بنقرة واحدة
Code-Skills
يحتوي Code-Skills على 32 من skills المجمعة من VidyaBodepudi، مع تغطية مهنية على مستوى المستودع وصفحات skill داخل الموقع.
Skills في هذا المستودع
Security posture for the AI agent itself covering OWASP LLM Top 10, Agentic Security Top 10, behavior boundaries, destructive operation gates, prompt injection resistance, and skill supply chain verification via OIDC Trusted Publishing.
Design and implement clean, consistent, well-documented APIs and interfaces. Use when building REST APIs, GraphQL schemas, library interfaces, or internal module boundaries.
Ensure compliance with organizational policies and regulatory standards, then generate structured reports and dashboards. Covers license auditing, data handling regulations, security standard mapping, and structured reporting with actionable recommendations.
Collaborative design refinement with hard gates preventing premature implementation. Use BEFORE any creative work — creating features, building components, adding functionality, or modifying behavior. Explores user intent, requirements, and design before implementation.
Visual verification of UI changes using browser DevTools MCP. Use when building or modifying frontend components to verify rendering, responsiveness, and visual correctness. All browser-read data is treated as UNTRUSTED.
End-to-end pipeline from CI configuration through production deployment. Covers pipeline stages, test automation, deployment strategies, pre-launch checklists, rollback planning, and post-deploy verification.
Two-stage code review: spec compliance first, then code quality. Use when reviewing code changes, conducting PR reviews, or when subagents complete implementation tasks. Ensures code matches spec AND meets quality standards.
Reduce code complexity through targeted refactoring. Use when code is difficult to understand, overgrown, or has accumulated technical debt. Simplify without changing behavior.
Systematically understand an unfamiliar or partially-known codebase before making changes. Produces a Codebase Profile that informs all subsequent skills. Use before any modification to a codebase you haven't reconnoitered in the current session.
Optimize agent context window usage for maximum effectiveness. Use when working on complex tasks, managing large codebases, or when context is becoming polluted. Covers the 5-level context hierarchy, confusion management, and token-conscious strategies.
Safe deprecation of features and migration between versions. Use when removing features, changing APIs, or migrating data schemas. Covers deprecation notices, migration guides, and sunset timelines.
Documentation standards and Architecture Decision Records (ADRs). Use when documenting features, APIs, or architectural decisions. Covers inline docs, README structure, API docs, and ADR format.
Coordinate the execution of approved implementation plans across sessions. Track progress, handle deviations, and maintain momentum. Use when working through a multi-task plan.
Complete work on a development branch with final verification, review, and merge/PR decision. Use when all plan tasks are done and the branch is ready for integration.
Frontend-specific engineering practices including component architecture, state management, accessibility, responsiveness, and performance. Use when building UI components, pages, or interactive interfaces.
Git conventions for trunk-based development, semantic versioning, feature flags, commit messages, and branch management. Use when making commits, managing branches, or planning releases.
Build features in small, verifiable steps with continuous test validation. Use when implementing any feature from a plan. Each step should produce a working, tested increment. Prevents large, unverified code drops.
Multi-agent orchestration covering strategy, dispatch, context isolation, conflict avoidance, progress tracking, and two-stage review gates. Use when splitting work across multiple concurrent agent sessions.
Systematic performance optimization with measurement-first methodology. Use when performance issues are identified, during review phase, or when building performance-critical features. Profile before optimizing.
Decompose approved designs into bite-sized implementation tasks with exact file paths, verification steps, and dependency ordering. Use after brainstorming/spec approval, before implementation begins. Each task should take 2-10 minutes for an agent to complete.
Evaluate the risk profile of a change and automatically escalate reviews when high-risk areas are touched. Triggered by the task decomposition engine when risk signals are detected. Ensures auth, payments, data handling, and infrastructure changes get appropriate scrutiny.
OWASP-aligned security engineering for all code produced by agents. Use when building any feature that handles user input, authentication, data storage, API endpoints, file uploads, or external integrations. Covers OWASP Top 10, injection prevention, secrets management, CSP, dependency auditing, and security review checklists.
Read and understand existing code before writing any modifications. Use when modifying any existing codebase. Follow established patterns, conventions, and architecture rather than introducing new ones.
Formal specification authoring with exit criteria and acceptance conditions. Use when requirements need to be captured precisely before implementation begins. Produces a spec document that drives planning and testing.
4-phase root cause investigation methodology for bugs and unexpected behavior. Use when tests fail, errors occur, behavior is unexpected, or a fix attempt has failed. Prohibits guessing and symptom-fixing.
ROOT ORCHESTRATOR — the main() of CodeHands. Activates on EVERY task. Classifies the request, assesses complexity, gates non-trivial work through mandatory decomposition, selects the correct skill chain, and tracks execution state. This is the single entry point that makes the CodeHands lifecycle mandatory, not advisory.
Template for creating new CodeHands skills. Copy this directory and fill in all sections. Use when authoring a new skill.
Enforce strict test-driven development with the Iron Law: no production code without a failing test first. Use when implementing any feature, fixing any bug, or modifying any behavior. Covers Red-Green-Refactor cycle, test pyramid, Prove-It Pattern for bugs, and DAMP test writing.
Introduction and onboarding for the CodeHands agent skills framework. Use when starting a new session, when a user mentions CodeHands, or when you need to understand how the framework works.
Create isolated git worktree workspaces for feature development. Use before starting any implementation to ensure work happens on a clean branch with an isolated workspace. Prevents main branch pollution and enables parallel workstreams.
Mandatory proof that work is actually done before declaring completion. Use before saying "done," "complete," or "finished" for any task. Prevents the agent anti-pattern of declaring success without evidence.
Guide for authoring new CodeHands skills. Use when creating a new skill, improving an existing skill, or contributing to the CodeHands framework. Covers skill anatomy, writing principles, testing, and the contribution process.