dotfiles

Reviewer persona for authorization models — RBAC, ABAC, ReBAC, and hybrids. Catches the bugs that ship after auth is correct but authz is wrong: missing tenant scoping, IDOR via predictable IDs, role escalation through unchecked write paths, permission caching staleness, transitive-trust loopholes, RBAC/ReBAC drift between policy doc and code. Use when reviewing endpoints that gate access by user/role/relationship, when adding a new role/permission/scope, when changing tenant isolation, or when designing a permission system from scratch. Triggers: RBAC, ABAC, ReBAC, IDOR, tenant isolation, multi-tenant, permission check, role, scope, principal, Zanzibar, OpenFGA, casbin, authz, can_, has_permission, isAuthorized.

Stand up a full c1 dev stack inside a Squire env — process-compose, postgres, envoy, pub-api, pub-auth, be-* services — wired so an external client can drive c1's gRPC surface end to end with TLS + OAuth2 client_credentials. Use when testing a Latchkey or other c1 client against a real (not stubbed) c1 backend, or when reproducing c1 server-side behavior locally. Triggers on: c1 dev env, squire c1 stack, pc/up, dev-util mint-test-client, test against c1, c1 OAuth client_credentials, run c1 integration tests in squire, repro buildkite integration test, TEST_LOCAL_EXEC, api_no_uplift.

c1-specific values for the general squire dispatch protocols defined in squire-env-management. Provides the c1 gate bundle's contents, the task-family table for c1 work, the c1 always-actives, and the list of c1 skills that should NOT be spent on a squire env. Use when about to spawn a squire env to execute c1 work, when writing a brief for a remote c1 agent, or when filing a c1 bead intended for squire dispatch. Triggers: c1 squire dispatch, c1 squire brief, c1 remote work, c1 ephemeral env, c1 fire-and-forget.

Reviewer persona for detecting hand-rolled cryptography. Distinct from `sharp-edges` (which catches footgun APIs) and `key-lifecycle-review` (which covers lifecycle hygiene): this skill catches the class where someone wrote their own MAC, KDF, AEAD, signature scheme, secret-comparison routine, RNG, or password hash. Almost all custom crypto is broken. Use when reviewing any code that does math on bytes, manipulates buffers in a 'crypto-shaped' way, or implements something whose docs reference a named primitive (HMAC, AES-GCM, Argon2, X25519). Triggers: hand-rolled crypto, custom MAC, custom hash, custom KDF, byte XOR, constant-time compare, derived key, password hashing, HKDF, encrypt_then_mac, mac_then_encrypt, AE, AEAD.

Reviewer persona for the full lifecycle of cryptographic keys and high-value secrets: generation, storage, distribution, rotation, revocation, and destruction. Trail of Bits' `zeroize-audit` covers the destruction half; this skill covers the other four phases plus closes the loop with destruction. Use when reviewing key management code, secret stores, KMS integrations, rotation logic, key derivation, RNG usage, or any system that issues, holds, or revokes long-lived credentials. Triggers: key generation, key rotation, KMS, HSM, secret store, vault, key derivation, KDF, master key, DEK, KEK, rotation, revocation, RNG, entropy, random, secrets management.

Reviewer persona for OAuth 2.0 / 2.1 and OpenID Connect flow implementations. Catches the well-documented attack classes that still ship: missing PKCE, wildcard redirect URIs, mishandled refresh tokens, scope creep, mixed flows on a single endpoint, leaking tokens through referrer or logs, JWT signature bypass. Use when reviewing any code that issues, accepts, validates, exchanges, refreshes, revokes, or stores tokens; when designing a new auth integration; when a PR touches /authorize, /token, /userinfo, /jwks, /introspect, /revoke, OIDC discovery, or a third-party identity provider client. Triggers: OAuth, OIDC, JWT, PKCE, redirect_uri, scope, refresh token, access token, id_token, client_credentials, authorization code, implicit, device code, token exchange, identity provider, IdP, SSO.

Deep, multi-agent review of a PR or branch diff: fan out one focused subagent per dimension (security, scale, performance, correctness, idiomatic style, plus frontend when the diff warrants), adversarially verify every finding to kill false positives and pre-existing debt, tier what survives, then post agent-shaped inline comments to the PR. Has a re-review mode for when the author has addressed feedback. Use when the user asks to "deep review this branch/PR", "review the PR with subagents", "do a thorough review", "re-review the PR", or wants a higher-rigor pass than a single-shot review.

Reviewer persona for Rust `unsafe` blocks and FFI (foreign function interface) boundaries. Catches the well-documented soundness violations: aliasing rule breaches, lifetime extension into 'static, raw-pointer arithmetic past bounds, `repr` mismatches with C, panic-across-FFI undefined behavior, transmute footguns, unsoundness from `Send`/`Sync` blanket impls, unwind-across-FFI, drop-on-uninitialized. Use when reviewing any PR that touches `unsafe { ... }`, `extern "C"`, `#[repr(C)]`, `Box::from_raw`, `Vec::from_raw_parts`, `mem::transmute`, `Pin`, `ManuallyDrop`, `MaybeUninit`, raw-pointer ops, or build.rs that bindgen / cc-rs / cxx integration. Triggers: unsafe rust, FFI, extern C, raw pointer, transmute, Box::from_raw, repr(C), bindgen, cxx, Send, Sync, aliasing, undefined behavior, miri.

