Engineering Playbook

A set of commands and guides for structuring development workflows, architectural decisions, code reviews, and team operations.

Built on two complementary frameworks:

The Preamble - How teams think together (peer collaboration, correctness over agreement)
Design Rules - What teams build toward (clarity, simplicity, resilience, extensibility)

Every command in the playbook assumes both. Every workflow integrates both.

Start Here

Want the thinking, not the commands? Read The Playbook - five chapters on how teams think together, what they build toward, and how to adopt it. About thirty minutes cover to cover.

New to the playbook? Read Why We Build Playbooks for the full philosophy, or jump to Getting Started for a scenario-based introduction.

Looking for a specific command? Browse the sidebar by category, or use search (press S).

Adopting for your team? See the Adoption Guide for team-size-specific paths.

Not using Claude Code? See Using With Other Tools for adaptation guides.

How It Works

The playbook provides a three-step daily ritual:

scope → code → review

Scope captures what you’re building. You code without interruptions. Review checks your work against relevant quality perspectives and commits when it passes.

Beyond the daily ritual, the playbook includes planning tools, architecture patterns, multi-perspective review workflows, deployment guides, incident response, and team operations.

See Workflows for the full picture, or Recipes for real-world examples.

Browse by Category

Use the sidebar to explore commands organized by workflow sequence within each category: Core, Development, Planning, Reviews, Deployment, Repo, Templates, Utilities, and People.

The Integration Guide shows how commands compose into workflows.

Engineering Playbook: A Complete Philosophy for High-Performance Teams

Every engineering team faces the same challenges: preventing regressions, maintaining code quality across a growing codebase, onboarding new team members, responding to incidents, and shipping features without burning out. These are solved problems. Yet most teams reinvent the solutions over and over-in slightly different ways, each time losing efficiency.

The Engineering Playbook is a complete decision framework grounded in two complementary philosophies:

The Preamble - How teams think together (peer collaboration, psychological safety, correctness over agreement)
Design Rules - What teams build (clarity, simplicity, robustness, extensibility)

It’s not a tool; it’s a set of repeatable processes that work together to make quality the default, not something that requires heroic effort. The playbook codifies both how to think as a team and how to build systems well.

The Problem We’re Solving

Development teams typically struggle with:

Quality Variability - Code review rigor depends on who’s reviewing. Some PRs get deep scrutiny; others barely get looked at. Testing practices differ by project. Standards aren’t documented, so they’re inconsistently applied.

Context Loss - Architectural decisions get made in Slack and forgotten. Six months later, someone asks “why did we design it this way?” and nobody remembers. New team members don’t understand the reasoning behind major decisions.

Incident Chaos - When production breaks, the response depends on who’s on call. There’s no standard assessment process, no documented playbooks for different severity levels, no postmortem template. Teams repeat the same mistakes.

Onboarding Friction - New team members spend weeks or months learning unwritten cultural norms. “Here’s how we do code review.” “Here’s how we do releases.” “Here’s the definition of done.” All spoken, never documented.

Distributed Team Challenges - Async teams struggle with alignment. Standups don’t work. Knowledge stays siloed. Reviews get blocked waiting for timezone-appropriate feedback.

Knowledge Silos - When key people leave, they take institutional knowledge with them. There’s no systematic knowledge transfer process.

These problems aren’t unique to your team. They’re solved problems. The playbook gives you the solution, ready to adapt to your context.

Why Existing Approaches Fall Short

Many teams try to solve these with:

Heavy processes - Mandatory meetings, extensive checklists, extensive documentation that nobody maintains. These reduce agility instead of improving quality.

Light processes - “Just use your judgment” and “communicate well.” This works for 5-person teams but breaks down at scale. Without documentation, standards drift. New team members get inconsistent guidance.

Off-the-shelf frameworks - Scrum, Kanban, SAFe. These address how to organize work, not how to execute it well. They don’t cover code quality, architectural decisions, incident response, or knowledge transfer.

