melodic-software

Use when designing APIs, choosing between REST/GraphQL/gRPC, or understanding API design best practices. Covers protocol selection, resource modeling, and API patterns.

Use when implementing API authentication, authorization, or security patterns. Covers OAuth 2.0, OIDC, JWT, API keys, rate limiting, and common API security vulnerabilities.

Use when planning API versioning strategy, handling breaking changes, or managing API deprecation. Covers URL, header, and query parameter versioning approaches.

Use when designing content delivery networks, caching strategies, or global content distribution. Covers CDN architecture, cache hierarchies, origin shielding, cache invalidation, and edge optimization.

Use when implementing chaos engineering, designing fault injection experiments, or building resilience testing practices. Covers chaos principles and experiment design.

Use when designing data platforms, choosing between data lakes/lakehouses/warehouses, or implementing data mesh patterns. Covers modern data architecture approaches.

Use when designing data models, database schemas, or choosing between modeling approaches. Covers dimensional modeling, star schema, data vault, entity-relationship design, and schema evolution.

4-step framework for system design interviews. Use when preparing for technical interviews, practicing whiteboard design, or structuring architectural discussions. Covers requirements gathering, high-level design, deep dives, and wrap-up.

Use when implementing distributed tracing, understanding trace propagation, or debugging cross-service issues. Covers OpenTelemetry, span context, and trace correlation.

Use when designing edge computing architectures, serverless at edge, or distributed compute strategies. Covers edge functions, compute placement decisions, Cloudflare Workers, Lambda@Edge, and edge-native patterns.

Back-of-envelope calculations for system design. Use when estimating QPS, storage, bandwidth, or latency for capacity planning. Includes latency numbers every programmer should know and common estimation patterns.

Use when designing data pipelines, choosing between ETL and ELT approaches, or implementing data transformation patterns. Covers modern data pipeline architecture.

Use when planning GameDay exercises, designing failure scenarios, or conducting chaos drills. Covers GameDay preparation, execution, and follow-up.

Use when designing standardized development workflows, paved roads, or opinionated defaults. Covers golden path patterns, template design, developer workflow optimization, and guardrails.

Use when designing idempotent APIs, handling retries safely, or preventing duplicate operations. Covers idempotency keys, at-most-once semantics, and duplicate prevention.

Use when designing incident management processes, creating runbooks, or establishing on-call practices. Covers incident lifecycle, communication, and postmortems.

Use when designing Internal Developer Platforms (IDPs), building platform teams, or improving developer experience. Covers platform engineering principles, Backstage, portal design, and platform team structures.

Use when optimizing end-to-end latency, reducing response times, or improving performance for latency-sensitive applications. Covers latency budgets, geographic routing, protocol optimization, and latency measurement techniques.

LLM inference infrastructure, serving frameworks (vLLM, TGI, TensorRT-LLM), quantization techniques, batching strategies, and streaming response patterns. Use when designing LLM serving infrastructure, optimizing inference latency, or scaling LLM deployments.

ML inference latency optimization, model compression, distillation, caching strategies, and edge deployment patterns. Use when optimizing inference performance, reducing model size, or deploying ML at the edge.

End-to-end ML system design for production. Use when designing ML pipelines, feature stores, model training infrastructure, or serving systems. Covers the complete lifecycle from data ingestion to model deployment and monitoring.

Use when implementing service-to-service security, mTLS, or service mesh patterns. Covers mutual TLS, Istio, Linkerd, certificate management, and service mesh security configurations.

Use when designing globally distributed systems, multi-region architectures, or disaster recovery strategies. Covers region selection, active-active vs active-passive, data replication, and failover patterns.

Use when implementing observability strategy, correlating signals, or designing monitoring systems. Covers the three pillars (logs, metrics, traces) and their integration.

The "-ilities" framework for non-functional requirements. Use when defining NFRs, evaluating architecture trade-offs, or ensuring quality attributes are addressed in system design. Covers scalability, reliability, availability, performance, security, maintainability, and more.

Retrieval-Augmented Generation (RAG) system design patterns, chunking strategies, embedding models, retrieval techniques, and context assembly. Use when designing RAG pipelines, improving retrieval quality, or building knowledge-grounded LLM applications.

Use when implementing rate limiting, throttling, or API quotas. Covers algorithms like token bucket and sliding window, plus distributed rate limiting patterns.

Use when implementing circuit breakers, retries, bulkheads, or other resilience patterns. Covers failure handling strategies for distributed systems.

Use when designing secret storage, rotation, or credential management systems. Covers HashiCorp Vault patterns, AWS Secrets Manager, Azure Key Vault, secret rotation, and zero-knowledge architectures.

Use when designing infrastructure self-service portals, IaC templates, or automated provisioning systems. Covers Terraform modules, Pulumi, environment provisioning, and infrastructure guardrails.

Use when defining SLOs, selecting SLIs, or implementing error budget policies. Covers reliability targets, SLI selection, and error budget management.

Use when designing real-time data processing systems, choosing stream processing frameworks, or implementing event-driven architectures. Covers Kafka, Flink, and streaming patterns.

Vector database selection, embedding storage, approximate nearest neighbor (ANN) algorithms, and vector search optimization. Use when choosing vector stores, designing semantic search, or optimizing similarity search performance.

Use when designing security architectures, implementing zero trust principles, or evaluating security posture. Covers never trust always verify, microsegmentation, identity-based access, and ZTNA patterns.

