refactor: Skills review - rename, remove, expand

- Rename project-docs → doc-scanner (better describes functionality)
- Remove safe-file-reader (redundant with rules/cli-tools.md)
- Expand git-workflow with rebase, stash, bisect, worktrees, reflog
- Expand rest-patterns with caching, rate limiting, HATEOAS, bulk ops
- Expand data-processing with comprehensive jq/yq examples
- Expand structural-search with JS/Python/Go/Rust patterns, security
- Expand code-stats with output formats, CI integration
- Update counts: 21 agents, 10 commands, 16 skills

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.claude/settings.local.json

@@ -51,7 +51,9 @@
       "Bash(printenv:*)",
       "Bash(sed:*)",
       "Bash(perplexity:*)",
-      "Bash(findstr:*)"
+      "Bash(findstr:*)",
+      "Bash(claude --version:*)",
+      "Bash(claude:*)"
     ],
     "deny": [],
     "ask": []

README.md

@@ -2,7 +2,7 @@
 
 A comprehensive extension toolkit for [Claude Code](https://docs.anthropic.com/en/docs/claude-code) that transforms your AI coding assistant into a powerhouse development environment.
 
-**21 expert agents. 9 slash commands. 18 skills. One plugin install.**
+**21 expert agents. 10 slash commands. 16 skills. One plugin install.**
 
 ## Why claude-mods?
 
@@ -34,8 +34,8 @@ Claude Code is powerful out of the box, but it has gaps. This toolkit fills them
 claude-mods/
 ├── .claude-plugin/     # Plugin metadata
 ├── agents/             # Expert subagents (21)
-├── commands/           # Slash commands (9)
-├── skills/             # Custom skills (18)
+├── commands/           # Slash commands (10)
+├── skills/             # Custom skills (16)
 ├── hooks/              # Hook examples & docs
 ├── rules/              # Claude Code rules
 ├── tools/              # Modern CLI toolkit docs
@@ -126,10 +126,9 @@ Then symlink or copy to your Claude directories:
 |-------|-------------|
 | [tool-discovery](skills/tool-discovery/) | Recommend agents and skills for any task |
 | [git-workflow](skills/git-workflow/) | Enhanced git operations with lazygit, gh, delta |
-| [project-docs](skills/project-docs/) | Scan and synthesize project documentation |
+| [doc-scanner](skills/doc-scanner/) | Scan and synthesize project documentation |
 | [project-planner](skills/project-planner/) | Track stale plans, suggest /plan command |
 | [python-env](skills/python-env/) | Fast Python environment management with uv |
-| [safe-file-reader](skills/safe-file-reader/) | Read files without permission prompts |
 | [task-runner](skills/task-runner/) | Run project commands with just |
 
 ### Agents

docs/DASH.md

@@ -1,5 +1,5 @@
 # 🎛️ Claude Mods Dashboard
-**Updated:** 2025-12-14 | **Extensions:** 52 | **Lines:** 14,053
+**Updated:** 2025-12-14 | **Extensions:** 50 | **Lines:** 15,300
 
 ---
 
@@ -8,7 +8,7 @@
 | Category | Count | Lines |
 |----------|-------|-------|
 | 🤖 **Agents** | 21 | 7,552 |
-| ⚡ **Skills** | 18 | 2,725 |
+| ⚡ **Skills** | 16 | 3,850 |
 | 🔧 **Commands** | 10 | 3,776 |
 | 📏 **Rules** | 1 | 113 |
 | 🧩 **Templates** | 2 | — |
@@ -67,11 +67,10 @@
 | Skill | Tool | Triggers |
 |-------|------|----------|
 | ⚡ **tool-discovery** | — | "Which agent/skill?", recommend tools |
-| ⚡ **git-workflow** | lazygit, gh, delta | Stage, PR, review |
-| ⚡ **project-docs** | — | AGENTS.md, conventions |
+| ⚡ **git-workflow** | lazygit, gh, delta | Stage, PR, review, rebase, stash, bisect |
+| ⚡ **doc-scanner** | — | AGENTS.md, conventions, consolidate docs |
 | ⚡ **project-planner** | — | Stale plans, `/plan` |
 | ⚡ **python-env** | uv | Fast venv, pyproject.toml |
-| ⚡ **safe-file-reader** | bat, eza | View without prompts |
 | ⚡ **task-runner** | just | Run tests, build |
 
 ---

skills/code-stats/SKILL.md

@@ -15,9 +15,9 @@ Quickly analyze codebase size, composition, and changes with token-efficient out
 | tokei | `tokei` | Line counts by language |
 | difft | `difft file1 file2` | Semantic AST-aware diffs |
 
-## Usage Examples
+## tokei - Code Statistics
 
-### Code Statistics with tokei
+### Basic Usage
 
 ```bash
 # Count all code in current directory
@@ -26,47 +26,218 @@ tokei
 # Count specific directory
 tokei src/
 
-# Count specific languages
-tokei --type=Python,JavaScript
+# Count multiple directories
+tokei src/ lib/ tests/
 
-# Compact output
+# Count specific file
+tokei src/main.rs
+```
+
+### Output Options
+
+```bash
+# Compact single-line per language
 tokei --compact
 
 # Sort by lines of code
-tokei --sort=code
+tokei --sort code
+
+# Sort by number of files
+tokei --sort files
+
+# Sort by comments
+tokei --sort comments
+
+# Only show specific languages
+tokei --type=TypeScript,JavaScript
+
+# List all recognized languages
+tokei --languages
+```
 
+### Filtering
+
+```bash
 # Exclude directories
-tokei --exclude=node_modules --exclude=vendor
+tokei --exclude node_modules --exclude vendor --exclude dist
+
+# Exclude by pattern
+tokei --exclude "*.test.*" --exclude "*.spec.*"
+
+# Include hidden files
+tokei --hidden
+
+# Only count certain languages
+tokei -t Python,Rust
 ```
 
