// Create, edit, and validate spell definitions (YAML/JSON) that compose connectors and step commands into end-to-end spells. Use when building new spell definitions, modifying existing ones, or exploring available spell components.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | spell-builder |
| description | Create, edit, and validate spell definitions (YAML/JSON) that compose connectors and step commands into end-to-end spells. Use when building new spell definitions, modifying existing ones, or exploring available spell components. |
Purpose: produce production-ready spell definitions (YAML/JSON) that compose step commands and connectors into end-to-end automated spells, with proper data flow, validation, and engine integration.
| File | When to read |
|---|---|
| architecture.md | Always — three-layer model (spell → step → connector); putting logic in the wrong layer is the most common mistake |
| permissions.md | When defining or editing any step — required disclosure & dry-run report format |
| preflight.md | When the step depends on runtime state (clean git tree, logged-in CLI, reachable host) |
cli/spells packageAsk the user:
What would you like to do?
- Create a new spell definition from scratch
- Edit an existing spell definition
- Discover available step commands and connectors
- Validate an existing spell file
Then follow the appropriate section below.
| Field | Required | Example |
|---|---|---|
| Name | Yes (kebab-case) | deploy-staging, security-audit |
| Description | Recommended | Deploy to staging with smoke tests |
| Version | Optional (default 1.0) | 1.0 |
| Abbreviation | Optional | ds (short lookup key for /flo -wf ds) |
| MoFlo Level | Optional (default none) | none, memory, hooks, full, recursive |
If the spell needs runtime parameters, define each argument:
| Field | Required | Description |
|---|---|---|
| Name | Yes | Argument identifier (e.g., target, severity) |
| Type | Yes | string, number, boolean, or string[] |
| Required | Optional (default false) | Whether the argument must be provided |
| Default | Optional | Default value if not provided |
| Enum | Optional | Allowed values (e.g., [low, medium, high]) |
| Description | Optional | Help text |
Arguments are referenced via {args.argumentName}.
Walk the user through adding steps one at a time. For each step:
| Field | Required | Description |
|---|---|---|
| ID | Yes (unique) | Step identifier (kebab-case, e.g., run-tests) |
| Type | Yes | One of the available step command types (see Discovery section) |
| Config | Yes | Type-specific configuration (see per-step README) |
| Output | Optional | Variable name to store step output (for downstream steps) |
| Continue on Error | Optional | true to proceed even if this step fails |
| MoFlo Level | Optional | Override spell-level mofloLevel (can only narrow, not escalate) |
| Permission Level | Optional | readonly, standard, elevated, autonomous — auto-derived from capabilities when omitted |
Data flow between steps: Use {stepId.outputKey} syntax to reference output from a previous step. For example, if step fetch-data outputs a url field, a later step can use {fetch-data.url}.
Special variable references:
{args.name} — references a spell argument{credentials.NAME} — references a credential (resolved at runtime){stepId.outputKey} — references output from a previous stepAfter defining each step, display its permission profile. See permissions.md for the required format and per-capability warnings. Apply automatically — users must understand what each step can do before it becomes part of a spell.
When a step depends on runtime state the user controls (clean git tree, logged-in CLI, reachable host, etc.), declare a preflight: block so the spell fails fast with a helpful message before any side effects. Every preflight MUST include a hint: field — the user-visible message on failure. See preflight.md for the full guide (severity levels, resolutions, hint copywriting rules).
Assemble the definition into:
name: <spell-name>
abbreviation: <optional-abbreviation>
description: <optional-description>
version: "<version>"
mofloLevel: <optional-level>
arguments:
<arg-name>:
type: <string|number|boolean|string[]>
required: <true|false>
default: <optional-default>
enum: [<optional-values>]
description: <optional-help-text>
steps:
- id: <unique-step-id>
type: <step-command-type>
config:
<type-specific-config-fields>
output: <optional-variable-name>
continueOnError: <optional-true>
mofloLevel: <optional-level>
Validate against the engine schema. The following rules must pass:
name is required and must be a non-empty stringsteps is required and must be a non-empty arrayid (no duplicates)type matching a known step command{stepId.outputKey}) must not be forward references{args.name}) must match declared argumentsmofloLevel must be one of: none, memory, hooks, full, recursivemofloLevel cannot exceed the spell-level mofloLevelpermissionLevel (if declared) must be one of: readonly, standard, elevated, autonomousIf validation fails, show the specific errors and guide the user to fix them.
After schema validation passes, display the full spell-wide permission report and require user acceptance before the spell can be cast. See permissions.md for the exact format. On acceptance the permission hash is stored — subsequent runs do not re-prompt unless the spell's permissions change.