Central authority for Claude Desktop application - the native desktop app for running Claude Code sessions. Covers installation (macOS/Windows), Git worktrees for parallel sessions, .worktreeinclude file configuration, cloud session launch, environment configuration, MCP Desktop Extensions (.mcpb), and Desktop vs CLI comparison. Assists with Desktop setup, worktree configuration, cloud sessions, and troubleshooting. Delegates 100% to docs-management skill for official documentation.

Central authority for Claude Code slash commands. Covers built-in commands, custom slash commands (project and personal), plugin commands, MCP slash commands, Skill tool (unified for commands and skills), frontmatter configuration, arguments ($ARGUMENTS, $1, $2), bash execution, file references, namespacing, and skills vs slash commands comparison. Assists with creating custom commands, configuring command behavior, understanding command types, and troubleshooting command issues. Delegates 100% to docs-management skill for official documentation.

Gets, checks, and verifies the current UTC date and time for unambiguous temporal reference. Use when starting tasks, verifying temporal context, ensuring date awareness before time-sensitive operations, or when incorrect date assumptions are detected.

Single source of truth and librarian for ALL Claude official documentation. Manages local documentation storage, scraping, discovery, and resolution. Use when finding, locating, searching, or resolving Claude documentation; discovering docs by keywords, category, tags, or natural language queries; scraping from sitemaps or docs maps; managing index metadata (keywords, tags, aliases); or rebuilding index from filesystem. Run scripts to scrape, find, and resolve documentation. Handles doc_id resolution, keyword search, natural language queries, category/tag filtering, alias resolution, sitemap.xml parsing, docs map processing, markdown subsection extraction for internal use, hash-based drift detection, and comprehensive index maintenance.

Analyzes Claude Code ecosystem health by tracking all 27 extensibility components across 6 tiers - including plugin components, core configuration, environment/CLI, authentication, session features, and integrations. Use when checking if Claude Code components are up-to-date, orchestrating audits efficiently, tracking documentation coverage, applying updates from new Claude Code versions, or getting an overview of ecosystem component staleness.

Central authority for Claude Code enterprise security. Covers enterprise managed policies (managed-settings.json), settings precedence hierarchy, policy file locations (macOS, Linux, Windows), unoverridable organizational policies, cloud execution security (isolated VMs, network access controls, credential protection), IDE security (VS Code, JetBrains), devcontainer security, and security best practices for teams. Assists with configuring enterprise policies, understanding precedence, and implementing organizational security standards. Delegates 100% to docs-management skill for official documentation.

LSP server recommendations, .lsp.json configuration, installation guides, and troubleshooting for Language Server Protocol in Claude Code

Meta-skill for Claude Code memory system (CLAUDE.md, static memory). Provides stable principles, keyword registry for documentation lookups, and navigation guidance. Use when working with CLAUDE.md files, memory hierarchy, import syntax, progressive disclosure patterns, memory organization, or best practices for static memory. Delegates to docs-management skill for current implementation details. Keywords: CLAUDE.md, static memory, memory hierarchy, import syntax, progressive disclosure, memory organization, enterprise project user memory.

Central authority for Claude Code permissions. Covers permission system (tiered model, read-only, bash, file modification), permission rules (allow, ask, deny), rule precedence, permission modes (default, acceptEdits, plan, bypassPermissions), tool-specific permission rules (Bash patterns, Read/Edit patterns, WebFetch domains, MCP tools), /permissions command, and additionalDirectories. Assists with configuring permission rules, understanding permission modes, and troubleshooting permission issues. Delegates 100% to docs-management skill for official documentation.

Meta-skill for improving and optimizing prompts using Anthropic's prompt engineering best practices. Provides the 4-step improvement workflow (example identification, initial draft, chain of thought refinement, example enhancement), keyword registries for documentation lookup, and decision trees for improvement strategies. Use when improving prompts, optimizing for accuracy, adding chain of thought reasoning, structuring with XML tags, enhancing examples, or iterating on prompt quality. Delegates to docs-management skill for official prompt engineering documentation.

Central authority for Claude Code sandboxing and isolation. Covers sandboxed bash tool, /sandbox command, filesystem isolation (blocked access, custom paths), network isolation (domain restrictions, proxy support), OS-level enforcement (bubblewrap on Linux, Seatbelt on macOS), sandbox configuration options, escape hatches (dangerouslyDisableSandbox, allowUnsandboxedCommands), and sandbox security limitations. Assists with configuring sandbox settings, understanding isolation mechanisms, and troubleshooting sandbox issues. Delegates 100% to docs-management skill for official documentation.

Central authority for Claude Code configuration and settings. Covers settings.json files (user, project, enterprise), available settings, permission settings, sandbox settings, settings precedence, plugin configuration, environment variables, and tools available to Claude. Assists with configuring Claude Code behavior, managing permissions, setting up enterprise policies, and troubleshooting configuration issues. Delegates 100% to docs-management skill for official documentation.

Central authority for Claude Code status line configuration. Covers custom status line creation, /statusline command, status line settings (statusLine in settings.json), JSON input structure (model, workspace, cost, session info), status line scripts (Bash, Python, Node.js), terminal color codes, git-aware status lines, helper functions, and status line troubleshooting. Supports creating custom status lines, configuring status line behavior, and displaying contextual session information. Delegates 100% to docs-management skill for official documentation.

