | Precision | Speed |
|
|
31
|
-
|--------|----------|-----------|-------|
|
|
32
|
-
| **T-shirt sizing** | Roadmap planning, early-stage sizing, large backlogs | Low (ranges) | Very fast |
|
|
33
|
-
| **Story points** (Fibonacci) | Sprint planning, velocity tracking, mature teams | Medium (relative) | Moderate |
|
|
34
|
-
| **Three-point estimation** | High-stakes estimates, budget requests, uncertain work | High (ranges with confidence) | Slow |
|
|
35
|
-
| **Time-based** | Well-understood tasks with low uncertainty | High (hours/days) | Moderate |
|
|
36
|
-
|
|
37
|
-
**Default recommendation**: T-shirt sizing for roadmap/quarter planning, story points for sprint planning. Three-point for budget requests and stakeholder communication.
|
|
18
|
+
You can't estimate undefined work. Tasks must be broken down (use `feature-planning`
|
|
19
|
+
if not), have acceptance criteria, and have at least a sketched technical approach.
|
|
20
|
+
"I can't estimate this until we do a spike" is a valid and responsible answer.
|
|
38
21
|
|
|
39
|
-
### Step
|
|
22
|
+
### Step 2: Choose the Method
|
|
40
23
|
|
|
41
|
-
|
|
24
|
+
T-shirt sizing for roadmap and early-stage sizing; story points (Fibonacci) for
|
|
25
|
+
sprint planning and velocity tracking; three-point estimation for budget requests
|
|
26
|
+
and high-uncertainty, high-stakes work; time-based only for well-understood tasks.
|
|
27
|
+
See [references/estimation-methods.md](references/estimation-methods.md) for
|
|
28
|
+
detailed guidance on each method.
|
|
42
29
|
|
|
43
|
-
|
|
30
|
+
### Step 3: Apply It
|
|
44
31
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
5. **Re-estimate when you learn more.** Initial estimates are educated guesses. Update them as spikes complete and requirements clarify.
|
|
32
|
+
Estimate per task, not the project as a single unit; relative to known work rather
|
|
33
|
+
than in absolute terms; as a team where possible (the familiarity gap between
|
|
34
|
+
estimators reveals hidden complexity); with uncertainty explicit. Re-estimate when
|
|
35
|
+
spikes complete or requirements clarify.
|
|
50
36
|
|
|
51
|
-
### Step 4:
|
|
37
|
+
### Step 4: Translate for Stakeholders
|
|
52
38
|
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
```
|
|
57
|
-
Estimated story points for the project: 85
|
|
58
|
-
Team velocity: ~30 points per sprint (2-week sprints)
|
|
59
|
-
Sprints needed: 85 / 30 = ~3 sprints = 6 weeks
|
|
60
|
-
|
|
61
|
-
Add buffer for unknowns (20-30%): 7-8 weeks
|
|
62
|
-
Communicate as range: "6-8 weeks with the current team"
|
|
63
|
-
```
|
|
64
|
-
|
|
65
|
-
**From effort to cost:**
|
|
66
|
-
```
|
|
67
|
-
Effort estimate: 12-16 person-weeks
|
|
68
|
-
Team loaded cost: $X per person-week
|
|
69
|
-
Total: 12 × $X to 16 × $X
|
|
70
|
-
Communicate as range: "$A - $B"
|
|
71
|
-
```
|
|
72
|
-
|
|
73
|
-
**Always provide ranges, never single numbers.** A single number becomes a commitment; a range communicates confidence.
|
|
39
|
+
Convert to time or cost via team velocity or loaded cost, add a 20-30% buffer for
|
|
40
|
+
unknowns, and communicate a range in stakeholder language — weeks and dollars, not
|
|
41
|
+
story points. A single number becomes a commitment; a range communicates confidence.
|
|
74
42
|
|
|
75
43
|
### Step 5: Track and Calibrate
|
|
76
44
|
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
- Compare estimated vs actual effort
|
|
80
|
-
- Identify systematic patterns (always overestimate UI? Always underestimate integrations?)
