83 canonical skills. Every one documented.

Enforces Pre-Code Gate, model roles, preflight resolution, mid-session handoff, execution logging, and feedback capture. Reads .project-ai/ authority pack when available.

View full spec →

Applies enterprise baseline — all skills, rules, MCP config, testing standards to any machine or project.

View full spec →

Initializes a coding session — loads authority pack or authoritative files, checks project state, verifies git status.

View full spec →

Saves session state — updates PROJECT_STATE.md, SESSION_CHECKPOINT.md, and DECISION_LOG.md.

View full spec →

Master orchestrator. Classifies project, plans activation, generates .project-ai/ authority pack, renders IDE artifacts.

View full spec →

Scans for auth gaps, hardcoded secrets, missing RLS, XSS, CSRF, unprotected routes, exposed env vars.

View full spec →

Enterprise code review on recent changes or GitHub PRs. Checks standards, anti-patterns, error handling, type safety.

View full spec →

Verifies API routes for auth, error handling, response shape, HTTP status codes, input validation.

View full spec →

Audits dependencies for vulnerabilities, outdated packages, license issues, unused deps.

View full spec →

Pre-deployment verification — types, lint, tests, env vars, migrations, build, git state.

View full spec →

Runs ALL enterprise audit skills in sequence — security, code review, API contracts, dependency audit, pre-deploy, testing verification.

View full spec →

Scans for performance anti-patterns, slow queries, bundle size issues, memory leaks, unnecessary re-renders.

View full spec →

Scans for WCAG 2.1 AA compliance — alt text, ARIA roles, keyboard navigation, color contrast, focus management.

View full spec →

Takes a bug report, reproduces, diagnoses root cause, implements fix, adds test, verifies.

View full spec →

Takes a feature spec, plans architecture, scaffolds files, implements, adds tests, verifies.

View full spec →

Schema change requests — generates migration, updates types, updates affected routes and services, tests.

View full spec →

Takes a refactoring goal, analyzes impact, plans changes, executes safely, verifies no regressions. Includes post-refactor anti-hallucination verification for import paths, barrel exports, test references, and pattern consistency.

View full spec →

Reads commits since last tag, categorizes by type, outputs formatted CHANGELOG.md.

View full spec →

Scans API routes, extracts methods/params/auth/response shapes, generates OpenAPI spec or Markdown docs.

View full spec →

Interactive database exploration via Supabase MCP. Queries tables, inspects schemas, checks RLS, reviews migrations.

View full spec →

Interactive Stripe dashboard via MCP. Balance, customers, subscriptions, invoices, disputes, products.

View full spec →

GitHub issue triage via MCP. Scans open issues, categorizes, assigns labels, links related, generates reports.

View full spec →

Scans codebase for IP opportunities, advises on patentability, researches prior art via USPTO/Google Patents, generates IP strategy reports.

View full spec →

Crawls web app pages, simulates user flows, detects UI errors, produces UAT reports.

View full spec →

Playwright-based browser automation for testing, crawling, and web interaction.

View full spec →

Audits RAG systems for compliance with retrieval governance. Checks retrieval order, prompt hardening, injection defense, context firewall, metadata provenance, hybrid retrieval, and code generation grounding.

View full spec →

Audits agentic AI systems for compliance with agent governance. Checks capability declarations, scope boundaries, planning governance, delegation chains, stop conditions, and verification protocol.

View full spec →

Audits model fine-tuning and alignment pipelines. Checks dataset governance, sanitization, evaluation metrics, drift prevention, version control, and audit trail.

View full spec →

Unified test execution and coordination agent. Detects test infrastructure, runs suites across languages, interprets results, identifies coverage gaps, and coordinates with bootstrap-testing and uat-workflow-crawler.

View full spec →

Analyzes accumulated execution logs, user feedback, and skill metrics to detect improvement patterns and generate governed refinement proposals. All proposals require human approval before modifying canonical skills.

View full spec →

Enterprise-grade PM and orchestration hub. Auto-selects methodology (Agile, SAFe, Lean, PRINCE2, Kanban, CRISP-DM) per project archetype. Reads from the shared context bus to synthesize cross-skill intelligence, process pending signals, recommend next workflows, and provide C-suite dashboards. Combines McKinsey MECE, RAID, OKR, DORA, BCG portfolio, Theory of Constraints, and value stream mapping.

