rune

Alias for /rune:cancel-arc --variant=batch. Cancel an active arc batch loop. Removes the state file so the Stop hook allows the session to end after the current arc completes. Delegates to /rune:cancel-arc with --variant=batch for all logic. <example> user: "/rune:cancel-arc-batch" assistant: "Arc batch loop cancelled at iteration 2/4." </example>

Alias for /rune:cancel-arc --variant=hierarchy. Cancel an active arc-hierarchy execution loop. Marks the state file as cancelled so the next child arc invocation does not proceed. The currently-executing child arc (if any) will finish normally. Delegates to /rune:cancel-arc with --variant=hierarchy for all logic. <example> user: "/rune:cancel-arc-hierarchy" assistant: "Arc hierarchy loop cancelled. Currently executing child [03] will finish normally." </example>

Alias for /rune:cancel-arc --variant=issues. Cancel an active arc-issues batch loop. Removes the state file so the Stop hook allows the session to end after the current arc completes. Delegates to /rune:cancel-arc with --variant=issues for all logic. <example> user: "/rune:cancel-arc-issues" assistant: "Arc issues loop cancelled at iteration 2/4." </example>

Cancel an active arc pipeline and gracefully shutdown all phase teammates. Completed phase artifacts are preserved. Only the currently-active phase is cancelled. Also cancels arc-batch, arc-hierarchy, and arc-issues loop state files owned by this session. Use --status to inspect arc pipeline health without cancelling (runs rune-status.sh). Use --list-active to list all active arc-related state files without cancelling anything. Use --variant=batch|hierarchy|issues to cancel only a specific loop type (thin alias support). <example> user: "/rune:cancel-arc" assistant: "The Tarnished halts the arc..." </example> <example> user: "/rune:cancel-arc --status" assistant: "Displays arc pipeline status report without cancelling." </example> <example> user: "/rune:cancel-arc --list-active" assistant: "Lists all active arc-related state files owned by this session." </example>

Cancel an active Roundtable Circle audit and gracefully shutdown all Ash teammates. Partial results remain in tmp/audit/ for manual inspection. <example> user: "/rune:cancel-audit" assistant: "The Tarnished dismisses the audit Circle..." </example>

Cancel an active Codex Review workflow and gracefully shutdown all Ash teammates. Partial results remain in tmp/reviews/ for manual inspection. <example> user: "/rune:cancel-codex-review" assistant: "The Tarnished halts the Codex Review..." </example>

Cancel an active Roundtable Circle review and gracefully shutdown all Ash teammates. Partial results remain in tmp/reviews/ for manual inspection. <example> user: "/rune:cancel-review" assistant: "The Tarnished dismisses the Roundtable Circle..." </example>

Manage Rune Echoes — project-level agent memory stored in .rune/echoes/. View memory state, prune stale entries, reset all echoes, manage doc packs, or audit global echoes. <example> user: "/rune:echoes show" assistant: "Displaying echo state across all roles..." </example> <example> user: "/rune:echoes prune" assistant: "Calculating Echo Scores and pruning stale entries..." </example>

Interactive elicitation method selection and execution. Provides structured reasoning techniques from the curated 24-method registry. Methods include Tree of Thoughts, Pre-mortem Analysis, Red Team vs Blue Team, 5 Whys Deep Dive, and more. <example> user: "/rune:elicit" assistant: "The Tarnished consults the elicitation grimoire..." </example> <example> user: "/rune:elicit --method 11" assistant: "Applying Tree of Thoughts to current context..." </example> <example> user: "/rune:elicit --phase plan:0" assistant: "Showing methods available for planning brainstorm phase..." </example>

Review a plan's code samples for implementation correctness using inspect agents. Thin wrapper around /rune:inspect --mode plan. Combines inspect agents (grace-warden, ruin-prophet, sight-oracle, vigil-keeper) to review proposed code samples for bugs, pattern violations, and security issues. <example> user: "/rune:plan-review plans/feat-auth-plan.md" assistant: "Running plan review with inspect agents..." </example> <example> user: "/rune:plan-review --focus security plans/feat-x.md" assistant: "Running security-focused plan review..." </example>

Plan a feature or task. Beginner-friendly alias for /rune:devise. Use when the user says "plan", "plan this feature", "plan a task", "help me plan", or wants to create a plan for implementation. Forwards all arguments to /rune:devise. <example> user: "/rune:plan add user authentication" assistant: "Starting the planning workflow..." </example> <example> user: "/rune:plan --quick fix the search bug" assistant: "Starting a quick planning workflow..." </example>

Quick 4-phase pipeline. Beginner-friendly alias for /rune:arc-quick. Use when the user says "quick", "fast", "nhanh", "quick run", "plan build review mend", or wants the simplified pipeline. Forwards all arguments to /rune:arc-quick. <example> user: "/rune:quick add a settings page" assistant: "Starting quick pipeline: plan -> work -> review..." </example> <example> user: "/rune:quick plans/my-plan.md" assistant: "Running quick pipeline on existing plan..." </example>

Remove tmp/ output directories from completed Rune workflows (reviews, audits, plans, work, mend, inspect, arc). Preserves Rune Echoes (.rune/echoes/) and active workflow state files. Renamed from /rune:cleanup in v1.5.0 — "rest" as in a resting place for completed artifacts. <example> user: "/rune:rest" assistant: "Scanning for completed workflow artifacts in tmp/..." </example>

Review your code changes. Beginner-friendly alias for /rune:appraise. Use when the user says "review my code", "check my changes", "code review", "review this PR", or wants a multi-agent code review. Forwards all arguments to /rune:appraise. <example> user: "/rune:review" assistant: "Starting multi-agent code review..." </example> <example> user: "/rune:review --deep" assistant: "Starting deep multi-wave code review..." </example>

[EXPERIMENTAL] Task delegation dashboard for managing team workload, assignments, and messaging. Works with workflow-spawned teams (from /rune:strive, /rune:arc, etc.). <example> user: "/rune:team-delegate" assistant: "Delegation Dashboard: 2 unassigned tasks, 1 idle member..." </example> <example> user: "/rune:team-delegate --assign 3=ward-sentinel" assistant: "Task #3 assigned to ward-sentinel." </example> <example> user: "/rune:team-delegate --message ward-sentinel 'Focus on auth module security'" assistant: "Message sent to ward-sentinel." </example>

Implement a plan. Beginner-friendly alias for /rune:strive. Use when the user says "work on this", "implement", "build it", "execute the plan", "start working", or wants to implement a plan file. Forwards all arguments to /rune:strive. <example> user: "/rune:work plans/2026-02-24-feat-auth-plan.md" assistant: "Starting implementation with swarm workers..." </example> <example> user: "/rune:work" assistant: "Looking for recent plans to implement..." </example>

Traces API contract changes across the full request/response lifecycle: route definitions, controller handlers, request validators, response serializers, API docs, and client SDK references. Detects breaking changes in public interfaces.

Hunts for security breaches — threat modeling, auth boundary gaps, data exposure vectors, CVE patterns, and input sanitization depth. Goes deeper than checklist-level security review.

Traces business logic impact across service methods, domain rules, validators, and state machines. Identifies ripple effects when core business rules change.

Traces configuration and dependency impact across environment variables, config files, deployment manifests, CI/CD pipelines, and feature flags. Detects deployment-time breakage from config drift.

Traces impact of data layer changes across the full persistence stack: schema definitions, ORM models, serializers, migrations, and seed data. Identifies ripple effects when data models change.

Audits business logic decrees — domain rules, state machine gaps, validation inconsistencies, and invariant violations. Verifies the Golden Order of business logic holds true.

Sees the dying embers of performance — resource lifecycle degradation, memory patterns, pool management, async correctness, and algorithmic complexity. Detects slow burns that erode system health.

Traces event and message impact across the async communication stack: event schemas, producers, consumers, dead letter queues, and retry policies. Detects contract drift in event-driven architectures.

Watches the fringes for edge cases — missing boundary checks, unhandled null/empty inputs, race conditions, overflow risks, and off-by-one errors. Guards the edges where behavior breaks.

Three-layer synthesis agent — merges Impact Layer (5 tracers), Wisdom Layer (intent + caution), and Lore Layer (risk scores) outputs into a unified GOLDMASK.md report with prioritized findings, collateral damage assessment, and swarm detection.

Correctness and completeness inspector for /rune:inspect mode. Evaluates plan requirements against codebase implementation. Measures COMPLETE/PARTIAL/MISSING/DEVIATED status with evidence.

Plan code sample reviewer for /rune:inspect --mode plan. Reviews proposed code in plan files for bugs, pattern violations, and logical correctness before implementation begins.

Correctness and completeness inspector for /rune:inspect. Evaluates each plan requirement against the codebase to determine COMPLETE/PARTIAL/MISSING/DEVIATED status. Provides evidence-based completion percentages and correctness findings.

Quantitative git history analysis agent — computes per-file risk scores, churn metrics, co-change clustering, and ownership concentration. Produces risk-map.json for the Goldmask coordinator. Uses Bash for git log, ls-files, and rev-list commands.

Audits design order — responsibility separation, dependency direction, coupling metrics, abstraction fitness, and layer boundaries. Ensures the architecture holds its intended shape.

Seeks tech debt rot — TODOs, deprecated patterns, complexity hotspots, unmaintained code, and dependency debt. Identifies decay that accumulates over time and erodes codebase health.

Failure modes and security inspector for /rune:inspect mode. Evaluates error handling coverage, security posture, and operational readiness against plan requirements with evidence-based risk assessment.

Plan code sample reviewer for /rune:inspect --mode plan. Reviews proposed code in plan files for security vulnerabilities, failure modes, missing guards, and injection risks before implementation.

Failure modes, security, and operational readiness inspector for /rune:inspect. Evaluates error handling coverage, security posture, and operational preparedness against plan requirements.

