From devflow-enforcer
Capture a lesson learned when closing a finding. MANDATORY skill - cannot close findings without capturing lessons. Use when resolving issues, bugs, or findings to prevent repeated mistakes.
npx claudepluginhub xarlord/devflow-enforcer --plugin devflow-enforcerThis skill uses the workspace's default tool permissions.
This skill captures a lesson learned when closing a finding. It is MANDATORY - you cannot close findings without capturing what was learned.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
This skill captures a lesson learned when closing a finding. It is MANDATORY - you cannot close findings without capturing what was learned.
CRITICAL ENFORCEMENT: This skill enforces knowledge retention. Every closed finding MUST have an associated lesson.
Per workflow requirement: "When a finding is closed, the workflow must enforce documenting what was learned."
This prevents:
1. VALIDATE required fields
2. CREATE LessonLearned object
3. SAVE to templates/lessons-learned.md
4. LINK to finding
5. CONFIRM capture complete
| Parameter | Type | Description | Required |
|---|---|---|---|
| findingId | string | ID of the finding being closed | Yes |
| category | enum | Technical, Process, Communication, Tooling | Yes |
| title | string | Brief title of the lesson (max 80 chars) | Yes |
| description | string | What was the issue? | Yes |
| rootCause | string | Why did this happen? | Yes |
| solution | string | How was it resolved? | Yes |
| preventionSteps | string[] | Steps to prevent recurrence | Yes |
| tags | string[] | Tags for categorization | No |
| priority | enum | Critical, High, Medium, Low | No (default: High) |
| Category | Description | Example |
|---|---|---|
| Technical | Code, architecture, infrastructure | "Always validate API responses" |
| Process | Workflow, methodology, procedures | "Review PRs before merging" |
| Communication | Documentation, collaboration | "Document API changes in changelog" |
| Tooling | Build tools, CI/CD, frameworks | "Pin dependency versions" |
## Lesson Captured: [Title]
- **ID:** LESSON-[timestamp]-[random]
- **Finding:** [findingId]
- **Category:** [category]
- **Priority:** [priority]
- **Captured:** [timestamp]
### Problem
[description]
### Root Cause
[rootCause]
### Solution
[solution]
### Prevention Steps
1. [step 1]
2. [step 2]
...
### Tags
[tag1], [tag2], ...
---
*This lesson has been saved to templates/lessons-learned.md*
USER: I fixed the SQL injection vulnerability in the user search feature.
[Agent captures lesson]
SKILL INPUT:
{
"findingId": "FIND-2026-0217-001",
"category": "Technical",
"title": "SQL Injection in User Search",
"description": "User search feature was vulnerable to SQL injection attacks through the name parameter",
"rootCause": "Direct string concatenation in SQL query instead of parameterized queries",
"solution": "Replaced string concatenation with parameterized queries using the ORM",
"preventionSteps": [
"Always use parameterized queries for database operations",
"Never trust user input - always sanitize",
"Run SQL injection scans in CI/CD pipeline"
],
"tags": ["security", "sql", "injection", "database"],
"priority": "Critical"
}
SKILL OUTPUT:
## Lesson Captured: SQL Injection in User Search
- **ID:** LESSON-20260217-a1b2c3d4
- **Finding:** FIND-2026-0217-001
- **Category:** Technical
- **Priority:** Critical
- **Captured:** 2026-02-17T11:30:00Z
### Problem
User search feature was vulnerable to SQL injection attacks through the name parameter
### Root Cause
Direct string concatenation in SQL query instead of parameterized queries
### Solution
Replaced string concatenation with parameterized queries using the ORM
### Prevention Steps
1. Always use parameterized queries for database operations
2. Never trust user input - always sanitize
3. Run SQL injection scans in CI/CD pipeline
### Tags
security, sql, injection, database
---
*This lesson has been saved to templates/lessons-learned.md*
USER: The build failed because we forgot to update the lock file.
SKILL INPUT:
{
"findingId": "FIND-2026-0217-002",
"category": "Process",
"title": "Package Lock File Not Updated",
"description": "Build failed because package-lock.json was not updated after adding new dependency",
"rootCause": "Developer added dependency but did not commit lock file changes",
"solution": "Added pre-commit hook to verify lock file is updated when package.json changes",
"preventionSteps": [
"Always commit lock file when changing package.json",
"Run npm ci instead of npm install in CI",
"Add pre-commit hook to check for lock file sync"
],
"tags": ["build", "npm", "dependencies", "ci"],
"priority": "Medium"
}
templates/lessons-learned.mdcheck-lessons skill before agent workFINDING CREATED → ASSIGNED → RESOLVED → [CAPTURE LESSON] → CLOSED
↑
MANDATORY STEP
| Error | Cause | Resolution |
|---|---|---|
| "Finding ID required" | No findingId provided | Provide the finding ID |
| "Description required" | Empty description | Describe what the issue was |
| "Root cause required" | Empty rootCause | Explain why this happened |
| "Solution required" | Empty solution | Explain how it was fixed |
| "Prevention steps required" | Empty preventionSteps | List steps to prevent recurrence |
| "Invalid category" | Category not in enum | Use: Technical, Process, Communication, Tooling |
templates/lessons-learned.md - Lessons are appended herefindings.md - Finding updated with lesson reference.devflow/context-checkpoint.md - Included in context checkpoints