From forge
Universal dev workflow orchestrator. Use this skill whenever working on any software project — picking up tasks from Linear or GitHub Issues, creating branches, developing features, running linting and tests, creating PRs, handling CodeRabbit reviews, or deploying. Trigger on any mention of tasks, issues, PR workflows, code review, linting, testing, migrations, deployments, or dev workflow questions. Works on any tech stack — auto-detects languages, frameworks, and tooling.
npx claudepluginhub bishwas-py/forge --plugin forgeThis skill uses the workspace's default tool permissions.
Forge orchestrates the full development lifecycle for any project, any stack. It detects what you're working with, learns your conventions, and guides every step from task pickup to merged PR.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Forge orchestrates the full development lifecycle for any project, any stack. It detects what you're working with, learns your conventions, and guides every step from task pickup to merged PR.
Each workflow phase delegates to specific plugins. If a plugin is not installed, Forge skips that delegation and handles what it can natively.
| Phase | Plugins / Tools | What happens |
|---|---|---|
| Read state | linear or gh | Fetch tasks from stored source, check open PRs and CI status |
| Pick a task | linear or gh | Fetch backlog, rank priorities, let user choose |
| Create branch | gh | Get task ID from task source, create branch with naming convention |
| Spin up dev env | recon-env.sh, Docker Compose | Isolated environment per branch — own UI, API, DB on dedicated ports |
| Develop (backend/general) | feature-dev | Structured development with codebase analysis and architecture focus |
| Develop (frontend/UI) | frontend-design, feature-dev | Design + implement UI components with high design quality |
| Pre-PR gate: recon scan | recon scripts | Security headers, accessibility, CORS checks against live dev environment |
| Pre-PR gate: E2E | playwright | Visual verification of critical user flows |
| Pre-PR gate: cleanup | code-simplifier | Simplify overly complex code before PR |
| Pre-PR gate: self-review | (Forge itself) | git diff all session changes — review for bugs, logic errors, security issues |
| Create PR | github | gh pr create with description + task reference |
| Review cycle | github | Fetch PR comments, check CI, push fixes |
| Merge + teardown | gh, linear, recon-env.sh | Merge PR, tear down dev environment, task auto-updates |
Before doing anything, assess where the project stands right now.
git status, git branch, git log --oneline -5gh pr list --state open and gh pr view if on a PR branchCheck the stored task source for current work:
gh issue list --assignee @me --state openCheck if current branch maps to a task (Linear prefix or #N issue number).
Combine all signals into a concise status summary:
"You're on branch
feature/user-auth, with 3 uncommitted files. There's an open PR with 2 unresolved CodeRabbit comments and passing CI. Your task PROJ-42 is marked In Progress."
Then ask the user what they want to do next. Never auto-resume.
When the user wants to pick up new work:
On first run, ask once and store the answer:
"Where do you track tasks for this project?"
- Linear (which team?)
- GitHub Issues
- Neither — I'll just ask you what to work on
Linear path:
GitHub Issues path:
gh issue list --state open to fetch open issuesNeither path: Skip fetching. Ask the user what they want to work on.
In all cases: ask the user which task to work on — never auto-select.
On first run, or when working in an unfamiliar project, detect the stack.
package.json, pyproject.toml, mix.exs, go.mod, Cargo.toml, Makefile, docker-compose.yml, pom.xml, build.gradle, Gemfile, rebar.config, deno.json, etc.)Do NOT hardcode a mapping of files to stacks. Read the files and let your understanding of the ecosystem guide inference. This way it works for Elixir, Zig, Gleam, or anything else.
references/detection.mdAfter user confirms, ask:
.claude/CLAUDE.md (git tracked, teammates benefit)~/.claude/projects/<project>/memory/ (local only)For detailed persistence guidance, read references/knowledge-persistence.md
After detection, check for missing tooling. For each gap:
"No linter detected for this [language] project. I'd recommend [best tool for stack]. Want me to:
- Set it up with sensible defaults?
- Set up something else?
- Skip for now?"
Same pattern — recommend the standard test framework for the detected stack.
Recommend trivy, bandit, npm audit, mix audit, cargo audit, etc. based on stack.
Recommend husky, pre-commit, lefthook, etc.
Recommend a GitHub Actions workflow matching the detected stack.
Store every decision. If the user says "skip linting", don't ask again next session. If they say "set up ruff", the pre-PR gate knows to run ruff check going forward.
username/TASK-<N>-<desc>, feature/<desc>, fix/<desc>MAK-42)42)After branch creation, check if the project has a docker-compose.yml (or compose.yml). If it does, offer to spin up an isolated dev environment for this branch:
"This project has a Docker Compose file. Want me to spin up an isolated dev environment for this branch? You'll get your own UI, API, and DB on dedicated ports — no conflicts with anything else running."
- Yes — spin up the environment
- No — use whatever the user has running already
- Always — spin up for every branch (store this preference)
If the user says yes or always:
# Use recon's environment manager in dev mode (current directory, no extraction)
bash "${CLAUDE_SKILL_DIR}/../recon/scripts/recon-env.sh" dev 5180 8010 5442
This creates:
Print the environment details:
Dev environment ready:
Branch: feature/user-auth
UI: http://localhost:5180
API: http://localhost:8010
DB: localhost:5442
Develop against these URLs. Environment will be torn down after PR merge.
If no Docker Compose file exists, skip this step. The user manages their own servers.
If Docker is not installed, skip this step silently.
Store the environment preference (yes/no/always) so the user isn't asked every time.