Central authority for Claude Code subagents (sub-agents). Covers agent file format, YAML frontmatter, tool access configuration, model selection (inherit, sonnet, haiku, opus), automatic delegation, agent lifecycle, resumption, command-line usage (/agents), Agent SDK programmatic agents, priority resolution, and built-in agents (Plan subagent). Assists with creating agents, configuring agent tools, understanding agent behavior, and troubleshooting agent issues. Delegates 100% to docs-management skill for official documentation.

Central authority for Gemini CLI Checkpointing. Covers git-based file snapshots, automatic state saving, /restore command, and rollback. Use when enabling checkpointing, restoring previous states, undoing changes, or planning experimental workflows with Gemini. Delegates 100% to gemini-cli-docs for official documentation.

Single source of truth and librarian for ALL Gemini CLI documentation. Manages local documentation storage, scraping, discovery, and resolution. Use when finding, locating, searching, or resolving Gemini CLI documentation; discovering docs by keywords, category, tags, or natural language queries; scraping from llms.txt; managing index metadata (keywords, tags, aliases); or rebuilding index from filesystem. Run scripts to scrape, find, and resolve documentation. Handles doc_id resolution, keyword search, natural language queries, category/tag filtering, alias resolution, llms.txt parsing, markdown subsection extraction for internal use, hash-based drift detection, and comprehensive index maintenance.

Expert guide for executing the Google Gemini CLI in non-interactive and headless modes. Covers command syntax, piping input, output handling, and automation patterns. Use when running gemini commands, piping context to Gemini, scripting Gemini workflows, or using interactive shell mode. Delegates to gemini-cli-docs for official command references.

Expert guide for creating custom Gemini CLI commands. Covers slash command definitions (.toml), argument parsing, and shell execution. Use when creating custom Gemini commands, defining TOML command files, adding command arguments, or building extension-based commands. Delegates to gemini-cli-docs.

Expert guide for configuring Google Gemini CLI. Covers global vs project settings.json, Trusted Folders, Policy Engine, and environment variables. Use when configuring Gemini settings, managing trusted folders, setting up security policies, or troubleshooting configuration precedence. Delegates to gemini-cli-docs for official references.

Facilitates context sharing and strategic delegation between Claude Code and Gemini CLI. Syncs CLAUDE.md to GEMINI.md and provides agent selection guidance. Use when onboarding Gemini to a project, syncing instructions between agents, or deciding whether to use Claude or Gemini for a specific task.

Strategic patterns for Claude-to-Gemini delegation. Covers decision criteria, execution patterns, result parsing, and error handling. Use when determining if a task should be delegated to Gemini CLI.

Strategic patterns for codebase exploration using Gemini's large context window. Covers token thresholds, model routing, and exploration strategies. Use when deciding between Claude and Gemini for exploration, analyzing large codebases, or choosing between Flash and Pro models for context size.

Expert guide for building and managing Gemini CLI Extensions. Covers extension anatomy, GEMINI.md context, commands, MCP integration, and publishing. Use when creating Gemini extensions, linking local extensions, packaging MCP servers, or installing extensions from GitHub. Delegates to gemini-cli-docs.

Parse Gemini CLI headless output (JSON and stream-JSON formats). Covers response extraction, stats interpretation, error handling, and tool call analysis. Use when processing Gemini CLI programmatic output.

Expert guide for Model Context Protocol (MCP) integration with Gemini CLI. Covers MCP server configuration (HTTP, SSE, Stdio), connection management, and tool permissions. Use when adding MCP servers to Gemini, configuring transports, troubleshooting MCP connections, or managing tool permissions. Delegates to gemini-cli-docs.

Synchronization patterns for CLAUDE.md and GEMINI.md memory files. Covers import syntax, drift detection, and one-way sync. Use when setting up GEMINI.md, detecting context drift between memory files, understanding @import syntax, or troubleshooting sync issues.

Central authority for Gemini CLI sandboxing and isolation. Covers Docker, Podman, macOS Seatbelt profiles, and security boundaries. Use when enabling sandboxing, choosing sandbox methods, configuring Seatbelt profiles, or troubleshooting sandbox issues. Delegates 100% to gemini-cli-docs for official documentation.

Central authority for Gemini CLI session management. Covers session resume, retention policies, session browser, and cleanup. Use when resuming Gemini sessions, configuring retention, browsing past sessions, or managing session storage. Delegates 100% to gemini-cli-docs for official documentation.

Optimize token usage when delegating to Gemini CLI. Covers token caching, batch queries, model selection (Flash vs Pro), and cost tracking. Use when planning bulk Gemini operations.

Central authority for Claude-Gemini shared workspace architecture. Defines directory structure, artifact exchange, and file naming conventions. Use when setting up dual-CLI workflows, deciding where to store AI artifacts, or managing cross-CLI file exchange.

Guide for creating Gemini CLI policy engine TOML rules. Covers rule syntax, priority tiers, conditions, and MCP wildcards. Use when restricting Gemini tools, creating security policies, controlling MCP server permissions, or setting up approval workflows.

Multi-technique business analysis orchestration using BABOK. Coordinates 14 techniques across strategic analysis, problem solving, planning, and design into comprehensive analysis packages.

Benchmarking and competitive analysis techniques. Compares performance, processes, and practices against industry standards, competitors, and best-in-class organizations.

