use-case-2.0
Use Case 2.0 methodology by Ivar Jacobson. Covers use case slices, lightweight documentation, user story derivation, and value-driven prioritization. Modern approach to use case modeling for agile teams.
user-story-mapping
Jeff Patton's User Story Mapping technique for Agile discovery. Visualizes user journey as a map, identifies backbone activities, walking skeleton, and release slices. Use when organizing requirements into deliverable increments or defining MVP scope.
workshop
Facilitate structured requirements workshops (JAD-style). Guides through agenda, captures decisions, resolves conflicts, and produces consolidated requirements. Supports multiple workshop formats.
conduct
Research a topic comprehensively and create detailed research documentation
api-security
Comprehensive API security guidance covering authentication methods, rate limiting, input validation, CORS, security headers, and protection against OWASP API Top 10 vulnerabilities. Use when designing API authentication, implementing rate limiting, configuring CORS, setting security headers, or reviewing API security.
audit
Run security audit on code for OWASP Top 10, CWE vulnerabilities, and security anti-patterns
authentication-patterns
Comprehensive authentication implementation guidance including JWT best practices, OAuth 2.0/OIDC flows, Passkeys/FIDO2/WebAuthn, MFA patterns, and secure session management. Use when implementing login systems, token-based auth, SSO, passwordless authentication, or reviewing authentication security.
authorization-models
Comprehensive authorization guidance covering RBAC, ABAC, ACL, ReBAC, and policy-as-code patterns. Use when designing permission systems, implementing access control, or choosing authorization strategies.
check-deps
Check dependencies for known CVEs and security vulnerabilities
container-security
Container and Kubernetes security patterns including Docker hardening, image scanning, pod security standards, network policies, RBAC, secrets management, and runtime protection. Use when securing containerized applications, building secure images, or configuring Kubernetes security controls.
cryptography
Comprehensive cryptography guidance covering encryption algorithms, password hashing, TLS configuration, key management, and post-quantum considerations. Use when implementing encryption, choosing hashing algorithms, configuring TLS/SSL, managing cryptographic keys, or reviewing cryptographic implementations.
devsecops-practices
DevSecOps methodology guidance covering shift-left security, SAST/DAST/IAST integration, security gates in CI/CD pipelines, vulnerability management workflows, and security champions programs.
scan-secrets
Scan codebase for hardcoded secrets, API keys, credentials, and sensitive data
secrets-management
Comprehensive guidance for secure secrets management including storage solutions (Vault, AWS Secrets Manager, Azure Key Vault), environment variables, secret rotation, scanning tools, and CI/CD pipeline security. Use when implementing secrets storage, configuring secret rotation, preventing secret leaks, or reviewing credentials handling.
secure-coding
Provides guidance on secure coding practices including OWASP Top 10 2025, CWE Top 25, input validation, output encoding, and language-specific security patterns. Use when reviewing code for security vulnerabilities, implementing security controls, or learning secure development practices.
supply-chain-security
Software supply chain security guidance covering SBOM generation, SLSA framework, dependency scanning, SCA tools, and protection against supply chain attacks like dependency confusion and typosquatting.
threat-modeling
Threat modeling methodologies (STRIDE, DREAD), attack trees, threat modeling as code, and integration with SDLC for proactive security design
vulnerability-management
Vulnerability lifecycle management including CVE tracking, CVSS scoring, risk prioritization, remediation workflows, and coordinated disclosure practices
ears-convert
Convert specifications to/from EARS format.
zero-trust
Zero Trust architecture principles including ZTNA, micro-segmentation, identity-first security, continuous verification, and BeyondCorp patterns. Use when designing network security, implementing identity-based access, or building cloud-native applications with zero trust principles.
ai-writing-assistant
Leverage AI tools effectively for professional writing tasks. Provides prompt patterns, refinement workflows, voice preservation techniques, and quality checkpoints for AI-augmented drafting.
brand-statement
Develop your personal brand statement using the Skills x Interests x Market Needs framework. Use when crafting your professional positioning, LinkedIn headline, or elevator pitch.
career-strategy
Internal vs external career growth paths, goal setting, career maintenance, and long-term planning for software engineers. Use when deciding between internal promotion vs external job search, setting career goals, or planning long-term career trajectory.
