edercnj
545 verified skills
parallelism-heuristics
Canonical catalog of file-collision heuristics for parallel task, story, and epic execution. Defines the File Footprint block format, the three Conflict Categories (hard / regen / soft), a hotspot list of high-contention paths, and the degrade-with-warning policy. Consumed by x-task-plan, x-story-plan, x-epic-map, x-parallel-eval, and x-dev-*-implement.
development
x-story-implement
Thin orchestrator (~320 lines — story-0049-0019 refactor) that drives a story end-to-end via 4 delegated phases: Phase 0 (args via x-internal-args-normalize + context via x-internal-story-load-context + resume via x-internal-story-resume), Phase 1 (parallel planning via x-internal-story-build-plan), Phase 2 (task execution loop via x-task-implement per task, then final story PR via x-pr-create), Phase 3 (verify via x-internal-story-verify + report via x-internal-story-report + optional worktree cleanup via x-git-worktree). New EPIC-0049 flags --target-branch / --auto-merge / --epic-id propagate OO-style to x-task-implement and x-pr-create. Backward compatible: absent flags preserve legacy EPIC-0048 behavior (target=develop, auto-merge=none).
development
ddd-strategic
DDD Strategic Design: bounded context identification, context map with 6 integration patterns, Anti-Corruption Layer template, and /x-ddd-context-map skill.
content-media
patterns-outbox
Transactional Outbox Pattern: reliable event publishing with polling publisher and CDC strategies, outbox table design, and anti-patterns.
content-media
x-story-plan
Multi-agent story planning: launches 5 specialized agents (Architect, QA, Security, Tech Lead, Product Owner) in parallel to produce a consolidated task breakdown, individual task plans, planning report, and DoR validation. Schema-aware: v1 (legacy) runs the original 6-phase flow; v2 (task-first, EPIC-0038) adds Phases 4a-4c that emit task-TASK-NNN.md + plan-task-TASK-NNN.md per task and a task-implementation-map-STORY-*.md, wiring every task through x-task-plan in parallel.
testing
container-registry
Container registry patterns: tagging strategy, immutability, retention policies, vulnerability scanning, multi-arch builds, and CI/CD integration.
development
k8s-deployment
Kubernetes deployment patterns: workload types, pod specifications, resource sizing, probes, autoscaling, network policies, and security contexts.
testing
observability
Observability principles: distributed tracing (span trees, mandatory attributes), metrics naming conventions, structured logging with mandatory fields, health checks (liveness/readiness/startup), correlation IDs, and OpenTelemetry integration.
testing
performance-engineering
Performance engineering patterns: profiling, benchmarking, optimization, regression detection, and memory management for {{LANGUAGE}} {{FRAMEWORK}} projects using {{BUILD_TOOL}}.
tools
patterns-outbox
Transactional Outbox Pattern: reliable event publishing with polling publisher and CDC strategies, outbox table design, and anti-patterns.
content-media
quarkus-patterns
Quarkus patterns: CDI, @ConfigMapping, Panache Repository, RESTEasy Reactive, native build constraints, and @RegisterForReflection.
development
testing
Complete testing reference: testing philosophy, 8 test categories, coverage thresholds, fixture patterns, data uniqueness, async handling, database strategy, and {{LANGUAGE}}-specific test frameworks. Read before writing tests.
development
story-planning
Story decomposition and planning: layer-by-layer decomposition (foundation, core domain, extensions, compositions, cross-cutting), story self-containment (data contracts, acceptance criteria), dependency DAG, sizing rules, and phase computation.
tools
x-analyze-telemetry-trends
Detects cross-epic P95 regressions and ranks top-10 slowest skills from global index.
tools
x-create-git-branch
Creates a bare git branch from a configurable base with naming validation and idempotency.
tools
compliance
Compliance frameworks (conditionally included): GDPR, HIPAA, LGPD, PCI-DSS, SOX. Data classification, rights enforcement, processing records, international transfers, security measures, audit logging, and framework-specific requirements.
development
architecture
Full architecture reference: {{ARCHITECTURE}} principles, package structure, dependency rules, thread-safety, mapper patterns, persistence rules, and architecture variants. Read before designing or implementing features.
testing
architecture-hexagonal
Hexagonal architecture reference: canonical package structure, dependency rules with violation examples, compilable Port/Adapter patterns, and ArchUnit boundary validation suite. Read before implementing hexagonal-style projects.
development
architecture-cqrs
CQRS/Event Sourcing patterns: write/read model separation, command bus, event store, aggregate with event sourcing, projections, snapshot policy, and dead letter handling.
testing
x-perf-profile
Automated profiling: detect language/runtime, select appropriate profiler, execute session, generate flamegraph, identify hotspots, and suggest optimizations referencing the performance-engineering knowledge pack.
testing
x-jira-create-stories
Create Jira Stories from existing local story markdown files. Read all story files in an epic directory, map fields to Jira, create issues with parent epic link, create dependency links between stories, and sync Jira keys back to local files.
tools
x-security-sonar
Integrates with SonarQube/SonarCloud for security hotspot tracking, quality gate enforcement, and SARIF output from findings.
testing
compliance
Compliance frameworks (conditionally included): GDPR, HIPAA, LGPD, PCI-DSS, SOX. Data classification, rights enforcement, processing records, international transfers, security measures, audit logging, and framework-specific requirements.
development
ci-cd-patterns
CI/CD pipeline patterns: build stages, test parallelization, security scanning, artifact management, environment promotion, approval gates, caching strategies, and language-specific pipeline configurations.
development
architecture-patterns
Architecture pattern references: microservice, resilience, data, integration, and architectural patterns (saga, outbox, circuit breaker, CQRS, event sourcing, and more).
testing
architecture-hexagonal
Hexagonal architecture reference: canonical package structure, dependency rules with violation examples, compilable Port/Adapter patterns, and ArchUnit boundary validation suite. Read before implementing hexagonal-style projects.
development
architecture-cqrs
CQRS/Event Sourcing patterns: write/read model separation, command bus, event store, aggregate with event sourcing, projections, snapshot policy, and dead letter handling.
testing
api-design
API design principles: {{LANGUAGE}}-specific patterns for REST/gRPC/GraphQL. URL structure, status codes, RFC 7807 errors, pagination, content negotiation, validation, request/response shaping, versioning strategies, and protocol conventions.
development
x-release-changelog
Generates CHANGELOG.md from Conventional Commits history. Parses git log, groups by commit type, maps to Keep a Changelog sections (Added, Changed, Fixed, etc.), and performs incremental updates preserving existing entries.
documentation
x-ops-troubleshoot
Diagnoses errors, stacktraces, build failures, and unexpected behavior. Systematic approach: reproduce, locate, understand, fix, verify. Use whenever something fails: compilation errors, test failures, runtime exceptions, coverage gaps, or performance issues.
development
x-lib-audit-rules
Audits compliance of all project rules AND knowledge packs against source code. Launches parallel subagents (one per rule/knowledge-pack) for scanning, then aggregates into a unified report with severity classification and story suggestions.
development
x-test-e2e
Runs integration tests that validate the complete flow from request through all application layers to response, using a real database.
testing
x-security-secrets
Scans code and git history for leaked credentials, API keys, tokens, and secrets. Produces SARIF output with scoring and baseline support.
development
x-security-container
Scans Docker images for CVEs and Dockerfile best practices violations. Uses Trivy, Grype, or Snyk Container. Produces SARIF output with scoring.
testing
x-review-grpc
Validates gRPC service definitions, proto3 conventions, implementation patterns, and operational readiness.
testing
x-review-devops
DevOps specialist review: validates Dockerfile, container security, CI/CD pipeline, resource limits, health probes, graceful shutdown, and deployment configuration.
development
x-review-api
Validates REST API endpoints for RFC 7807 error responses, pagination, URL versioning, OpenAPI documentation, status codes, and DTO patterns.
development
x-setup-stack
Sets up the local development environment including container orchestrator, database, and build tools.
tools
x-commit-planning
Batch-commits planning artifacts under plans/** (or whitelisted template paths) without triggering the code pre-commit chain (format/lint/compile). Sibling of x-commit-changes for docs/markdown/json generated by planning skills.
development
x-commit-planning
Batch-commits planning artifacts under plans/** (or whitelisted template paths) without triggering the code pre-commit chain (format/lint/compile). Sibling of x-commit-changes for docs/markdown/json generated by planning skills.
development
x-evaluate-hardening
Evaluates hardening posture (headers, TLS, CORS, cookies) with weighted SARIF scoring.
tools
x-create-jira-epic
Creates a Jira Epic from a local epic markdown and syncs the Jira key back to the file.
tools
x-pr-fix-epic
Discovers all PRs from an epic via execution-state.json, fetches and classifies review comments in batch, generates a consolidated findings report, applies fixes, and creates a single correction PR. Supports dry-run, explicit PR list fallback, and idempotent re-execution.
testing
parallelism-heuristics
Canonical catalog of file-collision heuristics for parallel task, story, and epic execution. Defines the File Footprint block format, the three Conflict Categories (hard / regen / soft), a hotspot list of high-contention paths, and the degrade-with-warning policy. Consumed by x-task-plan, x-story-plan, x-epic-map, x-parallel-eval, and x-dev-*-implement.
development
x-code-format
Formats source code using the appropriate formatter for {{LANGUAGE}}. First step of the pre-commit chain (format -> lint -> compile -> commit). Supports --check (dry-run) and --changed-only modes.
development
planning-standards-kp
Knowledge pack RA9 (Rule-Aligned 9-Section) for Epic/Story/Task planning templates.
tools
x-generate-adr
Generates ADRs from architecture-plan mini-ADRs with sequential numbering and index update.
tools
x-fix-pr
Reads PR review comments and fixes actionable ones with Conventional Commits.
documentation
x-audit-dependencies
Audits dependencies for CVEs, outdated versions, and license issues per stack.
testing
x-cleanup-git-branches
Cleans local git: prune, remove non-main worktrees, delete branches except main/develop.
development
x-analyze-telemetry
Analyzes telemetry NDJSON for an epic; produces Markdown report with Gantt and aggregates.
business
x-generate-docs
Documentation automation v2: stack-aware generation from documentation.targets.
tools
resources/skills/x-create-bug
Create a structured bug report from the RA9 template
business
x-create-feature
Creates a complete feature (Epic + Stories + Map) from a spec file in an isolated worktree.
tools
x-create-jira-stories
Creates Jira Stories from local story markdowns; links parent Epic and dependencies.
testing
x-detect-spec-drift
Detects spec-code drift: contracts, endpoints, Gherkin scenarios vs implementation.
development
x-epic-create
Creates a focused Epic artifact from a Feature markdown, preserving lineage and RNFs.
tools
x-execute-contract-tests
Stack-aware contract breaking-change detection (openapi-diff, buf, schema registry).
development
x-evaluate-parallelism
Detects file-collision risks between parallel work units; emits collision matrix.
tools
planning-standards-kp
Fonte da verdade do modelo RA9 (Rule-Aligned 9-Section) para templates de planejamento Epic/Story/Task. Define as 9 seções fixas, granularidade por nível, micro-template Decision Rationale, e mapeamento rule ↔ seção.
testing
x-internal-story-verify
Executes the story-level verification gate (Phase 3 carve-out of x-story-implement): identifies files touched by the story via the task breakdown, runs the test suite scoped to those files, parses filtered coverage against the story-specific thresholds (default line >=95, branch >=90), performs cross-file consistency checks (constructor patterns, return-type uniformity per role), optionally runs the smoke suite, and validates every Section 7 Gherkin scenario has a matching acceptance test. Emits a single-line JSON envelope {passed, coverageDelta, failures, acCheckResults}. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-story-load-context and x-internal-story-build-plan).
development
x-pr-merge
Merges a single PR via gh CLI with configurable strategy (merge/squash/rebase), idempotency for already-merged PRs, pre-checks for CI and approvals in synchronous mode, GitHub native auto-merge in --auto mode, and structured error codes. Extracted from x-epic-implement Phase 1.3b to provide a testable, reusable merge primitive callable from x-pr-create --auto-merge and x-epic-implement.
tools
x-hardening-eval
Evaluates application hardening posture against CIS and OWASP benchmarks: HTTP security headers, TLS configuration, CORS policy, cookie security, error handling, input limits, and information disclosure. Produces SARIF output with weighted scoring.
development
x-adr-generate
Automates ADR generation from architecture plan mini-ADRs: extracts inline decisions, expands to full ADR format, assigns sequential numbering, updates the ADR index, and adds cross-references.
development
x-adr-generate
Automates ADR generation from architecture plan mini-ADRs: extracts inline decisions, expands to full ADR format, assigns sequential numbering, updates the ADR index, and adds cross-references.
development
x-arch-update
Incrementally updates the service architecture document with changes from architecture plans. Adds new components, integrations, flows, and ADR references without rewriting existing content. Use after implementation to keep architecture documentation current.
documentation
x-ci-generate
Generate or update CI/CD pipelines based on project stack: detect language, analyze existing workflows, generate CI/CD/release/security pipelines, validate with actionlint, support monorepo triggers.
development
x-ci-generate
Generate or update CI/CD pipelines based on project stack: detect language, analyze existing workflows, generate CI/CD/release/security pipelines, validate with actionlint, support monorepo triggers.
development
x-code-audit
Full codebase review against all project standards. Launches parallel subagents per audit dimension (Clean Code, SOLID, Architecture, Tests, Security, Cross-file), consolidates findings into a severity-categorized report with score. Use for periodic quality validation.
development
x-code-audit
Full codebase review against all project standards. Launches parallel subagents per audit dimension (Clean Code, SOLID, Architecture, Tests, Security, Cross-file), consolidates findings into a severity-categorized report with score. Use for periodic quality validation.
development
x-code-format
Formats source code using the appropriate formatter for {{LANGUAGE}}. First step of the pre-commit chain (format -> lint -> compile -> commit). Supports --check (dry-run) and --changed-only modes.
development
x-code-lint
Analyzes source code with the appropriate linter for {{LANGUAGE}}. Second step in the pre-commit chain (RULE-007: format -> lint -> compile -> commit). Supports --fix, --changed-only, and --strict modes.
development
x-dependency-audit
Checks project dependencies for vulnerabilities, outdated versions, and license issues. Detects build tool automatically, runs language-specific audit commands, and generates a severity-categorized report.
tools
x-dependency-audit
Checks project dependencies for vulnerabilities, outdated versions, and license issues. Detects build tool automatically, runs language-specific audit commands, and generates a severity-categorized report.
tools
x-doc-generate
Documentation automation: detects documentation type needed (API, README, ADR, changelog) from code changes, delegates to specialized skills or generates inline. Single entry point for all documentation updates.
tools
x-doc-generate
Documentation automation: detects documentation type needed (API, README, ADR, changelog) from code changes, delegates to specialized skills or generates inline. Single entry point for all documentation updates.
tools
x-epic-create
Generate an Epic document from a system specification file with cross-cutting business rules, global quality definitions (DoR/DoD), a complete story index with dependency declarations, and optional Jira integration.
testing
x-epic-create
Generate an Epic document from a system specification file with cross-cutting business rules, global quality definitions (DoR/DoD), a complete story index with dependency declarations, and optional Jira integration.
testing
x-epic-decompose
Complete decomposition of a system specification into an Epic, individual Story files, and an Implementation Map with dependency graph and phased execution plan. Orchestrates spec analysis, rule extraction, story identification, and implementation planning.
testing
x-epic-decompose
Complete decomposition of a system specification into an Epic, individual Story files, and an Implementation Map with dependency graph and phased execution plan. Orchestrates spec analysis, rule extraction, story identification, and implementation planning.
testing
x-epic-map
Generate an Implementation Map from an Epic and its Stories with dependency matrix, phase computation, critical path analysis, ASCII phase diagrams, Mermaid dependency graphs, phase summary tables, and strategic observations.
testing
x-epic-map
Generate an Implementation Map from an Epic and its Stories with dependency matrix, phase computation, critical path analysis, ASCII phase diagrams, Mermaid dependency graphs, phase summary tables, and strategic observations.
testing
x-epic-orchestrate
Orchestrates multi-agent planning for all stories in an epic, respecting dependency order, with checkpoint and resume support.
testing
x-epic-orchestrate
Orchestrates multi-agent planning for all stories in an epic, respecting dependency order, with checkpoint and resume support.
testing
x-git-branch
Creates a bare git branch (no worktree) from a configurable base with naming validation and idempotency. Single source of truth for branch creation logic consumed by orchestrators (x-internal-epic-branch-ensure, x-story-implement) and users.
tools
x-git-branch
Creates a bare git branch (no worktree) from a configurable base with naming validation and idempotency. Single source of truth for branch creation logic consumed by orchestrators (x-internal-epic-branch-ensure, x-story-implement) and users.
tools
x-git-cleanup-branches
Cleans local git state in one pass: fetches origin with prune, removes all non-main worktrees (any path), and deletes all local branches except main/master/develop. Destructive by default with an interactive y/N confirmation gate; supports --dry-run (preview) and --yes (non-interactive).
development
x-git-cleanup-branches
Cleans local git state in one pass: fetches origin with prune, removes all non-main worktrees (any path), and deletes all local branches except main/master/develop. Destructive by default with an interactive y/N confirmation gate; supports --dry-run (preview) and --yes (non-interactive).
