Laravel
BackendCommonly used with
Skills using Laravel (202)
laravel-expert
Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).
faf-wizard
Done-for-you .faf generator. One-click AI context for any project - new, legacy, or famous. Auto-detects stack, scores readiness, works everywhere.
laravel-expert
Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
exploiting-mass-assignment-in-rest-apis
Discover and exploit mass assignment vulnerabilities in REST APIs to escalate privileges, modify restricted fields, and bypass authorization controls by injecting unexpected parameters in API requests.
laravel-patterns
Laravel architecture patterns, routing/controllers, Eloquent ORM, service layers, queues, events, caching, and API resources for production apps.
laravel-plugin-discovery
Discover and evaluate Laravel packages via LaraPlugins.io MCP. Use when the user wants to find plugins, check package health, or assess Laravel/PHP compatibility.
laravel-security
Laravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.
laravel-tdd
Test-driven development for Laravel with PHPUnit and Pest, factories, database testing, fakes, and coverage targets.
laravel-verification
Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.
php-quality
PHP code quality: PSR standards, strict types, framework idioms.
php-testing
PHP testing patterns: PHPUnit, test doubles, database testing.
laravel-specialist
Build and configure Laravel 10+ applications, including creating Eloquent models and relationships, implementing Sanctum authentication, configuring Horizon queues, designing RESTful APIs with API resources, and building reactive interfaces with Livewire. Use when creating Laravel models, setting up queue workers, implementing Sanctum auth flows, building Livewire components, optimising Eloquent queries, or writing Pest/PHPUnit tests for Laravel features.
php-pro
Use when building PHP applications with modern PHP 8.3+ features, Laravel, or Symfony frameworks. Invokes strict typing, PHPStan level 9, async patterns with Swoole, and PSR standards. Creates controllers, configures middleware, generates migrations, writes PHPUnit/Pest tests, defines typed DTOs and value objects, sets up dependency injection, and scaffolds REST/GraphQL APIs. Use when working with Eloquent, Doctrine, Composer, Psalm, ReactPHP, or any PHP API development.
app-builder
App scaffolding: Next.js, Vite, Nuxt, Astro, FastAPI, Django, Laravel, RN, Flutter. Triggers: scaffold, bootstrap, new project, starter, dashboard, mobile app.
explore
Explores codebase structure, stack, and architecture. Triggers: explore codebase, project structure, stack overview, architecture map.
configure-nightwatch
Configures Laravel Nightwatch data collection, sampling rates, filtering rules, and redaction policies. Use when setting up Nightwatch, managing data volume, protecting sensitive data (PII), or optimizing event collection for production workloads.
common-api-design
Apply REST API conventions — HTTP semantics, status codes, versioning, pagination, and OpenAPI standards for any framework. Use when designing endpoints, choosing HTTP methods, implementing pagination, or writing OpenAPI specs. (triggers: **/*.controller.ts, **/*.router.ts, **/*.routes.ts, **/routes/**, **/controllers/**, **/handlers/**, rest api, endpoint, http method, status code, versioning, pagination, openapi, api design, api contract)
independent-developer-micro-saas-master
独立开发者与微型 SaaS — 单人或极小团队 (≤3 人) 构建可持续订阅收入的软件产品商业, 有别于自由职业/咨询、企业级 SaaS 和开源维护: (a) 产品发现与验证 (自己的痒 vs 市场优先 Nugent/Walling; 着陆页冒烟测试; 先接 Stripe 再写代码; JTBD 访谈适配独立开发者场景; Reddit/HN/X/社区痛点挖掘; Mom Test 验证框架; 公开构建作为验证机制); (b) 独立开发者技术架构 (无聊技术论 McKinley; 单体优先; serverless vs VPS 在 ≤$100/月预算下的取舍; Rails/Django/Laravel/Next.js 等框架的出货速度选型; 托管服务优先于自建; Supabase/PlanetScale/Neon 数据库即服务; Clerk/Auth0 认证即服务; Stripe/Paddle/LemonSqueezy 支付; Vercel/Fly.io/Railway 部署; AI 辅助编码 Cursor/Copilot 作为力量倍增器); (c) 无营销团队的分发与增长 (SEO 作为微型 SaaS 护城河; Product Hunt 发布; AppSumo 终身授权利弊; 冷邮件; Twitter/X 公开构建; IndieHackers 社区分发; 集成市场 Shopify/WordPress/Zapier/Slack 应用目录; 联盟计划; 一人内容营销); (d) 定价与变现 (SaaS 定价心理学; freemium vs 免费试用 vs 纯付费; 按席位 vs 按用量 vs 固定费率; 年付折扣; 老用户保价; 微型 SaaS 流失率控制; MRR/ARR/LTV/CAC 在微型规模的含义; $10K MRR 里程碑心理学); (e) 独立创始人心智模型与生活设计 (default alive vs default dead Graham; 拉面盈利 Levels; 生活方式生意 vs 增长生意的光谱; 独立开发者倦怠预防; 时间管理与上下文切换成本; 地理套利与远程优先; 一次构建反复销售的资产思维; 社区作为支持网络 IndieHackers/WIP/MicroConf); (f) 法务与运营基础 (公司注册地选择 LLC/Ltd/GmbH 税效; Stripe Atlas vs Firstbase
angular-testing
Write Angular component tests using TestBed, ComponentHarness, and HttpTestingController with proper signal input handling. Use when writing component tests, mocking HTTP calls, or testing signal inputs. (triggers: **/*.spec.ts, TestBed, ComponentFixture, TestHarness, provideHttpClientTesting)
hunt-laravel
Hunt Laravel specific vulnerabilities — Debug mode leakage (APP_DEBUG=true exposes full stack trace + env vars), Laravel Telescope/Horizon dashboard unauthorized access, Ignition RCE (CVE-2021-3129), Signed URL manipulation, Queue Worker abuse, mass assignment via Eloquent, deserialization via cookies, .env file exposure. Use when target runs Laravel (PHP) — detected via X-Powered-By, Laravel session cookies, or /storage/ paths.
analysis-autonomous-mode
ONLY when user explicitly requests autonomous analysis, deep investigation, multi-step research, or 'dig into this end-to-end without asking me each step' — NOT for normal feature work.
analysis-skill-router
Use when picking which analysis or project-analysis-* skill fits a request — routes by scope, framework, and symptom — even if the user just says 'analyze this' or 'dig into the codebase'.
api-endpoint
Use when creating an API endpoint or HTTP route handler — detects the project stack and routes to the matching carve-out (laravel-api-endpoint, nextjs-patterns, symfony-workflow).
artisan-commands
Use when creating or modifying Artisan commands. Covers clear signatures, safe execution flow, helpful output, and project conventions for console tooling.
authz-review
Use when reviewing authorization end-to-end — route → gate → policy → query scope → response filter — before changes to permissions, tenants, ownership, or admin flows.
code-refactoring
Use when the user says 'refactor this', 'rename class', or 'move method'. Safely refactors code in any language — finds all callers, updates downstream dependencies, verifies via quality tools.
command-routing
Use when the user invokes a slash command like /create-pr, /commit, /fix-ci, or pastes command file content — routes to the right command with context inference and GitHub API patterns.
composer-packages
Use when building or maintaining a Composer library — versioning, Laravel integration, autoloading, publishing to private registries — even when the user says 'release a new version'.
contextcreate
Analyze a codebase area and create a structured context document
contextrefactor
Analyze, update, and extend an existing context document
dashboard-design
Use when designing monitoring dashboards — visualization selection, layout principles, observability strategies (RED/USE/Golden Signals), and data storytelling.
database
Use when working with database architecture, MariaDB/MySQL tuning, indexing strategies, slow queries, or multi-connection patterns — even when the user just says 'this query is slow'.
featuredev
Full 7-phase feature development workflow for complex features.