-### Semantic Diffs with difft
+### Output Formats
+
+```bash
+# JSON output (for processing)
+tokei --output json
+
+# YAML output
+tokei --output yaml
+
+# CBOR output
+tokei --output cbor
+
+# Pipe JSON to jq
+tokei --output json | jq '.TypeScript.code'
+```
+
+### Sample Output
+
+```
+===============================================================================
+ Language            Files        Lines         Code     Comments       Blanks
+===============================================================================
+ TypeScript             45        12847         9823         1456         1568
+ JavaScript             12         2341         1876          234          231
+ JSON                    8          456          456            0            0
+ Markdown               15         1234            0         1234            0
+-------------------------------------------------------------------------------
+ Total                  80        16878        12155         2924         1799
+===============================================================================
+```
+
+### Understanding Output
+
+| Column | Meaning |
+|--------|---------|
+| Files | Number of files of this language |
+| Lines | Total lines (code + comments + blanks) |
+| Code | Non-blank, non-comment lines |
+| Comments | Comment lines |
+| Blanks | Empty lines |
+
+## difft - Semantic Diffs
+
+### Basic Usage
 
 ```bash
 # Compare two files
 difft old.py new.py
 
-# Use as git difftool
-git difftool --tool=difftastic HEAD~1
-
 # Compare directories
 difft dir1/ dir2/
 
-# Inline display mode
+# Compare with options
+difft --color=always old.ts new.ts
+```
+
+### Display Modes
+
+```bash
+# Side-by-side (default)
+difft old.js new.js
+
+# Inline (unified style)
 difft --display=inline old.js new.js
+
+# Show only changes
+difft --skip-unchanged old.js new.js
+```
+
+### Git Integration
+
+```bash
+# Use as git difftool
+git difftool --tool=difftastic HEAD~1
+
+# Configure as default difftool
+git config --global diff.tool difftastic
+git config --global difftool.difftastic.cmd 'difft "$LOCAL" "$REMOTE"'
+
+# Use for specific diff
+GIT_EXTERNAL_DIFF=difft git diff HEAD~1
 ```
 
-## Output Interpretation
+### Language Support
+
+```bash
+# Force language detection
+difft --language=python old.py new.py
+
+# List supported languages
+difft --list-languages
+```
+
+### Why Semantic Diffs?
+
+| Traditional diff | difft |
+|-----------------|-------|
+| Line-by-line comparison | AST-aware comparison |
+| Shows moved lines as delete+add | Shows as moved |
+| Whitespace sensitive | Ignores formatting changes |
+| Can be noisy | Focuses on semantic changes |
+
+## Comparison: tokei vs other tools
+
+| Feature | tokei | cloc | wc -l |
+|---------|-------|------|-------|
+| Speed | Fastest | Slow | Fast |
+| Language detection | Yes | Yes | No |
+| Comment counting | Yes | Yes | No |
+| .gitignore respect | Yes | Yes | No |
+| JSON output | Yes | Yes | No |
+
+## Common Workflows
+
+### Project Assessment
+
+```bash
+# Quick overview
+tokei --compact --sort code
+
+# Detailed breakdown to file
+tokei > code-stats.txt
+
+# Compare before/after refactor
+tokei --output json > before.json
+# ... make changes ...
+tokei --output json > after.json
+diff before.json after.json
+```
+
+### Code Review
+
+```bash
+# Semantic diff for review
+difft main.ts feature.ts
+
+# Compare branches
+git diff main feature -- "*.ts" | difft
+
+# Review specific commit
+GIT_EXTERNAL_DIFF=difft git show abc123
+```
+
+### CI Integration
+
+```bash
+# Check codebase size limits
+LINES=$(tokei --output json | jq '.Total.code')
+if [ "$LINES" -gt 100000 ]; then
+  echo "Codebase exceeds 100k lines"
+  exit 1
+fi
+```
 
-### tokei output
-- **Lines**: Total lines including blanks
-- **Code**: Actual code lines
-- **Comments**: Comment lines
-- **Blanks**: Empty lines
+## Quick Reference
 
-### difft output
-- Shows structural changes, not line-by-line
-- Highlights moved code blocks
-- Ignores whitespace-only changes
+| Task | Command |
+|------|---------|
+| Count all code | `tokei` |
+| Compact output | `tokei --compact` |
+| Sort by code | `tokei --sort code` |
+| TypeScript only | `tokei -t TypeScript` |
+| JSON output | `tokei --output json` |
+| Exclude dir | `tokei --exclude node_modules` |
+| Semantic diff | `difft file1 file2` |
+| Inline diff | `difft --display=inline a b` |
+| Git diff | `GIT_EXTERNAL_DIFF=difft git diff` |
 
 ## When to Use
 
@@ -75,3 +246,5 @@ difft --display=inline old.js new.js
 - Understanding project composition
 - Reviewing refactoring impact
 - Estimating project size
+- Tracking codebase growth over time
+- Code review with meaningful diffs

skills/data-processing/SKILL.md

@@ -15,49 +15,344 @@ Query, filter, and transform structured data (JSON, YAML, TOML) efficiently from
 | jq | `jq '.key' file.json` | JSON processing |
 | yq | `yq '.key' file.yaml` | YAML/TOML processing |
 