development
x-git-commit
Creates Conventional Commits with Task ID in scope and pre-commit chain (format -> lint -> compile). Central commit point in the task-centric workflow with TDD tag support.
development
x-git-commit
Creates Conventional Commits with Task ID in scope and pre-commit chain (format -> lint -> compile). Central commit point in the task-centric workflow with TDD tag support.
development
x-git-worktree
Manages git worktrees for parallel task and story execution. Operations: create, list, remove, cleanup, detect-context. Follows Rule 14 (Worktree Lifecycle) naming convention under .claude/worktrees/{identifier}/.
tools
x-git-push
Git operations: branch creation, atomic commits (Conventional Commits), push, and PR creation. Use for any git workflow task including branching, committing, pushing, creating PRs, or managing version control.
tools
x-git-push
Git operations: branch creation, atomic commits (Conventional Commits), push, and PR creation. Use for any git workflow task including branching, committing, pushing, creating PRs, or managing version control.
tools
x-git-worktree
Manages git worktrees for parallel task and story execution. Operations: create, list, remove, cleanup, detect-context. Follows Rule 14 (Worktree Lifecycle) naming convention under .claude/worktrees/{identifier}/.
tools
x-internal-args-normalize
Parses an argv string against a declarative JSON schema with typed flags (boolean, string, integer, enum), defaults, mutually-exclusive groups, and deprecation warnings, then emits a normalized `{parsed, warnings, errors}` envelope on stdout. Replaces ~150 lines of inline argv parsing inlined inside `x-epic-implement`, `x-story-implement`, and `x-epic-orchestrate`, giving every orchestrator identical flag-validation syntax and error messages. Third skill in the x-internal-* convention (after x-internal-status-update pilot and x-internal-report-write): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-epic-build-plan
Builds the canonical ExecutionPlan for an epic (Phase 0/0.5 carve-out of x-epic-implement): loads epic-XXXX.md, IMPLEMENTATION-MAP.md, and every story-*.md; constructs the inter-story dependency DAG; runs Kahn's algorithm with cycle detection; optionally computes a file-overlap matrix (mode=parallel) and the critical path; then renders plans/epic-XXXX/epic-execution-plan.md via x-internal-report-write using the _TEMPLATE-EPIC-EXECUTION-PLAN.md template. Emits a stable JSON envelope on stdout for orchestrator consumption. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-story-load-context and x-internal-story-build-plan).
development
x-internal-epic-build-plan
Builds the canonical ExecutionPlan for an epic (Phase 0/0.5 carve-out of x-epic-implement): loads epic-XXXX.md, IMPLEMENTATION-MAP.md, and every story-*.md; constructs the inter-story dependency DAG; runs Kahn's algorithm with cycle detection; optionally computes a file-overlap matrix (mode=parallel) and the critical path; then renders plans/epic-XXXX/epic-execution-plan.md via x-internal-report-write using the _TEMPLATE-EPIC-EXECUTION-PLAN.md template. Emits a stable JSON envelope on stdout for orchestrator consumption. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-story-load-context and x-internal-story-build-plan).
development
x-internal-epic-integrity-gate
Executes the epic-level verification gate end-to-end (Phase 1.7 / Phase 4 carve-out of x-epic-implement) on the epic/XXXX branch HEAD: checks out the branch, runs mvn clean test + jacoco:report, parses filtered coverage against epic-level thresholds (default line >=95, branch >=90), runs a declarative DoD checklist (presence of tests, tasks DONE, CHANGELOG entry, ADR references), and emits a single-line JSON envelope {passed, failures, coverageDelta, dodChecklist}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-story-load-context, x-internal-story-build-plan, and x-internal-story-verify). Isolates ~180 inline lines of integrity-gate logic from x-epic-implement.
development
x-internal-epic-integrity-gate
Executes the epic-level verification gate end-to-end (Phase 1.7 / Phase 4 carve-out of x-epic-implement) on the epic/XXXX branch HEAD: checks out the branch, runs mvn clean test + jacoco:report, parses filtered coverage against epic-level thresholds (default line >=95, branch >=90), runs a declarative DoD checklist (presence of tests, tasks DONE, CHANGELOG entry, ADR references), and emits a single-line JSON envelope {passed, failures, coverageDelta, dodChecklist}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-story-load-context, x-internal-story-build-plan, and x-internal-story-verify). Isolates ~180 inline lines of integrity-gate logic from x-epic-implement.
development
x-internal-phase-gate
Validates phase transitions for orchestrators under Rule 25. Four modes: --mode pre (assert predecessor phases completed before entering phase N), --mode post (assert all child tasks of phase N are completed AND all expected artifacts exist on disk), --mode wave (post-Batch-B verification of parallel wave completeness: N child TaskUpdate completed + N artifacts exist), --mode final (terminal gate composing with x-internal-epic-integrity-gate). Reads execution-state.json.taskTracking.phaseGateResults and TaskList task state; writes back the gate result. Emits a single-line JSON envelope {passed, mode, skill, phase, expectedTasks, completedTasks, missingTasks, expectedArtifacts, missingArtifacts, wallclockMs, timestamp}. Exit 0 on passed, 12 on failure, 13 on malformed args, 14 on task-resolution timeout. First skill in the x-internal-* convention authored by EPIC-0055; eighth overall (after status-update, report-write, args-normalize, story-load-context, story-build-plan, story-verify, story-resume, epic-build-plan, epic-integrity-gate, epic-branch-ensure, story-report) and the eighth under internal/plan/.
development
x-internal-phase-gate
Validates phase transitions for orchestrators under Rule 25. Four modes: --mode pre (assert predecessor phases completed before entering phase N), --mode post (assert all child tasks of phase N are completed AND all expected artifacts exist on disk), --mode wave (post-Batch-B verification of parallel wave completeness: N child TaskUpdate completed + N artifacts exist), --mode final (terminal gate composing with x-internal-epic-integrity-gate). Reads execution-state.json.taskTracking.phaseGateResults and TaskList task state; writes back the gate result. Emits a single-line JSON envelope {passed, mode, skill, phase, expectedTasks, completedTasks, missingTasks, expectedArtifacts, missingArtifacts, wallclockMs, timestamp}. Exit 0 on passed, 12 on failure, 13 on malformed args, 14 on task-resolution timeout. First skill in the x-internal-* convention authored by EPIC-0055; eighth overall (after status-update, report-write, args-normalize, story-load-context, story-build-plan, story-verify, story-resume, epic-build-plan, epic-integrity-gate, epic-branch-ensure, story-report) and the eighth under internal/plan/.
development
x-internal-report-write
Renders _TEMPLATE-*.md templates by substituting {{KEY}} placeholders (simple and nested, dot-path) and resolving {{#each}} loops against a structured JSON data payload, then writes the result atomically to an output path. Supports an --append mode with per-section deduplication keyed by `## ID: <value>` markers. Centralises phase reports, epic execution reports and planning reports so orchestrators (x-epic-implement, x-epic-orchestrate, x-story-implement) stop duplicating `Read template + inline Edit/Write` logic. Second skill in the x-internal-* convention (after x-internal-status-update pilot): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-report-write
Renders _TEMPLATE-*.md templates by substituting {{KEY}} placeholders (simple and nested, dot-path) and resolving {{#each}} loops against a structured JSON data payload, then writes the result atomically to an output path. Supports an --append mode with per-section deduplication keyed by `## ID: <value>` markers. Centralises phase reports, epic execution reports and planning reports so orchestrators (x-epic-implement, x-epic-orchestrate, x-story-implement) stop duplicating `Read template + inline Edit/Write` logic. Second skill in the x-internal-* convention (after x-internal-status-update pilot): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-story-build-plan
Orchestrates parallel story-planning (Phase 1 carve-out of x-story-implement): invokes x-arch-plan (Step 1A) and then dispatches 5 sibling Agent subagents in ONE assistant message for implementation plan, test plan, task breakdown, security assessment, and compliance assessment (Steps 1B-1F). Applies the Rule 13 SUBAGENT-GENERAL pattern as the canonical parallel-planning gateway. Scope-aware: SIMPLE skips 1E/1F. Returns a consolidated envelope of artifact paths to the calling orchestrator. Fifth skill in the x-internal-* convention and the second under internal/plan/ (after x-internal-story-load-context).
development
x-internal-story-load-context
Loads a story file, validates predecessor dependencies against execution-state.json, executes artifact pre-checks (mtime-based staleness detection across the 7 planning artifacts), classifies scope (SIMPLE / STANDARD / COMPLEX) from task-count + Gherkin-scenario heuristics, and detects planning mode (PRE_PLANNED / HYBRID / INLINE). Replaces ~140 lines of inline Phase 0 logic previously duplicated inside x-story-implement. Fourth skill in the x-internal-* convention (after x-internal-status-update pilot, x-internal-report-write, and x-internal-args-normalize): internal visibility, non-user-invocable, read-only, subdir scoping under internal/plan/.
testing
x-internal-story-report
Generates the final consolidated story-completion report by reading plans/epic-XXXX/execution-state.json, collecting per-task status and commitSha, PR metadata (prNumber, prState), coverage delta, and review findings, then rendering the output via x-internal-report-write with _TEMPLATE-STORY-COMPLETION-REPORT.md to the caller-specified --output path. Eighth skill in the x-internal-* convention and the fifth under internal/plan/ (after x-internal-story-load-context, x-internal-story-build-plan, x-internal-story-verify, and x-internal-story-resume). Read-only against state; writes only to --output via x-internal-report-write.
development
x-internal-story-resume
Detects the resumable state of an in-flight story: reads plans/epic-XXXX/execution-state.json via x-internal-status-update --read-only, identifies the first PENDING or IN_PROGRESS task (the resume point), catalogues DONE tasks with their commitSha, extracts the last committed SHA, and flags staleness when the story file's mtime is newer than any DONE task's completion timestamp. Emits a single-line JSON envelope {resumePoint, tasksCompleted, tasksPending, lastCommitSha, staleWarnings}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-story-load-context, x-internal-story-build-plan, x-internal-story-verify). Read-only by construction — never mutates state.
development
x-internal-story-verify
Executes the story-level verification gate (Phase 3 carve-out of x-story-implement): identifies files touched by the story via the task breakdown, runs the test suite scoped to those files, parses filtered coverage against the story-specific thresholds (default line >=95, branch >=90), performs cross-file consistency checks (constructor patterns, return-type uniformity per role), optionally runs the smoke suite, and validates every Section 7 Gherkin scenario has a matching acceptance test. Emits a single-line JSON envelope {passed, coverageDelta, failures, acCheckResults}. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-story-load-context and x-internal-story-build-plan).
development
x-pr-merge
Merges a single PR via gh CLI with configurable strategy (merge/squash/rebase), idempotency for already-merged PRs, pre-checks for CI and approvals in synchronous mode, GitHub native auto-merge in --auto mode, and structured error codes. Extracted from x-epic-implement Phase 1.3b to provide a testable, reusable merge primitive callable from x-pr-create --auto-merge and x-epic-implement.
tools
x-jira-create-epic
Create a Jira Epic from an existing local epic markdown file. Read the epic file, map fields to Jira, create the issue via MCP, and sync the Jira key back to the local file.
tools
x-jira-create-epic
Create a Jira Epic from an existing local epic markdown file. Read the epic file, map fields to Jira, create the issue via MCP, and sync the Jira key back to the local file.
tools
x-jira-create-stories
Create Jira Stories from existing local story markdown files. Read all story files in an epic directory, map fields to Jira, create issues with parent epic link, create dependency links between stories, and sync Jira keys back to local files.
tools
x-lib-audit-rules
Audits compliance of all project rules AND knowledge packs against source code. Launches parallel subagents (one per rule/knowledge-pack) for scanning, then aggregates into a unified report with severity classification and story suggestions.
development
x-lib-group-verifier
Build gate verification between parallelism groups. Compiles code, classifies errors, decides retry vs escalate, extracts outputs for next group. Used between each implementation group in Phase 2.
development
x-lib-group-verifier
Build gate verification between parallelism groups. Compiles code, classifies errors, decides retry vs escalate, extracts outputs for next group. Used between each implementation group in Phase 2.
development
x-lib-task-decomposer
Decomposes an implementation plan into tasks. Primary mode: derives tasks from test scenarios (x-test-plan output) using TDD structure (RED/GREEN/REFACTOR). Fallback mode: uses Layer Task Catalog (G1-G7) when no test plan exists.
development
x-lib-task-decomposer
Decomposes an implementation plan into tasks. Primary mode: derives tasks from test scenarios (x-test-plan output) using TDD structure (RED/GREEN/REFACTOR). Fallback mode: uses Layer Task Catalog (G1-G7) when no test plan exists.
development
x-mcp-recommend
Analyzes project tech stack and recommends relevant MCP (Model Context Protocol) servers. Auto-detects language, framework, database, cache, and message broker from project config, then matches against a built-in catalog of MCP servers with installation instructions.
tools
x-mcp-recommend
Analyzes project tech stack and recommends relevant MCP (Model Context Protocol) servers. Auto-detects language, framework, database, cache, and message broker from project config, then matches against a built-in catalog of MCP servers with installation instructions.
tools
x-obs-instrument
Adds or reviews distributed tracing, metrics, and structured logging using OpenTelemetry SDK with OTLP export.
development
x-obs-instrument
Adds or reviews distributed tracing, metrics, and structured logging using OpenTelemetry SDK with OTLP export.
development
x-ops-troubleshoot
Diagnoses errors, stacktraces, build failures, and unexpected behavior. Systematic approach: reproduce, locate, understand, fix, verify. Use whenever something fails: compilation errors, test failures, runtime exceptions, coverage gaps, or performance issues.
development
x-owasp-scan
Automated OWASP Top 10 (2021) verification mapped to ASVS levels (L1/L2/L3). Checks all 10 categories (A01-A10) with per-category pass/fail, ASVS coverage percentage, score grading, SARIF 2.1.0 output, and CI integration. Delegates A06 to x-dependency-audit.
development
x-owasp-scan
Automated OWASP Top 10 (2021) verification mapped to ASVS levels (L1/L2/L3). Checks all 10 categories (A01-A10) with per-category pass/fail, ASVS coverage percentage, score grading, SARIF 2.1.0 output, and CI integration. Delegates A06 to x-dependency-audit.
development
x-parallel-eval
Detects and classifies file-collision risks between work units (tasks, stories, or epic phases) before parallel execution. Reads ## File Footprint blocks produced by x-task-plan / x-story-plan, applies the parallelism-heuristics knowledge pack (hard / regen / soft categories + hotspot overrides), and emits a collision matrix + serialization recommendation in Markdown (default) or JSON.
development
x-planning-commit
Batch-commits planning artifacts under plans/** (or whitelisted template paths) without triggering the code pre-commit chain (format/lint/compile). Sibling of x-git-commit for docs/markdown/json generated by planning skills.
development
x-pr-fix
Reads PR review comments and fixes actionable ones automatically. Detects PR from argument or branch, classifies comments (actionable/suggestion/question/praise), implements fixes, and commits with proper conventional commit messages.
documentation
x-pr-fix
Reads PR review comments and fixes actionable ones automatically. Detects PR from argument or branch, classifies comments (actionable/suggestion/question/praise), implements fixes, and commits with proper conventional commit messages.
documentation
x-pr-merge-train
Merge-train automation: discovers, validates, and merges a sequence of PRs into develop in deterministic order. Supports --prs, --epic, and --pattern discovery modes with pre-merge validation and dry-run auditing.
tools
x-pr-merge-train
Merge-train automation: discovers, validates, and merges a sequence of PRs into develop in deterministic order. Supports --prs, --epic, and --pattern discovery modes with pre-merge validation and dry-run auditing.
tools
x-pr-watch-ci
Polls a PR's CI checks and Copilot review status, blocking until checks complete or timeout. Returns one of 8 stable exit codes (SUCCESS=0, CI_PENDING_PROCEED=10, CI_FAILED=20, TIMEOUT=30, PR_ALREADY_MERGED=40, NO_CI_CONFIGURED=50, PR_CLOSED=60, PR_NOT_FOUND=70). Writes a versioned state-file for session resume.
development
x-pr-watch-ci
Polls a PR's CI checks and Copilot review status, blocking until checks complete or timeout. Returns one of 8 stable exit codes (SUCCESS=0, CI_PENDING_PROCEED=10, CI_FAILED=20, TIMEOUT=30, PR_ALREADY_MERGED=40, NO_CI_CONFIGURED=50, PR_CLOSED=60, PR_NOT_FOUND=70). Writes a versioned state-file for session resume.
development
x-release
Orchestrates complete release flow using Git Flow release branches with approval gate, PR-flow (gh CLI) and deep validation: version bump (auto-detect or explicit), release branch creation from develop, deep validation (coverage, golden files, version consistency), version file updates, changelog generation, release commit, release PR via gh (optionally reviewed by x-review-pr), human approval gate with persistent state file, tag on main after merged PR, back-merge PR to develop with conflict detection, and cleanup. Supports hotfix releases from main, dry-run mode, resume via --continue-after-merge, in-session pause via --interactive, GPG-signed tags, skip-review opt-out, and custom state file path.
tools
x-release-changelog
Generates CHANGELOG.md from Conventional Commits history. Parses git log, groups by commit type, maps to Keep a Changelog sections (Added, Changed, Fixed, etc.), and performs incremental updates preserving existing entries.
