ワンクリックで
cto-toolkit
cto-toolkit には camilooscargbaptista から収集した 54 個の skills があり、リポジトリ単位の職業カバレッジとサイト内 skill 詳細ページを表示します。
このリポジトリの skills
**Architecture Decision Record (ADR) — Philosophy-First**: Creates well-structured ADRs using a 3-phase process: (1) Define the architectural philosophy and identity of the system, (2) Explore options through the lens of that philosophy, (3) Adversarial review by a devil's advocate agent. Use this skill whenever the user wants to document a technical decision, create an ADR, record why a technology or approach was chosen, compare architectural alternatives, or mentions 'ADR', 'architecture decision', 'decision record', 'technical decision', 'why did we choose', or 'document this decision'. Also trigger when the user is evaluating trade-offs between technical approaches and wants to formalize the reasoning.
**AI/ML Engineering Review**: Reviews AI/ML systems for production readiness — model serving, MLOps pipelines, LLM integration patterns, prompt engineering, evaluation frameworks, and responsible AI. Covers model deployment, feature stores, experiment tracking, monitoring/drift detection, and AI safety. Use when the user mentions ML, AI, machine learning, model, LLM, GPT, Claude, embeddings, RAG, fine-tuning, MLOps, model serving, feature store, or any AI/ML infrastructure.
**API Documentation & Design (OpenAPI/Swagger)**: Helps write and review API documentation, generate OpenAPI/Swagger specs, design RESTful APIs, and document GraphQL schemas. Use whenever the user mentions 'API docs', 'Swagger', 'OpenAPI', 'API specification', 'API design', 'REST API', 'endpoint documentation', 'API contract', 'API versioning', 'GraphQL schema', 'API reference', or asks to document their API, generate a Swagger spec, design API endpoints, or review API contracts for consistency.
API Gateway design patterns including rate limiting, authentication, versioning, BFF and circuit breaking
ARB process design, RFC governance, decision log and technical review workflows
**Backend Code Review (Node.js, Java, Microservices)**: Expert review of backend code focusing on Node.js, Java, Clean Architecture, SOLID principles, microservices patterns, SQL/database design, messaging (Kafka, SQS, SNS), and payment flows. Use whenever the user wants a review of backend code, API design, service architecture, database queries, or mentions Node, Java, Spring, NestJS, Express, microservices, REST API, gRPC, or asks to review server-side code. Also trigger for database schema reviews, query optimization, and message queue patterns.
**Chaos Engineering**: Designs and reviews resilience testing strategies — fault injection, game days, failure mode analysis, and blast radius assessment. Covers chaos experiments for distributed systems, database failures, network partitions, and dependency outages. Use when the user mentions chaos engineering, resilience testing, fault injection, game day, failure testing, blast radius, circuit breaker testing, or wants to verify system reliability under failure conditions.
**Code Review Router & General Analysis**: Acts as the primary entry point for all code review requests. Detects the technology context and delegates to the appropriate specialized review skill (backend-review for Node/Java/NestJS, frontend-review for Angular/React, flutter-review for Dart/Flutter, security-review for auth/security concerns, ux-review for UI/UX). For mixed or ambiguous codebases, performs a comprehensive general review covering architecture, security, performance, and maintainability. Use whenever the user says 'review this code', 'check this PR', 'look at my code', 'code review', 'review my changes', shares a diff or code snippet, or pastes code wanting feedback.
**Compliance & Governance Review**: Reviews systems for regulatory compliance — SOC2, HIPAA, PCI-DSS, ISO 27001, LGPD/GDPR. Covers access control, audit logging, encryption, data retention, incident response, and compliance documentation. Use when the user mentions SOC2, HIPAA, PCI, ISO 27001, LGPD, GDPR, compliance, audit, governance, regulatory, data protection, privacy policy, or needs to prepare for a compliance audit.