View full spec →

Maps codebase against regulatory compliance frameworks (SOC 2, HIPAA, GDPR). Generates compliance matrices and gap reports.

View full spec →

Manages production incidents end-to-end — triage, root cause analysis, remediation, and post-mortem generation.

View full spec →

Creates and manages Architecture Decision Records. Tracks decisions, rationale, alternatives considered, and status.

View full spec →

Generates interactive onboarding guides for new team members. Walks through project structure, conventions, and workflows.

View full spec →

Creates Cursor rules for persistent AI guidance. Generates .cursor/rules/ files and coding standard configurations.

View full spec →

Guides creation of new Agent Skills for Cursor. Provides structure, best practices, and SKILL.md format templates.

View full spec →

Modifies Cursor/VSCode user settings in settings.json. Manages editor preferences, themes, formatting, and IDE configuration.

View full spec →

Bootstraps enterprise testing standards. Auto-detects language, copies config, mocks, test templates, CI workflows.

View full spec →

Applies Universal Enterprise AI Governance to any project. Creates model routing rules, change control, hallucination prevention.

View full spec →

Enforces centralized adapter-layer access for third-party SDKs, including singleton factories, typed helper contracts, and no-direct-import enforcement guard rails.

View full spec →

Defines standardized I/O contracts for inter-skill communication. Establishes shared context bus (.project-ai/skill-outputs/), output format, input declarations, and handoff protocol.

View full spec →

Defines and executes multi-skill pipelines with sequential, parallel, conditional, and gated steps. Includes built-in workflow templates for release-readiness, health-check, sprint-close, and incident-triage.

View full spec →

Manages reactive skill chaining. Monitors skill outputs for signals and recommends or invokes follow-up skills. Includes built-in triggers for security escalation, quality chains, audit chains, and operations.

View full spec →

Resolves skill execution dependencies at runtime. Reads the canonical registry, builds dependency graphs, detects cycles, and produces ordered execution plans with prerequisite and recommendation chains.

View full spec →

Deep anti-hallucination verification aligned with Anthropic and OpenAI best practices. Cross-reference validation, code grounding checks, capability claim verification, RAG grounding, and refactor integrity analysis. Three-layer enforcement: baseline governance, code generation guards, and on-demand deep audit.

View full spec →

Manages git workflows — branch creation, PR preparation, merge conflict resolution, release tagging, and cherry-picks.

View full spec →

Generates boilerplate files following project conventions — components, routes, services, models, middleware, and tests.

View full spec →

Predicts the impact of a proposed code change using static dependency analysis, test coverage overlay, git history, and deployment topology.

View full spec →

Analyzes test quality beyond coverage numbers — assertion strength, mock depth, branch path coverage, edge case gaps, and business-critical code protection.

View full spec →

Detects stale, wrong, or misleading documentation by cross-referencing docs against current code.

View full spec →

Plans and executes safe rollbacks for code, database migrations, infrastructure, and configuration changes.

View full spec →

Reconstructs the history and rationale behind code decisions using git history, documentation cross-references, and staleness analysis.

View full spec →

Builds a canonical environment variable registry from codebase scanning, generates .env.example, validation schemas, and environment-specific templates.

View full spec →

Enterprise threat modeling using STRIDE, DREAD, and attack trees. Identifies threats against architecture, data flows, trust boundaries, and entry points. Generates threat matrices and mitigation plans.

View full spec →

Audits and remediates infrastructure, application, and network security. Covers OWASP Top 10, CIS Benchmarks, HTTP headers, TLS, CORS, CSP, container security, IAM, supply chain, and zero-trust assessment.

View full spec →

Sarbanes-Oxley compliance and financial security agent. Audits financial data handling, access controls, audit trails, change management, segregation of duties. Covers SOX Section 302/404, COSO framework, and ITGC.

View full spec →

Generates compliance artifacts — policy documents, technical controls, evidence collection systems, and audit-ready documentation. Closes gaps identified by compliance-mapper and SOX compliance agent.