documentation
x-release
Orchestrates complete release flow using Git Flow release branches with approval gate, PR-flow (gh CLI) and deep validation: version bump (auto-detect or explicit), release branch creation from develop, deep validation (coverage, golden files, version consistency), version file updates, changelog generation, release commit, release PR via gh (optionally reviewed by x-review-pr), human approval gate with persistent state file, tag on main after merged PR, back-merge PR to develop with conflict detection, and cleanup. Supports hotfix releases from main, dry-run mode, resume via --continue-after-merge, in-session pause via --interactive, GPG-signed tags, skip-review opt-out, and custom state file path.
tools
x-review
Parallel code review with specialist engineers (Security, QA, Performance, Database, Observability, DevOps, API, Event). Invokes individual review skills in parallel via Skill tool, then consolidates into a scored report. Use for pre-PR quality validation.
tools
x-review-api
Validates REST API endpoints for RFC 7807 error responses, pagination, URL versioning, OpenAPI documentation, status codes, and DTO patterns.
development
x-review-compliance
PCI-DSS compliance review with 25-point checklist for code changes involving payment card data. Produces per-point PASS/FAIL report with remediation.
development
x-review-compliance
PCI-DSS compliance review with 25-point checklist for code changes involving payment card data. Produces per-point PASS/FAIL report with remediation.
development
x-review-data-modeling
Data modeling specialist review: validates entity design, aggregate boundaries, value objects, repository patterns, domain event persistence, and DDD tactical patterns.
testing
x-review-data-modeling
Data modeling specialist review: validates entity design, aggregate boundaries, value objects, repository patterns, domain event persistence, and DDD tactical patterns.
testing
x-review-db
Database specialist review: validates schema design, migration safety, query optimization, connection management, transaction boundaries, and data integrity patterns.
testing
x-review-devops
DevOps specialist review: validates Dockerfile, container security, CI/CD pipeline, resource limits, health probes, graceful shutdown, and deployment configuration.
development
x-review-events
Validates event schemas, producer/consumer patterns, error handling, dead letter topics, and operational readiness for event-driven architectures.
testing
x-review-events
Validates event schemas, producer/consumer patterns, error handling, dead letter topics, and operational readiness for event-driven architectures.
testing
x-review-gateway
Reviews API gateway configuration for routing rules, authentication, rate limiting, CORS, security headers, TLS, and observability integration.
development
x-review-gateway
Reviews API gateway configuration for routing rules, authentication, rate limiting, CORS, security headers, TLS, and observability integration.
development
x-review-graphql
Validates GraphQL schema design, resolver implementation, security patterns, and observability for compliance with best practices.
testing
x-review-graphql
Validates GraphQL schema design, resolver implementation, security patterns, and observability for compliance with best practices.
testing
x-review-grpc
Validates gRPC service definitions, proto3 conventions, implementation patterns, and operational readiness.
testing
x-review
Parallel code review with specialist engineers (Security, QA, Performance, Database, Observability, DevOps, API, Event). Invokes individual review skills in parallel via Skill tool, then consolidates into a scored report. Use for pre-PR quality validation.
tools
x-review-obs
Observability specialist review: validates distributed tracing, metrics naming, structured logging, health checks, correlation IDs, and alerting configuration.
testing
x-review-obs
Observability specialist review: validates distributed tracing, metrics naming, structured logging, health checks, correlation IDs, and alerting configuration.
testing
x-review-perf
Performance specialist review: validates N+1 queries, connection pools, async patterns, pagination, caching, timeouts, circuit breakers, and resource cleanup.
testing
x-review-perf
Performance specialist review: validates N+1 queries, connection pools, async patterns, pagination, caching, timeouts, circuit breakers, and resource cleanup.
testing
x-review-pr
Tech Lead holistic review with {review_max_score}-point checklist covering Clean Code, SOLID, architecture, framework conventions, tests, TDD process, security, and cross-file consistency. Produces GO/NO-GO decision. Use for final review before merge.
development
x-review-pr
Tech Lead holistic review with {review_max_score}-point checklist covering Clean Code, SOLID, architecture, framework conventions, tests, TDD process, security, and cross-file consistency. Produces GO/NO-GO decision. Use for final review before merge.
development
x-review-qa
QA specialist review: validates test coverage, TDD compliance, test naming, fixtures, parametrized tests, and acceptance criteria coverage.
testing
x-review-security
Reviews code changes for compliance with selected security frameworks. Verifies sensitive data handling, audit trails, and access control patterns.
development
x-review-security
Reviews code changes for compliance with selected security frameworks. Verifies sensitive data handling, audit trails, and access control patterns.
development
x-runtime-eval
Evaluate runtime protection controls: rate limiting, WAF rules, bot protection, DDoS mitigation, account lockout, brute force protection, CSP enforcement, and permissions policy. Produce SARIF 2.1.0 output with ASVS compliance mapping and scored Markdown report.
business
x-security-container
Scans Docker images for CVEs and Dockerfile best practices violations. Uses Trivy, Grype, or Snyk Container. Produces SARIF output with scoring.
testing
x-security-dashboard
Aggregates results from all security scanning skills into a unified posture view with score 0-100, trend tracking, OWASP risk heatmap, per-dimension breakdown, and remediation priority queue. Never executes scans — reads existing results only (RULE-011).
testing
x-security-dast
Dynamic Application Security Testing -- tests the running application for XSS, injection, misconfiguration, and information disclosure using OWASP ZAP or Nuclei.
development
x-security-dast
Dynamic Application Security Testing -- tests the running application for XSS, injection, misconfiguration, and information disclosure using OWASP ZAP or Nuclei.
development
x-security-infra
Scans Kubernetes manifests, Terraform modules, Helm charts, and Docker Compose files for misconfigurations against CIS benchmarks.
testing
x-security-pentest
Multi-phase penetration test orchestrator: reconnaissance, vulnerability scanning, exploitation validation, and consolidated reporting with environment-based restrictions.
testing
x-security-pentest
Multi-phase penetration test orchestrator: reconnaissance, vulnerability scanning, exploitation validation, and consolidated reporting with environment-based restrictions.
testing
x-security-pipeline
Generate CI/CD pipeline configurations with conditional security stages based on SecurityConfig flags. Support GitHub Actions, GitLab CI, and Azure DevOps with minimal and full stage modes, configurable severity thresholds, and SARIF artifact upload.
development
x-security-pipeline
Generate CI/CD pipeline configurations with conditional security stages based on SecurityConfig flags. Support GitHub Actions, GitLab CI, and Azure DevOps with minimal and full stage modes, configurable severity thresholds, and SARIF artifact upload.
development
x-security-sast
Static Application Security Testing -- scans source code for security vulnerabilities without executing the application. Produces SARIF output with OWASP mapping.
development
x-security-sast
Static Application Security Testing -- scans source code for security vulnerabilities without executing the application. Produces SARIF output with OWASP mapping.
development
x-security-secrets
Scans code and git history for leaked credentials, API keys, tokens, and secrets. Produces SARIF output with scoring and baseline support.
development
x-security-sonar
Integrates with SonarQube/SonarCloud for security hotspot tracking, quality gate enforcement, and SARIF output from findings.
testing
x-setup-env
Validate and configure local development environment: detect stack, check prerequisites, verify versions, validate IDE config, test database connectivity, run initial build, and report status with fix suggestions.
development
x-setup-env
Validate and configure local development environment: detect stack, check prerequisites, verify versions, validate IDE config, test database connectivity, run initial build, and report status with fix suggestions.
development
x-setup-stack
Sets up the local development environment including container orchestrator, database, and build tools.
tools
x-spec-drift
Detects spec-code drift by comparing story data contracts, endpoints, and Gherkin scenarios against implemented code. Supports standalone mode (full report) and inline mode (compact output for TDD loop integration in x-story-implement Phase 2).
development
x-spec-drift
Detects spec-code drift by comparing story data contracts, endpoints, and Gherkin scenarios against implemented code. Supports standalone mode (full report) and inline mode (compact output for TDD loop integration in x-story-implement Phase 2).
development
x-status-reconcile
Reconciles execution-state.json (telemetry) against the **Status:** field of Epic / Story markdown artifacts. Default mode (diagnose) is read-only and prints a divergence table. Opt-in --apply rewrites the markdowns atomically via StatusFieldParser and commits via x-git-commit. Respects Rule 19 (legacy v1 epics skip silently) and Rule 22 (markdown is SoT; state.json is telemetry). Use for manual recovery of legacy epics whose markdown status drifted from execution checkpoints.
testing
x-story-create
Generate detailed User Story files from an Epic and system specification with full data contracts, Gherkin acceptance criteria, Mermaid sequence diagrams, dependency declarations, tagged sub-tasks, quality gate validation, and optional Jira integration.
testing
x-story-create
Generate detailed User Story files from an Epic and system specification with full data contracts, Gherkin acceptance criteria, Mermaid sequence diagrams, dependency declarations, tagged sub-tasks, quality gate validation, and optional Jira integration.
testing
x-story-plan
Multi-agent story planning: launches 5 specialized agents (Architect, QA, Security, Tech Lead, Product Owner) in parallel to produce a consolidated task breakdown, individual task plans, planning report, and DoR validation. Schema-aware: v1 (legacy) runs the original 6-phase flow; v2 (task-first, EPIC-0038) adds Phases 4a-4c that emit task-TASK-NNN.md + plan-task-TASK-NNN.md per task and a task-implementation-map-STORY-*.md, wiring every task through x-task-plan in parallel.
testing
x-supply-chain-audit
Enhanced supply chain security audit beyond x-dependency-audit. Analyzes maintainer risk, typosquatting detection, phantom dependencies, dependency age, EPSS scoring, and SLSA assessment. Produces SARIF 2.1.0 output with weighted risk scoring.
testing
x-task-implement
Implements a feature/story/task using TDD (Red-Green-Refactor) workflow. Schema-aware: v1 (legacy) runs the original Double-Loop TDD flow with story-section task extraction; v2 (task-first, EPIC-0038) reads task-TASK-XXXX-YYYY-NNN.md + plan-task-TASK-XXXX-YYYY-NNN.md, honours declared I/O contracts, respects task-implementation-map dependencies, verifies post-conditions via grep/assert, and produces a single atomic commit per task via x-git-commit.
development
x-telemetry-analyze
Analyze telemetry NDJSON for one or more epics and produce a Markdown report with skill/phase/tool aggregates, Mermaid Gantt timeline, and optional JSON/CSV exports. Use to answer 'which phase is the bottleneck?' and 'is skill X getting slower?' questions for operator visibility.
tools
x-telemetry-analyze
Analyze telemetry NDJSON for one or more epics and produce a Markdown report with skill/phase/tool aggregates, Mermaid Gantt timeline, and optional JSON/CSV exports. Use to answer 'which phase is the bottleneck?' and 'is skill X getting slower?' questions for operator visibility.
tools
x-telemetry-trend
Detect cross-epic P95 regressions (>= threshold %) and rank top-10 slowest skills from the global telemetry index. Single-responsibility partner of /x-telemetry-analyze focused on trend detection, not point-in-time reporting. Use to answer 'is skill X getting slower over the last N epics?' with evidence.
business
x-telemetry-trend
Detect cross-epic P95 regressions (>= threshold %) and rank top-10 slowest skills from the global telemetry index. Single-responsibility partner of /x-telemetry-analyze focused on trend detection, not point-in-time reporting. Use to answer 'is skill X getting slower over the last N epics?' with evidence.
business
x-test-contract
Runs consumer-driven contract tests (Pact, Spring Cloud Contract) to verify API compatibility between services.
development
x-test-contract
Runs consumer-driven contract tests (Pact, Spring Cloud Contract) to verify API compatibility between services.
development
x-test-contract-lint
Validates API contracts (OpenAPI 3.1, AsyncAPI 2.6, Protobuf 3) against their specifications. Reports structural errors, missing fields, and spec violations.
development
x-test-perf
Runs performance tests to validate latency SLAs, throughput targets, and resource stability under load. Supports baseline, normal, peak, and sustained scenarios.
testing
x-test-perf
Runs performance tests to validate latency SLAs, throughput targets, and resource stability under load. Supports baseline, normal, peak, and sustained scenarios.
testing
x-test-run
Runs tests with coverage reporting and threshold validation. Use whenever writing, running, or analyzing tests. Triggers on: test, coverage, TDD, unit test, integration test, test failure, coverage gap, or Definition of Done validation.
testing
x-test-run
Runs tests with coverage reporting and threshold validation. Use whenever writing, running, or analyzing tests. Triggers on: test, coverage, TDD, unit test, integration test, test failure, coverage gap, or Definition of Done validation.
testing
x-test-smoke-api
Runs automated smoke tests against the REST API using Newman/Postman. Supports local, container-orchestrated, and staging environments.
development
x-test-smoke-socket
Runs automated smoke tests against the TCP socket server using a standalone Java client with message framing and protocol validation.
tools
x-test-smoke-socket
Runs automated smoke tests against the TCP socket server using a standalone Java client with message framing and protocol validation.
tools
x-test-tdd
Executes systematic Red-Green-Refactor TDD cycles for a task. Reads the task plan generated by x-task-plan, runs each cycle in TPP order, validates RED/GREEN/REFACTOR phases, delegates atomic commits to x-git-commit with TDD tags, and supports resume and dry-run.
development
x-test-tdd
Executes systematic Red-Green-Refactor TDD cycles for a task. Reads the task plan generated by x-task-plan, runs each cycle in TPP order, validates RED/GREEN/REFACTOR phases, delegates atomic commits to x-git-commit with TDD tags, and supports resume and dry-run.
development
x-threat-model
Generate threat models using STRIDE analysis: identify components, map data flows, analyze threats per category, classify severity, suggest mitigations, and produce threat model document.
development
x-threat-model
Generate threat models using STRIDE analysis: identify components, map data flows, analyze threats per category, classify severity, suggest mitigations, and produce threat model document.
development
parallelism-heuristics
Canonical catalog of file-collision heuristics for parallel task, story, and epic execution. Defines the File Footprint block format, the three Conflict Categories (hard / regen / soft), a hotspot list of high-contention paths, and the degrade-with-warning policy. Consumed by x-task-plan, x-story-plan, x-epic-map, x-parallel-eval, and x-dev-*-implement.
development
x-review-db
Database specialist review: validates schema design, migration safety, query optimization, connection management, transaction boundaries, and data integrity patterns.
testing
x-test-smoke-api
Runs automated smoke tests against the REST API using Newman/Postman. Supports local, container-orchestrated, and staging environments.
development
x-perf-profile
Automated profiling: detect language/runtime, select appropriate profiler, execute session, generate flamegraph, identify hotspots, and suggest optimizations referencing the performance-engineering knowledge pack.
testing
x-runtime-eval
Evaluate runtime protection controls: rate limiting, WAF rules, bot protection, DDoS mitigation, account lockout, brute force protection, CSP enforcement, and permissions policy. Produce SARIF 2.1.0 output with ASVS compliance mapping and scored Markdown report.
business
coding-standards
Complete coding conventions: Clean Code rules (CC-01 to CC-10), SOLID principles, {{LANGUAGE}} {{LANGUAGE_VERSION}} idioms, naming patterns, constructor injection, mapper conventions, version-specific features, and approved libraries. Read before writing any code.
development
x-security-infra
Scans Kubernetes manifests, Terraform modules, Helm charts, and Docker Compose files for misconfigurations against CIS benchmarks.
testing
x-test-contract-lint
Validates API contracts (OpenAPI 3.1, AsyncAPI 2.6, Protobuf 3) against their specifications. Reports structural errors, missing fields, and spec violations.
development
api-design
API design principles: {{LANGUAGE}}-specific patterns for REST/gRPC/GraphQL. URL structure, status codes, RFC 7807 errors, pagination, content negotiation, validation, request/response shaping, versioning strategies, and protocol conventions.
development
coding-standards
Complete coding conventions: Clean Code rules (CC-01 to CC-10), SOLID principles, {{LANGUAGE}} {{LANGUAGE_VERSION}} idioms, naming patterns, constructor injection, mapper conventions, version-specific features, and approved libraries. Read before writing any code.
development
architecture-patterns
Architecture pattern references: microservice, resilience, data, integration, and architectural patterns (saga, outbox, circuit breaker, CQRS, event sourcing, and more).
testing
ci-cd-patterns
CI/CD pipeline patterns: build stages, test parallelization, security scanning, artifact management, environment promotion, approval gates, caching strategies, and language-specific pipeline configurations.
development
sre-practices
SRE practices: error budgets, toil reduction, on-call practices, capacity planning, incident management process, and change management. Covers SLO-based release gates, burn rate calculation, automation prioritization, rotation patterns, load testing methodology, blameless postmortems, and canary analysis.
tools
sre-practices
SRE practices: error budgets, toil reduction, on-call practices, capacity planning, incident management process, and change management. Covers SLO-based release gates, burn rate calculation, automation prioritization, rotation patterns, load testing methodology, blameless postmortems, and canary analysis.
tools
spring-patterns
Spring Boot patterns: DI, @ConfigurationProperties, Spring Data JPA, @RestController, @ControllerAdvice, Spring AOT, and health checks.
