Skip to main content
Exécutez n'importe quel Skill dans Manus
en un clic
Dépôt GitHub

truestack

truestack contient 23 skills collectées depuis adtn0810, avec une couverture métier par dépôt et des pages de détail sur le site.

skills collectés
23
Stars
2
mis à jour
2026-07-10
Forks
0
Couverture métier
9 catégories métier · 100% classifié
explorateur de dépôts

Skills dans ce dépôt

truestack-agent-coordination
Autres occupations informatiques

Coordinate multiple agents and multiple sessions on the same repo without overwriting or colliding with each other. Use whenever work is big enough to split across parallel agents, when a research or planning task is explicitly split across parallel sub-agents (the research content itself belongs to truestack-deep-research), or when continuing work another session started. Covers task decomposition, worktree isolation, a shared task ledger, and the merge protocol.

2026-07-10
truestack-api-design
Développeurs de logiciels

Design the interface contract for an API before it's implemented — protocol choice, resource and error modeling, versioning, pagination, idempotency, and rate-limit rules. Use whenever the user wants to "design an API", define an "API contract", "contract-first" / "schema-first" work, write or lint an "OpenAPI" / "Swagger" spec, pick "REST vs GraphQL" / "REST vs gRPC" / "which API style", decide "how to version my API" / "deprecate an endpoint" / "sunset header" / a "breaking change" / "backward compatible API", shape an "error response" / "problem+json" / "RFC 9457" / "what status code", add an "idempotency key" / "prevent double charge on retry" / "make POST safe to retry", choose "pagination" / "cursor vs offset" / "next page token", publish "rate limit headers" / design the "429 + quota" policy, do "resource modeling" / "filtering and sorting" query params, "contract testing" / "consumer-driven contracts", or design a "request/response shape" against "mass assignment".

2026-07-10
truestack-application-security
Analystes en sécurité de l'information

Design and harden the security of a self-hosted app — authentication (OAuth2/OIDC, MFA, passkeys/WebAuthn), authorization (RBAC/ABAC, deny-by-default, IDOR/BOLA/broken-access-control), the OWASP Top 10 (injection, SSRF, misconfiguration), input validation + output encoding, CSRF, password/credential storage (argon2id/bcrypt), security headers/CSP/HSTS, and STRIDE threat modeling. Use whenever the user asks "is this secure" / "secure this app" / "security review", builds a login / sign-in / sign-up / OIDC auth flow, weighs session vs JWT, adds MFA/2FA/passkeys, sets up RBAC/roles/permissions, mentions IDOR/SSRF/CSRF/XSS/SQLi/injection, hashes passwords, manages the app's runtime secrets/API keys/.env (not CI workflow or deploy-pipeline secrets), sets CSP/security headers, threat-models / sizes an attack surface, or asks how to store passwords or credentials safely (storage, retention, or encryption-at-rest of PII/personal data routes to truestack-data-privacy). The DESIGN discipline.

2026-07-10
truestack-architecture-planning
Développeurs de logiciels

Plan the architecture and data flow for a feature, service, or system before any implementation code is written. Use this whenever the user is designing, scoping, or starting to build something new (backend or frontend) — even for a bare "build X" or "how should I structure this". This skill owns the design step wherever the chain starts — truestack-orchestrate enters first on requests that also need implementation or review and dispatches here, and the implementation itself belongs to truestack-backend-development once the plan is approved. Treats the request as intent to be clarified, picks the right architecture per project, sizes the planning ceremony to the work, and gates risky designs behind pre-work approval (orchestrate's gate is the post-work quality-control pass).

2026-07-10
truestack-backend-development
Développeurs de logiciels

Implement backend code and recommend the best tech stack for the project at hand. Use whenever the user is writing server, API, or data-layer logic, choosing a language/framework/database, or asks to "build" or "code" a backend feature — even without an explicit stack question. Planning for a brand-new build starts in truestack-architecture-planning; this skill implements once a plan exists. Optimizes for data accuracy, performance, and not overloading a self-hosted single server.