**Cloud Cost Optimization & FinOps**: Helps analyze and reduce cloud infrastructure costs, optimize resource usage, implement FinOps practices, and find savings opportunities. Use whenever the user mentions 'cloud costs', 'AWS bill', 'cost optimization', 'FinOps', 'right-sizing', 'reserved instances', 'savings plans', 'cost allocation', 'budget', 'overspending', 'cloud waste', 'cost per request', 'unit economics', asks 'why is my AWS/GCP/Azure bill so high', or wants to reduce infrastructure spending without sacrificing performance.
Review .NET/C# code: ASP.NET Core, EF Core, Minimal APIs, Azure patterns and performance
**Data Engineering Review**: Reviews data pipelines, ETL/ELT processes, data quality frameworks, data contracts, and data platform architecture. Covers batch and streaming pipelines, data lakes/warehouses, dbt, Airflow, Spark, data governance, and data observability. Use when the user mentions data pipeline, ETL, ELT, data warehouse, data lake, dbt, Airflow, Spark, data quality, data contracts, data mesh, Snowflake, BigQuery, Redshift, or any data infrastructure.
**Database Design & SQL Review**: Expert guide for schema design, database migrations, query optimization, indexing strategy, and database performance. Covers relational (PostgreSQL, MySQL) and NoSQL (MongoDB, DynamoDB, Redis). Use whenever the user mentions 'database', 'schema', 'migration', 'SQL', 'query optimization', 'slow query', 'index', 'N+1', 'normalization', 'denormalization', 'PostgreSQL', 'MySQL', 'MongoDB', 'DynamoDB', 'Redis', 'ORM', 'TypeORM', 'Prisma', 'Sequelize', 'query plan', 'EXPLAIN', 'deadlock', 'connection pool', or asks about database design, data modeling, or performance tuning.
**Design Patterns, SOLID & Clean Architecture**: Reference guide and advisor for software design patterns, SOLID principles, Clean Code practices, and Clean Architecture. Use whenever the user asks about design patterns, SOLID principles, Clean Code, Clean Architecture, DDD, refactoring, code organization, coupling, cohesion, or wants guidance on how to structure their code. Trigger when the user mentions 'pattern', 'SOLID', 'clean code', 'clean architecture', 'DDD', 'domain-driven', 'refactor', 'abstraction', 'dependency injection', 'repository pattern', or asks 'how should I structure this' or 'what pattern should I use'.
**Developer Experience (DX) Audit**: Assesses and improves developer productivity and satisfaction — build times, CI/CD speed, onboarding friction, tooling quality, documentation, and internal developer portal. Covers developer surveys, golden paths, platform engineering, and DX metrics. Use when the user mentions developer experience, DX, developer productivity, build times, slow CI, onboarding friction, internal tooling, developer portal, platform engineering, or wants to improve engineering team happiness and velocity.
**DevOps & Infrastructure (Docker, AWS, Messaging)**: Helps with Docker configuration, AWS architecture, CI/CD pipelines, Kubernetes, monitoring, and messaging infrastructure (Kafka, SQS, SNS). Use whenever the user wants to review or create Dockerfiles, docker-compose configs, AWS architecture, CI/CD pipelines, infrastructure as code, or mentions Docker, Kubernetes, ECS, Lambda, S3, RDS, CloudFront, Terraform, GitHub Actions, Jenkins, Kafka, SQS, SNS, monitoring, alerting, or asks about deployment strategies, scaling, or infrastructure design.
DDD practical guide: Event Storming, Bounded Contexts, Aggregates and domain-driven design patterns
Review Elixir/Phoenix code: OTP patterns, GenServer, LiveView, fault tolerance and concurrency
Engineering budget planning, headcount forecasting, infrastructure cost modeling and ROI analysis
**Engineering Metrics & DORA**: Defines, measures, and improves engineering team performance using DORA metrics, developer productivity metrics, and engineering health indicators. Covers deployment frequency, lead time, MTTR, change failure rate, cycle time, developer experience surveys, and engineering investment allocation. Use when the user mentions DORA, engineering metrics, deployment frequency, lead time, MTTR, change failure rate, developer productivity, cycle time, velocity, engineering health, or wants to measure team performance.