testing
security
Complete security reference: OWASP Top 10, security headers, secrets management, input validation, cryptography (TLS, hashing, key management), and pentest readiness checklist. Read during security reviews or when implementing security-sensitive features.
testing
resilience
Resilience patterns: circuit breaker, rate limiting, bulkhead isolation, timeout control, retry with exponential backoff + jitter, fallback/graceful degradation, backpressure, and resilience metrics.
testing
release-management
Release management practices: semantic versioning, version lifecycle (alpha/beta/RC/GA/LTS/EOL), release branching strategies, artifact registry management, release signing and attestation, hotfix process, rollback procedures, and release communication.
testing
k8s-kustomize
Kustomize patterns: directory structure, patches, components, secret management, generators, and patch types for environment management.
tools
protocols
Protocol conventions: REST (OpenAPI 3.1), gRPC (Proto3), GraphQL, WebSocket, and event-driven messaging. URL structure, versioning, error handling per protocol, schema design, and integration patterns.
development
pci-dss-requirements
PCI-DSS v4.0 requirements mapped to code practices: 12 requirements with prohibited/correct examples and reviewer checklists.
development
layer-templates
Reference code templates for each hexagonal architecture layer. Provides consistent patterns for domain model, ports, DTOs, mappers, entities, repositories, use cases, REST resources, exception mappers, migrations, and configuration. Uses {{LANGUAGE}}, {{FRAMEWORK}} placeholders.
development
owasp-asvs
OWASP ASVS 4.0.3 verification standard with L1/L2/L3 levels, cross-reference tables, and verification items for all 14 chapters (V1-V14).
tools
infrastructure
Infrastructure patterns: Docker multi-stage builds, Kubernetes manifests (cloud-agnostic), security context, 12-Factor App principles, graceful shutdown, resource management, and cloud-native design.
development
k8s-helm
Helm chart patterns: chart structure, values templates, multi-environment configuration, dependencies, testing, GitOps integration, and Helmfile.
testing
iac-terraform
Terraform patterns: module structure, remote state, naming conventions, CI/CD workflows, drift detection, and common infrastructure modules.
testing
iac-crossplane
Crossplane patterns: CompositeResourceDefinitions, Compositions, Claims, Provider configuration, and comparison with Terraform.
devops
dockerfile
Dockerfile patterns: multi-stage builds, security hardening, .dockerignore templates, layer optimization, health checks, and OCI labels per language.
development
security
Complete security reference: OWASP Top 10, security headers, secrets management, input validation, cryptography (TLS, hashing, key management), and pentest readiness checklist. Read during security reviews or when implementing security-sensitive features.
testing
disaster-recovery
Disaster recovery patterns: DR strategies, RPO/RTO, failover automation, DR testing, multi-region patterns, and recovery procedures
tools
feature-flags
Feature flags patterns: toggle types, lifecycle management, evaluation strategies, progressive delivery, cleanup policies, and hexagonal architecture integration.
development
finops
FinOps practices: resource rightsizing, cost allocation, spot instances, reserved capacity, cost alerting, and cloud-specific cost optimization tools
tools
data-management
Data management lifecycle patterns: zero-downtime migrations, expand/contract pattern, schema versioning, data governance, backup/restore strategies, partitioning, CDC, and data quality validation for {{DATABASE_TYPE}} with {{MIGRATION_TOOL}}.
tools
ddd-strategic
DDD Strategic Design: bounded context identification, context map with 6 integration patterns, Anti-Corruption Layer template, and /x-ddd-context-map skill.
content-media
database-patterns
Database conventions for {{DB_TYPE}} + {{CACHE_TYPE}}: schema design, migrations, indexing, query optimization, caching patterns, and connection pool management.
data-ai
resilience
Resilience patterns: circuit breaker, rate limiting, bulkhead isolation, timeout control, retry with exponential backoff + jitter, fallback/graceful degradation, backpressure, and resilience metrics.
testing
x-internal-story-resume
Detects the resumable state of an in-flight story: reads plans/epic-XXXX/execution-state.json via x-internal-status-update --read-only, identifies the first PENDING or IN_PROGRESS task (the resume point), catalogues DONE tasks with their commitSha, extracts the last committed SHA, and flags staleness when the story file's mtime is newer than any DONE task's completion timestamp. Emits a single-line JSON envelope {resumePoint, tasksCompleted, tasksPending, lastCommitSha, staleWarnings}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-story-load-context, x-internal-story-build-plan, x-internal-story-verify). Read-only by construction — never mutates state.
development
x-internal-story-report
Generates the final consolidated story-completion report by reading plans/epic-XXXX/execution-state.json, collecting per-task status and commitSha, PR metadata (prNumber, prState), coverage delta, and review findings, then rendering the output via x-internal-report-write with _TEMPLATE-STORY-COMPLETION-REPORT.md to the caller-specified --output path. Eighth skill in the x-internal-* convention and the fifth under internal/plan/ (after x-internal-story-load-context, x-internal-story-build-plan, x-internal-story-verify, and x-internal-story-resume). Read-only against state; writes only to --output via x-internal-report-write.
development
x-internal-story-build-plan
Orchestrates parallel story-planning (Phase 1 carve-out of x-story-implement): invokes x-arch-plan (Step 1A) and then dispatches 5 sibling Agent subagents in ONE assistant message for implementation plan, test plan, task breakdown, security assessment, and compliance assessment (Steps 1B-1F). Applies the Rule 13 SUBAGENT-GENERAL pattern as the canonical parallel-planning gateway. Scope-aware: SIMPLE skips 1E/1F. Returns a consolidated envelope of artifact paths to the calling orchestrator. Fifth skill in the x-internal-* convention and the second under internal/plan/ (after x-internal-story-load-context).
development
quarkus-patterns
Quarkus patterns: CDI, @ConfigMapping, Panache Repository, RESTEasy Reactive, native build constraints, and @RegisterForReflection.
development
testing
Complete testing reference: testing philosophy, 8 test categories, coverage thresholds, fixture patterns, data uniqueness, async handling, database strategy, and {{LANGUAGE}}-specific test frameworks. Read before writing tests.
development
x-git-merge
Merges a source branch into a target branch locally with configurable strategy (merge/squash/rebase), automatic conflict detection + rollback, and idempotent no-op when target already contains source HEAD. Centralizes the ~120 lines of inline Bash previously in x-epic-implement Phase 1.4e auto-rebase.
data-ai
story-planning
Story decomposition and planning: layer-by-layer decomposition (foundation, core domain, extensions, compositions, cross-cutting), story self-containment (data contracts, acceptance criteria), dependency DAG, sizing rules, and phase computation.
tools
disaster-recovery
Disaster recovery patterns: DR strategies, RPO/RTO, failover automation, DR testing, multi-region patterns, and recovery procedures
tools
parallelism-heuristics
Canonical catalog of file-collision heuristics for parallel task, story, and epic execution. Defines the File Footprint block format, the three Conflict Categories (hard / regen / soft), a hotspot list of high-contention paths, and the degrade-with-warning policy. Consumed by x-task-plan, x-story-plan, x-epic-map, x-parallel-eval, and x-dev-*-implement.
development
observability
Observability principles: distributed tracing (span trees, mandatory attributes), metrics naming conventions, structured logging with mandatory fields, health checks (liveness/readiness/startup), correlation IDs, and OpenTelemetry integration.
testing
owasp-asvs
OWASP ASVS 4.0.3 verification standard with L1/L2/L3 levels, cross-reference tables, and verification items for all 14 chapters (V1-V14).
tools
layer-templates
Reference code templates for each hexagonal architecture layer. Provides consistent patterns for domain model, ports, DTOs, mappers, entities, repositories, use cases, REST resources, exception mappers, migrations, and configuration. Uses {{LANGUAGE}}, {{FRAMEWORK}} placeholders.
development
pci-dss-requirements
PCI-DSS v4.0 requirements mapped to code practices: 12 requirements with prohibited/correct examples and reviewer checklists.
development
infrastructure
Infrastructure patterns: Docker multi-stage builds, Kubernetes manifests (cloud-agnostic), security context, 12-Factor App principles, graceful shutdown, resource management, and cloud-native design.
development
k8s-kustomize
Kustomize patterns: directory structure, patches, components, secret management, generators, and patch types for environment management.
tools
k8s-helm
Helm chart patterns: chart structure, values templates, multi-environment configuration, dependencies, testing, GitOps integration, and Helmfile.
testing
feature-flags
Feature flags patterns: toggle types, lifecycle management, evaluation strategies, progressive delivery, cleanup policies, and hexagonal architecture integration.
development
iac-terraform
Terraform patterns: module structure, remote state, naming conventions, CI/CD workflows, drift detection, and common infrastructure modules.
testing
container-registry
Container registry patterns: tagging strategy, immutability, retention policies, vulnerability scanning, multi-arch builds, and CI/CD integration.
development
data-modeling
Cross-cutting data modeling patterns: schema design (soft delete, temporal tables, audit trails, multi-tenant, SCD), concurrency, and test data management.
testing
iac-crossplane
Crossplane patterns: CompositeResourceDefinitions, Compositions, Claims, Provider configuration, and comparison with Terraform.
devops
data-management
Data management lifecycle patterns: zero-downtime migrations, expand/contract pattern, schema versioning, data governance, backup/restore strategies, partitioning, CDC, and data quality validation for {{DATABASE_TYPE}} with {{MIGRATION_TOOL}}.
tools
x-internal-epic-branch-ensure
Single source of truth for the `epic/<ID>` branch convention (RULE-001). Invoked by every epic entry-point (x-epic-create, x-epic-decompose, x-epic-orchestrate, x-epic-implement, x-epic-map) at step 0; ensures the branch exists idempotently both locally and on origin. When the branch is absent, delegates creation to `x-git-branch`; when present locally but not on origin, emits a complementary `git push`. Seventh skill in the x-internal-* convention and the first under internal/git/ (after x-internal-status-update / x-internal-report-write / x-internal-args-normalize at internal/ops/ and x-internal-story-load-context / x-internal-story-build-plan / x-internal-story-verify at internal/plan/).
development
x-git-merge
Merges a source branch into a target branch locally with configurable strategy (merge/squash/rebase), automatic conflict detection + rollback, and idempotent no-op when target already contains source HEAD. Centralizes the ~120 lines of inline Bash previously in x-epic-implement Phase 1.4e auto-rebase.
data-ai
x-parallel-eval
Detects and classifies file-collision risks between work units (tasks, stories, or epic phases) before parallel execution. Reads ## File Footprint blocks produced by x-task-plan / x-story-plan, applies the parallelism-heuristics knowledge pack (hard / regen / soft categories + hotspot overrides), and emits a collision matrix + serialization recommendation in Markdown (default) or JSON.
development
architecture
Full architecture reference: {{ARCHITECTURE}} principles, package structure, dependency rules, thread-safety, mapper patterns, persistence rules, and architecture variants. Read before designing or implementing features.
testing
x-test-e2e
Runs integration tests that validate the complete flow from request through all application layers to response, using a real database.
testing
x-internal-validate-rnf
Validate RNF no-relax markers and justification gate for override inheritance
testing
x-internal-validate-rnf
Validate RNF no-relax markers and justification gate for override inheritance
testing
x-parallel-eval
Detects and classifies file-collision risks between work units (tasks, stories, or epic phases) before parallel execution. Reads ## File Footprint blocks produced by x-task-plan / x-story-plan, applies the parallelism-heuristics knowledge pack (hard / regen / soft categories + hotspot overrides), and emits a collision matrix + serialization recommendation in Markdown (default) or JSON.
development
x-epic-implement
Thin orchestrator (~460 lines — story-0049-0018 refactor) that drives an epic end-to-end via 6 delegated phases: Phase 0 (args via x-internal-args-normalize), Phase 1 (load+plan via x-internal-epic-build-plan), Phase 2 (epic branch via x-internal-epic-branch-ensure), Phase 3 (sequential-by-default story loop via x-story-implement), Phase 4 (integrity gate + report via x-internal-epic-integrity-gate + x-internal-report-write), Phase 5 (final PR epic/XXXX → develop via x-git-merge + x-pr-create). Defaults flipped by EPIC-0049: sequential execution (opt-in parallel via --parallel), auto-merge of story PRs into epic/XXXX (target changed from develop). Legacy EPIC-0042 behavior preserved under --legacy-flow (auto-detected via execution-state.json flowVersion=1). Zero inline git/gh/jq/mvn calls — orchestrator uses only Read/Glob + Skill.
development
x-internal-args-normalize
Parses an argv string against a declarative JSON schema with typed flags (boolean, string, integer, enum), defaults, mutually-exclusive groups, and deprecation warnings, then emits a normalized `{parsed, warnings, errors}` envelope on stdout. Replaces ~150 lines of inline argv parsing inlined inside `x-epic-implement`, `x-story-implement`, and `x-epic-orchestrate`, giving every orchestrator identical flag-validation syntax and error messages. Third skill in the x-internal-* convention (after x-internal-status-update pilot and x-internal-report-write): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-story-load-context
Loads a story file, validates predecessor dependencies against execution-state.json, executes artifact pre-checks (mtime-based staleness detection across the 7 planning artifacts), classifies scope (SIMPLE / STANDARD / COMPLEX) from task-count + Gherkin-scenario heuristics, and detects planning mode (PRE_PLANNED / HYBRID / INLINE). Replaces ~140 lines of inline Phase 0 logic previously duplicated inside x-story-implement. Fourth skill in the x-internal-* convention (after x-internal-status-update pilot, x-internal-report-write, and x-internal-args-normalize): internal visibility, non-user-invocable, read-only, subdir scoping under internal/plan/.
testing
database-patterns
Database conventions for {{DB_TYPE}} + {{CACHE_TYPE}}: schema design, migrations, indexing, query optimization, caching patterns, and connection pool management.
data-ai
x-task-plan
Generates a detailed per-task implementation plan (plan-task-TASK-XXXX-YYYY-NNN.md) with TDD cycles in TPP order, file impact analysis by architecture layer, security checklist by task type, and exit criteria. Two invocation modes: task-file-first (--task-file) consumes a standalone task-TASK-XXXX-YYYY-NNN.md contract (EPIC-0038); story-scoped (STORY-ID --task TASK-ID) reads the task from story Section 8 (legacy). Invocable standalone OR via x-story-plan (future).
testing
finops
FinOps practices: resource rightsizing, cost allocation, spot instances, reserved capacity, cost alerting, and cloud-specific cost optimization tools
tools
dockerfile
Dockerfile patterns: multi-stage builds, security hardening, .dockerignore templates, layer optimization, health checks, and OCI labels per language.
development
k8s-deployment
Kubernetes deployment patterns: workload types, pod specifications, resource sizing, probes, autoscaling, network policies, and security contexts.
testing
release-management
Release management practices: semantic versioning, version lifecycle (alpha/beta/RC/GA/LTS/EOL), release branching strategies, artifact registry management, release signing and attestation, hotfix process, rollback procedures, and release communication.
testing
protocols
Protocol conventions: REST (OpenAPI 3.1), gRPC (Proto3), GraphQL, WebSocket, and event-driven messaging. URL structure, versioning, error handling per protocol, schema design, and integration patterns.
development
performance-engineering
Performance engineering patterns: profiling, benchmarking, optimization, regression detection, and memory management for {{LANGUAGE}} {{FRAMEWORK}} projects using {{BUILD_TOOL}}.
tools
spring-patterns
Spring Boot patterns: DI, @ConfigurationProperties, Spring Data JPA, @RestController, @ControllerAdvice, Spring AOT, and health checks.
testing
data-modeling
Cross-cutting data modeling patterns: schema design (soft delete, temporal tables, audit trails, multi-tenant, SCD), concurrency, and test data management.
testing
x-planning-commit
Batch-commits planning artifacts under plans/** (or whitelisted template paths) without triggering the code pre-commit chain (format/lint/compile). Sibling of x-git-commit for docs/markdown/json generated by planning skills.
development
x-task-implement
Implements a feature/story/task using TDD (Red-Green-Refactor) workflow. Schema-aware: v1 (legacy) runs the original Double-Loop TDD flow with story-section task extraction; v2 (task-first, EPIC-0038) reads task-TASK-XXXX-YYYY-NNN.md + plan-task-TASK-XXXX-YYYY-NNN.md, honours declared I/O contracts, respects task-implementation-map dependencies, verifies post-conditions via grep/assert, and produces a single atomic commit per task via x-git-commit.
development
x-internal-epic-branch-ensure
Single source of truth for the `epic/<ID>` branch convention (RULE-001). Invoked by every epic entry-point (x-epic-create, x-epic-decompose, x-epic-orchestrate, x-epic-implement, x-epic-map) at step 0; ensures the branch exists idempotently both locally and on origin. When the branch is absent, delegates creation to `x-git-branch`; when present locally but not on origin, emits a complementary `git push`. Seventh skill in the x-internal-* convention and the first under internal/git/ (after x-internal-status-update / x-internal-report-write / x-internal-args-normalize at internal/ops/ and x-internal-story-load-context / x-internal-story-build-plan / x-internal-story-verify at internal/plan/).
development
x-status-reconcile
Reconciles execution-state.json (telemetry) against the **Status:** field of Epic / Story markdown artifacts. Default mode (diagnose) is read-only and prints a divergence table. Opt-in --apply rewrites the markdowns atomically via StatusFieldParser and commits via x-git-commit. Respects Rule 19 (legacy v1 epics skip silently) and Rule 22 (markdown is SoT; state.json is telemetry). Use for manual recovery of legacy epics whose markdown status drifted from execution checkpoints.
