CarlosCaPe
UserOpen-source AI agent operating system: one file-native brain (190+ skills, 180+ specialist agents) run across many sealed client arms, with per-client token attribution and opt-in budget caps. Organic, portable, MIT.
Categories
Indexed Skills (47)
4d-paradigm-protocol
Full operational protocol for the Octopus 4D Paradigm — Describe / Delegate / Diligent / Disclose. Contains the 2D Delegate 3-question gate detail, the 4D Gate Change Manifest format, the 3D Diligent validation matrix, the Impact Radius scan command, the 4D-applied-to flow tables, known anti-patterns, and the enforcement scripts. CLAUDE.md carries only the summary; full templates and formats live here. Load when about to write files, run a complex change, build a Change Manifest, or need an exact gate/diligent/impact-radius format.
4d-spec
Orchestrator that merges the 4D Paradigm with Spec-Driven Development (SDD). Classifies task complexity and activates SDD phases only when warranted. Use at the START of any implementation task to determine the right workflow depth.
ado-refactor-performance-gate
Mandatory performance gate for Azure DevOps SQL refactor tickets. Use when a ticket includes stored procedure refactor/review and you must validate execution plans, index usage, parameter sniffing risk, and query structure optimization opportunities.
agent-proof-approval-gate
Build a fail-closed PreToolUse gate for merge/deploy/destructive actions that the AI agent provably cannot self-bypass. Use when you need human-only override for a consequential action the agent orchestrates.
anthropic-enterprise-analytics
Pull Anthropic's Admin API usage_report into ~/.claude/analytics/ so brain-digest can reconcile estimated cost (from session JSONL list-price math) against actual billed cost (from Anthropic). Closes the estimated-vs-billed gap that any operator running on Pro/Max/Enterprise has.
arm-onboarding
Step-by-step protocol for creating a new client arm (per-client repo) in the Octopus framework. Covers required files, the sync-ai-docs workflow, the arm's sealed lineage graph (.claude/connectome/lineage.yaml), QueryMaster connection registration, the one-file rule, and the gitignore hygiene baseline. Load whenever the operator says 'create a new arm', 'onboard a client', 'mkdir new project', or starts working in an empty directory under ~/Documents/github/.
batch-import-relative-paths
When you batch-add an `import` line to N source files via sed/awk, the relative path must be computed PER-FILE (depth varies). Vite/esbuild often silently normalize bad `../` and the bug hides across multiple deploys until a larger rebuild forces strict module resolution.
browser-bearer-graph-auth
Conditional-Access-resilient OAuth alternative for Microsoft Graph: drive a Playwright + Edge persistent context to capture the bearer token during normal sign-in. Works when Device Code Flow / headless OAuth is blocked by AADSTS53003 (Device state: Unregistered). Outlook Web grants a broader scope set than Teams Web. Hard-won workaround that should NOT be the production answer.
cache-bust-deploy-validation
After a production deploy of a CDN-fronted site, force cache-bust on every validation request and inspect Age/cache-status headers — the CDN can serve a stale 200 with old content for hours, hiding a broken deploy. Use whenever validating a freshly-deployed web app, debugging "deploy completed but the live site shows the old version", or building a post-deploy smoke test.
canary-symbiont
Cross-plane sentinel pattern: a tiny watcher on cloud plane B detects the SILENT death of scheduler plane A (billing block, cron load-shedding; zero error signal from inside) and alerts the operator by email. Fail-open: the canary's own failure never harms the host work. Includes the fine-grained-PAT 403 gotcha, the no-echo secret intake protocol, and the MANDATORY live test (a canary never test-fired protects nothing). Load when schedulers die silently, when 'nothing ran and nothing alerted', when building any watchdog/canary, or when activating one that has never fired.
cloudflare
Comprehensive Cloudflare platform skill covering Workers, Pages, storage (KV, D1, R2), AI (Workers AI, Vectorize, Agents SDK), feature flags (Flagship), networking (Tunnel, Spectrum), security (WAF, DDoS), and infrastructure-as-code (Terraform, Pulumi). Use for any Cloudflare development task. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
command-boundary-hook-matching
Pattern-match what a Bash command actually does in a PreToolUse hook without false-firing on mentions inside quoted args, commit messages, or echo strings. Use when building any hook that decides based on command semantics.
config-driven-diagrams
Build config-driven architecture diagrams as dark-themed SVG/PNG with swimlanes, embedded logos, auto-layout, and overlap validation. Use when the user asks for architecture diagrams, data flow diagrams, system topology, or any visual diagram that should be rendered programmatically from a JSON config. Trigger on: diagram, architecture diagram, data flow, swimlane, render SVG, render PNG, system diagram, topology.