**Event-Driven Architecture Review**: Reviews and designs event-driven systems — Event Sourcing, CQRS, Saga patterns, Domain Events, message brokers, and eventual consistency. Use when the user mentions events, event sourcing, CQRS, saga, choreography vs orchestration, Kafka architecture, event store, projections, read models, domain events, or wants to design or review an event-driven system.
Feature flag strategies, rollout patterns, kill switches and flag lifecycle management
**Flutter & Dart Code Review**: Expert review of Flutter applications focusing on widget architecture, state management, Dart best practices, performance, and platform-specific considerations. Use whenever the user wants a review of Flutter/Dart code, widget design, state management patterns, or mentions Flutter, Dart, widgets, BLoC, Riverpod, Provider, Cubit, or asks to review mobile app code. Also trigger for Flutter performance reviews, platform channel audits, and app architecture analysis.
**Frontend Code Review (Angular & React)**: Expert review of frontend code focusing on Angular, React, component architecture, state management, performance, accessibility, and UI patterns. Use whenever the user wants a review of frontend code, component design, state management, or mentions Angular, React, TypeScript, RxJS, Redux, hooks, components, CSS, responsive design, or asks to review client-side code. Also trigger for frontend performance reviews, bundle analysis, and accessibility audits.
**Full Code Review Orchestrator**: Runs a comprehensive multi-dimensional code review by orchestrating multiple specialized review skills in sequence. Produces a consolidated report covering code quality, security, performance, database, architecture, and testing. Use when the user wants a 'full review', 'complete review', 'comprehensive code review', 'review everything', or wants the deepest possible analysis of their code or project.
**Git Workflow & Branching Strategy**: Helps define and follow Git branching strategies (Git Flow, GitHub Flow, Trunk-Based), write good commit messages, manage releases, and resolve merge conflicts. Use whenever the user asks about Git workflow, branching strategy, commit conventions, release management, merge conflicts, or mentions 'git flow', 'branching', 'commit message', 'conventional commits', 'release branch', 'hotfix', 'merge conflict', 'rebase', 'cherry-pick', or asks how to organize their Git workflow.
**Go Code Review**: Reviews Go code for idiomatic patterns, error handling, concurrency safety, and performance. Covers goroutines, channels, interfaces, error wrapping, context propagation, and common Go anti-patterns. Use when the user wants a review of Go code, mentions .go files, Go modules, goroutines, channels, gin, echo, fiber, gRPC, or any Go framework.
**GraphQL Design & Security Review**: Reviews GraphQL schemas, resolvers, and configurations for design quality, security, performance, and best practices. Covers schema design, N+1 prevention (DataLoader), query complexity limits, authentication, authorization, federation, and subscriptions. Use when the user mentions GraphQL, schema, resolvers, mutations, queries, subscriptions, Apollo, Relay, DataLoader, federation, or .graphql files.
**Project Health Check Orchestrator**: Runs a comprehensive project health assessment by invoking the architecture-reviewer, tech-debt-analyzer, and security-auditor agents in sequence. Produces a unified Project Health Dashboard with scores, trends, and a prioritized improvement roadmap. Use when the user wants a 'health check', 'project assessment', 'codebase audit', 'project health', 'how healthy is this project', or wants an executive-level overview of project quality.
**Incident Response & Postmortem**: Creates blameless postmortem documents and incident response runbooks. Use this skill whenever the user wants to write a postmortem, incident report, root cause analysis (RCA), create an incident runbook, document an outage, or analyze what went wrong in production. Trigger when the user mentions 'postmortem', 'incident', 'outage', 'RCA', 'root cause', 'production issue', 'downtime', 'war room', 'on-call', or wants to improve their incident response process. Also trigger when the user asks to create escalation procedures or SLA documentation.
**Kubernetes & Cloud-Native Review**: Reviews Kubernetes manifests, Helm charts, and cloud-native configurations for security, reliability, resource management, and best practices. Covers pods, deployments, services, ingress, RBAC, network policies, HPA, PDB, security contexts, and GitOps patterns. Use when the user mentions Kubernetes, k8s, kubectl, Helm, pods, deployments, services, ingress, operators, ArgoCD, Flux, or any container orchestration.