featurerefactor
Refine and update an existing feature plan through interactive discussion
featureroadmap
Generate implementation roadmap(s) from a feature plan and link them
apex-methodology
Systematic development workflow: Analyze → Plan → Execute → eLicit → eXamine. Use for ANY development task: features, bug fixes, refactoring, hotfixes. Triggers: "implement", "create", "build", "fix", "add feature", "refactor", "develop". Auto-detects project type (Laravel, Next.js, React, Swift) and loads framework-specific references. Enforces: files <100 lines, interfaces separated, SOLID principles, expert self-review, sniper validation. Modes: --auto (default), --manual, --skip-elicit
fusecore
FuseCore Modular Architecture - Laravel 13 modular monolith with auto-discovery, React 19 integration, and SOLID principles. Use when creating modules, understanding FuseCore structure, or implementing features in FuseCore projects.
laravel-ai-sdk
Use when integrating AI agents, tool calling, embeddings, structured output, or streaming in Laravel 13 via the `laravel/ai` package. Covers 14+ providers (OpenAI, Anthropic, Gemini, Azure, Groq, DeepSeek, Ollama, Mistral, xAI, Cohere, ElevenLabs, Jina, VoyageAI, OpenRouter).
laravel-api
Build RESTful APIs with Laravel using API Resources, Sanctum authentication, rate limiting, and versioning. Use when creating API endpoints, transforming responses, or handling API authentication.
laravel-architecture
Design Laravel app architecture with services, repositories, actions, and clean code patterns. Use when structuring projects, creating services, implementing DI, or organizing code layers.
laravel-attributes
Use when migrating Eloquent models, Jobs, Console commands, Controllers, API Resources, Validation, Factories or Seeders to native PHP 8.3 attributes introduced in Laravel 13. Covers all 7 categories of first-party attributes.
laravel-auth
Use when implementing user authentication, API tokens, social login, or authorization. Covers Sanctum, Passport, Socialite, Fortify, policies, and gates for Laravel 13.
ia-php-laravel
Modern PHP 8.4 and Laravel patterns: architecture, Eloquent, queues, testing. Use when working with Laravel, Eloquent, Blade, artisan, PHPUnit, PHPStan, or building/testing PHP applications with frameworks. Not for PHP internals (php-src) or general PHP language discussion.
craft-project-setup
Scaffold Claude Code configuration specifically for Craft CMS projects. Generates CLAUDE.md and .claude/rules/ files tailored to the project type (plugin, site, module, hybrid, or monorepo). Only for Craft CMS projects — not for Next.js, Laravel, or other frameworks. Triggers on: 'set up Claude for this Craft project', 'initialize CLAUDE.md', 'scaffold project config', 'configure Claude Code for Craft', 'create CLAUDE.md', 'missing CLAUDE.md', 'does this project have a CLAUDE.md', 'bootstrap Claude config', 'new Craft project setup', 'onboard a developer to this Craft project', 'generate .claude/rules', 'set up coding standards config', 'upgrade Claude config', 'update CLAUDE.md', 'compare my setup', 'is my config up to date', 'audit my Claude setup', 'redo project setup'. Also triggers when starting work in a new Craft CMS project that lacks a CLAUDE.md file, or when the user wants to check or upgrade an existing configuration. Detects project type from composer.json (craft-plugin, craft-module, project), .d
nuxt-ui
Use when building styled UI with @nuxt/ui v4 components — forms, data tables, modals, theming. Use vue for raw patterns, reka-ui for headless.
laravel-expert
Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).
laravel-security-audit
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
laravel-specialist
Use when building Laravel 10+ applications requiring Eloquent ORM, API resources, or queue systems. Invoke for Laravel models, Livewire components, Sanctum authentication, Horizon queues.
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
mir-backend-php
Make It Right (PHP runtime tier). Zend Engine / PHP 8.2+ runtime reliability footguns that are shared across EVERY PHP backend framework (Laravel, Symfony, WordPress, Slim, Lumen) — distinct from the generic backend gates and from any one framework's mechanics. Covers: shared-nothing request lifecycle and why static/global state does not persist, FPM worker model and concurrency = pm.max_children (not threads), long-running runtime modes (Swoole/RoadRunner/FrankenPHP/Octane) and the state-bleed/memory-leak inversion they introduce, max_execution_time and memory_limit per request, opcache correctness in production, persistent DB connection caveats, and PHP's error/exception model in prod. TRIGGER when the backend runtime is PHP — sits between mir-backend (generic) and the framework module (e.g. mir-backend-php-laravel). SKIP for Node/JVM/Go/Rust/.NET/Python/Ruby/BEAM runtimes (each has its own mir-backend-<runtime> tier), and for framework-library mechanics (those live in the framework module).
mir-backend-php-laravel
Make It Right (Laravel module). Laravel 10/11 + Eloquent ORM + MySQL/PostgreSQL + Redis + Laravel Queues specific reliability augmentation. Use alongside mir-backend and mir-backend-php when the target stack is Laravel — it carries the mechanical footguns that the framework-agnostic tiers deliberately omit: Eloquent N+1 queries, mass assignment via $fillable/$guarded, synchronous vs. queued work, DB::transaction() boundaries and afterCommit event semantics, Octane state bleed from singletons surviving requests, and migration safety on populated tables. TRIGGER only when the PHP backend stack is Laravel — building, reviewing, or debugging a Laravel controller, Eloquent model, Job, migration, or middleware. Always loads TOGETHER WITH mir-backend (the gates) and mir-backend-php (Zend Engine runtime concerns: shared-nothing lifecycle, FPM worker model, Octane state bleed, opcache, error model); this module only adds Laravel/Eloquent library mechanics. SKIP for Symfony, WordPress, Slim, or any non-Laravel PHP stac
hunt-dispatch
Skill-set loader for /hunt orchestrator. Fingerprints the target, picks the right platform attack skills, and loads the Red Team or WAPT skill set. Use when /hunt has just received a mode answer (redteam or wapt + blackbox|greybox) and needs to load the appropriate skills and print the taxonomy. Not for direct user invocation.
lazy-agent-loader
Load agent definitions on-demand to reduce context usage. Only loads full agent when needed.
laravel-specialist
Build and configure Laravel 10+ applications, including creating Eloquent models and relationships, implementing Sanctum authentication, configuring Horizon queues, designing RESTful APIs with API resources, and building reactive interfaces with Livewire. Use when creating Laravel models, setting up queue workers, implementing Sanctum auth flows, building Livewire components, optimising Eloquent queries, or writing Pest/PHPUnit tests for Laravel features.
php-pro
Use when building PHP applications with modern PHP 8.3+ features, Laravel, or Symfony frameworks. Invokes strict typing, PHPStan level 9, async patterns with Swoole, and PSR standards. Creates controllers, configures middleware, generates migrations, writes PHPUnit/Pest tests, defines typed DTOs and value objects, sets up dependency injection, and scaffolds REST/GraphQL APIs. Use when working with Eloquent, Doctrine, Composer, Psalm, ReactPHP, or any PHP API development.
tdd
Use when writing production code that needs tests - new features, bug fixes, refactoring. Enforces RED-GREEN-REFACTOR cycle before any implementation.
php-laravel
Modern PHP 8.2+ and Laravel patterns: architecture, Eloquent, queues, Pest testing. Use when asked to "write PHP", "build a Laravel app", "fix Eloquent query", "add a queue job", "write a Pest test", or mentions PHP, Laravel, Eloquent, Blade, artisan, or migrations.
testing-laravel
Writes Laravel tests using PHPUnit. Use when "write tests", "add tests", "phpunit", "laravel test", "feature test", "unit test", "mock", "factory", or testing controllers, models, services, actions, jobs, artisan commands, or API endpoints.
configure-nightwatch
Configures Laravel Nightwatch data collection, sampling rates, filtering rules, and redaction policies. Use when setting up Nightwatch, managing data volume, protecting sensitive data (PII), or optimizing event collection for production workloads.