Watches for ruin in failure modes — network failures, crash recovery, circuit breakers, timeout chains, and resource lifecycle. Identifies how systems collapse under stress.

Design, architecture, and performance inspector for /rune:inspect mode. Evaluates architectural alignment with plan, coupling analysis, and performance profile against codebase implementation.

Plan code sample reviewer for /rune:inspect --mode plan. Reviews proposed code in plan files for architectural fit, performance concerns, pattern compliance, and coupling analysis before implementation.

Design, architecture, and performance inspector for /rune:inspect. Evaluates architectural alignment with plan, coupling analysis, and performance profile against requirements.

Watches signal propagation — logging adequacy, metrics coverage, distributed tracing, error classification, and incident reproducibility. Ensures systems can be observed and debugged.

Traces integration strands — unconnected modules, broken imports, unused exports, dead routes, and unwired dependency injection. Identifies severed golden threads between components.

Seeks correctness truth — logic vs requirements, behavior validation, test quality, and state machine correctness. Verifies that code does what it claims to do.

Systematic variant analysis — given a confirmed finding, searches the codebase for similar patterns that may have the same defect. Uses progressive generalization: exact match → structural similarity → semantic similarity. Use when: "find more like this", "variant analysis", "similar bugs", "same pattern elsewhere", "hunt for variants".

Observability, testing, maintainability, and documentation inspector for /rune:inspect mode. Evaluates test coverage gaps, logging/metrics presence, code quality, and documentation completeness against plan requirements in the codebase.

Plan code sample reviewer for /rune:inspect --mode plan. Reviews proposed code in plan files for test coverage planning, observability hooks, maintainability concerns, and documentation needs before implementation begins.

Observability, testing, maintainability, and documentation inspector for /rune:inspect. Evaluates test coverage gaps, logging/metrics presence, code quality, and documentation completeness against plan requirements.

Git archaeology agent — understands WHY code was written by analyzing git blame, commit messages, and code comments. Classifies developer intent and computes caution scores for safe modification. Uses Bash for git commands.

Analyzes convergence patterns in arc runs — retry efficiency, quality trajectory, stagnation detection, phase bottleneck identification. Part of /rune:self-audit Runtime Mode. Covers: Review-mend convergence loop efficiency, QA gate retry patterns, phase duration bottlenecks, quality score trajectory across phases, stagnation detection (retries without improvement).

Analyzes per-agent effectiveness across arc runs — finding accuracy, false-positive rates, unique contribution, time efficiency. Part of /rune:self-audit Runtime Mode. Covers: Per-Ash finding quality, false-positive tracking via mend resolution, unique vs duplicate finding ratio, agent time vs finding count efficiency, cross-model comparison (Claude vs Codex), review dimension coverage.

Detects hallucination patterns in arc run artifacts — phantom claims, inflated scores, evidence fabrication, completion-without-proof. Cross-references agent claims against filesystem reality. Part of /rune:self-audit Runtime Mode. Covers: Worker report evidence verification, QA score inflation detection, execution log vs filesystem reconciliation, TaskUpdate claim validation, copy-paste finding detection, empty-evidence PASS verdicts.

Audits Rune hook scripts for integrity — validates that hooks.json entries match actual scripts, scripts are executable, timeout values are reasonable, crash classification matches behavior, and hook table in CLAUDE.md is accurate. Part of /rune:self-audit. Covers: hooks.json <-> script existence, script executability, timeout validation, crash classification audit, hook event coverage, matcher pattern validation, fail-forward vs fail-closed consistency.

Generates concrete fix proposals for Etched-tier and high-recurrence meta-QA findings. Produces file-specific diffs with rationale. Part of /rune:self-audit --apply pipeline. Covers: Prompt fix proposals, rule alignment patches, hook script corrections, workflow definition fixes, talisman config updates. All proposals require human approval before application.

Analyzes phase necessity in arc runs — measures each phase's quality contribution, artifact production, skip rate, and uniqueness to determine if phases still add value. Part of /rune:self-audit Necessity Mode. Covers: Per-phase quality delta measurement, artifact value scoring, skip rate analysis, cross-phase redundancy detection, necessity scoring (0.0-1.0), recommendation generation (ESSENTIAL / REVIEW / CANDIDATE_FOR_REMOVAL).

Lints all Rune agent definition files for consistency with CLAUDE.md rules, frontmatter completeness, tool permission correctness, and structural integrity. Implements 15 lint rules (AGT-001 through AGT-015). Part of /rune:self-audit. Covers: maxTurns validation, model field audit, tool list consistency, skill reference resolution, MCP server validation, Truthbinding anchor presence, metadata completeness, description quality, registry count verification.

Audits consistency between Rune's rules defined in CLAUDE.md, skill SKILL.md files, and talisman configuration. Detects contradictions, stale references, and naming drift. Part of /rune:self-audit. Covers: CLAUDE.md vs skill instruction contradictions, talisman config vs hardcoded defaults, naming convention enforcement, stale file references, version/count claim accuracy, namespace prefix compliance.

Audits Rune arc workflow definitions for structural integrity, ordering correctness, handoff contract completeness, timeout alignment, and conditional skip correctness. Part of the /rune:self-audit pipeline. Covers: PHASE_ORDER validation, phase reference file existence, timeout coverage, skip map correctness, delegation checklist completeness, section hint safety, phase count claim accuracy, HEAVY_PHASES completeness.

Independent QA agent that verifies arc code review phase completion artifacts. Checks TOME existence, finding structure, Ash prefix validity, and file coverage. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc code_review_qa phase needs independent verification of review output. Covers all 3 dimensions: artifact existence, content quality, and review completeness.

Independent QA agent that verifies arc design_verification phase completion artifacts. Checks design verification report, findings JSON, and criteria matrix for evidence quality. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc design_verification_qa phase needs independent verification of design sync output. Covers all 3 dimensions: artifact existence, content quality, and completeness.

Independent QA agent that verifies arc forge phase completion artifacts. Checks enriched plan existence, enrichment depth/quality, and structural preservation. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc forge_qa phase needs independent verification of forge output. Covers all 3 dimensions: artifact existence, content quality, and plan completeness.

Independent QA agent that verifies arc gap analysis phase completion artifacts. Checks compliance matrix existence, per-criterion status, code evidence, and AC coverage. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc gap_analysis_qa phase needs independent verification of gap analysis output. Covers all 3 dimensions: artifact existence, content quality, and criteria completeness.

Independent QA agent that verifies arc mend phase completion artifacts. Checks resolution report existence, per-finding status, commit SHA references, and P1 coverage. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc mend_qa phase needs independent verification of mend output. Covers all 3 dimensions: artifact existence, content quality, and finding completeness.

Independent QA agent that verifies arc phase completion artifacts. Reads phase output files and checks them against a phase-specific checklist. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when an arc *_qa phase needs independent artifact and quality verification. The team lead (Tarnished) cannot override findings — QA is intentionally separate. Spawned by arc-phase-qa-gate.md with a `dimension` parameter: - "artifact": verify required files exist and are valid - "quality": verify content is substantive (not empty/generic) - "completeness": verify plan-to-output coverage

Independent QA agent that verifies arc test phase completion artifacts. Checks test report existence, SEAL markers, strategy ordering, and tier coverage. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc test_qa phase needs independent verification of test output. Covers all 3 dimensions: artifact existence, content quality, and tier completeness.

Independent QA agent that verifies arc work phase completion artifacts. Checks delegation manifests, task files, worker reports, and evidence quality. Issues a PASS/FAIL verdict with scored evidence for each check item. Cannot modify code or override the team lead's work — read-only role. Use when the arc work_qa phase needs independent verification of strive output. Covers all 3 dimensions: artifact existence, content quality, and task completeness.

Maps the activation path for new code — what must happen for a new feature to actually run in the system. Analyzes migration patterns (schema, data, seed), configuration requirements (env vars, config files, feature flags), service boundary mapping (how business logic flows between layers), and deployment steps. Answers: "How does new code go from merged to running?"

Deep architectural context building for security audits. Performs block-by-block analysis of security-critical code paths, identifies trust boundaries, state flows, invariants, and assumptions. Pure comprehension — does NOT identify vulnerabilities. Use when: audit needs architectural understanding before vulnerability hunting.

Reads Rune Echoes (past learnings) from .rune/echoes/ and surfaces relevant knowledge for the current task. Prioritizes by layer (Etched > Inscribed > Traced) and relevance to the current context. Covers: Read .rune/echoes/ MEMORY.md files across all roles, score relevance of past learnings against current task, surface actionable insights without overwhelming context, detect stale or contradictory entries.

Performs archaeological analysis of git history to trace code evolution, identify contributors, and understand why current patterns exist. Covers: Analyze git log for relevant commits, trace file evolution and refactoring history, identify contributors and review patterns, discover why code exists in its current form.

Researches framework-specific documentation, API references, and version-specific constraints for technologies used in the project. Covers: Query framework documentation via Context7 MCP, find version-specific API details and migration guides, identify deprecated patterns and recommended replacements, provide code examples from official documentation.

Researches external best practices, industry patterns, and documentation for a given topic. Returns actionable recommendations with source links. Covers: Search for best practices and conventions, find documentation and tutorials, identify common pitfalls and anti-patterns, provide implementation examples from real-world projects.

Explores and analyzes codebase structure, patterns, and conventions. Maps existing architecture to inform planning decisions. Covers: Analyze project structure and file organization, identify existing patterns and conventions, map dependencies and relationships, discover CLAUDE.md guidance and project rules.

Maps integration points where new code must connect to the existing system. Analyzes entry points (routes, handlers, events), layer traversal (API → Service → Repo → Model), existing file modifications needed, and registration/discovery patterns (DI, plugin registries, middleware chains). Answers: "Where does new code wire into the codebase?"