Business model design using Osterwalder's Business Model Canvas and Lean Canvas. Creates 9-block canvases with structured analysis for business model innovation and startup validation.

Business capability modeling using BABOK Business Capability Analysis. Creates hierarchical capability maps (L1-L3) linking strategy to architecture with Mermaid visualization.

Data modeling with Entity-Relationship Diagrams (ERDs), data dictionaries, and conceptual/logical/physical models. Documents data structures, relationships, and attributes.

Decision modeling using decision tables, weighted scoring matrices, and decision trees. Structures complex decisions with clear criteria, alternatives evaluation, and outcome prediction.

Design Thinking methodology for human-centered innovation. Covers the 5-phase IDEO/Stanford d.school approach (Empathize, Define, Ideate, Prototype, Test) with workshop facilitation and exercise templates.

Estimation techniques including analogous, parametric, three-point, and expert judgment methods. Provides effort, cost, duration, and complexity estimates for projects, features, and tasks.

User and customer journey mapping for experience analysis. Creates journey maps with touchpoints, emotions, pain points, and opportunity identification.

Prioritization techniques including MoSCoW, Kano model, weighted scoring, and value-effort matrices. Ranks requirements, features, backlog items, and investment decisions.

Process modeling using BPMN notation and flowchart patterns. Creates process diagrams with activities, gateways, events, swimlanes, and decision points for workflow documentation.

Risk analysis using risk registers, probability/impact matrices, and mitigation planning. Identifies, assesses, and manages project, business, and technical risks with structured response strategies.

Problem solving using Fishbone (Ishikawa) diagrams and 5 Whys technique. Identifies root causes systematically and recommends corrective actions.

Stakeholder identification, analysis, and management using BABOK techniques. Creates Power/Interest matrices, RACI charts, and communication plans.

Strategic environmental analysis using SWOT, PESTLE, and Porter's Five Forces. Creates structured assessments with Mermaid visualizations for competitive positioning and strategic planning.

Lean value stream mapping for identifying waste and optimization opportunities. Creates current/future state maps with cycle time analysis and improvement recommendations.

Create and manage Architecture Decision Records (ADRs). Use when documenting technology choices, design decisions, or architectural changes that need to be tracked over time. This is the CANONICAL ADR skill - all ADR-related work should use this skill.

Generate architecture documents using templates with diagram integration. Use for creating C4 diagrams, viewpoint documents, and technical overviews.

Align with cloud architecture frameworks (Microsoft CAF, AWS Well-Architected). Check alignment with pillars, identify gaps.

Map relationships between bounded contexts using DDD context mapping patterns. Use when defining upstream/downstream relationships, integration strategies (ACL, OHS, PL), or generating Context Mapper DSL output. Follows event storming for bounded context discovery.

Collaborative domain modeling through pictographic stories. Use when gathering requirements, understanding business workflows, onboarding team members, or preparing for event storming. Follows Stefan Hofer & Henning Schwentner's methodology with actors, work objects, and activities.

Explain enterprise architecture concepts in practical terms. Use when learning about TOGAF, Zachman, ADRs, or any EA terminology.

Architecture test guidance for .NET using NetArchTest and ArchUnitNET. Use when enforcing architectural boundaries, testing module dependencies, validating layer constraints, or creating performance fitness functions. Includes code generation templates.

Module organization patterns including ports and adapters (hexagonal), module communication, and data isolation. Use when structuring modular monoliths, defining module boundaries, setting up inter-module communication, or isolating database contexts. Includes MediatR patterns for internal events.

Circuit breaker, retry, and DLQ patterns for .NET using Polly and Brighter. Use when implementing fault tolerance, handling transient failures, configuring retry strategies, or setting up dead letter queues. Includes Polly HttpClient patterns and Brighter message handler resilience.

Guide users through TOGAF ADM phases with context-aware advice. Use when applying TOGAF methodology or understanding ADM phase activities.

Wardley Mapping for strategic positioning and situational awareness. Covers value chain mapping, evolution stages, landscape analysis, gameplay patterns, and strategic decision-making. Use for technology strategy, competitive analysis, and architectural investment decisions.

Apply Zachman Framework perspective analysis with honest limitations. Analyze architecture from specific row/column perspectives.

Competency frameworks, level expectations (Junior to Staff+), and career progression paths for software engineers. Use when navigating promotions, understanding level requirements, or planning career advancement.

Internal vs external career growth paths, goal setting, career maintenance, and long-term planning for software engineers. Use when deciding between internal promotion vs external job search, setting career goals, or planning long-term career trajectory.

Frameworks for giving and receiving code review feedback effectively. Use for PR comments, review strategies, handling disagreements, and balancing thoroughness with kindness.

Build professional visibility through LinkedIn, GitHub, conference speaking, and internal branding. Provides frameworks for personal brand development, content creation, and career growth.

Structured approach to workplace conflicts, performance discussions, and challenging feedback using preparation-delivery-followup framework. Use when preparing for tough conversations, addressing conflicts, giving critical feedback, or navigating sensitive workplace discussions.

Navigate difficult conversations and deliver constructive feedback using structured frameworks. Covers the Preparation-Delivery-Follow-up model and Situation-Behavior-Impact (SBI) feedback technique. Use when preparing for difficult conversations, giving feedback, or managing conflicts.