testing
x-orchestrate-epic
Orchestrates multi-agent planning for all stories in an epic, respecting dependency order, with checkpoint and resume support.
testing
x-internal-load-story-context
Loads a story file, validates predecessor dependencies against execution-state.json, executes artifact pre-checks (mtime-based staleness detection across the 7 planning artifacts), classifies scope (SIMPLE / STANDARD / COMPLEX) from task-count + Gherkin-scenario heuristics, and detects planning mode (PRE_PLANNED / HYBRID / INLINE). Replaces ~140 lines of inline Phase 0 logic previously duplicated inside x-implement-story. Fourth skill in the x-internal-* convention (after x-internal-update-status pilot, x-internal-write-report, and x-internal-normalize-args): internal visibility, non-user-invocable, read-only, subdir scoping under internal/plan/.
testing
x-setup-stack
Sets up local dev: container orchestrator, database, and build tools.
tools
picocli-command
Generates a Picocli @Command with subcommands, options, converters, and unit tests.
tools
x-format-code
Formats source code using the appropriate formatter for {{LANGUAGE}}. First step of the pre-commit chain (format -> lint -> compile -> commit). Supports --check (dry-run) and --changed-only modes.
development
x-instrument-observability
Adds or reviews distributed tracing, metrics, and structured logging using OpenTelemetry SDK with OTLP export.
development
x-review-api
Validates REST API endpoints for RFC 7807 error responses, pagination, URL versioning, OpenAPI documentation, status codes, and DTO patterns.
development
x-review-data-modeling
Data modeling specialist review: validates entity design, aggregate boundaries, value objects, repository patterns, domain event persistence, and DDD tactical patterns.
testing
x-review-database
Database specialist review: validates schema design, migration safety, query optimization, connection management, transaction boundaries, and data integrity patterns.
testing
x-review-devops
DevOps specialist review: validates Dockerfile, container security, CI/CD pipeline, resource limits, health probes, graceful shutdown, and deployment configuration.
development
x-review-security
Reviews code changes for compliance with selected security frameworks. Verifies sensitive data handling, audit trails, and access control patterns.
development
x-review-events
Validates event schemas, producer/consumer patterns, error handling, dead letter topics, and operational readiness for event-driven architectures.
testing
x-review-graphql
Validates GraphQL schema design, resolver implementation, security patterns, and observability for compliance with best practices.
testing
x-run-pentest
Multi-phase penetration test orchestrator: reconnaissance, vulnerability scanning, exploitation validation, and consolidated reporting with environment-based restrictions.
testing
x-run-sast
Static Application Security Testing -- scans source code for security vulnerabilities without executing the application. Produces SARIF output with OWASP mapping.
development
x-review-compliance
PCI-DSS compliance review with 25-point checklist for code changes involving payment card data. Produces per-point PASS/FAIL report with remediation.
development
x-review-devops
DevOps specialist review: validates Dockerfile, container security, CI/CD pipeline, resource limits, health probes, graceful shutdown, and deployment configuration.
development
x-scan-secrets
Scans code and git history for leaked credentials, API keys, tokens, and secrets. Produces SARIF output with scoring and baseline support.
development
x-execute-e2e-tests
Runs integration tests that validate the complete flow from request through all application layers to response, using a real database.
testing
x-execute-api-smoke-tests
Runs automated smoke tests against the REST API using Newman/Postman. Supports local, container-orchestrated, and staging environments.
development
x-execute-mutation-tests
Stack-aware mutation testing skill: detects language/framework, dispatches to PIT (Java/Maven or Gradle), Stryker (JS/TS), mutmut (Python), or go-mutesting (Go), enforces quality.mutation.threshold (default 80%) and runtime-cap-min, and blocks merge on score below threshold.
development
x-internal-ensure-epic-branch
Single source of truth for the `epic/<ID>` branch convention (RULE-001). Invoked by every epic entry-point (x-epic-create, x-epic-decompose, x-orchestrate-epic, x-implement-epic, x-epic-map) at step 0; ensures the branch exists idempotently both locally and on origin. When the branch is absent, delegates creation to `x-create-git-branch`; when present locally but not on origin, emits a complementary `git push`. Seventh skill in the x-internal-* convention and the first under internal/git/ (after x-internal-update-status / x-internal-write-report / x-internal-normalize-args at internal/ops/ and x-internal-load-story-context / x-internal-build-story-plan / x-internal-verify-story at internal/plan/).
development
x-execute-socket-smoke-tests
Runs automated smoke tests against the TCP socket server using a standalone Java client with message framing and protocol validation.
tools
x-lint-contract-tests
Validates API contracts (OpenAPI 3.1, AsyncAPI 2.6, Protobuf 3) against their specifications. Reports structural errors, missing fields, and spec violations.
development
x-merge-branches
Merges a source branch into a target branch locally with configurable strategy (merge/squash/rebase), automatic conflict detection + rollback, and idempotent no-op when target already contains source HEAD. Centralizes the ~120 lines of inline Bash previously in x-implement-epic Phase 1.4e auto-rebase.
data-ai
x-lint-code
Analyzes source code with the appropriate linter for {{LANGUAGE}}. Second step in the pre-commit chain (RULE-007: format -> lint -> compile -> commit). Supports --fix, --changed-only, and --strict modes.
development
x-create-feature
Create a complete feature (Epic + N Stories + Implementation Map) from a spec file, with a worktree-isolated docs/ branch, consolidated commit, and auto-merged PR into epic/XXXX.
documentation
micronaut-scaffold
Scaffold a Micronaut service with @Controller, @Singleton DI, health indicators, compile-time DI, Dockerfile, and integration tests.
development
picocli-command
Generate a Picocli @Command with subcommands, @Option/@Parameters, type converters, exit code constants, and unit tests.
tools
x-detect-spec-drift
Detects spec-code drift by comparing story data contracts, endpoints, and Gherkin scenarios against implemented code. Supports standalone mode (full report) and inline mode (compact output for TDD loop integration in x-implement-story Phase 2).
development
x-generate-ci
Generate or update CI/CD pipelines based on project stack: detect language, analyze existing workflows, generate CI/CD/release/security pipelines, validate with actionlint, support monorepo triggers.
development
x-recommend-mcp
Analyzes project tech stack and recommends relevant MCP (Model Context Protocol) servers. Auto-detects language, framework, database, cache, and message broker from project config, then matches against a built-in catalog of MCP servers with installation instructions.
tools
x-setup-env
Validate and configure local development environment: detect stack, check prerequisites, verify versions, validate IDE config, test database connectivity, run initial build, and report status with fix suggestions.
development
x-internal-verify-phase-gates
Validates phase transitions for orchestrators under Rule 25. Four modes: --mode pre (assert predecessor phases completed before entering phase N), --mode post (assert all child tasks of phase N are completed AND all expected artifacts exist on disk), --mode wave (post-Batch-B verification of parallel wave completeness: N child TaskUpdate completed + N artifacts exist), --mode final (terminal gate composing with x-internal-verify-epic-integrity). Reads execution-state.json.taskTracking.phaseGateResults and TaskList task state; writes back the gate result. Emits a single-line JSON envelope {passed, mode, skill, phase, expectedTasks, completedTasks, missingTasks, expectedArtifacts, missingArtifacts, wallclockMs, timestamp}. Exit 0 on passed, 12 on failure, 13 on malformed args, 14 on task-resolution timeout. First skill in the x-internal-* convention authored by EPIC-0055; eighth overall (after status-update, report-write, args-normalize, story-load-context, story-build-plan, story-verify, story-resume, epic-build-plan, epic-integrity-gate, epic-branch-ensure, story-report) and the eighth under internal/plan/.
development
x-create-git-branch
Creates a bare git branch (no worktree) from a configurable base with naming validation and idempotency. Single source of truth for branch creation logic consumed by orchestrators (x-internal-ensure-epic-branch, x-implement-story) and users.
tools
x-push-branch
Git operations: branch creation, atomic commits (Conventional Commits), push, and PR creation. Use for any git workflow task including branching, committing, pushing, creating PRs, or managing version control.
tools
x-internal-precheck-worktree
Classifies the git working tree state (CLEAN/DIRTY/DIVERGENT/AMBIGUOUS) and returns a stable exit code. Invoked by orchestrators before starting story/task execution to detect dirty or divergent states early. Exit 0 = CLEAN or DIRTY; exit 15 (WORKTREE_AMBIGUOUS) = DIVERGENT or AMBIGUOUS (unless --allow-dirty).
development
x-internal-normalize-args
Parses an argv string against a declarative JSON schema with typed flags (boolean, string, integer, enum), defaults, mutually-exclusive groups, and deprecation warnings, then emits a normalized `{parsed, warnings, errors}` envelope on stdout. Replaces ~150 lines of inline argv parsing inlined inside `x-implement-epic`, `x-implement-story`, and `x-orchestrate-epic`, giving every orchestrator identical flag-validation syntax and error messages. Third skill in the x-internal-* convention (after x-internal-update-status pilot and x-internal-write-report): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-write-report
Renders _TEMPLATE-*.md templates by substituting {{KEY}} placeholders (simple and nested, dot-path) and resolving {{#each}} loops against a structured JSON data payload, then writes the result atomically to an output path. Supports an --append mode with per-section deduplication keyed by `## ID: <value>` markers. Centralises phase reports, epic execution reports and planning reports so orchestrators (x-implement-epic, x-orchestrate-epic, x-implement-story) stop duplicating `Read template + inline Edit/Write` logic. Second skill in the x-internal-* convention (after x-internal-update-status pilot): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-build-epic-plan
Builds the canonical ExecutionPlan for an epic (Phase 0/0.5 carve-out of x-implement-epic): loads epic-XXXX.md, IMPLEMENTATION-MAP.md, and every story-*.md; constructs the inter-story dependency DAG; runs Kahn's algorithm with cycle detection; optionally computes a file-overlap matrix (mode=parallel) and the critical path; then renders ai/epics/epic-XXXX/epic-execution-plan.md via x-internal-write-report using the _TEMPLATE-EPIC-EXECUTION-PLAN.md template. Emits a stable JSON envelope on stdout for orchestrator consumption. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-load-story-context and x-internal-build-story-plan).
development
x-internal-create-epic
Generate an Epic document from spec analysis: cross-cutting rules, story index, DoR/DoD, optional Jira. Invoked only by x-create-feature (Phase 2). Not user-invocable.
documentation
x-internal-create-story
Generate Story files from Epic: data contracts, Gherkin, Mermaid diagrams, dependency declarations, sub-tasks, quality validation, optional Jira integration. Invoked only by x-create-feature (Phase 3).
testing
x-internal-write-story-report
Generates the final consolidated story-completion report by reading ai/epics/epic-XXXX/execution-state.json, collecting per-task status and commitSha, PR metadata (prNumber, prState), coverage delta, and review findings, then rendering the output via x-internal-write-report with _TEMPLATE-STORY-COMPLETION-REPORT.md to the caller-specified --output path. Eighth skill in the x-internal-* convention and the fifth under internal/plan/ (after x-internal-load-story-context, x-internal-build-story-plan, x-internal-verify-story, and x-internal-resume-story). Read-only against state; writes only to --output via x-internal-write-report.
development
x-migrate-frontmatter
Migrates artifact frontmatter from v2 to v3.0 (requires-capabilities) using path heuristics, keyword scan, and AI fallback
data-ai
x-internal-pr-body-render
Renders PR body Markdown from existing disk artifacts using one of two templates. --kind=implementation: reads review/verify/telemetry artifacts for a story and emits a structured implementation PR body. --kind=backlog: reads epic/map artifacts and emits a scaffolding PR body. Fail-open: absent artifacts produce human-readable placeholders, never audit-sentinel strings. Internal — invoked only by x-pr-create and x-feature-create.
testing
x-internal-render-pr-body
Renders PR body Markdown from existing disk artifacts using one of two templates. --kind=implementation: reads review/verify/telemetry artifacts for a story and emits a structured implementation PR body. --kind=backlog: reads epic/map artifacts and emits a scaffolding PR body. Fail-open: absent artifacts produce human-readable placeholders, never audit-sentinel strings. Internal — invoked only by x-create-pr and x-create-feature.
testing
x-create-jira-epic
Create a Jira Epic from an existing local epic markdown file. Read the epic file, map fields to Jira, create the issue via MCP, and sync the Jira key back to the local file.
tools
x-lib-decompose-task
Decomposes an implementation plan into tasks. Primary mode: derives tasks from test scenarios (x-plan-tests output) using TDD structure (RED/GREEN/REFACTOR). Fallback mode: uses Layer Task Catalog (G1-G7) when no test plan exists.
development
x-search-memory
Queries ai/memory/ for decisions, patterns, and anti-patterns across past epics
testing
x-create-jira-epic
Create a Jira Epic from an existing local epic markdown file. Read the epic file, map fields to Jira, create the issue via MCP, and sync the Jira key back to the local file.
tools
x-release
Orchestrates complete release flow using Git Flow release branches with approval gate, PR-flow (gh CLI) and deep validation: version bump (auto-detect or explicit), release branch creation from develop, deep validation (coverage, golden files, version consistency), version file updates, changelog generation, release commit, release PR via gh (optionally reviewed by x-review-pr), human approval gate with persistent state file, tag on main after merged PR, back-merge PR to develop with conflict detection, and cleanup. Supports hotfix releases from main, dry-run mode, resume via --continue-after-merge, in-session pause via --interactive, GPG-signed tags, skip-review opt-out, and custom state file path.
tools
x-generate-adr
Automates ADR generation from architecture plan mini-ADRs: extracts inline decisions, expands to full ADR format, assigns sequential numbering, updates the ADR index, and adds cross-references.
development
x-feature-create
Create a complete feature (Epic + N Stories + Implementation Map) from a spec file, with a worktree-isolated docs/ branch, consolidated commit, and auto-merged PR into epic/XXXX.
documentation
x-model-threats
Generate threat models using STRIDE analysis: identify components, map data flows, analyze threats per category, classify severity, suggest mitigations, and produce threat model document.
development
x-plan-architecture
Generates a comprehensive architecture plan with component diagrams, sequence diagrams, deployment topology, mini-ADRs, NFRs, and resilience/observability strategies. Use before implementation to document design decisions.
testing
x-setup-stack
Sets up local dev: container orchestrator, database, and build tools.
tools
x-instrument-observability
Adds or reviews distributed tracing, metrics, and structured logging using OpenTelemetry SDK with OTLP export.
development
x-review-database
Database specialist review: validates schema design, migration safety, query optimization, connection management, transaction boundaries, and data integrity patterns.
testing
x-review-observability
Observability specialist review: validates distributed tracing, metrics naming, structured logging, health checks, correlation IDs, and alerting configuration.
testing
x-review-gateway
Reviews API gateway configuration for routing rules, authentication, rate limiting, CORS, security headers, TLS, and observability integration.
development
x-review-graphql
Validates GraphQL schema design, resolver implementation, security patterns, and observability for compliance with best practices.
testing
x-run-dast
Dynamic Application Security Testing -- tests the running application for XSS, injection, misconfiguration, and information disclosure using OWASP ZAP or Nuclei.
development
x-run-pentest
Multi-phase penetration test orchestrator: reconnaissance, vulnerability scanning, exploitation validation, and consolidated reporting with environment-based restrictions.
testing
x-run-sast
Static Application Security Testing -- scans source code for security vulnerabilities without executing the application. Produces SARIF output with OWASP mapping.
development
helidon-scaffold
Scaffold a Helidon SE or MP service with routing, health checks, config, Dockerfile, and integration tests.
testing
x-run-perf-tests
Runs performance tests to validate latency SLAs, throughput targets, and resource stability under load. Supports baseline, normal, peak, and sustained scenarios.
testing
micronaut-scaffold
Scaffold a Micronaut service with @Controller, @Singleton DI, health indicators, compile-time DI, Dockerfile, and integration tests.
development
x-generate-ci
Generate or update CI/CD pipelines based on project stack: detect language, analyze existing workflows, generate CI/CD/release/security pipelines, validate with actionlint, support monorepo triggers.
development
x-setup-env
Validate and configure local development environment: detect stack, check prerequisites, verify versions, validate IDE config, test database connectivity, run initial build, and report status with fix suggestions.
development
x-create-git-branch
Creates a bare git branch (no worktree) from a configurable base with naming validation and idempotency. Single source of truth for branch creation logic consumed by orchestrators (x-internal-ensure-epic-branch, x-implement-story) and users.
tools
x-merge-branches
Merges a source branch into a target branch locally with configurable strategy (merge/squash/rebase), automatic conflict detection + rollback, and idempotent no-op when target already contains source HEAD. Centralizes the ~120 lines of inline Bash previously in x-implement-epic Phase 1.4e auto-rebase.
data-ai
x-internal-precheck-worktree
Classifies the git working tree state (CLEAN/DIRTY/DIVERGENT/AMBIGUOUS) and returns a stable exit code. Invoked by orchestrators before starting story/task execution to detect dirty or divergent states early. Exit 0 = CLEAN or DIRTY; exit 15 (WORKTREE_AMBIGUOUS) = DIVERGENT or AMBIGUOUS (unless --allow-dirty).
