Skill catalog
97 canonical skills. Every one documented.
Find the right governed module by outcome, license tier, bundle, or category. Each page shows access, workflow fit, and the evidence it produces.
Showing 97 of 97 modules
Governance Enforcement
GovernanceEnforces Pre-Code Gate, model roles, preflight resolution, mid-session handoff, execution logging, and feedback capture. Reads .project-ai/ authority pack when available.
View module details →
Model Transition Handoff
GovernancePrepares a governed project for a frontier-model retirement: produces the binding engineering charter (durable), the successor's handoff prompt (transient launcher), and four-layer enforcement wiring, on the outgoing model's last working day. Distinct from model-autopilot (per-task model routing) and governance-enforcement (mid-session context handoff).
View module details →
Infrastructure Setup
GovernanceApplies enterprise baseline — all skills, rules, MCP config, testing standards to any machine or project.
View module details →
Session Start
LifecycleInitializes a coding session — loads authority pack or authoritative files, checks project state, verifies git status. Verifies external tasks from last session with the user before proceeding, preventing stale assumptions about completed work.
View module details →
Session End
LifecycleSaves session state — updates PROJECT_STATE.md, SESSION_CHECKPOINT.md, and DECISION_LOG.md. Classifies pending tasks as Agent Tasks vs External Tasks (user action required) to prevent stale assumptions across sessions.
View module details →
Feedback / Bug Submission
LifecycleSubmit product feedback or report a bug from the IDE without a GitHub account. Captures a structured report, logs it locally for skill-learner, and submits it to the vendor offline-first (queues when offline).
View module details →
Init Project Skills
LifecycleMaster orchestrator. Classifies project, plans activation, generates .project-ai/ authority pack, renders IDE artifacts.
View module details →
Security Audit
AuditScans for auth gaps, hardcoded secrets, missing RLS, XSS, CSRF, unprotected routes, exposed env vars.
View module details →
Code Review
AuditEnterprise code review on recent changes or GitHub PRs. Checks standards, anti-patterns, error handling, type safety.
View module details →
API Contract Check
AuditVerifies API routes for auth, error handling, response shape, HTTP status codes, input validation.
View module details →
Dependency Audit
AuditAudits dependencies for vulnerabilities, outdated packages, license issues, unused deps.
View module details →
Pre-Deploy Check
AuditPre-deployment verification — types, lint, tests, env vars, migrations, build, git state.
View module details →
Full Stack Audit
AuditRuns ALL enterprise audit skills in sequence — security, code review, API contracts, dependency audit, pre-deploy, testing verification, and i18n coverage.
View module details →
Release Confidence
AuditEnterprise quality & reliability release gate. Composes the existing QA audits across ten domains into a single risk-scored go/no-go with a standardized 8-part report. Evidence-first; never approves on claims.
View module details →
Mobile QA
AuditEnterprise mobile release QA for iOS and Android, aligned to OWASP MASVS — storage, tokens, TLS, deep links, offline sync, crash-free sessions, store-policy readiness, accessibility, and startup performance. Evidence-first.
View module details →
Observability QA
AuditVerifies a change can be detected, debugged, and rolled back in production — structured logs, metrics, traces, alerts, correlation IDs, SLO/SLI, release markers, and runbook coverage. Non-negotiable domain of the release gate.
View module details →
Performance Audit
AuditScans for performance anti-patterns, slow queries, bundle size issues, memory leaks, unnecessary re-renders.
View module details →
Load and Resilience
AuditLoad, stress, soak, spike, breakpoint, and resilience/abuse testing with Grafana k6. SLO-gated (p95/p99/error-rate) plus a resource-exhaustion / DDoS abuse suite and memory-saturation checks. Evidence, not opinions.
View module details →
Security Scan Suite
AuditDeterministic SAST + SCA + secret + IaC + container scanners plus DAST (Semgrep, Trivy, Gitleaks, OSV, ZAP, Nuclei), aggregated to SARIF, CI-gated on confirmed severity, and triaged through the security-audit multi-vector discipline. The scanners detect; the model triages.
View module details →
Accessibility Audit
AuditScans for WCAG 2.1 AA compliance — alt text, ARIA roles, keyboard navigation, color contrast, focus management.