**Migration Strategy**: Plans and reviews large-scale system migrations — monolith to microservices, cloud migration, database migration, framework upgrades, and language transitions. Covers strangler fig pattern, parallel running, data migration, feature parity tracking, and rollback strategies. Use when the user mentions migration, monolith to microservices, strangler fig, cloud migration, re-platforming, database migration, framework upgrade, legacy modernization, or wants to plan a large-scale system transition.
Multi-tenant architecture patterns: row-level, schema-level, database-level isolation and tenant routing
**Observability, Monitoring & SRE**: Comprehensive guide for implementing observability (logs, metrics, traces), setting up monitoring and alerting, defining SLOs/SLIs/SLAs, creating dashboards, and incident detection. Use whenever the user mentions 'observability', 'monitoring', 'alerting', 'logging', 'metrics', 'tracing', 'SLO', 'SLI', 'SLA', 'error budget', 'dashboard', 'Grafana', 'Prometheus', 'DataDog', 'CloudWatch', 'New Relic', 'Jaeger', 'OpenTelemetry', 'OTEL', 'uptime', 'latency', 'p99', 'alert fatigue', 'on-call', 'PagerDuty', or asks 'how do I know if my system is healthy', 'what should I monitor', or wants to improve production visibility.
On-call rotation design, escalation tiers, runbook standards and burnout prevention
**1:1 Meeting Prep & Notes**: Helps prepare for and document one-on-one meetings with direct reports, skip-levels, and your own manager. Use this skill whenever the user wants to prepare for a 1:1, create meeting notes, structure feedback conversations, plan career development discussions, or handle difficult management conversations. Trigger when the user mentions '1:1', 'one-on-one', 'check-in with', 'meeting with [person]', 'feedback for', 'performance review', 'career conversation', or asks how to have a difficult conversation with a team member.
**Penetration Testing & Ethical Hacking Methodology**: Provides structured penetration testing methodology, security checklists, vulnerability assessment frameworks, and ethical hacking guidance for web applications, APIs, and infrastructure. Use whenever the user mentions 'pentest', 'penetration testing', 'vulnerability assessment', 'security audit', 'ethical hacking', 'OWASP', 'bug bounty', 'security testing', 'threat modeling', 'attack surface', 'CVE', 'security scan', or asks 'how secure is this', 'what vulnerabilities should I check', or wants to test the security of their application or infrastructure.
**Performance Profiling & Optimization**: Helps diagnose and fix performance issues including memory leaks, CPU bottlenecks, slow queries, high latency, and throughput problems. Covers profiling tools, flame graphs, load testing, caching strategies, and optimization techniques for Node.js, Java, Flutter, and web applications. Use whenever the user mentions 'performance', 'slow', 'memory leak', 'OOM', 'high CPU', 'latency', 'throughput', 'flame graph', 'profiling', 'load test', 'benchmark', 'cache', 'optimization', 'p99', 'response time', 'bottleneck', 'event loop', 'garbage collection', 'heap', or says 'my app is slow', 'why is this endpoint slow', 'we're running out of memory'.
**PR Description Writer**: Generates comprehensive, senior-level pull request descriptions with context, impact analysis, and review guidance. Use whenever the user wants to create a PR, write a PR description, summarize branch changes for a pull request, open a pull request, or mentions 'PR', 'pull request', 'merge request', 'MR', 'code review description', or asks to 'describe my changes'. Also trigger when the user runs git commands related to pushing branches or asks for help with GitHub/GitLab PR workflows.
**Python Code Review**: Reviews Python code for quality, patterns, and best practices across Django, FastAPI, Flask, async/await, data processing, and general Python. Covers type hints, error handling, Pythonic patterns, security, performance, and testing. Use when the user wants a review of Python code, mentions .py files, Django, FastAPI, Flask, Celery, SQLAlchemy, Pydantic, or any Python framework.