Tool-based solutions - PR checklist bots, automated testing, linters. These catch some issues but can’t replace judgment. They also create false confidence: “tests passed, so we’re good,” when actually test coverage is incomplete.

The playbook bridges this gap. It’s a structured framework that enforces quality gates but remains flexible enough to adapt to your team’s needs. It’s documented so knowledge isn’t lost. It’s integrated so all the pieces work together as a system, not isolated commands.

The Playbook Philosophy: Two Complementary Frameworks

The playbook is built on a unique insight: Quality comes from HOW teams think together AND WHAT they build.

The Two Frameworks Work Together

WITHOUT THE PREAMBLE: Teams apply design rules but debate endlessly about “correctness” without reaching decisions. Status matters more than ideas. Disagreement creates conflict instead of better code.

WITHOUT DESIGN RULES: Teams collaborate well but build systems that are hard to maintain, overly complex, or fragile. Good intentions don’t prevent architectural mistakes or performance problems.

WITH BOTH: Teams collaboratively decide on technically sound systems. Peer thinking enables open discussion of trade-offs. Design rules give concrete language for critiquing ideas. The result: faster decisions, better systems, psychological safety with technical excellence.

The Preamble: How Teams Think Together

The Preamble establishes four core principles about collaboration:

Correctness Over Agreement - Find the right answer, don’t defer to authority
Critical, Not Servile - Challenge ideas professionally, surface problems early
Truth Over Tone - Direct feedback beats careful politeness
Think Holistically - Optimize for team outcomes, not individual concerns

In practice: Code reviewers surface flaws, not just approve. Architecture decisions are documented so they can be intelligently challenged. Disagreement is professional. Silence is viewed as complicity. Failures become learning.

Design Rules: What We Build

Design Rules are 17 classical principles organized into 4 clusters:

CLARITY - Systems are obviously correct; interfaces are unsurprising
- Clarity, Least Surprise, Silence, Representation
SIMPLICITY - Elegant design with complexity only where justified
- Simplicity, Parsimony, Separation, Composition
RESILIENCE - Reliable systems that fail loudly and recover well
- Robustness, Repair, Diversity, Optimization
EXTENSIBILITY - Systems designed to adapt and evolve
- Modularity, Economy, Generation, Extensibility

In practice: Code review checks “Does this embody Clarity?” not just “Is this correct?” Architecture decisions are evaluated against design rules. When design rules conflict (Simplicity vs. Robustness), the decision framework makes trade-offs explicit.

How They Enable Each Other

Preamble enables Design Rules - Psychological safety makes it safe to discuss design principles and trade-offs without defensiveness
Design Rules anchor Preamble - When teams have design principles to reference, disagreement becomes technical, not personal
Together - Teams build systems that are both technically sound AND arrived at through trustworthy processes

Core Beliefs Behind the Playbook

1. Quality Shouldn’t Require Heroic Effort

Good processes make quality the default. The playbook instills review, testing, and security checks into every workflow-not as optional extras, but as built-in steps. This removes the question “should we review this?” (Answer: always.) It removes the question “should this be tested?” (Answer: always.)

When quality is the default, nobody has to argue for it.

2. Teams Learn Faster with Documented Patterns

Architectural decisions have reasons. Design patterns solve problems. These don’t need to be reinvented. The playbook provides a pattern library for async systems, database optimization, distributed systems, and core architecture-with real-world examples and trade-offs documented.

Don’t reinvent. Iterate on proven approaches.

3. Async-First Communication Scales Better

The playbook is designed for distributed teams. Instead of “let’s sync up,” it uses structured async patterns: decision records, standup templates, knowledge transfer checklists. Async-first doesn’t mean no synchronous communication; it means documenting decisions so people can participate across time zones.

4. Multi-Perspective Review Catches More Issues

A single code reviewer can miss things. The playbook uses five perspectives on every major piece of code:

Code quality - Clarity, Modularity (design rules in practice)
Security - Robustness, Transparency (design rules in practice)
Product alignment - Simplicity, Clarity (design rules in practice)
Testing - Robustness, Repair (design rules in practice)
Performance - Optimization discipline (design rules in practice)

These perspectives catch different issues using design rules as shared language. A performance engineer might miss a security vulnerability. A security engineer might miss a test coverage gap. Together, they create a high bar for quality.

