alexei-led/documenting-code
dist/codex/plugins/dev-workflow/skills/documenting-code/SKILL.md
Update project documentation based on code changes. Use when the user asks to update docs, document behavior, add README content, or align docs with recent implementation changes. NOT for extracting session learnings or authoring ADRs (use learning-patterns) or code-quality feedback (use reviewing-code).
$ install --global
skillsauthnpx skillsauth add alexei-led/claude-code-config documenting-codeInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 18, 2026, 3:44 AM256.8s1 file scanned
SKILL.md
- description:
- Update project documentation based on code changes. Use when the user
- name:
- documenting-code
Documenting Code
Update docs from code facts, not vibes. Keep docs close to the behavior they explain.
Role-gated action
Detect your capability from your tools, not from prose:
- Write-capable role (engineer): apply the doc edits and run the validation check.
- Read-only role (reviewer): identify the stale or missing docs and emit the edits in the Proposed Changes contract under Output. Apply nothing; run nothing — a reviewer has no edit or Bash tools (no
git diff; work from the changed-file list the caller supplies).
Language detection and references
Detect the language of the changed implementation from file extensions and load the matching reference for language-specific doc conventions:
- Go → references/go.md
- Python → references/python.md
- TypeScript → references/typescript.md
- Web → references/web.md
Mixed languages: load each matching reference. Unknown language: use the generic rules below only.
Workflow
- Identify changed files with
git diff --name-onlyunless the user supplied paths. - Read the relevant implementation, tests, and existing docs.
- Use
looking-up-docsonly when external API behavior or syntax is uncertain. - For large doc audits, launch one bounded
Agent(read-only Explore) to map changed behavior. Verify its claims before editing. - Update the smallest set of docs that users or maintainers need.
- Run docs or repo validation.
What To Update
- README usage or setup when user-visible behavior changes.
- API docs when parameters, output, or errors change.
- Architecture docs when module boundaries or data flow change.
- Generated catalogs only through their generator scripts.
- Plugin docs when skill, agent, hook, or command behavior changes.
Rules
- Do not document dead or speculative behavior.
- Do not author or update ADRs (architecture decision records) or
docs/adr/— route decision capture tolearning-patterns. - Do not add promotional filler.
- Prefer examples that can be run.
- Keep private paths or secrets out of docs.
- If docs disagree with code, code wins unless the user says the docs are the intended contract.
Verification
Run the narrowest relevant checks, for example:
markdownlint-cli2 '**/*.md'
make validate
If a tool is missing, state that and run the next available check.
Output
Engineer (applied the doc edits): report the docs changed and the validation result.
Reviewer (identified only — emit the edits as a proposal, apply nothing):
## Proposed Changes
### Change 1: <brief description>
File: `path/to/doc`
Action: CREATE | MODIFY | DELETE
Code:
<the doc content, with enough surrounding context to locate it>
Rationale: <which code change makes this doc stale or missing>
Related Skills
alexei-led/writing-shell
tools
VerifiedTrustedCommunity
Idiomatic shell development for POSIX sh, Bash, Zsh, Fish, hooks, CI shell steps, and scriptable CLI glue. Use when writing or changing `.sh`, `.bash`, `.zsh`, `.fish`, `.bats`, shell functions, shell pipelines, or command-runner recipes. Emphasizes portability, quoting, safe filesystem/process handling, non-TUI CLI tools, ShellCheck, shfmt, Bats, and ShellSpec. NOT for Python, TypeScript, Go, web code, or infrastructure operations.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/spec-flow
tools
VerifiedTrustedCommunity
Use when planning, executing, checkpointing, finishing, or inspecting lightweight spec-driven work. Runs one task at a time using `.spec/` markdown files and the bundled `specctl` helper. NOT for broad product discovery beyond a short requirement interview.
33SKILL.mdUpdated Jun 5, 2026
alexei-led/operating-infra
testing
VerifiedTrustedCommunity
Author, inspect, troubleshoot, and review infrastructure across IaC, Kubernetes, cloud resources, containers, CI/CD, and Linux hosts. Use when changing Terraform/OpenTofu, Kubernetes, Helm, Kustomize, Dockerfiles, GitHub Actions, AWS, GCP, Cloud Run, BigQuery, IAM, logs, instances, or service health. NOT for deploy/apply/rollback workflows (see deploying-infra). NOT for shell scripts or generic command pipelines (see writing-shell).
33SKILL.mdUpdated Jun 5, 2026
alexei-led/configuring-git-hygiene
development
VerifiedTrustedCommunity
Configure safe git workflow hygiene: pre-commit/pre-push hooks, Gitleaks secret scanning, .gitignore rules, local git config, and guardrails. Use when setting up git hooks, gitleaks/git leaks, staged pre-commit checks, pre-push validation, core.hooksPath, .gitignore, or git config best practices. NOT for creating commits (use committing-code), cleaning branches/worktrees (use cleanup-git), or creating worktrees (use using-git-worktrees).
33SKILL.mdUpdated Jun 5, 2026