diff --git a/README.md b/README.md index f5f847cb..21d63af1 100644 --- a/README.md +++ b/README.md @@ -1,508 +1,165 @@ # DevFlow - Agentic Development Toolkit -A comprehensive collection of Claude Code commands and configurations designed to enhance developer workflows when working with AI coding assistants. +A collection of Claude Code commands designed to enhance developer workflows with structured processes for specification, implementation, and review. ## Installation ### Option 1: Native Plugin (Recommended) -Install directly as a Claude Code plugin: - ```bash -# From GitHub /plugin install dean0x/devflow ``` -That's it! DevFlow commands are immediately available as `/devflow:command-name` (or just `/command-name` if no conflicts). +Commands are immediately available as `/devflow:command-name` (or just `/command-name` if no conflicts). ### Option 2: CLI Installer -For more control over installation scope: - ```bash -# Run with npx (no global install needed) npx devflow-kit init ``` -#### Installation Scopes (CLI only) - -**User Scope (Default)** - Install for all projects -```bash -npx devflow-kit init --scope user -``` -- Installs to `~/.claude/` and `~/.devflow/` -- Available across all projects -- Recommended for personal use - -**Local Scope** - Install for current project only -```bash -npx devflow-kit init --scope local -``` -- Installs to `/.claude/` and `/.devflow/` -- Only available in the current project -- Recommended for team projects where DevFlow should be project-specific -- Requires a git repository (run `git init` first) - -DevFlow is now installed and ready to use in Claude Code. - -## What's Included - -### 🎯 Skills (Auto-Activate) - -**Skills are model-invoked** - Claude automatically activates them based on context, enforcing quality without manual invocation. - -| Skill | Purpose | Auto-Triggers When | -|-------|---------|---------------------| -| `devflow-test-design` | Test quality enforcement (setup complexity, mocking, behavior vs implementation) | Tests are written or modified | -| `devflow-code-smell` | Anti-pattern detection (fake solutions, unlabeled workarounds, magic values) | Features are implemented, code is reviewed | -| `devflow-commit` | Atomic commit patterns, message format, safety scanning | Staging files, creating commits | -| `devflow-pull-request` | PR quality, descriptions, size assessment, breaking change detection | Creating PRs, generating descriptions | -| `devflow-input-validation` | Boundary validation enforcement (parse-don't-validate, SQL injection prevention) | API endpoints created, external data handled | - -**Iron Laws:** - -Every skill has a single, non-negotiable **Iron Law** - a core principle that must never be violated: - -| Skill | Iron Law | -|-------|----------| -| `devflow-core-patterns` | NEVER THROW IN BUSINESS LOGIC | -| `devflow-code-smell` | NO FAKE SOLUTIONS | -| `devflow-test-design` | COMPLEX TESTS INDICATE BAD DESIGN | -| `devflow-commit` | ATOMIC COMMITS OR NO COMMITS | -| `devflow-pull-request` | HONEST DESCRIPTIONS OR NO PR | -| `devflow-input-validation` | ALL EXTERNAL DATA IS HOSTILE | -| `devflow-git-safety` | NEVER RUN GIT COMMANDS IN PARALLEL | -| `devflow-github-patterns` | RESPECT RATE LIMITS OR FAIL GRACEFULLY | -| `devflow-security-patterns` | ASSUME ALL INPUT IS MALICIOUS | -| `devflow-typescript` | UNKNOWN OVER ANY | -| `devflow-react` | COMPOSITION OVER PROPS | -| `devflow-self-review` | FIX BEFORE RETURNING | -| `devflow-architecture-patterns` | VIOLATIONS IN YOUR CHANGES ARE BLOCKING | -| `devflow-performance-patterns` | MEASURE BEFORE OPTIMIZING | -| `devflow-complexity-patterns` | COMPLEXITY IS THE ENEMY OF RELIABILITY | -| `devflow-consistency-patterns` | FOLLOW EXISTING PATTERNS | -| `devflow-tests-patterns` | TESTS MUST VALIDATE BEHAVIOR NOT IMPLEMENTATION | -| `devflow-database-patterns` | MIGRATIONS MUST BE REVERSIBLE | -| `devflow-documentation-patterns` | DOCS MUST MATCH CODE | -| `devflow-dependencies-patterns` | NO VULNERABLE DEPENDENCIES IN PRODUCTION | -| `devflow-regression-patterns` | PRESERVE EXISTING FUNCTIONALITY | - -Iron Laws are enforced automatically when skills activate. - -**How Skills Work:** -- **Proactive enforcement** - Catch issues during implementation, not after -- **No manual invocation** - Model decides when skills are relevant -- **Quality gates** - Block anti-patterns automatically -- **Context-aware** - Activate based on what you're doing - -**IMPORTANT**: Skills are **automatically activated** by Claude based on context. They cannot be manually invoked like slash commands. - -### Skills Architecture - -DevFlow uses a **tiered skills system** where skills serve as shared knowledge libraries that agents can reference: - -**Tier 1: Foundation Skills** (shared patterns used by multiple agents) - -| Skill | Purpose | Used By | -|-------|---------|---------| -| `devflow-core-patterns` | Result types, DI, immutability, pure functions | Coder, Reviewer | -| `devflow-review-methodology` | 6-step review process, 3-category classification | Reviewer | -| `devflow-self-review` | 9-pillar self-review framework | Scrutinizer | -| `devflow-docs-framework` | .docs/ structure, naming, templates | Devlog, CatchUp | -| `devflow-git-safety` | Git operations, lock handling, commit conventions | Coder, Git | -| `devflow-github-patterns` | GitHub API, rate limiting, PR comments, issues, releases | Git | -| `devflow-implementation-patterns` | CRUD, API, events, config, logging | Coder | -| `devflow-codebase-navigation` | Exploration, pattern discovery, data flow | Coder | - -**Pattern Skills** (domain expertise for Reviewer focus areas) - -| Skill | Reviewer Focus | Purpose | -|-------|----------------|---------| -| `devflow-security-patterns` | `security` | Injection, auth, crypto vulnerabilities | -| `devflow-architecture-patterns` | `architecture` | SOLID, coupling, layering, modularity | -| `devflow-performance-patterns` | `performance` | Algorithms, N+1, memory, I/O, caching | -| `devflow-complexity-patterns` | `complexity` | Cyclomatic complexity, readability | -| `devflow-consistency-patterns` | `consistency` | Pattern violations, simplification | -| `devflow-tests-patterns` | `tests` | Coverage, quality, brittleness | -| `devflow-database-patterns` | `database` | Schema, queries, migrations | -| `devflow-documentation-patterns` | `documentation` | Docs quality, alignment | -| `devflow-dependencies-patterns` | `dependencies` | CVEs, versions, licenses | -| `devflow-regression-patterns` | `regression` | Lost functionality, broken behavior | - -**Tier 2: Specialized Skills** (user-facing, auto-activate based on context) - -| Skill | Purpose | Auto-Triggers When | -|-------|---------|---------------------| -| `devflow-test-design` | Test quality enforcement | Tests written or modified | -| `devflow-code-smell` | Anti-pattern detection | Features implemented | -| `devflow-commit` | Atomic commit patterns | Staging files, creating commits | -| `devflow-pull-request` | PR quality & descriptions | Creating PRs | -| `devflow-input-validation` | Boundary validation | API endpoints created | - -**Tier 3: Domain-Specific Skills** (language and framework patterns) - -| Skill | Purpose | Used When | -|-------|---------|-----------| -| `devflow-typescript` | Type safety, generics, utility types, idioms | TypeScript codebases | -| `devflow-react` | Components, hooks, state, performance | React codebases | - -**How Agents Use Skills:** - -The unified `Reviewer` agent loads ALL pattern skills and applies the relevant one based on the focus area specified in its invocation prompt: -```yaml ---- -name: Reviewer -description: Universal code review agent with parameterized focus -model: inherit -skills: devflow-review-methodology, devflow-security-patterns, devflow-architecture-patterns, ... ---- -``` - -The `Scrutinizer` agent runs self-review in a fresh context after Coder completes: -```yaml ---- -name: Scrutinizer -description: Self-review agent that evaluates and fixes P0/P1 issues -skills: devflow-self-review, devflow-core-patterns ---- -``` +**Scopes:** +- `--scope user` (default) - Install for all projects (`~/.claude/`) +- `--scope local` - Install for current project only (`.claude/`) -### 📊 Slash Commands (User-Invoked) +## Commands -| Command | Purpose | When to Use | -|---------|---------|-------------| -| `/catch-up` | Smart summaries for starting new sessions with status validation | Starting a session | -| `/specify` | Specify a feature with 3 clarification gates (understanding → scope → acceptance) | Before implementing a feature | -| `/implement` | Execute single task lifecycle (explore → plan → implement → review) | Implementing one feature/task | -| `/review` | Comprehensive code review using specialized sub-agents | Before committing or creating PR | -| `/resolve` | Process review issues - validate, assess risk, fix low-risk, defer high-risk to tech debt | After `/review` | -| `/devlog` | Development log for comprehensive session documentation | Ending a session | +| Command | Purpose | +|---------|---------| +| `/specify` | Define a feature through guided clarification before implementation | +| `/implement` | Execute a task through the complete lifecycle (explore → plan → implement → validate) | +| `/review` | Comprehensive code review with multiple focus areas | +| `/resolve` | Process review issues - fix low-risk, defer high-risk to tech debt | +| `/catch-up` | Get oriented at the start of a session | +| `/devlog` | Document session state before ending | -### 🤖 Agents +### /specify -**Architecture**: Commands run in the