-## Usage Examples
+## jq Basics
 
-### JSON with jq
+### Selection and Navigation
 
 ```bash
 # Extract single field
 jq '.name' package.json
 
 # Extract nested field
-jq '.dependencies | keys' package.json
+jq '.scripts.build' package.json
+
+# Extract from array
+jq '.dependencies[0]' package.json
+
+# Extract multiple fields
+jq '{name, version}' package.json
+
+# Navigate deeply nested
+jq '.data.users[0].profile.email' response.json
+```
+
+### Array Operations
+
+```bash
+# Get all array elements
+jq '.users[]' data.json
 
-# Filter array
+# Get specific index
+jq '.users[0]' data.json
+
+# Slice array
+jq '.users[0:3]' data.json           # First 3 elements
+jq '.users[-2:]' data.json           # Last 2 elements
+
+# Array length
+jq '.users | length' data.json
+
+# Get array of specific field
+jq '.users[].name' data.json
+
+# Wrap results in array
+jq '[.users[].name]' data.json
+```
+
+### Filtering with select
+
+```bash
+# Filter by condition
 jq '.users[] | select(.active == true)' data.json
 
-# Transform structure
-jq '.items[] | {id, name}' data.json
+# Multiple conditions
+jq '.users[] | select(.age > 21 and .status == "active")' data.json
+
+# String contains
+jq '.users[] | select(.email | contains("@gmail"))' data.json
+
+# Regex match
+jq '.users[] | select(.email | test("@(gmail|yahoo)"))' data.json
+
+# Not null check
+jq '.users[] | select(.profile != null)' data.json
+```
+
+### Transformation with map
+
+```bash
+# Transform each element
+jq '.users | map({id, name})' data.json
+
+# Add computed field
+jq '.users | map(. + {full_name: (.first + " " + .last)})' data.json
+
+# Filter and transform
+jq '.users | map(select(.active)) | map(.email)' data.json
+
+# map_values for objects
+jq '.config | map_values(. * 2)' data.json
+```
+
+### Object Manipulation
+
+```bash
+# Add/update field
+jq '.version = "2.0.0"' package.json
+
+# Delete field
+jq 'del(.devDependencies)' package.json
+
+# Rename key
+jq '.dependencies | to_entries | map(.key |= gsub("@"; ""))' package.json
 
+# Merge objects
+jq '. + {newField: "value"}' data.json
+
+# Update nested field
+jq '.scripts.test = "jest --coverage"' package.json
+
+# Conditional update
+jq 'if .version == "1.0.0" then .version = "1.0.1" else . end' package.json
+```
+
+### Aggregation
+
+```bash
+# Count
+jq '.users | length' data.json
+
+# Sum
+jq '[.items[].price] | add' data.json
+
+# Min/Max
+jq '[.scores[]] | min' data.json
+jq '[.scores[]] | max' data.json
+
+# Average
+jq '[.scores[]] | add / length' data.json
+
+# Group by
+jq 'group_by(.category) | map({category: .[0].category, count: length})' data.json
+
+# Unique values
+jq '[.users[].role] | unique' data.json
+
+# Sort
+jq '.users | sort_by(.created_at)' data.json
+jq '.users | sort_by(.name) | reverse' data.json
+```
+
+### Output Formatting
+
+```bash
 # Pretty print
 jq '.' response.json
 
-# Compact output
+# Compact output (single line)
 jq -c '.results[]' data.json
+
+# Raw strings (no quotes)
+jq -r '.name' package.json
+
+# Tab-separated output
+jq -r '.users[] | [.id, .name, .email] | @tsv' data.json
+
+# CSV output
+jq -r '.users[] | [.id, .name, .email] | @csv' data.json
+
+# URI encoding
+jq -r '.query | @uri' data.json
 ```
 
-### YAML with yq
+## yq for YAML/TOML
+
+### Basic YAML Operations
 
 ```bash
-# Extract field from YAML
+# Extract field
+yq '.name' config.yaml
+
+# Extract nested
+yq '.services.web.image' docker-compose.yml
+
+# List all keys
+yq 'keys' config.yaml
+
+# Get array element
+yq '.volumes[0]' docker-compose.yml
+```
+
+### Docker Compose Queries
+
+```bash
+# List all service names
 yq '.services | keys' docker-compose.yml
 
-# Get all container images
+# Get all images
 yq '.services[].image' docker-compose.yml
 
-# Extract GitHub Actions job names
-yq '.jobs | keys' .github/workflows/ci.yml
+# Get environment variables for a service
+yq '.services.web.environment' docker-compose.yml
+
+# Find services with specific image
+yq '.services | to_entries | map(select(.value.image | contains("nginx")))' docker-compose.yml
+```
 
-# Get K8s resource names
+### Kubernetes Manifests
+
+```bash
+# Get resource name
 yq '.metadata.name' deployment.yaml
 
-# Convert YAML to JSON
-yq -o json '.' config.yaml
+# Get container images
+yq '.spec.template.spec.containers[].image' deployment.yaml
+
+# Get all labels
+yq '.metadata.labels' deployment.yaml
+
+# Multi-document YAML (---)
+yq eval-all '.metadata.name' manifests.yaml
+```
+
+### GitHub Actions Workflows
+
+```bash
+# List all jobs
+yq '.jobs | keys' .github/workflows/ci.yml
+
+# Get steps for a job
+yq '.jobs.build.steps[].name' .github/workflows/ci.yml
+
+# Find jobs using specific action
+yq '.jobs[].steps[] | select(.uses | contains("actions/checkout"))' .github/workflows/ci.yml
+
+# Get all environment variables
+yq '.env' .github/workflows/ci.yml
+```
+
+### TOML Processing
+
+```bash
+# Read TOML file
+yq -p toml '.dependencies' Cargo.toml
+
+# Convert TOML to JSON
+yq -p toml -o json '.' config.toml
+
+# Extract pyproject.toml dependencies
+yq -p toml '.project.dependencies[]' pyproject.toml
+```
+
+### YAML Modification
+
+```bash
+# Update value (in-place)
+yq -i '.version = "2.0.0"' config.yaml
+
+# Add new field
+yq -i '.new_field = "value"' config.yaml
+
+# Delete field
+yq -i 'del(.old_field)' config.yaml
+
+# Add to array
+yq -i '.tags += ["new-tag"]' config.yaml
+
+# Merge YAML files
+yq eval-all 'select(fileIndex == 0) * select(fileIndex == 1)' base.yaml override.yaml
 ```
 
