claude-leverage

Diagnose a flaky test by running it N times. Delegates to flaky-test-isolator subagent — N runs, signature-grouped failures, stability report. Does NOT fix the test.

USE WHEN a test intermittently fails on unchanged code. Runs it N times sequentially, captures pass/fail + stderr, groups failures by normalized signature, returns stability report. Read-only — never modifies code or installs deps. For statistical signal across runs, not one-shot diagnosis.

USE BEFORE committing security-sensitive changes (auth, crypto, routes, templates, secrets). Audits current diff for OWASP-Top-10 patterns + deps typosquatting. Read-only. Returns Critical / Important / Nice schema with file:line. Model review — not a Semgrep/CodeQL replacement.

USE WHEN a load-bearing architectural decision is being made in conversation (database / framework / auth model / integration choice, or explicit rejection of an alternative) — one likely to be re-litigated in 6 months without the rationale. Bootstraps a numbered MADR ADR in `docs/adr/`, asks for context + decision + alternatives, updates the index. Immutable status once accepted. See `docs/adr/README.md` for the convention; full Do/Don't list in this SKILL body.

USE WHEN setting up a repo for AI-first work, after a major directory restructure, or when an agent needs structured answers like "which modules are stable?" / "what's the public surface of X?" that the prose AGENTS.md doesn't give cheaply. Bootstraps or refreshes `architecture.yml` at repo root — machine-readable module metadata (path / role / stability / public_surface / depends_on / paired_with / owners). Hand-curated; the skill drafts, the user confirms. See ADR 0005 for why this file lives at root and why YAML over JSON.

USE WHEN setting up Codex CLI in a project, tightening sandbox for prod/CI, or when user asks about Codex permissions. Interactive helper for per-project `.codex/config.toml`: `dev` / `prod` / `custom` profiles, idempotent via markers, preserves unmanaged config below the block. Codex-only artifact.

USE WHEN setting up a repo for AI-first work (after /init-repo), or when the context-surface hook should start feeding repo conventions to agents before edits. Drafts `conventions.yml` at repo root: per-kind casing (inferred from the code), a vague-name denylist seed, directory roles, and a hand-filled house-rules block. Idempotent — never overwrites a populated file; re-running prints suggested additions for manual merge. Read-only on code; never invents house rules. After writing, run /refresh-context-map so the hook picks it up.

USE WHEN about to open a PR, when teammate asks "what's in this diff?", or when returning to a branch and needing self-orientation. Three modes: `--for pr|review|self`. Reads `git diff HEAD` (or passed range), returns 3–5 bullet plain-English narration. Read-only — defers security/test concerns to other skills.

8 hooks across 4 events