Reviewer persona for AI-generated code and logs: did the agent embed a real secret in a diff, commit message, log line, error message, comment, README, screenshot, or test fixture? With AI-mediated codebases this is now a distinct attack-surface class — agents see secrets from .env / config files / process env / tool output, and may reproduce them in proposed changes. Use after any agent-authored diff (claude-code, codex, opencode, pi, sqfan-spawned envs), after any agent session that ran with elevated access to env vars or secret stores, and as a pre-commit and pre-push gate. Triggers: AI-generated, agent diff, claude-code commit, codex commit, agent log, agent transcript, leaked secret in PR, agent secret exposure.

Reviewer persona for Server-Side Request Forgery and confused-deputy classes. Covers user-controllable URLs fetched server-side, DNS rebinding, IPv6 / IPv4-mapped sidesteps of allowlists, internal metadata service exposure (AWS/GCP/Azure IMDS), egress to private CIDRs, and the broader 'service makes a request using its own authority on behalf of an untrusted caller' class. Use when reviewing code that fetches URLs, proxies HTTP, takes a webhook URL, accepts a callback target, hydrates from an external feed, or otherwise turns user input into an outbound request from a privileged service. Triggers: fetch, requests.get, http.Get, webhook, callback url, proxy, redirect, hydrate, ingest, IMDS, metadata service, SSRF, confused deputy, server-side fetch.

Build and iterate on a personal master schedule across travel, parenting, school/camp, festivals, conferences, administrative deadlines, and work travel. Pulls from Google Calendar + web research. Emits a single date-prefixed line per item, chronologically ordered, with [Owner] tags and explicit conflict flags. Use when the user is organizing dates over a multi-month window, planning around camps and trips, reconciling work travel against family commitments, or preparing a shareable schedule. Triggers on: organize dates, my calendar, schedule, plan june (any month), what's on, family schedule, camp schedule, conference dates, reconcile conflicts.

Project framework defining mandatory artifacts, practices, and organization. Always active. Defines DATA_SOURCES.md, LEARNINGS.md, GLOSSARY.md, and other project files. Read references/ for details on each topic.

Tactical situation report scoped to ONE proximate goal with a hard deadline. Pulls real-world signals from multiple nebulous sources (ticketing system + git host + wiki + chat + local tracker) and synthesizes a calibrated A/B/C readiness call, plus the single most calendar-pressing action. Triggers on "sitrep", "situation report", "tactical read", "am I on track for X", "where are we on <named milestone>", "deadline read", "alpha check", "milestone check", "launch check", "what's at risk before <date>".

Create and manage Squire ephemeral development environments for parallel agent work. Use when delegating implementation tasks to remote environments, creating fire-and-forget work sessions, or monitoring parallel agents. Triggers on: squire, ephemeral env, parallel agents, fire-and-forget, remote development.

Enables ultra-granular, line-by-line code analysis to build deep architectural context before vulnerability or bug finding.

Code comment review persona. Focuses on a single axis: comments must describe what is in the code, not the process of writing it. Strips phase numbers, bead/issue references, "added for X" notes, dogfood/debug history, and other narration that ages poorly. Keeps brief comments that explain non-obvious WHY. Use proactively after generating or modifying code with comments. Triggers on: review comments, audit comments, comment review, comment audit, strip process comments, comment hygiene, comment discipline.

Performs security-focused differential review of code changes (PRs, commits, diffs). Adapts analysis depth to codebase size, uses git history for context, calculates blast radius, checks test coverage, and generates comprehensive markdown reports. Automatically detects and prevents security regressions.

Use when a user asks to debug or fix failing GitHub PR checks that run in GitHub Actions; use `gh` to inspect checks and logs, summarize failure context, draft a fix plan, and implement only after explicit approval. Treat external providers (for example Buildkite) as out of scope and report only the details URL.

Reply to and resolve GitHub PR review threads after pushing fixes. Use after committing changes that address PR feedback — matches threads to commits, posts replies with commit references, and resolves threads. Triggers on: resolve threads, reply to PR feedback, address PR comments, close review threads.

Comprehensive Go code review skill for PR reviews, architecture assessment, and test quality analysis. Use when reviewing Go code to ensure adherence to Go best practices, security standards, and project-specific patterns. Applies to full PR reviews, single file/function reviews, architecture evaluation, and test code quality checks.

Behavioral dispositions for emotionally and psychologically healthy interaction with the user. Covers honest disagreement, absence of performative warmth, respect for user agency, non-replacement of human connection, and how to respond when the user expresses real distress without sliding into therapy or dismissal. Each disposition lists both failure directions so the skill is applied as judgment, not rules. Intended to be always active — add to the always-active list in CLAUDE.md.

Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.

