michaelalber/session-context
skills/team/session-context/SKILL.md
Git change summarization, ADR relevance matching, and pattern applicability for building session context. Provides techniques for analyzing recent project activity, scoring context relevance, and detecting patterns that accelerate AI coding session starts. Use when building context for a new coding session, analyzing recent changes, or matching project decisions to current work.
development
Updated Jun 4, 2026
$ install --global
skillsauthnpx skillsauth add michaelalber/ai-toolkit session-contextInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 4, 2026, 8:50 AM129.2s5 files scanned
SKILL.md
- name:
- session-context
- audience:
- team
- description:
- Git change summarization, ADR relevance matching, and pattern applicability for building session context. Provides techniques for analyzing recent project activity, scoring context relevance, and detecting patterns that accelerate AI coding session starts. Use when building context for a new coding session, analyzing recent changes, or matching project decisions to current work.
Session Context
"Context is worth 80 IQ points. The difference between a productive coding session and a stumbling one is whether you understood the state of the system before you started changing it." -- Alan Kay (attributed)
Core Philosophy
Every AI coding session starts with a context gap: the model doesn't know what changed yesterday, which architectural decisions govern this module, or which files are volatile. This skill bridges that gap systematically, turning cold-start into a solved problem. Session context is not about knowing everything — it is about knowing the right things. Relevant context, delivered concisely at session start, prevents more bugs than any amount of testing after the fact.
Non-Negotiable Constraints:
- RELEVANCE OVER RECENCY — score context by relevance to the focus area; recency is only a tiebreaker.
- CITE EVERY CLAIM — every statement references a commit hash, file path, line number, or ADR; no exceptions.
- SUMMARIZE, DON'T DUMP — never reproduce full ADRs, logs, or files; summarize with citations.
- CONCISE SUMMARY — the executive summary fits one screen (< 40 lines); detailed sections are for drill-down.
- OBSERVATION ≠ INFERENCE — label inferences explicitly; only verifiable facts are stated as facts.
Full principle table, the change-summarization and ADR-matching protocols, discipline rules,
anti-patterns, and error recovery live in references/conventions.md.
Workflow
SCOPE Define the focus area + time window (default 2 weeks active / 4 weeks less active);
identify the repo root and branch topology.
GATHER Collect raw context: git log --stat for the window, file change frequencies (hotspots),
imports/deps in the focus area, ADR files + dates, convention files, README/design docs.
(Protocols: conventions.md; techniques: change-summarization.md.)
SCORE Rate each item: proximity to focus, recency weighting, ADR applicability, dependency
relevance. Filter below the relevance threshold. (Scoring: relevance-matching.md.)
SYNTHESIZE Group git changes by feature/area; rank ADRs by relevance; present the focused dependency
subgraph; surface warnings (hotspots, overdue reviews, breaking changes); form recommendations.
DELIVER Present the briefing (templates in output-templates.md): executive summary first
(< 40 lines), detailed sections following, every claim cited, recommendations actionable.
Exit criteria: a briefing with a < 40-line executive summary, every claim cited, ADRs ranked by relevance with stated reasons, dependency blast radius shown, staleness/hotspot warnings surfaced, and specific session recommendations.
State Block
<session-context-state>
mode: scope | gather | score | synthesize | deliver
focus_area: [files, modules, or features]
time_window: [date range]
repository: [path to repository root]
commits_collected: [count]
files_in_focus: [count]
adrs_discovered: [count]
adrs_relevant: [count]
dependencies_traced: [count]
hotspots_detected: [count]
relevance_threshold: [score cutoff]
last_action: [what was just completed]
next_action: [what should happen next]
</session-context-state>
Output Template
- Executive summary, change group, dependency context, hotspot analysis —
references/output-templates.md. - Git log analysis techniques (grouping, diff-stat, hotspot detection, branch topology) —
references/change-summarization.md. - Relevance scoring (proximity, recency, ADR applicability, dependency-path relevance) —
references/relevance-matching.md. - Principle table, summarization + ADR protocols, discipline rules, anti-patterns, error recovery —
references/conventions.md.
Integration with Other Skills
| Skill | Relationship |
|-------|-------------|
| architecture-journal | This skill surfaces relevant ADRs and overdue retrospectives; architecture-journal provides the templates and review protocols to act on them. |
| dependency-mapper | This skill traces dependencies at summary level for blast radius; dependency-mapper provides full Martin metrics (Ca, Ce, I, A, D) when patterns look concerning. |
| rpi-research / qrspi-research | Use session-context as a pre-step to seed research with recent-change context before deeper codebase exploration. |
Related Skills
michaelalber/security-review-federal
development
VerifiedTrustedCommunity
Federal / government security overlay applied ON TOP OF a base language security review (dotnet/python/php/rust/react). Language-agnostic: adds NIST SP 800-53 control mapping, FIPS 140-2/3 cryptographic compliance (with a per-language crypto table), CUI handling, EO 14028 supply-chain requirements, and DOE Order 205.1B, and emits POA&M-ready findings with FIPS 199 impact levels. Use for federal/DOE/DOD/national-laboratory systems. Triggers on "federal security review", "NIST compliance", "NIST 800-53", "FISMA", "CUI", "FIPS audit", "DOE security", "POA&M", "ATO review". Do NOT use alone — run the matching <lang>-security-review FIRST; this overlay maps and extends it.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-security-review
tools
VerifiedTrustedCommunity
OWASP-based security review of React / TypeScript front-end applications. Detects the framework (Vite/CRA/Next), entry points, and data flows, scans against the OWASP Top 10 (2025) mapped to React client-side patterns (XSS via raw HTML, URL/protocol injection, secrets in the bundle, insecure token storage, dependency CVEs, missing CSP, open redirects), and produces a manager-friendly executive summary plus a graded technical findings table. Use to audit React code for vulnerabilities. Triggers on "react security review", "frontend security audit", "audit react for vulnerabilities", "owasp react", "react xss", "react security posture", "npm audit review". For federal / gov / DOE / NIST / FIPS / CUI context, run security-review-federal after this base review. Do NOT use to grade architecture/structure — use react-architecture-checklist.
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-modernization-analyzer
tools
VerifiedTrustedCommunity
Analyzes legacy React codebases and produces actionable modernization plans. Primary migration paths include class components to function components + hooks, Create React App to Vite, React 16/17 to 18 to 19, JavaScript to TypeScript, Enzyme to React Testing Library, legacy Redux to Redux Toolkit / Zustand / Context, and deprecated lifecycle/API removal. Does NOT perform the migration — assesses, quantifies risk, and plans. Triggers on phrases like "modernize react", "class to hooks", "upgrade react", "migrate CRA to vite", "react legacy migration", "react 17 to 18", "react js to typescript", "react technical debt", "enzyme to RTL".
SKILL.mdUpdated Jun 4, 2026
michaelalber/react-feature-slice
development
VerifiedTrustedCommunity
Scaffolds feature-based React / TypeScript architecture using feature folders, presentational + container components, custom hooks, a typed data layer, and structural CQRS (query hooks vs mutation hooks). React analog of dotnet-vertical-slice and python-feature-slice — no DI framework; uses props/context for dependency injection and a query cache for server state. Use when creating feature-based React projects, adding React features, organizing components by feature rather than by technical type, or scaffolding a feature's data layer. Triggers on phrases like "scaffold react feature", "create react slice", "react feature folder", "react vertical slice", "add react feature", "react feature architecture", "organize react by feature".
SKILL.mdUpdated Jun 4, 2026