pellicule
Create videos with Vue using Pellicule - a Vue-native video rendering library
newebpay-checkout
Implements NewebPay MPG checkout integration including AES256 encryption, form submission, and payment callback handling. Use when integrating payment gateway, creating checkout flows, or building 藍新金流 payment pages.
payuni-checkout
Implements PAYUNi UPP checkout integration including AES256 encryption, form submission, and payment callback handling. Use when integrating payment gateway, creating checkout flows, or building 統一金流 payment pages.
migration-generator
Create database migrations from model changes, schema diffs, and migration best practices.
project-scaffolding
IDE-grade project scaffolding wizard for creating new projects with comprehensive configuration. Supports 70+ project types: HTML/CSS websites, React, Next.js, Vue, Astro, Remix, React Native, Flutter, Expo, FastAPI, Django, Express, NestJS, Go/Gin, Rust/Axum, Spring Boot, Hono, Elysia, Chrome Extensions, VS Code Extensions, Tauri desktop apps, serverless functions, and more. Provides WebStorm/PyCharm-level project creation with interactive SDK selection, framework configuration, database setup, and DevOps tooling. Use when: creating a new project, setting up a framework application, initializing a codebase, scaffolding boilerplate, building extensions, creating mobile/desktop/web apps, setting up monorepos, or making static websites/landing pages.
vibe-security
Security intelligence for code analysis. Detects SQL injection, XSS, CSRF, authentication issues, crypto failures, and more. Actions: scan, analyze, fix, audit, check, review, secure, validate, sanitize, protect. Languages: JavaScript, TypeScript, Python, PHP, Java, Go, Ruby. Frameworks: Express, Django, Flask, Laravel, Spring, Rails. Vulnerabilities: SQL injection, XSS, CSRF, authentication bypass, authorization issues, command injection, path traversal, insecure deserialization, weak crypto, sensitive data exposure. Topics: input validation, output encoding, parameterized queries, password hashing, session management, CORS, CSP, security headers, rate limiting, dependency scanning.
fixci
Fetch CI errors from GitHub Actions and fix them
framework-expert
Unified framework expertise bundle. Lazy-loads relevant framework patterns (React, Vue, Angular, Next.js, Node.js, Python, Laravel, Go, Flutter, Godot) based on detected tech stack.
laravel-expert
Laravel/PHP gotchas and decision criteria. Covers N+1 prevention, Eloquent traps, and migration safety.
backend-developer
Backend Developer (/be, alias: James, /james) - Senior Backend Developer with 10+ years experience. Covers Java/Spring Boot (default), Kotlin, Python/FastAPI, PHP/Laravel, Quarkus, and Kafka/messaging - detects the project's stack and loads the matching reference. Use when implementing server features, REST APIs, business logic, persistence, messaging, or unit/integration tests in any of these stacks.
technical-writer
Senior Technical Writer with 10+ years documenting complex systems. Use when creating/updating documentation, writing API docs, creating architecture diagrams (C4, Mermaid), generating changelogs, writing READMEs, or creating onboarding guides.
genesis-backend
Agente Backend do Genesis. Implementa a camada de API, serviços, repositórios e domínio. Adapta-se automaticamente à linguagem e framework escolhidos pelo architect: Python/FastAPI, Python/Django, Node/NestJS, Node/Express, Go/Gin, Java/Spring Boot, Ruby/Rails, PHP/Laravel. Segue os padrões do patterns.md do projeto.
map-ecosystem
Enrich auto-generated .cartographer/ maps with full descriptions from source files.
stacks
Stack-specific skills organized by technology category (backend, frontend, infrastructure, mobile)
laravel-specialist
Use when building Laravel 10+ applications requiring Eloquent ORM, API resources, or queue systems. Invoke for Laravel models, Livewire components, Sanctum authentication, Horizon queues.
php-pro
Use when building PHP applications with modern PHP 8.3+ features, Laravel, or Symfony frameworks. Invoke for strict typing, PHPStan level 9, async patterns with Swoole, PSR standards.
define-technologies
Capture the technology choices for the project — languages, frameworks, data stores, auth, and key libraries. Stack-neutral; presents options with tradeoffs. Use when the project-builder agent is gathering technology information.
prompt-writer
Writes high-signal prompts for Claude Opus 4.8 (system prompts, subagent briefings, skill bodies, command bodies, agent bodies, CLAUDE.md files, .claude/rules/*.md) and audits existing ones. Use whenever instructions are being authored or edited for any Claude to execute, even when the user does not say the word "prompt". Triggers on "write a system prompt", "brief a subagent", "draft an agent body", "skill content", "command body", "CLAUDE.md", "rules file", "audit this prompt", "improve this instruction", "make this prompt better". Sibling creator skills (skill-creator, command-creator, agent-creator, claude-md-rules-creator) call this skill for the prompt body itself. Use aggressively; undertriggering is the failure mode.
depgen-k8s
Generate a Dockerfile and Kubernetes manifests for an application targeting a single environment. Supports Spring Boot (Java), Laravel (PHP), and Node.js application stacks. Auto-detects the stack from project files (pom.xml, composer.json, package.json), reads CLAUDE.md dependencies, SPECIFICATION.md tech stack, and the application's externalized environment variables. Generates a Dockerfile in the application root folder and Kubernetes manifest YAML files directly in `<app_folder>/k8s/` (no per-environment subfolders — the k8s/ folder is gitignored, each machine maintains its own copy). Standardized input: application name (mandatory), environment (optional). Use this skill whenever the user asks to create deployment artifacts, Dockerfiles, Kubernetes manifests, or containerize an application. Also trigger when the user says things like "deploy this app", "containerize this", "create a Dockerfile", "generate k8s manifests", or any request for deployment-related artifacts.
specgen-laravel-eloquent-bladehtmx
Generate a detailed specification document for building a monolith Laravel 12 web application with server-rendered views (Blade), Tailwind CSS, Alpine.js, htmx, and nwidart/laravel-modules modular packaging. Database (MongoDB, PostgreSQL, MySQL, or none), authentication (Keycloak OAuth2 Client, Laravel Breeze form login, or none), scheduling (Laravel Task Scheduling + Queue Batching or none), messaging (RabbitMQ pub/sub or none), and internationalisation (multi-locale via Laravel's native translation system, or none) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Laravel web application with server-side rendering. Also trigger when the user says things like "spec out a new Laravel project", "design a Laravel web skeleton", "write a technical spec for my new Laravel app", "scaffold spec for a monolith Laravel ap
testgen-functional
Generate Playwright E2E test plan and specification documents from project artifacts (user stories, module models, mockups, specifications). Produces a TEST_PLAN.md root summary and per-module TEST_SPEC.md files containing test scenarios, data seeding scripts, and cleanup scripts — all as detailed Markdown blueprints, not actual test code. Input: application name (mandatory), version (mandatory), module (optional). Output: TEST_PLAN.md + per-module TEST_SPEC.md files in the auto-resolved test output folder. Trigger on keywords: "generate test plan", "generate test spec", "create test specification", "E2E test plan", "Playwright test plan", "test plan from user stories", "test spec from PRD.md", "generate test scenarios", "create test blueprint". Accepts application name and version as input (e.g., `/testgen-functional hub_middleware v1.0.3`). Optionally accepts a module name to limit generation to test specs for that module only (e.g., `/testgen-functional hub_middleware v1.0.3 module:Location Information`)
statamic-with-eloquent
Develops with Statamic CMS (statamic/cms) and the Eloquent Driver (statamic/eloquent-driver). Activates when working with Statamic entries, collections, blueprints, fieldsets, globals, navigations, taxonomies, assets, views, templates, View Composers, Bard/Replicator fields, content blocks, or cp utilities; or when the user mentions Statamic, CMS, blueprint, collection, entry, fieldset, global set, content blocks, please commands, or Statamic routing.
hizkiah-implementation-craft
How Hizkiah implements backend features against an existing contract — the layered shape (controller → service → repository), transaction boundaries, idempotency, error mapping, the no-redesign rule. Stack-neutral principles with concrete examples in Python (FastAPI), TypeScript (Hono / NestJS), and PHP (Laravel). Invoke when implementing a backend feature against a fixed contract, or when a routine implementation is starting to drift toward redesign.
