The commercial pack — forge/ship lifecycles, bug & perf sweeps, UX maximization, advisor councils, sales playbooks, and token-free qwen-routed variants.
▸agent-exploit-paths
packbugs
Prove and rank the attacker-data → privileged-action exploit paths through an LLM/agent — the source→model→sink reachability and blast-radius audit that security-sweep's request→row model structurally can't see. Taints every untrusted ingress (RAG chunks, tool results, fetched pages, emails, parsed files, memory, peer-agent messages) through prompt assembly to every sink (tool dispatch, DB write, outbound send, render, exec), reports ONLY paths where a trust boundary is provably absent, and proves each with a live behavioral oracle (canary crossed a boundary / forbidden tool fired)
Use when"prompt injection audit", "agent security", "is my AI app safe", "LLM security", "tool-call authz", "exploit paths", lethal-trifecta / excessive- agency review, or when bug-zero / project-autopilot route the AI/agent-security class here (security-sweep owns the SaaS infra boundary; this owns the agent one).
▸audit-lens
packbugs
Domain-parameterized codebase audit: assess a codebase through ONE chosen lens (API design, CLI ergonomics, data integrity, general code quality — or a broad multi-domain sweep) and return ranked, verified, located findings each with a concrete fix. For domains that have a dedicated specialist (security → security-sweep, performance → hotspot-scout, UX/a11y → ux-scan, bugs → bug-zero, copy/slop → unslop) it ROUTES instead of redoing the work
Use when"audit this", "assess the code quality", "review the API design", "CLI ergonomics pass", "data-model review", "pre-launch audit", "full audit across the board", or when project-autopilot / forge / ship-it dispatch "audit-lens (domain: X)".
▸beadsmith
packlifecycle
Plan-to-graph converter: take an EXISTING agreed plan (planning-workflow doc, advisor-council synthesis, hand-written markdown) and forge it into a clean, dependency-ordered br bead graph — every bead self-contained, every edge real, bv-clean, validated and polished in plan-space before any code is written
Use when"turn this plan into beads", "plan to beads", "beadify this", "create the task graph from the plan", "convert the markdown plan", or when kickstart / project-autopilot / ux-maximizer need their plan→tracked-work stage.
▸bug-sweep
packbugs
Systematic audit→fix→rescan over a code surface to find MANY bugs, not one reproduced bug — walk the same surface through seven lenses (logic, boundaries, error handling, state/lifecycle, data integrity, concurrency-adjacent, API misuse), one lens per pass, dedupe the candidates, verify each is real before touching anything, fix the survivors no-slop under a green ratchet with a regression test each, then re-sweep until consecutive sweeps come up dry
Use when"sweep this for bugs", "find all the bugs in this module", "deep bug pass", "comb through this", "audit this surface for defects", or when bug-zero routes its systematic audit→fix→rescan class here.
▸bug-zero
packbugs
Drive a codebase's bugs to zero, exhaustively, by orchestrating every bug-finding skill you own — then verifying each finding is real before fixing, fixing under a green ratchet with a regression test per fix, confirming the fix by running it, and rescanning until the sweeps come up dry
Use when"find and fix all the bugs", "harden this", "pre-release bug pass", "make this bulletproof", post-incident cleanup, or taming an inherited messy codebase.
▸deepen
packideation
Multi-pass engine: iteratively apply any named skill or slash command over a target with progressive deepening — each pass builds on the prior pass's log, every pass's findings get FIXED (under the green ratchet) before the next pass fires, and the loop stops on saturation, not at an arbitrary count or at zero
Use when"apply N times", "keep running it until it stops finding things", "multi-pass", "grind this skill over the project", "another pass", or when ux-maximizer / project-autopilot route counted refinement passes here.
▸deposit-first-shipping
packlifecycle
Release discipline for work that has to pay for itself — no shipping without a named customer, no 1.0 without cleared payment or a committed buyer, no polish passes on features nobody uses
Use whentagging a release, deciding whether a project is ready to demo publicly, choosing between "ship a rough v1" and "polish more," or evaluating whether to continue investing time in a build.
▸design-intel
packux
Design intelligence for NEW UI surfaces: pick a named visual direction (style, palette, type pairing, layout system, component patterns, charts) and emit an actionable token-level design spec a builder can implement — taste as a system, not generic defaults
Use when"design this dashboard/page/screen", "what should this look like", "pick a palette", "choose the fonts", "design direction", "make it feel like Stripe/Linear", building a new surface from scratch, or when ux-maximizer / project-autopilot route design-intelligence passes here.