coworking-concept-collision
Protocol for when two live sessions are codifying the SAME concept concurrently (not just sharing a working tree). Detect semantic friction BEFORE committing, defer ownership to whoever is further ahead, and integrate from an isolated dimension. Trigger — a file you are about to reference or claim primacy over shows as modified (M) by another live session, or your new skill overlaps a concept another dimension is actively editing.
cron-bridge-daily-publisher
End-to-end architectural pattern for "daily auto-publish N curated items from D1 → social platform (FB Page, IG Business, LinkedIn Page, etc.) via the existing Multi-Reach scheduler worker". Includes fair-rotation selector, content-hash idempotency, sentinel-keyed daily dedup, R2 image mirror via serve endpoint, D1 audit trail, and a companion retract sweep for platform ToS SLA (e.g. EasyBroker 24h). Reusable across white-label / franchise / multi-tenant scenarios.
atomic-3phase-ddl-scripts
Atomic 3-Phase DDL Scripts
backward-compatible-schema-changes
Backward-Compatible Schema Changes
case-insensitive-uniqueness
Case-Insensitive Uniqueness (Functional Indexes)
column-renames-metadata-only
Column Renames (Metadata-Only)
connection-pooling-timeout-safety
Connection Pooling & Timeout Safety
content-deduplication-discipline
Content Deduplication Discipline
cross-reference-integrity
Cross-Reference Integrity
data-retention-policy-lifecycle
Data Retention Policy Lifecycle
claude-plugins-official
Official, Anthropic-managed directory of high quality Claude Code Plugins.
agent-browser
Browser automation CLI for AI agents (Rust native, no Playwright). Use for navigating pages, filling forms, clicking buttons, taking screenshots, extracting data, testing web apps, QA/dogfooding, automating Electron desktop apps, Slack automation, or any browser task. Triggers: 'open a website', 'take a screenshot of the site', 'fill out a form', 'test this web app', 'dogfood', 'QA', 'check my Slack', 'automate VS Code/Slack/Discord'. Prefer over Playwright on all platforms.
agents-sdk
Build AI agents on Cloudflare Workers using the Agents SDK. Load when creating stateful agents, durable workflows, real-time WebSocket apps, scheduled tasks, MCP servers, chat applications, voice agents, or browser automation. Covers Agent class, state management, callable RPC, Workflows, durable execution, queues, retries, observability, and React hooks. Biases towards retrieval from Cloudflare docs over pre-trained knowledge.
arm-synthetics
Per-arm health check templates. Each arm defines a synthetics.yaml with endpoints to probe + expected responses + cron schedule. The skill ships the template + GH Action runner. Failures open issues IN THE ARM REPO (not the brain) to preserve octopus arm isolation. Use when onboarding a new arm or when an arm's health monitoring needs a scheduled probe.
aspnet-core
Build, review, refactor, or architect ASP.NET Core web applications using current official guidance for .NET web development. Use when working on Blazor Web Apps, Razor Pages, MVC, Minimal APIs, controller-based Web APIs, SignalR, gRPC, middleware, dependency injection, configuration, authentication, authorization, testing, performance, deployment, or ASP.NET Core upgrades.
bruno-postman-alternative
Open-source API client (Postman alternative) where collections are stored as plain text files in a git repo — collaboration via PR review, no cloud sync, no team license fees. MIT licensed. Use when recommending an API testing tool to a client team that lives in git, when a Postman team license is expensive overkill, or when API collections need to ship inside a code repository for review and version control alongside the implementation.
bug-hunter
Adversarial bug hunting with a sequential-first pipeline (Recon, Hunter, Skeptic, Referee) that can optionally use safe read-only parallel triage. Finds, verifies, and auto-fixes real bugs by default (with --scan-only opt-out) using checkpointed verification and resume state for large codebases. Use this skill whenever the user wants bug finding, security audits, regression checks, or code review focused on runtime behavior.
commit-security-scan
Scan code changes for security vulnerabilities using Bug Hunter-native artifacts and STRIDE context. Use whenever the user asks for PR security review, commit-diff scanning, staged-change security checks, branch-comparison security review, or pre-merge security analysis of changed code.
doc-lookup
Unified documentation lookup for Bug Hunter agents. Uses Context Hub (chub) as primary source with Context7 API fallback. Provides verified library/framework documentation to prevent false positives and ensure correct fix patterns.
fixer
Surgical code fixer for Bug Hunter. Implements minimal, precise fixes for verified bugs. Uses doc-lookup (Context Hub + Context7) to verify correct API usage in patches. Respects fix strategy classifications (safe-autofix vs manual-review vs larger-refactor).