Design-to-implementation fidelity reviewer. Compares frontend component code against Figma design specifications to detect layout drift, missing tokens, accessibility gaps, and variant mismatches. Produces scored findings with fix suggestions. Covers: Design token compliance, layout fidelity (flex/grid), responsive breakpoint coverage, accessibility attributes, component variant completeness, spacing/typography drift, visual region structural accuracy. Used when design_sync.enabled is true, frontend stack detected, and Figma URL present in task description or plan.

Design system compliance reviewer. Validates that frontend code follows the project's design system conventions: token usage, variant patterns, import paths, class merge utilities, and dark mode implementation. Activated when frontend stack + design system detected (confidence >= 0.70).

Cross-agent claim verification through adversarial interrogation. Challenges FACTUAL, ANALYTICAL, and PRESCRIPTIVE claims in teammate outputs using categorical verdicts: PROVEN / LIKELY / UNCERTAIN / UNPROVEN.

Performance bottleneck detection. Analyzes algorithmic complexity, database query optimization (N+1, missing indexes), memory and allocation patterns, async/concurrent performance issues, and scalability bottleneck identification. Named for Elden Ring's embers — performance hot spots glow like embers under load.

Logic bug detection through edge case analysis, null handling, race conditions, and silent failure patterns. Covers: Null/None handling issues, empty collection edge cases, boundary value problems, race conditions and concurrency bugs, silent failure patterns, missing exhaustive handling. Low overhead, catches subtle bugs.

Data flow integrity verification across UI, API, and Database layers. Traces every field through the full persistence stack: form fields, API request/response payloads, serializers, ORM models, and database schema. Detects field phantoms, persistence gaps, roundtrip asymmetry, display ghosts, and schema drift. Use when full-stack files are in diff.

Data integrity, migration safety, and migration gatekeeper reviewer. Validates database migrations for reversibility, lock safety, data transformation correctness, transaction boundaries, and referential integrity across any ORM/migration framework.

Design pattern and cross-cutting consistency analysis. Detects inconsistent naming, error handling, API design, data modeling, auth patterns, state management, and logging/observability across the codebase. Covers: cross-layer naming consistency, error handling uniformity, API design consistency, data modeling conventions, auth/authz pattern consistency, state management uniformity, logging/observability format consistency, convention deviation flagging, naming intent quality analysis (name-behavior mismatch, vague names hiding complexity, side-effect hiding, boolean inversion). The silent killer of system health.

Refactoring safety and orphan detection. Uses LSP-enhanced reference resolution to verify rename/move operations leave no dangling references. Covers: orphaned callers after rename, broken imports after move, stale re-exports in barrel files, incomplete refactoring chains, API contract drift from partial renames.

Reference document for ward-sentinel's Insecure Defaults (Fail-Open Detection) dimension.

Architectural compliance and design pattern review. Checks layer boundaries, dependency direction, SOLID principles, and structural integrity. Covers: layer boundary enforcement, dependency direction analysis, SOLID principle compliance, service boundary verification, design pattern consistency.

Universal sharded code review agent for Inscription Sharding (v1.98.0+). Unlike specialist Ashes, a Shard Reviewer covers ALL review dimensions (Security, Quality, Documentation, Correctness) for its assigned file subset. Adapts via primary domain injection at spawn time. Covers: Multi-dimensional sharded review, cross-shard signal detection, domain-specific emphasis (security_critical, backend, frontend, infra, docs, tests, config), context pressure protocol, dimensional minimum self-check.

Supply chain risk analysis for project dependencies. Evaluates maintainer count, commit frequency, CVE history, abandonment signals, bus factor, and security policy presence for each direct dependency. Covers npm, PyPI, Cargo, Go modules, and Composer packages. Use when reviewing projects with external dependencies.

Type safety and annotation analysis with LSP-enhanced type inference. Checks missing type hints, inconsistent annotations, unsafe casts, and type narrowing gaps. Covers: missing return types, untyped parameters, Optional misuse, unsafe Any usage, type narrowing without guards, generic constraint violations.

UX heuristic evaluation agent. Reviews frontend code against a comprehensive heuristic checklist (50+ items) based on Nielsen Norman 10 heuristics and Baymard usability guidelines. Evaluates visibility of system status, user control, consistency, error prevention, recognition over recall, flexibility, aesthetic design, error recovery, and help/documentation presence in code. Produces UXH-prefixed findings. Non-blocking by default. Conditional activation: ux.enabled + frontend files detected.

Audits micro-interactions in frontend components. Checks hover/focus states, keyboard accessibility, touch targets (44px minimum), animation performance (prefers-reduced-motion), scroll behavior, and input feedback patterns. Ensures interactive elements feel responsive and accessible. Produces UXI-prefixed findings. Non-blocking by default. Conditional activation: ux.enabled + frontend files detected.

Security vulnerability detection across all file types. Covers OWASP Top 10 vulnerability detection, authentication/authorization review, input validation and sanitization checks, secrets/credential detection, insecure default configuration detection (fail-open patterns, CWE-1188), agent/AI prompt security analysis.

Dead code detection through LSP-enhanced reference analysis with Grep fallback. Finds unused functions, classes, imports, variables, and unreachable code paths. Covers: unused exports, dead functions, orphaned modules, unreachable branches, stale feature flags. Low false-positive rate via LSP semantic accuracy.

Shared reference files extracted from duplicated content across multiple agent definitions.

<!-- Template for new Rune agent definitions using the Self-Read architecture. -->

<!-- Source: extracted from rune-smith, trial-forger, mend-fixer, gap-fixer on 2026-03-20 -->

<!-- Source: extracted from rune-smith, trial-forger on 2026-03-20 -->

<!-- Source: Extracted from agents/review/ward-sentinel.md, agents/review/pattern-seer.md,

<!-- Source: extracted from rune-smith, mend-fixer, trial-forger on 2026-03-21 -->

<!-- Source: Extracted from agents/utility/knowledge-keeper.md,

<!-- Source: Extracted from agents/investigation/lore-analyst.md,

<!-- Source: Extracted from agents/investigation/grace-warden-inspect.md,

<!-- Source: Extracted from agents/review/ward-sentinel.md, agents/review/pattern-seer.md,

<!-- Source: Extracted from agents/work/rune-smith.md, agents/work/trial-forger.md -->

<!-- Source: extracted from ward-sentinel, knowledge-keeper on 2026-03-20 -->

<!-- Source: Extracted from agents/work/rune-smith.md, agents/work/trial-forger.md,

Technical soundness review of plans. Validates architecture fit, feasibility, security/performance risks, codebase pattern alignment, dependency analysis, internal consistency, and design anti-pattern risk. Used during /rune:devise Phase 4C (technical review) and /rune:arc Phase 2 (plan review) alongside scroll-reviewer and knowledge-keeper. Covers: Architecture fit assessment against codebase patterns, feasibility analysis (are proposed changes realistic?), security and performance risk identification in plan, dependency analysis (what breaks if this plan is implemented?), codebase pattern alignment check, internal consistency verification (cross-section claims, counts, references).

Structured reasoning specialist using curated elicitation methods. Each instance applies ONE assigned method (or auto-selects the top-scored method if no specific assignment). Summoned 1-4 times in parallel per workflow phase, each applying a DIFFERENT method for multi-perspective structured reasoning.

Evidence-based plan verifier that validates factual claims in plan documents against the actual codebase, documentation, and external sources. Performs systematic per-claim quantitative verification with grounding scores. Trigger keywords: evidence verification, claim validation, plan grounding, factual accuracy, evidence chain, grounding score.

Analyzes specifications and feature descriptions through a 4-phase structured protocol: Deep Flow Analysis, Permutation Discovery, Gap Identification, and Question Formulation. Covers: user journey mapping with mermaid diagrams, systematic permutation enumeration (user type x device x network x state), 12-category gap detection (including accessibility, timeout, resume/cancel), and prioritized question formulation (Critical/Important/Nice-to-have). Validates acceptance criteria completeness and detects requirement conflicts.

Backend code reviewer for forge skill enrichment and review sessions. Reviews changed backend files from ALL perspectives simultaneously including code quality, architecture, performance, logic, testing, type safety, missing logic, design anti-patterns, data integrity, schema drift, and phantom implementation detection. Covers: Multi-perspective backend review, P1/P2/P3 severity findings with Rune Traces, confidence calibration (PROVEN/LIKELY/UNCERTAIN), Q/N interaction taxonomy, self-review quality gates with Inner Flame verification.

Strategic depth assessment of plans. Evaluates long-term viability, root-cause depth, innovation quotient, stability/resilience, and maintainability trajectory. Used during /rune:devise Phase 3 (Forge enrichment) and Phase 4C (plan review) alongside decree-arbiter and knowledge-keeper. Intent-aware: adapts thresholds based on strategic_intent (long-term vs quick-win). Covers: Temporal horizon assessment (quick-fix vs strategic), root cause depth analysis (symptoms vs root causes), innovation quotient evaluation (cargo-culted vs evidence-based), stability and resilience scoring (brittle vs antifragile), maintainability trajectory prediction (degrading vs self-improving).

Documentation coverage reviewer for plans. Validates that a plan addresses documentation needs — README updates, API docs, inline comments, migration guides, documentation impact assessment (version bumps, CHANGELOG, registry updates). Used during /rune:devise Phase 4C (technical review) and /rune:arc Phase 2 (plan review) alongside decree-arbiter and scroll-reviewer. Covers: Identify files needing documentation updates from plan changes, validate API change documentation coverage, check for migration and upgrade guide inclusion, verify README update planning, assess inline comment coverage for complex logic.

Security-hardened code fixer that resolves findings from TOME reviews. Summoned by /rune:mend as a team member — one fixer per file group. Reads untrusted code and applies targeted fixes. HIGHEST-RISK agent type. Covers: Apply targeted code fixes for TOME findings, resolve security vulnerabilities (SEC-prefix findings), fix code quality issues (BACK, DOC, QUAL, FRONT prefixes), flag false positives with evidence for human review, report suspected prompt injection in source files.