|
|
81
|
-
- Adjust team velocity based on recent data (use the last 3-5 sprints, not all-time average)
|
|
82
|
-
|
|
83
|
-
## Common Estimation Traps
|
|
84
|
-
|
|
85
|
-
- **Anchoring**: The first number said influences everyone else. Use blind estimation (planning poker, simultaneous reveal).
|
|
86
|
-
- **Planning fallacy**: People consistently underestimate. Use historical data to calibrate.
|
|
87
|
-
- **Scope creep blindness**: Estimate the work as defined, then add buffer for scope growth — it always grows.
|
|
88
|
-
- **Hero planning**: Estimating based on the best-case scenario with the best developer with zero interruptions. Estimate for a typical day with meetings and context switches.
|
|
89
|
-
- **Precision theater**: Saying "47 hours" when you mean "roughly a week." False precision erodes trust faster than honest ranges.
|
|
45
|
+
Compare estimated vs actual each sprint, look for systematic bias, and recalibrate
|
|
46
|
+
velocity on the last 3-5 sprints, not the all-time average.
|
|
90
47
|
|
|
91
48
|
## Principles Applied
|
|
92
49
|
|
|
@@ -0,0 +1,110 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: exploratory-data-analysis
|
|
3
|
+
description: "Explore and profile an unfamiliar dataset before modeling or analysis — structural profiling, missingness structure, distributions and outliers, feature–target relationships, leakage awareness, and explicit hypothesis generation. Pipeline-level data trust (broken dashboards, tests, contracts, freshness) → data-quality; formal inference on the hypotheses → statistical-analysis."
|
|
4
|
+
when_to_use: "Triggers: explore this dataset, EDA, profile the data, what's in this data, first look at the data, understand this CSV, distributions, outliers, missing values, correlation, data leakage."
|
|
5
|
+
model: sonnet
|
|
6
|
+
allowed-tools: Read, Grep, Glob, Write, Edit, Bash
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
# Exploratory Data Analysis
|
|
10
|
+
|
|
11
|
+
Understand a dataset before trusting it with a model or a decision. The output
|
|
12
|
+
of EDA is not a pile of statistics — it is a documented understanding: what the
|
|
13
|
+
data is, what's wrong or surprising in it, and a set of explicit hypotheses to
|
|
14
|
+
test next. Every step below feeds that document.
|
|
15
|
+
|
|
16
|
+
## Workflow
|
|
17
|
+
|
|
18
|
+
### 1. Frame the goal and the grain
|
|
19
|
+
|
|
20
|
+
Before profiling anything, write down what decision or model this data will
|
|
21
|
+
feed, and establish the **grain**: what does one row represent (an order? a
|
|
22
|
+
customer? a customer-month?)? Duplicate keys and mixed grains invalidate every
|
|
23
|
+
later statistic. If the eventual use is prediction, note *when* the prediction
|
|
24
|
+
would be made — that timestamp drives the leakage checks in step 5.
|
|
25
|
+
|
|
26
|
+
### 2. Profile structurally
|
|
27
|
+
|
|
28
|
+
Column types, ranges, cardinality, and summary statistics for every column —
|
|
29
|
+
cheaply, before any deep dive. Triage wide tables by metadata first (null rate,
|
|
30
|
+
cardinality, type) and prioritize columns by relevance to the goal; don't
|
|
31
|
+
profile 400 columns equally.
|
|
32
|
+
|
|
33
|
+
If the data doesn't fit in memory: push aggregations down to the warehouse
|
|
34
|
+
(SQL), or use an out-of-core/lazy engine (DuckDB, Polars). When you sample,
|
|
35
|
+
**sample representatively** — random or stratified, never `head()` (files are
|
|
36
|
+
usually ordered by time or id) — and state the caveat that rare events and
|
|
37
|
+
extreme outliers can be missed under sampling; verify those against the full
|
|
38
|
+
data with targeted queries.
|
|
39
|
+
|
|
40
|
+
### 3. Map the missingness structure
|
|
41
|
+
|
|
42
|
+
Null counts are the start, not the answer. Distinguish:
|
|
43
|
+
|
|
44
|
+
- **Random gaps** — sporadic nulls, roughly uniform across segments.
|
|
45
|
+
- **Structural missingness** — a column populated only for some segment, after
|
|
46
|
+
some date, or by some source system. Cross-tab null rates against segments
|
|
47
|
+
and time to find these.