+## Common Config Files
+
+### package.json
+
+```bash
+# List all dependencies
+jq '.dependencies | keys' package.json
+
+# Get all scripts
+jq '.scripts' package.json
+
+# Find outdated patterns
+jq '.dependencies | to_entries | map(select(.value | startswith("^")))' package.json
+
+# Extract dev dependencies
+jq '.devDependencies | keys | .[]' package.json
+```
+
+### tsconfig.json
+
+```bash
+# Get compiler options
+jq '.compilerOptions' tsconfig.json
+
+# Check strict mode
+jq '.compilerOptions.strict' tsconfig.json
+
+# List paths aliases
+jq '.compilerOptions.paths' tsconfig.json
+```
+
+### ESLint/Prettier
+
+```bash
+# Get enabled rules
+jq '.rules | to_entries | map(select(.value != "off"))' .eslintrc.json
+
+# Check prettier options
+jq '.' .prettierrc.json
+```
+
+## Advanced Patterns
+
+### Combining jq with Shell
+
+```bash
+# Process multiple files
+for f in *.json; do jq '.name' "$f"; done
+
+# Pipeline with other tools
+curl -s https://api.github.com/users/octocat | jq '.login'
+
+# Assign to variable
+VERSION=$(jq -r '.version' package.json)
+
+# Conditional logic
+jq -e '.errors | length == 0' response.json && echo "Success"
+```
+
+### Complex Transformations
+
+```bash
+# Flatten nested structure
+jq '[.categories[].items[]] | flatten' data.json
+
+# Reshape data
+jq '.users | map({(.id | tostring): .name}) | add' data.json
+
+# Pivot data
+jq 'group_by(.date) | map({date: .[0].date, values: map(.value)})' data.json
+
+# Join arrays
+jq -s '.[0] + .[1]' file1.json file2.json
+```
+
+## Quick Reference
+
+| Task | jq | yq |
+|------|----|----|
+| Get field | `jq '.key'` | `yq '.key'` |
+| Array element | `jq '.[0]'` | `yq '.[0]'` |
+| Filter array | `jq '.[] \| select(.x)'` | `yq '.[] \| select(.x)'` |
+| Transform | `jq 'map(.x)'` | `yq 'map(.x)'` |
+| Count | `jq 'length'` | `yq 'length'` |
+| Keys | `jq 'keys'` | `yq 'keys'` |
+| Pretty print | `jq '.'` | `yq '.'` |
+| Compact | `jq -c` | `yq -o json -I0` |
+| Raw output | `jq -r` | `yq -r` |
+| In-place edit | - | `yq -i` |
+
 ## When to Use
 
 - Reading package.json dependencies
@@ -66,3 +361,5 @@ yq -o json '.' config.yaml
 - Processing GitHub Actions workflows
 - Extracting data from API responses
 - Filtering large JSON datasets
+- Config file manipulation
+- Data format conversion

skills/project-docs/SKILL.md

@@ -1,9 +1,9 @@
 ---
-name: project-docs
+name: doc-scanner
 description: "Scans for project documentation files (AGENTS.md, CLAUDE.md, GEMINI.md, COPILOT.md, CURSOR.md, WARP.md, and 15+ other formats) and synthesizes guidance. Auto-activates when user asks to review, understand, or explore a codebase, when starting work in a new project, when asking about conventions or agents, or when documentation context would help. Can consolidate multiple platform docs into unified AGENTS.md."
 ---
 
-# Project Documentation Scanner
+# Documentation Scanner
 
 Scan for and synthesize project documentation across AI assistants, IDEs, and CLI tools.
 
@@ -17,7 +17,7 @@ Use this skill when:
 - User asks "how do I work with this codebase" or similar
 - User asks which agent to use for a task
 - Before making significant architectural decisions
-- User explicitly invokes `/project-docs`
+- User explicitly invokes `doc-scanner` skill
 
 ## Instructions
 
@@ -25,8 +25,8 @@ Use this skill when:
 
 Before scanning the project, read the supporting files from this skill directory:
 
-1. Read `~/.claude/skills/project-docs/reference.md` - Contains the complete list of documentation files to scan for
-2. Read `~/.claude/skills/project-docs/templates.md` - Contains templates for generating AGENTS.md
+1. Read `~/.claude/skills/doc-scanner/reference.md` - Contains the complete list of documentation files to scan for
+2. Read `~/.claude/skills/doc-scanner/templates.md` - Contains templates for generating AGENTS.md
 
 These files provide the patterns and templates needed for the remaining steps.
 

skills/git-workflow/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: git-workflow
-description: "Enhanced git operations using lazygit, gh (GitHub CLI), and delta. Triggers on stage changes, create PR, review PR, check issues, git diff, commit interactively, GitHub operations."
+description: "Enhanced git operations using lazygit, gh (GitHub CLI), and delta. Triggers on stage changes, create PR, review PR, check issues, git diff, commit interactively, GitHub operations, rebase, stash, bisect."
 ---
 
 # Git Workflow
@@ -30,6 +30,8 @@ lazygit
 # p - push
 # P - pull
 # b - branch operations
+# r - rebase menu
+# s - stash menu
 # ? - help
 ```
 
@@ -51,6 +53,9 @@ gh pr view 123
 # Check out PR locally
 gh pr checkout 123
 
+# Merge PR
+gh pr merge 123 --squash --delete-branch
+
 # Create issue
 gh issue create --title "Bug: X" --body "Steps to reproduce"
 
@@ -59,6 +64,12 @@ gh issue list --label bug
 
 # View repo in browser
 gh repo view --web
+
+# Run workflow
+gh workflow run deploy.yml
+
+# View workflow runs
+gh run list --workflow=ci.yml
 ```
 