View module details →
Bug Hunter
AgenticTakes a bug report, reproduces, diagnoses root cause, implements fix, adds test, verifies.
View module details →
Feature Builder
AgenticTakes a feature spec, plans architecture, scaffolds files, implements, adds tests, verifies.
View module details →
Database Migration Agent
AgenticSchema change requests — generates migration, updates types, updates affected routes and services, tests.
View module details →
Refactor Agent
AgenticTakes a refactoring goal, analyzes impact, plans changes, executes safely, verifies no regressions. Includes post-refactor anti-hallucination verification for import paths, barrel exports, test references, and pattern consistency.
View module details →
Changelog Generator
AgenticReads commits since last tag, categorizes by type, outputs formatted CHANGELOG.md.
View module details →
API Docs Generator
GeneratorScans API routes, extracts methods/params/auth/response shapes, generates OpenAPI spec or Markdown docs.
View module details →
Database Explorer
MCPInteractive database exploration via Supabase MCP. Queries tables, inspects schemas, checks RLS, reviews migrations.
View module details →
Payment Dashboard
MCPInteractive Stripe dashboard via MCP. Balance, customers, subscriptions, invoices, disputes, products.
View module details →
Issue Triage
MCPGitHub issue triage via MCP. Scans open issues, categorizes, assigns labels, links related, generates reports.
View module details →
IP Opportunity Agent
SpecializedScans codebase for IP opportunities, advises on patentability, researches prior art via USPTO/Google Patents, generates IP strategy reports.
View module details →
UAT Workflow Crawler
SpecializedCrawls web app pages, simulates user flows, detects UI errors, produces UAT reports. Includes i18n locale coverage checks.
View module details →
Browser Agent
SpecializedPlaywright-based browser automation for testing, crawling, and web interaction.
View module details →
RAG Audit
AuditAudits RAG systems for compliance with retrieval governance. Checks retrieval order, prompt hardening, injection defense, context firewall, metadata provenance, hybrid retrieval, and code generation grounding.
View module details →
Agentic Audit
AuditAudits agentic AI systems for compliance with agent governance. Checks capability declarations, scope boundaries, planning governance, delegation chains, stop conditions, and verification protocol.
View module details →
Alignment Audit
AuditAudits model fine-tuning and alignment pipelines. Checks dataset governance, sanitization, evaluation metrics, drift prevention, version control, and audit trail.
View module details →
Test Orchestrator
AgenticUnified test execution and coordination agent. Detects test infrastructure, runs suites across languages, interprets results, identifies coverage gaps, and coordinates with bootstrap-testing and uat-workflow-crawler.
View module details →
Skill Learner
AgenticAnalyzes accumulated execution logs, user feedback, and skill metrics to detect improvement patterns and generate governed refinement proposals. All proposals require human approval before modifying canonical skills.
View module details →
Project Initiator
LifecycleOnboarding wizard for greenfield and mid-stream folders. Always scans the repo, summarizes what is built, suggests next steps, writes PROJECT_SCAN.yaml and PROJECT_BRIEF.yaml, generates .project-ai/ governance, then hands off to project-manager and init-project-skills.
View module details →
Project Manager
AgenticEnterprise-grade PM and orchestration hub. Auto-selects methodology (Agile, SAFe, Lean, PRINCE2, Kanban, CRISP-DM) per project archetype. Reads from the shared context bus to synthesize cross-skill intelligence, process pending signals, recommend next workflows, and provide C-suite dashboards. Combines McKinsey MECE, RAID, OKR, DORA, BCG portfolio, Theory of Constraints, and value stream mapping.
View module details →
Compliance Mapper
AuditMaps codebase against regulatory compliance frameworks (SOC 2, HIPAA, GDPR). Generates compliance matrices and gap reports.
View module details →
Incident Response
AgenticManages production incidents end-to-end — triage, root cause analysis, remediation, and post-mortem generation.
View module details →
ADR Manager
AgenticCreates and manages Architecture Decision Records. Tracks decisions, rationale, alternatives considered, and status.
View module details →
Onboarding Guide
GeneratorGenerates interactive onboarding guides for new team members. Walks through project structure, conventions, and workflows.