2026-07-10
truestack-ci-and-delivery
Développeurs de logiciels

Set up CI/CD and ship safely to a self-hosted server — pipeline stages (lint, type-check, test, build), SHA-pinned Actions, least-privilege workflow permissions and GitHub Actions secrets (runtime secrets/.env on the server belong to truestack-deploy-and-runtime), semver + CHANGELOG releases, and health-gated deploy with rollback. Use whenever the user says "set up CI", "set up CI/CD", "GitHub Actions workflow", "lint and tests on PR", "required status checks", "branch protection", "merge queue", "pin actions", "SHA pin", "workflow permissions", "GITHUB_TOKEN", "OIDC (keyless cloud/deploy credentials for workflows)", "cache dependencies", "Docker layer caching", "release automation", "semantic versioning", "bump the version", "generate changelog", "tag a release", "conventional commits", "the CI pipeline that ships a release to production", "health-gated deploy step", "rollback in CI", "smoke test before traffic", or "sequence a migration step in the deploy".

2026-07-10
truestack-data-privacy
Analystes en sécurité de l'information

Owns a self-hosted app's data-privacy and compliance policy — classify PII, retain/erase lawfully, encrypt personal data at rest. Use when the request mentions "privacy policy", "GDPR", "CCPA / CPRA", "HIPAA / PHI / ePHI", "right to be forgotten / erasure", "delete my data", "DSAR", "PII / personal data", "data inventory / classification / mapping", "retention / scheduled purge / auto-delete old personal data", "lawful basis / consent / opt-out / Global Privacy Control", "pseudonymization / anonymization / de-identification", "encryption at rest / crypto-shredding", "audit / access log / who accessed this data", "breach notification / 72 hours", "define what counts as PII in logs / telemetry" (policy only — redaction wiring, log rotation, disk cleanup are truestack-observability), "suppression list / delete from backups", or "is this compliant with privacy law (GDPR/CCPA/HIPAA) / store sensitive data" — package CVE/license compliance is truestack-dependency-management.

2026-07-10
truestack-database-migrations
Architectes de bases de données

Author safe schema and data migrations — expand/contract (parallel-change), zero/low-downtime online changes, reversible up/down scripts, and idempotent bounded backfills. Use whenever the user says "migration", "schema change", "alter table", "add / drop / rename column", "change column type", "add constraint / not null / foreign key / index", "create index", "backfill", "repopulate", "data migration", "zero / low downtime", "online schema change", "expand contract", "dual write", "rollback / reversible migration", names a tool (flyway, alembic, rails, django, prisma migrate, ef core, liquibase), or reports "this migration locked the table / timed out / is slow". High-risk and ask-first; pairs with the approval gate and the PreToolUse gate.

2026-07-10
truestack-deep-research
Analystes en études de marché et spécialistes en marketing

Run a thorough multi-source research pass and produce a verified, cited answer for questions that need current facts, a landscape, or an evidence-backed decision rather than recall. Use when the question targets the outside world with no openable artifact in hand — "research", "find out", "compare options" in the wild (products, services, external tools, public repos merely named — not this project's own code or dependencies; once a concrete reference is in hand, route to truestack-reverse-engineering) — or the user asks "what's the best/latest", "is it still true that", or "how does X achieve / do this" about a third-party system (nothing shared to inspect), or needs a recommendation backed by sources. Fans out parallel searches, reads primary sources, cross-checks each load-bearing claim, and separates verified from uncertain. Pairs with truestack-agent-coordination for the fan-out.

2026-07-10
truestack-dependency-management
Développeurs de logiciels

Own the ongoing dependency and supply-chain lifecycle of a self-hosted app. Use to add a package as a new project dependency (not an incidental setup/CI step), update / bump / upgrade / pin dependencies, edit a lockfile, set up Renovate / Dependabot / cooldown / minimumReleaseAge, run npm audit / pip-audit / osv-scanner, handle a CVE / GHSA / security advisory, judge "is this package safe / upgrade or wait", respond to a supply-chain attack / compromised package / hijacked maintainer, generate an SBOM / CycloneDX / SPDX / VEX, enforce license compliance / copyleft, or address typosquatting / dependency confusion / install scripts / provenance / SLSA / transitive deps. Owns update-bot and scanner policy — including the github-actions ecosystem and audit/CVE fail thresholds — even when enforced in CI; truestack-ci-and-delivery only wires the pipeline stage and initial SHA pins. If a new package collects or transmits personal data, follow on with truestack-data-privacy.