dare-docker
Containerização DARE com Dockerfile e docker-compose seguros, performantes e idiomáticos. Multi-stage builds, usuário não-root, healthchecks, redes isoladas, .dockerignore robusto. Cobre PHP/Laravel, Python/FastAPI, Node, Go, Rust, Rails e Vue.
dare-execute
Executa uma task específica com implementação de código e testes. Use quando o usuário aprovar TASKS.md e quiser executar uma task. Implementa o código, roda testes (Ralph Loop) e valida até passar.
dare-laravel-api
Padrões DARE para APIs REST em Laravel 11 + PHP 8.3 — Strict Types, FormRequests, Services, JsonResources, Eloquent + casts, tratamento global de exceções, testes Feature/Pest, PHPStan/Larastan, Pint.
laravel-skills
Laravel framework patterns, best practices, and implementation guides
dev-owasp
Run full OWASP Top 10 security audit. Use with /dev-owasp.
target-recon
Target discovery methodology for finding high-quality npm/PyPI/GitHub packages to audit for vulnerabilities, with evaluation criteria and search strategies.
newebpay
Provides NewebPay integration overview and guides users to the appropriate skill. Use when starting NewebPay integration, setting up environment, or needing general guidance about 藍新金流.
payuni
Provides PAYUNi integration overview and guides users to the appropriate skill. Use when starting PAYUNi integration, setting up environment, or needing general guidance about 統一金流.
gitlab-security-setup
Sets up a full security stack on your company's projects hosted on GitLab.com (non-PrestaShop: Laravel, Astro, TanStack, etc.). Use ONLY when the project is a GitLab.com Free tier project. Triggers when the user asks to add dependency scanning, vulnerability alerts, security setup, Trivy, pnpm supply chain protection, or wants email reports of vulnerabilities. Do NOT use for GitHub-hosted projects, personal projects, or PrestaShop projects — use ps-security-audit skill instead for any PrestaShop project.
deploy-list
Cross-project / cross-platform deploy file list generator (schema=v1). Three scope modes: --anchor STRING (rg source-tree grep on in-code markers), --deploy-commits CSV (union of pinned commits' diffs), or fallback (whole base..head). Filters dev-only paths (tests, docs, AI harness, CI configs), groups remaining files by ecosystem preset (php-yii, laravel, node, python, generic — or a custom project preset), and emits a deterministic deploy checklist. `--tag` is metadata only, not used for grouping. The script does all the work; Claude only parses arguments and forwards stdout.
perseus-logic
Business logic, race conditions, and AI security analysis
dependency-scan
Phase 1 mandatory dependency scan. Runs all 6 checks in a single invocation - route hrefs, component import consumers, shared type/utility consumers, test file references, FK references, access control policies. Returns a structured report per check with exact file paths and line numbers. Invoke once with the full list of affected entities. Never invoke for single-check queries - use Grep directly for those.
craft-project-setup
Scaffold Claude Code configuration specifically for Craft CMS projects. Generates CLAUDE.md and .claude/rules/ files tailored to the project type (plugin, site, module, hybrid, or monorepo). Only for Craft CMS projects — not for Next.js, Laravel, or other frameworks. Triggers on: 'set up Claude for this Craft project', 'initialize CLAUDE.md', 'scaffold project config', 'configure Claude Code for Craft', 'create CLAUDE.md', 'missing CLAUDE.md', 'does this project have a CLAUDE.md', 'bootstrap Claude config', 'new Craft project setup', 'onboard a developer to this Craft project', 'generate .claude/rules', 'set up coding standards config'. Also triggers when starting work in a new Craft CMS project that lacks a CLAUDE.md file. Detects project type from composer.json (craft-plugin, craft-module, project), .ddev/config.yaml, templates/, config/project/, and modules/. NOT for installing Craft CMS itself, creating DDEV environments, writing PHP code, building templates, or content modeling. NOT for non-Craft project
deploy
Deploys your app to DigitalOcean or AWS — generates Nginx config, SSL, systemd service, and step-by-step server setup for Ubuntu/CentOS
php
PHP development — OOP patterns, Laravel basics, WordPress plugin development, REST API endpoints, wpdb queries, security (sanitization, nonces)
api-contract-init
Generate API_CONTRACT.md by scanning existing routes and controllers
flutter-mobile-app-development
Use this skill when the user needs help planning, scaffolding, coding, debugging, reviewing, refactoring, or publishing Flutter mobile apps for Android and iOS. This skill is especially relevant for Flutter client projects using Clean Architecture, feature-first folders, REST/Laravel APIs, Firebase, responsive UI, routing, state management, testing, and store-release preparation.
boost-install
Use this skill when the user wants to install Laravel Boost (laravel/boost) in a Laravel project — the MCP server that gives AI agents direct Laravel tooling like database-schema, tinker, list-routes, and search-docs. Triggers on "/boost-install", "install laravel boost", "set up boost mcp", "add the laravel mcp server", "give claude database access for this project". Walks through composer install + php artisan boost:install + verifies MCP registration, with user permission at each step.
composer-package-hygiene
Composer-published package author concerns — semver decisions, public API surface declaration (@api / @internal / final), composer.json autoloader hygiene (PSR-4 vs files, allow-plugins, suggest vs require), Laravel package discovery validation (extra.laravel.providers/aliases), and the release flow (changelog ↔ tag ↔ gh release consistency). Framework-agnostic — applies to any PHP package distributed via Packagist, whether plain library, Symfony bundle, or Laravel package. Use when designing a public API for a new package, reviewing a composer.json before publishing, cutting a release, deciding whether a change is a major/minor/patch bump, auditing autoload entries, or validating that Laravel package discovery still works. Not for everyday application code — load only when working on a library that other projects will install. Counterpart to php-modern-pro (language-level idioms) and any future laravel-N-dev (framework patterns).
laravel-10-notes
Laravel 10.x (February 2023) signature features and the breaking-change traps from 9 → 10. Use when writing or reviewing code in a Laravel 10 project, or in a package whose composer constraint includes ^10.0. Covers native return types throughout the app skeleton, invokable validation rules via the ValidationRule contract, the Process facade for shell invocation, the Pest-as-default test option, and the Predis 2.x default.
laravel-11-notes
Laravel 11.x (March 2024) signature features and the (significant) breaking-change traps from 10 → 11. Use when writing or reviewing code in a Laravel 11 project, or in a package whose composer constraint includes ^11.0. Covers the streamlined app structure (bootstrap/app.php replaces three Kernel/Handler files), the Model casts() method that replaces $casts property, per-second rate limiting, the /up health endpoint, SQLite-as-default, Sanctum 4, and the array-style middleware exception handling.
laravel-5.4-notes
Laravel 5.4 (February 2017) signature features and the breaking-change traps from 5.3 → 5.4. Use when writing or reviewing code in a Laravel 5.4 project, or in a package whose composer constraint includes 5.4.*. Covers Blade components & slots, route model binding, middleware groups, realtime facades, markdown mailables, higher-order messages, and the Elixir → Mix frontend transition. Not for application business logic — load when working on framework-touching code (Blade templates, routing, mailables, service providers, Mix config) or planning a 5.3 → 5.4 upgrade.
laravel-6-notes
Laravel 6.x (LTS, Sep 2019) signature features and the breaking-change traps from 5.8 → 6.0. Use when writing or reviewing code in a Laravel 6 project, or in a package whose composer constraint includes ^6.0. Covers job middleware, lazy collections, the Str/Arr helper migration, the strict-semver shift, and the deprecations Laravel 6 removed from 5.x. Not for application business logic — load when working on framework-touching code (service providers, jobs, model attributes) or planning a 5.8 → 6 upgrade.