 ### Beautiful Diffs with delta
@@ -74,6 +85,240 @@ git diff | delta --side-by-side
 git config --global core.pager delta
 ```
 
+## Interactive Rebase
+
+Clean up commit history before merging.
+
+```bash
+# Rebase last N commits
+git rebase -i HEAD~5
+
+# Rebase onto main
+git rebase -i main
+
+# Commands in interactive rebase:
+# pick   - use commit as-is
+# reword - edit commit message
+# edit   - stop to amend commit
+# squash - meld into previous commit (keep message)
+# fixup  - meld into previous (discard message)
+# drop   - remove commit
+```
+
+### Common Rebase Workflows
+
+```bash
+# Squash all feature commits into one
+git rebase -i main
+# Change all but first 'pick' to 'squash'
+
+# Reorder commits
+git rebase -i HEAD~3
+# Move lines to change order
+
+# Continue after resolving conflicts
+git rebase --continue
+
+# Abort if things go wrong
+git rebase --abort
+```
+
+## Stash Operations
+
+Save work temporarily without committing.
+
+```bash
+# Save current changes
+git stash
+
+# Save with description
+git stash push -m "WIP: feature X"
+
+# Stash including untracked files
+git stash -u
+
+# List all stashes
+git stash list
+
+# Apply most recent stash (keep in stash list)
+git stash apply
+
+# Apply and remove from list
+git stash pop
+
+# Apply specific stash
+git stash apply stash@{2}
+
+# Show stash contents
+git stash show -p stash@{0}
+
+# Drop specific stash
+git stash drop stash@{1}
+
+# Clear all stashes
+git stash clear
+```
+
+### Stash Workflow Pattern
+
+```bash
+# Mid-feature, need to switch branches
+git stash push -m "WIP: auth flow"
+git checkout hotfix-branch
+# ... fix bug ...
+git checkout feature-branch
+git stash pop
+```
+
+## Git Bisect
+
+Find the commit that introduced a bug using binary search.
+
+```bash
+# Start bisect
+git bisect start
+
+# Mark current commit as bad
+git bisect bad
+
+# Mark known good commit
+git bisect good v1.0.0
+
+# Git checks out middle commit, test it, then:
+git bisect good  # if this commit is OK
+git bisect bad   # if this commit has the bug
+
+# Repeat until git finds the culprit
+# "abc123 is the first bad commit"
+
+# End bisect session
+git bisect reset
+```
+
+### Automated Bisect
+
+```bash
+# Run a test script automatically
+git bisect start HEAD v1.0.0
+git bisect run npm test
+# Git will find first failing commit automatically
+```
+
+## Cherry-Pick
+
+Apply specific commits to current branch.
+
+```bash
+# Apply single commit
+git cherry-pick abc123
+
+# Apply multiple commits
+git cherry-pick abc123 def456
+
+# Apply range of commits
+git cherry-pick abc123..xyz789
+
+# Cherry-pick without committing (stage only)
+git cherry-pick -n abc123
+
+# Continue after resolving conflicts
+git cherry-pick --continue
+
+# Abort cherry-pick
+git cherry-pick --abort
+```
+
+## Worktrees
+
+Work on multiple branches simultaneously without stashing.
+
+```bash
+# Create worktree for a branch
+git worktree add ../project-hotfix hotfix-branch
+
+# Create worktree with new branch
+git worktree add ../project-feature -b new-feature
+
+# List worktrees
+git worktree list
+
+# Remove worktree
+git worktree remove ../project-hotfix
+
+# Prune stale worktree info
+git worktree prune
+```
+
+### Worktree Workflow
+
+```bash
+# Main repo at ~/project
+# Need to work on hotfix while keeping feature work
+git worktree add ~/project-hotfix hotfix-branch
+cd ~/project-hotfix
+# ... make fixes, commit, push ...
+cd ~/project
+git worktree remove ~/project-hotfix
+```
+
+## Reflog (Recovery)
+
+Find and recover "lost" commits.
+
+```bash
+# Show reflog (all HEAD movements)
+git reflog
+
+# Show reflog for specific branch
+git reflog show feature-branch
+
+# Recover deleted branch
+git reflog
+# Find commit hash before deletion
+git checkout -b recovered-branch abc123
+
+# Undo a rebase
+git reflog
+# Find commit before rebase started
+git reset --hard HEAD@{5}
+
+# Recover after hard reset
+git reflog
+git reset --hard HEAD@{1}
+```
+
+## Conflict Resolution
+
+```bash
+# See which files have conflicts
+git status
+
+# Use merge tool
+git mergetool
+
+# Accept all changes from one side
+git checkout --ours file.txt    # Keep current branch
+git checkout --theirs file.txt  # Keep incoming branch
+
+# After resolving
+git add file.txt
+git rebase --continue  # or git merge --continue
+```
+
+## Quick Reference
+
+| Task | Command |
+|------|---------|
+| Interactive rebase | `git rebase -i HEAD~N` |
+| Stash changes | `git stash push -m "msg"` |
+| Apply stash | `git stash pop` |
+| Find bug commit | `git bisect start` |
+| Cherry-pick commit | `git cherry-pick <hash>` |
+| Parallel worktree | `git worktree add <path> <branch>` |
+| Recover commits | `git reflog` |
+| Create PR | `gh pr create` |
+| Merge PR | `gh pr merge --squash` |
+
 ## When to Use
 
 - Interactive staging of changes
@@ -81,4 +326,8 @@ git config --global core.pager delta
 - Reviewing PRs and issues
 - Visual diff viewing
 - Branch management
-- GitHub workflow automation
+- Cleaning up commit history (rebase)
+- Temporary work saving (stash)
+- Bug hunting (bisect)
+- Parallel feature work (worktrees)
+- Recovering lost work (reflog)

skills/rest-patterns/SKILL.md

@@ -1,10 +1,10 @@
 # REST Patterns Skill
 
-Quick reference for RESTful API design patterns, HTTP semantics, and status codes.
+Quick reference for RESTful API design patterns, HTTP semantics, caching, and rate limiting.
 
 ## Triggers
 
-rest api, http methods, status codes, api design, endpoint design, rest patterns, api versioning
+rest api, http methods, status codes, api design, endpoint design, rest patterns, api versioning, rate limiting, caching
 
 ## HTTP Methods
 
@@ -26,7 +26,19 @@ rest api, http methods, status codes, api design, endpoint design, rest patterns
 |------|-------------|
 | **200 OK** | GET, PUT, PATCH, DELETE success |
 | **201 Created** | POST success (include `Location` header) |
+| **202 Accepted** | Request queued for async processing |
 | **204 No Content** | Success with no response body |
+| **206 Partial Content** | Range request fulfilled |
+
+### Redirection (3xx)
+
+| Code | When to Use |
+|------|-------------|
+| **301 Moved Permanently** | Resource permanently relocated |
+| **302 Found** | Temporary redirect (avoid in APIs) |
+| **304 Not Modified** | Client cache is valid (ETag match) |
+| **307 Temporary Redirect** | Redirect preserving method |
+| **308 Permanent Redirect** | Like 301, preserves method |
 
 ### Client Errors (4xx)
 
@@ -38,6 +50,8 @@ rest api, http methods, status codes, api design, endpoint design, rest patterns
 | **404 Not Found** | Resource doesn't exist |
 | **405 Method Not Allowed** | HTTP method not supported |
 | **409 Conflict** | State conflict (duplicate, version mismatch) |
+| **410 Gone** | Resource permanently removed |
+| **412 Precondition Failed** | If-Match header condition failed |
 | **422 Unprocessable Entity** | Validation errors (valid syntax, bad semantics) |
 | **429 Too Many Requests** | Rate limit exceeded |
 
@@ -69,8 +83,98 @@ GET    /users/{id}/orders/{orderId} # Specific order
 GET /users?role=admin&status=active     # Filtering
 GET /users?page=2&limit=20              # Pagination
 GET /users?sort=created_at&order=desc   # Sorting
+GET /users?fields=id,name,email         # Sparse fieldsets
+```
+
+## Caching Headers
+
+### Response Headers
+
+```http
+# Time-based caching
+Cache-Control: max-age=3600              # Cache for 1 hour
+Cache-Control: max-age=0, must-revalidate # Always revalidate
+Cache-Control: no-store                  # Never cache (sensitive data)
+Cache-Control: private, max-age=600      # Browser only, not CDN
+
+# Validation
+ETag: "abc123"                           # Content fingerprint
+Last-Modified: Wed, 21 Oct 2024 07:28:00 GMT
+```
+
+### Request Headers
+
+```http
+# Conditional requests
+If-None-Match: "abc123"                  # Validate ETag
+If-Modified-Since: Wed, 21 Oct 2024 07:28:00 GMT
+
+# Bypass cache
+Cache-Control: no-cache                  # Force revalidation
+```
+
+### Caching Strategy by Resource Type
+
+| Resource | Strategy | Headers |
+|----------|----------|---------|
+| Static assets | Long-lived | `max-age=31536000, immutable` |
+| API responses | Short/revalidate | `max-age=60, must-revalidate` |
+| User data | Private | `private, max-age=0` |
+| Sensitive data | Never | `no-store` |
+| Public lists | Shared | `public, max-age=300` |
+
+### ETag Workflow
+
+```
+# First request
+GET /users/123
+→ 200 OK
+→ ETag: "v1-abc123"
+
+# Subsequent request
+GET /users/123
+If-None-Match: "v1-abc123"
+→ 304 Not Modified (no body, use cached)
+
+# Or if changed
+→ 200 OK
+→ ETag: "v2-def456"
+```
+
+## Rate Limiting
+
+### Standard Headers
+
+```http
+# Response headers
+X-RateLimit-Limit: 1000          # Max requests per window
+X-RateLimit-Remaining: 847       # Requests left
+X-RateLimit-Reset: 1698415200    # Unix timestamp when limit resets
+Retry-After: 60                  # Seconds to wait (on 429)
+```
+
+### Rate Limit Response (429)
+
+```json
+{
+  "error": {
+    "code": "RATE_LIMIT_EXCEEDED",
+    "message": "Too many requests",
+    "retry_after": 60
+  }
+}
 ```
 
