Check and update all installed Claude Code plugins

Scaffolds high-signal bin/ scripts for a project. Use when the quality-orchestrator recommends bootstrapping, when bin/lint or bin/test are missing, or when gate output is noisy. Detects toolchain and creates minimal-output scripts optimized for LLM agents.

Implements features with continuous quality gate validation and proof-anchored plan tracking. Use when the quality-orchestrator recommends building, when plan items need implementation, or when the user asks to build a feature. Every plan item is checked off only when gates pass at the current commit.

Read-only code quality reviewer that catches violations before gates run. Pairs with the writer during build to eliminate gate-fail-fix-rerun cycles. Reviews complete plan item implementations against quality rules and reports findings.

88-item design audit with CSS inspection and letter grades. Uses Preview tools to inspect computed styles, test responsive behavior, and check accessibility.

Unified design review agent combining design-audit inspection, accessibility verification, and responsive checks into a single review with proof output.

Detects project quality state and determines which sdlc phase to run next. Use this agent proactively when the user starts feature work, asks to build or ship something, or when you need to determine the right development phase. Analyzes branch status, bin/ scripts, plan files, gate results, and PR state to make a single clear recommendation.

Finds and fixes flaky pytest tests. Use when tests pass in isolation but fail in the full suite, fail intermittently, or produce different results with different ordering/seeds. Diagnoses root causes (shared state, fixture leakage, timing, xdist ordering) and implements fixes.

Finds and fixes flaky vitest tests. Use when tests pass in isolation but fail in the full suite, fail intermittently, or produce different results with different ordering. Diagnoses root causes (DOM leakage, module cache, timer/async issues, mock state) and implements fixes.

Thorough performance audit of codebases. Identifies language/framework antipatterns, bottlenecks, inefficient code, query issues, and missing caching. Produces a findings report and offers interactive fixes.

Review plan document chunks for completeness, spec alignment, and proper task decomposition. Dispatched by writing-plans skill after each chunk.

Assesses and addresses individual PR review comments. Spawned per feedback round by the pr-feedback skill. Evaluates each comment (ACTION/ACKNOWLEDGE/DECLINE), implements warranted changes, replies individually, and resolves threads.

Browser-based QA testing with GIF recording. Launches the app, walks through user flows from the spec, captures recordings as proof.

Architecture reviewer — analyzes API design, dependencies, breaking changes, system design, and scalability concerns in local code changes.

Correctness reviewer — finds logic bugs, edge cases, error handling gaps, race conditions, resource leaks, and type safety issues in local code changes.

Security reviewer — identifies vulnerabilities including OWASP Top 10, secrets exposure, injection flaws, auth issues, and cryptographic misuse in local code changes.

Style and quality reviewer — checks code consistency, naming conventions, readability, test quality, and dead code in local code changes.

Structured code review with executable verification. Use when the quality-orchestrator recommends reviewing, when a feature branch is ready for review, or when the user asks to review code. Runs gate scripts first, then performs manual review on what scripts can't catch. Recursive — reviews until zero open issues.

Full PR lifecycle with executable proof. Use when the quality-orchestrator recommends shipping, when the feature is reviewed and ready, or when the user asks to ship or create a PR. Gates use SHA-validated cached proof when available. Embeds proof in the PR description.

Finds and refactors slow pytest tests. Use when test suites are slow, when pytest --durations shows bottlenecks, or when the user asks to speed up tests. Analyzes fixture scope, redundant setup, missing boundary mocks, unnecessary I/O, sleep calls, and parametrize bloat.

Review whether implementation matches its specification — nothing more, nothing less. Dispatched by subagent-build after each task's implementation.

Review spec documents for completeness, consistency, and readiness for implementation planning. Dispatched by brainstorm skill after spec is written.

Coordinates concurrent writer+critic pairs during pair-build. Analyzes the plan for independent items, groups them into parallel lanes, dispatches pairs concurrently, and reassembles results. Kanban style — pull next batch when current batch completes.

Finds and fixes testing antipatterns across Python, JS/TS, Java, Kotlin, Go, and Ruby. Replaces mocked tests with behavioral tests, adds missing edge cases, removes implementation coupling. Framework-agnostic.

Scaffold high-signal bin/ scripts (lint, format, test, typecheck, coverage) for any project. Detects toolchain, creates minimal-output scripts optimized for LLM agents, and audits existing scripts for noise.

Design exploration before implementation. Spawns a Product + Engineering + Design team to debate scope, architecture, and UX, then synthesizes into a spec. Use before building new features or making significant changes. Trigger: 'brainstorm', 'design a feature', 'let's think about', 'explore an idea', 'what should we build'.

DEPRECATED — redirects to pair-build. Use /sdlc:pair-build directly.

Query Datadog API for alerting/warning monitors, investigate each one, then fix real bugs or tune noisy alarms. Filters by environment (default production).

UI quality audit — inspects computed CSS across typography, spacing, color, layout, interaction, accessibility, and polish. Produces letter grades per category. Requires Preview MCP tools. Trigger: 'audit the design', 'check UI quality', 'grade the frontend', 'design review'.

Design system orchestration — bootstraps design-context.md from project scan, enforces design constraints during builds, runs unified design review. Trigger: 'design init', 'design review', 'set up design system', 'check design quality', 'sdlc:design'.

Detect project quality state and determine the next sdlc phase. Runs diagnostics on branch, bin/ scripts, plans, gates, and PR status, then recommends a single action. Use when resuming work, starting fresh, or unsure what to do next. Trigger: 'what's next', 'continue', 'pick up where I left off', 'what should I do'.