5. Structured Processes Enable Faster Iteration

Counterintuitive, but true: more process, faster delivery. Not because of the process itself, but because it reduces rework and prevents problems.

When you have a structured incident response process, you respond faster and make fewer mistakes. When you have documented architectural decisions grounded in design rules, design reviews move faster because context is already there. When you have a testing framework, developers write fewer bugs and spend less time in QA cycles.

The playbook provides the structure. You decide how strictly to enforce it based on change size.

How It Works: The Integrated System

The playbook isn’t 52 independent commands. It’s an integrated system grounded in two foundational frameworks that all others build on:

Foundational Frameworks

Two documents establish the complete philosophy:

/pb-preamble - How teams think together (peer collaboration, psychological safety, correctness)
/pb-design-rules - What teams build (17 classical design principles in 4 clusters)

Every command in the playbook assumes both frameworks. Every workflow integrates both.

Core Foundation Commands

Three commands translate the frameworks into SDLC structure:

/pb-guide - The SDLC framework with 11 phases and quality gates (assumes preamble + design rules)
/pb-standards - Working principles and collaboration norms (grounded in both frameworks)
/pb-templates - Reusable commit, PR, and testing templates (guides both preamble and design rule thinking)

Planning Before Building

Before writing code:

/pb-plan - Define scope, acceptance criteria, success metrics, risks
/pb-adr - Document architectural decisions with rationale and trade-offs
/pb-patterns - Reference architectural patterns for your specific problem
/pb-observability - Plan monitoring before implementation
/pb-performance - Identify performance requirements upfront

Iterative Development with Built-In Quality Gates

Code flows through the same review loop repeatedly:

/pb-start - Create a feature branch with clear scope
/pb-cycle - Self-review, then peer review, iterate
/pb-testing - Unit, integration, end-to-end tests
/pb-security - Security checklist
/pb-standards - Code style and patterns
/pb-commit - Atomic commits with meaningful messages
/pb-pr - Pull request with context for reviewers

Multi-Perspective Review

Different reviewers bring different lenses:

/pb-review-hygiene - Code quality and maintainability
/pb-security - Security review
/pb-review-tests - Test coverage
/pb-logging - Logging standards
/pb-review-product - Product alignment

Safe Release

Before production:

/pb-release - Pre-release checklist
/pb-release - Final gate by senior engineer
/pb-deployment - Strategy choice (blue-green, canary, rolling)

Incident Response

When things break:

/pb-incident - Assessment, severity, mitigation, recovery
/pb-observability - Monitoring and alerting strategy
Post-incident review with /pb-adr to document lessons learned

Team Operations

Scaling beyond one person:

/pb-standup - Async daily standups for distributed teams
/pb-knowledge-transfer - Structured knowledge transfer
/pb-onboarding - Structured team member onboarding
/pb-team - Retrospectives, feedback, growth

PREAMBLE: How teams think → DESIGN RULES: What they build
(Peer thinking, challenge assumptions) (Clarity, Simplicity, Robustness, Extensibility)
         ↓                                    ↓
    PLAN ← Scope + Architecture → DEVELOP ← Iterate + Test → REVIEW
     ↓ (with architecture decisions)  ↓ (with design rules)  ↓ (checking design rules)
     └─────────→ RELEASE ←──────────────────────┘
                   ↓
                OPERATE ← Monitor & Measure
                   ↓
            INCIDENT? ← Assess & Mitigate
                   ↓
               RECOVER ← Design for Robustness
                   ↓
        Document & Learn → Back to PLAN

Every step of the workflow is guided by both Preamble (peer thinking) and Design Rules (technical excellence).

