sam-fakhreddine
@sam-fakhreddine
Public Skills
wfc-implement
by sam-fakhreddine
Orchestrates PARALLEL execution of an existing TASKS.md implementation plan using isolated git worktrees. STRICT REQUIREMENTS: (1) TASKS.md file exists with 2+ parseable tasks, (2) valid non-bare git repo with clean working directory, (3) user intent is purely EXECUTION of existing plan. FLOW: Validates TASKS.md -> Creates worktrees -> Spawns one agent per task -> Requests TDD workflow -> Runs mocked review -> Creates GitHub PRs targeting develop branch. TRIGGERS: /wfc-implement, "run the plan", "execute TASKS.md", "implement the tasks in TASKS.md". PREREQUISITE: Run /wfc-plan first. This skill requires TASKS.md to exist. NOT FOR: missing TASKS.md (use wfc-plan), single-task runs, inline task lists, plan-then-implement requests, cyclic dependencies, dirty repos, main-branch targets, security-sensitive work.
wfc-deepen
by sam-fakhreddine
Augments an existing /wfc-plan directory by researching codebase patterns, project documentation, and dependency constraints to add supporting evidence to tasks. Reads TASKS.md and PROPERTIES.md, simulates parallel analysis across 4 dimensions, and appends sourced findings as annotations. Does NOT modify task structure, add/remove tasks, or write implementation steps. Triggers: /wfc-deepen, /wfc-deepen <path>, "add research evidence to the plan", "validate plan against codebase patterns", "annotate plan with known pitfalls", "cross-reference plan with existing solutions". Not for: writing or expanding task implementation steps; decomposing tasks into subtasks; prioritizing or reordering tasks; adding or removing tasks; pre-planning research before a plan directory exists; targeted research on specific questions unrelated to plan validation; re-deepening plans with existing Research Findings sections (use --force to override); general research with no plan context.
wfc-sync
by sam-fakhreddine
Synchronizes agent context files (.claude/rules/ and .claude/skills/) with the current codebase state. Use when the codebase has changed and agent instructions are stale or missing. Direction: Codebase is the source of truth. Rules are updated to match code. This skill NEVER modifies source code, tests, or configuration files—only markdown documentation in .claude/ directories. Trigger phrases: "sync agent rules with code", "update claude rules from codebase", "document current code patterns", "my agent rules are outdated", "discover code conventions", "run /wfc-sync", "bootstrap claude rules", "create project.md context"
wfc-review
by sam-fakhreddine
Orchestrates parallel code review across five analytical dimensions (Security, Correctness, Performance, Maintainability, Reliability) for application source code. Produces a heuristic Consensus Score and a prioritized, deduplicated finding report suitable for merge/deploy decisions. TRIGGERS: "review this code", "analyze this PR for quality", "check for bugs", "is this safe to merge", "is this safe to deploy", "/wfc-review". REQUIRES: Application source code in supported languages (.py, .js, .ts, .go, .java, .rb, .php, .rs, .c, .cpp, .sql). NOT FOR: runtime error debugging, Infrastructure-as-Code (Terraform, Kubernetes, Dockerfiles, CloudFormation), dependency/CVE auditing, style-only linting, code walkthroughs, config files without executable logic (YAML, JSON, TOML, ci.yml, tsconfig.json), or writing inline review comments directly (that is the job of the spawned reviewer agents).
wfc-lfg
by sam-fakhreddine
Executes the full WFC pipeline autonomously: plan → deepen → implement → review → resolve → test → push PR. Zero human interaction during execution. Terminal output is a PR on success; halts with a structured report on failure. Requirements: - Git repository with configured remote and clean working directory. - Authenticated gh CLI. - Target branch (default: develop) must exist on remote. Trigger: /wfc-lfg; "full wfc auto"; "ship it end to end" (requires active code context); regex pattern "^lfg (implement build add create refactor fix) .{20,}$" Not for: single-stage requests (route to that skill), deployment/infra tasks, auth/encryption/compliance/PII features (need human review), requests with approval gates, vague descriptions (e.g., "fix some issues"), repositories with uncommitted changes, requests contradicting guardrails (e.g., "push to main").