main context and spawn multiple agents in parallel for optimal results. Orchestration happens at command level. +Guides you through defining a feature with three mandatory gates: -**Native Agents** (built-in Claude Code agents, spawned by commands): +1. **Understanding Gate** - Confirm the feature idea is understood +2. **Scope Gate** - Validate priorities and boundaries +3. **Acceptance Gate** - Confirm success criteria -| Agent | Specialty | Usage | -|-------|-----------|-------| -| `Explore` | Codebase Exploration | 3-4 spawned in parallel per task for patterns, integration, edge cases | -| `Plan` | Implementation Planning | 1-3 spawned in parallel per task for architecture, testing, parallelization | -| `Coder` | Implementation | 1-N spawned per task (parallel when work is parallelizable) | +Creates a GitHub issue with well-defined requirements ready for `/implement`. -**Review Agent** (unified, parameterized): +### /implement -| Agent | Purpose | Focus Areas | -|-------|---------|-------------| -| `Reviewer` | Universal code review with parameterized focus | security, architecture, performance, complexity, consistency, regression, tests, dependencies, documentation, typescript, database | +Executes a single task through the complete development lifecycle: -The Reviewer agent is spawned multiple times in parallel, each with a different focus area specified in the prompt. This replaces the previous 11 individual review agents while maintaining the same specialized analysis. +1. **Exploration** - Understand the codebase and find relevant patterns +2. **Planning** - Design the implementation approach +3. **Implementation** - Write the code on a feature branch +4. **Validation** - Run build, typecheck, lint, and tests +5. **Refinement** - Simplify and review for quality +6. **Alignment Check** - Verify implementation matches the original request -**GitHub Operations Agent** (unified, parameterized): +Creates a PR when complete. -| Agent | Purpose | Operations | -|-------|---------|------------| -| `Git` | All git/GitHub operations | `fetch-issue`, `comment-pr`, `manage-debt`, `create-release` | +### /review -The Git agent handles all GitHub API interactions including fetching issues, creating PR comments, managing tech debt backlog, and creating releases. +Performs comprehensive code review across multiple focus areas: -**Utility Agents** (focused tasks): +- Security vulnerabilities +- Architecture and design patterns +- Performance issues +- Code complexity +- Test coverage and quality +- Database patterns +- Documentation alignment +- Dependency risks +- Regression detection -| Agent | Specialty | Purpose | -|-------|-----------|---------| -| `Skimmer` | Codebase Orientation | Fast codebase overview using `skim` for 60-90% token reduction | -| `CatchUp` | Context Restoration | Project status and context restoration with validation | -| `Devlog` | Project State | Analyze project state for status reports | -| `Resolver` | Issue Resolution | Validates review issues, assesses risk, implements low-risk fixes | -| `Synthesizer` | Output Synthesis | Combine outputs from parallel agents (modes: exploration, planning, review) | -| `Simplifier` | Code Refinement | Post-implementation code clarity and consistency improvements | -| `Scrutinizer` | Self-Review | Final quality gate using 9-pillar framework, fixes P0/P1 issues | -| `Shepherd` | Alignment Validation | Validates implementation matches request/plan, reports misalignments | -| `Validator` | Build/Test Validation | Runs build, typecheck, lint, test commands with structured failure reporting | +Provides actionable feedback with severity levels and specific fixes. -**How Commands Orchestrate Agents:** -- `/specify` → Skimmer + 4 Explore + Synthesizer + 3 Plan + Synthesizer → GitHub issue -- `/implement` → Git (fetch-issue) + Skimmer + 4 Explore + Synthesizer + 3 Plan + Synthesizer + 1-N Coder + Validator + Simplifier + Scrutinizer + Validator + Shepherd → PR -- `/review` → 7-11 Reviewer agents (parallel, different focus areas) + Git (comment-pr) + Synthesizer +### /resolve -**Skimmer Integration:** +Processes issues from `/review`: -Skimmer runs as the first exploration phase in both `/specify` and `/implement`, using the `skim` tool to: -- Extract codebase structure with 60-90% token reduction -- Identify relevant files and functions for the task -- Provide oriented context to downstream Explore agents +- Validates each issue is real (not false positive) +- Assesses risk of fixing (low vs high) +- Fixes low-risk issues immediately +- Defers high-risk issues to tech debt backlog -Requires `skim` tool: `npm install -g rskim` or `cargo install rskim` +### /catch-up -**Invoking Sub-Agents:** -```bash -# Explicit invocation with focus -"Use the Reviewer agent with security focus