alexei-led/documenting-code
src/skills/documenting-code/SKILL.md
Create or update human-facing docs, agent-facing instructions, architecture docs, API docs, README content, and useful code comments from implementation facts. Use when docs are stale, missing, or must reflect code changes. NOT for code-quality review, prompt scoring, speculative docs, or ADRs unless explicitly requested.
$ install --global
skillsauthnpx skillsauth add alexei-led/claude-code-config documenting-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 5, 2026, 3:40 AM11.8s7 files scanned
SKILL.md
- name:
- documenting-code
Documenting Code
Update only useful documentation. Start from code facts, identify the reader, and make the smallest doc change that helps that reader act correctly.
Role-gated action
Detect capability from tools, not prose:
- Write-capable role: edit docs and run validation.
- Read-only role: apply nothing; emit proposed edits in the output contract.
Reader model
Choose the reader before writing.
Human reader:
- Make docs scannable: clear title, short overview, focused sections, examples.
- Keep docs short. Link to detail instead of creating long reads.
- Use Mermaid diagrams only when they answer a real structure, flow, lifecycle, ownership, or trade-off question.
- Match the existing docs style. Do not invent fonts, colors, or custom visual treatment unless the docs system already supports it.
Agent reader:
- Write terse operational instructions for LLMs.
- Prefer headers, bullets, numbered steps, and exact contracts.
- Remove generic knowledge, duplicate rules, pretty formatting, diagrams, tables, long rationale, and advice the model already knows.
- If the task is to review or score agent instructions, use
reviewing-instructions.
Code reader:
- Comments and docstrings explain contracts, constraints, invariants, side effects, error behavior, and non-obvious decisions.
- Delete comments that paraphrase code.
- Avoid comments in tests unless they explain non-obvious external behavior or why an edge case matters.
Language references
Load only references matching changed implementation files:
- Go:
references/go.md - Python:
references/python.md - TypeScript:
references/typescript.md - Web:
references/web.md
Mixed languages: load each matching reference. Unknown language: use this file only.
Workflow
- Identify scope from the user request or changed files. Do not ask if scope is clear.
- Read relevant implementation, tests, and existing docs before writing.
- Decide reader type: human, agent, code reader, or mixed.
- Check docs against current behavior. Code wins unless the user says docs define the intended contract.
- Use
looking-up-docsonly when external API syntax or behavior is uncertain. - Use one bounded read-only Agent only for large doc audits; verify its claims before editing.
- Update the smallest useful docs. Do not create speculative docs.
- Verify with the narrowest docs or repo checks available.
What to update
- README usage, setup, or quick start when user-visible behavior changes.
- API docs when parameters, outputs, errors, side effects, or examples change.
- Architecture docs when boundaries, data flow, ownership, deployment units, or major trade-offs change.
- Agent instructions when skills, agents, hooks, commands, tools, routing, or operating rules change.
- Generated catalogs only through their source files and generator scripts.
- Code comments/docstrings only when they add useful contract or reasoning value.
Rules
- No promotional filler.
- No dead, future, or speculative behavior.
- No ADRs or
docs/adr/changes unless explicitly requested. - Keep private paths, secrets, tokens, and internal credentials out of docs.
- Prefer runnable examples. If an example cannot be run, state why.
- For human docs, favor a compact diagram over paragraphs only when the diagram improves understanding.
- For agent docs, optimize for token efficiency over visual appeal.
Verification
Run the narrowest relevant checks, for example:
markdownlint-cli2 '**/*.md'
make lint-markdown
make validate
Also run documented commands or examples when practical. If a check is missing or not practical, state the reason and run the closest available check.
Output
Write-capable role:
## Documentation Update
Updated:
- `path` — <what changed and reader served>
Verified:
- <check>: passed | skipped (<reason>)
Issues: none | <remaining issue>
Read-only role:
## Proposed Changes
### Change 1: <brief description>
File: `path/to/doc`
Action: CREATE | MODIFY | DELETE
Reader: human | agent | code
Code:
<doc content or patch-sized replacement with enough context>
Rationale: <code fact that makes this stale or missing>
Failure handling
- Ambiguous scope: ask one scoped question.
- Missing changed-file context: inspect
git diff --name-only; if unavailable, ask for paths. - No stale docs found: say so and report what was checked.
- Docs/code conflict: report the conflict; update docs to code unless user says docs are intended contract.
- Validation failure: report the exact failure and do not claim docs are current.
Related Skills
alexei-led/writing-shell
tools
VerifiedTrustedCommunity
Idiomatic shell development for POSIX sh, Bash, Zsh, Fish, hooks, CI shell steps, and scriptable CLI glue. Use when writing or changing `.sh`, `.bash`, `.zsh`, `.fish`, `.bats`, shell functions, shell pipelines, or command-runner recipes. Emphasizes portability, quoting, safe filesystem/process handling, non-TUI CLI tools, ShellCheck, shfmt, Bats, and ShellSpec. NOT for Python, TypeScript, Go, web code, or infrastructure operations.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/spec-flow
tools
VerifiedTrustedCommunity
Use when planning, executing, checkpointing, finishing, or inspecting lightweight spec-driven work. Runs one task at a time using `.spec/` markdown files and the bundled `specctl` helper. NOT for broad product discovery beyond a short requirement interview.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/operating-infra
testing
VerifiedTrustedCommunity
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/configuring-git-hygiene
development
VerifiedTrustedCommunity
Configure safe git workflow hygiene: pre-commit/pre-push hooks, Gitleaks secret scanning, .gitignore rules, local git config, and guardrails. Use when setting up git hooks, gitleaks/git leaks, staged pre-commit checks, pre-push validation, core.hooksPath, .gitignore, or git config best practices. NOT for creating commits (use committing-code), cleaning branches/worktrees (use cleanup-git), or creating worktrees (use using-git-worktrees).
33SKILL.mdUpdated Jun 5, 2026