hunter
Deep behavioral code analysis agent for Bug Hunter. Performs multi-phase scanning to find logic errors, security vulnerabilities, race conditions, and runtime bugs. Uses doc-lookup (Context Hub + Context7) for framework verification. Reports structured JSON findings.
recon
Codebase reconnaissance agent for Bug Hunter. Maps architecture, identifies trust boundaries, classifies files by risk priority, and detects service boundaries. Does NOT find bugs — finds where bugs hide.
referee
Final arbiter for Bug Hunter. Receives Hunter findings and Skeptic challenges, independently re-reads code, and delivers authoritative verdicts with CVSS scoring and proof-of-concept generation for security findings.
skeptic
Adversarial code reviewer for Bug Hunter. Rigorously challenges each reported bug to determine if it's real or a false positive. Uses doc-lookup (Context Hub + Context7) to verify framework claims before disproval. The immune system that kills false positives.
ccxt-python
CCXT cryptocurrency exchange library for Python developers. Covers both REST API (standard) and WebSocket API (real-time). Helps install CCXT, connect to exchanges, fetch market data, place orders, stream live tickers/orderbooks, handle authentication, and manage errors in Python. Use when working with crypto exchanges in Python projects, trading bots, data analysis, or portfolio management. Supports both sync and async (asyncio) usage.
chatgpt-apps
Build, scaffold, refactor, and troubleshoot ChatGPT Apps SDK applications that combine an MCP server and widget UI. Use when Codex needs to design tools, register UI resources, wire the MCP Apps bridge or ChatGPT compatibility APIs, apply Apps SDK metadata or CSP or domain settings, or produce a docs-aligned project scaffold. Prefer a docs-first workflow by invoking the openai-docs skill or OpenAI developer docs MCP tools before generating code.
claude-mem-persistent-memory
Persistent context across sessions for Claude Code (and other coding agents) — captures everything the agent does in a session, compresses it with AI, and injects relevant context back into future sessions. Use when you want to reduce per-session token usage by ~75%, when an arm has long-running engagements where session-to-session continuity matters, or when context-window limits are hitting hard. AGPL 3.0 — flag the copyleft implications before embedding in commercial client deliverables.
claude-usage-report
Aggregate Claude Code usage (tokens, sessions, API-equivalent cost) by day, week, month, model, and project from local JSONL session logs. Use when the user asks about their Claude Code usage, consumption, costs, "cuánto he usado", "uso diario/semanal/mensual", or wants to audit which projects/models are eating the most tokens.
cloudflare-deploy
Deploy applications and infrastructure to Cloudflare using Workers, Pages, and related platform services. Use when the user asks to deploy, host, publish, or set up a project on Cloudflare. Also use when the user needs to purge or clear Cloudflare cache after deploys, or automate cache invalidation.
cloudflare-email-service
Send and receive transactional emails with Cloudflare Email Service (Email Sending + Email Routing). Use when building email sending (Workers binding or REST API), email routing, Agents SDK email handling, or integrating email into any app — Workers, Node.js, Python, Go, etc. Also use for email deliverability, SPF/DKIM/DMARC, wrangler email setup, MCP email tools, or when a coding agent needs to send emails. Even for simple requests like "add email to my Worker" — this skill has critical config details.
coolify-self-hosted-paas
Self-hosted alternative to Vercel, Heroku, Netlify, and Render — deploy applications, databases, and services on your own server (or any VPS) with git-push workflows, automatic SSL, preview deployments, and zero per-seat fees. Apache 2.0 licensed. Use when recommending deployment infrastructure to clients who want cost control, data sovereignty, or freedom from PaaS lock-in, or when an arm needs a single self-hosted plane to manage many small services.
security-review
Run a focused STRIDE-based security review using Bug Hunter-native artifacts. Use whenever the user asks for a full security audit, repository security review, weekly security scan, PR security review with deeper validation, or wants dependency CVEs and threat-model context combined into one workflow.
threat-model-generation
Generate or refresh a STRIDE-based threat model for the current repository using Bug Hunter-native artifacts. Use whenever the repository has no threat model yet, the architecture changed materially, a security review needs fresh trust-boundary context, or the user explicitly asks for a threat model.
vulnerability-validation
Validate security findings for exploitability, reachability, and real-world impact using Bug Hunter-native findings artifacts. Use after security scans, before patch generation, or whenever the user wants confirmation that a suspected vulnerability is actually exploitable.
Bio shown is the top-scored skill's repo description as a fallback — real GitHub bios land in a future update.