▸dueling-idea-forge
packideation
Multi-model adversarial ideation: two different-lineage models (Fable + Codex by default) each run idea-forge independently, then score each other's ideas 0–1000, see how they were scored, and fight it out — the orchestrator synthesizes consensus winners / contested / killed, and consensus winners become br beads via idea-forge
Use when"dueling ideas", "adversarial brainstorm", "cross-model idea duel", "have two models argue about what to build", or when single-model ideation keeps producing plausible ideas you don't quite trust.
▸forge
packlifecycle
The one-handle lifecycle conductor: take a bare idea OR a project at any stage and carry it all the way to shipped, by detecting where it is and driving the right skill at the right time — kickstart (0→1) → project-autopilot (1→done, which itself routes to bug-zero/perf-max/ux-maximizer) → ship-it (out the door). Pauses at every judgment gate
Use when"take this idea all the way", "build and ship this", "run the whole lifecycle", or you don't want to think about which skill to reach for.
▸hotspot-scout
packperf
Profile a system under its REAL workload and emit a SCORED, ranked hotspot list — hot paths by CPU, memory, I/O, and lock/contention, each with measured evidence (flamegraph / sampler / timing), p95/p99 where latency matters, and a headroom estimate. Measures and ranks; never optimizes
Use when"profile this", "why is it slow", "find the bottleneck", "where's the time going", "rank the hot paths", "flamegraph", "p95 is bad", or when perf-max / project-autopilot need their profiling stage.
▸idea-forge
packideation
Ideation engine: ground in the project's reality, diverge to ~30 candidate improvements, winnow ruthlessly to a ranked shortlist, then operationalize the winners into a self-documenting br bead graph — refined over multiple plan-space passes before a line of code is written
Use when"what should we build next", "brainstorm improvements", "ideation pass", "fill the backlog", "turn ideas into beads", or when forge/kickstart/project-autopilot need their ideation stage.
▸kickstart
packlifecycle
Take a project from a general idea to a working, intent-aligned scaffold — by ideating the LEANEST elegant way to build it (not the most maximal), standing up a walking skeleton that runs end-to-end first, then filling out only what the intent needs via selective idea-wizarding of the forks that actually matter, and handing off to project-autopilot once a green baseline + bead backlog exist
Use when"start a new project", "build this from scratch", "greenfield", "scaffold this idea", "0 to 1".
▸local-llm-ops
packsales
Operating discipline for local LLM hosting on unified-memory hardware (NVIDIA GB10 / DGX Spark class)
Use whenconfiguring Ollama or vLLM, diagnosing slow inference, deciding between local and hosted model backends, debugging "model not loaded" errors, tuning GPU memory utilization, or setting up tool-calling with Qwen/Llama-class models.
▸no-slop-bug-hunter
packbugs
Multi-pass debugging that fixes THE bug, not the category — no drive-by refactors, no defensive try/except padding, no feature-flag shortcuts, no abstractions added "while you're here."
Use whenhunting a reproducible bug, triaging a flaky test, investigating a production error, or reviewing a proposed fix for a specific defect.
▸optimize-proof
packperf
Execution half of the performance two-step: take a profiler-SCORED hotspot list and convert the top targets into measured, behavior-proven speedups — one target at a time, proof harness written before the optimization, before/after measured on the real workload, green ratchet on every change, algorithmic wins before micro-tuning, stop when the next hotspot isn't worth the complexity
Use when"optimize this hotspot", "grind the hotspot list", "make this faster without breaking it", or when perf-max / project-autopilot hand over "scored hotspot list ready to optimize".
▸perf-max
packperf
Maximize a project's performance, exhaustively, by orchestrating profiling + optimization skills — always optimizing a profiler-scored hotspot (never by vibe), proving each change keeps behavior identical under a green ratchet, measuring the actual speedup, and re-profiling until the wins dry up
Use when"make it fast", "optimize this", "it's slow", "reduce latency/p95", "improve throughput", or a late-stage performance pass before shipping.