Guide branch completion after implementation — presents structured options: merge to main, open PR, keep as worktree, or discard. Use when all tests pass and you need to decide how to land the work. Trigger: 'I'm done', 'wrap up', 'merge this', 'what now', 'clean up the branch'.

Systematic root-cause debugging across Datadog logs/RUM/APM, Google Cloud logging, and the local codebase. Mirrors the gstack /investigate discipline (Iron Law, 3-strike rule, regression test, structured DEBUG REPORT) and routes per service. Optionally posts findings to Slack.

Analyze and speed up slow pytest test suites. Uses --durations to find bottlenecks, diagnoses root causes (fixture scope, redundant setup, missing mocks at boundaries, sleep calls), and applies targeted fixes. Python/pytest only. Trigger: 'tests are slow', 'speed up tests', 'optimize the test suite'.

Use this skill when the user wants to implement, build, or code items from an existing plan or checklist — phrases like "implement the plan", "build the plan items", "start coding", "implement the remaining items", or "pair-build". Takes a structured plan and executes each item with a writer+critic pair so builds pass gates on the first run. Trigger on any intent to go from plan to working code. Do NOT trigger for planning, reviewing, shipping, or fixing tests — only active implementation of plan items.

Dispatch concurrent agents for independent problems — one agent per domain, all running in parallel. Use when multiple unrelated failures or tasks can be investigated simultaneously. Trigger: 'fix these in parallel', 'these failures are unrelated', 'work on these simultaneously', 'parallelize'.

Invoke for broad codebase performance investigations: slow apps or APIs, endpoint latency problems, N+1 queries, algorithmic bottlenecks, missing caching, memory inefficiencies, and framework antipatterns. Triggers on "audit the performance", "find bottlenecks", "why are our endpoints slow", "find N+1 queries", or "check for performance antipatterns". Scans hot paths across any language or framework, produces a prioritized findings report with impact estimates, and walks through fixes interactively. Do NOT use for single targeted fixes, test speed optimization, infrastructure scaling, or general code review.

Use this skill to adopt, find, resume, or hook up a plan for the sdlc proof system. Triggers when the user says "adopt this plan", "hook the plan up to sdlc", "find the plan for this branch", "convert my Claude plan into sdlc format", "resume the plan", or "where's the plan? pair-build can't find it". Converts Claude-native plans into sdlc-format plans with proof-anchored checkboxes. Do NOT use for writing plans from scratch (use writing-plans), building plan items (use pair-build), or brainstorming.

Monitor a PR for review feedback and address it in an autonomous loop. Handles both automated (CodeRabbit, Codacy, etc.) and human reviewer feedback. Auto-detects PR from current branch. Waits for review checks, fetches unresolved threads, spawns a handler agent per round, optionally runs code-simplifier on changes, and repeats until clean. Triggers: 'handle PR feedback', 'address review comments', 'pr feedback', 'fix review comments', 'respond to reviews'.

Browser-based QA testing with structured inventory and signoff — enumerates all testable claims before testing, walks user flows, captures GIF recordings as proof. Trigger: 'QA this feature', 'test in the browser', 'record a demo', 'does it work'.

Use this skill when the user wants a code review — before opening a PR, merging a branch, or shipping to production. Triggers on requests like "review my code", "is this ready to merge", "check my work before I push", "run the quality gates", or "give me a second pair of eyes on this branch". Runs automated quality gate scripts plus manual review for bugs, security, performance, test quality, and plan compliance. Walks through findings interactively and commits fixes. Do NOT use for building features, fixing bugs, or performance auditing outside a review context.

Use this skill whenever the user wants to open, update, or push a pull request. Triggers for: creating a new PR from a feature branch, addressing reviewer feedback and re-pushing, updating a PR description with fresh verification results, or any "ship it" / "create the PR" / "push and open a PR" request. Runs quality gates, collects proof artifacts into the PR description, rebases on main, watches CI, and asks before merging. Do NOT use for code review, building features, or brainstorming.

Execute plans with fresh subagents per task and two-stage review (spec compliance then code quality). Use over pair-build when tasks are independent, don't share files, and benefit from isolated context. Trigger: 'use subagents', 'dispatch workers', 'build with isolated agents'.

Use this skill to replace over-mocked tests with real behavioral tests. Invoke when: tests mock the module under test, deleting source files wouldn't break tests, tests only assert on mock call counts, spyOn().mockImplementation() everywhere, or the test-quality gate keeps rejecting disguised mocks. Also triggers on "fix test quality", "too many mocks pretending to be real tests", or "audit the test suite for antipatterns". Performs a full codebase scan and rewrites across Python, JS/TS, Java, Kotlin, Go, and Ruby. Do NOT use for slow tests (use optimize-tests), writing new tests, or fixing test failures unrelated to mock quality.

Repository-grounded threat modeling — enumerates trust boundaries, assets, attacker capabilities, abuse paths, and mitigations. Produces a Markdown threat model anchored to actual code. Trigger: 'threat model this repo', 'security threat model', 'enumerate threats', 'map attack surfaces'.

Routing and discipline layer for sdlc skills. Loaded at session start, ensures every user message is checked against the skill catalog before responding. Routes by user intent. Distinct from sdlc:dev which routes by project state diagnostics.

Write a detailed implementation plan from a spec or design doc — TDD steps, exact file paths, code snippets, and proof-anchored checkboxes. Saves to .quality/plans/<branch-slug>.md (gitignored) with a symlink at ~/.claude/plans/<repo>/<branch-slug>.md. Plans are private workflow artifacts, never committed. Distinct from sdlc:plan which adopts existing plans into the proof system. Trigger: 'write the implementation plan', 'create tasks from the spec', 'break this into steps'.

8 hooks across 3 events