npx claudepluginhub roberto-mello/lavra --plugin beads-compoundWant just this skill?
Add to a custom plugin, then install with one command.
Configure this project's tech stack and review agents. Auto-detects stack from project files, lets you toggle specific agents off, and saves config to .beads/config/project-setup.md. Use when setting up a new project, reconfiguring reviewers, or before running /beads-review.
This skill is limited to using the following tools:
Project Setup Skill
Configure which review agents and stack context apply to this project. Results are saved to .beads/config/project-setup.md and shared with the team via git.
What This Skill Does
- Auto-detects the project tech stack from config files
- Shows the default agents for that stack
- Lets you disable specific agents
- Optionally adds reviewer context notes
- Saves config to
.beads/config/project-setup.md
Security Note
.beads/config/project-setup.md is committed to git and readable by all review agents. Anyone with repository write access can modify this config. Review context is sanitized on every read — never include secrets, credentials, or sensitive business logic.
<critical_sequence name="project-setup" enforce_order="strict">
Setup Process
<step number="1" required="true"> ### Step 1: Check for Existing Configcat .beads/config/project-setup.md 2>/dev/null
If config exists, present options and WAIT for user response:
Project config already exists:
Stack: [detected from frontmatter]
Review agents: [list]
What would you like to do?
1. Reconfigure (overwrite existing config)
2. View current config
3. Cancel
Choose (1-3): _
- Option 2: Display the full config file contents, then re-present the menu.
- Option 3: Exit skill immediately.
- Option 1: Continue to Step 2.
If no config exists, proceed directly to Step 2. </step>
<step number="2" required="true" depends_on="1"> ### Step 2: Detect Tech StackCheck for project files in this order. Do NOT short-circuit — a project can match multiple stacks (e.g., Rails + TypeScript with Webpacker).
Detection rules:
| Detection | Stack | Notes |
|---|---|---|
Gemfile AND config/routes.rb both exist | rails | Full Rails app |
Gemfile exists (no config/routes.rb) | ruby | Ruby gem or non-Rails app |
tsconfig.json exists | typescript | TypeScript project |
package.json exists without TypeScript dependency | javascript | Plain JS project |
pyproject.toml OR requirements.txt exists | python | Python project |
| None of the above | general | Fallback |
Check for TypeScript in package.json (for javascript vs typescript distinction):
# Check if typescript is listed as a dependency
grep -q '"typescript"' package.json 2>/dev/null && echo "has_ts" || echo "no_ts"
Glob checks to run:
Gemfile
config/routes.rb
tsconfig.json
package.json
pyproject.toml
requirements.txt
If multiple stacks match (e.g., Gemfile + package.json), prefer the most specific:
railsoverrubytypescriptoverjavascript- If rails + typescript both match, report both and let user choose
Show detection results and offer override:
Detected stack: [stack]
Files found: [list of matched files]
Use this stack? [Y/n] or enter override (rails/ruby/typescript/javascript/python/general): _
WAIT for user response. Accept Enter or Y to confirm detected stack. </step>
<step number="3" required="true" depends_on="2"> ### Step 3: Select Review AgentsShow the default agents for the confirmed stack and let the user disable specific ones.
Default agents by stack:
| Stack | Default Review Agents |
|---|---|
rails | kieran-rails-reviewer, dhh-rails-reviewer, code-simplicity-reviewer, security-sentinel, performance-oracle |
ruby | kieran-rails-reviewer, code-simplicity-reviewer, security-sentinel, performance-oracle |
typescript | kieran-typescript-reviewer, code-simplicity-reviewer, security-sentinel, performance-oracle |
javascript | kieran-typescript-reviewer, code-simplicity-reviewer, security-sentinel, performance-oracle |
python | kieran-python-reviewer, code-simplicity-reviewer, security-sentinel, performance-oracle |
general | code-simplicity-reviewer, security-sentinel, performance-oracle, architecture-strategist |
Default plan review agents (subset, used for /beads-plan-review):
| Stack | Default Plan Review Agents |
|---|---|
rails | kieran-rails-reviewer, code-simplicity-reviewer |
ruby | kieran-rails-reviewer, code-simplicity-reviewer |
typescript | kieran-typescript-reviewer, code-simplicity-reviewer |
javascript | kieran-typescript-reviewer, code-simplicity-reviewer |
python | kieran-python-reviewer, code-simplicity-reviewer |
general | code-simplicity-reviewer, architecture-strategist |
Present the agent list and WAIT for user response:
Review agents for [stack] stack:
1. [agent-1] [short description]
2. [agent-2] [short description]
3. [agent-3] [short description]
4. [agent-4] [short description]
5. [agent-5] [short description] (if applicable)
Enter numbers to disable (comma-separated), or press Enter to keep all: _
Agent descriptions for display:
| Agent | Short Description |
|---|---|
| kieran-rails-reviewer | Rails patterns, ActiveRecord, test coverage |
| dhh-rails-reviewer | DHH conventions, simplicity, Rails Way |
| kieran-typescript-reviewer | TypeScript types, async patterns, safety |
| kieran-python-reviewer | Python idioms, typing, test coverage |
| code-simplicity-reviewer | Complexity, YAGNI, maintainability |
| security-sentinel | Security vulnerabilities, injection, auth |
| performance-oracle | N+1 queries, caching, algorithmic complexity |
| architecture-strategist | System design, coupling, scalability |
Build the final review_agents and plan_review_agents lists by removing any disabled agents. If an agent is disabled from review_agents and was also in plan_review_agents, remove it from plan_review_agents too.
