razorpay

Scores a Razorpay service repo against the Agentic SDLC Scorecard across three pillars — Context (C1–C4), Testing (T1–T4), CI/CD (D1–D4) — and outputs a band per pillar plus an aggregate score. Use when assessing how agent-ready a service is or tracking progress across teams.

Analyze alert coverage for Razorpay services by discovering multi-source monitoring (Prometheus, CloudWatch RDS, Performance Insights, Coralogix logs), scanning application metrics, and identifying missing business-critical metrics. Leverages repo skill Observability/Monitoring sections (when available) and verifies existing coverage with user before recommendations. Use when the user asks to analyze alert coverage, check for missing alerts, audit monitoring completeness, add metrics and alerts for a service, or improve observability. Only works with Razorpay repositories.

Analyzes API endpoints in Go codebases and generates comprehensive flow visualizations (both Mermaid charts and ASCII diagrams) showing the complete request execution path, including handlers, middleware, services, database queries, external HTTP APIs, cache operations, message queues, and all other components. Use when the user asks to visualize an API endpoint, see the flow of an API, understand how an API works, trace an API request, or map out API dependencies. Triggers on requests like "show me the flow for POST /users/create", "visualize the /orders endpoint", "trace the API call for account creation", or "map out what services are used by this endpoint".

Use when creating, updating, or reviewing baseline Prometheus alert rules for a Razorpay microservice. Triggered by requests like 'add baseline alerts for X service', 'set up monitoring alerts', 'create baseline alerting for my service'.

Index of baseline metric families for Razorpay services. Use it to determine which standard metrics must exist for HTTP, gRPC, workers, egress, outbox, Go runtime, and relevant infra components.

Apply security best practices when writing, reviewing, or discussing code. Covers authentication, injection prevention, API security, input validation, infrastructure, and AI/LLM security for Python, Go, JS/TS, React, PHP, Node.js.

Generates ready-to-run cURL commands from any codebase (Go, Laravel, Express, Fastify, or other frameworks). Scans route definitions to auto-generate commands, or builds them from user-described endpoints. Includes proper headers, authentication, request bodies with realistic sample data, and environment support (devstack/prod). Use when users ask to "generate curl", "create curl commands", "curl examples for this API", "test this endpoint", or "generate API commands".

Standards for SQL interactions within a Domain package.

Orchestrate parallel migration of Blade React components to Svelte 5. Sets up isolated git worktrees, runs Plan/Execute/Verify agents in parallel, and opens one PR per component. Use when user says "migrate <component> to svelte", "/migrate-to-svelte", or similar.

Perform a task end-to-end when intent is set to 'perform-task-end-to-end' by checking existence of GITHUB__RZP_SWE_AGENT_APP__APP_ID environment variable in the session.

Visually verify component changes in Storybook using the agent-browser CLI tool

Get agentic metrics for the `razorpay/blade` repo.

Important guidelines for writing frontend UI code. Ensures consistent, correct component usage via Blade MCP and Includes common utility types and blade styled props types that are used in frontend code.

Create a draft pull request with conventional commit message and structured PR body targeting master branch

Review blade PRs by fetching diff, checking CI status, and getting Storybook URL. Use when reviewing PRs, checking PR status, or getting preview links for razorpay/blade PRs.

This rule helps in reviewing the component before shipping to make sure all important things are checked

Run a per-file design-system drift scan on a Razorpay UI file. Reads the file, scans for raw colour or spacing values where Blade tokens exist, ad-hoc components shaped like Blade primitives, missing variants, and accessibility-attribute drift. Trigger phrases include "run blade-compliance on <file>", "/blade-compliance-check <file>", "check this file for design-system drift", "scan this UI for Blade drift". The skill produces a per-line Markdown report with one finding per drift, each naming the line, the drift type, and a suggested fix referencing a real Blade primitive or token. Use when reviewing or self-reviewing a UI file before shipping or after inheriting code that may not be design-system compliant.

Reads a Figma frame and produces structured design intent that the production-compiler can consume. Outputs a Markdown document naming the components used (with Blade equivalents where they exist), the layout shape, the interaction states, the variants, and the accessibility considerations. Activate when the user wants to translate a Figma design into shippable code and is at the first stage of the design-to-code workflow.

Walks a learner through the Razorpay Org-Wide AI Playbook one belt at a time, reading the same Markdown the HTML hub serves and tracking progress in a LEARNER.md file in the working directory. Triggers on phrases like "start the playbook", "start white belt", "continue my belt", "what's next in my belt", "where am I in the playbook", "show my progress", "show my learner state", "claim white belt", or "claim yellow belt". Use when a learner wants a paced, conversational walk through belt content with progress tracking and quest/boss-fight gating that records claims without bypassing Appendix L's reviewer protocol.

Run a six-layer structured review on a branch's diff before opening or merging a PR. The six layers are redlines, design system, tests, PR craft, prompt craft, and behaviour preservation. Trigger phrases include "run pre-ship-check on this branch", "/pre-ship-check", "check before review", "is this ready to ship", "pre-ship this PR", "do the six-layer check". The skill produces a structured Markdown report with one section per layer, a colour (GREEN / YELLOW / RED) per layer, and a final summary line. Use when a Razorpay builder is about to open, merge, or hand off a PR; the Green Belt boss fight requires a clean run as sub-requirement (c).

Takes raw AI-generated UI code (typically from AI Studio, ChatGPT, or a similar prompt-based UI generator) plus optional design-intel and produces Blade-compliant JSX. Three layers: component substitution (raw primitives → Blade primitives), token application (raw values → Blade tokens), accessibility verification. Activate when the user has raw AI-generated UI code or a Figma design they want translated to Blade-using code.

Spawn a security-review subagent with the canonical six-check brief and consume the structured findings. The skill reviews a branch's diff for redlines, prompt-injection capability creep, untrusted-input handling, output exposure, injection-vulnerable shapes, and unscoped capabilities. Trigger phrases include "run security-review on this branch", "/security-review", "spawn a security-review subagent for this PR", "security-check this diff". The skill returns a structured Markdown artefact with one section per finding. Use on any PR that touches an agent invocation, an MCP connector grant, untrusted-input ingestion, or a new external surface; the Green Belt boss fight assumes this skill has run on the product-repo PR before review.

Runs the 10-point environment health check the playbook uses to gate White Belt's Quest W-0. Produces GREEN / YELLOW / RED status per check with one-line fixes for any non-green result. Activate when the user runs the setup script, finishes onboarding, or asks "am I set up correctly".

Generate Razorpay MCP server tool implementations from API documentation URLs, curl commands, or request/response examples. Produces Go tool code, unit tests, registration, and README updates. Use when the user provides a Razorpay API doc link, curl example, or request/response payload and wants a new MCP tool created.