View module details →
Create Rule
MetaCreates Cursor rules for persistent AI guidance. Generates .cursor/rules/ files and coding standard configurations.
View module details →
Create Skill
MetaGuides creation of new Agent Skills for Cursor. Provides structure, best practices, and SKILL.md format templates.
View module details →
Update Cursor Settings
MetaModifies Cursor/VSCode user settings in settings.json. Manages editor preferences, themes, formatting, and IDE configuration.
View module details →
Bootstrap Testing
BootstrapBootstraps enterprise testing standards. Auto-detects language, copies config, mocks, test templates, CI workflows.
View module details →
Bootstrap AI Governance
BootstrapApplies Universal Enterprise AI Governance to any project. Creates model routing rules, change control, hallucination prevention.
View module details →
SDK Adapter Enforcement
GovernanceEnforces centralized adapter-layer access for third-party SDKs, including singleton factories, typed helper contracts, and no-direct-import enforcement guard rails.
View module details →
Skill Coordination Protocol
GovernanceDefines standardized I/O contracts for inter-skill communication. Establishes shared context bus (.project-ai/skill-outputs/), output format, input declarations, handoff protocol, and resilience rules for agentic pipelines (ASCII architecture diagram; Vector-2 disk state).
View module details →
Workflow Engine
AgenticDefines and executes multi-skill pipelines with sequential, parallel, conditional, and gated steps; includes a capability scorecard, agentic robustness checklist, and built-in templates (release-readiness, health check, sprint-close, incident-triage, and more). Reads and writes through the Skill Coordination Protocol.
View module details →
Event Trigger Manager
GovernanceManages reactive skill chaining. Monitors skill outputs for signals and recommends or invokes follow-up skills. Includes built-in triggers for security escalation, quality chains, audit chains, and operations.
View module details →
Dependency Resolver
GovernanceResolves skill execution dependencies at runtime. Reads the canonical registry, builds dependency graphs, detects cycles, and produces ordered execution plans with prerequisite and recommendation chains.
View module details →
Anti-Hallucination Agent
AuditDeep anti-hallucination verification aligned with Anthropic and OpenAI best practices. Cross-reference validation, code grounding checks, capability claim verification, search tool blind spot detection, i18n translation integrity, RAG grounding, and refactor integrity analysis. Prevents false negatives from gitignore-filtered search tools via mandatory blind spot detection step.
View module details →
Agent Post-Mortem
AuditSelf-improving agent loop. Runs automated root-cause analysis on verification agent failures (hallucinations, missed bugs, missed vulnerabilities, false positives). Classifies against a failure taxonomy, generates executable skill patches, and stages version-controlled changes for human approval. Closes the feedback loop between agent failure and agent improvement.
View module details →
i18n Agent — Internationalization & Translation
Agentici18n (short for "internationalization" — the 18 letters between the i and the n) is the process of making your app work in multiple languages. This agent handles the full lifecycle: detects your stack, scaffolds translation infrastructure, extracts English-only strings into translation files, generates translations for any language, and audits every page for mixed-language bugs. Covers pluralization rules, right-to-left languages, date/number formatting, and dynamic content from APIs and databases — not just static UI labels.
View module details →
Git Workflow Manager
AgenticManages git workflows — branch creation, PR preparation, merge conflict resolution, release tagging, and cherry-picks.
View module details →
Code Scaffolder
AgenticGenerates boilerplate files following project conventions — components, routes, services, models, middleware, and tests.
View module details →
Blast Radius Predictor
AuditPredicts the impact of a proposed code change using static dependency analysis, test coverage overlay, git history, and deployment topology.
View module details →
Test Gap Analyzer
AuditAnalyzes test quality beyond coverage numbers — assertion strength, mock depth, branch path coverage, edge case gaps, and business-critical code protection.
View module details →
Knowledge Decay Detector
AuditDetects stale, wrong, or misleading documentation by cross-referencing docs against current code.
View module details →
Rollback Manager
AgenticPlans and executes safe rollbacks for code, database migrations, infrastructure, and configuration changes.
View module details →
Codebase Archaeology
AuditReconstructs the history and rationale behind code decisions using git history, documentation cross-references, and staleness analysis.