|
|
48
|
+
- **Informative missingness** — where the *fact* that a value is missing
|
|
49
|
+
predicts the outcome (e.g., income missing for churned users). Flag it; it
|
|
50
|
+
may be a feature, or it may be leakage.
|
|
51
|
+
|
|
52
|
+
Also check for disguised missing values: sentinel codes (0, -1, 999,
|
|
53
|
+
"unknown", empty string) that aren't NULL.
|
|
54
|
+
|
|
55
|
+
### 4. Distributions and outliers
|
|
56
|
+
|
|
57
|
+
For key numeric columns: quantiles, histograms, and an outlier pass (IQR or
|
|
58
|
+
similar). For categoricals: frequency tables and rare-level counts. Decide for
|
|
59
|
+
each outlier cluster whether it is a data error, a unit mismatch, or a genuine
|
|
60
|
+
tail — **never drop outliers before classifying them**; genuine tails are often
|
|
61
|
+
the interesting part. Check skew before assuming any statistic (mean, std) is
|
|
62
|
+
representative.
|
|
63
|
+
|
|
64
|
+
### 5. Target definition, balance, and leakage
|
|
65
|
+
|
|
66
|
+
If the data will feed a model:
|
|
67
|
+
|
|
68
|
+
- **Define the target explicitly** (e.g., "churn = no order in 90 days after
|
|
69
|
+
cutoff") and check its **class balance** — a 2% positive rate changes the
|
|
70
|
+
whole modeling and evaluation approach downstream.
|
|
71
|
+
- **Hunt for leakage**: any column recorded at-or-after the outcome
|
|
72
|
+
(cancellation reason, final status, updated_at aggregates), and proxies that
|
|
73
|
+
encode the outcome indirectly. Test: "would this value exist at prediction
|
|
74
|
+
time?" If unsure, trace how the column is produced. A too-good correlation
|
|
75
|
+
with the target is a leakage smell, not a win.
|
|
76
|
+
|
|
77
|
+
### 6. Relationships, not just profiles
|
|
78
|
+
|
|
79
|
+
Univariate profiles alone don't generate hypotheses. Examine bivariate
|
|
80
|
+
structure: correlations among candidate features, and each candidate feature
|
|
81
|
+
against the target (grouped rates, means by decile, simple cross-tabs). Note
|
|
82
|
+
confounders — a feature↔target association may be explained by segment or
|
|
83
|
+
time. This is where most real hypotheses come from.
|
|
84
|
+
|
|
85
|
+
### 7. Write the hypotheses and hand off
|
|
86
|
+
|
|
87
|
+
Close with a short findings document: data issues found, columns excluded and
|
|
88
|
+
why (especially leakage suspects), and **explicit hypotheses phrased as
|
|
89
|
+
testable statements** ("weekend signups churn more", "the price effect is
|
|
90
|
+
driven by segment X") plus open questions for the data owners. Formal testing
|
|
91
|
+
of those hypotheses is `statistical-analysis` territory; feature/training
|
|
92
|
+
pipeline work is `ml-pipeline-design`.
|
|
93
|
+
|
|
94
|
+
## Principles
|
|
95
|
+
|
|
96
|
+
- **KISS**: value counts and group-by rates beat clever visualizations for
|
|
97
|
+
finding problems fast.
|
|
98
|
+
- **YAGNI**: profile to the goal — an exhaustive 400-column report nobody reads
|
|
99
|
+
is not EDA.
|
|
100
|
+
- **Honest accounting**: record what you did NOT check (columns skipped,
|
|
101
|
+
sample-size limits) in the findings doc.
|
|
102
|
+
|
|
103
|
+
## Cross-skill boundaries
|
|
104
|
+
|
|
105
|
+
- Bad data in a *pipeline or dashboard* (freshness, contracts, dbt tests,
|
|
106
|
+
lineage) → **data-quality** — that's an operational trust problem, not
|
|
107
|
+
exploration of an unfamiliar dataset.
|
|
108
|
+
- Formal hypothesis testing, experiment design, significance → **statistical-analysis**.
|
|
109
|
+
- Turning the analysis into scheduled production code → **notebook-to-production**.
|
|
110
|
+
- Schema design for storing the data → **data-modeling**.