+### Rate Limiting Strategies
+
+| Strategy | Use Case | Example |
+|----------|----------|---------|
+| **Fixed window** | Simple limits | 100 req/minute |
+| **Sliding window** | Smoother limits | 100 req in rolling 60s |
+| **Token bucket** | Burst allowance | 10 req/s, 100 burst |
+| **Per-endpoint** | Expensive operations | /search: 10/min |
+| **Per-user tier** | Freemium APIs | Free: 100/hr, Pro: 10000/hr |
+
 ## Error Response Format
 
 ```json
@@ -79,9 +183,11 @@ GET /users?sort=created_at&order=desc   # Sorting
     "code": "VALIDATION_ERROR",
     "message": "Invalid input data",
     "details": [
-      {"field": "email", "message": "Invalid email format"}
+      {"field": "email", "message": "Invalid email format"},
+      {"field": "age", "message": "Must be 18 or older"}
     ],
-    "request_id": "abc-123"
+    "request_id": "abc-123",
+    "documentation_url": "https://api.example.com/docs/errors#validation"
   }
 }
 ```
@@ -94,6 +200,87 @@ GET /users?sort=created_at&order=desc   # Sorting
 | **Header** | `Accept: application/vnd.api.v1+json` | Clean URLs, harder to test |
 | **Query** | `/users?version=1` | Easy to implement, less RESTful |
 
+## Bulk Operations
+
+### Batch Endpoint
+
+```http
+POST /batch
+Content-Type: application/json
+
+{
+  "operations": [
+    {"method": "POST", "path": "/users", "body": {"name": "Alice"}},
+    {"method": "PATCH", "path": "/users/123", "body": {"status": "active"}},
+    {"method": "DELETE", "path": "/users/456"}
+  ]
+}
+
+Response:
+{
+  "results": [
+    {"status": 201, "body": {"id": 789, "name": "Alice"}},
+    {"status": 200, "body": {"id": 123, "status": "active"}},
+    {"status": 204, "body": null}
+  ]
+}
+```
+
+### Bulk Create/Update
+
+```http
+POST /users/bulk
+Content-Type: application/json
+
+[
+  {"name": "Alice", "email": "alice@example.com"},
+  {"name": "Bob", "email": "bob@example.com"}
+]
+
+Response:
+{
+  "created": 2,
+  "errors": []
+}
+```
+
+## HATEOAS Links
+
+```json
+{
+  "id": 123,
+  "name": "Alice",
+  "email": "alice@example.com",
+  "_links": {
+    "self": {"href": "/users/123"},
+    "orders": {"href": "/users/123/orders"},
+    "profile": {"href": "/users/123/profile"},
+    "update": {"href": "/users/123", "method": "PATCH"},
+    "delete": {"href": "/users/123", "method": "DELETE"}
+  }
+}
+```
+
+### Collection with Pagination Links
+
+```json
+{
+  "data": [...],
+  "meta": {
+    "total": 150,
+    "page": 2,
+    "per_page": 20
+  },
+  "_links": {
+    "self": {"href": "/users?page=2"},
+    "first": {"href": "/users?page=1"},
+    "prev": {"href": "/users?page=1"},
+    "next": {"href": "/users?page=3"},
+    "last": {"href": "/users?page=8"}
+  }
+}
+```
+
 ## Security Checklist
 
 - Always HTTPS/TLS
@@ -104,6 +291,7 @@ GET /users?sort=created_at&order=desc   # Sorting
 - CORS headers configured
 - No sensitive data in URLs
 - Security headers (HSTS, CSP)
+- Use `no-store` for sensitive responses
 