wfc-plan
by sam-fakhreddine
Generates a structured implementation plan for software features spanning multiple files, modules, or services. Produces TASKS.md (ordered tasks with dependency graph), PROPERTIES.md (non-functional requirements typed SAFETY/LIVENESS/INVARIANT/PERFORMANCE), and TEST-PLAN.md (acceptance and integration test strategy). Conducts a clarifying interview before generating. TRIGGER: /wfc-plan; user requests TASKS.md, PROPERTIES.md, or TEST-PLAN.md by name; requests implementation plan for work affecting 2+ files in different directories or multiple services; user wants dependency ordering and test strategy for a feature. NOT FOR: Single-file edits or bug fixes; debugging/diagnosing defects; high-level architecture discussions with no file output; sprint planning or backlog grooming; directory restructuring; documentation generation; quick single-function patches. Pipeline order: wfc-plan FIRST, then wfc-implement. Running wfc-implement before wfc-plan will fail — there is no TASKS.md to execute.
wfc-ba
by sam-fakhreddine
Business analysis and structured requirements gathering for software features. Use when clarifying WHAT business capabilities to build before planning HOW to implement them. Focuses on: new feature requirements, business capability gap analysis, MoSCoW prioritization of user-stated needs, and acceptance criteria definition. Triggers on: "business requirements", "functional requirements", "MoSCoW prioritization", "acceptance criteria", "business gap analysis", "capability assessment", "requirements gathering", or /wfc-ba. Produces a BA document with MoSCoW requirements (user-stated only), high-level integration touchpoints, acceptance criteria, and risk register — formatted as structured markdown for handoff to planning skills. NOT FOR: technical code analysis, API schema diffs, bug fixes with repro steps, backlog grooming, effort estimation, post-mortems, refactoring with no behavior change, single-file changes, API specification writing, or story pointing.
wfc-gh-debug
by sam-fakhreddine
Diagnoses failing GitHub-native Actions workflow runs by analyzing logs via the gh CLI. Classifies root causes (lint, format, test, type, import, permission, secret, infra/runner) and proposes fixes. Applies fixes only after explicit user approval. Capabilities: fetches and analyzes logs from GitHub-hosted Actions runners; classifies failures into actionable categories; auto-generates fix commands for uv-managed Python and npm/TS projects; verifies fixes locally before pushing. Limitations: requires uv for Python verification (no pip/poetry fallback); cannot access third-party check logs (Vercel, Codecov) or external CI; cannot fix infrastructure failures; requires gh CLI authentication. Triggers: "GitHub Actions failed", "workflow run failed", "debug GitHub Actions logs", "why did my Actions run fail", /wfc-gh-debug. Not for: third-party status checks; external CI (Jenkins, GitLab, CircleCI); fork PRs with missing secrets; PR policy gates; flaky tests; green runs.
wfc-observe
by sam-fakhreddine
Translates formal system properties (SAFETY, LIVENESS, INVARIANTS, PERFORMANCE) from a PROPERTIES.md file into observability definition snippets (metric definitions, alert rule conditions, dashboard panel fragments). REQUIRES: A specification file (default: PROPERTIES.md) containing properties with quantifiable numeric bounds. USE FOR: Generating metric definition snippets, alert condition logic (PromQL), and dashboard panel JSON fragments based on formal specs. NOT FOR: Writing application instrumentation logic (inserting metrics into .py/.go files); generating high-cardinality metrics (user IDs, emails); properties enforced at compile-time (static analysis); setting up monitoring infrastructure (Terraform/Helm); incident triage.
wfc-pr-comments
by sam-fakhreddine
Resolves existing, unresolved inline PR review comments (threads attached to specific file lines). Fetches comments via gh CLI, triages each against project conventions and scope, presents triage table for user approval, then applies fixes via parallel subagents and resolves threads on GitHub. REQUIREMENTS: gh auth configured, uv installed, wfc/scripts/github/pr_threads.py present in repo root. ONLY processes inline thread comments where isResolved=false and isOutdated=false. Does NOT process: general PR body comments, resolved threads, or comments on deleted files. TRIGGER: "address inline PR comments", "fix code review feedback", "resolve open review threads", "respond to line comments on my PR", /wfc-pr-comments.