2026-07-10
truestack-deploy-and-runtime
Administrateurs de réseaux et de systèmes informatiques

Package, deploy, and run a self-hosted app on a single VPS without dropping requests. Use whenever the user is writing a Dockerfile or docker-compose for production, shrinking an image / multi-stage build (image size/contents — CI build speed / Docker layer caching stays with truestack-ci-and-delivery), running a container as non-root, adding a container/compose healthcheck or the liveness/readiness endpoint a deploy gates on (/healthz, /readyz), fixing graceful shutdown / SIGTERM / dropped requests on deploy / stop_grace_period / a SIGKILLed container, putting nginx in front of the app, setting up TLS / HTTPS / certbot / Let's Encrypt / SSL renewal, doing a zero-downtime / blue-green deploy / reload without 502s, running docker compose under systemd to survive reboot, injecting secrets / env / .env, or writing the on-box deploy and rollback runbook (the CI workflow that triggers it is truestack-ci-and-delivery). Triggers on "deploy to my VPS / one box", "my deploy causes downtime".

2026-07-10
truestack-explain-plain
Enseignants postsecondaires, autres

Explain finished work or existing behavior in short, beginner-friendly plain English — big picture first, jargon defined in one line, an analogy when it helps, and the reasoning behind choices rather than just the mechanics. Use automatically after the work is finished to say what was done and why, and whenever the user says "explain this", "what does this do", "walk me through what you did", "in simple terms", "make it simple", "teach me", "so I can learn", "I don't get it", or asks why you built it that way. Made for a junior developer who needs to understand and learn from the result, not just receive working code. Scoped to work just done or code already in context; when understanding first requires investigating an unfamiliar artifact or system, route through truestack-reverse-engineering first and explain the findings after.

2026-07-10
truestack-mcp-integration
Autres occupations informatiques

Act on external systems through connected MCP servers — query or write a database, search a vector store, call a payment or webhook API, hit a third-party service — instead of only advising about them. Use whenever a task needs live data or a real external action performed through a connected MCP server, or when setting up / configuring MCP servers (.mcp.json) for a project; a more specific vendor skill that matches the tool or server takes precedence in both cases. Applies the same accuracy, security, and honesty discipline to tool calls as truestack-backend-development applies to code.

2026-07-10
truestack-observability
Administrateurs de réseaux et de systèmes informatiques

Instrument a self-hosted backend so you can see what it's doing in production — structured logging, metrics, distributed tracing, health-check monitoring, and SLO/burn-rate alerting. Use whenever the user wants to "make this service observable", "add observability", set up "structured logging" / "JSON logs", add "OpenTelemetry" / "OTel" / "OTLP" / an "OTel Collector", add "metrics" / "Prometheus" / "Grafana" / "RED" / "USE", add "distributed tracing" / "spans" / a "correlation ID" / "request ID" / "trace ID in logs", monitor or alert on an existing "health" / "readiness" / "liveness" endpoint (creating or wiring the endpoint itself belongs to truestack-deploy-and-runtime), set up "SLOs" / "error budget" / "burn-rate alerts", or fix "noisy alerts", "high cardinality" / "too many timeseries", "logs filling the disk", "add a redaction processor to the telemetry pipeline", or "I have no telemetry yet / can't see what my service is doing".

2026-07-10
truestack-orchestrate
Développeurs de logiciels

Front-door router for this skill set — read FIRST on any non-trivial coding request, then dispatch to the right skill(s) in the right order. Use whenever a request spans more than one step or you're unsure which skill fits — building, fixing, scheduling, acting on an external system, or chaining multi-step plans, reviews, or research runs. Right-sizes the work, carries the read-memory-first / honesty / clarify contracts into each step, chooses single-agent vs parallel, runs the canonical chains end to end, and gates everything through truestack-quality-control. Skip only for a single trivial one-off.

2026-07-10
truestack-project-memory
Développeurs de logiciels

Build and maintain persistent, repo-local memory of a codebase so the other skills stop re-discovering the same facts. Use this on the FIRST substantial task in any repo (study the project before doing the work), whenever project facts seem missing or stale, and whenever the user says "set up project memory", "onboard this repo", or "remember this about the project". Creates and updates a committed memory folder the other skills read first.