View module details →
Env Registry Generator
GeneratorBuilds a canonical environment variable registry from codebase scanning, generates .env.example, validation schemas, and environment-specific templates.
View module details →
Threat Modeling Agent
AuditEnterprise threat modeling using STRIDE, DREAD, and attack trees. Identifies threats against architecture, data flows, trust boundaries, and entry points. Generates threat matrices and mitigation plans.
View module details →
Security Hardening Agent
AuditAudits and remediates infrastructure, application, and network security. Covers OWASP Top 10, CIS Benchmarks, HTTP headers, TLS, CORS, CSP, container security, IAM, supply chain, and zero-trust assessment.
View module details →
SOX Compliance Agent
AuditSarbanes-Oxley compliance and financial security agent. Audits financial data handling, access controls, audit trails, change management, segregation of duties. Covers SOX Section 302/404, COSO framework, and ITGC.
View module details →
Compliance Builder
GeneratorGenerates compliance artifacts — policy documents, technical controls, evidence collection systems, and audit-ready documentation. Closes gaps identified by compliance-mapper and SOX compliance agent.
View module details →
UX Heuristic Evaluator
AuditExpert UX evaluation using Nielsen's 10 Heuristics, cognitive walkthroughs, information architecture audits, and form UX analysis. Severity-rated findings with actionable recommendations.
View module details →
Design System Auditor
AuditVerifies codebase adherence to design system specifications. Audits design tokens, component patterns, typography, color palette, spacing, and responsive behavior.
View module details →
Visual Regression Agent
SpecializedAutomated visual regression testing with an opt-in Integrated Quality Suite mode. Captures baseline screenshots, compares across viewports and states, detects pixel-level diffs, classifies changes, and manages approval workflows. When the Integrated Quality Suite is enabled, the same capture pass also runs axe-core (WCAG 2.1 AA), a browser-evaluated UX / design-system heuristic library, and Core Web Vitals, producing a severity-weighted graded report with principle-backed why/fix guidance.
View module details →
Advanced UAT Agent
SpecializedAdvanced UAT beyond smoke tests. Covers error recovery, network simulation, state persistence, concurrent sessions, destructive action safety, and complex multi-step workflow validation.
View module details →
Product Requirements Builder
GeneratorGenerates structured PRDs from user stories. MECE decomposition, acceptance criteria, wireframe descriptions, technical constraints, and dependency maps.
View module details →
Business Model Analyzer
SpecializedStrategic business analysis using Business Model Canvas, SWOT, Porter's Five Forces, unit economics, and competitive positioning. Infers business model components from codebase.
View module details →
IP Portfolio Manager
SpecializedPortfolio-level IP management — tracks patents, trade secrets, copyrights, trademarks. Monitors strength, licensing, risks, and competitive landscape. Extends ip-opportunity-agent with ongoing management.
View module details →
Go-To-Market Builder
GeneratorGenerates GTM strategy and launch plans. Covers positioning, messaging, channel strategy, pricing, launch timeline, and success metrics.
View module details →
Pitch Deck Builder
GeneratorGenerates investor-ready pitch deck content using Sequoia, YC, and Guy Kawasaki frameworks. Covers problem, solution, market, traction, team, competition, and financials.
View module details →
Pricing and Packaging Optimizer
SpecializedOptimizes pricing, packaging, tier structure, feature gates, and upgrade paths. Analyzes value ladders, willingness-to-pay signals, usage patterns, and competitor packaging for productized AI systems.
View module details →
Customer Research Synthesizer
SpecializedSynthesizes customer interviews, reviews, support tickets, and sales notes into jobs-to-be-done, objections, buyer segments, and message priorities.
View module details →
Content Engine Builder
GeneratorBuilds an AI-assisted content engine across docs, SEO, blog, social, tutorials, comparison pages, and lifecycle email using source-of-truth messaging and reusable content loops.
View module details →
Ad Creative Optimizer
GeneratorDesigns and optimizes paid social and search ad creative using audience segments, hooks, objections, value props, proof points, and landing-page alignment. Produces test matrices for headlines, copy, visuals, and CTAs.