Frameworks for technical interviews and salary negotiation. Use for behavioral interview prep (STAR method), technical interview communication, offer evaluation, and compensation negotiation strategies.

Frameworks for effective mentoring and knowledge transfer. Use for 1:1 meetings, pair programming, onboarding, teaching technical concepts, and developing junior engineers.

Guide technical communication for software developers. Covers email structure, team messaging etiquette, meeting agendas, and adapting messages for technical vs non-technical audiences. Use when drafting professional messages, preparing meeting communications, or improving written communication.

Building promotion cases, brag documents, tracking wins, and self-advocacy for career advancement. Use when preparing for promotions, documenting accomplishments, or building your case for advancement.

Resume structure, achievement bullet formulas, ATS optimization, and job-targeted tailoring for software engineers. Use when reviewing resumes, crafting achievement bullets, extracting keywords from job descriptions, or tailoring content for specific roles.

Adapting technical communication for different audiences - engineers, product managers, executives, and customers. Use when communicating across functions, translating technical concepts, presenting to leadership, or building shared understanding with non-technical stakeholders.

Building high-performing teams through psychological safety, diversity leverage, inclusive practices, and healthy team dynamics. Use when improving team collaboration, addressing team dysfunction, building inclusive environments, or developing team culture.

Create and deliver effective technical presentations, demos, and talks. Provides frameworks for structuring content, designing slides, and handling live demos.

Use when configuring CDN for media delivery, implementing cache invalidation, or designing signed URL patterns. Covers CDN configuration, edge caching, origin shielding, and secure media access for headless CMS.

Use when designing references between content items, content picker fields, many-to-many relationships, or bidirectional links. Covers relationship types, reference integrity, eager/lazy loading, and relationship APIs for headless CMS.

Use when designing content type hierarchies, defining reusable content parts, or structuring field compositions for a headless CMS. Covers the Content Type -> Content Part -> Content Field hierarchy pattern, content type inheritance, composition vs inheritance trade-offs, and schema design for maximum reusability across channels.

Use when implementing draft/publish workflows, version history, content rollback, or audit trails. Covers versioning strategies, snapshot storage, diff generation, and version comparison APIs for headless CMS.

Use when implementing editorial workflows, approval chains, scheduled publishing, or role-based content permissions. Covers workflow states, transitions, notifications, and workflow APIs for headless CMS.

Use when implementing design token systems, CSS variable architectures, or Style Dictionary pipelines. Covers token schemas, naming conventions, token transformations, and multi-platform token delivery for design systems.

Use when implementing flexible content schemas using EF Core JSON columns, `OwnsOne().ToJson()` patterns, or designing dynamic field storage that avoids migrations. Covers JSON column configuration, LINQ querying of JSON properties, indexing strategies, and schema evolution patterns for headless CMS architectures.

Use when designing content delivery APIs for headless CMS architectures. Covers REST and GraphQL API patterns, content preview endpoints, localization strategies, pagination, filtering, caching headers, and API versioning for multi-channel content delivery.

Use when implementing responsive images, format conversion, focal point cropping, or image processing pipelines. Covers srcset generation, WebP/AVIF conversion, lazy loading, and image transformation APIs for headless CMS.

Use when designing digital asset management systems, media libraries, upload pipelines, or asset metadata schemas. Covers media storage patterns, file organization, metadata extraction, and media APIs for headless CMS.

Use when implementing per-site themes, white-labeling, or brand override systems. Covers tenant-specific branding, theme inheritance, CSS variable hierarchies, and dynamic theme switching for multi-site CMS architectures.

Use when designing menu systems, breadcrumbs, mega-menus, or navigation APIs. Covers menu hierarchies, dynamic vs static navigation, mobile navigation patterns, and navigation endpoint design for headless CMS.

Use when designing page hierarchies, page templates, layout zones, or sitemap structures. Covers page sets, template inheritance, component zones, and page tree APIs for headless CMS architectures.

Use when designing category hierarchies, tag systems, faceted classification, or vocabulary management for content organization. Covers flat vs hierarchical taxonomies, term relationships, multi-taxonomy content, and taxonomy APIs for headless CMS.

Use when designing URL structures, slug generation, SEO-friendly URLs, redirects, or localized URL patterns. Covers route configuration, URL rewriting, canonical URLs, and routing APIs for headless CMS.

AI governance and compliance guidance covering EU AI Act risk classification, NIST AI RMF, responsible AI principles, AI ethics review, and regulatory compliance for AI systems.

Comprehensive API security guidance covering authentication methods, rate limiting, input validation, CORS, security headers, and protection against OWASP API Top 10 vulnerabilities. Use when designing API authentication, implementing rate limiting, configuring CORS, setting security headers, or reviewing API security.

Comprehensive authentication implementation guidance including JWT best practices, OAuth 2.0/OIDC flows, Passkeys/FIDO2/WebAuthn, MFA patterns, and secure session management. Use when implementing login systems, token-based auth, SSO, passwordless authentication, or reviewing authentication security.

Comprehensive authorization guidance covering RBAC, ABAC, ACL, ReBAC, and policy-as-code patterns. Use when designing permission systems, implementing access control, or choosing authorization strategies.

Container and Kubernetes security patterns including Docker hardening, image scanning, pod security standards, network policies, RBAC, secrets management, and runtime protection. Use when securing containerized applications, building secure images, or configuring Kubernetes security controls.