wfc-init
by sam-fakhreddine
Performs FIRST-TIME initialization of the WFC (Workflow Control) framework for projects without an existing .wfc/ directory. This skill identifies programming languages by file extension and generates a .wfc/config.json with fixed tool mappings (black/ruff for Python, prettier/eslint for JS/TS, gofmt/golangci-lint for Go, rustfmt/clippy for Rust, google-java-format/checkstyle for Java, rubocop for Ruby, dotnet-format for C#), plus Makefile targets for running quality checks. TRIGGER INTENT: Use ONLY for greenfield WFC setup when no .wfc/ directory exists. Key phrases: "/wfc-init", "initialize WFC", "set up WFC for this project". DO NOT USE if .wfc/ already exists (use wfc-configure), or if the user wants standalone formatter/linter setup without WFC framework integration.
wfc-safeguard
by sam-fakhreddine
Installs a PreToolUse hook into .claude/settings.json that intercepts Write/Edit/Bash tool calls and blocks or warns on dangerous code patterns BEFORE the tool executes. Uses regex-based detection only. TRIGGERS: "install the wfc-safeguard hook", "set up code guardrails", "block dangerous functions automatically", /wfc-safeguard. BLOCKS (prevents tool call): eval(), new Function(), os.system(), subprocess shell=True, rm -rf on system/home paths, github.event.* expressions in Actions run steps. WARNS (allows tool call): innerHTML, dangerouslySetInnerHTML, pickle.load(), child_process.exec. SCOPE: JS/TS, Python, Bash, GitHub Actions YAML only. LIMITATIONS: Cannot distinguish code from comments or strings — will block legitimate documentation containing blocked patterns. Regex-based only; does not catch obfuscated or indirect patterns. PREREQUISITES: Python 3.8+ available as python3 command. Target file .claude/settings.json must be writable standard JSON (no comments).
wfc-vibe
by sam-fakhreddine
Divergent thinking engine for pre-structure exploration. Use when generating possibilities, questioning assumptions, or expanding a problem space with NO concrete artifacts, files, or implementation targets referenced. Pure ideation only — creates options, does not select or execute them. Load when: - Intent is creative/exploratory (brainstorm, ideate, speculate, "what if") - No files, code, schemas, or named system components are referenced - Goal is to expand possibilities, not organize, decide, or implement Not for: - Sentiment, tone, aesthetic analysis, or "vibe checks" → general chat - Organizing, prioritizing, or roadmapping formed ideas → wfc-plan - Concrete artifacts or implementation targets → wfc-build - Debugging, error analysis, or troubleshooting → wfc-build - Decision-making or option selection → wfc-plan
wfc-agentic
by sam-fakhreddine
Generates Markdown-based .gh-aw.md workflow files for the gh-aw CLI extension, specifically for AI-driven automation compiled via gh aw compile. Invoke when: User explicitly requests "gh-aw", ".gh-aw.md" files, "safe-outputs", or mentions gh aw compile. Also triggers on: "create an agentic workflow for GitHub" when context implies AI agent execution (Copilot, Claude) rather than standard CI/CD. Format: Markdown files with YAML frontmatter defining triggers, permissions, tools, and safe-outputs. The agent prompt (natural language instructions) is written in the Markdown body. Output is consumed by gh aw compile to generate a lock file.
wfc-housekeeping
by sam-fakhreddine
Removes unreferenced content from a codebase: unused imports, stale git branches, orphaned files, and debug artifacts. Strictly limited to file-level deletion within source code — does not modify package manifests, lockfiles, or git history. Operates in scan-report-approve-execute cycle with mandatory test verification. All deletions require explicit user approval unless --safe flag is used (auto-fixes: unused imports in Python files only). Scope: Python .py files, git branches, worktrees, tracked temp files. Uses static analysis (ruff, grep); cannot detect dynamically accessed code (getattr, globals, plugin loaders). Triggers: "remove unused imports", "delete dead code", "prune stale branches", "clean up debug logs", /wfc-housekeeping. Not for: Refactoring logic; removing packages from pyproject.toml or package.json; npm prune / cargo prune; rewriting git history; secret detection; fixing tests; feature-flagged code.