code-review-communication
Frameworks for giving and receiving code review feedback effectively. Use for PR comments, review strategies, handling disagreements, and balancing thoroughness with kindness.
craft-linkedin-post
Generate an engaging LinkedIn post using proven storytelling frames. Use when you want to share learnings, celebrate wins, or build professional visibility.
developer-visibility
Build professional visibility through LinkedIn, GitHub, conference speaking, and internal branding. Provides frameworks for personal brand development, content creation, and career growth.
difficult-conversations
Structured approach to workplace conflicts, performance discussions, and challenging feedback using preparation-delivery-followup framework. Use when preparing for tough conversations, addressing conflicts, giving critical feedback, or navigating sensitive workplace discussions.
draft-email
Draft a professional email using the What-Why-How framework. Use when you need to compose emails to colleagues, stakeholders, or leadership.
feedback-conversations
Navigate difficult conversations and deliver constructive feedback using structured frameworks. Covers the Preparation-Delivery-Follow-up model and Situation-Behavior-Impact (SBI) feedback technique. Use when preparing for difficult conversations, giving feedback, or managing conflicts.
interview-skills
Frameworks for technical interviews and salary negotiation. Use for behavioral interview prep (STAR method), technical interview communication, offer evaluation, and compensation negotiation strategies.
mentoring-developers
Frameworks for effective mentoring and knowledge transfer. Use for 1:1 meetings, pair programming, onboarding, teaching technical concepts, and developing junior engineers.
plan-career-goals
Create structured career goals with timelines, actions, milestones, and accountability measures.
professional-communication
Guide technical communication for software developers. Covers email structure, team messaging etiquette, meeting agendas, and adapting messages for technical vs non-technical audiences. Use when drafting professional messages, preparing meeting communications, or improving written communication.
promotion-preparation
Building promotion cases, brag documents, tracking wins, and self-advocacy for career advancement. Use when preparing for promotions, documenting accomplishments, or building your case for advancement.
resume-optimization
Resume structure, achievement bullet formulas, ATS optimization, and job-targeted tailoring for software engineers. Use when reviewing resumes, crafting achievement bullets, extracting keywords from job descriptions, or tailoring content for specific roles.
review-comment
Generate a well-structured code review comment using Conventional Comments format. Helps give clear, actionable feedback on PRs.
stakeholder-communication
Adapting technical communication for different audiences - engineers, product managers, executives, and customers. Use when communicating across functions, translating technical concepts, presenting to leadership, or building shared understanding with non-technical stakeholders.
structure-presentation
Create a structured presentation outline using the What-Why-How framework. Use when preparing talks, demos, or technical presentations.
team-effectiveness
Building high-performing teams through psychological safety, diversity leverage, inclusive practices, and healthy team dynamics. Use when improving team collaboration, addressing team dysfunction, building inclusive environments, or developing team culture.
technical-presentations
Create and deliver effective technical presentations, demos, and talks. Provides frameworks for structuring content, designing slides, and handling live demos.
track-win
Document an accomplishment in brag document format with proper categorization and impact metrics.
write-1on1-agenda
Generate a structured agenda for a 1:1 meeting with your manager, mentor, or direct report. Includes discussion questions and follow-up sections.
write-cfp
Draft a compelling conference proposal (Call for Papers) that gets accepted. Use when submitting to conferences, meetups, or internal tech talks.
adr-create
Create Architecture Decision Record from specification context.
asyncapi-authoring
Author and validate AsyncAPI 3.0 specifications for event-driven API design, message brokers, and async communication patterns
canonical-spec-format
Canonical specification format reference. Use when understanding the canonical spec schema, field requirements, provider-agnostic specification structure, or validating specifications against the schema.
constitution
Create or update the project constitution file (.constitution.md) for Spec Kit workflow.
contract-first-design
Design and manage API contracts before implementation using OpenAPI and AsyncAPI specifications for contract-first development
convert
Convert specification between formats (EARS, Gherkin, Kiro, canonical).
ears-author
Interactive EARS pattern authoring assistant. Guides through pattern selection and requirement construction.
Page 6 of 10 · 484 results