Comprehensive cryptography guidance covering encryption algorithms, password hashing, TLS configuration, key management, and post-quantum considerations. Use when implementing encryption, choosing hashing algorithms, configuring TLS/SSL, managing cryptographic keys, or reviewing cryptographic implementations.

DevSecOps methodology guidance covering shift-left security, SAST/DAST/IAST integration, security gates in CI/CD pipelines, vulnerability management workflows, and security champions programs.

Provides guidance on secure coding practices including OWASP Top 10 2025, CWE Top 25, input validation, output encoding, and language-specific security patterns. Use when reviewing code for security vulnerabilities, implementing security controls, or learning secure development practices.

Threat modeling methodologies (STRIDE, DREAD), attack trees, threat modeling as code, and integration with SDLC for proactive security design

Vulnerability lifecycle management including CVE tracking, CVSS scoring, risk prioritization, remediation workflows, and coordinated disclosure practices

Zero Trust architecture principles including ZTNA, micro-segmentation, identity-first security, continuous verification, and BeyondCorp patterns. Use when designing network security, implementing identity-based access, or building cloud-native applications with zero trust principles.

Business rules elicitation and analysis techniques. Covers rule types (constraints, derivations, inferences), decision tables, rule templates, and policy documentation. Use when identifying business policies, constraints, calculations, and decision logic during requirements elicitation.

MCP-powered domain research for requirements elicitation. Uses perplexity, context7, firecrawl, and other MCP servers to research domain knowledge, best practices, and industry requirements.

Hub skill for requirements elicitation. Provides technique selection, orchestration guidance, LLMREI patterns, and autonomy level configuration. Use when gathering requirements from stakeholders, conducting elicitation sessions, or preparing requirements for specification.

Analyze requirements for completeness, missing areas, and gaps. Uses domain checklists, NFR categories, and INVEST criteria to identify what's missing from elicited requirements.

AI-led stakeholder interviews using LLMREI research-backed patterns. Conducts structured interviews to elicit requirements through context-adaptive questioning, active listening, and systematic requirement extraction.

Jobs to Be Done (JTBD) framework by Clayton Christensen. Analyzes requirements through the lens of what 'job' customers hire products to do. Covers functional, emotional, and social jobs. Use when understanding underlying customer motivations or reframing features as outcomes.

Requirements prioritization techniques including MoSCoW, Kano Model, WSJF (SAFe), and Wiegers' Value/Cost/Risk matrix. Provides scoring frameworks, trade-off analysis, and priority visualization. Use when ranking requirements by business value, customer impact, or implementation efficiency.

Multi-persona stakeholder simulation for solo requirements work. Generates diverse perspectives from simulated End User, Technical, Business, Compliance, and Operations stakeholders when real stakeholders are unavailable.

Jeff Patton's User Story Mapping technique for Agile discovery. Visualizes user journey as a map, identifies backbone activities, walking skeleton, and release slices. Use when organizing requirements into deliverable increments or defining MVP scope.

Author and validate AsyncAPI 3.0 specifications for event-driven API design, message brokers, and async communication patterns

Canonical specification format reference. Use when understanding the canonical spec schema, field requirements, provider-agnostic specification structure, or validating specifications against the schema.

Design and manage API contracts before implementation using OpenAPI and AsyncAPI specifications for contract-first development

EARS requirement pattern authoring. Use when writing requirements using EARS patterns (Ubiquitous, State-Driven, Event-Driven, Unwanted, Optional, Complex). Provides pattern templates, validation, and examples.

Gherkin acceptance criteria authoring. Use when writing Given/When/Then scenarios, feature files, or BDD-style specifications. Provides syntax reference, best practices, and Reqnroll integration guidance.

AWS Kiro specification patterns and synchronization. Use when working with Kiro IDE, syncing requirements.md/design.md/tasks.md files, or configuring steering files for AI agent context.

Author and validate OpenAPI 3.1 specifications for REST API design, following API-first and contract-first development practices

Requirements quality assessment and improvement. Use when evaluating requirements against INVEST criteria, improving clarity, detecting ambiguity, or ensuring completeness. Provides quality checklists, refinement patterns, and MoSCoW prioritization guidance.

Central authority for specification-driven development. Use when working with requirements, specifications, acceptance criteria, or any spec-driven workflow. Provides navigation to specialized skills and delegates to docs-management for official documentation.

GitHub Spec Kit 5-phase workflow. Use when following the Constitution → Specify → Plan → Tasks → Implement cycle. Provides phase guidance, file templates, and workflow orchestration.

AI governance and responsible AI planning including EU AI Act classification, NIST AI RMF, and AI ethics frameworks

Data classification framework including sensitivity levels, handling requirements, labeling, and data lifecycle management

AI and technology ethics review including ethical impact assessment, stakeholder analysis, and responsible innovation frameworks

GDPR compliance planning including lawful bases, data subject rights, DPIA, and implementation patterns

HIPAA compliance planning for healthcare applications including PHI handling, safeguards, BAAs, and risk assessments

Open source license compliance including compatibility analysis, obligations tracking, and compliance workflows

PCI DSS compliance planning for payment card handling including scope reduction, SAQ selection, and security controls

Software Bill of Materials management including generation, formats, vulnerability tracking, and supply chain security

Security framework alignment including ISO 27001, SOC 2, NIST CSF 2.0, and CIS Controls mapping

Write clear, testable acceptance criteria in Given-When-Then format following INVEST principles and BDD best practices.

