Capture a lesson learned when closing a finding. MANDATORY skill - cannot close findings without capturing lessons. Use when resolving issues, bugs, or findings to prevent repeated mistakes.
Captures mandatory lessons learned when closing findings to prevent repeated mistakes.
npx claudepluginhub xarlord/devflow-enforcerThis skill inherits all available tools. When active, it can use any tool Claude has access to.
This skill captures a lesson learned when closing a finding. It is MANDATORY - you cannot close findings without capturing what was learned.
CRITICAL ENFORCEMENT: This skill enforces knowledge retention. Every closed finding MUST have an associated lesson.
Per workflow requirement: "When a finding is closed, the workflow must enforce documenting what was learned."
This prevents:
1. VALIDATE required fields
2. CREATE LessonLearned object
3. SAVE to templates/lessons-learned.md
4. LINK to finding
5. CONFIRM capture complete
| Parameter | Type | Description | Required |
|---|---|---|---|
| findingId | string | ID of the finding being closed | Yes |
| category | enum | Technical, Process, Communication, Tooling | Yes |
| title | string | Brief title of the lesson (max 80 chars) | Yes |
| description | string | What was the issue? | Yes |
| rootCause | string | Why did this happen? | Yes |
| solution | string | How was it resolved? | Yes |
| preventionSteps | string[] | Steps to prevent recurrence | Yes |
| tags | string[] | Tags for categorization | No |
| priority | enum | Critical, High, Medium, Low | No (default: High) |
| Category | Description | Example |
|---|---|---|
| Technical | Code, architecture, infrastructure | "Always validate API responses" |
| Process | Workflow, methodology, procedures | "Review PRs before merging" |
| Communication | Documentation, collaboration | "Document API changes in changelog" |
| Tooling | Build tools, CI/CD, frameworks | "Pin dependency versions" |
## Lesson Captured: [Title]
- **ID:** LESSON-[timestamp]-[random]
- **Finding:** [findingId]
- **Category:** [category]
- **Priority:** [priority]
- **Captured:** [timestamp]
### Problem
[description]
### Root Cause
[rootCause]
### Solution
[solution]
### Prevention Steps
1. [step 1]
2. [step 2]
...
### Tags
[tag1], [tag2], ...
---
*This lesson has been saved to templates/lessons-learned.md*
USER: I fixed the SQL injection vulnerability in the user search feature.
[Agent captures lesson]
SKILL INPUT:
{
"findingId": "FIND-2026-0217-001",
"category": "Technical",
"title": "SQL Injection in User Search",
"description": "User search feature was vulnerable to SQL injection attacks through the name parameter",
"rootCause": "Direct string concatenation in SQL query instead of parameterized queries",
"solution": "Replaced string concatenation with parameterized queries using the ORM",
"preventionSteps": [
"Always use parameterized queries for database operations",
"Never trust user input - always sanitize",
"Run SQL injection scans in CI/CD pipeline"
],
"tags": ["security", "sql", "injection", "database"],
"priority": "Critical"
}
SKILL OUTPUT:
## Lesson Captured: SQL Injection in User Search
- **ID:** LESSON-20260217-a1b2c3d4
- **Finding:** FIND-2026-0217-001
- **Category:** Technical
- **Priority:** Critical
- **Captured:** 2026-02-17T11:30:00Z
### Problem
User search feature was vulnerable to SQL injection attacks through the name parameter
### Root Cause
Direct string concatenation in SQL query instead of parameterized queries
### Solution
Replaced string concatenation with parameterized queries using the ORM
### Prevention Steps
1. Always use parameterized queries for database operations
2. Never trust user input - always sanitize
3. Run SQL injection scans in CI/CD pipeline
### Tags
security, sql, injection, database
---
*This lesson has been saved to templates/lessons-learned.md*
USER: The build failed because we forgot to update the lock file.
SKILL INPUT:
{
"findingId": "FIND-2026-0217-002",
"category": "Process",
"title": "Package Lock File Not Updated",
"description": "Build failed because package-lock.json was not updated after adding new dependency",
"rootCause": "Developer added dependency but did not commit lock file changes",
"solution": "Added pre-commit hook to verify lock file is updated when package.json changes",
"preventionSteps": [
"Always commit lock file when changing package.json",
"Run npm ci instead of npm install in CI",
"Add pre-commit hook to check for lock file sync"
],
"tags": ["build", "npm", "dependencies", "ci"],
"priority": "Medium"
}
templates/lessons-learned.mdcheck-lessons skill before agent workFINDING CREATED → ASSIGNED → RESOLVED → [CAPTURE LESSON] → CLOSED
↑
MANDATORY STEP
| Error | Cause | Resolution |
|---|---|---|
| "Finding ID required" | No findingId provided | Provide the finding ID |
| "Description required" | Empty description | Describe what the issue was |
| "Root cause required" | Empty rootCause | Explain why this happened |
| "Solution required" | Empty solution | Explain how it was fixed |
| "Prevention steps required" | Empty preventionSteps | List steps to prevent recurrence |
| "Invalid category" | Category not in enum | Use: Technical, Process, Communication, Tooling |
templates/lessons-learned.md - Lessons are appended herefindings.md - Finding updated with lesson reference.devflow/context-checkpoint.md - Included in context checkpointsActivates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
This skill should be used when the user asks to "create an agent", "add an agent", "write a subagent", "agent frontmatter", "when to use description", "agent examples", "agent tools", "agent colors", "autonomous agent", or needs guidance on agent structure, system prompts, triggering conditions, or agent development best practices for Claude Code plugins.