View module details →
Growth Experiment Manager
AgenticManages growth hypotheses, experiment backlogs, A/B tests, success metrics, and decision rules across acquisition, activation, conversion, retention, and expansion.
View module details →
Policy Gate Manager
GovernanceDesigns policy gates and approval workflows for AI-assisted development. Defines which skills, workflows, tools, or actions require approval, escalation, or blocking based on environment, risk, and role.
View module details →
Skill Access Manager
GovernanceDefines role-based access to skills, workflows, tool categories, and privileged operations. Builds allowlists, denylists, environment scoping, and approval mappings for teams.
View module details →
Audit Evidence Dashboard Builder
GeneratorBuilds an audit evidence dashboard and evidence inventory for governance, compliance, security, change control, and workflow execution. Maps controls to evidence sources, freshness windows, owners, and auditor-ready exports.
View module details →
Procurement Security Questionnaire Builder
GeneratorGenerates structured responses to procurement, security, privacy, and vendor due-diligence questionnaires using governance, compliance, audit, and evidence artifacts.
View module details →
Starter Pack Orchestrator
LifecycleCurates a beginner-friendly starter pack of skills, workflows, and defaults based on experience level, project type, and goals to reduce cognitive overload.
View module details →
Learning Path Builder
GeneratorCreates a role-based learning path from beginner to advanced use of the skills framework. Sequences skills, workflows, and practice loops by maturity and outcomes.
View module details →
Project Template Recommender
GeneratorRecommends project templates, starter architectures, and skill bundles based on product goals, audience, stack preference, and maturity level.
View module details →
Spending Awareness
GovernanceSession-scoped cost estimation, budget tracking, and spend forecasting for AI agent usage. Estimates token consumption from observable work, projects burn rate against a budget, and reports at session end.
View module details →
Model Autopilot
GovernanceIDE-aware step-by-step model switching with a mandatory STOP — SWITCH MODEL banner. Reads .project-ai/MODEL_AUTOPILOT.yaml. Resolves the active IDE (cursor, vscode, claude, windsurf, jetbrains, neovim, xcode, cli) and uses that IDE's actual picker labels (Opus 4.7, GPT-5 Codex, Cascade Base, Composer 2.5, claude-opus-4-7, …) from @enterprise-skills/core IDE_MODEL_MAPS. Forces a Model check verify before every step so the agent can't silently advance when the user is on the wrong picker.
View module details →
Project Cost Estimator
GovernanceEstimates total project cost-to-completion across IDE plan tiers. Analyzes project scope, remaining work, and target timeline to recommend the optimal plan and predict upgrade/downgrade triggers.
View module details →
Offline-First Progress Sync
AgenticImplements local-first progress or state persistence with server snapshot synchronization, deterministic merge rules, and reconnect-safe reconciliation behavior.
View module details →
Release Manager
AgenticUniversal release orchestration agent. Handles version bumping, changelog generation, git tagging, distribution, and rollback for any project type including the enterprise-skills repo itself.
View module details →
LaunchOps Agent
AgenticGoverned deployment operator across Vercel, Cloudflare, Supabase, Stripe, and GitHub. Reads a declarative tenant manifest, scans live vendor state, detects drift, and (in v1.1+) applies gated, audited, idempotent changes with evidence-backed verification. Pluggable adapter layer; AWS, GCP, Auth0, Sentry, Resend, etc. plug in without core changes. Uses runtime-agnostic adapters so v2 architect-os can wrap the same package as a BYO-dataplane control plane (no central token custody).
View module details →
Report Verifier
GovernanceMandatory output verification for agent-generated reports, audits, and statistical summaries. Extracts numerical claims, re-executes underlying queries, verifies aggregation integrity, checks methodology consistency, enforces attribution confidence levels, and corrects discrepancies before delivery.
View module details →
Stripe Production Grade
SpecializedProduction-grade Stripe integration playbook. Environment separation (pk vs sk), webhook reliability and idempotency, SCA/3DS-capable PaymentIntents, PaymentMethod + SetupIntent modernization, subscription API alignment, Ruby and client SDK upgrades, Connect scope, wallets, disputes, billing portal, multi-currency, PCI/compliance checkpoints.
View module details →