laravel-7-notes
Laravel 7.x (March 2020) signature features and the breaking-change traps from 6 → 7. Use when writing or reviewing code in a Laravel 7 project, or in a package whose composer constraint includes ^7.0. Covers the new HTTP client facade, custom Eloquent casts via the CastsAttributes interface, the Blade x-component overhaul, Symfony 5 upgrade implications, and route-model-binding-by-key.
laravel-8-notes
Laravel 8.x (September 2020) signature features and the breaking-change traps from 7 → 8. Use when writing or reviewing code in a Laravel 8 project, or in a package whose composer constraint includes ^8.0. Covers the factory class rewrite (HasFactory trait), Jetstream/Fortify scaffolding split, job batching, queueable closures, the app/Models/ relocation, dynamic Blade components, migration squashing, and the Tailwind-by-default switch.
laravel-9-notes
Laravel 9.x (February 2022) signature features and the breaking-change traps from 8 → 9. Use when writing or reviewing code in a Laravel 9 project, or in a package whose composer constraint includes ^9.0. Covers anonymous migrations, the Symfony 6 upgrade, Symfony Mailer replacing Swift Mailer, Flysystem 3 breaking changes (visibility / exception API), PHP 8.0 floor, query builder improvements, enum casts, and the new Ignition error page.
laravel-mix-notes
Laravel Mix 5 (^5.0.9) signature features and the webpack 4 era build traps. Use when editing webpack.mix.js, the resources/assets/ asset sources, or the package.json npm build scripts in a Laravel 5.4 / Mix 5 project, or diagnosing why a dev/watch/prod build fails on a newer Node. Covers the entry/output mapping, mix() versioning + manifest, the dev/watch/hot/prod script ladder, the Elixir heritage, and the legacy-OpenSSL flag. Not for application or Vue component logic — load when working on the asset pipeline itself or planning a Mix 5 → 6 upgrade.
library-dual-testsuite-map
Map edited file paths to the correct testsuite(s) for libraries with a framework-agnostic Core layer and a framework-specific glue layer. Use when editing any `src/**` file in a library whose phpunit.xml declares multiple testsuites (commonly `core` + `laravel`, or `core` + `symfony`, etc.) and you need to know which `composer test:*` command(s) to run. Saves the round-trip of "I ran the wrong suite, the failing test is in the other one". Companion to (not duplicate of) `polyfill-version-matrix-audit` which works at the version-guard level; this skill works at the directory level.
matrix-cell-onboard
Checklist + procedure for adding a new PHP/Laravel/PHPUnit/Monolog cell to a multi-major library's CI matrix. Use when extending support to a new runtime version (e.g. "add PHP 8.3 + Laravel 12 to the matrix"), bumping a dep major (e.g. "Monolog 4 came out, plan the cell"), or restoring a previously dropped cell. Cross-checks `composer.json` constraints, `.github/workflows/*.yml` matrix rows, Testbench mapping for Laravel, and triggers a polyfill-coverage check for the new cell's dep versions. Pairs with the `laravel-testbench-matrix` skill (which covers per-cell Testbench install logic) and `composer-package-hygiene` (which covers the semver implication of raising the floor).
php-modern-pro
PHP 7.4 → 8.x modern idioms and dual-version-floor library packaging. Use when writing or reviewing PHP code that targets ≥7.4 (typed properties, arrow fns, null-coalesce assignment, spread in arrays, numeric literal separator) or a composer package whose constraint spans 7.x→8.x (where 8.0+ features like match / nullsafe / named args / attributes / readonly / enums must be used conditionally). Also covers polyfill / class_alias / autoload-time runtime-detection patterns for libraries that span Monolog 2/3, Laravel 6→11, Flysystem 1→3, or similar dual-major-version dependencies. Counterpart to php-pro (which targets 5.6 baseline and forbids ≥7.0 syntax). Not for everyday business logic — load when designing a public API, picking between a 7.4 and an 8.x idiom, writing a polyfill / version-conditional shim, or reviewing composer.json constraint hygiene.
php-pro
Use when building, debugging, refactoring, testing, or reviewing PHP code in Laravel, Symfony, generic modern PHP, or legacy PHP 5.6 + Yii 1.1 codebases. Detect the active runtime first, then load only the matching reference set; for Laravel, confirm the resolved major version and load the version-specific reference before touching bootstrap/app.php, middleware, exceptions, auth, testing infrastructure, or Laravel-coupled packages. Not for frontend-only or non-PHP tasks.
vue-2-notes
Vue 2 (^2.5.17, Options API era) component structure and the reactivity caveats that bite when mutating reactive state. Use when writing or reviewing .vue single-file components in a Vue 2 project (resources/assets/js), or in a codebase whose package.json pins vue ^2.5.x. Covers the data()/computed/methods/watch + lifecycle shape, props-down + $emit events-up, vue-loader SFC compilation, the Vue.set / array-mutation traps, and @vue/test-utils 1.x + vue-jest 3 SFC testing. Not for Vue 3 or 2.7 Composition API code — this version predates setup() and <script setup>; load when touching components, or planning a Vue 2 → 3 migration.
cartographer-mcp-tools
Cartographer MCP tools reference (query, cypher, context, impact, detect_changes, rename, route_map, api_impact, shape_check, group_*). Use when invoking cartographer MCP tools.
cartographer-rules
MUST/MUST NOT rules for Cartographer. Prevents stale-graph errors, destructive writes, bad renames. Read before editing.
bosskuai-laravel-development
Use this for expert Laravel backend development, audits, queues, Eloquent, migrations, validation, service boundaries, testing, security, performance, and production readiness.
calendar
Calendar canvas for displaying events and picking meeting times. Use when showing calendar views or when users need to select available time slots.
canvas
**The primary skill for terminal TUI components.** Covers spawning, controlling, and interacting with terminal canvases. Use when displaying calendars, documents, or flight bookings.
document
Document canvas for displaying and editing markdown content. Use when showing documents, emails, or when users need to select text for editing.
flight
Flight canvas for comparing flights and selecting seats. Use when users need to browse flight options and book seats.
ezpay-einvoice
在程式裡串接、開發或除錯台灣 ezPay(簡單行動支付,藍新 NewebPay 家族)電子發票 API 時使用本 skill —— 任何語言或框架皆適用(Laravel/PHP、Python、Node、Go…)。典型任務:開立 B2C/B2B 發票、觸發開立、作廢發票、 開立或作廢折讓(allowance)、查詢發票、手機條碼與捐贈碼載具驗證、字軌管理;釐清某支 API (invoice_issue/allowance_issue/invoice_invalid/checkBarCode/createNumber)要帶哪些欄位、 B2C 含稅 vs B2B 未稅金額怎麼算;處理底層 PostData_ 的 AES 加密、CheckValue/CheckCode 簽章、 商店與會員的 Hash Key/Hash IV 雙金鑰;除錯 KEY10002 解密錯誤等回應錯誤碼;或只是想寫支腳本確認手上的 ezPay 金鑰與測試環境打不打得通。只要情境圍繞 ezPay/簡單行動支付開立的發票、且要動手寫或修程式, 即使沒講「skill」也要觸發。這是動手實作的領域 skill,不是 POS 架構/設計討論。不適用於綠界 ECPay、 藍新 NewebPay 金流(MPG)、Stripe,或與 ezPay 無關的通用 AES 加解密/發票彙總報表。
php-project-structure
PHP 8.2+ project organization and architecture with PSR-4 — directory layout for MVC, DDD, microservices. Use when the user says "structure this PHP project", "organize my PHP code", "set up PSR-4", "where should this class go", or when starting a new PHP repo. Do NOT use for framework-specific scaffolding (Laravel, Symfony) — use those frameworks' own generators.
bench-init
First-run setup that tailors Bench to THIS project. Walks the essential concerns (auth, test framework, permissions, response shape, layout, + any addon concerns) via a guided interview, then offers to scan for any other deviations and to build slices for your domains. Use on "/bench-init", "set up Bench for this project", "tailor Bench to my codebase", "initialize Bench". Does NOT write your CLAUDE.md.