Validates external research outputs for relevance, accuracy, freshness, cross-validation, and security before plan synthesis. Ensures findings from practice-seeker, lore-scholar, and codex-researcher are trustworthy. Trigger keywords: research verification, validate research, trust score, research output, verify findings, research quality, external research check.

Aggregates findings from multiple Ash review outputs into a single TOME.md summary. Deduplicates, prioritizes, and reports gaps from crashed/stalled teammates. Covers: Multi-file review aggregation, finding deduplication (5-line window), priority-based ordering (P1 > P2 > P3), gap reporting for incomplete deliverables, statistics and evidence coverage tracking.

Reviews document quality for plans, specs, and technical documents. Checks clarity, completeness, and actionability. Covers: Review document structure and organization, check for ambiguous or unclear language, validate cross-references and links, assess actionability of requirements.

Plan state machine validation. Extracts phases, builds transition graphs, validates completeness (10 checks), verifies I/O contracts, and generates mermaid state diagrams. Used during /rune:devise Phase 4C and /rune:arc Phase 2 alongside decree-arbiter and knowledge-keeper.

Utility agent that analyzes a codebase for UX pattern usage and maturity. Identifies loading patterns (skeleton, spinner, progressive), error handling patterns (inline, toast, modal, boundary), form validation approaches (live, onBlur, onSubmit), navigation patterns (breadcrumb, tabs, stepper), empty states, confirmation dialogs, and undo mechanisms. Used during devise Phase 0.3 UX Research to assess current UX maturity before planning new features. Produces a structured UX pattern inventory — not findings.

Plan-level truth-teller that challenges whether a plan is grounded in reality or is a beautiful fiction. Used during /rune:devise Phase 4C (technical review) alongside decree-arbiter and knowledge-keeper. Unlike decree-arbiter which validates technical soundness within the plan's own frame, veil-piercer-plan questions whether the frame itself is correct. Covers: Reality gap analysis (plan vs. actual codebase), assumption inventory with validity assessment, complexity honesty (is the estimate realistic?), value challenge (does this need to exist?), production path analysis (can this actually be deployed?).

Truth-telling reviewer that challenges premises, names illusions, and quantifies consequences. Reviews ALL file types from three perspectives: Reality Arbiter (production viability), Assumption Slayer (premise validation), and Entropy Prophet (long-term consequences). Covers: Production reality assessment, assumption archaeology, cargo cult detection, complexity justification, test honesty evaluation, illusion naming, consequence quantification, grounding gate validation for devise Phase 4D.

Inspection aggregator that combines all Inspector Ash findings into a single VERDICT.md. Measures plan-vs-implementation alignment by merging requirement matrices, computing overall completion percentage, merging dimension scores, deduplicating findings, classifying gaps, and determining the final verdict. Covers: Inspector output aggregation, requirement matrix merging, weighted completion computation, dimension score merging, finding deduplication with priority ordering, gap classification (10 categories), verdict determination (READY/READY_PARTIAL/GAPS_FOUND/INCOMPLETE/CRITICAL_ISSUES).

Design iteration agent that runs screenshot-analyze-fix loops to improve design fidelity after Phase 5.2 verification. Uses agent-browser for screenshot capture and comparison against VSM specifications. Spawned by arc Phase 7.6 (DESIGN ITERATION). Covers: Screenshot capture and visual comparison, DES- criteria evaluation, iterative fix-verify loops, regression detection (F10), convergence tracking, iteration evidence generation.

Automated remediation specialist for inspection gaps. Applies targeted, minimal fixes to FIXABLE findings from VERDICT.md during inspect --fix and arc Phase 5.8. Each fix gets its own atomic commit following the fix({context}): [{GAP-ID}] format. Covers: Gap remediation from VERDICT.md, atomic commit per fix, remediation report generation, fix strategy per gap category (correctness, coverage, test, observability, security, operational, performance, maintainability, wiring). Note: wiring gaps (WIRE- prefix) are NOT auto-fixable — skip and report as deferred.

Lightweight per-task quality evaluator that reviews worker output (diff + task context) and returns structured feedback. Uses Haiku model for speed and cost efficiency. Spawned by strive orchestrator when work.micro_evaluator.enabled is true. Covers: Pattern compliance review, error handling verification, edge case detection, naming consistency checks. Returns APPROVE/REFINE/PIVOT verdicts with confidence scores.

Design prototype synthesis agent that generates React prototype components and Storybook stories from Figma references and UI builder library matches. Spawned by arc Phase 3.2 (DESIGN PROTOTYPE) to synthesize VSM data into usable prototype.tsx + story files. Covers: Synthesize Figma reference code with library matches into production-ready prototypes, generate CSF3 Storybook stories with multiple states, write mapping.json with confidence scores, follow trust hierarchy (Figma > VSM > Library > Stack).

Code implementation agent that follows TDD patterns and project conventions. Claims tasks from the shared pool, implements code, runs tests, and reports completion. Covers: Implement features following existing codebase patterns, write code with TDD cycle (test first, then implement), run project quality gates (linting, type checking), commit changes with conventional format.

Test generation agent that writes tests following project patterns. Claims testing tasks from the shared pool, generates tests, and verifies they run. Covers: Generate unit tests following project conventions, generate integration tests for service boundaries, generate property-based tests for roundtrip/validator/idempotent patterns, discover and use existing test utilities and fixtures, verify tests pass before marking complete.

Browser automation knowledge using Vercel's agent-browser CLI. Teaches Claude how to use agent-browser for E2E testing, screenshot capture, and UI verification. Trigger keywords: agent-browser, browser automation, E2E, screenshot, navigation, frontend test, browser test, UI verification.

Multi-agent code review using Agent Teams. Summons up to 8 built-in Ashes (plus custom Ash from talisman.yml), each with their own dedicated context window. Handles scope selection, team creation, review orchestration, aggregation, verification, and cleanup. Optional `--deep` runs multi-wave deep review with up to 18 Ashes across 3 waves. Phase 1.5 adds UX reviewers when `talisman.ux.enabled` + frontend files detected. Phase 1.6 adds design fidelity reviewer (DES prefix) when `talisman.design_review.enabled` + frontend files detected. Phase 1.7 adds data flow integrity reviewer (FLOW prefix) when 2+ stack layers detected in diff. <example> user: "/rune:appraise" assistant: "The Tarnished convenes the Roundtable Circle for review..." </example>

Use when implementing multiple plan files overnight or in batch, when a previous batch crashed mid-run and --resume is needed, when tracking progress across multiple sequential arc runs, or when using a queue file (one plan path per line) instead of a glob. Use when crash recovery is needed for interrupted batch runs. Covers: Stop hook pattern, progress tracking via .rune/arc-batch-loop.local.md, --dry-run preview, --no-merge. Keywords: arc-batch, batch, queue file, overnight, --resume, crash recovery, progress tracking, sequential plans. <example> Context: User has multiple plans to implement user: "/rune:arc-batch plans/*.md" assistant: "The Tarnished begins the batch arc pipeline..." </example> <example> Context: User has a queue file user: "/rune:arc-batch batch-queue.txt" assistant: "Reading plan queue from batch-queue.txt..." </example>

Hierarchical plan execution — orchestrates parent/child plan decomposition with dependency DAGs, requires/provides contracts, and feature branch strategy. Use when a plan has been decomposed into child plans via /rune:devise Phase 2.5 (Hierarchical option) and frontmatter shows `hierarchical: true` with a `children_dir`. Handles: topological sequencing, contract verification, partial failure recovery, and per-child feature branch management. Keywords: hierarchical, parent plan, child plan, decomposition, DAG, dependency, shatter, children_dir, requires, provides, contract matrix, arc-hierarchy. <example> Context: User has a parent plan with child plans decomposed user: "/rune:arc-hierarchy plans/2026-02-23-feature-auth-plan.md" assistant: "The Tarnished reads the execution table and begins executing child plans in topological order..." </example> <example> Context: User wants to resume after a child plan failure user: "/rune:arc-hierarchy plans/parent.md --resume" assistant: "Resuming hierarchy execution. Found 2/5 children completed. Next executable: 03-permissions..." </example>

Use when processing GitHub Issues as the arc work queue — fetching issue details, auto-generating plans, running /rune:arc for each, then posting results back to the originating issues. Covers: label-driven batch (--label), file-based queue, inline issue numbers, resume mode (--resume), paging (--all), dry-run preview, cleanup of orphaned labels (--cleanup-labels). Use instead of arc-batch when your work queue lives in GitHub Issues, not plan files. Closes the loop: Issue → Plan → Arc → PR → Comment → Close (via Fixes #N). Keywords: arc-issues, github issues, issue queue, issue backlog, batch from issues, label-driven, rune:ready, --label, --all, --resume, --cleanup-labels, issue-to-plan. <example> Context: User has GitHub issues labeled "rune:ready" to implement user: "/rune:arc-issues --label \"rune:ready\"" assistant: "Fetching issues with label rune:ready..." </example> <example> Context: User has a file with issue numbers user: "/rune:arc-issues issues-queue.txt" assistant: "Reading issue queue from issues-queue.txt..." </example> <example> Context: User wants to process specific issues user: "/rune:arc-issues 42 55 78" assistant: "Processing issues #42, #55, #78..." </example>