View full spec →

Expert UX evaluation using Nielsen's 10 Heuristics, cognitive walkthroughs, information architecture audits, and form UX analysis. Severity-rated findings with actionable recommendations.

View full spec →

Verifies codebase adherence to design system specifications. Audits design tokens, component patterns, typography, color palette, spacing, and responsive behavior.

View full spec →

Automated visual regression testing. Captures baseline screenshots, compares across viewports and browsers, detects pixel-level diffs, classifies changes, and manages approval workflows.

View full spec →

Advanced UAT beyond smoke tests. Covers error recovery, network simulation, state persistence, concurrent sessions, destructive action safety, and complex multi-step workflow validation.

View full spec →

Generates structured PRDs from user stories. MECE decomposition, acceptance criteria, wireframe descriptions, technical constraints, and dependency maps.

View full spec →

Strategic business analysis using Business Model Canvas, SWOT, Porter's Five Forces, unit economics, and competitive positioning. Infers business model components from codebase.

View full spec →

Portfolio-level IP management — tracks patents, trade secrets, copyrights, trademarks. Monitors strength, licensing, risks, and competitive landscape. Extends ip-opportunity-agent with ongoing management.

View full spec →

Generates GTM strategy and launch plans. Covers positioning, messaging, channel strategy, pricing, launch timeline, and success metrics.

View full spec →

Generates investor-ready pitch deck content using Sequoia, YC, and Guy Kawasaki frameworks. Covers problem, solution, market, traction, team, competition, and financials.

View full spec →

Optimizes pricing, packaging, tier structure, feature gates, and upgrade paths. Analyzes value ladders, willingness-to-pay signals, usage patterns, and competitor packaging for productized AI systems.

View full spec →

Synthesizes customer interviews, reviews, support tickets, and sales notes into jobs-to-be-done, objections, buyer segments, and message priorities.

View full spec →

Builds an AI-assisted content engine across docs, SEO, blog, social, tutorials, comparison pages, and lifecycle email using source-of-truth messaging and reusable content loops.

View full spec →

Designs and optimizes paid social and search ad creative using audience segments, hooks, objections, value props, proof points, and landing-page alignment. Produces test matrices for headlines, copy, visuals, and CTAs.

View full spec →

Manages growth hypotheses, experiment backlogs, A/B tests, success metrics, and decision rules across acquisition, activation, conversion, retention, and expansion.

View full spec →

Designs policy gates and approval workflows for AI-assisted development. Defines which skills, workflows, tools, or actions require approval, escalation, or blocking based on environment, risk, and role.

View full spec →

Defines role-based access to skills, workflows, tool categories, and privileged operations. Builds allowlists, denylists, environment scoping, and approval mappings for teams.

View full spec →

Builds an audit evidence dashboard and evidence inventory for governance, compliance, security, change control, and workflow execution. Maps controls to evidence sources, freshness windows, owners, and auditor-ready exports.

View full spec →

Generates structured responses to procurement, security, privacy, and vendor due-diligence questionnaires using governance, compliance, audit, and evidence artifacts.

View full spec →

Curates a beginner-friendly starter pack of skills, workflows, and defaults based on experience level, project type, and goals to reduce cognitive overload.

View full spec →

Creates a role-based learning path from beginner to advanced use of the skills framework. Sequences skills, workflows, and practice loops by maturity and outcomes.

View full spec →

Recommends project templates, starter architectures, and skill bundles based on product goals, audience, stack preference, and maturity level.

View full spec →

Session-scoped cost estimation, budget tracking, and spend forecasting for AI agent usage. Estimates token consumption from observable work, projects burn rate against a budget, and reports at session end.

View full spec →

Estimates total project cost-to-completion across IDE plan tiers. Analyzes project scope, remaining work, and target timeline to recommend the optimal plan and predict upgrade/downgrade triggers.

View full spec →

Implements local-first progress or state persistence with server snapshot synchronization, deterministic merge rules, and reconnect-safe reconciliation behavior.

View full spec →

Mandatory output verification for agent-generated reports, audits, and statistical summaries. Extracts numerical claims, re-executes underlying queries, verifies aggregation integrity, checks methodology consistency, enforces attribution confidence levels, and corrects discrepancies before delivery.

View full spec →