ievo-ai

debug-off

Disable verbose / trace-level logging for the iEvo pipeline. Reverts to normal logging (concise `.ievo/log/init-*.md` only). Use when debugging is complete and user wants to stop accumulating large trace logs. Trigger words — "turn off debug", "stop verbose", "disable trace", "debug off".

debug-on

Enable verbose / trace-level logging across the iEvo pipeline. Use when the user wants to debug an init, evolution, or security-audit session — captures full prompts, full sub-agent returns, every Task tool dispatch, every gh/git/network call, environment dump. Output goes to `.ievo/log/debug/<session-id>/` for post-mortem analysis. Activates by writing `.ievo/debug.flag` (project-level setting). Trigger words — "turn on debug", "verbose mode", "log everything", "trace level", "debug logging".

deep-review

Structured 10-point gap-detection review of a diff before commit. Spawns a deep-reviewer subagent for independent eyes (fresh context, separate token budget). Catches issues that survive pre-commit hooks, linters, and test suites but surface in human PR review — completeness gaps, test/impl drift, dead code from partial refactors, naming/behaviour mismatch, doc-paraphrase drift, cross-file consistency, error-path coverage, API contract fidelity, security surface, and concurrency/state. Supports scope modes — staged changes (default), working tree, or arbitrary git range. Use before committing significant changes, after a refactor, or when you want a second opinion on a diff.

evolution

Capture a lesson and add it to the appropriate evolution overlay — a per-agent file, per-skill file, or project-wide rules file. Use when the user identifies a behavior to improve, a mistake to prevent, a project convention, a team role, a tech-stack constraint, or any pattern worth persisting beyond the current session. Appends to `.ievo/evolution/<scope>/<name>.md` (overlay file). The agent/skill body is never modified — overlays are read at dispatch time via a one-time marker injection.

Data & Documents Listed

feedback

Submit feedback about the iEvo plugin — bug reports, feature requests, suggestions, or general comments. Posts as a GitHub issue in `ievo-ai/skills` via `gh` CLI. Use when the user says "send feedback", "report a bug", "this didn't work", "I want to suggest a feature", "where do I file an issue for iEvo", or after iEvo has done something the user would want to comment on.

Data & Documents Listed

handoff

Compact the current conversation into a portable handoff document for a fresh agent session. Solves the context-window degradation problem — reasoning quality drops past ~120k tokens, so instead of /compact (lossy summarization), branch out-of-scope work into a focused parallel session with curated context. Produces a Markdown document with the next session's purpose, relevant context excerpts, suggested iEvo skills, artifact pointers (file paths, PR/issue links), and redacted secrets. Saved to OS temp dir for easy copy-paste into a new session. Use when the user says "hand off", "hand this off", "create a handoff", "branch this to another session", "pass context to next session", "start a new session for X", or invokes /ievo:handoff.

Data & Documents Listed

hooks-setup

Configure Claude Code lifecycle hooks for iEvo pipeline events — init complete, security RED verdict, evolution captured, and (optional) all-background-agents-complete via a Stop hook. Writes PostToolUse and Stop hook entries to `.claude/settings.json` using exec-form (`args: string[]`) and optionally `terminalSequence` for desktop notifications. Use when the user asks "notify me when ievo finishes", "add hooks for ievo", "set up ievo notifications", "tell me when background agents are done", or "configure ievo lifecycle hooks". Requires Claude Code v2.1.139+ (for `args` exec-form); `terminalSequence` notifications further require v2.1.141+ and an iTerm2/WezTerm-class terminal. The optional Stop hook for background-complete requires v2.1.145+ for the `background_tasks` and `session_crons` fields in the Stop hook input.

index-repos

Enumerate the full content of one or more GitHub repos that host Claude Code skills, agents, and plugins. Thin wrapper around `scripts/scan_repo.mjs` (deterministic Node scanner — no LLM required). Returns structured markdown indices per repo. Use when expanding a small set of candidate skills into the full breadth of what their host repos offer.

init

Initialize iEvo in the current project — discover relevant skills and agents from skills.sh and the broader GitHub ecosystem (via own discover.mjs script, no prereq install), audit them for safety via senior-security-engineer review, install through an interactive interview. Composes two lower-level skills (index-repos, security-check) plus discover.mjs + repo-indexer + security-auditor sub-agents into a complete setup pipeline. Use when the user runs `/ievo:init`, opens a new project that does not yet have `.ievo/`, or asks "set up iEvo here" / "find skills for this project".

Testing & QA Listed

inspect

Pre-install structured summary of a remote skill/plugin repo. Fetches the repo tree and key files via gh API, then renders a human-readable capability overview — skills, agents, commands, scripts, permission footprint — without triggering discovery, security scan, or install. Use when the user asks "what does owner/repo contain", "inspect this skill before install", "show me what's in owner/repo", "summarise owner/repo without installing", "what skills does this repo have", or invokes /ievo:inspect <owner>/<repo>.

overlay-status

Surface the current state of iEvo evolution overlays in this project. Lists every overlay under `.ievo/evolution/` grouped by scope (project, agents, skills), with a one-line summary + last-modified date per file. Use when the user asks "what evolutions have I captured", "show my iEvo overlays", "what rules are active in this project", "list installed overlays", "summarize .ievo/evolution". Read-only — never modifies, deletes, or rewrites overlay content. Closes the legibility gap iEvo's own `coverage-audit.md` flagged as "Standalone 'list installed iEvo overlays' command".

schedule

Configure a Claude Code Routine for periodic iEvo operations — recurring security audits, skill-update checks, or custom iEvo commands on a cron schedule. Three-step wizard: pick operation (security audit / skill refresh / custom), pick frequency (daily / weekly / monthly / custom cron), confirm and create. Uses Claude Code Routines for Anthropic-managed execution. Falls back to CI cron instructions when Routines are unavailable (API-key auth, Free plan). Use when the user asks "schedule an iEvo audit", "set up weekly security scan", "automate iEvo", "run iEvo on a schedule", "periodic security check", or "create a routine for iEvo".

security-check

Vulnerability assessment by a senior application security engineer for a skill, agent, or plugin (Claude Code or Codex marketplace item) before installation. Domain expertise — prompt injection, credential exfiltration, supply-chain compromise, hook abuse, indirection attacks, encoded payloads, social engineering in technical artifacts, tool-model bypass. Deep content review across SKILL.md/agent.md body + ALL dependencies (scripts/, references/, assets/, bundled plugin files). Threat detection by expert reasoning, not regex. Returns structured verdict (GREEN/YELLOW/RED) with cited evidence (file + excerpt + concern). Invoked by the security-auditor agent in parallel per selected item. Use before installing ANY third-party skill, agent, or plugin.

vuln-scan

CWE-aware deep source code vulnerability scan for a single module or file set, inspired by Project Glasswing. Uses AI reasoning (not regex) to trace data flows, detect vulnerabilities, and validate findings via complete exploit chains. Every finding requires an attack narrative (entry point, data flow, impact); no chain means no finding. Applied per-module by the vuln-scanner agent, orchestrated by the /ievo:vuln-scan command. Covers OWASP top 10, CWE-anchored threat taxonomy (injection, auth bypass, crypto misuse, data exposure, race conditions, deserialization, path traversal, SSRF, business logic, supply chain).