 ## Common Mistakes
 
@@ -115,3 +303,6 @@ GET /users?sort=created_at&order=desc   # Sorting
 | POST for everything | Use proper HTTP methods |
 | Returning 500 for client errors | 4xx for client, 5xx for server |
 | No pagination on lists | Always paginate collections |
+| Ignoring caching | Add ETag, Cache-Control headers |
+| Missing rate limits | Protect against abuse |
+| No versioning strategy | Plan for breaking changes |

skills/safe-file-reader/SKILL.md

@@ -1,49 +0,0 @@
----
-name: safe-file-reader
-description: "Read and view files without permission prompts. Use bat for syntax-highlighted code viewing, eza for directory listings with git status, cat/head/tail for plain text. Triggers on: view file, show code, list directory, explore codebase, read config, display contents."
----
-
-# Safe File Reader
-
-## Purpose
-Reduce permission friction when reading and viewing files during development workflows.
-
-## Tools
-
-| Tool | Command | Use For |
-|------|---------|---------|
-| bat | `bat file.py` | Syntax-highlighted code with line numbers |
-| eza | `eza -la --git` | Directory listings with git status |
-| cat | `cat file.txt` | Plain text output |
-| head | `head -n 50 file.log` | First N lines of file |
-| tail | `tail -n 100 file.log` | Last N lines of file |
-
-## Usage Examples
-
-```bash
-# View code with syntax highlighting
-bat src/main.py
-
-# View specific line range
-bat src/main.py -r 10:50
-
-# List directory with git status
-eza -la --git
-
-# Tree view of directory
-eza --tree --level=2
-
-# First 50 lines of log
-head -n 50 app.log
-
-# Follow log file
-tail -f app.log
-```
-
-## When to Use
-
-- User asks to "show", "view", or "display" a file
-- Exploring a codebase structure
-- Reading configuration files
-- Checking log files
-- Listing directory contents

skills/structural-search/SKILL.md

@@ -15,42 +15,338 @@ Search code by its abstract syntax tree (AST) structure rather than plain text.
 | ast-grep | `ast-grep -p 'pattern'` | AST-aware code search |
 | sg | `sg -p 'pattern'` | Short alias for ast-grep |
 
-## Usage Examples
+## Pattern Syntax
+
+| Pattern | Matches | Example |
+|---------|---------|---------|
+| `$NAME` | Single identifier | `function $NAME() {}` |
+| `$_` | Any single node (wildcard) | `console.log($_)` |
+| `$$$` | Zero or more nodes | `function $_($$$) { $$$ }` |
+| `$$_` | One or more nodes | `[$_, $$_]` (non-empty array) |
+
+## JavaScript/TypeScript Patterns
+
+### Function Calls
 
 ```bash
 # Find all console.log calls
-ast-grep -p 'console.log($_)'
+sg -p 'console.log($_)'
 
-# Find all function definitions
-ast-grep -p 'function $NAME($_) { $$$ }'
+# Find all console methods
+sg -p 'console.$_($_)'
 
-# Find React useState hooks
-ast-grep -p 'const [$_, $_] = useState($_)'
+# Find fetch calls
+sg -p 'fetch($_)'
 
-# Find Python function definitions
-ast-grep -p 'def $NAME($_): $$$' --lang python
+# Find await fetch
+sg -p 'await fetch($_)'
 
-# Find all imports of a module
-ast-grep -p 'import $_ from "react"'
+# Find specific function calls
+sg -p 'getUserById($_)'
 
-# Search and show context
-ast-grep -p 'fetch($_)' -A 3
+# Find method chaining
+sg -p '$_.then($_).catch($_)'
+```
+
+### React Patterns
+
+```bash
+# Find useState hooks
+sg -p 'const [$_, $_] = useState($_)'
 
-# Search specific file types
-ast-grep -p '$_.map($_)' --lang javascript
+# Find useEffect with dependencies
+sg -p 'useEffect($_, [$$$])'
+
+# Find useEffect without dependencies (runs every render)
+sg -p 'useEffect($_, [])'
+
+# Find component definitions
+sg -p 'function $NAME($$$) { return <$$$> }'
+
+# Find specific prop usage
+sg -p '<Button onClick={$_}>'
+
+# Find useState without destructuring
+sg -p 'useState($_)'
 ```
 