bench-list
Discover what's available in Bench — patterns, skills, agents — both bundled defaults and project-local overrides under ./.bench/. Use on "/bench-list", "what patterns are there", "show me the skills", "list bench agents", "what can I customize", "what's bundled". Pairs with /bench-show to view an item's body.
bench-override
Change a Bench default for THIS project — override a pattern (how code is generated), a skill (how a slash command behaves), or an agent (how a worker runs). Use when the user says "I don't use DTOs", "override the controller pattern to use cache()", "we wrap responses in an ApiResponse envelope", "make /controller default to invokable", "drop the test step from /resource", "the migration worker should run a different formatter", "I prefer global helpers over DI", or any "change how Bench does X" request. Writes an append/anchor/ replace contribution under ./.bench/ (never touches Bench core).
bench-show
View the full content of a Bench pattern, skill, or agent — usually before deciding to override it. Use on "/bench-show", "show me the controller pattern", "what's in /laravel", "view the vue-store skill", "open the migration agent". Pairs with /bench-list for discovery.
bench-slice
Teach Bench one of YOUR domains so it generates that proprietary code as cleanly as core Laravel — builds a full skill→agent→pattern slice for a domain you point at. Use when the user says "make a slice for app/Reports", "teach Bench my Reports domain", "I want a /report command that scaffolds reports like core does controllers", "build a skill+agent+pattern for our Sagas", or "scaffold Bench support for app/{Domain}". Writes the triple under ./.bench/ (skill + paired agent + the domain pattern).
xcloud-docker-deploy
Deploy any project to xCloud hosting — auto-detects stack (WordPress, Laravel, PHP, Node.js, Next.js, NestJS, Python, Go, Rust), routes to native or Docker deployment, generates production-ready Dockerfile, docker-compose.yml, GitHub Actions CI/CD, and .env.example. Works from zero Docker setup.
laravel-opcua
Laravel 11/12/13 integration for OPC UA. Provides a Facade (Opcua::*), service provider, .env-based named connections, an Artisan daemon command (opcua:session), and transparent session persistence via the opcua-session-manager daemon. Use this skill whenever the user is working with OPC UA from a Laravel application — controllers, jobs, Livewire components, Filament panels, broadcasting, Horizon queues, Octane workers, scheduled tasks, or Pest tests.
opcua-cli
Interact with OPC UA servers from the terminal using php-opcua/opcua-cli. 11 single-shot commands — browse, read, write, watch values in real time, explore the address space with an interactive TUI, discover endpoints, manage server certificate trust, generate typed PHP classes from a NodeSet2.xml, dump a server's address space to NodeSet2.xml. Pipe-friendly JSON output, no framework dependencies. Use this skill whenever the user wants to script OPC UA from a shell, debug a server interactively, generate PHP from a vendor's NodeSet2.xml, or set up CI checks against an OPC UA endpoint.
opcua-client
Connect a PHP application to an OPC UA server (industrial automation protocol) using php-opcua/opcua-client v4.4.0 — read, write, browse, call methods, subscribe to data changes, query history, manage trust, and extend with custom modules. Use this skill whenever a task involves OPC UA, opc.tcp://, opc.https://, PLC / SCADA / sensor / historian / DCS integration, Part 6 / Part 4 OPC UA service sets, or the php-opcua ecosystem.
opcua-client-ext-reverse-connect
Accept OPC UA Reverse Connect (ReverseHello / RHE) handshakes in PHP using php-opcua/opcua-client-ext-reverse-connect v4.4.0 — the client-side half of OPC UA Part 6 §7.1.2.3. The server dials the client; this package listens, decodes and whitelists the RHE frame, then hands a fully connected Client back through the standard ClientBuilder. Use this skill whenever a task involves Reverse Connect, ReverseHello, RHE frames, server-initiated OPC UA connections, NAT/firewall traversal for opc.tcp://, edge gateways calling home, or extending php-opcua/opcua-client with a reverse listener.
opcua-client-ext-transport-https
Connect a PHP OPC UA client over opc.https:// (OPC UA Part 6 §7.4) using php-opcua/opcua-client-ext-transport-https v4.4.0 — a ClientTransportInterface that exchanges each UA message as one HTTPS POST, with TLS acting as the secure channel (no OpenSecureChannel). Ships a Binary encoding (§7.4.4, production-ready) and a JSON encoding (§7.4.5, GetEndpoints-only reference). Use this skill whenever a task involves opc.https://, opc.wss://-style HTTPS OPC UA transport, HTTPS binary/JSON mappings, corporate-proxy/firewall-friendly OPC UA over 443, or wiring a custom transport into opcua-client.
opcua-client-nodeset
Drop pre-generated PHP types for 51 OPC Foundation companion specifications (Robotics, MachineTool, DI, Machinery, BACnet, MTConnect, AutoID, ISA-95, PackML, PROFINET, …) into a php-opcua/opcua-client application. One ClientBuilder::loadGeneratedTypes(new RoboticsRegistrar()) call and every read on a structured node returns a typed PHP enum or readonly DTO instead of a raw ExtensionObject. Use this skill whenever an OPC UA task involves a companion specification — typed enums, Structure DataType decoding, well-known NodeId constants, dependency-resolved codec registration, or re-generating PHP from NodeSet2.xml.
opcua-session-manager
Keep OPC UA sessions alive across PHP requests via a ReactPHP daemon and local IPC (Unix-domain socket on Linux/macOS, TCP loopback on Windows — auto-selected). ManagedClient is a drop-in OpcUaClientInterface replacement for php-opcua/opcua-client's Client — same API surface, persistent sessions, ~150ms handshake overhead paid once instead of every request. Use this skill whenever the user wants to eliminate per-request OPC UA connection cost, run OPC UA from PHP-FPM / Laravel / Symfony web requests, keep subscriptions / monitored items alive between requests, or operate a long-running OPC UA daemon process.
symfony-opcua
Symfony 7.4+ / 8.x bundle for OPC UA. Autowires `OpcuaManager` and `OpcUaClientInterface` via DI, exposes YAML-based named connections, ships an `opcua:session` console command for the session-manager daemon, and dispatches all 56 OPC UA events through Symfony's `EventDispatcherInterface`. Use this skill whenever the user is working with OPC UA from a Symfony application — controllers, Messenger handlers, console commands, scheduled tasks, EasyAdmin / API Platform endpoints, or Pest tests.
tailwind-spacing-audit
This skill should be used when the user mentions uneven spacing, alignment issues, inconsistent gaps between elements, mixed margin/gap strategies, navbar or toolbar spacing problems, or asks to "clean up", "normalize", or "audit" spacing in a Tailwind component. This skill also applies when reviewing UI code where flex/grid containers use a mix of gap-*, margin (m*, me-*, ms-*), padding, and fixed widths to space sibling elements — even if the user doesn't explicitly say "spacing." If someone pastes a nav bar, toolbar, header, or action bar and says "something looks off," this skill is almost certainly what they need.
action
Generate a Laravel Action class — a single-purpose business operation with one `execute()` method and side effects (persistence, event dispatch, notifications). Use whenever the user describes a business operation like "create X", "send Y", "process Z", "mark W". For utility/calculator/parser classes use /service instead.
ai-agent
Generate a Laravel AI Agent class (laravel/ai) — instructions, provider/model attributes, optional structured output, conversation memory, tools. Use when the user wants an AI agent, assistant, LLM-backed feature, structured extraction, or a chat/coach/summarizer.
ai-tool
Generate a Laravel AI Tool class (laravel/ai) for function-calling — description, typed parameter schema, handle(). Use when the user wants to give an AI agent a capability/tool, function calling, or external data access.
auth
Configure Laravel framework-level auth — install/configure Sanctum, Fortify, Breeze, web/session auth wiring, guard configuration. Rare. Most authorization work is policies (use /policy instead).
