devops-deployment
CI/CD pipelines, containerization, Kubernetes, and infrastructure as code patterns
dependency-audit-assistant
Reviews package dependencies for security vulnerabilities, outdated versions, and license compliance. Use when user asks about dependencies, security audits, or before releases.
marketplace-release
Use when creating releases for Claude Code plugin marketplaces. Supports independent plugin versioning - each plugin can be released separately. Triggered by "release", "bump version", "create release", "publish plugin".
python-venv-manager
Python virtual environment management, dependency handling, and project setup automation.
releasing-versions
Manages release preparation including validation, version bumping, documentation verification, and security checks.
testing-skills-with-subagents
Use when creating or editing skills, before deployment, to verify they work under pressure and resist rationalization - applies RED-GREEN-REFACTOR cycle to process documentation by running baseline without skill, writing to address failures, iterating to close loopholes
yolo
Browser automation skill for Lovable deployments. Activates when: - yolo_mode: on in CLAUDE.md - Running /deploy-edge or /apply-migration commands - After git push when auto_deploy: on (automatic detection) - Any mention of "yolo mode", "automate Lovable", "browser automation" Automatically navigates to Lovable.dev and submits deployment prompts. Runs verification tests based on configuration. Auto-deploys after git push when enabled.
sbom-syft
Software Bill of Materials (SBOM) generation using Syft for container images, filesystems, and archives. Detects packages across 28+ ecosystems with multi-format output support (CycloneDX, SPDX, syft-json). Enables vulnerability assessment, license compliance, and supply chain security. Use when: (1) Generating SBOMs for container images or applications, (2) Analyzing software dependencies and packages for vulnerability scanning, (3) Tracking license compliance across dependencies, (4) Integrating SBOM generation into CI/CD for supply chain security, (5) Creating signed SBOM attestations for software provenance.
when-reviewing-pull-request-orchestrate-comprehensive-code-revie
Use when conducting comprehensive code review for pull requests across multiple quality dimensions. Orchestrates 12-15 specialized reviewer agents across 4 phases using star topology coordination. Covers automated checks, parallel specialized reviews (quality, security, performance, architecture, documentation), integration analysis, and final merge recommendation in a 4-hour workflow.
project-creator
Creates new projects in CCGG Business Operations with all required mechanisms automatically implemented. Ensures PARENT SYSTEM INTEGRATION, operations logging, strategic alignment, and cross-project intelligence are properly configured. Handles both simple projects (standard structure) and complex projects (with coordination hubs and dependency tracking). Use for: creating new incubator project, adding sub-project to CCGG, initializing project structure, setting up project coordination, ensuring PARENT SYSTEM INTEGRATION implemented, generating CLAUDE.md with all mechanisms, creating Active Projects Index entry. Trigger terms: create project, new project, initialize project, set up project, add sub-project, project structure, CCGG project creation.
4-step-program
Coordinator workflow for orchestrating dockeragents through fix-review-iterate-present loop. Use when delegating any task that produces code changes. Ensures agents achieve 10/10 quality before presenting to human.
professional-senior-chrome-extension-architect-developer
Verwandelt den Agenten in einen professionellen MV3-Architekten und Entwickler mit Fokus auf AI-Integration, Sicherheit, Performance, Testing und Publishing-Compliance.
quality-gates
Checkpoint framework and validation rules for all agents. Ensures quality gates are passed at every stage of development.
cicd-intelligent-recovery
Loop 3 of the Three-Loop Integrated Development System. CI/CD automation with intelligent failure recovery, root cause analysis, and comprehensive quality validation. Receives implementation from Loop 2, feeds failure patterns back to Loop 1. Achieves 100% test success through automated repair and theater validation. v2.0.0 with explicit agent SOPs.
verification-before-completion
Force verification before claiming success or completion. Prevents false "it works" claims. Triggers when about to say "done", "complete", "works", "fixed", or "the implementation is ready". Requires actually running builds/tests and showing output before claiming success.
when-building-backend-api-orchestrate-api-development
Use when building a production-ready REST API from requirements through deployment. Orchestrates 8-12 specialist agents across 5 phases using Test-Driven Development methodology. Covers planning, architecture, TDD implementation, comprehensive testing, documentation, and blue-green deployment over a 2-week timeline with emphasis on quality and reliability.
parallel-agents
Dispatch multiple agents to work on independent problems concurrently. Use when facing 3+ independent failures or tasks.
container-grype
Container vulnerability scanning and dependency risk assessment using Grype with CVSS severity ratings, EPSS exploit probability, and CISA KEV indicators. Use when: (1) Scanning container images and filesystems for known vulnerabilities, (2) Integrating vulnerability scanning into CI/CD pipelines with severity thresholds, (3) Analyzing SBOMs (Syft, SPDX, CycloneDX) for security risks, (4) Prioritizing remediation based on threat metrics (CVSS, EPSS, KEV), (5) Generating vulnerability reports in multiple formats (JSON, SARIF, CycloneDX) for security toolchain integration.
requesting-code-review
Use when completing tasks, implementing major features, or before merging to verify work meets requirements - dispatches code-reviewer subagent to review implementation against plan or requirements before proceeding
sca-blackduck
Software Composition Analysis (SCA) using Synopsys Black Duck for identifying open source vulnerabilities, license compliance risks, and supply chain security threats with CVE, CWE, and OWASP framework mapping. Use when: (1) Scanning dependencies for known vulnerabilities and security risks, (2) Analyzing open source license compliance and legal risks, (3) Identifying outdated or unmaintained dependencies, (4) Integrating SCA into CI/CD pipelines for continuous dependency monitoring, (5) Providing remediation guidance for vulnerable dependencies with CVE and CWE mappings, (6) Assessing supply chain security risks and third-party component threats.