Plan test automation strategies including ROI analysis, automation candidate selection, framework evaluation, and maintainable automation architecture.

Design consumer-driven contract testing strategies using Pact, verify provider contracts, and manage API evolution with contract-first approaches.

Design performance test strategies including load profiles, capacity planning, SLA validation, and .NET performance testing with NBomber and k6.

Plan security testing strategies including OWASP testing, penetration test scoping, SAST/DAST integration, and threat-based test case design.

Apply systematic test case design techniques including equivalence partitioning, boundary value analysis, decision tables, and state transition testing.

Plan comprehensive test data management including synthetic data generation, data anonymization, versioning, and environment-specific strategies.

Design optimal test pyramids with unit/integration/E2E ratios. Identify anti-patterns and recommend architecture-specific testing strategies.

Create comprehensive test strategy documents following IEEE 829 structure. Plan test approach, scope, resources, and success criteria for software projects.

Comprehensive Git configuration guide covering global settings, aliases, performance tuning, credential management, maintenance, .gitattributes, clone shortcuts, and troubleshooting. Use when configuring Git beyond basic setup, optimizing Git performance, setting up aliases, managing credentials (GitHub CLI, Windows Credential Manager), configuring line ending strategy, setting up .gitattributes, enabling Git maintenance, or troubleshooting configuration issues. Cross-platform guidance for Windows, macOS, and Linux.

Central authority on git hook implementations, modern best practices, and tooling for .NET/C#, JavaScript/TypeScript, Python, and polyglot repositories. Covers framework selection (Husky.Net, lefthook, Husky, pre-commit), setup workflows, Conventional Commits, semantic versioning, secret scanning (gitleaks, TruffleHog), performance optimization, CI/CD integration, testing strategies, and team collaboration patterns. Adaptive to project scale from solo developers to enterprise teams. Use for setting up git hooks, configuring pre-commit/commit-msg/pre-push hooks, integrating dotnet format/dotnet test, ESLint/Prettier, Black/Ruff/mypy, commitlint, choosing between frameworks, optimizing hook performance, enforcing code quality, automating testing, and troubleshooting hook issues.

Query and search GitHub issues using gh CLI with web fallback. Supports filtering by labels, state, assignees, and full-text search. Use when troubleshooting errors, checking if an issue is already reported, or finding workarounds.

Advanced GPG multi-key management strategies for consultants, CI/CD automation, and enterprise teams. Configure, set up, run, and execute multi-key GPG workflows. Use when managing multiple GPG keys (personal + automation, per-client keys, enterprise keys), configuring CI/CD commit signing, implementing per-client key isolation, using conditional Git includes, setting up automated signing, or scaling GPG key strategies beyond single-key setups.

Comprehensive guide to GPG commit signing. Set up, configure, and troubleshoot GPG commit signing. Fix GPG signing errors, configure passphrase caching, verify commit signatures. Use when working with Git commit signing, GPG keys, commit verification, signature verification, GPG configuration, or when encountering GPG signing errors. Covers Windows (Gpg4win), macOS (GPG Suite), Linux (gnupg), and WSL installation and setup.

Provides guidance for installing, configuring, and choosing Git graphical interface clients (GitKraken, Sourcetree, GitHub Desktop) across platforms. Compares features, licensing, and workflows. Troubleshoots graphical tool configuration and setup issues. Use when installing Git graphical clients, setting up Git visualization tools, configuring graphical commit tools, choosing between options, or troubleshooting configuration. Covers Windows, macOS, and Linux. All tools are optional and based on user preference.

Comprehensive guide to Git line ending configuration for cross-platform development teams. Use when configuring line endings, setting up .gitattributes, troubleshooting line ending issues, understanding core.autocrlf/core.eol/core.safecrlf, working with Git LFS, normalizing line endings in repositories, or resolving cross-platform line ending conflicts. Covers Windows, macOS, Linux, and WSL. Includes decision trees, workflows, best practices, and real-world scenarios.

Comprehensive Git push operations including basic push, force push safety protocols, tag pushing, remote management, and troubleshooting. Use when pushing commits, managing remotes, pushing tags, resolving push conflicts, handling rejected pushes, or dealing with force push scenarios. Covers push strategies, branch protection, upstream configuration, and push --force-with-lease best practices.

Complete guide to installing Git and performing basic configuration across all platforms (Windows, macOS, Linux, WSL). Use when setting up Git for the first time, installing Git on new systems, configuring user identity, setting default branch, choosing editor, verifying installation, or troubleshooting Git installation issues. Covers platform-specific installation methods, basic required configuration, and verification steps.

