// Environment setup from zero — prerequisites, clone, install, env vars via 1Password, and dev server. Use for getting started, first-time setup, broken environments, install failures, or missing env vars.
Review a pull request against LFX architecture standards. Requires the reviewer's HEAD to be the PR's branch (author scenarios are natural; external reviewers run `gh pr checkout <N>` first). Fetches main fresh, then launches the `lfx-self-serve-code-reviewer` subagent with the canonical full-branch prompt — the subagent audits the PR branch's diff against `origin/main` and renders a markdown review covering general code review, upstream API contracts, and repo conventions (rules, checklists, architecture). This skill body adds what only a post-PR skill can do: verifying prior review comments are addressed, walking the PR-shape checklist (branch/ JIRA/commits/DCO+GPG/rebase/diff-size/protected-files/PR-title/external-refs), applying new-contributor educational tone, presenting a draft for explicit approval, and posting via /review only after user go-ahead. NEVER auto-posts comments or submits reviews. Use when reviewing PRs, checking PR quality, validating code changes, or when the user says "review", "check
Pre-PR shape check on local lfx-self-serve work. Audits PR-shape sanity (branch name, JIRA reference, conventional-commit format, rebase status, DCO + GPG signing per commit, total diff size, and protected files touched) against the target base branch. Does NOT audit code — code audits run post-commit via the `lfx-self-serve-code-reviewer` and `lfx-self-serve-learnings-reviewer` subagents (launched via the Agent tool), drained before this check. Use once before opening a PR, after the post-commit review queue has returned clean.
Recover from missing DCO sign-off on commits. Handles the single-commit amend, older-commit recovery via interactive rebase or cherry-pick, and explains the Probot DCO check that blocks PRs without sign-off. Use when a PR fails the DCO check, when a commit needs a Signed-off-by trailer added retroactively, or when sign-off was forgotten during rebase / cherry-pick / amend.
Guided development workflow for building, fixing, updating, or refactoring code — components, services, backend endpoints, shared types, or full features. Use whenever someone wants to add a feature, fix a bug, modify existing code, create something new, refactor, or implement any code change.
Pre-PR validation — license headers, format, lint, build, and protected file check. Use before submitting any PR, to check if code is ready, validate changes, or verify a branch before review.
| name | setup |
| description | Environment setup from zero — prerequisites, clone, install, env vars via 1Password, and dev server. Use for getting started, first-time setup, broken environments, install failures, or missing env vars. |
| allowed-tools | Bash, Read, Glob, Grep, AskUserQuestion |
You are helping a contributor set up the LFX One development environment from scratch. Walk through each step interactively, verifying success before moving on.
Check that the following are installed:
node --version to verify. If missing, instruct them to install via nvm or nodejs.org.yarn --version to verify. This project uses Yarn Berry (Corepack). If missing: corepack enable && corepack prepare yarn@4.9.2 --activate.git --version to verify.Docker is NOT required for local development. All services point to the shared dev environment — no local databases, message brokers, or infrastructure to run.
If not already cloned:
git clone <repository-url>
cd lfx-self-serve
If already in the repo, confirm the working directory:
pwd
git remote -v
The project requires environment variables to connect to backend services. All values are available through 1Password.
Copy the env template:
cp apps/lfx-one/.env.example apps/lfx-one/.env
Get credentials from 1Password:
apps/lfx-one/.env.env.example file documents every variable and its purpose — use it as your referenceValidate critical env vars are populated:
missing=()
for key in PCC_AUTH0_CLIENT_ID PCC_AUTH0_CLIENT_SECRET PCC_AUTH0_ISSUER_BASE_URL PCC_AUTH0_AUDIENCE PCC_AUTH0_SECRET PCC_BASE_URL LFX_V2_SERVICE; do
grep -qE "^${key}=.+" apps/lfx-one/.env || missing+=("$key")
done
if [ ${#missing[@]} -gt 0 ]; then
printf "Missing env vars: %s\n" "${missing[*]}"
else
echo "All critical env vars are populated."
fi
If any keys are missing, authentication will fail. Go back to 1Password and fill in the missing values. Note: PCC_AUTH0_SECRET can be any sufficiently long random string — it's used for session encryption, not fetched from 1Password.
Important: All services point to the shared dev environment. No local infrastructure setup is needed.
yarn install
Verify the install completed without errors. If there are issues:
corepack enable if Yarn isn't recognizednode_modules and .yarn/cache then retryyarn start
This starts the Angular dev server with hot reload. The app should be available at http://localhost:4200.
http://localhost:4200 in your browser.env file valuesIf the contributor encounters issues, help them debug:
.env values match 1Password — re-run the env var validation from Step 3yarn build to see detailed error outputyarn install againcorepack enable && corepack prepare yarn@4.9.2 --activateThe local stack uses Authelia at https://auth.k8s.orb.local (not Auth0 — Auth0 is prod/staging only).
NODE_TLS_REJECT_UNAUTHORIZED=0 is required for local Authelia because the cert is self-signed. See README.
Local-mode detection: the server checks issuerBaseUrl.includes('auth.k8s.orb.local') in m2m-token.util.ts, auth.middleware.ts, and profile.controller.ts.
Login broken? Most common cause is stale cookies or a rotated client secret. Clear browser cookies for localhost:4200, then re-fetch the Authelia client secret and update .env:
kubectl get secrets authelia-clients -n lfx \
-o jsonpath='{.data.lfx}' | base64 --decode
Inspect the current session (after login): http://localhost:4200/api/profile (the server-registered route backed by profileController.getCurrentUserProfile — there is no /api/auth/me)
If the lfx Authelia client doesn't exist in the cluster, the authelia-clients secret will be missing — the local k8s stack needs helmfile sync to recreate it.
Once the app loads successfully, the contributor is ready to start development. Suggest they explore the codebase structure:
apps/lfx-one/src/app/modules/ — Feature modulesapps/lfx-one/src/app/shared/ — Shared components, services, pipespackages/shared/src/ — Shared types, interfaces, utilitiesNext step: Use /develop to build or modify a feature.