5 composable skills that force your coding agent to plan first, test every slice, prove “done” with evidence, ship it secure, and keep it running. Never skips a step. Never fakes done.
Live: … stars · MIT · 5 skills
claude plugin marketplace add nhattrung0911/shipwright
Each is one readable SKILL.md. Stack-agnostic. Distilled from 50k+ ⭐ engineering repos and OWASP Top 10:2025.
The engine. Frame → Plan → Slice → Verify for any project. Evidence-based “done”, grader-≠-doer, anti-false-done counters.
Web build: 12-layer full-stack map + 14 production pillars + pre-launch gate. Nothing falls through.
OWASP Top 10:2025 → defense + a runnable check per risk. CSRF, SSRF, JWT, LLM prompt-injection, privacy.
Day-2: rate limiting, retries, circuit breakers, SLO, on-call, canary deploys, DR, backups + restore drills.
Keep the agent’s context lean: delegate verbose work, search don’t read, session hygiene. Real token savings.
One engine pulls the rest as depth. Use one, use all.
disciplined-delivery ← the engine, every non-trivial build ├─ shipping-production-websites ← pulled in for web projects ├─ securing-applications ← the security gate (OWASP Top 10:2025) ├─ operating-production-services ← runtime controls + Day-2 maintenance └─ token-frugal-engineering ← cross-cutting, keeps context cheap
“Done” needs the test output / eval score that proves it. “Should work” is a red flag the skill catches.
Pressured to “just ship it”? The plan shrinks to 3 lines — it never disappears.
A fresh check grades work against criteria with a per-criterion PASS/FAIL + evidence table. Faking requires fabricating output.
Skill bodies use neutral prose — they port across agents.
claude plugin marketplace add nhattrung0911/shipwrightclaude plugin install shipwright@shipwright
Copy skills/* into ~/.agents/skills/
Copy skills/* into ~/.gemini/skills/