development
x-internal-ensure-epic-branch
Single source of truth for the `epic/<ID>` branch convention (RULE-001). Invoked by every epic entry-point (x-epic-create, x-epic-decompose, x-orchestrate-epic, x-implement-epic, x-epic-map) at step 0; ensures the branch exists idempotently both locally and on origin. When the branch is absent, delegates creation to `x-create-git-branch`; when present locally but not on origin, emits a complementary `git push`. Seventh skill in the x-internal-* convention and the first under internal/git/ (after x-internal-update-status / x-internal-write-report / x-internal-normalize-args at internal/ops/ and x-internal-load-story-context / x-internal-build-story-plan / x-internal-verify-story at internal/plan/).
development
x-internal-load-story-context
Loads a story file, validates predecessor dependencies against execution-state.json, executes artifact pre-checks (mtime-based staleness detection across the 7 planning artifacts), classifies scope (SIMPLE / STANDARD / COMPLEX) from task-count + Gherkin-scenario heuristics, and detects planning mode (PRE_PLANNED / HYBRID / INLINE). Replaces ~140 lines of inline Phase 0 logic previously duplicated inside x-implement-story. Fourth skill in the x-internal-* convention (after x-internal-update-status pilot, x-internal-write-report, and x-internal-normalize-args): internal visibility, non-user-invocable, read-only, subdir scoping under internal/plan/.
testing
x-internal-render-pr-body
Renders PR body Markdown from existing disk artifacts using one of two templates. --kind=implementation: reads review/verify/telemetry artifacts for a story and emits a structured implementation PR body. --kind=backlog: reads epic/map artifacts and emits a scaffolding PR body. Fail-open: absent artifacts produce human-readable placeholders, never audit-sentinel strings. Internal — invoked only by x-create-pr and x-create-feature.
testing
x-search-memory
Queries ai/memory/ for decisions, patterns, and anti-patterns across past epics
testing
x-create-feature
Create a complete feature (Epic + N Stories + Implementation Map) from a spec file, with a worktree-isolated docs/ branch, consolidated commit, and auto-merged PR into epic/XXXX.
documentation
x-evaluate-parallelism
Detects and classifies file-collision risks between work units (tasks, stories, or epic phases) before parallel execution. Reads ## File Footprint blocks produced by x-plan-task / x-plan-story, applies the parallelism-heuristics knowledge pack (hard / regen / soft categories + hotspot overrides), and emits a collision matrix + serialization recommendation in Markdown (default) or JSON.
development
x-feature-create
Create a complete feature (Epic + N Stories + Implementation Map) from a spec file, with a worktree-isolated docs/ branch, consolidated commit, and auto-merged PR into epic/XXXX.
documentation
x-generate-adr
Automates ADR generation from architecture plan mini-ADRs: extracts inline decisions, expands to full ADR format, assigns sequential numbering, updates the ADR index, and adds cross-references.
development
x-orchestrate-epic
Orchestrates multi-agent planning for all stories in an epic, respecting dependency order, with checkpoint and resume support.
testing
x-plan-task
Generates a detailed per-task implementation plan (plan-task-TASK-XXXX-YYYY-NNN.md) with TDD cycles in TPP order, file impact analysis by architecture layer, security checklist by task type, and exit criteria. Two invocation modes: task-file-first (--task-file) consumes a standalone task-TASK-XXXX-YYYY-NNN.md contract (EPIC-0038); story-scoped (STORY-ID --task TASK-ID) reads the task from story Section 8 (legacy). Invocable standalone OR via x-plan-story (future).
testing
x-update-architecture
Incrementally updates the service architecture document with changes from architecture plans. Adds new components, integrations, flows, and ADR references without rewriting existing content. Use after implementation to keep architecture documentation current.
documentation
x-review-grpc
Validates gRPC service definitions, proto3 conventions, implementation patterns, and operational readiness.
testing
x-review-observability
Observability specialist review: validates distributed tracing, metrics naming, structured logging, health checks, correlation IDs, and alerting configuration.
testing
x-review-gateway
Reviews API gateway configuration for routing rules, authentication, rate limiting, CORS, security headers, TLS, and observability integration.
development
x-run-dast
Dynamic Application Security Testing -- tests the running application for XSS, injection, misconfiguration, and information disclosure using OWASP ZAP or Nuclei.
development
x-validate-dependency-policy
Validates project dependencies against the declared dependency policy (denied CVEs, license whitelist, version constraints, freshness window, scope policy). Produces a structured validation report and exits with BLOCK or WARN based on D-R10/D-R11 enforcement matrix.
testing
x-assess-infrastructure-security
Scans Kubernetes manifests, Terraform modules, Helm charts, and Docker Compose files for misconfigurations against CIS benchmarks.
testing
x-execute-shell-regression-tests
Regression-shell gate: reads QualityConfig.regression, runs curated scenario scripts against the target (self mode: generator output; service mode: client services), compares against baseline, and blocks merge on unexpected diffs.
tools
x-review-compliance
PCI-DSS compliance review with 25-point checklist for code changes involving payment card data. Produces per-point PASS/FAIL report with remediation.
development
x-internal-summarize-epic
Generates ai/memory/epic-XXXX-summary.md from a completed epic's artifacts using structured header parsing
data-ai
x-scan-container-security
Scans Docker images for CVEs and Dockerfile best practices violations. Uses Trivy, Grype, or Snyk Container. Produces SARIF output with scoring.
testing
x-execute-contract-tests
Stack-aware contract breaking-change detection: openapi-diff (REST), buf breaking (gRPC/proto3), Spring Cloud Contract (Java/Spring), schema registry compat (events). Pact opt-in via quality.contract.pact=true.
development
x-execute-performance-tests
Stack-aware performance skill: reads QualityConfig.performance SLOs, dispatches to Newman (REST), ghz (gRPC), hyperfine (CLI), Artillery (GraphQL), or custom harness (Socket), compares against governance/baselines/performance-baseline.json, and blocks merge on regression > tolerance.
tools
x-run-perf-tests
Runs performance tests to validate latency SLAs, throughput targets, and resource stability under load. Supports baseline, normal, peak, and sustained scenarios.
testing
x-run-sonar-security
Integrates with SonarQube/SonarCloud for security hotspot tracking, quality gate enforcement, and SARIF output from findings.
testing
quarkus-resource
Generate a Quarkus RESTEasy Reactive @Path resource with DTOs, @RegisterForReflection, ExceptionMapper, and @QuarkusTest unit tests.
development
spring-controller
Generate a Spring Boot @RestController with matching DTOs, mappers, @ControllerAdvice handler, and unit tests following hexagonal architecture.
development
helidon-scaffold
Scaffold a Helidon SE or MP service with routing, health checks, config, Dockerfile, and integration tests.
testing
x-implement-story
Thin orchestrator (~320 lines — story-0049-0019 refactor) that drives a story end-to-end via 4 delegated phases: Phase 0 (args via x-internal-normalize-args + context via x-internal-load-story-context + resume via x-internal-resume-story), Phase 1 (parallel planning via x-internal-build-story-plan), Phase 2 (task execution loop via x-implement-task per task, then final story PR via x-create-pr), Phase 3 (verify via x-internal-verify-story + report via x-internal-write-story-report + optional worktree cleanup via x-manage-worktrees). New EPIC-0049 flags --target-branch / --auto-merge / --epic-id propagate OO-style to x-implement-task and x-create-pr. Backward compatible: absent flags preserve legacy EPIC-0048 behavior (target=develop, auto-merge=none).
development
x-commit-changes
Creates Conventional Commits with Task ID in scope and pre-commit chain (format -> lint -> compile). Central commit point in the task-centric workflow with TDD tag support.
development
x-implement-epic
Thin orchestrator (~460 lines — story-0049-0018 refactor) that drives an epic end-to-end via 6 delegated phases: Phase 0 (args via x-internal-normalize-args), Phase 1 (load+plan via x-internal-build-epic-plan), Phase 2 (epic branch via x-internal-ensure-epic-branch), Phase 3 (sequential-by-default story loop via x-implement-story), Phase 4 (integrity gate + report via x-internal-verify-epic-integrity + x-internal-write-report), Phase 5 (final PR epic/XXXX → develop via x-merge-branches + x-create-pr). Defaults flipped by EPIC-0049: sequential execution (opt-in parallel via --parallel), auto-merge of story PRs into epic/XXXX (target changed from develop). Legacy EPIC-0042 behavior preserved under --legacy-flow (auto-detected via execution-state.json flowVersion=1). Zero inline git/gh/jq/mvn calls — orchestrator uses only Read/Glob + Skill.
development
x-manage-worktrees
Manages git worktrees for parallel task and story execution. Operations: create, list, remove, cleanup, detect-context. Follows Rule 14 (Worktree Lifecycle) naming convention under .claude/worktrees/{identifier}/.
tools
x-implement-task
Implements a feature/story/task using TDD (Red-Green-Refactor) workflow. Schema-aware: v1 (legacy) runs the original Double-Loop TDD flow with story-section task extraction; v2 (task-first, EPIC-0038) reads task-TASK-XXXX-YYYY-NNN.md + plan-task-TASK-XXXX-YYYY-NNN.md, honours declared I/O contracts, respects task-implementation-map dependencies, verifies post-conditions via grep/assert, and produces a single atomic commit per task via x-commit-changes.
development
x-internal-update-status
Atomic read-modify-write of execution-state.json with flock-based concurrency, schema validation, and idempotency detection. Substitutes inline Edit-based mutations in orchestrator skills (x-implement-epic, x-implement-story, x-fix-epic-pr) that previously suffered race conditions in --parallel mode. PILOT skill for the x-internal-* convention: internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-map-epic
Generate Implementation Map from Epic and Stories: dependency matrix, phase computation, critical path, ASCII diagrams, Mermaid graphs, strategic observations. Invoked only by x-create-feature (Phase 4).
testing
x-cleanup-git-branches
Cleans local git state in one pass: fetches origin with prune, removes all non-main worktrees (any path), and deletes all local branches except main/master/develop. Destructive by default with an interactive y/N confirmation gate; supports --dry-run (preview) and --yes (non-interactive).
development
x-internal-verify-epic-integrity
Executes the epic-level verification gate end-to-end (Phase 1.7 / Phase 4 carve-out of x-implement-epic) on the epic/XXXX branch HEAD: checks out the branch, runs mvn clean test + jacoco:report, parses filtered coverage against epic-level thresholds (default line >=95, branch >=90), runs a declarative DoD checklist (presence of tests, tasks DONE, CHANGELOG entry, ADR references), and emits a single-line JSON envelope {passed, failures, coverageDelta, dodChecklist}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-load-story-context, x-internal-build-story-plan, and x-internal-verify-story). Isolates ~180 inline lines of integrity-gate logic from x-implement-epic.
development
x-internal-resume-story
Detects the resumable state of an in-flight story: reads ai/epics/epic-XXXX/execution-state.json via x-internal-update-status --read-only, identifies the first PENDING or IN_PROGRESS task (the resume point), catalogues DONE tasks with their commitSha, extracts the last committed SHA, and flags staleness when the story file's mtime is newer than any DONE task's completion timestamp. Emits a single-line JSON envelope {resumePoint, tasksCompleted, tasksPending, lastCommitSha, staleWarnings}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-load-story-context, x-internal-build-story-plan, x-internal-verify-story). Read-only by construction — never mutates state.
development
x-internal-build-story-plan
Orchestrates parallel story-planning (Phase 1 carve-out of x-implement-story): invokes x-plan-architecture (Step 1A) and then dispatches 5 sibling Agent subagents in ONE assistant message for implementation plan, test plan, task breakdown, security assessment, and compliance assessment (Steps 1B-1F). Applies the Rule 13 SUBAGENT-GENERAL pattern as the canonical parallel-planning gateway. Scope-aware: SIMPLE skips 1E/1F. Returns a consolidated envelope of artifact paths to the calling orchestrator. Fifth skill in the x-internal-* convention and the second under internal/plan/ (after x-internal-load-story-context).
development
x-generate-release-changelog
Changelog generator v2: hybrid format combining narrative Highlights block (derived from 'Entrega de Valor' of merged v2 epics) with Keep-a-Changelog sections (Added/Changed/Fixed/Breaking/Deprecated). Stack-aware via documentation.changelog.format config. Falls back gracefully when EPIC-0070 epics unavailable (D-R10).
development
x-lib-audit-rules
Audits compliance of all project rules AND knowledge packs against source code. Launches parallel subagents (one per rule/knowledge-pack) for scanning, then aggregates into a unified report with severity classification and story suggestions.
development
x-analyze-telemetry-trends
Detect cross-epic P95 regressions (>= threshold %) and rank top-10 slowest skills from the global telemetry index. Single-responsibility partner of /x-analyze-telemetry focused on trend detection, not point-in-time reporting. Use to answer 'is skill X getting slower over the last N epics?' with evidence.
business
x-lib-verify-group
Build gate verification between parallelism groups. Compiles code, classifies errors, decides retry vs escalate, extracts outputs for next group. Used between each implementation group in Phase 2.
development
x-reconcile-status
Reconciles execution-state.json (telemetry) against the **Status:** field of Epic / Story markdown artifacts. Default mode (diagnose) is read-only and prints a divergence table. Opt-in --apply rewrites the markdowns atomically via StatusFieldParser and commits via x-commit-changes. Respects Rule 19 (legacy v1 epics skip silently) and Rule 22 (markdown is SoT; state.json is telemetry). Use for manual recovery of legacy epics whose markdown status drifted from execution checkpoints.
testing
x-handle-incident
Guides incident response with severity-based checklists, communication templates, and postmortem triggers. Interactive guide for SEV1-SEV4 incidents covering classification, response coordination, and action item tracking.
testing
x-internal-verify-story
Executes the story-level verification gate (Phase 3 carve-out of x-implement-story): identifies files touched by the story via the task breakdown, runs the test suite scoped to those files, parses filtered coverage against the story-specific thresholds (default line >=95, branch >=90), performs cross-file consistency checks (constructor patterns, return-type uniformity per role), optionally runs the smoke suite, and validates every Section 7 Gherkin scenario has a matching acceptance test. Emits a single-line JSON envelope {passed, coverageDelta, failures, acCheckResults}. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-load-story-context and x-internal-build-story-plan).
development
x-validate-docs
Documentation freshness gate: validates 6 dimensions (readme, api-specs, grpc-proto, adr, skill-docs, system-architecture) against code changes in a PR. Stack-aware — only validates targets declared/auto-detected from ProjectConfig.documentation.targets. Returns exit non-zero on staleness; produces structured report.
development
planning-standards-kp
Fonte da verdade do modelo RA9 (Rule-Aligned 9-Section) para templates de planejamento Epic/Story/Task. Define as 9 seções fixas, granularidade por nível, micro-template Decision Rationale, e mapeamento rule ↔ seção.
testing
x-troubleshoot-operations
Diagnoses errors, stacktraces, build failures, and unexpected behavior. Systematic approach: reproduce, locate, understand, fix, verify. Use whenever something fails: compilation errors, test failures, runtime exceptions, coverage gaps, or performance issues.
development
x-create-jira-stories
Create Jira Stories from existing local story markdown files. Read all story files in an epic directory, map fields to Jira, create issues with parent epic link, create dependency links between stories, and sync Jira keys back to local files.
tools
x-profile-performance
Automated profiling: detect language/runtime, select appropriate profiler, execute session, generate flamegraph, identify hotspots, and suggest optimizations referencing the performance-engineering knowledge pack.
testing
x-evaluate-parallelism
Detects and classifies file-collision risks between work units (tasks, stories, or epic phases) before parallel execution. Reads ## File Footprint blocks produced by x-plan-task / x-plan-story, applies the parallelism-heuristics knowledge pack (hard / regen / soft categories + hotspot overrides), and emits a collision matrix + serialization recommendation in Markdown (default) or JSON.
development
x-analyze-telemetry
Analyze telemetry NDJSON for one or more epics and produce a Markdown report with skill/phase/tool aggregates, Mermaid Gantt timeline, and optional JSON/CSV exports. Use to answer 'which phase is the bottleneck?' and 'is skill X getting slower?' questions for operator visibility.
tools
x-review-api
Validates REST API endpoints for RFC 7807 error responses, pagination, URL versioning, OpenAPI documentation, status codes, and DTO patterns.
development
x-review-data-modeling
Data modeling specialist review: validates entity design, aggregate boundaries, value objects, repository patterns, domain event persistence, and DDD tactical patterns.
testing
x-review-events
Validates event schemas, producer/consumer patterns, error handling, dead letter topics, and operational readiness for event-driven architectures.
testing
x-review-grpc
Validates gRPC service definitions, proto3 conventions, implementation patterns, and operational readiness.
testing
x-review-security
Reviews code changes for compliance with selected security frameworks. Verifies sensitive data handling, audit trails, and access control patterns.
development
x-assess-infrastructure-security
Scans Kubernetes manifests, Terraform modules, Helm charts, and Docker Compose files for misconfigurations against CIS benchmarks.
testing
x-run-sonar-security
Integrates with SonarQube/SonarCloud for security hotspot tracking, quality gate enforcement, and SARIF output from findings.
testing
x-scan-container-security
Scans Docker images for CVEs and Dockerfile best practices violations. Uses Trivy, Grype, or Snyk Container. Produces SARIF output with scoring.