Minimum agents check: If disabling would leave fewer than 2 review agents, warn:
[!] Warning: Disabling those agents leaves only [N] reviewer(s).
Reviews may miss important issues. Continue? [y/N] _
Ask the user if they want to add project-specific context for reviewers:
Add reviewer context notes? (optional, max 500 chars)
Examples: "FastAPI project with SQLAlchemy. All endpoints require auth middleware."
"React + Rails API. Frontend uses React Query. No Redux."
Enter context (or press Enter to skip): _
WAIT for user input. If user presses Enter with no content, skip.
Sanitization rules (applied before writing):
- Strip
<and>characters - Strip these prefixes (case-insensitive):
SYSTEM:,ASSISTANT:,USER:,HUMAN:,[INST] - Strip triple backticks
- Strip
<s>,</s>tags - Strip carriage returns (
\r) and null bytes - Strip Unicode bidirectional override characters (U+202A–U+202E, U+2066–U+2069)
- Truncate to 500 characters after stripping
- Show the sanitized result to the user if anything was stripped </step>
Create config directory:
mkdir -p .beads/config
Build the YAML frontmatter:
---
stack: [stack]
review_agents:
- [agent-1]
- [agent-2]
...
plan_review_agents:
- [agent-1]
- [agent-2]
...
disabled_agents: [list of disabled agents, or empty array []]
---
Add reviewer context block (only if provided in Step 4):
<reviewer_context_note>
[sanitized context, max 500 chars]
</reviewer_context_note>
Write the complete file to .beads/config/project-setup.md.
Show confirmation:
Config saved to .beads/config/project-setup.md
Stack: [stack]
Review agents: [count] configured
Disabled: [list or "none"]
Commit this file with your project to share the config with your team:
git add .beads/config/project-setup.md
git commit -m "chore: add project-setup config"
</critical_sequence>
Config File Format
.beads/config/project-setup.md is a markdown file with YAML frontmatter:
---
stack: python
review_agents:
- kieran-python-reviewer
- code-simplicity-reviewer
- security-sentinel
- performance-oracle
- architecture-strategist
plan_review_agents:
- kieran-python-reviewer
- code-simplicity-reviewer
disabled_agents: []
---
<reviewer_context_note>
FastAPI project with SQLAlchemy + Alembic.
All endpoints require auth middleware.
</reviewer_context_note>
Why .beads/config/ not .beads/memory/:
.beads/memory/ uses merge=union gitattributes which would corrupt YAML frontmatter during git merges. .beads/config/ uses normal git merge behavior, making it safe for YAML.
Commit to git: This file is team configuration. Commit it so all team members use the same reviewer setup. Do not gitignore it.
Integration with Other Commands
/beads-review
When running /beads-review, check for this config first:
# Check if project config exists
if [ -f ".beads/config/project-setup.md" ]; then
# Extract stack and review_agents from frontmatter
# Use configured agents instead of defaults
fi
/beads-plan-review
Uses plan_review_agents from config (the lighter subset for plan review).
How Agents Read the Config
Review agents should check .beads/config/project-setup.md for:
review_agentslist — which agents to invoke<reviewer_context_note>— project-specific context to include in each review prompt
Sanitize on read: When injecting <reviewer_context_note> content into prompts, always re-sanitize using the full strip list (same rules as on write) even though it was sanitized on write. Defense in depth.
Note: /beads-review does not inject reviewer_context_note — review agents derive project context from the code. Only /beads-parallel injects it (pre-work conventions for implementors).
Error Handling
.beads/ directory doesn't exist:
[!] No .beads/ directory found. Is this a beads project?
Run: bd init
mkdir -p fails:
[!] Could not create .beads/config/ — check directory permissions.
Write fails:
[!] Could not write .beads/config/project-setup.md — check file permissions.
Execution Guidelines
MUST do:
- Check for existing config before proceeding (Step 1)
- Run all glob checks before deciding stack (do not short-circuit)
- Sanitize reviewer context before writing
- Create
.beads/config/withmkdir -p - Tell user to commit the config file
MUST NOT do:
- Write to
.beads/memory/(wrong directory, corrupts on merge) - Scan
~/.claude/agents/for dynamic agent discovery (security risk) - Store secrets, API keys, or credentials in the config
- Remove
.beads/config/on uninstall (it is user data)