Ask the user where to save:
spells/<name>.yaml (user-level, project-specific).claude/spells/<name>.yaml (Claude Code integration)Prefer the MCP tool when available:
mcp__moflo__spell_create — name, definition (YAML string), description
Or write the file directly to the chosen directory.
Ask for the spell file path, or use mcp__moflo__spell_list to browse available spells. Read the YAML/JSON file and parse the current definition.
Show a summary: name, description, version, abbreviation, arguments (if any), steps list with id/type/output variable/continueOnError.
| Operation | Description |
|---|---|
| Add step | Insert a new step at a given position |
| Remove step | Delete a step by id (warn about broken references) |
| Reorder steps | Move a step to a new position (warn about broken forward refs) |
| Update step config | Modify a step's configuration fields |
| Update step type | Change a step's command type (reset config to match) |
| Add/remove arguments | Modify spell argument definitions |
| Update metadata | Change name, description, version, abbreviation, mofloLevel |
After each change, re-validate and show any errors introduced. When adding or modifying a step, display its permission report (see permissions.md). If the change introduces new destructive capabilities or raises the permission level, call this out explicitly.
Write the updated YAML back to the original file (or a new path if requested).
Each step type has its own self-contained README under .claude/skills/spell-builder/steps/:
.claude/skills/spell-builder/steps/
<step-name>/README.md — config, outputs, usage examples, source path
To find available steps, Glob .claude/skills/spell-builder/steps/*/README.md and read each H1.
Runtime source: src/cli/spells/commands/ — each step is a TypeScript file registered in index.ts.
Adding a new step: create steps/<name>/README.md (use existing READMEs as templates and follow .claude/guidance/moflo-guidance-rules.md); the step source goes in src/cli/spells/commands/ and is registered in index.ts. No changes to this SKILL.md needed.
Each connector has its own self-contained README under .claude/skills/spell-builder/connectors/:
.claude/skills/spell-builder/connectors/
<connector-name>/README.md — actions, capabilities, usage, source path
To find available connectors, Glob .claude/skills/spell-builder/connectors/*/README.md.
Runtime source: src/cli/spells/connectors/ — each connector is a TypeScript file registered in index.ts.
Adding a new connector: create connectors/<name>/README.md; the connector source goes in src/cli/spells/connectors/ and is registered in index.ts. When to create a new connector vs composing existing ones: see architecture.md.
Read the spell file (YAML or JSON). The parser auto-detects format.
Check against all engine validation rules from Section 1, Step 5.
src/cli/spells/types/spell-definition.types.ts — SpellDefinition, StepDefinition, ArgumentDefinition, ArgumentTypesrc/cli/spells/types/step-command.types.ts — StepCommand, StepConfig, StepOutput, CastingContext, MofloLevel, CapabilityTypesrc/cli/spells/types/spell-connector.types.ts — SpellConnector, ConnectorAction, ConnectorOutput, ConnectorAccessorsrc/cli/spells/schema/validator.ts — validateSpellDefinition()src/cli/spells/schema/parser.ts — parseSpell()src/cli/spells/registry/spell-registry.ts — Grimoiresrc/cli/spells/loaders/definition-loader.ts — two-tier loading (shipped + user)| Tool | Purpose |
|---|---|
mcp__moflo__spell_create | Create a new spell definition |
mcp__moflo__spell_list | List available spells |
mcp__moflo__spell_cast | Cast (execute) a spell |
mcp__moflo__spell_status | Check spell execution status |
| Level | Access |
|---|---|
none | No MoFlo integration (default) |
memory | Read/write MoFlo memory |
hooks | Memory + hook triggers |
full | Hooks + swarm/agent spawning |
recursive | Full + nested spell invocation |
| Pattern | Description | Example |
|---|---|---|
{args.name} | Spell argument | {args.target} |
{credentials.NAME} | Runtime credential | {credentials.GITHUB_TOKEN} |
{stepId.key} | Previous step output | {fetch-data.url} |
name: security-audit
abbreviation: sa
description: Run security checks on a target directory
version: "1.0"
mofloLevel: memory
arguments:
target:
type: string
required: true
description: Directory to audit
severity:
type: string
default: medium
enum: [low, medium, high, critical]
description: Minimum severity to report
steps:
- id: scan-deps
type: bash
preflight:
- name: "npm available"
command: "npm --version"
hint: "npm isn't installed or isn't on your PATH. Install Node.js from https://nodejs.org and try again."
config:
command: "npm audit --json"
cwd: "{args.target}"
output: audit-result
- id: analyze-findings
type: agent
config:
prompt: |
Analyze the npm audit results and filter for severity >= {args.severity}.
Audit output: {scan-deps.result}
output: analysis
- id: save-report
type: memory
config:
operation: write
namespace: security
key: "audit-{args.target}"
value: "{analysis.summary}"