Delegate to the right plugin based on what's being built:
During development:
/add-dir)/tmp/recon-envs/recon-<id>/env.meta.If a dev environment is active:
bash "${CLAUDE_SKILL_DIR}/../recon/scripts/recon-env.sh" status <task_id> — verify services are still runningbash "${CLAUDE_SKILL_DIR}/../recon/scripts/recon-env.sh" down <task_id>
bash "${CLAUDE_SKILL_DIR}/../recon/scripts/recon-env.sh" up <task_id> <branch> 5180 8010 5442
--build flag (used by recon-env.sh up) handles rebuilding automatically.Before creating any PR, run through ALL applicable steps. Do not skip any that are configured.
Run the stored lint/format commands for every affected repo. Fix all errors before proceeding.
Run the stored test commands. All tests must pass. If a test fails, fix it before moving on.
If configured, run E2E tests (e.g. Playwright). Also use the playwright plugin to visually verify critical user flows affected by the changes.
If configured, run the stored security scanning commands.
If a dev environment was spun up in Phase 4, run a quick recon scan before the PR. This catches data consistency issues, security misconfigs, and UI problems that unit tests miss:
# Run programmatic scans only (fast, no full crawl)
bash "${CLAUDE_SKILL_DIR}/../recon/scripts/security-scan.sh" "http://localhost:5180"
bash "${CLAUDE_SKILL_DIR}/../recon/scripts/security-scan.sh" "http://localhost:8010"
bash "${CLAUDE_SKILL_DIR}/../recon/scripts/accessibility-audit.sh" "http://localhost:5180"
If any [CRITICAL] findings appear, treat them as MUST FIX before proceeding to PR.
If the user wants a full recon (crawl + cross-check + form attacks), suggest running /forge:recon with the dev environment URLs.
Strict, line-by-line review of every change made in this session. No file gets skipped.
git diff — review every file, every hunkreferences/pre-pr-gate.mdIf a step has no configured command (user previously chose "skip"), skip it silently.
gh pr create with a clear title and description referencing the task:
Closes #N in description. GitHub auto-closes the issue on merge.bash "${CLAUDE_SKILL_DIR}/../recon/scripts/recon-env.sh" down <task_id>
Throughout the workflow, you will discover new information about the project:
Every time crucial top-level info is discovered, ask the user where to store it:
.claude/CLAUDE.md) — visible to all team members, git tracked~/.claude/projects/<project>/memory/) — local only, private preferencesOn session start, read from both locations and merge. Team-shared takes precedence for project facts; personal takes precedence for user preferences.
For the storage format and detailed guidance, read references/knowledge-persistence.md
When the user says "read the confidence letter and gain 100%" or similar, forge enters fix-loop mode.
Look for the most recent recon-confidence-letter-*.md in the project root. If not found, tell the user to run /forge:recon first.
Read the confidence letter and extract every finding that is NOT [PASS]:
[CRITICAL] → MUST FIX — fix immediately, no questions asked[FAIL] → MUST FIX — fix immediately[WARN] → SHOULD FIX — present to user, recommend fixing[INFO] → CONSIDER — present to user, let them decideFor each finding, extract:
Order findings by severity (CRITICAL first), then by category (group related fixes). Present the full list to the user:
Recon found 12 issues. Here's the fix plan:
MUST FIX (5):
1. [CRITICAL] CORS wildcard — backend/config/cors.py
2. [CRITICAL] Price mismatch on /orders — frontend/components/OrderCard.svelte
3. [FAIL] Negative quantity accepted — backend/validators.py + frontend form
4. [FAIL] Missing HSTS header — backend/middleware.py
5. [FAIL] FK orphans in orders table — needs migration
SHOULD FIX (4):
6. [WARN] Contrast ratio on /dashboard — frontend/styles
7. [WARN] Missing alt text on 3 images — frontend/components
8. [WARN] Cookie missing SameSite flag — backend/auth
9. [WARN] Status mapping inconsistency — frontend/utils
CONSIDER (3):
10. [INFO] Server header exposes version
11. [INFO] No Referrer-Policy header
12. [INFO] Console warning on /items page
Ask user to confirm or adjust the plan.
For each fix task:
After all MUST FIX items are done, ask user about SHOULD FIX items. After those, ask about CONSIDER items.
After all accepted fixes are implemented:
All fixes applied. Run `/forge:recon` to verify and update the confidence score.
Current confidence was: [previous score]/100
The user runs /forge:recon again, which produces a new confidence letter. If issues remain, the user runs this phase again. The loop continues until 100% or the user is satisfied.
| Step | What happens |
|---|---|
| Read state | Git status, open PRs, tasks (Linear / GitHub Issues / none) — present summary, ask user |
| Pick a task | Fetch from stored task source, rank by usefulness + complexity, user decides |
| Detect project | Scan files, infer stack, user confirms, store knowledge |
| Fill gaps | Missing linter/tests/security/CI? Recommend, user decides, store |
| Create branch | Follow stored naming convention, include task ID |
| Spin up dev env | Docker Compose isolation per branch — own UI, API, DB (if Docker available) |
| Develop | Code across repos, respect hard rules, test against isolated environment |
| Pre-PR gate | Lint, test, E2E, recon quick scan, security, self-review — all must pass |
| Create PR | gh pr create with description + task reference |
| Review cycle | CodeRabbit comments → fix → get approval |
| Merge + teardown | Merge → tear down dev environment → deploy (if configured) → task auto-updates |
| Persist knowledge | New discovery → ask user: team-shared or personal? → store |