bench-configure
Run Bench's guided concern setup — interview the user about essential project concerns (auth, test framework, permissions, response shape, layout, and any addon concerns) and write the matching .bench/ overrides/config. Use on "/bench-configure", "set up auth/permissions/CI for Bench", "configure a concern", or to (re)configure a specific concern.
blade
Build Laravel Blade UI — components, layouts, forms, and full page views for server-rendered (non-SPA) apps. Use on "/blade", "make a Blade component/page", "build the orders index view", "add a Blade form". Routes to the blade-component / blade-page agents.
bug-fix
Diagnose and fix a bug test-first (reproduce with a failing test, fix, verify). Use when something is broken, throwing, or behaving incorrectly — "fix the bug where…", "X is returning the wrong…", "this throws when…".
cashier
Wire Laravel Cashier (Stripe billing) into a project — make a model Billable, build subscription flows (create/trial/swap/cancel/status), single charges, invoices, or webhook handling. Use when the user mentions Cashier, Stripe subscriptions, billing plans, trials, invoices, or charging customers.
cast
Generate Laravel custom Eloquent attribute casts. Use whenever the user mentions a custom cast, value object → DB column transformation (like Money, Address, Settings), JSON column casting, or needs typed access to a complex column attribute in a Laravel project.
ci
Run the project's quality gate — format, static analysis, and tests — and report failures cleanly. Use to verify a change before committing, "run CI", "check this passes", or as a final gate after generating code.
console
Generate Laravel artisan console commands. Use whenever the user mentions a CLI command, scheduled task, cron job, console command, artisan command, or any code that should run from the terminal in a Laravel project, even if they don't explicitly say "console".
controller
Generate a single Laravel controller — resource (CRUD), invokable (single action), or grouped (related non-CRUD actions). Use whenever the user wants ONLY a controller (not the full HTTP stack). For full HTTP layer (controller+request+resource+route), use /laravel instead.
docs
Generate or refresh project documentation from the code — an ADR, a README section, or API docs grounded in the actual files. Use on "/docs", "document this module", "write an ADR for…", "update the README for this feature", "refresh the API docs". Scans the code first, then writes.
e2e
Generate Playwright end-to-end tests for a user flow (auth, CRUD journey, critical path) across a real browser. Use when the user wants an e2e test, a flow/journey test, or browser automation tests.
e2e-run
Exercise a user flow in a LIVE browser via the Chrome MCP and report whether it works — no test file written. Use on "/e2e-run", "click through the checkout flow and tell me if it works", "drive the browser and verify this journey", "exploratory run-through". For WRITING Playwright .spec files, use bench-playwright's /e2e instead.
enum
Generate a PHP 8.1 backed enum for status/type/mode fields. Use whenever the user mentions an enum, status type, role enum, or wants type-safe alternatives to string constants in a Laravel project.
event
Generate a Laravel domain event class. Use whenever the user describes something important happening in the domain that should be announced for other parts of the system to react to — "when X happens" / "emit an event when…" — or mentions events, broadcasting, or pub/sub in a Laravel project. For the code that reacts to an event, use /listener.
exception
Generate Laravel domain exception classes. Use whenever the user mentions a custom exception, error class, throwable, domain error (like "OrderAlreadyShipped", "InsufficientStock"), or needs to model a business-rule violation as a typed exception in a Laravel project.
factory
Generate a Laravel model factory (database/factories/{Model}Factory.php). Use when the user wants ONLY a factory.
feature-test
Generate a Laravel feature test (HTTP/end-to-end). Use for testing endpoints, controllers, full request→response flows. For isolated logic tests, use /unit-test.
filament-resource
Generate a Filament 3 admin-panel Resource (form schema + table) for a model. Use when the user mentions Filament, an admin panel / back-office CRUD, a Filament resource, a Filament form or table, filters, or a relation manager.
inertia
Build an Inertia.js page end-to-end — the Laravel controller (Inertia::render) plus the Vue/React page component and its form. Use on "/inertia", "make an Inertia page for orders", "wire this controller to an Inertia page". Spans backend + frontend.
job
Generate Laravel queued Jobs (background work, async processing, deferred tasks). Use whenever the user mentions a queued job, background task, async operation, batch processing, dispatching work to a queue, or anything that should run outside the request cycle in a Laravel project.
listener
Generate ONE Laravel event listener (sync or queued). Use when adding a listener that reacts to an event. For events themselves, use /event.
livewire
Generate a Livewire 3 component (class-based or Volt) for server-rendered reactive UI in Laravel. Use when the user mentions Livewire, a wire:model form, a reactive Blade component, a Form object, file uploads in Livewire, or a Volt single-file component.
middleware
Generate Laravel HTTP middleware classes. Use whenever the user mentions middleware, request filters, request/response interception, throttling logic, custom auth checks at the HTTP layer, or anything that should run before/after controllers in a Laravel project.
migration
Generate a Laravel migration file (create table or modify schema). Use when the user wants ONLY a migration. For factories or seeders, invoke /factory or /seeder.
model
Generate Laravel Eloquent models, query builders, model traits, and enums for status/type fields. Use whenever the user mentions a model, entity, database record, Eloquent class, query scope, or domain object with state/behavior in a Laravel project.
module
Scaffold a new nwidart/laravel-modules module (Modules/{Module}/...). Use when the user wants to create a module, add a bounded context, or organize a feature under Modules/ with its own controllers/models/routes/providers.
phpdoc
Add or update PHPDoc blocks on Laravel classes/methods. Use when the user mentions documenting code, adding doc blocks, type annotations, or @throws/@param/@return tags.
plan
Turn a ticket / PRD / feature description into a technical plan the implement workflow can execute. Use on "/plan", "plan this feature", "make a technical plan for…", "turn this ticket into a plan". Researches the codebase first, then writes the plan.
policy
Generate ONE Laravel authorization Policy class for a model. Use whenever the user mentions permissions, policies, "who can X", access control on a specific model.
provider
Generate or modify Laravel service providers (bindings, EventServiceProvider, RouteServiceProvider, custom providers). Use whenever the user mentions a service provider, container binding, singleton, boot logic, route registration, or wants to wire something up at the framework level in a Laravel project.
quality
Run the quality pipeline before pushing — code review of the changes, the CI gate, and optionally e2e — and report go/no-go. Use on "/quality", "review before I push", "is this ready to ship", "run the quality checks".
query-builder
Generate a custom Laravel Eloquent query builder class (extends Builder<Model>). Use when the user mentions a query builder, reusable query scopes, chainable query methods, or wants to extract complex queries out of controllers/models.
repository
Generate a repository (interface + Eloquent implementation + container binding) for a model. Use when the user mentions the repository pattern, a {Model}Repository, depending on a data-access abstraction, or wants Eloquent queries hidden behind an interface.
request
Generate a Laravel FormRequest class for input validation. Use when the user wants ONLY a FormRequest (not the full HTTP stack). For full HTTP layer (controller+request+resource+route), use /laravel instead.
resource
Generate a Laravel API Resource (JsonResource transformer). Use when the user wants ONLY a Resource (not the full HTTP stack). For full HTTP layer, use /laravel instead.
route
Add a Laravel route to routes/api.php or routes/web.php. Use when the user wants ONLY route registration. For a complete HTTP feature (controller+request+resource+route), use /laravel instead.
scout
Add Laravel Scout full-text search to a project — make a model Searchable, define toSearchableArray, configure the index/driver, and build search endpoints with filtering & pagination. Use when the user mentions Scout, full-text search, Algolia, Meilisearch, Typesense, or making a model searchable.
socialite
Scaffold Laravel Socialite OAuth social login (redirect + callback controller and routes) for a provider. Use when the user mentions Socialite, OAuth login, "sign in with Google/GitHub", social login, or linking a social account.
swagger
Add OpenAPI/Swagger annotations to Laravel models, form requests, API resources, and controllers via
bench-status
Synthesized status of the Bench install — versions, addons, project-local overrides, version drift, suggested next steps. Use on "/bench-status", "is bench set up correctly", "what's the state of bench", "did anything drift", "bench health check". A friendly wrapper around `bench status` that surfaces anomalies in plain language. Read-only.
