Enforce dependency security scanning and SBOM generation. Use when adding dependencies, reviewing package.json, or during security audits. Covers OWASP dependency check, npm audit, and supply chain security.

Upgrade dependencies for Java/Kotlin (Gradle/Maven) and TypeScript/Node projects with minimal risk: plan the bump, apply changes incrementally, run tests/builds, and document breaking changes. Use when the user asks to bump deps, update frameworks, or address CVEs.

Deploy applications to Railway. Use when deploying services, databases, or full-stack applications to Railway PaaS. Covers Railway CLI and configuration.

Deploy workflow for Vercel and Supabase Edge Functions

Expert DevOps automation consultant for building production-grade CI/CD deployment pipelines using Vercel, GitHub Actions, and Railway. Implements build/test/preview/production workflows, automated rollbacks, canary deployments, blue-green strategies, environment promotion, secrets management, health checks, smoke testing, and live monitoring. Use when deploying web applications, setting up CI/CD pipelines, configuring automated deployments, implementing deployment strategies, managing production releases, or troubleshooting deployment issues.

Pre-deployment validation checklist and automated readiness assessment.

Ensure safe, reliable deployments with comprehensive checklists.

Pre-deployment verification steps and checks

Phase sizing, scope boundaries, and anti-patterns. Load when evaluating whether a phase is well-formed or needs splitting.

Phase directory layout, naming conventions, and required files. Load when creating or navigating phase directories.

Plan-Build-Review cycle and agent handoffs. Load when transitioning between agents or understanding workflow progression.

Generate comprehensive PR descriptions following repository templates

Structure and field ownership for progress.yaml. Load when reading or updating phase progress state.

Structure and sections for review.md. Load when creating review scaffolds or recording review findings.

Core Ushabti concepts and development lifecycle. Load when starting any Ushabti workflow or orienting to the framework.

Generate a PR description for the current branch. Writes Markdown to .git/magit/posts/new-pullreq for use with magit-forge.

Compare doc versions across git history. Use when reviewing changes, tracking evolution, or understanding modifications.

design-jira-state-analyzer

Build and present HTML/CSS design mockups with a local preview server. Use when prototyping website designs, iterating on visual concepts, or presenting design options.

>

>

Reviews finished and in-progress digital products to assess adherence to design specifications and discover potential issues with those specifications. Validates implementation against design intent, identifies visual and interaction discrepancies, and provides actionable feedback for design and engineering teams.

Generate status reports for design documentation. Use when creating documentation summaries, tracking progress, or preparing documentation reviews.

Review UI components for design system compliance, accessibility, and visual consistency

Facilitate a cross-functional design review capturing decisions, feedback, and implementation guidance.

Review and analyze design docs for health, quality, and improvement opportunities. Use when auditing design documentation, checking doc health, or identifying areas for improvement.

design-reviewer

Verify code implementation aligns with design specifications. Use after implementing features, during code reviews, or when refactoring to ensure architectural compliance. Compares design docs with actual code.

Review design system usage and gaps

[Design System] Validate that code and styles use official design tokens instead of hard-coded values. Use when (1) reviewing CSS/SCSS/Tailwind/styled-components for hard-coded colors/spacing, (2) checking SwiftUI/UIKit for raw color/font values, (3) auditing Unity styles for magic numbers, (4) enforcing design system compliance, (5) user asks to 'check design tokens', 'validate tokens', 'find hard-coded values', or 'audit design system usage'.

Guides REST and GraphQL API design, endpoint patterns, request/response schemas, versioning, and API best practices. Use when building APIs, designing endpoints, or reviewing API contracts.

Guides software architecture decisions, design patterns, and system design principles. Use when designing systems, choosing patterns, or making architectural decisions.

Use when building, improving, or reviewing command-line interfaces for better user experience - before implementing commands/output/errors, when users report confusion or frustration, or when CLI feels hard to use - provides UX principles, visual design techniques, and practical patterns for creating discoverable, delightful CLIs

Use when designing, implementing, or modifying UI for GNOME apps; before writing UI code; when reviewing existing UI for HIG compliance; when working with GTK 4/libadwaita or styling Qt/PySide6 for GNOME

Requires detailed Google-style docstrings for all functions, methods, and classes.

Identify code quality issues and anti-patterns. Use when reviewing code for maintainability problems.

Detects existing PR review threads to prevent duplicate comments. Use BEFORE posting any inline comments. Fetches resolved and open threads, then matches against planned findings.

Detects information disclosure vulnerabilities including sensitive data in logs, error message exposure, and memory leaks. Use when analyzing logging practices, error handling, or investigating data leakage issues.

Runs pre-commit checks and validates code quality. Use when preparing commits, running pre-deploy checks, or validating code before deployment.

Code Quality Standards. Use it everytime you plan or implement any code.

Internal skill used by dev-implement during Phase 5 of /dev workflow. NOT user-facing - should only be invoked by dev-ralph-loop inside each implementation iteration. Handles Task agent spawning with TDD enforcement and two-stage review (spec compliance + code quality).

dev_invoke_gemini-cli

dev_invoke_kimi-cli

Review developer meeting notes from the UCEAP IT Software Engineering wiki to process any outstanding action items. Creates Jira tickets, updates meeting notes, and manages the wiki Home page. Use when processing UCEAP meeting followups or planning a dev meeting.

This skill should be used as REQUIRED Phase 6 of /dev workflow when the implementation is complete and needs code review. Combines spec compliance and code quality checks with confidence-based filtering.

Review and audit code quality, architecture, and implementation. Verify code meets design specs, find bugs, identify improvements, and create change/bug/improve backlogs. Use when reviewing completed code, auditing implementations, or ensuring quality.

Create and execute comprehensive tests including unit tests, integration tests, CLI tests, web/mobile UI tests, API tests, and log analysis. Find bugs, verify requirements, identify improvements, and create change/bug/improve backlogs. Use when testing implementations or ensuring quality.

Review and refine MCP skill descriptions to follow the agent skill specification, and record approved overrides in dev-swarm/mcp_descriptions.yaml. Use when the user asks to update one MCP skill description, all skills from a server, or all MCP skills.