testing
x-scan-secrets
Scans code and git history for leaked credentials, API keys, tokens, and secrets. Produces SARIF output with scoring and baseline support.
development
x-validate-dependency-policy
Validates project dependencies against the declared dependency policy (denied CVEs, license whitelist, version constraints, freshness window, scope policy). Produces a structured validation report and exits with BLOCK or WARN based on D-R10/D-R11 enforcement matrix.
testing
x-execute-api-smoke-tests
Runs automated smoke tests against the REST API using Newman/Postman. Supports local, container-orchestrated, and staging environments.
development
x-execute-contract-tests
Stack-aware contract breaking-change detection: openapi-diff (REST), buf breaking (gRPC/proto3), Spring Cloud Contract (Java/Spring), schema registry compat (events). Pact opt-in via quality.contract.pact=true.
development
x-execute-e2e-tests
Runs integration tests that validate the complete flow from request through all application layers to response, using a real database.
testing
x-execute-mutation-tests
Stack-aware mutation testing skill: detects language/framework, dispatches to PIT (Java/Maven or Gradle), Stryker (JS/TS), mutmut (Python), or go-mutesting (Go), enforces quality.mutation.threshold (default 80%) and runtime-cap-min, and blocks merge on score below threshold.
development
x-execute-performance-tests
Stack-aware performance skill: reads QualityConfig.performance SLOs, dispatches to Newman (REST), ghz (gRPC), hyperfine (CLI), Artillery (GraphQL), or custom harness (Socket), compares against governance/baselines/performance-baseline.json, and blocks merge on regression > tolerance.
tools
x-execute-shell-regression-tests
Regression-shell gate: reads QualityConfig.regression, runs curated scenario scripts against the target (self mode: generator output; service mode: client services), compares against baseline, and blocks merge on unexpected diffs.
tools
x-lint-contract-tests
Validates API contracts (OpenAPI 3.1, AsyncAPI 2.6, Protobuf 3) against their specifications. Reports structural errors, missing fields, and spec violations.
development
x-format-code
Formats source code using the appropriate formatter for {{LANGUAGE}}. First step of the pre-commit chain (format -> lint -> compile -> commit). Supports --check (dry-run) and --changed-only modes.
development
x-lint-code
Analyzes source code with the appropriate linter for {{LANGUAGE}}. Second step in the pre-commit chain (RULE-007: format -> lint -> compile -> commit). Supports --fix, --changed-only, and --strict modes.
development
picocli-command
Generate a Picocli @Command with subcommands, @Option/@Parameters, type converters, exit code constants, and unit tests.
tools
quarkus-resource
Generate a Quarkus RESTEasy Reactive @Path resource with DTOs, @RegisterForReflection, ExceptionMapper, and @QuarkusTest unit tests.
development
spring-controller
Generate a Spring Boot @RestController with matching DTOs, mappers, @ControllerAdvice handler, and unit tests following hexagonal architecture.
development
x-detect-spec-drift
Detects spec-code drift by comparing story data contracts, endpoints, and Gherkin scenarios against implemented code. Supports standalone mode (full report) and inline mode (compact output for TDD loop integration in x-implement-story Phase 2).
development
x-implement-epic
Thin orchestrator (~460 lines — story-0049-0018 refactor) that drives an epic end-to-end via 6 delegated phases: Phase 0 (args via x-internal-normalize-args), Phase 1 (load+plan via x-internal-build-epic-plan), Phase 2 (epic branch via x-internal-ensure-epic-branch), Phase 3 (sequential-by-default story loop via x-implement-story), Phase 4 (integrity gate + report via x-internal-verify-epic-integrity + x-internal-write-report), Phase 5 (final PR epic/XXXX → develop via x-merge-branches + x-create-pr). Defaults flipped by EPIC-0049: sequential execution (opt-in parallel via --parallel), auto-merge of story PRs into epic/XXXX (target changed from develop). Legacy EPIC-0042 behavior preserved under --legacy-flow (auto-detected via execution-state.json flowVersion=1). Zero inline git/gh/jq/mvn calls — orchestrator uses only Read/Glob + Skill.
development
x-implement-story
Thin orchestrator (~320 lines — story-0049-0019 refactor) that drives a story end-to-end via 4 delegated phases: Phase 0 (args via x-internal-normalize-args + context via x-internal-load-story-context + resume via x-internal-resume-story), Phase 1 (parallel planning via x-internal-build-story-plan), Phase 2 (task execution loop via x-implement-task per task, then final story PR via x-create-pr), Phase 3 (verify via x-internal-verify-story + report via x-internal-write-story-report + optional worktree cleanup via x-manage-worktrees). New EPIC-0049 flags --target-branch / --auto-merge / --epic-id propagate OO-style to x-implement-task and x-create-pr. Backward compatible: absent flags preserve legacy EPIC-0048 behavior (target=develop, auto-merge=none).
development
x-implement-task
Implements a feature/story/task using TDD (Red-Green-Refactor) workflow. Schema-aware: v1 (legacy) runs the original Double-Loop TDD flow with story-section task extraction; v2 (task-first, EPIC-0038) reads task-TASK-XXXX-YYYY-NNN.md + plan-task-TASK-XXXX-YYYY-NNN.md, honours declared I/O contracts, respects task-implementation-map dependencies, verifies post-conditions via grep/assert, and produces a single atomic commit per task via x-commit-changes.
development
x-recommend-mcp
Analyzes project tech stack and recommends relevant MCP (Model Context Protocol) servers. Auto-detects language, framework, database, cache, and message broker from project config, then matches against a built-in catalog of MCP servers with installation instructions.
tools
x-cleanup-git-branches
Cleans local git state in one pass: fetches origin with prune, removes all non-main worktrees (any path), and deletes all local branches except main/master/develop. Destructive by default with an interactive y/N confirmation gate; supports --dry-run (preview) and --yes (non-interactive).
development
x-commit-changes
Creates Conventional Commits with Task ID in scope and pre-commit chain (format -> lint -> compile). Central commit point in the task-centric workflow with TDD tag support.
development
x-manage-worktrees
Manages git worktrees for parallel task and story execution. Operations: create, list, remove, cleanup, detect-context. Follows Rule 14 (Worktree Lifecycle) naming convention under .claude/worktrees/{identifier}/.
tools
x-push-branch
Git operations: branch creation, atomic commits (Conventional Commits), push, and PR creation. Use for any git workflow task including branching, committing, pushing, creating PRs, or managing version control.
tools
x-internal-summarize-epic
Generates ai/memory/epic-XXXX-summary.md from a completed epic's artifacts using structured header parsing
data-ai
x-internal-normalize-args
Parses an argv string against a declarative JSON schema with typed flags (boolean, string, integer, enum), defaults, mutually-exclusive groups, and deprecation warnings, then emits a normalized `{parsed, warnings, errors}` envelope on stdout. Replaces ~150 lines of inline argv parsing inlined inside `x-implement-epic`, `x-implement-story`, and `x-orchestrate-epic`, giving every orchestrator identical flag-validation syntax and error messages. Third skill in the x-internal-* convention (after x-internal-update-status pilot and x-internal-write-report): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-update-status
Atomic read-modify-write of execution-state.json with flock-based concurrency, schema validation, and idempotency detection. Substitutes inline Edit-based mutations in orchestrator skills (x-implement-epic, x-implement-story, x-fix-epic-pr) that previously suffered race conditions in --parallel mode. PILOT skill for the x-internal-* convention: internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-write-report
Renders _TEMPLATE-*.md templates by substituting {{KEY}} placeholders (simple and nested, dot-path) and resolving {{#each}} loops against a structured JSON data payload, then writes the result atomically to an output path. Supports an --append mode with per-section deduplication keyed by `## ID: <value>` markers. Centralises phase reports, epic execution reports and planning reports so orchestrators (x-implement-epic, x-orchestrate-epic, x-implement-story) stop duplicating `Read template + inline Edit/Write` logic. Second skill in the x-internal-* convention (after x-internal-update-status pilot): internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-build-epic-plan
Builds the canonical ExecutionPlan for an epic (Phase 0/0.5 carve-out of x-implement-epic): loads epic-XXXX.md, IMPLEMENTATION-MAP.md, and every story-*.md; constructs the inter-story dependency DAG; runs Kahn's algorithm with cycle detection; optionally computes a file-overlap matrix (mode=parallel) and the critical path; then renders ai/epics/epic-XXXX/epic-execution-plan.md via x-internal-write-report using the _TEMPLATE-EPIC-EXECUTION-PLAN.md template. Emits a stable JSON envelope on stdout for orchestrator consumption. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-load-story-context and x-internal-build-story-plan).
development
x-internal-build-story-plan
Orchestrates parallel story-planning (Phase 1 carve-out of x-implement-story): invokes x-plan-architecture (Step 1A) and then dispatches 5 sibling Agent subagents in ONE assistant message for implementation plan, test plan, task breakdown, security assessment, and compliance assessment (Steps 1B-1F). Applies the Rule 13 SUBAGENT-GENERAL pattern as the canonical parallel-planning gateway. Scope-aware: SIMPLE skips 1E/1F. Returns a consolidated envelope of artifact paths to the calling orchestrator. Fifth skill in the x-internal-* convention and the second under internal/plan/ (after x-internal-load-story-context).
development
x-internal-create-epic
Generate an Epic document from spec analysis: cross-cutting rules, story index, DoR/DoD, optional Jira. Invoked only by x-create-feature (Phase 2). Not user-invocable.
documentation
x-internal-create-story
Generate Story files from Epic: data contracts, Gherkin, Mermaid diagrams, dependency declarations, sub-tasks, quality validation, optional Jira integration. Invoked only by x-create-feature (Phase 3).
testing
x-generate-docs
Documentation automation v2: stack-aware generation consuming documentation.targets from ProjectConfig. Detects documentation type needed (API, README, ADR, changelog, system-architecture) from code changes and stack config, delegates to specialized skills or generates inline. Invokes x-update-system-architecture on architectural change detection.
tools
x-internal-verify-phase-gates
Validates phase transitions for orchestrators under Rule 25. Four modes: --mode pre (assert predecessor phases completed before entering phase N), --mode post (assert all child tasks of phase N are completed AND all expected artifacts exist on disk), --mode wave (post-Batch-B verification of parallel wave completeness: N child TaskUpdate completed + N artifacts exist), --mode final (terminal gate composing with x-internal-verify-epic-integrity). Reads execution-state.json.taskTracking.phaseGateResults and TaskList task state; writes back the gate result. Emits a single-line JSON envelope {passed, mode, skill, phase, expectedTasks, completedTasks, missingTasks, expectedArtifacts, missingArtifacts, wallclockMs, timestamp}. Exit 0 on passed, 12 on failure, 13 on malformed args, 14 on task-resolution timeout. First skill in the x-internal-* convention authored by EPIC-0055; eighth overall (after status-update, report-write, args-normalize, story-load-context, story-build-plan, story-verify, story-resume, epic-build-plan, epic-integrity-gate, epic-branch-ensure, story-report) and the eighth under internal/plan/.
development
x-internal-verify-epic-integrity
Executes the epic-level verification gate end-to-end (Phase 1.7 / Phase 4 carve-out of x-implement-epic) on the epic/XXXX branch HEAD: checks out the branch, runs mvn clean test + jacoco:report, parses filtered coverage against epic-level thresholds (default line >=95, branch >=90), runs a declarative DoD checklist (presence of tests, tasks DONE, CHANGELOG entry, ADR references), and emits a single-line JSON envelope {passed, failures, coverageDelta, dodChecklist}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-load-story-context, x-internal-build-story-plan, and x-internal-verify-story). Isolates ~180 inline lines of integrity-gate logic from x-implement-epic.
development
x-internal-map-epic
Generate Implementation Map from Epic and Stories: dependency matrix, phase computation, critical path, ASCII diagrams, Mermaid graphs, strategic observations. Invoked only by x-create-feature (Phase 4).
testing
x-internal-resume-story
Detects the resumable state of an in-flight story: reads ai/epics/epic-XXXX/execution-state.json via x-internal-update-status --read-only, identifies the first PENDING or IN_PROGRESS task (the resume point), catalogues DONE tasks with their commitSha, extracts the last committed SHA, and flags staleness when the story file's mtime is newer than any DONE task's completion timestamp. Emits a single-line JSON envelope {resumePoint, tasksCompleted, tasksPending, lastCommitSha, staleWarnings}. Seventh skill in the x-internal-* convention and the fourth under internal/plan/ (after x-internal-load-story-context, x-internal-build-story-plan, x-internal-verify-story). Read-only by construction — never mutates state.
development
x-internal-verify-story
Executes the story-level verification gate (Phase 3 carve-out of x-implement-story): identifies files touched by the story via the task breakdown, runs the test suite scoped to those files, parses filtered coverage against the story-specific thresholds (default line >=95, branch >=90), performs cross-file consistency checks (constructor patterns, return-type uniformity per role), optionally runs the smoke suite, and validates every Section 7 Gherkin scenario has a matching acceptance test. Emits a single-line JSON envelope {passed, coverageDelta, failures, acCheckResults}. Sixth skill in the x-internal-* convention and the third under internal/plan/ (after x-internal-load-story-context and x-internal-build-story-plan).
development
x-internal-write-story-report
Generates the final consolidated story-completion report by reading ai/epics/epic-XXXX/execution-state.json, collecting per-task status and commitSha, PR metadata (prNumber, prState), coverage delta, and review findings, then rendering the output via x-internal-write-report with _TEMPLATE-STORY-COMPLETION-REPORT.md to the caller-specified --output path. Eighth skill in the x-internal-* convention and the fifth under internal/plan/ (after x-internal-load-story-context, x-internal-build-story-plan, x-internal-verify-story, and x-internal-resume-story). Read-only against state; writes only to --output via x-internal-write-report.
development
x-migrate-frontmatter
Migrates artifact frontmatter from v2 to v3.0 (requires-capabilities) using path heuristics, keyword scan, and AI fallback
data-ai
x-internal-pr-body-render
Renders PR body Markdown from existing disk artifacts using one of two templates. --kind=implementation: reads review/verify/telemetry artifacts for a story and emits a structured implementation PR body. --kind=backlog: reads epic/map artifacts and emits a scaffolding PR body. Fail-open: absent artifacts produce human-readable placeholders, never audit-sentinel strings. Internal — invoked only by x-pr-create and x-feature-create.
testing
x-create-jira-stories
Create Jira Stories from existing local story markdown files. Read all story files in an epic directory, map fields to Jira, create issues with parent epic link, create dependency links between stories, and sync Jira keys back to local files.
tools
x-lib-audit-rules
Audits compliance of all project rules AND knowledge packs against source code. Launches parallel subagents (one per rule/knowledge-pack) for scanning, then aggregates into a unified report with severity classification and story suggestions.
development
x-lib-decompose-task
Decomposes an implementation plan into tasks. Primary mode: derives tasks from test scenarios (x-plan-tests output) using TDD structure (RED/GREEN/REFACTOR). Fallback mode: uses Layer Task Catalog (G1-G7) when no test plan exists.
development
x-lib-verify-group
Build gate verification between parallelism groups. Compiles code, classifies errors, decides retry vs escalate, extracts outputs for next group. Used between each implementation group in Phase 2.
development
x-analyze-telemetry-trends
Detect cross-epic P95 regressions (>= threshold %) and rank top-10 slowest skills from the global telemetry index. Single-responsibility partner of /x-analyze-telemetry focused on trend detection, not point-in-time reporting. Use to answer 'is skill X getting slower over the last N epics?' with evidence.
business
x-analyze-telemetry
Analyze telemetry NDJSON for one or more epics and produce a Markdown report with skill/phase/tool aggregates, Mermaid Gantt timeline, and optional JSON/CSV exports. Use to answer 'which phase is the bottleneck?' and 'is skill X getting slower?' questions for operator visibility.
tools
x-generate-docs
Documentation automation v2: stack-aware generation consuming documentation.targets from ProjectConfig. Detects documentation type needed (API, README, ADR, changelog, system-architecture) from code changes and stack config, delegates to specialized skills or generates inline. Invokes x-update-system-architecture on architectural change detection.
tools
x-generate-release-changelog
Changelog generator v2: hybrid format combining narrative Highlights block (derived from 'Entrega de Valor' of merged v2 epics) with Keep-a-Changelog sections (Added/Changed/Fixed/Breaking/Deprecated). Stack-aware via documentation.changelog.format config. Falls back gracefully when EPIC-0070 epics unavailable (D-R10).
development
x-handle-incident
Guides incident response with severity-based checklists, communication templates, and postmortem triggers. Interactive guide for SEV1-SEV4 incidents covering classification, response coordination, and action item tracking.
testing
x-profile-performance
Automated profiling: detect language/runtime, select appropriate profiler, execute session, generate flamegraph, identify hotspots, and suggest optimizations referencing the performance-engineering knowledge pack.
testing
x-reconcile-status
Reconciles execution-state.json (telemetry) against the **Status:** field of Epic / Story markdown artifacts. Default mode (diagnose) is read-only and prints a divergence table. Opt-in --apply rewrites the markdowns atomically via StatusFieldParser and commits via x-commit-changes. Respects Rule 19 (legacy v1 epics skip silently) and Rule 22 (markdown is SoT; state.json is telemetry). Use for manual recovery of legacy epics whose markdown status drifted from execution checkpoints.