to analyze this authentication code" - -# Automatic delegation (Claude Code decides which sub-agent to use) -"Review this code for security issues" -``` +Restores context at the start of a session: -### 📊 Smart Statusline +- Reads recent status logs +- Summarizes current project state +- Recommends next actions -Real-time project context display showing: -- Current directory and model name -- Git branch with uncommitted changes indicator (`*`) -- **Context usage percentage** with color coding: - - 🟢 Green: < 50% context used - - 🟡 Yellow: 50-80% context used - - 🔴 Red: > 80% context used -- Zero configuration - works immediately after installation +### /devlog -### 🔒 Security & Token Optimization +Documents session state before ending: -**Permission Deny List** (with `--managed-settings`): - -DevFlow includes a comprehensive security deny list that blocks dangerous operations: - -| Category | Examples | -|----------|----------| -| System destruction | `rm -rf /`, `dd`, `mkfs`, `shred` | -| Code execution | `curl \| bash`, `eval`, `exec` | -| Privilege escalation | `sudo`, `su`, `doas`, `pkexec` | -| Permission changes | `chmod 777`, `chown root` | -| System control | `kill -9`, `reboot`, `shutdown` | -| Data exfiltration | `netcat`, `socat`, `telnet`, `sftp` | -| Sensitive file reads | `.env`, SSH keys, AWS credentials | -| Package globals | `npm -g`, `pip --system`, `apt install` | -| Resource abuse | Fork bombs, crypto miners | - -Included automatically in DevFlow's settings.json template. - -**.claudeignore** (automatic): - -DevFlow also creates a comprehensive `.claudeignore` file at your git repository root to: - -**Protect Sensitive Data:** -- Environment files (`.env`, `.env.*`, `.envrc`) -- Credentials & keys (`*.key`, `*.pem`, SSH keys) -- Cloud configs (`.aws/`, `.gcp/`, `.azure/`) -- Package tokens (`.npmrc`, `.pypirc`) -- Database files (`*.sql`, `*.db`) - -**Optimize Token Usage:** -- Dependencies (`node_modules/`, `vendor/`, `venv/`) -- Build artifacts (`dist/`, `build/`, `.next/`) -- IDE files (`.vscode/`, `.idea/`) -- Lock files (`package-lock.json`, `yarn.lock`) -- Media and binaries - -Covers patterns for all major languages and operating systems. +- Captures decisions made +- Records problems encountered +- Notes current progress +- Creates searchable history in `.docs/status/` ## Documentation Structure -DevFlow agents automatically create and maintain project documentation in the `.docs/` directory with a consistent, predictable structure. - -### Directory Layout +DevFlow creates project documentation in `.docs/`: ``` .docs/ -├── reviews/{branch-slug}/ # Code review reports per branch -│ ├── {type}-report-{timestamp}.md -│ └── review-summary-{timestamp}.md -├── design/ # Implementation plans (from Design agent) -│ └── {topic-slug}-{timestamp}.md -├── status/ # Development logs +├── reviews/{branch}/ # Review reports per branch +├── design/ # Implementation plans +├── status/ # Development logs │ ├── {timestamp}.md -│ ├── compact/{timestamp}.md │ └── INDEX.md -└── CATCH_UP.md # Latest summary +└── CATCH_UP.md # Latest summary ``` -### Naming Conventions - -**Timestamps**: `YYYY-MM-DD_HHMM` (sortable, chronological) -- Example: `2025-11-14_2030` - -**Branch slugs**: Sanitized branch names (slashes replaced with dashes) -- `feature/auth` → `feature-auth` - -**Topic slugs**: Lowercase, alphanumeric with dashes -- `"JWT Authentication"` → `jwt-authentication` - -### What Gets Created - -- **`/catch-up`** → `.docs/CATCH_UP.md` (overwritten each run) -- **`/devlog`** → `.docs/status/{timestamp}.md` + compact version + INDEX -- **`/implement`** → `.docs/design/{topic}-{timestamp}.md` (via Design agent) -- **`/review`** → `.docs/reviews/{branch}/` (7-11 focus area reports + summary) - -### Version Control - -**Recommended `.gitignore`**: -```gitignore -# Exclude ephemeral catch-up summaries -.docs/CATCH_UP.md - -# Keep everything else for project history -``` - -The `.docs/` structure provides a searchable history of decisions, designs, and review sessions. - -## Development Workflow +## Workflow ### Starting a Session -1. `/catch-up` - Review what was done previously -2. Check statusline for current model, git state, duration -3. Review recommended next actions - -### During Development -1. **Skills auto-activate** - Foundation skills validate patterns during implementation -2. **Specify features** - `/specify` for detailed specs with clarification gates -3. **Execute tasks** - `/implement` for full lifecycle (explore → plan → implement → review) -4. **Code with confidence** - Skills catch anti-patterns and violations during implementation -5. `/review` - Review changes before committing -6. **Commit changes** - `devflow-commit` skill enforces atomic commits and message format - -### Creating Pull Requests -1. `/review` - Comprehensive branch review -2. **Commit changes** - `devflow-commit` skill enforces quality -3. **Create PR** - `devflow-pull-request` skill ensures comprehensive descriptions -4. Wait for review feedback -5. Address PR comments directly -6. Repeat steps 4-5 until approved - -### Ending a Session -1. `/devlog` - Document decisions and state -2. `/review` - Review branch before creating PR -3. **Commit changes** - `devflow-commit` skill enforces quality -4. **Create PR** - `devflow-pull-request` skill ensures comprehensive descriptions - -### When Things Go Wrong -1. **Investigate systematically** - Follow root cause analysis approach -2. Check git log and recent commits -3. Revert changes using git -4. Document lessons learned - -## CLI Commands - -| Command | Purpose | Options | -|---------|---------|---------| -| `npx devflow-kit init` | Initialize DevFlow for Claude Code | `--scope ` - Installation scope
`--override-settings` - Override existing settings.json
`--verbose` - Show detailed installation output
`--skip-docs` - Skip creating `.docs/` structure | -| `npx devflow-kit uninstall` | Remove DevFlow from Claude Code | `--scope ` - Uninstall from specific scope only
`--keep-docs` - Keep `.docs/` directory | - -### Settings Override - -If you have an existing `settings.json`, use `--override-settings` to replace it: - ```bash -devflow init --override-settings +/catch-up # Review previous state and get recommendations ``` -DevFlow settings include: -- Security deny list (126 blocked operations) -- `ENABLE_TOOL_SEARCH` for deferred MCP tool loading (~85% token savings) -- Smart statusline with context percentage - -**What `npx devflow-kit init` does:** - -**User Scope** (default): -- Installs commands to `~/.claude/commands/devflow/` -- Installs sub-agents to `~/.claude/agents/devflow/` -- Installs skills to `~/.claude/skills/` -- Installs scripts to `~/.devflow/scripts/` -- Updates `~/.claude/settings.json` (statusline and model) -- Creates `.claudeignore` at git repository root -- Creates `.docs/` structure for project documentation - -**Local Scope** (`--scope local`): -- Installs commands to `/.claude/commands/devflow/` -- Installs sub-agents to `/.claude/agents/devflow/` -- Installs skills to `/.claude/skills/` -- Installs scripts to `/.devflow/scripts/` -- Creates `/.claude/settings.json` (statusline and model) -- Creates `.claudeignore` at git repository root -- Creates `.docs/` structure for project documentation -- Adds `.claude/` and `.devflow/` to `.gitignore` - -**First Run:** +### Implementing a Feature ```bash -devflow init -/devlog # Document your current project state -/catch-up # Get oriented with the project +/specify # Define the feature with clarification gates +/implement # Execute the full lifecycle ``` -## Advanced Usage - -### Custom Audit Rules +### Before Creating a PR ```bash -# Extend pattern skills for project-specific checks -echo "Check for exposed API keys in config files" >> ~/.claude/skills/devflow-security-patterns/SKILL.md +/review # Comprehensive review across all focus areas +/resolve # Fix low-risk issues, defer high-risk to backlog ``` -### Team Usage +### Ending a Session ```bash -# Share session documentation with team -/devlog -git add .docs/status/ -git commit -m "Session status: completed user auth feature" +/devlog # Document decisions and state for next session ``` -### Integration Examples -```bash -# Skills auto-activate during development -"Add JWT authentication" # research skill triggers for unfamiliar features -"Fix this error" # systematic debugging approach guides investigation - -# Manual command invocation for structured workflows -/specify user authentication # Create detailed feature spec -/implement # Run explore → plan → implement → review cycle -/review # Review changes before committing -``` +## CLI Options -## Philosophy +| Command | Options | +|---------|---------| +| `npx devflow-kit init` | `--scope `, `--override-settings`, `--verbose`, `--skip-docs` | +| `npx devflow-kit uninstall` | `--scope `, `--keep-docs` | -Modern development increasingly involves AI agents that can read, write, and modify code autonomously. DevFlow provides: +### Settings Override -- **Trust but Verify** - Tools to catch AI agent mistakes -- **Context Preservation** - Memory across long-term projects -- **Quality Gates** - Automated checks for AI changes -- **Developer Empowerment** - Enhance human judgment, not replace it +DevFlow includes optimized settings (security deny list, token optimization). Use `--override-settings` to replace existing `settings.json`. ## Building from Source ```bash -# Clone and build git clone https://github.com/dean0x/devflow.git cd devflow npm install npm run build - -# Test locally node dist/cli.js init - -# Watch mode for development -npm run dev -``` - -**Project Structure:** -``` -devflow/ -├── agents/ # Sub-agent definitions (.md) -├── commands/ # Slash command definitions (.md) -├── skills/ # Skill definitions (installed flat to ~/.claude/skills/) -├── scripts/ # statusline.sh -├── src/ -│ ├── cli/ # CLI source code (TypeScript) -│ │ ├── commands/ # init.ts, uninstall.ts -│ │ └── cli.ts # CLI entry point -│ ├── claude/ # CLAUDE.md template -│ └── templates/ # settings.json template -├── CLAUDE.md # Developer guide -└── README.md # User documentation ``` ## Support -- Check installed command documentation -- Review `.docs/status/` for recent sessions -- Skills auto-activate for systematic troubleshooting -- Report issues at https://github.com/dean0x/devflow/issues +Report issues at https://github.com/dean0x/devflow/issues ## License diff --git a/skills/devflow-architecture-patterns/SKILL.md b/skills/devflow-architecture-patterns/SKILL.md index a68bd09b..06c3faf8 100644 --- a/skills/devflow-architecture-patterns/SKILL.md +++ b/skills/devflow-architecture-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-architecture-patterns description: Software architecture and design pattern analysis. Load when reviewing code structure, SOLID violations, coupling issues, or module boundaries. Used by Reviewer agent with architecture focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-code-smell/SKILL.md b/skills/devflow-code-smell/SKILL.md index f0ba576c..04dc8afb 100644 --- a/skills/devflow-code-smell/SKILL.md +++ b/skills/devflow-code-smell/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-code-smell description: Automatically detect anti-patterns, fake solutions, and workarounds when implementing functionality. Use when adding new features, reviewing code changes, or when suspicious patterns appear. Enforces honest, production-ready solutions. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-codebase-navigation/SKILL.md b/skills/devflow-codebase-navigation/SKILL.md index eb0ef97e..473acf8b 100644 --- a/skills/devflow-codebase-navigation/SKILL.md +++ b/skills/devflow-codebase-navigation/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-codebase-navigation description: Automatically activate when exploring unfamiliar codebases, searching for entry points, tracing data flow, or discovering existing patterns. Triggers when asked to understand, explore, or find code in a codebase before implementation. +user-invocable: false allowed-tools: Read, Grep, Glob, Bash --- diff --git a/skills/devflow-commit/SKILL.md b/skills/devflow-commit/SKILL.md index 61e16435..64fbb95c 100644 --- a/skills/devflow-commit/SKILL.md +++ b/skills/devflow-commit/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-commit description: Commit best practices, atomic grouping, and message conventions. Auto-activate when staging files, creating commits, or generating commit messages. Ensures clean, safe, atomic git history. +user-invocable: false allowed-tools: Bash, Read, Grep, Glob --- diff --git a/skills/devflow-complexity-patterns/SKILL.md b/skills/devflow-complexity-patterns/SKILL.md index 533a4610..59f2f164 100644 --- a/skills/devflow-complexity-patterns/SKILL.md +++ b/skills/devflow-complexity-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-complexity-patterns description: Code complexity and maintainability analysis. Load when reviewing code for cyclomatic complexity, readability issues, or maintainability concerns. Used by Reviewer agent with complexity focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-consistency-patterns/SKILL.md b/skills/devflow-consistency-patterns/SKILL.md index 07e40f32..a84c1a63 100644 --- a/skills/devflow-consistency-patterns/SKILL.md +++ b/skills/devflow-consistency-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-consistency-patterns description: Code consistency, pattern adherence, and unnecessary simplification detection. Load when reviewing code for style violations, content truncation, or feature regressions. Used by Reviewer agent with consistency focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-core-patterns/SKILL.md b/skills/devflow-core-patterns/SKILL.md index 127c5562..97fb3322 100644 --- a/skills/devflow-core-patterns/SKILL.md +++ b/skills/devflow-core-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-core-patterns description: Automatically activate when implementing new functionality, refactoring code, or when guidance on Result types, dependency injection, immutability, resource cleanup, naming conventions, or architecture documentation is needed. Foundation skill for all implementation work. +user-invocable: false allowed-tools: Read, Grep, Glob, AskUserQuestion --- diff --git a/skills/devflow-database-patterns/SKILL.md b/skills/devflow-database-patterns/SKILL.md index 2a19aa47..cf004e50 100644 --- a/skills/devflow-database-patterns/SKILL.md +++ b/skills/devflow-database-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-database-patterns description: Database design and optimization review. Load when reviewing migrations, schema changes, query patterns, or database-related code. Used by Reviewer agent with database focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-dependencies-patterns/SKILL.md b/skills/devflow-dependencies-patterns/SKILL.md index 22f31a13..fdacde39 100644 --- a/skills/devflow-dependencies-patterns/SKILL.md +++ b/skills/devflow-dependencies-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-dependencies-patterns description: Dependency management and security analysis. Load when reviewing package.json changes, dependency updates, or assessing supply chain risks. Used by Reviewer agent with dependencies focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-docs-framework/SKILL.md b/skills/devflow-docs-framework/SKILL.md index 886823b9..227598bc 100644 --- a/skills/devflow-docs-framework/SKILL.md +++ b/skills/devflow-docs-framework/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-docs-framework description: Documentation conventions for DevFlow artifacts. Load when creating status logs, debug sessions, review reports, or any persistent documentation in .docs/ directory. Ensures consistent naming, structure, and organization. +user-invocable: false allowed-tools: Read, Bash, Glob --- diff --git a/skills/devflow-documentation-patterns/SKILL.md b/skills/devflow-documentation-patterns/SKILL.md index b718f892..ec016843 100644 --- a/skills/devflow-documentation-patterns/SKILL.md +++ b/skills/devflow-documentation-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-documentation-patterns description: Documentation quality and code-documentation alignment. Load when reviewing code comments, API docs, READMEs, or checking for documentation drift. Used by Reviewer agent with documentation focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-git-safety/SKILL.md b/skills/devflow-git-safety/SKILL.md index 5a02fd08..46c7a17d 100644 --- a/skills/devflow-git-safety/SKILL.md +++ b/skills/devflow-git-safety/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-git-safety description: Git safety patterns and best practices. Load when performing git operations, creating commits, managing branches, or working with git history. Prevents common git mistakes and ensures clean history. +user-invocable: false allowed-tools: Bash, Read --- diff --git a/skills/devflow-github-patterns/SKILL.md b/skills/devflow-github-patterns/SKILL.md index a32cd3c0..5d1fe0c0 100644 --- a/skills/devflow-github-patterns/SKILL.md +++ b/skills/devflow-github-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-github-patterns description: GitHub API patterns for PR comments, issue management, and release workflows. Load when performing git/GitHub operations via gh CLI. +user-invocable: false allowed-tools: Bash, Read, Grep, Glob --- diff --git a/skills/devflow-implementation-patterns/SKILL.md b/skills/devflow-implementation-patterns/SKILL.md index 20613b73..71c7f2c7 100644 --- a/skills/devflow-implementation-patterns/SKILL.md +++ b/skills/devflow-implementation-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-implementation-patterns description: Automatically activate when implementing CRUD operations, API endpoints, event handlers, configuration systems, or logging. Triggers on feature implementation tasks involving database operations, REST/GraphQL APIs, pub/sub patterns, or service configuration. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-input-validation/SKILL.md b/skills/devflow-input-validation/SKILL.md index 51607761..fd90cc4f 100644 --- a/skills/devflow-input-validation/SKILL.md +++ b/skills/devflow-input-validation/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-input-validation description: Automatically enforce input validation at system boundaries when handling user input, API endpoints, or external data. Use when creating API routes, processing form data, or integrating with external services. Enforces parse-don't-validate pattern. +user-invocable: false allowed-tools: Read, Grep, Glob, AskUserQuestion --- diff --git a/skills/devflow-performance-patterns/SKILL.md b/skills/devflow-performance-patterns/SKILL.md index 9448aa41..7378ab8a 100644 --- a/skills/devflow-performance-patterns/SKILL.md +++ b/skills/devflow-performance-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-performance-patterns description: Performance optimization and bottleneck detection. Load when reviewing code for algorithmic complexity, memory issues, I/O inefficiencies, or caching concerns. Used by Reviewer agent with performance focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-pull-request/SKILL.md