stitch
Build or verify cross-repo STITCH.md linking backend + frontends in a product group. Modes: create, verify, diff, section. Uses CODEMAPs as drift source by default. Trigger: '/stitch create <group>', '/stitch diff <group>'.
codex-multi-agent
マルチエージェントでタスク分解・委譲・並列実行・結果統合を行うための共通運用スキル。Use when: 「マルチエージェントで進めたい」「並列で進めたい」「サブエージェントに任せたい」「複数 agent で調査/実装/レビューしたい」。Codex / Claude Code のどちらでも使える共通原則を定義し、末尾にツール別の読み替えを置く。
laravel-security
Security audit for Laravel PHP applications including Eloquent mass assignment ($fillable/$guarded), middleware (auth, throttle, csrf), Blade template safety, validation rules, Sanctum/Passport auth, .env handling, query builder safety, and Laravel-specific patterns. Use this skill whenever the user mentions Laravel, php artisan, Eloquent, Blade, Sanctum, Passport, Tinker, Forge, Vapor, or asks "audit my Laravel app", "Laravel security review". Trigger when the codebase contains `composer.json` with `laravel/framework`, `artisan` file, or `app/Http/` directory.
laravelfilesystem-uploads
Store and serve files via Storage; set visibility, generate URLs, and handle streaming safely
playwright-skill
Laravel Sail環境用のPlaywrightブラウザ自動化スキル。http://localhost:80を固定ベースURLとし、routes/web.phpとresources/views/を事前解析してから正確なE2Eテストを作成します。テスト成功後はtests/e2e/に自動保存。ページのテスト、フォームの入力、スクリーンショットの撮影、レスポンシブデザインの確認、UXの検証、ログインフローのテスト、リンクのチェック、あらゆるブラウザタスクの自動化に使用します。
backend
Patterns backend/fullstack. Se charge à l'écriture/modification de code serveur : routes, controllers, services, models, middleware, migrations, jobs, seeds, schemas. Frameworks : Express, Fastify, NestJS, Koa, Hono (Node) ; FastAPI, Django, Flask (Python) ; Laravel, Symfony, Slim (PHP) ; Rails (Ruby) ; Spring, Quarkus (Java) ; Gin, Echo, Fiber (Go) ; Actix, Axum (Rust) ; ASP.NET Core (C#). Couvre : API REST, architecture 3 couches (controller → service → repository), auth (sessions, JWT, OAuth), base de données (SQL, ORM, migrations), error handling structuré, middleware, real-time (WebSocket, SSE), file upload, validation entrées. Ne se charge PAS quand : discussion, review ou documentation sans écriture de code backend.
bootstrap-icons
This skill should be used when the user asks about Bootstrap Icons, Bootstrap icon library, how to install Bootstrap Icons, how to use Bootstrap Icons, Bootstrap icon fonts, Bootstrap icon SVGs, Bootstrap icon sprites, Bootstrap Icons CDN, Bootstrap Icons npm, Bootstrap Icons Composer, PHP Bootstrap Icons, Laravel icons, external image icons, img tag icons, CSS background icons, CSS mask icons, how to style Bootstrap icons, Bootstrap icon sizing, Bootstrap icon colors, Bootstrap icon accessibility, or needs help using icons in Bootstrap projects.
pragmatic-laravel-layered-architecture
Use this skill for Laravel backend tasks where implementing, changing, or reviewing functionality requires architecture decisions. This skill defines the project's custom architectural approach and should be treated as the source of truth for architecture, layer placement, and responsibility boundaries. Use it when deciding where code belongs, how to split responsibilities, how to wire a use case end-to-end, or whether something should be a Controller, Form Request, MCP Tool, Action, Core class, Value Object, Data object, Enum, Model, Event, Listener, Job, Contract, Integration, or Provider.
code-audit
Methodical codebase audit across a multi-dimension tech-DD framework. Routes by intent — security pass, release check, deep per-dimension, full tech-DD, or explicit quick scan. Stack-aware (PHP/Laravel, Python/FastAPI, TS/Node, shell, Docker). Use for "audit", "tech DD", "security review", "ready to ship?" — NOT for routine PR diff review.
code-review
Generalist codebase audit + code review. Routes by intent (quick PR diff, security-only, pre-release, deep per-dimension, or full tech-DD) across a 13-dimension framework that pays special attention to code essentiality, docs integrity, tests-as-adversaries, and setup replicability. Stack-aware via auto-detection (PHP/Laravel, Python/FastAPI, TypeScript/Node, shell, Docker). Lean by design — loads only the files relevant to the chosen cut.
pagou-pix-integrator
Analisa projetos existentes (Next.js, Laravel, WordPress, WooCommerce ou genéricos) e implementa uma integração PIX completa via Pagou.ai — cliente, serviço, endpoint, webhook com deduplicação por event_id, reconciliação, testes e relatório com score. Invocação canónica via slash command `/pagou-pix-integrator`. Também responde quando o utilizador pedir em linguagem natural para "integrar PIX", "adicionar Pagou", "implementar pagamento PIX", "webhook Pagou" ou similar num projeto existente.
zeoel
Zeoel is an AI agency that can plan, coordinate, and execute software projects using a multi-agent orchestrated pipeline. Specialized in Next.js + Laravel + PostgreSQL SaaS development with SEO-first architecture. Enforces mandatory testing, documentation, and progress tracking at every step. Use this to lead brainstorming, plan sprints, and dispatch specialized agents.
apex-pipeline
Unified application security testing workflow — combines recon, SAST, DAST, manual hunting, validation, and reporting into a single orchestrated pipeline. Runs as an "app" with automated phase transitions. Supports web apps (React, Next.js, Django, Flask, Laravel, Spring, Rails, Express), mobile APIs, GraphQL, REST, gRPC, and microservices. Phases — Phase 0 (target intake + scope lock), Phase 1 (passive recon + tech fingerprint), Phase 2 (SAST deep scan via semgrep/grep/trufflehog), Phase 3 (DAST active probing — nuclei/ffuf/dalfox), Phase 4 (manual hunt — IDOR/SSRF/XSS/SQLi/auth-bypass/race/business-logic/LLM), Phase 5 (chain building + impact escalation), Phase 6 (7-Question Gate validation), Phase 7 (report generation). Use when starting a full security assessment on any application, when asked to "test this app", "audit this codebase", "find bugs in this project", or when you need an end-to-end security workflow that combines static and dynamic analysis with manual expertise.
laravel-type-bridge-development
Generate TypeScript/JavaScript type artifacts from Laravel PHP definitions — enums, i18n translations, and enum translator composables.
phpunit
PHPUnit test structure, naming, assertions, and factory conventions for Laravel feature and unit tests.
laravel-type-bridge-development
Generate TypeScript/JavaScript type artifacts from Laravel PHP definitions — enums, i18n translations, and enum translator composables.
grill-me
Stress-test a plan or design by interviewing the user relentlessly. Trigger when the user mentions "grill me" or wants to pressure-test their thinking.
recommend-rules
Recommend canonical ai-kit rules + stack-specific community rules for the current project. Use when user asks "which rules should we enable", "set up rules for this repo", or after /ai:setup to refine the default rule set. Combines deterministic scoring against detected stack with optional web search for community-curated rules.
setup
Stack-agnostic ai-kit onboarding — one setup-mode question, fast Tier-A path by default, optional full branches for Docker, tracker, domain, architecture, Sandcastle. Claude Code and Cursor. Use when the user wants to install ai-kit in a repo, set up ai-kit, onboard a project to ai-kit, re-run setup to extend Tier A → Tier B, or invokes `/ai:setup`. Re-runs idempotently — the `.ai-kit-setup` marker triggers keep/change/skip per branch instead of overwriting.
Integration detected automatically from skill content. Some results may be false positives.