wfc-prompt-fixer
by sam-fakhreddine
Analyzes and rewrites existing Claude-specific prompts (system prompts, user-turn templates, or WFC Agent Skills) to fix structural issues and antipatterns. Pipeline: Analyzer grades A-F against 14 dimensions and 17 antipatterns → Fixer rewrites C-F prompts (preserving intent, output format, and constraints) → Reporter validates and summarizes. A/B prompts skip Fixer and receive diagnostic report only. Modes: Single file, --batch (up to 4 parallel, auto-scales for token budget), --auto-pr (requires gh CLI + write access), --wfc (explicit WFC mode). Trigger: /wfc-prompt-fixer, "fix this prompt", "rewrite this prompt", "debug prompt errors", "grade this prompt", "analyze prompt quality", "optimize for Claude 4" (applies only to Claude prompts).
wfc-security
by sam-fakhreddine
Architectural threat modeling (STRIDE) and design-level security analysis for software systems. Analyzes system descriptions, architecture diagrams, or explicitly pasted configuration files. Does NOT perform live CVE scanning, code logic review, or implementation patching. Use when: User requests threat modeling, attack surface mapping, or static dependency risk assessment. Do NOT use when: User requests live vulnerability scanning, code review, specific bug remediation (SQLi, XSS), or compliance auditing.
wfc-test
by sam-fakhreddine
Generates structured, example-based unit tests (pytest, JUnit, Jest) from formal input sources: a PROPERTIES.md file with SAFETY(...), LIVENESS(...), or INVARIANT(...) syntax, and/or a TASKS.md file with Given/When/Then acceptance criteria. Produces a TRACEABILITY-REPORT.md identifying uncovered properties and criteria. Does NOT generate property-based or fuzz tests (Hypothesis, QuickCheck). Requires: user-provided input document and explicit target language/framework. Trigger phrases: "generate tests from PROPERTIES.md", "create unit tests from requirements", "/wfc-test". Not for: - Writing tests without a conforming PROPERTIES.md or TASKS.md as input - Fuzz or generative testing (QuickCheck, Hypothesis, fast-check) - Explaining testing methodologies or theory - Debugging, fixing, or running tests - Authoring or validating the input PROPERTIES.md or TASKS.md documents - Detecting languages or frameworks automatically (must be explicit)
wfc-architecture
by sam-fakhreddine
Synchronizes software architecture documentation (ARCHITECTURE.md) and diagrams for systems with existing source code. Triggers on requests to: map system boundaries using C4 models (Context, Container, Component); author Architecture Decision Records (ADRs); or verify code structure compliance against an existing ARCHITECTURE.md. INPUTS: Requires a valid codebase path. Text-based system descriptions are supplementary context only; this skill does not design systems from scratch. OUTPUTS: Generates/updates ARCHITECTURE.md and Mermaid diagrams. Restricts C4 diagrams to Context and Container levels. Audits are strictly for structural compliance with the provided documentation.
wfc-python
by sam-fakhreddine
Internal skill — loaded automatically by wfc-build, wfc-implement, wfc-test, and wfc-review when ALL conditions are true: 1. TARGET LANGUAGE: Code being written, reviewed, or scaffolded is Python 2. PROJECT CONTEXT: Confirmed WFC project via one of: - [tool.wfc] table in pyproject.toml, OR wfc.yaml at project root, OR user explicitly requests "WFC standards" or "WFC scaffolding" 3. TASK TYPE: Writing, modifying, or reviewing application code in: - api/ (FastAPI routes, Pydantic schemas) - services/ (business logic, orchestration) - repositories/ (data access, external APIs) - models/ (domain objects, value types) - Test files that validate the above NOT for: General Python questions; standalone scripts; Jupyter notebooks; CI/CD config; database migrations; build/packaging scripts; auto-generated code (protobufs, gRPC stubs); Poetry/pip projects declining UV migration.