Lightweight 4-phase pipeline: Plan -> Work+Evaluate -> Review -> Mend. Chains devise --quick -> strive (with evaluator loop) -> appraise -> mend in one command. Work phase iterates up to max_iterations (default 3) with ward checks and quality signal detection between passes. Stagnation detection prevents infinite loops. Mend phase auto-fixes P1/P2 findings from the review TOME. Accepts a prompt string or existing plan file path. Recommends /rune:arc for complex plans (8+ tasks) unless --force is passed. Use when: "quick run", "fast pipeline", "plan and build", "nhanh", "chay nhanh", "quick arc", "simple pipeline", "4 steps", "plan work review mend", "quick", "arc-quick". <example> user: "/rune:arc-quick add a health check endpoint" assistant: "Starting quick pipeline: plan -> work -> review..." </example> <example> user: "/rune:arc-quick plans/my-plan.md" assistant: "Running quick pipeline on existing plan..." </example> <example> user: "/rune:arc-quick plans/complex-plan.md --force" assistant: "Force-running quick pipeline (skipping complexity warning)..." </example>

Use when running the full plan-to-merged-PR pipeline, when resuming an interrupted arc with --resume, or when any named phase fails (forge, plan-review, plan-refinement, verification, semantic-verification, design-extraction, design-prototype, design-verification, design-iteration, work, gap-analysis, codex-gap-analysis, gap-remediation, goldmask-verification, code-review, goldmask-correlation, mend, verify-mend, test, browser-test, browser-test-fix, verify-browser-test, pre-ship-validation, bot-review-wait, pr-comment-resolution, ship, merge). Use when checkpoint resume is needed after a crash or session end. 44-phase pipeline with convergence loops, Goldmask risk analysis, pre-ship validation, bot review integration, cross-model verification, and conditional design sync (Figma VSM extraction, prototype generation, fidelity verification, iteration). Keywords: arc, pipeline, --resume, checkpoint, convergence, forge, mend, bot review, PR comments, ship, merge, design sync, Figma, VSM, 44 phases. <example> user: "/rune:arc plans/feat-user-auth-plan.md" assistant: "The Tarnished begins the arc — 44 phases of forge, review, design sync, goldmask, test, browser test convergence, mend, convergence, pre-ship validation, bot review, ship, and merge..." </example> <example> user: "/rune:arc --resume" assistant: "Resuming arc from Phase 5 (WORK) — validating checkpoint integrity..." </example>

Use when summoning Rune agents, when encountering "agent not found" errors, when selecting which review agents to use, or when checking agent capabilities and tools. Quick reference for all 109 agents across 6 categories (66 core + 43 extended in review, research, work, utility, investigation, testing). Keywords: agent list, Ash, subagent type, agent not found. <example> Context: User wants to know which agents are available user: "What review agents does Rune have?" assistant: "Loading ash-guide for the agent reference table" </example>

Full codebase audit using Agent Teams. Sets scope=full and depth=deep (by default), then delegates to the shared Roundtable Circle orchestration phases. Summons up to 7 built-in Ashes (plus custom from talisman.yml). Optional `--deep` runs multi-wave investigation with deep Ashes. Phase 0.45 context building spawns context-builder agent to map trust boundaries, invariants, and state flows before vulnerability hunting (auto for deep, configurable via talisman). Supports `--focus` for targeted audits. Supports `--incremental` for stateful, prioritized batch auditing with 3-tier coverage tracking (file, workflow, API) and session-persistent audit history. <example> user: "/rune:audit" assistant: "The Tarnished convenes the Roundtable Circle for audit..." </example> <example> user: "/rune:audit --incremental" assistant: "The Tarnished initiates incremental audit — scanning manifest, scoring priorities..." </example> <example> user: "/rune:audit --incremental --status" assistant: "Incremental Audit Coverage Report: 55.3% file coverage..." </example>

Collaborative exploration of features and ideas through structured dialogue. Explore WHAT to build before planning HOW. Three modes: Solo (conversation), Roundtable (agent advisors engage user), Deep (advisors + elicitation sages). Produces persistent brainstorm documents in docs/brainstorms/. Use when: "brainstorm", "explore idea", "what should we build", "discuss feature", "thao luan", "kham pha y tuong", "brainstorm this", "let's think about". <example> user: "/rune:brainstorm add real-time notifications" assistant: "The Tarnished opens the roundtable — how would you like to brainstorm?" </example> <example> user: "/rune:brainstorm --quick improve auth" assistant: "Solo mode — let's explore the auth improvements together..." </example> <example> user: "/rune:brainstorm --deep redesign the API layer" assistant: "Deep analysis mode — summoning advisors and elicitation sages..." </example>

Claude Code runtime environment inspector. Comprehensive diagnostic tool that reports all Claude Code environment variables, session identity, config directory, plugin paths, system toolchain versions, Rune runtime state, and platform details. Use when debugging environment issues, verifying session isolation, checking config directory resolution, or diagnosing plugin loading. Trigger keywords: cc inspect, claude code inspect, env check, environment, session id, config dir, diagnostic, runtime info, plugin env, plugin root, system info, toolchain. Note: This skill uses disable-model-invocation: true because it is a diagnostic tool meant for explicit user invocation only. It appears in the /rune:cc-inspect routing table entry.

Use when a Bash command references ~/.claude/ and fails with "path not found" or "No such file or directory" in multi-account setups. Use when writing rm -rf for team or task directories, when CLAUDE_CONFIG_DIR is set to a custom path and SDK auto-resolution is unavailable, or when auditing commands for hardcoded ~/.claude/ paths. Failure scenario: rm -rf ~/.claude/teams/... silently targets wrong directory when CLAUDE_CONFIG_DIR is set. Keywords: CLAUDE_CONFIG_DIR, CHOME, ~/.claude, multi-account, config directory, path not found, team cleanup, hardcoded path. <example> Context: A command needs to rm-rf team directories after cleanup. user: "Add cleanup logic for team dirs" assistant: "I'll use the CHOME pattern for the rm-rf call — SDK calls like Read() auto-resolve, but Bash commands need explicit CHOME." <commentary>Load chome-pattern skill for correct Bash path resolution.</commentary> </example> <example> Context: Auditing a new command for hardcoded ~/.claude/ references. user: "Check if this command works with custom config dirs" assistant: "I'll classify each ~/.claude/ reference as SDK (safe) or Bash (needs CHOME)..." <commentary>CHOME skill provides the classification framework.</commentary> </example>

Use when invoking `codex exec`, checking Codex availability, configuring cross-model verification, or troubleshooting Codex integration errors. Covers detection, execution, error handling, sandbox modes, talisman config, and .codexignore prerequisites. Keywords: codex, cross-model, GPT, oracle, codex exec, codexignore. <example> Context: A Rune command needs to run Codex for cross-model review. user: "Run code review with Codex" assistant: "I'll detect Codex availability, verify .codexignore, then run codex exec with read-only sandbox." <commentary>Load codex-cli skill for detection + execution patterns.</commentary> </example> <example> Context: Arc Phase 6 needs to check if Codex Oracle should be summoned. user: "/rune:arc plans/my-plan.md" assistant: "Detecting Codex Oracle per codex-detection.md before summoning Ashes..." <commentary>Codex detection is a prerequisite step before Ash selection in review/audit/forge phases.</commentary> </example>

Cross-model code review using Claude Code agents + OpenAI Codex in parallel. Spawns agent teams with multiple review perspectives (security, bugs, quality, dead code, performance), then cross-verifies findings between models for higher-confidence results. Use when reviewing files, directories, PRs, staged changes, commit ranges, or custom review contexts. Mandatory agent teams — every invocation runs parallel teammates. Cross-verifies findings: CROSS-VERIFIED / STANDARD / DISPUTED. Keywords: codex, cross-model, review, dual-model, cross-verify, code review, security audit, dead code, quality check, GPT, openai, multi-model. <example> user: "/rune:codex-review" assistant: "Spawning Claude + Codex agents for cross-model review of current changes..." </example> <example> user: "/rune:codex-review src/api/ --focus security" assistant: "Cross-model security review of src/api/ directory..." </example> <example> user: "/rune:codex-review PR#42" assistant: "Fetching PR #42 diff for cross-model review..." </example> <example> user: "/rune:codex-review --staged --focus bugs,quality" assistant: "Cross-model review of staged changes focused on bugs and quality..." </example>

Use when spawning 4+ agents, when "Prompt is too long" errors appear, when sessions exceed 50 messages, or when context feels degraded. Prevents overflow before agent summoning, compresses long sessions, and offloads verbose content to filesystem. Keywords: context overflow, prompt too long, glyph budget, compression, long session. <example> Context: About to launch 4 review agents user: "Review this PR with multiple agents" assistant: "I'll use context-weaving to enforce Glyph Budgets and plan agent orchestration" </example> <example> Context: Long coding session user: "Context is getting long, I'm losing track" assistant: "Loading context-weaving for session compression" </example>

ACH-based parallel debugging. Spawns multiple hypothesis-investigator agents to investigate competing hypotheses simultaneously. Use when bugs are complex, when single-agent debugging hits 3+ failures, or when root cause is unclear. Also triggers when test-failure-analyst returns LOW confidence during arc Phase 7.7. Keywords: debug, investigate, hypothesis, root cause, parallel debugging, ACH, competing hypotheses, falsify, evidence, multi-agent debug. <example> user: "/rune:debug test suite fails intermittently on auth module" assistant: "The Tarnished initiates the ACH Protocol — triaging, generating hypotheses, and summoning investigators..." </example>

Generate prototype React components + Storybook stories from Figma URLs. 6-phase pipeline: figma_to_react → UntitledUI matching → prototype synthesis → verify → storybook integration → present. Input: Figma URL(s). Output: prototypes auto-copied to Storybook with full-screen preview opened in browser. Generates both individual components AND a full-page composition for complete screen preview. Use when you want to preview design implementation before coding. Trigger keywords: prototype, figma prototype, storybook from figma, design preview, generate components from figma, preview design. <example> user: "/rune:design-prototype https://www.figma.com/design/abc123/MyApp?node-id=1-3" assistant: "Generating prototypes from Figma design..." </example> <example> user: "/rune:design-prototype --describe 'login form with email and social login'" assistant: "Generating prototype from description..." </example>

Figma design synchronization workflow. Extracts design specs from Figma URLs, creates Visual Spec Maps (VSM), guides implementation workers, and reviews fidelity between design and code. 3-phase pipeline: PLAN (extraction) -> WORK (implementation) -> REVIEW (fidelity check). <example> user: "/rune:design-sync https://www.figma.com/design/abc123/MyApp?node-id=1-3" assistant: "Initiating design sync — extracting Figma specs and creating VSM..." </example> <example> user: "/rune:design-sync --review-only" assistant: "Running design fidelity review against existing VSM..." </example>

Design system auto-detection — scans repository for installed component libraries, token systems, and variant frameworks to build a structured design-system-profile.yaml. Provides the discoverDesignSystem() algorithm used by devise, strive, and arc workflows. Provides the discoverFrontendStack() algorithm for Layer 1 frontend stack detection with version extraction, used by design-prototype Phase 0. Trigger keywords: shadcn, shadcn/ui, untitled ui, radix ui, design system, design tokens, tailwind, css variables, cva, class-variance-authority, styled-components, tailwind v4, style-dictionary, token system, component library, design compliance, frontend stack, figma tokens, dark mode, ui library, component library detection, design system discovery.