2026-07-10
truestack-prompt-optimizer
Développeurs de logiciels

Turn a raw prompt into a sharpened, optimized brief before any work runs on it — classify the task, fill or ask about missing components, pick the technique, and prepend the matching expert persona, without changing what the user asked for. Use whenever truestack-orchestrate hands a request to a downstream skill (every handoff gets primed — a terse or underspecified handoff gets enriched, a sharp one passes through), or when the user says "sharpen this prompt", "enrich the prompt", "optimize my prompt", "rephrase this as an expert would", "prime the task", or "adopt an expert persona". A persona never licenses guessing — the optimized brief keeps the honesty contract.

2026-07-10
truestack-quality-control
Analystes en assurance qualité des logiciels et testeurs

Run a deep quality-control sweep after ANY code change before the work is considered done — automatically once a feature or bugfix is implemented, and whenever the user asks to "check", "QC", or "verify" a code change or the work just done, or says "make sure it's solid". Use only AFTER the change exists — verifies, never implements; fix-first requests enter via truestack-orchestrate. Runs tests, type-check and lint, a multi-axis review, a load/perf check, a safety pass, an intent check, and a memory-reconciliation tally. Invoked by truestack-backend-development and truestack-root-cause-debugging; also runs on request.

2026-07-10
truestack-react-frontend
Développeurs web

Build or reshape React UI to a professional bar — distinctive visual design AND sound front-end engineering. Use whenever the user is building a React component, page, screen, or app, or styling or improving an existing React interface — even if they only say "build the dashboard" or "make this page nicer" (whole-app architecture for a brand-new build still starts in truestack-architecture-planning). Covers design taste, component architecture, state, data fetching, performance, accessibility, and testing.

2026-07-10
truestack-reverse-engineering
Développeurs de logiciels

Reverse-engineer a reference — a repo, code snippet, doc/spec, or a legacy system — into a verified model of how it works, then derive a safe upgrade path for the user's own system. Use whenever the user shares, or points at a concrete artifact you can obtain and open (a path, a repo URL, pasted code), and asks how it works or how it's built, says "reverse engineer this", "study this repo and upgrade mine", "port / adopt / replicate this pattern", "modernize my system based on this", or needs to understand an unfamiliar external or inherited reference codebase before changing it (routine onboarding of your own repo is truestack-project-memory). Requires an artifact in hand that you can open and verify. Grounds every claim in the actual artifact (verified vs inferred) and respects license/IP — adapt patterns, never copy proprietary source.

2026-07-10
truestack-root-cause-debugging
Développeurs de logiciels

Investigate a bug, error, crash, failing test, regression, or unexpected/slow behavior that is a DEFECT, and fix it at the root (slowness owned by a specific discipline — a slow migration, deploy-time downtime — routes to that skill). Use the moment something is reported broken or an error/stack trace is pasted — even a one-line "this isn't working". Confirms the real root cause with evidence before changing anything, and applies a permanent fix, never a temporary patch.

2026-07-10
truestack-skill-evaluation
Autres occupations informatiques

Evaluate and score Agent Skills — this set or any skill — on triggering accuracy, scope, token efficiency, structure, anti-patterns, and honesty-contract adherence. Use whenever the user asks to "score", "evaluate", "rate", "audit", "grade", or "improve" (score first; fixes are a follow-up edit, then re-run the eval) a skill or skill set, after authoring or editing a skill, or before shipping one. Runs a deterministic static lint, a semantic judge pass, and a measured behavioral trigger regression test, then reports a scorecard with concrete fixes — never a vibe-based number.

2026-07-10
truestack-task-scheduling
Développeurs de logiciels

Set up work that runs automatically later or on a recurring cadence — a daily check, a weekly report, a periodic sync, a deferred run — instead of doing it once now. Use whenever the user says "every day", "each morning", "weekly", "nightly", "cron", "schedule this", "remind me", "run this at", or wants a task to recur or fire in the future. (A standing behavior rule — hooks or settings config — is not a schedule.) Produces a self-contained job spec (trigger, the exact prompt the run executes, delivery, and failure policy) and wires it to the host's scheduler.

2026-07-10