wfc-rules
by sam-fakhreddine
Creates and edits markdown-based coding convention files (.wfc/rules/.md) for the wfc PreToolUse hook system. Use this skill to CREATE or EDIT rule files that guide code generation style and patterns. Rules are plain markdown documents intended for LLM evaluation during tool calls (if wfc hook is registered and active). DISTINCT FROM: - Linters (ESLint, Ruff, Pylint): use those for syntax/AST-based enforcement - Formatters (Prettier, Black): use those for whitespace/formatting - Security shields (wfc-safeguard): use that for blocking dangerous code TRIGGERS: "create/edit a wfc rule file", "add convention to .wfc/rules/", "/wfc-rules" PREREQUISITE: Requires .wfc/ directory and active PreToolUse hook. Rules created without these will be inert (no enforcement occurs). SCOPE: This skill ONLY writes to .wfc/rules/.md. It does not modify .wfc/config.*, .wfc/engine/, or any files outside the rules directory.
wfc-export
by sam-fakhreddine
Exports WFC SKILL.md files to platform-specific configuration files. OUTPUT ONLY: WFC → external format. Cannot import or sync external configs back to WFC. Requires existing SKILL.md files with WFC frontmatter (name, description, license fields) in the current working directory. Supported platforms ONLY: copilot, cursor, gemini, kiro, opencode, codex, factory. Triggers: /wfc-export --to <platform>; /wfc-export --all; "export WFC skills to <platform>"; "generate <platform> config from WFC skills"; "convert SKILL.md to <platform> instructions". Not for: importing external configs to WFC; bidirectional sync; creating/editing SKILL.md files (use wfc-build); converting non-WFC files; unsupported platforms (Claude Code, Windsurf, Cline, Continue, Aider); lossless export to platforms with character limits without --allow-lossy; skills requiring HTTP MCP servers exported to stdio-only platforms; non-destructive merging with existing configs.
wfc-skill-validator-llm
by sam-fakhreddine
LLM-based adversarial validator for WFC Agent Skills (agentskills.io spec only). Requires a SKILL.md file path or YAML metadata block as input. Trigger when the user wants to: test trigger phrase routing ("validate my WFC skill routing", "find routing gaps in my SKILL.md"); probe a skill description for edge case failures ("stress-test my WFC SKILL.md", "find false-positive triggers"); get a health score and candidate rewrite ("score my WFC skill description", "improve my SKILL.md trigger logic"); run a specific stage ("run discovery stage", "run edge case analysis"). Not for: - Schema/structural validation or YAML syntax errors — use make validate - Formatting or restructuring SKILL.md files — use make format - Runtime execution debugging — evaluates definition quality only - General code review of skill files — use wfc-review - Skill definitions outside WFC / agentskills.io framework Explicit command: /wfc-skill-validator-llm
wfc-playground
by sam-fakhreddine
Generates a single, self-contained HTML file with inline CSS and vanilla JavaScript (no external dependencies, no CDNs, no build step). Use for throwaway visual experiments, algorithm visualization, or CSS explorations where all code is synthesized entirely by the LLM. TRIGGER: Invoke ONLY when the request explicitly requests a browser-openable, single-file, static HTML sandbox with zero external dependencies. DO NOT trigger for: requests mentioning React/Vue/Angular, CDN libraries (D3, Three.js, Chart.js), or production-ready output.
wfc-visual
by sam-fakhreddine
Generate beautiful, self-contained HTML pages that visually explain systems, code changes, plans, and data. Combines visual-explainer's visualization engine (Mermaid.js, Chart.js, anime.js) with design system intelligence (96 palettes, 57 font pairings, 100 reasoning rules). Use when the user asks for a diagram, architecture overview, diff review, plan review, project recap, comparison table, or any visual explanation of technical concepts. Also use proactively when about to render a complex ASCII table (4+ rows or 3+ columns).