AI Skills in Practice: Skill Patterns for Real Workflows

name: debug
description: "Investigate bugs using the scientific method —
              observe symptoms, form hypotheses, test them
              systematically, identify root cause"

trigger: "When the user reports a bug, error, or unexpected behavior"

prompt: |
  ## Method

  ### Phase 1: Observe
  - What is the exact error message or unexpected behavior?
  - When did it start? What changed recently? (check git log)
  - Is it reproducible? Under what conditions?
  - What is the expected behavior vs actual behavior?

  ### Phase 2: Hypothesize
  - List 3-5 possible causes, ranked by likelihood
  - For each hypothesis, define what evidence would confirm or refute it
  - Start with the most likely hypothesis

  ### Phase 3: Test
  - For the current hypothesis, gather evidence:
    - Read relevant source code
    - Check logs, error output, stack traces
    - Add targeted logging if needed
    - Run minimal reproduction
  - Does the evidence support or refute the hypothesis?
  - If refuted, move to the next hypothesis
  - If supported, verify by explaining the full causal chain

  ### Phase 4: Fix
  - Propose the minimal fix that addresses the root cause
  - Explain why this fix works (connect to the causal chain)
  - Identify what could break (regression risk)
  - Suggest a test that would catch this bug in the future

  ## Rules
  - Never skip Phase 1. Reading the actual error message prevents
    50% of rabbit holes.
  - Never change code to "see if this fixes it" without a hypothesis.
    If you cannot explain why a change would help, it is a guess.
  - If you exhaust all hypotheses, widen the scope: check recent
    dependency updates, environment changes, infrastructure.
  - Keep a running log of what you tried and what you found.

output: |
  ## Bug Report
  **Symptom**: [exact error or behavior]
  **Root cause**: [what actually went wrong and why]
  **Fix**: [minimal change with explanation]
  **Regression test**: [test that catches this in the future]
  **Investigation log**: [hypotheses tested, evidence gathered]

name: code-review
description: "Review code changes against defined quality dimensions
              with severity ratings and structured findings"

trigger: "When the user asks to review code, a PR, or a diff"

prompt: |
  ## Workflow

  1. Read ALL changed files, not just the ones that look interesting
  2. Read the PR description or commit messages to understand intent
  3. For each file, evaluate against these dimensions:

  ### Dimensions
  - **Correctness**: Does the logic do what it claims? Edge cases?
  - **Security**: Injection, auth bypass, data exposure, OWASP top 10?
  - **Performance**: N+1 queries, unnecessary allocations, missing indexes,
    bundle size impact?
  - **Readability**: Clear naming, reasonable function length, no clever tricks?
  - **Test coverage**: Happy path tested? Edge cases? Error paths?
  - **Architecture**: Does this fit the existing patterns? Or does it
    introduce a parallel way of doing the same thing?

  4. Classify each finding:
     - CRITICAL: Must fix before merge (bugs, security, data loss)
     - WARNING: Should fix, creates tech debt if ignored
     - NOTE: Suggestion for improvement, not blocking

  5. Determine verdict:
     - BLOCK: Any CRITICAL finding
     - REQUEST_CHANGES: 3+ WARNINGs or WARNINGs in critical paths
     - APPROVE: All else

  ## Rules
  - Review the actual changes, not the surrounding code
  - Do not suggest style changes that are not in the coding standards
  - If a pattern is used consistently in the codebase, do not flag it
    as wrong even if you would do it differently
  - Acknowledge what is done well — review is not just finding problems
  - If you do not understand a change, ask instead of assuming it is wrong

references:
  - coding-standards.md
  - security-checklist.md

output: |
  ## Review Summary
  [One paragraph: what was reviewed, overall assessment]