Guardrails, protocols, and operating constraints for large-scale, long-running, or parallelized AI coding tasks — migrations, codebase-wide refactors, framework upgrades, and any task touching 50+ files. Prevents scope creep, context drift, silent compounding errors, and emergent behavior outside the defined task boundary. Use when refactoring across files, migrating frameworks, upgrading dependencies, replacing or renaming patterns throughout a codebase, or any task touching 50+ files.

Mandatory verification protocol after code changes for Go projects. Use after any code modification to ensure quality.

Triage open GitHub pull requests for actionable feedback, unresolved review threads, requested changes, CI or merge blockers, and ready-to-merge links. Use when the user asks for a PR pass, review/mergeability sweep, status check across their open PRs, a filtered PR cohort, or asks which PRs need action versus can be merged.

Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, reviewing code with serialization/validation/parsing patterns, designing features, or when property-based testing would provide stronger coverage than example-based tests.

Run a multi-agent code review on recent changes. Spawns a team of specialized reviewers (bugs, security, perf, tests, usability, etc.), collects findings, triages into fix-now vs defer, and optionally applies fixes. Use when asked to "review code", "review changes", "review this PR", or "get a second opinion".

Repository-grounded threat modeling that enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations, and writes a concise Markdown threat model. Trigger only when the user explicitly asks to threat model a codebase or path, enumerate threats/abuse paths, or perform AppSec threat modeling. Do not trigger for general architecture summaries, code review, or non-security design work.

Identifies error-prone APIs, dangerous configurations, and footgun designs that enable security mistakes. Use when reviewing API designs, configuration schemas, cryptographic library ergonomics, or evaluating whether code follows 'secure by default' and 'pit of success' principles. Triggers: footgun, misuse-resistant, secure defaults, API usability, dangerous configuration.

Convert output from custom or experimental static analysis tooling into actionable bug fixes. Use when working with novel linters, in-house detectors, or recently-shipped analysis passes whose findings haven't yet been triaged into PRs. Covers detector volume reduction, per-finding source verification, false-positive shape recognition, and end-to-end PR drafting. NOT for established lints (gosec, staticcheck, eslint) where the rules are well-known and the fix is mechanical.

Review a prompt about to be sent to a subagent (Agent tool, sqfan dispatch, squire env, scheduled remote agent, MCP-driven worker) for defects that cause silent failure, wasted runs, or runaway scope. Single-axis review: is this prompt fit-to-dispatch? Use proactively before any Agent() call whose prompt is more than a sentence or two, before `sqfan dispatch`, before `/schedule`-style remote-agent creation, and on demand. Triggers on: review this prompt, lint this prompt, check this subagent prompt, is this prompt OK, prompt review, prompt lint, subagent prompt review, before dispatch, before scheduling, vet this delegation, prompt sanity check.

Builds and queries multi-language source code graphs for security analysis. Includes pre-analysis passes for blast radius, taint propagation, privilege boundaries, and entry point enumeration. Use when analyzing call paths, mapping attack surface, finding complexity hotspots, enumerating entry points, tracing taint propagation, measuring blast radius, or building a code graph for audit prioritization. Supports 16 languages including Solidity, Cairo, Circom, Rust, Go, Python, C/C++, TypeScript.

Helps coding agents use vit to discover, follow, skim, and ship software capabilities (caps) over ATProto. Activates when the user mentions vit, beacons, caps, shipping, skimming, following, vetting, or social coding.

Functional-analysis protocol for iteratively improving subagent performance. Adapted from Antecedent-Behavior-Consequence (ABC) analysis in applied behavior analysis. Use when delegating to a subagent, when an agent returns a poor result, when a pattern of similar failures appears across runs, or when coaching a prompt toward reliability.

Explicit protocol for a management agent to verify web workflows after a subagent completes a task, without writing Playwright or browser automation. Trigger only when the user explicitly asks to verify workflows, run a named flow, or mentions agent-verify / verify-workflows / page-objects-for-agents. Do NOT trigger on general web app work, testing discussions, or code review.

Post-run elicitation protocol for subagents. Adapted from the PEACE model (UK College of Policing) and the Cognitive Interview (Fisher & Geiselman) — the evidence-based, non-coercive replacement for the Reid Technique. Use after a subagent returns a poor or confusing result and before redesigning the brief, to get the agent's uncontaminated account of what it understood, tried, and saw. Complements abc-agent-management: PEACE produces the clean behavioral data that ABC analyzes.

Informal communication for Slack, chat, DMs, and quick check-ins. Conversational, first-person, correct punctuation but relaxed register. Use for Slack messages, informal reviews, and PR descriptions on own repos.

Systematically find problems in a design before building it. Four lenses: unnecessary complexity, missing fundamentals, feasibility gaps, and scope mismatch. Use after creating an implementation plan or when a design feels wrong. Invoked via /critique.

Feature design methodology. Covers research, comparison, requirements refinement, ideation, implementation planning, and DX completeness. Use when starting a new feature, planning a refactor, or designing APIs. Invoked via /design [topic].

Documentation methodology: process, content patterns, templates, verification, organization, and merging. Use when writing docs, planning doc structure, reviewing docs for quality, or merging documentation across sources.