best-practices
No SKILL.md available for this skill.
View on GitHubMore from sd0xdev/sd0x-dev-flow
load-pr-review
Load GitHub PR review comments into AI session — analyze, triage, plan. Default: analysis-only (no auto-fix). Use when: reviewing PR feedback, planning fixes, addressing review comments, replying to reviewers. Not for: creating reviews (use codex-review-fast), creating PRs (use create-pr), viewing PR status (use pr-summary).
6feature-verify
Feature verification (READ-ONLY, P0-P5). Use when: verifying feature behavior after deployment, validating API responses, diagnosing production issues, post-deploy smoke test. Not for: modifying data (use feature-dev), code review (use codex-review-fast), writing tests (use codex-test-gen), security audit (use codex-security).
6create-pr
Create or update GitHub PR with gh CLI. Auto-extracts ticket ID from branch name, generates title/summary from commits. Auto-detects existing PR and switches to update mode. Default: --dry-run (show command, don't execute). Use when: user asks to open/create/update a PR, says /create-pr, wants to refresh PR description after new commits, or says 'update pr', 'update PR title', 'refresh PR body'.
6create-request
Create, update, or scan per-task request tickets for progress tracking. These are date-prefixed non-lifecycle docs under requests/, NOT feature-level requirements (use /req-analyze for those). Use when: tracking task progress, updating completion status, scanning incomplete requests, checking request status dashboard. Not for: feature-level problem-space analysis (use req-analyze for 1-requirements.md lifecycle doc), tech specs (use tech-spec), code implementation (use feature-dev). Output: request ticket with status tracking, referencing parent tech-spec.
6dev-security-audit
Comprehensive developer workstation security audit — scans for exposed credentials, compromised application data, persistence mechanisms, and supply chain attack indicators. Use this skill whenever the user suspects their machine may be compromised, wants to check for exposed secrets, asks about supply chain attacks, or wants a full security audit of their development environment. Also triggers on: 'am I compromised', 'check my security', 'scan for leaked keys', 'credential audit', 'supply chain attack', 'supply chain check', 'check if I was hacked'.
5pr-comment
Post friendly review comments to a GitHub PR — prepare locally, preview, then submit as atomic review. Use when: posting code review comments, giving PR feedback, sending inline suggestions. Not for: reading existing reviews (use load-pr-review), creating PRs (use create-pr), PR status (use pr-summary).
5