  ## Findings

  ### CRITICAL
  - **[file:line]** [category] — [finding]. Suggested fix: [fix]

  ### WARNING
  - **[file:line]** [category] — [finding]. Suggested fix: [fix]

  ### NOTE
  - **[file:line]** [category] — [finding]

  ## What's Done Well
  - [Specific positive observations]

  ## Verdict: APPROVE | REQUEST_CHANGES | BLOCK

name: blog-writer
description: "Write publication-ready technical blog posts with
              strong hooks, clear structure, audience-appropriate voice"

trigger: "When the user asks to write, draft, or create a blog post
          or technical article"

prompt: |
  ## Workflow

  1. **Clarify scope** — What is the topic? Who is the audience?
     What should the reader be able to do after reading?
  2. **Select format** — Pick the structure that fits:
     - Teaching a process → How-To / Tutorial
     - Curating items → Listicle
     - Taking a stance → Opinion piece
     - Showing results → Case Study
     - Helping choose → Comparison
     - Comprehensive coverage → Ultimate Guide
  3. **Draft headlines** — Write 3-5 options, recommend the strongest
  4. **Write the post** — Follow the format's structure:
     - Hook: first 2-3 sentences earn the next paragraph
     - Each section justifies its existence
     - Concrete examples, numbers, specifics over vague claims
     - End with a clear, specific call to action
  5. **Polish** — Readability pass:
     - Paragraphs max 3-4 sentences
     - Subheadings every 200-300 words
     - Bold 1-2 key phrases per section
     - Active voice default
     - No throat-clearing intros ("In today's fast-paced world...")

  ## Rules
  - Match voice to audience:
    - Beginners → patient, encouraging, define terms, use analogies
    - Mid-level devs → peer-to-peer, skip basics, focus on "why"
    - Senior engineers → precise, deep tradeoffs, production scenarios
  - Never start with "In this post, we will..." — start with the hook
  - Never end with "Let me know what you think" — end with a specific action
  - Code examples must be minimal and runnable, not pseudocode

references:
  - blog-formats.md       # Detailed structures for each format
  - tone-and-voice.md     # Voice profiles with examples
  - seo-checklist.md      # If SEO optimization requested

output: |
  Markdown with:
  - H1 for title
  - H2 for major sections
  - H3 sparingly
  - Fenced code blocks with language tags
  - Meta description (if SEO requested)

name: deploy-check
description: "Pre-deployment checklist and verification workflow
              to prevent common deployment failures"

trigger: "When the user is preparing to deploy, merge to main,
          or release"

prompt: |
  ## Pre-Deploy Checklist

  ### Code Readiness
  - [ ] All tests pass (unit, integration, e2e)
  - [ ] No TODO or FIXME comments in changed files
  - [ ] No debug logging left in production code
  - [ ] No hardcoded secrets, URLs, or environment-specific values
  - [ ] Dependencies are locked (lockfile committed)

  ### Configuration
  - [ ] Environment variables documented and configured
  - [ ] Feature flags set correctly for this release
  - [ ] Database migrations are backward-compatible
  - [ ] API changes are backward-compatible (or versioned)

  ### Observability
  - [ ] New features have logging at appropriate levels
  - [ ] Error paths have actionable error messages
  - [ ] Metrics/alerts configured for new functionality
  - [ ] Health check endpoints updated if needed

  ### Rollback Plan
  - [ ] Can this deploy be reverted with a single action?
  - [ ] If not, what is the manual rollback procedure?
  - [ ] Are there database changes that prevent rollback?
  - [ ] What is the monitoring window after deploy?

  ## Workflow
  1. Run through each checklist section
  2. For each unchecked item, investigate whether it applies
  3. Flag any items that are not satisfied
  4. If all items pass, confirm ready to deploy
  5. If any items fail, list blockers with remediation steps

  ## Rules
  - Never skip the rollback plan section
  - If database migrations exist, verify they are reversible
  - If this is a Friday deploy, add extra scrutiny (or suggest waiting)
  - Do not block on style issues — only block on correctness,
    security, and data safety

output: |
  ## Deploy Readiness Report

  **Status**: READY | BLOCKED | PROCEED_WITH_CAUTION

  ### Passed
  - [list of satisfied checks]

  ### Blocked
  - [list of failed checks with remediation steps]

  ### Warnings
  - [list of items that passed but deserve attention]

  ### Rollback Plan
  [specific rollback procedure for this deploy]

Bug report arrives
    ↓
[Debug Skill] → root cause identified
    ↓
Developer writes the fix
    ↓
[Review Skill] → self-review before PR
    ↓
[Deploy Check] → pre-merge verification
    ↓
Fix shipped
    ↓
[Writing Skill] → post-mortem or changelog entry