b/skills/devflow-pull-request/SKILL.md index 0e8a9e6f..21595bb3 100644 --- a/skills/devflow-pull-request/SKILL.md +++ b/skills/devflow-pull-request/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-pull-request description: PR quality patterns, description generation, and review preparation. Auto-activate when creating PRs, generating descriptions, or analyzing branch changes for review. +user-invocable: false allowed-tools: Bash, Read, Grep, Glob --- diff --git a/skills/devflow-react/SKILL.md b/skills/devflow-react/SKILL.md index 85d64d03..14d51137 100644 --- a/skills/devflow-react/SKILL.md +++ b/skills/devflow-react/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-react description: Automatically activate when working with React components, hooks, or .jsx/.tsx files containing JSX. Triggers on component creation, hook implementation, state management, or React performance optimization tasks. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-regression-patterns/SKILL.md b/skills/devflow-regression-patterns/SKILL.md index 985c1ee5..a2e8a7d2 100644 --- a/skills/devflow-regression-patterns/SKILL.md +++ b/skills/devflow-regression-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-regression-patterns description: Functionality regression and intent validation analysis. Load when reviewing for lost functionality, broken behavior, or incomplete migrations. Used by Reviewer agent with regression focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-review-methodology/SKILL.md b/skills/devflow-review-methodology/SKILL.md index 1c433704..2eb0d861 100644 --- a/skills/devflow-review-methodology/SKILL.md +++ b/skills/devflow-review-methodology/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-review-methodology description: Standard review process for all DevFlow review agents. Load when performing code reviews to ensure consistent 6-step process with 3-category issue classification. This is the shared methodology used by the unified Reviewer agent across all focus areas. +user-invocable: false allowed-tools: Read, Grep, Glob, Bash --- diff --git a/skills/devflow-security-patterns/SKILL.md b/skills/devflow-security-patterns/SKILL.md index 1d7c15fc..20c195a4 100644 --- a/skills/devflow-security-patterns/SKILL.md +++ b/skills/devflow-security-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-security-patterns description: Security vulnerability patterns and detection strategies. Load when reviewing code for security issues, implementing authentication/authorization, handling user input, or working with sensitive data. Used by Reviewer agent (security focus). +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-self-review/SKILL.md b/skills/devflow-self-review/SKILL.md index 1bf141b3..65c1923c 100644 --- a/skills/devflow-self-review/SKILL.md +++ b/skills/devflow-self-review/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-self-review description: Self-review framework for Scrutinizer agent. Evaluate implementation against 9 pillars. Fix P0/P1 issues immediately. Ensures quality before handoff to Simplifier. +user-invocable: false allowed-tools: Read, Grep, Glob, Edit, Write, Bash --- diff --git a/skills/devflow-test-design/SKILL.md b/skills/devflow-test-design/SKILL.md index f437c8fd..a3fbd216 100644 --- a/skills/devflow-test-design/SKILL.md +++ b/skills/devflow-test-design/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-test-design description: Automatically review test quality and design when writing or modifying tests. Use when tests require complex setup, have repetitive boilerplate, or when mocking becomes difficult. Enforces behavior testing over implementation testing. +user-invocable: false allowed-tools: Read, Grep, Glob, AskUserQuestion --- diff --git a/skills/devflow-tests-patterns/SKILL.md b/skills/devflow-tests-patterns/SKILL.md index fccd5b7d..c4d6ff1a 100644 --- a/skills/devflow-tests-patterns/SKILL.md +++ b/skills/devflow-tests-patterns/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-tests-patterns description: Test quality, coverage, and effectiveness analysis. Load when reviewing test code for coverage gaps, brittle tests, or poor test design. Used by Reviewer agent with tests focus. +user-invocable: false allowed-tools: Read, Grep, Glob --- diff --git a/skills/devflow-typescript/SKILL.md b/skills/devflow-typescript/SKILL.md index d200c969..dc4c84cb 100644 --- a/skills/devflow-typescript/SKILL.md +++ b/skills/devflow-typescript/SKILL.md @@ -1,6 +1,7 @@ --- name: devflow-typescript description: Automatically activate when working with .ts or .tsx files, or when TypeScript patterns are needed. Triggers on type safety questions, generic implementations, utility type usage, or type guard creation in TypeScript codebases. +user-invocable: false allowed-tools: Read, Grep, Glob ---