Engineering standards audit commands for any repo, any stack, plus learning workflows for engineers
Use when checking if a repo follows 12-factor app principles — config stored in
env vars (not hardcoded), dependency lockfiles present, CI pipeline separation,
structured logging to stdout, or dev/prod environment parity. Activates when
someone asks about 12-factor compliance, deployment readiness, or config
management practices in a Node.js or Python project. Also trigger when someone
notices hardcoded localhost URLs, missing .env.example, or asks "is this
deploy-ready?" — even without mentioning 12-factor explicitly.
Use when auditing whether a repo is configured for AI-assisted development —
checking .claude/ setup quality, CLAUDE.md completeness, skills/agents presence,
hooks, memory, or MCP server configuration. Activates when someone asks "is this
repo AI-ready?", "how well is Claude configured here?", or wants to assess
AI readiness before starting work on an unfamiliar project. Also trigger when
reviewing any .claude/ config, CLAUDE.md quality, or hooks setup — even if the
user doesn't explicitly mention "AI readiness".
Use at the end of a Claude Code session to capture project-specific friction
as proposed CLAUDE.md edits. Triggered by /debrief (no args) to scan the full
session, or /debrief <hint> to focus on a specific area
(e.g., /debrief the API naming convention thing). Returning "session looks
clean" with no proposals is a first-class outcome, not a fallback. Triggers
on: "/debrief", "debrief the session", "wrap up this session", "what did we
learn", "any rules to capture", "should we update CLAUDE.md".
Use when the user is done learning for the day, wants to save progress, or wants to
wrap up a lesson. Also triggered by /learn when postponing or abandoning. Updates the
learning intelligence layer (insights.md) after each session. Triggers on: "end session",
"done learning", "save progress", "wrap up", "end-learn", "I'm done for today".
Use when auditing git practices in a repo — Conventional Commits compliance,
branch naming standards, secrets committed to history, direct commits to main,
or stale branches. Activates when someone asks "is the git hygiene good here?",
wants to check commit discipline, or needs to assess branch/release health
before starting work on a project. Also trigger when someone asks "are my commits
OK?", "is my branch name right?", or shares a git log — even if they don't
explicitly mention "hygiene".
Use when the user wants to set up or update their learning profile, configure learning
preferences, update their role or gaps, add feedback from reviews or 1:1s, or when
any other learning skill detects no profile exists. Triggers on: "set up learning",
"update my learning profile", "init learning", or pasting performance feedback.
Use when the user wants to sit down and learn, continue a lesson, practice a skill,
or work through a learning project. Triggers on: "let's learn", "continue my lesson",
"start learning", "practice", "I have time to learn", or "pick up where I left off".
Internal-only skill — never called directly by users. Provides the Learning
Intelligence Layer. Two modes: "build context" (called by /learn at session start)
reads learning history and produces a learner context; "update insights" (called by
/end-learn after session close) updates the persistent insights.md summary.
Use when the user wants to review what they've learned, see progress on their gaps,
get a summary of recent learning sessions, or wants article ideas based on learnings.
Triggers on: "learning report", "what have I learned", "progress report", "summarize
my learning", or "learning summary for the last month".
Use when the user wants a fast status check on their learning without a full report.
Triggers on: "learning status", "where am I", "what's my learning state", "how's my
learning going", or "check my progress".
Use when the user wants to find what to learn next, explore learning topics, get
project ideas for a skill gap, or add a learning idea to their backlog. Triggers on:
"what should I learn", "suggest learning projects", "I want to learn X", "add to my
learning backlog", or "find me resources on X".
Use when scanning a Node.js or Python repo for OWASP Top 10 vulnerabilities —
hardcoded secrets, SQL injection patterns, weak cryptography, dangerous functions
(eval, exec, shell=True), missing security headers, or dependency lockfile issues.
Activates when someone asks about security posture, wants a static security scan,
or needs to assess risk before a code review or client engagement.