Multi-agent planning workflow using Agent Teams. Combines brainstorm, research, validation, synthesis, shatter assessment, forge enrichment, and review into a single orchestrated pipeline with dependency-aware task scheduling. <example> user: "/rune:devise" assistant: "The Tarnished begins the planning ritual — full pipeline with brainstorm, forge, and review..." </example> <example> user: "/rune:devise --quick" assistant: "The Tarnished begins a quick planning ritual — research, synthesize, review only..." </example>

Proof-based orchestration discipline for spec-compliant multi-agent systems. Five layers: DECOMPOSITION, COMPREHENSION, VERIFICATION, ENFORCEMENT, ACCOUNTABILITY. Use when: workers need discipline context, proof schemas, anti-rationalization guidance. Keywords: discipline, proof, verification, compliance, spec, acceptance criteria, rationalization, evidence, SOW, spec continuity

Promote a project echo to global scope with domain tagging. Use when a learning is valuable across multiple projects. Copies selected entries from project .rune/echoes/ to global echoes with domain classification and source provenance. Trigger keywords: elevate, promote to global, cross-project, share echo, global echo, elevate echo. <example> user: "/rune:elevate --scope backend" assistant: "Scanning project echoes... Found 12 entries. Select entries to elevate." </example> <example> user: "/rune:elevate --scope frontend" assistant: "Elevated 3 entries to global scope (domain: frontend)" </example>

Use when comparing multiple approaches, when a decision has security or architecture implications, when root cause analysis is needed, or when thinking needs structure. Provides 24 reasoning methods (Tree of Thoughts, Pre-mortem, Red Team, 5 Whys, ADR). Auto-loaded by plan, forge, and review commands for eligible sections. Keywords: structured reasoning, trade-off, decision, compare approaches, risk analysis. <example> Context: During plan brainstorm, user needs structured approach selection user: "Help me evaluate these 3 architecture approaches" assistant: "Loading elicitation skill for Tree of Thoughts structured evaluation" </example> <example> Context: During forge enrichment with security-sensitive section user: "/rune:forge plans/security-plan.md" assistant: "Elicitation skill loaded — Red Team vs Blue Team method available for security sections" </example>

Figma visual intent extractor — MCP server knowledge for the 4 Figma tools. figma_to_react() produces REFERENCE CODE (~50-60% match), NOT production code. Its primary role in the design-sync pipeline is as a search input: the generated code is analyzed for component intent, which drives library MCP searches when a UI builder is available. Without a builder, it serves as a starting point for direct implementation. Builder protocol role: figma-to-react provides baseline visual extraction; builder MCPs (UntitledUI, shadcn/ui, custom) enhance with library-specific component matching via Phase 1.5 Component Match in design-sync. When a builder is active, figma_to_react() output is consumed as search input — not applied directly. Use when agents need to fetch Figma designs, inspect node properties, list components, or extract visual intent from design files. Trigger keywords: figma, design, react, component, tailwind, MCP, design-to-code, figma URL, figma API, component extraction, visual intent.

Structured file-based todo tracking for Rune workflows. Each todo is a markdown file with YAML frontmatter and lifecycle status. Source-aware templates adapt for review findings, work tasks, PR comments, tech debt, and audit findings. Session-scoped: todos live in tmp/{workflow}/{timestamp}/todos/, cleaned by /rune:rest. Use when creating, triaging, resolving, or querying todos from any Rune workflow. <example> user: "/rune:file-todos status" assistant: "Scanning session todos for current state..." </example> <example> user: "/rune:file-todos create" assistant: "Creating new todo with source-aware template..." </example> <example> user: "/rune:file-todos manifest build" assistant: "Building per-source manifests with DAG ordering..." </example>

Deepen an existing plan with Forge Gaze topic-aware enrichment. Summons specialized Ashes to enrich each section with expert perspectives. Can target a specific plan or auto-detect the most recent one. <example> user: "/rune:forge plans/2026-02-13-feat-user-auth-plan.md" assistant: "The Tarnished ignites the forge to deepen the plan..." </example> <example> user: "/rune:forge" assistant: "No plan specified. Looking for recent plans..." </example>

Frontend design implementation knowledge — generalized best practices for translating design specifications into production components. Covers design systems, design tokens, accessibility (WCAG 2.1 AA), responsive patterns, component reuse strategy, layout alignment, variant mapping, Storybook documentation, visual region analysis, and UI state handling. Trigger keywords: design system, design tokens, accessibility, responsive, storybook, component patterns, layout, spacing, typography, WCAG, variant, figma, mobile-first, a11y, state handling, error states, loading states.

Use when running /rune:strive with --worktree flag or when work.worktree.enabled is set in talisman. Use when a worker's direct commit fails due to parallel isolation conflicts, when a merge conflict is detected during wave merge (merge broker escalation), or when branches from multiple workers need sequential merging into the feature branch. Covers: worktree lifecycle, wave-based execution, merge strategy, conflict resolution patterns, direct commit vs patch generation. Keywords: worktree, isolation, wave, merge broker, branch merge, conflict, parallel isolation, --worktree, direct commit. <example> Context: Orchestrator activating worktree mode for /rune:strive user: "/rune:strive plans/feat-api-plan.md --worktree" assistant: "Worktree mode active. Workers will operate in isolated worktrees with direct commit." </example> <example> Context: Merge conflict during wave merge user: (internal — merge broker detects conflict) assistant: "Conflict detected in src/api.ts during Wave 1 merge. Escalating to user." </example>

Use when assessing blast radius of changes, when understanding WHY code was written a certain way, when planning risky modifications, or when a refactor could have hidden side effects. Traces WHAT changes, WHY it exists (git archaeology), and HOW RISKY the area is (churn + ownership metrics). Keywords: impact analysis, blast radius, risk assessment, code archaeology, why was this written. <example> Context: Running standalone impact analysis user: "/rune:goldmask HEAD~3..HEAD" assistant: "Loading goldmask for cross-layer impact analysis" </example> <example> Context: Checking blast radius before a refactor user: "/rune:goldmask src/auth/ src/payment/" assistant: "Loading goldmask for impact + wisdom + lore analysis on specified files" </example>

Universal self-review protocol for all Rune teammates. Adapts checklist per agent role (worker, fixer, reviewer, researcher, forger, aggregator). Enforces completeness verification, hallucination detection, codebase rule compliance, and value assessment before any task can be marked complete. Use when: Any teammate is about to mark a task complete or send a Seal. Keywords: self-review, inner-flame, quality gate, hallucination, verification, completeness

Plan-vs-implementation deep audit using Agent Teams. Parses a plan file (or inline description), extracts requirements, and summons 4 Inspector Ashes to measure implementation completeness, quality across 11 dimensions, and gaps across 9 categories. Produces a VERDICT.md with requirement matrix, dimension scores, gap analysis, and actionable recommendations. <example> user: "/rune:inspect plans/feat-user-auth-plan.md" assistant: "The Tarnished gazes upon the land, measuring what has been forged against what was decreed..." </example> <example> user: "/rune:inspect Add user authentication with JWT tokens and rate limiting" assistant: "The Tarnished inspects the codebase against the inline plan..." </example>

Use /rune:learn to extract and persist CLI correction patterns and review recurrence findings from session history into Rune Echoes memory. Runs detectors over recent session JSONL files and TOME findings, then writes high-confidence patterns to .rune/echoes/ for future workflow improvement. Trigger keywords: learn, session learning, persist patterns, corrections, recurrences, self-learning, extract patterns from sessions, cli corrections. <example> user: "/rune:learn" assistant: "Scanning last 7 days... Found 3 CLI corrections, 2 review recurrences. Write 5 patterns? [y/N]" </example> <example> user: "/rune:learn --since 14 --detector review" assistant: "Running review-recurrence detector only... Found 4 recurring findings. Write 4 patterns? [y/N]" </example> <example> user: "/rune:learn --detector meta-qa" assistant: "Scanning last 7 days of arc checkpoints... Found 2 meta-QA patterns (code_review retried in 3/4 arcs, high convergence in 2/4 arcs). Write 2 patterns? [y/N]" </example> <example> user: "/rune:learn --dry-run" assistant: "Dry run: 5 patterns found. No entries written." </example>

Parallel finding resolution from TOME. Parses structured findings, groups by file, summons mend-fixer teammates to apply targeted fixes, runs ward check once after all fixers complete, and produces a resolution report. <example> user: "/rune:mend tmp/reviews/abc123/TOME.md" assistant: "The Tarnished reads the TOME and dispatches mend-fixers..." </example> <example> user: "/rune:mend" assistant: "No TOME specified. Looking for recent TOME files..." </example>

Use when entering a monitoring loop for agent completion, when POLL-001 hook denies a sleep+echo command, or when translating waitForCompletion pseudocode into actual polling calls. Covers correct TaskList-based monitoring, per-command poll intervals, and anti-patterns that bypass task visibility. Keywords: waitForCompletion, polling loop, TaskList, sleep+echo, POLL-001. <example> Context: Orchestrator entering monitoring phase of a review workflow. user: (internal — poll loop about to start) assistant: "Following the canonical monitoring loop: TaskList every cycle, sleep 30 between checks." <commentary>Load polling-guard to ensure correct monitoring pattern.</commentary> </example> <example> Context: POLL-001 deny fired during arc workflow. user: (internal — hook denied sleep+echo) assistant: "Hook blocked the sleep+echo pattern. Switching to TaskList-based monitoring loop." <commentary>polling-guard skill explains why POLL-001 fires and the correct alternative.</commentary> </example>

Post Rune review findings to a GitHub PR as a formatted comment. Parses TOME.md findings, formats as collapsible markdown, posts via gh api. Use after /rune:appraise or /rune:arc to share findings with team. Trigger keywords: post findings, PR comments, share review, post to PR, post review to GitHub, comment on PR with findings, share findings.