-## Pattern Syntax
+### Imports
+
+```bash
+# Find all imports from a module
+sg -p 'import $_ from "react"'
+
+# Find named imports
+sg -p 'import { $_ } from "lodash"'
+
+# Find default and named imports
+sg -p 'import $_, { $$$ } from $_'
+
+# Find dynamic imports
+sg -p 'import($_)'
+
+# Find require calls
+sg -p 'require($_)'
+```
+
+### Async Patterns
+
+```bash
+# Find async functions
+sg -p 'async function $NAME($$$) { $$$ }'
+
+# Find async arrow functions
+sg -p 'async ($$$) => { $$$ }'
+
+# Find try-catch blocks
+sg -p 'try { $$$ } catch ($_) { $$$ }'
+
+# Find Promise.all
+sg -p 'Promise.all([$$$])'
+
+# Find unhandled promises (no await)
+sg -p '$_.then($_)'
+```
+
+### Error Prone Patterns
+
+```bash
+# Find == instead of ===
+sg -p '$_ == $_'
+
+# Find assignments in conditions
+sg -p 'if ($_ = $_)'
+
+# Find empty catch blocks
+sg -p 'catch ($_) {}'
+
+# Find console.log (for cleanup)
+sg -p 'console.log($$$)'
+
+# Find TODO comments
+sg -p '// TODO$$$'
+
+# Find debugger statements
+sg -p 'debugger'
+```
+
+## Python Patterns
+
+```bash
+# Find function definitions
+sg -p 'def $NAME($$$): $$$' --lang python
+
+# Find class definitions
+sg -p 'class $NAME: $$$' --lang python
+
+# Find decorated functions
+sg -p '@$_
+def $NAME($$$): $$$' --lang python
+
+# Find specific decorator
+sg -p '@pytest.fixture
+def $NAME($$$): $$$' --lang python
+
+# Find imports
+sg -p 'import $_' --lang python
+sg -p 'from $_ import $_' --lang python
+
+# Find f-strings
+sg -p 'f"$$$"' --lang python
+
+# Find list comprehensions
+sg -p '[$_ for $_ in $_]' --lang python
+
+# Find with statements
+sg -p 'with $_ as $_: $$$' --lang python
+
+# Find async definitions
+sg -p 'async def $NAME($$$): $$$' --lang python
+```
+
+## Go Patterns
+
+```bash
+# Find function declarations
+sg -p 'func $NAME($$$) $_ { $$$ }' --lang go
+
+# Find method declarations
+sg -p 'func ($_ $_) $NAME($$$) $_ { $$$ }' --lang go
+
+# Find interface definitions
+sg -p 'type $NAME interface { $$$ }' --lang go
+
+# Find struct definitions
+sg -p 'type $NAME struct { $$$ }' --lang go
+
+# Find error handling
+sg -p 'if err != nil { $$$ }' --lang go
+
+# Find defer statements
+sg -p 'defer $_' --lang go
+
+# Find goroutines
+sg -p 'go $_' --lang go
+```
+
+## Rust Patterns
+
+```bash
+# Find function definitions
+sg -p 'fn $NAME($$$) -> $_ { $$$ }' --lang rust
+
+# Find impl blocks
+sg -p 'impl $_ for $_ { $$$ }' --lang rust
+
+# Find match expressions
+sg -p 'match $_ { $$$ }' --lang rust
+
+# Find unwrap calls (potential panics)
+sg -p '$_.unwrap()' --lang rust
+
+# Find Result/Option handling
+sg -p '$_?' --lang rust
+```
+
+## Refactoring Patterns
+
+### Find and Replace
+
+```bash
+# Preview replacement
+sg -p 'console.log($_)' -r 'logger.info($_)'
+
+# Replace in place
+sg -p 'console.log($_)' -r 'logger.info($_)' --rewrite
+
+# Replace with context
+sg -p 'var $NAME = $_' -r 'const $NAME = $_'
+```
+
+### Common Refactors
+
+```bash
+# Convert function to arrow
+sg -p 'function $NAME($ARGS) { return $BODY }' \
+   -r 'const $NAME = ($ARGS) => $BODY'
+
+# Convert require to import
+sg -p 'const $NAME = require("$MOD")' \
+   -r 'import $NAME from "$MOD"'
+
+# Add optional chaining
+sg -p '$OBJ.$PROP' -r '$OBJ?.$PROP'
+```
+
+## Security Patterns
+
+### SQL Injection
+
+```bash
+# Find string concatenation in queries
+sg -p 'query($_ + $_)'
+sg -p 'execute("$$$" + $_)'
+
+# Find template literals in queries
+sg -p 'query(`$$$${$_}$$$`)'
+```
+
+### XSS Vectors
+
+```bash
+# Find innerHTML assignments
+sg -p '$_.innerHTML = $_'
+
+# Find dangerouslySetInnerHTML
+sg -p 'dangerouslySetInnerHTML={{ __html: $_ }}'
+
+# Find eval calls
+sg -p 'eval($_)'
+
+# Find document.write
+sg -p 'document.write($_)'
+```
+
+### Secrets/Credentials
+
+```bash
+# Find hardcoded passwords
+sg -p 'password = "$_"'
+sg -p 'password: "$_"'
+
+# Find API keys
+sg -p 'apiKey = "$_"'
+sg -p 'API_KEY = "$_"'
+```
+
+## Advanced Usage
+
+### Context and Output
+
+```bash
+# Show surrounding lines
+sg -p 'console.log($_)' -A 3
+
+# JSON output
+sg -p 'console.log($_)' --json
+
+# File names only
+sg -p 'TODO' -l
+
+# Count matches
+sg -p 'console.log($_)' --count
+```
+
+### Combining with Other Tools
+
+```bash
+# Find and process with jq
+sg -p 'fetch($_)' --json | jq '.matches[].file'
+
+# Find in specific files
+fd -e ts | xargs sg -p 'useState($_)'
+
+# Interactive selection
+sg -p 'console.log($_)' -l | fzf | xargs code
+```
+
+### YAML Rules (Reusable Patterns)
+
+Create `.ast-grep.yml` for complex patterns:
+
+```yaml
+id: no-console-log
+language: typescript
+rule:
+  pattern: console.log($$$)
+message: Remove console.log before committing
+severity: warning
+```
+
+Run with:
+```bash
+sg scan
+```
+
+## Quick Reference
 
-- `$NAME` - matches single identifier
-- `$_` - matches any single node (wildcard)
-- `$$$` - matches zero or more nodes
-- `$$_` - matches one or more nodes
+| Task | Command |
+|------|---------|
+| Find pattern | `sg -p 'pattern'` |
+| Specific language | `sg -p 'pattern' --lang python` |
+| Replace (preview) | `sg -p 'old' -r 'new'` |
+| Replace (apply) | `sg -p 'old' -r 'new' --rewrite` |
+| Show context | `sg -p 'pattern' -A 3` |
+| JSON output | `sg -p 'pattern' --json` |
+| File list only | `sg -p 'pattern' -l` |
+| Count matches | `sg -p 'pattern' --count` |
 
 ## When to Use
 
 - Finding all usages of a function/method
 - Locating specific code patterns (hooks, API calls)
-- Preparing for refactoring
+- Preparing for large-scale refactoring
 - Understanding code structure
 - When regex would match false positives
+- Detecting anti-patterns and security issues
+- Creating custom linting rules

skills/tool-discovery/SKILL.md

@@ -52,11 +52,10 @@ Is this a reference/lookup task?
 
 | Skill | Triggers | Use When |
 |-------|----------|----------|
-| **git-workflow** | lazygit, gh, delta, pr | Git operations, GitHub PRs, staging |
+| **git-workflow** | lazygit, gh, delta, pr, rebase, stash, bisect | Git operations, GitHub PRs, staging, rebase, bisect |
 | **python-env** | uv, venv, pip, pyproject | Python environment setup with uv |
 | **task-runner** | just, justfile, run tests | Running project tasks via justfile |
-| **safe-file-reader** | bat, eza, view file | Viewing files without permission prompts |
-| **project-docs** | AGENTS.md, conventions | Finding and reading project documentation |
+| **doc-scanner** | AGENTS.md, conventions, scan docs | Finding and reading project documentation |
 | **project-planner** | plan, sync plan, track | Project planning with /plan command |
 
 ---