testing
x-release
Orchestrates complete release flow using Git Flow release branches with approval gate, PR-flow (gh CLI) and deep validation: version bump (auto-detect or explicit), release branch creation from develop, deep validation (coverage, golden files, version consistency), version file updates, changelog generation, release commit, release PR via gh (optionally reviewed by x-review-pr), human approval gate with persistent state file, tag on main after merged PR, back-merge PR to develop with conflict detection, and cleanup. Supports hotfix releases from main, dry-run mode, resume via --continue-after-merge, in-session pause via --interactive, GPG-signed tags, skip-review opt-out, and custom state file path.
tools
x-troubleshoot-operations
Diagnoses errors, stacktraces, build failures, and unexpected behavior. Systematic approach: reproduce, locate, understand, fix, verify. Use whenever something fails: compilation errors, test failures, runtime exceptions, coverage gaps, or performance issues.
development
x-validate-docs
Documentation freshness gate: validates 6 dimensions (readme, api-specs, grpc-proto, adr, skill-docs, system-architecture) against code changes in a PR. Stack-aware — only validates targets declared/auto-detected from ProjectConfig.documentation.targets. Returns exit non-zero on staleness; produces structured report.
development
planning-standards-kp
Fonte da verdade do modelo RA9 (Rule-Aligned 9-Section) para templates de planejamento Epic/Story/Task. Define as 9 seções fixas, granularidade por nível, micro-template Decision Rationale, e mapeamento rule ↔ seção.
testing
x-migrate-templates
Assists migration of a v1 epic document to the v2 value-driven template (EPIC-0070). Parses v1 technical blocks (Packages, Contratos, SOLID, Observabilidade), classifies each block with a safe default heuristic, and optionally asks the operator for confirmation per block (--interactive). Side-effects: writes epic.md in v2 format atomically, creates ADRs for 'virar ADR' decisions, updates system.md via x-update-system-architecture. Supports --dry-run and recovery from interrupted sessions.
development
x-plan-story
Multi-agent story planning: launches 5 specialized agents (Architect, QA, Security, Tech Lead, Product Owner) in parallel to produce a consolidated task breakdown, individual task plans, planning report, and DoR validation. Schema-aware: v1 (legacy) runs the original 6-phase flow; v2 (task-first, EPIC-0038) adds Phases 4a-4c that emit task-TASK-NNN.md + plan-task-TASK-NNN.md per task and a task-implementation-map-STORY-*.md, wiring every task through x-plan-task in parallel.
testing
x-feature-ideate
Transform free-form prose or a text file into a structured RA9 spec (5 mandatory sections) and open a PR on docs/feature-<slug> targeting develop for human review before invoking x-feature-create.
development
x-plan-story
Multi-agent story planning: launches 5 specialized agents (Architect, QA, Security, Tech Lead, Product Owner) in parallel to produce a consolidated task breakdown, individual task plans, planning report, and DoR validation. Schema-aware: v1 (legacy) runs the original 6-phase flow; v2 (task-first, EPIC-0038) adds Phases 4a-4c that emit task-TASK-NNN.md + plan-task-TASK-NNN.md per task and a task-implementation-map-STORY-*.md, wiring every task through x-plan-task in parallel.
testing
x-migrate-templates
Assists migration of a v1 epic document to the v2 value-driven template (EPIC-0070). Parses v1 technical blocks (Packages, Contratos, SOLID, Observabilidade), classifies each block with a safe default heuristic, and optionally asks the operator for confirmation per block (--interactive). Side-effects: writes epic.md in v2 format atomically, creates ADRs for 'virar ADR' decisions, updates system.md via x-update-system-architecture. Supports --dry-run and recovery from interrupted sessions.
development
x-model-threats
Generate threat models using STRIDE analysis: identify components, map data flows, analyze threats per category, classify severity, suggest mitigations, and produce threat model document.
development
x-plan-task
Generates a detailed per-task implementation plan (plan-task-TASK-XXXX-YYYY-NNN.md) with TDD cycles in TPP order, file impact analysis by architecture layer, security checklist by task type, and exit criteria. Two invocation modes: task-file-first (--task-file) consumes a standalone task-TASK-XXXX-YYYY-NNN.md contract (EPIC-0038); story-scoped (STORY-ID --task TASK-ID) reads the task from story Section 8 (legacy). Invocable standalone OR via x-plan-story (future).
testing
x-update-architecture
Incrementally updates the service architecture document with changes from architecture plans. Adds new components, integrations, flows, and ADR references without rewriting existing content. Use after implementation to keep architecture documentation current.
documentation
x-ideate-feature
Transform free-form prose or a text file into a structured RA9 spec (5 mandatory sections) and open a PR on docs/feature-<slug> targeting develop for human review before invoking x-create-feature.
development
x-feature-ideate
Transform free-form prose or a text file into a structured RA9 spec (5 mandatory sections) and open a PR on docs/feature-<slug> targeting develop for human review before invoking x-feature-create.
development
x-refine-story
Multi-persona 4-phase story refinement dispatcher. Phase A: 5-7 parallel specialist agents analyse the story for gaps. Phase B: single consolidated question batch to the operator. Phase C: 5-7 parallel specialists refine with answers. Phase D: Architect (opus) consolidates a Refinement Verdict and dual-writes to execution-state.json + story markdown.
testing
x-refine-epic
Multi-persona 4-phase strategic epic refinement dispatcher. Phase A: 5-6 parallel specialist agents analyse the epic for strategic gaps. Phase B: single consolidated question batch to the operator. Phase C: 5-6 parallel specialists refine with answers. Phase D: Architect (opus) consolidates a Refinement Verdict with scope=epic and dual-writes to execution-state.json + epic markdown.
testing
x-refine-epic
Multi-persona 4-phase strategic epic refinement dispatcher. Phase A: 5-6 parallel specialist agents analyse the epic for strategic gaps. Phase B: single consolidated question batch to the operator. Phase C: 5-6 parallel specialists refine with answers. Phase D: Architect (opus) consolidates a Refinement Verdict with scope=epic and dual-writes to execution-state.json + epic markdown.
testing
x-ideate-feature
Transform free-form prose or a text file into a structured RA9 spec (5 mandatory sections) and open a PR on docs/feature-<slug> targeting develop for human review before invoking x-create-feature.
development
x-execute-socket-smoke-tests
Runs automated smoke tests against the TCP socket server using a standalone Java client with message framing and protocol validation.
tools
x-refine-story
Multi-persona 4-phase story refinement dispatcher. Phase A: 5-7 parallel specialist agents analyse the story for gaps. Phase B: single consolidated question batch to the operator. Phase C: 5-7 parallel specialists refine with answers. Phase D: Architect (opus) consolidates a Refinement Verdict and dual-writes to execution-state.json + story markdown.
testing
x-plan-architecture
Generates a comprehensive architecture plan with component diagrams, sequence diagrams, deployment topology, mini-ADRs, NFRs, and resilience/observability strategies. Use before implementation to document design decisions.
testing
picocli-command
Generates a Picocli @Command with subcommands, options, converters, and unit tests.
tools
x-code-lint
Analyzes source code with the appropriate linter for {{LANGUAGE}}. Second step in the pre-commit chain (RULE-007: format -> lint -> compile -> commit). Supports --fix, --changed-only, and --strict modes.
development
x-pr-fix-epic
Discovers all PRs from an epic via execution-state.json, fetches and classifies review comments in batch, generates a consolidated findings report, applies fixes, and creates a single correction PR. Supports dry-run, explicit PR list fallback, and idempotent re-execution.
testing
x-ops-incident
Guides incident response with severity-based checklists, communication templates, and postmortem triggers. Interactive guide for SEV1-SEV4 incidents covering classification, response coordination, and action item tracking.
testing
planning-standards-kp
Fonte da verdade do modelo RA9 (Rule-Aligned 9-Section) para templates de planejamento Epic/Story/Task. Define as 9 seções fixas, granularidade por nível, micro-template Decision Rationale, e mapeamento rule ↔ seção.
testing
x-supply-chain-audit
Enhanced supply chain security audit beyond x-dependency-audit. Analyzes maintainer risk, typosquatting detection, phantom dependencies, dependency age, EPSS scoring, and SLSA assessment. Produces SARIF 2.1.0 output with weighted risk scoring.
testing
x-arch-update
Incrementally updates the service architecture document with changes from architecture plans. Adds new components, integrations, flows, and ADR references without rewriting existing content. Use after implementation to keep architecture documentation current.
documentation
x-task-plan
Generates a detailed per-task implementation plan (plan-task-TASK-XXXX-YYYY-NNN.md) with TDD cycles in TPP order, file impact analysis by architecture layer, security checklist by task type, and exit criteria. Two invocation modes: task-file-first (--task-file) consumes a standalone task-TASK-XXXX-YYYY-NNN.md contract (EPIC-0038); story-scoped (STORY-ID --task TASK-ID) reads the task from story Section 8 (legacy). Invocable standalone OR via x-story-plan (future).
testing
x-review-qa
QA specialist review: validates test coverage, TDD compliance, test naming, fixtures, parametrized tests, and acceptance criteria coverage.
testing
x-ops-incident
Guides incident response with severity-based checklists, communication templates, and postmortem triggers. Interactive guide for SEV1-SEV4 incidents covering classification, response coordination, and action item tracking.
testing
x-hardening-eval
Evaluates application hardening posture against CIS and OWASP benchmarks: HTTP security headers, TLS configuration, CORS policy, cookie security, error handling, input limits, and information disclosure. Produces SARIF output with weighted scoring.
development
x-security-dashboard
Aggregates results from all security scanning skills into a unified posture view with score 0-100, trend tracking, OWASP risk heatmap, per-dimension breakdown, and remediation priority queue. Never executes scans — reads existing results only (RULE-011).
testing
micronaut-scaffold
Scaffolds a Micronaut service with @Controller, DI, health, Dockerfile, and tests.
testing
x-parallel-eval
Detects and classifies file-collision risks between work units (tasks, stories, or epic phases) before parallel execution. Reads ## File Footprint blocks produced by x-task-plan / x-story-plan, applies the parallelism-heuristics knowledge pack (hard / regen / soft categories + hotspot overrides), and emits a collision matrix + serialization recommendation in Markdown (default) or JSON.
development
micronaut-scaffold
Scaffolds a Micronaut service with @Controller, DI, health, Dockerfile, and tests.
testing
helidon-scaffold
Scaffolds a Helidon SE/MP service with routing, health, config, Dockerfile, and tests.
testing
helidon-scaffold
Scaffolds a Helidon SE/MP service with routing, health, config, Dockerfile, and tests.
testing
x-story-implement
Thin orchestrator (~320 lines — story-0049-0019 refactor) that drives a story end-to-end via 4 delegated phases: Phase 0 (args via x-internal-args-normalize + context via x-internal-story-load-context + resume via x-internal-story-resume), Phase 1 (parallel planning via x-internal-story-build-plan), Phase 2 (task execution loop via x-task-implement per task, then final story PR via x-pr-create), Phase 3 (verify via x-internal-story-verify + report via x-internal-story-report + optional worktree cleanup via x-git-worktree). New EPIC-0049 flags --target-branch / --auto-merge / --epic-id propagate OO-style to x-task-implement and x-pr-create. Backward compatible: absent flags preserve legacy EPIC-0048 behavior (target=develop, auto-merge=none).
development
x-internal-status-update
Atomic read-modify-write of execution-state.json with flock-based concurrency, schema validation, and idempotency detection. Substitutes inline Edit-based mutations in orchestrator skills (x-epic-implement, x-story-implement, x-pr-fix-epic) that previously suffered race conditions in --parallel mode. PILOT skill for the x-internal-* convention: internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-internal-status-update
Atomic read-modify-write of execution-state.json with flock-based concurrency, schema validation, and idempotency detection. Substitutes inline Edit-based mutations in orchestrator skills (x-epic-implement, x-story-implement, x-pr-fix-epic) that previously suffered race conditions in --parallel mode. PILOT skill for the x-internal-* convention: internal visibility, non-user-invocable, subdir scoping under internal/ops/.
documentation
x-test-plan
Generates a Double-Loop TDD test plan with TPP-ordered scenarios before implementation. Delegates KP reading to a context-gathering subagent, then produces structured Acceptance Tests (outer loop) and Unit Tests in Transformation Priority Premise order (inner loop).
development
x-epic-implement
Thin orchestrator (~460 lines — story-0049-0018 refactor) that drives an epic end-to-end via 6 delegated phases: Phase 0 (args via x-internal-args-normalize), Phase 1 (load+plan via x-internal-epic-build-plan), Phase 2 (epic branch via x-internal-epic-branch-ensure), Phase 3 (sequential-by-default story loop via x-story-implement), Phase 4 (integrity gate + report via x-internal-epic-integrity-gate + x-internal-report-write), Phase 5 (final PR epic/XXXX → develop via x-git-merge + x-pr-create). Defaults flipped by EPIC-0049: sequential execution (opt-in parallel via --parallel), auto-merge of story PRs into epic/XXXX (target changed from develop). Legacy EPIC-0042 behavior preserved under --legacy-flow (auto-detected via execution-state.json flowVersion=1). Zero inline git/gh/jq/mvn calls — orchestrator uses only Read/Glob + Skill.
development
x-arch-plan
Generates a comprehensive architecture plan with component diagrams, sequence diagrams, deployment topology, mini-ADRs, NFRs, and resilience/observability strategies. Use before implementation to document design decisions.
testing
x-pr-create
Task-level PR creation with formatted title, automatic labels, structured body, and target branch logic. Creates standardized PRs for individual tasks with Task ID traceability.
development
x-arch-plan
Generates a comprehensive architecture plan with component diagrams, sequence diagrams, deployment topology, mini-ADRs, NFRs, and resilience/observability strategies. Use before implementation to document design decisions.
testing
x-pr-create
Task-level PR creation with formatted title, automatic labels, structured body, and target branch logic. Creates standardized PRs for individual tasks with Task ID traceability.
development
x-test-plan
Generates a Double-Loop TDD test plan with TPP-ordered scenarios before implementation. Delegates KP reading to a context-gathering subagent, then produces structured Acceptance Tests (outer loop) and Unit Tests in Transformation Priority Premise order (inner loop).
development
x-format-code
Formats source code; first step of the pre-commit chain (format -> lint -> compile).
development
x-create-pr
Task-level PR creation with formatted title, labels, structured body, and target branch.
development
x-create-product
Transform an ideation file into a Product artifact with RNF roots and C1 capability stub.
tools
spec-driven-kp
Knowledge pack for spec-driven planning concepts: Planning Depth Tier, Gray-Area Discovery, Knowledge Verification Chain, Requirement Traceability, and the Deferred-Ideas ledger. Subordinate to Rule 27 (zero-bypass).
data-ai
spring-controller
Generates a Spring Boot @RestController with DTOs, mappers, advice, and unit tests.
testing
x-assess-infrastructure-security
Scans Kubernetes/Terraform/Helm/Compose files for misconfigurations vs CIS benchmarks.
testing
x-audit-supply-chain
Supply-chain audit: maintainer risk, typosquatting, EPSS, SLSA; SARIF + report.
testing
x-commit-planning
Batch-commits planning artifacts under plans/** without the code pre-commit chain.
development
x-evaluate-runtime
Evaluates runtime protection (rate limits, WAF, CSP) with SARIF + ASVS scoring.
tools
x-execute-api-smoke-tests
Runs Newman/Postman smoke tests against the REST API across local/container/staging.
development
x-execute-e2e-tests
Runs integration tests covering the full request flow with a real database.
testing
x-fix-epic-pr
Discovers all PRs from an epic, classifies comments, applies fixes, opens correction PR.
documentation
x-execute-tests
Runs tests with coverage reporting and threshold validation.
testing
x-execute-socket-smoke-tests
Runs smoke tests against the TCP socket server using a standalone Java client.
tools
x-execute-performance-tests
Conditional performance-tests gate: SLA budget validation per quality.performance.
testing
helidon-scaffold
Scaffolds a Helidon SE/MP service with routing, health, config, Dockerfile, and tests.
testing
micronaut-scaffold
Scaffolds a Micronaut service with @Controller, DI, health, Dockerfile, and tests.
testing
picocli-command
Generates a Picocli @Command with subcommands, options, converters, and unit tests.
tools
quarkus-resource
Generates a Quarkus RESTEasy Reactive @Path resource with DTOs, mapper, and tests.
development
x-drive-tdd
Executes Red-Green-Refactor TDD cycles for a task; delegates commits to x-commit-changes.
development
x-generate-ci
Generates or updates CI/CD pipelines per project stack with actionlint validation.
development
x-execute-shell-regression-tests
Regression-shell gate: runs scenario scripts vs baseline; blocks merge on diffs.
testing
helidon-scaffold
Scaffolds a Helidon SE/MP service with routing, health, config, Dockerfile, and tests.
testing
x-commit-changes
Creates Conventional Commits with Task ID and pre-commit chain (format/lint/compile).
development
x-create-capability
Decompose a Product into Capabilities with explicit RNF inheritance and no-relax markers.
testing
x-audit-code
Full codebase review against project standards via parallel specialist subagents.
development
x-execute-mutation-tests
Conditional mutation-testing gate (PIT/Stryker) with kill-rate threshold.
testing