Automated PR guardian loop — schedules a recurring cron (every 5 min) that checks review comments, CI/CD status, branch freshness, runs browser tests, and auto-merges when everything is green. Use when you want hands-off PR shepherding to merge. Triggers on "pr guardian", "auto merge loop", "watch my PR", "shepherd PR", "auto merge", "monitor PR", "drive PR to merge". <example> user: "/rune:pr-guardian" assistant: "Detecting current PR from branch, scheduling guardian loop..." </example> <example> user: "/rune:pr-guardian 42" assistant: "PR Guardian activated for PR #42. Checking every 5 minutes..." </example> <example> user: "/rune:pr-guardian --disable-auto-merge" assistant: "PR Guardian activated for PR #N (monitor-only mode). Auto-merge disabled..." </example> <example> user: "/rune:pr-guardian 42 --disable-auto-merge" assistant: "PR Guardian activated for PR #42 (monitor-only mode). Auto-merge disabled..." </example>

Batch resolve all unresolved PR review comments. Fetches review threads AND issue comments (bot feedback) with pagination. Categorizes, auto-resolves outdated, groups related comments, and batches fixes into a single commit. Handles all known review bots with hallucination checking. Keywords: resolve all, PR comments, batch, review, bot, GitHub. <example> user: "/rune:resolve-all-gh-pr-comments 42" assistant: "Fetching all unresolved comments for PR #42..." </example> <example> user: "/rune:resolve-all-gh-pr-comments" assistant: "Detecting current PR from branch..." </example>

Resolve a specific GitHub PR review comment. Supports review thread comments (line-level) and issue comments (PR-level from bots). Handles copilot, gemini-code-assist, coderabbitai, cubic-dev-ai, chatgpt-codex-connector bots. Verifies findings against actual code before applying fixes. Can be used standalone or invoked from arc Phase 9.2 for individual comment resolution. Keywords: resolve, PR comment, review, bot feedback, GitHub. <example> user: "/rune:resolve-gh-pr-comment https://github.com/org/repo/pull/42#discussion_r12345" assistant: "Fetching comment details and verifying against actual code..." </example> <example> user: "/rune:resolve-gh-pr-comment 12345 --resolve" assistant: "Resolving comment #12345 and marking thread as resolved..." </example>

Resolve file-based TODOs using Agent Teams with verify-before-fix pipeline. Each TODO is reviewed before any fix is applied, preventing hallucinated fixes. Uses parallel batch processing with file ownership enforcement. Keywords: resolve, todos, fix, batch, parallel, verify, file-todos. <example> user: "/rune:resolve-todos" assistant: "Discovering pending TODOs from active workflow..." </example> <example> user: "/rune:resolve-todos review --dry-run" assistant: "Dry run: analyzing review TODOs without applying fixes..." </example>

Use when running /rune:appraise or /rune:audit, when spawning multiple review agents, when TOME aggregation fails or produces malformed output, or when a TeammateIdle hook fires before expected output is written. Handles 7-phase lifecycle (pre-flight, Rune Gaze, inscription, spawn, monitor, aggregate, cleanup) for up to 8 parallel reviewers. Use when team cleanup fails after a review, when on-teammate-idle.sh blocks review completion, or when roundtable phases need to be re-entered after session resume. Keywords: roundtable, appraise, audit, TOME aggregation, inscription, Ash, team lifecycle, TeammateIdle, 7-phase, 8 reviewers, SEAL marker. <example> Context: Running a code review user: "/rune:appraise" assistant: "Loading roundtable-circle for Agent Teams review orchestration" </example>

Use when agents need to read or write project memory, when persisting learnings from reviews or audits, when managing echo lifecycle (prune, reset), when a user wants to remember something explicitly, or when a pattern keeps recurring across sessions. Stores knowledge in .rune/echoes/ with 5-tier lifecycle (Etched/Notes/Inscribed/Observations/Traced) and multi-factor pruning. <example> Context: After a review, Ash persist patterns to echoes user: "Review found repeated N+1 query pattern" assistant: "Pattern persisted to .rune/echoes/reviewer/MEMORY.md as Inscribed entry" </example>

Use when choosing between supervisor, swarm, or pipeline coordination for multi-agent workflows, when two agents produce conflicting findings and deduplication is needed, when TOME aggregation fails or produces duplicate prefixes, or when output format mismatch causes downstream parse errors. Use when defining inscription contracts for file-based handoff, or when detecting which Ash type to use for a given review dimension. Keywords: orchestration, conflict detection, TOME aggregation, inscription, output format mismatch, file-based handoff, supervisor, swarm, pipeline. <example> Context: Running multi-agent code review user: "Review this PR with multiple agents" assistant: "I'll use rune-orchestration for context isolation and file-based handoff" </example> <example> Context: Coordinating a codebase audit user: "Run an audit with security and performance focus" assistant: "I'll use rune-orchestration for audit agent coordination and output format" </example>

Inspect per-agent structured artifacts from Rune workflow runs. List recent runs, show agent inputs/outputs, view timing statistics, and find failed agents for retry. Trigger keywords: runs, artifacts, agent history, workflow runs. <example> user: "/rune:runs list" assistant: "Scanning tmp/ for workflow run artifacts..." </example> <example> user: "/rune:runs failures" assistant: "Searching for failed/crashed agents across all runs..." </example>

Meta-QA self-audit for Rune's own workflow system. Audits agent definitions, workflow phases, rules, hooks for inconsistencies, contradictions, and drift. Produces SELF-AUDIT-REPORT.md with per-dimension scores and actionable findings. Use when: "audit rune itself", "check rune health", "self-audit", "meta-qa", "rune consistency check", "lint agents", "validate workflow", "check hooks". Covers: Workflow definition validation, agent prompt linting, rule consistency checking, hook integrity verification, echo-based recurrence tracking, phase necessity analysis (harness component stress testing).

Use when creating new skills, auditing existing skill compliance, verifying agent behavior under pressure, or when agents bypass rules despite explicit instructions. Provides a TDD methodology for documentation: write a failing scenario first, then write the skill to address it. Also use when observed agent output contradicts skill requirements, when rationalizations appear in agent messages, or when "simple change" arguments bypass gates. Keywords: pressure test, rationalization, skill compliance, TDD for docs, red-green-refactor skills, agent bypass, rule evasion, skill audit, bulletproofing, writing skills.

Stack-Aware Intelligence — auto-detects project tech stack (Python, TypeScript, Rust, PHP) from manifest files, routes context to domain-relevant skills, and selects specialist review agents. Covers detection, context routing, knowledge profiles, and enforcement agents. Trigger keywords: stack detection, context router, language profile, framework checklist, specialist agent, stack awareness.

Check status of background-dispatched Rune workers. Use when /rune:strive was run with --background (-bg) flag and you want to see dispatch progress, pending questions, and worker health without blocking the main session. Also use to detect stale dispatches (>2h) and orphaned workers. <example> user: "/rune:status" assistant: "Reading dispatch state file for active background dispatch..." </example> <example> user: "/rune:status 20260226-014500" assistant: "Checking dispatch state for timestamp 20260226-014500..." </example>

Storybook integration knowledge for component verification. Teaches agents how to use Storybook MCP tools, CSF3 story format, story generation patterns, and visual verification workflows. Trigger keywords: storybook, stories, CSF3, component preview, visual verification, story coverage, addon-mcp.

Multi-agent work execution using Agent Teams. Parses a plan into tasks, summons swarm workers that claim and complete tasks independently, and runs quality gates before completion. <example> user: "/rune:strive plans/feat-user-auth-plan.md" assistant: "The Tarnished marshals the Ash to forge the plan..." </example> <example> user: "/rune:strive" assistant: "No plan specified. Looking for recent plans..." </example>

Analyze project dependencies for supply chain risks. Checks maintainer count, commit frequency, CVE history, abandonment signals, bus factor, and security policy presence for each direct dependency. Supports npm, pip, cargo, go mod, and composer. Use when: "supply chain audit", "dependency risk", "check dependencies", "maintainer risk", "abandoned packages", "dependency health", "package security", "supply chain risk".

Use when a worker hits repeated failures (3+ attempts on the same task), when test failures have unclear root causes, when build errors persist after obvious fixes, when runtime behavior doesn't match expectations, or when "it works locally but fails in CI." Also use when test-failure-analyst returns LOW confidence, when ward check fails after a fix attempt, or when mend-fixer cannot reproduce a finding. Provides a 4-phase debugging methodology adapted for multi-agent context. Keywords: debug, troubleshoot, root cause, bisect, failure, retry, stuck, broken build, test failure, runtime error, unexpected behavior, regression, intermittent, flaky, can't reproduce, error message, stack trace, investigation.