Event-driven API specification with AsyncAPI 3.0 for message-based architectures

Contract-first REST API design with OpenAPI 3.1 specification

Protocol Buffers and Interface Definition Languages for service contracts

Statechart and state machine modeling for lifecycle and behavior specification

Systems Modeling Language (SysML) for systems engineering and complex system design

UML diagram generation including class, sequence, activity, use case, and state diagrams

Use Case 2.0 methodology for capturing functional requirements and actor interactions

API documentation and developer portal design

arc42 architecture documentation template and guidance

C4 model architecture visualization and documentation

Documentation pipeline automation and docs-as-code workflows

Developer onboarding documentation and learning paths

Request for Comments (RFC) process for technical proposals

Operational runbook templates for incident response and procedures

Measure and manage team cognitive load

Team interaction modes and their evolution over time

Align architecture and team structure using inverse Conway maneuver

Define team interfaces, contracts, and communication boundaries

Four fundamental team types and interaction modes from Team Topologies

Assess organizational doctrine and universally useful patterns

Analyze component evolution and movement patterns

Identify strategic options and gameplay patterns from Wardley Maps

Map value chains from user needs to underlying components

Create Wardley Maps from value chains and user needs

CQRS pattern implementation and query optimization

Adam Dymitruk's Event Modeling methodology with swimlanes

Event sourcing patterns and design decisions

Deep dive Event Storming beyond big picture

Distributed transaction patterns using orchestration and choreography

Manage AI CLI tools (Claude Code, Gemini CLI, Codex CLI). Use when user asks about AI tool versions, updates, installation, or wants to update their AI CLI tools. Detects installed tools, checks versions, and retrieves update instructions from authoritative sources using delegation-first pattern.

Melodic Software brand identity guidelines. Use when styling projects, creating marketing materials, building UI components, or ensuring brand consistency. Covers colors (#1E90FF melodic blue primary), typography (Inter font family), logo usage, brand voice ("Building software that sings"), and component patterns.

Developer environment setup guides for Windows, macOS, Linux, and WSL. Use when setting up development machines, installing tools, configuring environments, or following platform-specific setup guides. Covers package management, shell/terminal, code editors, AI tooling, containerization, databases, and more.

Comprehensive markdown linting guidance using markdownlint-cli2. Run, execute, check, and validate markdown files. Fix linting errors (MD0XX rules). Configure .markdownlint-cli2.jsonc (rules and ignores). Set up VS Code extension and GitHub Actions workflows. Supports markdown flavors including GitHub Flavored Markdown (GFM) and CommonMark. Use when working with markdown files, encountering validation errors, configuring markdownlint, setting up linting workflows, troubleshooting linting issues, establishing markdown quality standards, or configuring flavor-specific rules for tables, task lists, and strikethrough.

Adaptive Python development guide with tiered complexity levels (Minimal/Standard/Full). Automatically selects appropriate guidance based on project context - from simple scripts (just clean Python code) to full production systems (complete tooling ecosystem). Covers modern conventions, testing, tooling, security, and best practices. Use when writing Python code, converting scripts, setting up projects, or building production systems. Keywords: PEP-8, Ruff, pytest, mypy, simple scripts, project structure, PyPI, packaging, type hints, clean code

Decision guidance for selecting the right diagram type and tool. Provides patterns for common visualization scenarios, tool comparison, and best practices.

Authoritative reference for Mermaid diagram syntax. Provides diagram types, syntax patterns, examples, and platform integration guidance for generating accurate Mermaid diagrams.

Authoritative reference for PlantUML diagram syntax. Provides UML and non-UML diagram types, syntax patterns, examples, and setup guidance for generating accurate PlantUML diagrams.

Comprehensive Windows 11 system diagnostics via PowerShell. Diagnoses crashes, freezes, reboots, BSOD, disk health, memory issues, hardware errors, and performance problems. Use when troubleshooting Windows stability issues, analyzing Event Viewer logs, checking disk/memory health, investigating hardware errors, or diagnosing system performance problems.

Single source of truth and librarian for ALL Cursor documentation. Manages local documentation storage, scraping, discovery, and resolution. Use when finding, locating, searching, or resolving Cursor documentation; discovering docs by keywords, category, tags, or natural language queries; scraping from llms.txt; managing index metadata (keywords, tags, aliases); or rebuilding index from filesystem. Run scripts to scrape, find, and resolve documentation. Handles doc_id resolution, keyword search, natural language queries, category/tag filtering, alias resolution, llms.txt parsing, markdown subsection extraction for internal use, hash-based drift detection, and comprehensive index maintenance.

Single source of truth and librarian for ALL Duende Software documentation. Manages local documentation storage, scraping, discovery, and resolution. Use when finding, locating, searching, or resolving Duende documentation; discovering docs by keywords, category, tags, or natural language queries; scraping from llms-full.txt; managing index metadata (keywords, tags, aliases); or rebuilding index from filesystem. Run scripts to scrape, find, and resolve documentation. Handles doc_id resolution, keyword search, natural language queries, category/tag filtering, alias resolution, llms-full.txt parsing, markdown subsection extraction for internal use, hash-based drift detection, and comprehensive index maintenance.

Search Milan Jovanovic's .NET blog for Clean Architecture, DDD, CQRS, EF Core, and ASP.NET Core patterns. Use for finding applicable patterns, code examples, and architecture guidance. Invoke when working with .NET projects that could benefit from proven architectural patterns.

Single source of truth and librarian for ALL OpenAI Codex CLI documentation. Manages local documentation storage, scraping, discovery, and resolution. Use when finding, locating, searching, or resolving Codex CLI documentation; discovering docs by keywords, category, tags, or natural language queries; scraping from llms.txt; managing index metadata (keywords, tags, aliases); or rebuilding index from filesystem. Run scripts to scrape, find, and resolve documentation. Handles doc_id resolution, keyword search, natural language queries, category/tag filtering, alias resolution, llms.txt parsing, markdown subsection extraction for internal use, hash-based drift detection, and comprehensive index maintenance.