▸polish-pass
packux
Iterative visual elevation of a UI that already works and looks decent — per pass, tighten the details that separate "fine" from "premium": spacing rhythm, type hierarchy, contrast and interaction states, elevation, radii, motion, empty/loading/error states, density. Elevates the EXISTING design language toward Stripe/Linear-level craft; never a redesign
Use when"polish pass", "visual elevation", "tighten the UI", "make it feel premium", "it works but looks fine, not great", "Stripe-level", or when ux-maximizer's cascade or project-autopilot's "works but needs visual elevation" route lands here.
▸project-autopilot
packlifecycle
Autonomous project-pushing loop: extract the project's stated intention, diagnose gaps through relevant expert lenses, route each gap to the best installed skill, and execute in small green-verified batches until the intent is satisfied — queuing anything that needs Matt's judgment into a decision inbox instead of guessing
Use when"push this project along", "autopilot this", "take this to done", "run off to the races", or unattended improvement of a project already in motion.
▸readme-real
packux
Write or revise READMEs that sound like a human wrote them and that don't ship promises the code can't back. Bans AI-tell phrasing, hype words, "coming soon" sections, and feature claims without a repro command
Use whencreating a README, rewriting one that reads as AI slop, deciding what features to list on a landing page, or reviewing someone else's doc for credibility.
▸reality-check
packlifecycle
Hold a project's stated vision up against what's actually built and running, and report the gap without flattery: what works, what's claimed-but-broken, what's missing, what drifted — ending in an explicit SHIP-READY / NOT verdict. When a project has no intent doc at all, flips to INTENT EXTRACTION instead: reconstructs the project's goals from code, tests, beads, and commits into a confirmable intent statement
Use when"reality check", "where are we really", "does this actually work", "are we on track", "gap analysis", "what's missing", or when project-autopilot / ship-it / idea-forge need their assess, preflight, or intent-extraction step.
▸security-sweep
packbugs
Audit a SaaS app for the security classes that actually sink companies — payment/billing bypass, webhook integrity (signature + replay), auth gaps (authn/authz, session/JWT/cookie), row-level-security and multi-tenant data isolation, secrets exposure, and IDOR/broken access control — verifying each finding is real before reporting, ranking by blast radius, and shipping a concrete fix per finding
Use when"security audit", "billing security", "is this safe to ship", webhook/auth/RLS review, pre-launch hardening, or when bug-zero / ship-it / project-autopilot route the security class here.
▸ship-it
packlifecycle
Take a green project to a released, deployed artifact — by orchestrating the release skills you own to do ALL the reversible pre-flight perfectly (preflight gate, version bump, changelog, cross-platform build, checksums, installer verify, preview deploy, drafted release + store metadata) and then handing Matt the exact publish buttons
Use when"ship it", "cut a release", "prepare to launch", "tag a release", "deploy to production", "submit to the store", "publish".
▸unslop
packux
Line-level copy editor that strips the tells of AI-generated writing — filler openers, hype adjectives, empty tricolons, hedges, em-dash rhythm, false balance, restating conclusions, emoji-bullet decoration — while a meaning guard keeps every claim, number, and instruction intact. Covers docs AND the product surface (buttons, toasts, errors, empty states, onboarding), and can edit toward a specific voice instead of generic-neutral
Use when"this reads like AI", "de-slop this", "fix this copy", "make this sound human", "clean up the UI text", or when ux-scan / ux-maximizer / project-autopilot surface AI-slop tells in docs or UI copy.
▸ux-maximizer
packux
Exhaustively maximize a project's UI/UX to premium, "wow-factor" quality. A staged successive-prompter: idea-wizard for a premium vision → implement the top ideas → a cascade of UX audits, UI polishes, and design-intel passes → repeat until the passes stop finding material improvements
Use when"make this premium", "wow factor", "maximize the UI/UX", "design pass", "make it world-class", or elevating a functional-but-plain app into something that makes users go wow.
▸ux-scan
packux
Systematic UX evaluation of a UI: Nielsen's 10 usability heuristics + accessibility (contrast, keyboard nav, focus order, ARIA, screen-reader labels, touch targets) + interaction/flow problems, emitted as a ranked list of located, fix-ready findings
Use when"review the UI", "is this usable", "usability check", "accessibility audit", "a11y pass", "find the UX problems", "heuristic evaluation", pre-launch UX review, or when ux-maximizer / deepen / project-autopilot need their UX-evaluation stage.