Deep talisman.yml configuration expertise. Initialize, audit, update, and guide talisman configuration for any project. Scaffolds project-specific talisman.yml from the canonical example template, detects missing sections, and provides expert guidance on every configuration key. Use when the user says "init talisman", "setup talisman", "create talisman", "talisman audit", "check talisman", "talisman guide", "explain talisman", "update talisman", "talisman status", "what's in talisman", "configure rune", "rune config", "rune setup". Subcommands: /rune:talisman init — Scaffold new talisman.yml for current project /rune:talisman audit — Compare existing talisman against latest template /rune:talisman update — Add missing sections to existing talisman /rune:talisman guide [topic] — Explain talisman sections and best practices /rune:talisman status — Show current talisman summary /rune:talisman split — Split single talisman.yml into 3 companion files /rune:talisman merge — Merge companion files back into single talisman.yml Keywords: talisman, config, configuration, setup, init, initialize, scaffold, customize, rune config, rune setup, talisman audit, talisman gap, mcp, mcp integration, mcp setup, untitledui, untitled-ui, mcp tools, integrations, split, merge, companion, ashes, integrations file. <example> user: "/rune:talisman init" assistant: "Detects project stack, scaffolds talisman.yml..." </example> <example> user: "/rune:talisman audit" assistant: "Comparing project talisman against latest template..." </example> <example> user: "/rune:talisman guide codex" assistant: "Explains Codex configuration keys..." </example>

Intelligent master command for all Rune workflows. Parses natural language to route to the correct /rune:* skill, chains multi-step workflows, and checks prerequisites automatically. The Tarnished's unified entry point. Use when the user says "/tarnished plan ...", "/tarnished work ...", "/tarnished review ...", or any natural language describing what they want Rune to do. Handles Vietnamese and English input. Common usage: /rune:tarnished plan add user authentication /rune:tarnished work plans/my-plan.md /rune:tarnished review /rune:tarnished review and fix /rune:tarnished arc plans/my-plan.md /rune:tarnished arc-batch plans/*.md /rune:tarnished arc-issues --label "rune:ready" /rune:tarnished thảo luận rồi tạo plan cho feature X Also serves as a Rune expert — can explain how Rune works, recommend workflows, teach best practices, and guide developers through complex scenarios. Ask "/rune:tarnished help" or "/rune:tarnished what should I do?" Keywords: tarnished, master command, route, guide, what should I do, figure it out, do everything, help me, which command, rune help, how does rune work, explain, teach, recommend, best practice, brainstorm, explore idea, khám phá, thảo luận, mcp, mcp integration, untitledui, setup mcp, tích hợp mcp, cài đặt mcp, add agent, custom reviewer, which agents, force agent, always use agent, custom ash, agent list, thêm agent, danh sách agent. <example> user: "/rune:tarnished plan add dark mode" assistant: "The Tarnished heeds your call. Routing to /rune:devise..." </example> <example> user: "/rune:tarnished arc plans/feat-auth-plan.md" assistant: "The Tarnished heeds your call. Routing to /rune:arc..." </example> <example> user: "/rune:tarnished arc-batch plans/*.md" assistant: "The Tarnished heeds your call. Routing to /rune:arc-batch..." </example> <example> user: "/rune:tarnished review and fix" assistant: "The Tarnished charts a two-step path: appraise → mend..." </example> <example> user: "/rune:tarnished" assistant: "The Tarnished awaits your command. What would you have me do?" </example>

Centralized team management SDK for Rune workflows. Provides ExecutionEngine interface (TeamEngine), shared lifecycle protocols (teamTransition, cleanup, session isolation), preset system, and monitoring utilities. Use when spawning agent teams, monitoring teammates, or cleaning up workflows. Loaded automatically by workflow skills (appraise, strive, devise, mend, etc). Keywords: team management, team lifecycle, teamTransition, cleanup, agent teams, TeamCreate, TeamDelete, spawnAgent, shutdown, wave execution.

Display monitoring dashboard for active agent teams. Shows members, task progress, completion percentage, and health indicators. Use when you want to check what's running or diagnose stuck workflows. Keywords: team status, team dashboard, check progress, team management, monitor. <example> user: "/rune:team-status" assistant: "Scanning for active Rune teams..." </example> <example> user: "/rune:team-status rune-review-abc1234" assistant: "Checking status for team rune-review-abc1234..." </example>

Standalone browser E2E testing skill. Runs agent-browser tests against changed routes from a PR, branch, or current HEAD — without spawning an agent team. Supports both frontend AND backend changes: when only backend/API/database files change, traces impact forward to discover consuming frontend routes and tests them. Pipeline: backend file → API endpoint → frontend consumer → page → route. Use when the user says "test browser", "run browser tests", "E2E test my changes", "test routes", "browser test PR", "test-browser", "test API changes", "test backend impact", or invokes /rune:test-browser. Scope input (optional first argument): - PR number (e.g., "42") → fetches changed files from gh pr view - Branch name (e.g., "feature/login") → diffs against default branch - Empty → diffs current HEAD against default branch Flags: --headed Show browser window (requires display server) --deep Enable deep testing: interaction, data persistence, visual/layout, UX, workflow continuity --max-routes Cap route count (default 5, auto-capped to 3 with --deep) Keywords: browser test, E2E test, agent-browser, standalone test, route test, PR test, frontend test, backend test, API test, data flow test, UI verify, screenshot, browser automation, backend impact, user flow. <example> user: "/rune:test-browser 42" assistant: "Fetching changed files from PR #42, mapping to routes, running browser tests..." </example> <example> user: "/rune:test-browser feature/auth --headed" assistant: "Diffing feature/auth vs main, running headed browser tests on changed routes..." </example> <example> user: "/rune:test-browser --max-routes 3" assistant: "Testing current branch changes (capped at 3 routes)..." </example> <example> user: "/rune:test-browser 55" assistant: "PR #55 has only backend changes (API controllers, models). Tracing impact to frontend... Found 3 consuming routes: /users, /dashboard, /settings. Running browser tests..." </example>

Test orchestration pipeline for arc Phase 7.7. Provides 4-tier testing (unit, property-based, integration, E2E/browser) with diff-scoped discovery, service startup, and structured reporting. Tier 1.5 property-based testing detects roundtrip/validator/idempotent patterns and generates invariant tests with fast-check, hypothesis, proptest, or rapid. Includes extended tier with checkpoint/resume, contract validation, visual regression, design token compliance, accessibility checks, test history persistence, regression detection, and flaky test identification. Auto-loaded by arc orchestrator during test phase. Trigger keywords: testing, test pipeline, unit test, integration test, E2E test, test discovery, test report, QA, quality assurance, scenario schema, checkpoint, fixture, visual regression, design token, accessibility, test history, regression detection, flaky test, extended tier, contract validation, property-based testing, PBT, fast-check, hypothesis, proptest, invariant.

UntitledUI official MCP integration for Rune workflows. Provides 6 MCP tools for searching, browsing, and installing UntitledUI React components (free + PRO). Includes code conventions (React Aria, Tailwind v4.2, semantic colors, kebab-case), component patterns, and builder protocol metadata for automated pipeline integration. Use when agents build UI with UntitledUI components, when design-sync resolves components against UntitledUI library, or when workers need UntitledUI conventions. Trigger keywords: untitledui, untitled ui, untitled-ui, UntitledUI PRO, react aria, component library, ui builder, mcp component search.

Use when the user asks to review code, plan features, brainstorm ideas, audit a codebase, implement a plan, fix review findings, debug failed builds, analyze code impact, or run end-to-end workflows. Also use when the user seems unsure which Rune command to use, when the user says "review", "plan", "brainstorm", "explore idea", "audit", "implement", "fix findings", "ship it", "check my code", "what changed", or "help me think through this". Routes user intent to the correct /rune:* command. Keywords: which command, what to use, rune help, workflow routing, review, audit, plan, brainstorm, explore, implement.

UX design intelligence for code review and planning. Provides heuristic evaluation checklists (Nielsen Norman 10 + Baymard 207 adapted), interaction pattern libraries, flow validation, cognitive walkthrough protocols, and aesthetic quality scoring. Routes to greenfield (new project) or brownfield (existing codebase) UX processes based on context. Trigger keywords: UX, usability, heuristic evaluation, user experience, interaction design, cognitive walkthrough, accessibility, touch targets, user flow, design review, UX audit, Nielsen, Baymard, usability testing.

Find similar bugs across the codebase based on a confirmed finding. Takes a TOME finding ID or pattern description, extracts the root cause, and systematically searches for variants using progressive generalization. Use when: "find more like this", "variant analysis", "similar bugs", "same pattern elsewhere", "hunt for variants", "variant hunt".

Use when generating Bash commands on macOS, when ZSH-001 hook denies a command, when "read-only variable", "no matches found", or "command not found: !" errors appear in shell output, when writing for loops over glob patterns, or when "bad math expression" errors appear from date commands. Covers read-only variables (status, pipestatus, ERRNO), glob NOMATCH protection, history expansion of the "!" operator before "[[", word splitting, array indexing, and BSD date missing `%N` nanoseconds (macOS). Keywords: zsh, NOMATCH, status variable, read-only, nullglob, glob, ZSH-001, history expansion, command not found, date, %N, nanosecond, millisecond, gdate, bad math expression. <example> Context: LLM generating a Bash command with a loop over glob pattern. user: (internal — about to write shell code) assistant: "Using (N) qualifier on the glob for zsh safety." <commentary>zsh-compat ensures safe glob patterns in generated code.</commentary> </example> <example> Context: ZSH-001 hook denied a command. user: (internal — hook denied status= assignment) assistant: "Renaming to task_status per zsh-compat guidance." <commentary>zsh-compat explains why ZSH-001 fires and the correct alternative.</commentary> </example>

64 hooks across 17 events