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
{
|
|
2
|
+
"skill_name": "exploratory-data-analysis",
|
|
3
|
+
"evals": [
|
|
4
|
+
{
|
|
5
|
+
"id": 1,
|
|
6
|
+
"prompt": "I just got a CSV export of our customer orders — about 200k rows, 30 columns — and I've never seen this data before. We eventually want a churn model out of it. Where do I start?",
|
|
7
|
+
"expected_output": "Should run a structured EDA workflow: profile columns first, examine missingness patterns and distributions, look at the target definition and class balance, flag potential leakage columns, and turn findings into explicit hypotheses — not jump to modeling.",
|
|
8
|
+
"assertions": [
|
|
9
|
+
"Profiles the dataset first (column types, ranges, cardinality, summary statistics) before giving any modeling advice",
|
|
10
|
+
"Examines missingness patterns and distinguishes random gaps from structural ones (e.g., a column only populated for some segment)",
|
|
11
|
+
"Checks distributions and flags outliers or skew with concrete methods (quantiles, histograms, IQR or similar)",
|
|
12
|
+
"Warns about target leakage — columns that would not be available at prediction time must be identified and excluded",
|
|
13
|
+
"Examines how the churn target would be defined and its class balance before any modeling",
|
|
14
|
+
"Looks at relationships between candidate features and the target, not just univariate profiles",
|
|
15
|
+
"Produces explicit hypotheses or follow-up questions from the findings rather than only reporting statistics"
|
|
16
|
+
]
|
|
17
|
+
},
|
|
18
|
+
{
|
|
19
|
+
"id": 2,
|
|
20
|
+
"prompt": "I need to understand a warehouse extract with 400 columns and 3 million rows by Friday, and pandas kills my laptop when I load it. What's the plan?",
|
|
21
|
+
"expected_output": "Should scale the EDA workflow instead of abandoning it: triage columns cheaply first, work on a representative sample or push aggregations to the warehouse, and prioritize by the analysis goal rather than exhaustively profiling everything.",
|
|
22
|
+
"assertions": [
|
|
23
|
+
"Recommends sampling or chunked/out-of-core processing instead of loading everything into memory",
|
|
24
|
+
"Notes the sample must be representative (random or stratified) and flags the caveat that rare events and outliers can be missed under sampling",
|
|
25
|
+
"Triages the 400 columns cheaply (types, null rates, cardinality) before deep-diving any of them",
|
|
26
|
+
"Prioritizes columns by relevance to the stated goal rather than profiling all 400 equally",
|
|
27
|
+
"Suggests pushing heavy aggregations down to the warehouse via SQL, or using a lazy/out-of-core engine (e.g., Polars, DuckDB, Dask)",
|
|
28
|
+
"Still covers the core EDA checklist (types, missingness, distributions, key relationships) on the reduced view"
|
|
29
|
+
]
|
|
30
|
+
},
|
|
31
|
+
{
|
|
32
|
+
"id": 3,
|
|
33
|
+
"prompt": "Our finance dashboard has shown wrong revenue numbers all week — the nightly job loads orders into the warehouse and something is off upstream. Can you help me analyze the data and find the problem?",
|
|
34
|
+
"expected_output": "Should recognize this as a pipeline-level data-trust problem, not exploration of an unfamiliar dataset — hand off to the data-quality skill (dbt tests, freshness, schema drift, contracts, lineage) rather than starting a dataset-profiling workflow.",
|
|
35
|
+
"assertions": [
|
|
36
|
+
"Recognizes this as a data-quality / pipeline-trust problem rather than exploratory analysis of a new dataset",
|
|
37
|
+
"Hands off to or invokes the data-quality skill instead of running a generic EDA workflow",
|
|
38
|
+
"Points at concrete data-quality directions (dbt tests, source freshness, schema drift, upstream contract, lineage/blast radius) as the right path",
|
|
39
|
+
"Does not respond with a dataset-profiling/distributions workflow as the primary answer"
|
|
40
|
+
]
|
|
41
|
+
}
|
|
42
|
+
]
|
|
43
|
+
}
|