Real-World Architecture: Where It Fits

The playbook sits at the intersection of code, people, and process:

graph TB
    subgraph "Code Level"
        A["Version Control<br/>(Git)"]
        B["Code Quality<br/>(Linters, Tests)"]
        C["Architecture<br/>(Patterns, Design)"]
    end

    subgraph "Process Level"
        D["Code Review<br/>(Multi-perspective)"]
        E["Release Management<br/>(Safe deployment)"]
        F["Incident Response<br/>(Systematic)"]
    end

    subgraph "People Level"
        G["Onboarding<br/>(Structured)"]
        H["Knowledge Transfer<br/>(Documented)"]
        I["Team Dynamics<br/>(Retrospectives)"]
    end

    A --> D
    B --> D
    C --> D
    D --> E
    E --> F
    F --> H
    H --> G
    G --> I

    style A fill:#e3f2fd
    style B fill:#e3f2fd
    style C fill:#e3f2fd
    style D fill:#fff3e0
    style E fill:#f3e5f5
    style F fill:#ffebee
    style G fill:#e1f5e1
    style H fill:#e1f5e1
    style I fill:#e1f5e1

When to Apply Full Process

For large, architectural changes (L-tier), you use all 11 sections:

Intake & clarification
Scope lock
Design & trade-offs
Implementation plan
Development (with testing, security, standards)
Testing & QA
Documentation
Pre-release review
Deployment
Monitoring & alerting
Post-deployment verification

When to Apply Lighter Process

For a simple bug fix (XS-tier), you use only the essential sections:

Brief intake (1 line in commit)
Fix the bug
Self-review
Atomic commit
Deploy and verify

The same playbook, right-sized to the change. No overhead for small changes. No skipped quality gates for any change.

Key Design Decisions

Decision 1: Why Change Tiers (XS / S / M / L)?

What we chose: Tier-based process that adjusts rigor based on change size.

Rationale:

Typo fixes and bug fixes don’t need the same overhead as architectural changes
But all changes need quality gates (testing, review, documentation)
Tier-based approach lets teams be fast on small changes and thorough on large ones
It also makes the process transparent: “This change is M-tier, so we need tech lead approval”

Alternative we rejected:

Single fixed process for all changes - too heavy for small changes, creates burnout
No process - fast initially, but quality degrades at scale

Decision 2: Why Multi-Perspective Review?

What we chose: Different reviewers (code, security, product, test, performance) instead of one person reviewing everything.

Rationale:

A single reviewer is a bottleneck and also has blindspots
A security engineer might miss test coverage gaps
A performance engineer might miss design issues
Different perspectives catch different issues
For large changes, multiple reviewers provide redundancy: if one misses something, another catches it

Alternative we rejected:

Single reviewer - faster but lower quality
All reviewers always - slower, creates meetings bloat

Decision 3: Why Documented Architectural Decisions?

What we chose: /pb-adr command for recording decisions with rationale, trade-offs, and lessons learned.

Rationale:

Architectural decisions are made once but affect the codebase for years
Without documentation, future team members don’t understand “why” and make bad changes
ADRs become institutional memory that survives team turnover
Design reviews become faster when context is already documented

Alternative we rejected:

Decisions in Slack - Lost when channel scrolls, no context for future developers
Comments in code - Doesn’t scale, gets out of sync
Wiki - Often abandoned, outdated, nobody knows where to look

Decision 4: Why Async-First for Distributed Teams?

What we chose: Structured async communication (standups, PRs, knowledge transfer) instead of sync meetings.

Rationale:

Sync meetings don’t work well across 8+ time zones
Async communication forces documentation, creating a record
Async-first doesn’t mean no sync meetings; it means sync is intentional, not default
People can think through complex topics instead of having to respond in real-time
Time zones become irrelevant

Alternative we rejected:

Sync meetings for everything - 8am one timezone is 6pm another
Async communication with no structure - Decisions get lost, context disappears

Decision 5: Why Checkpoints Instead of Continuous Deployment?

What we chose: Structured gates (scope lock, design approval, release approval) instead of pushing every commit straight to production.

Rationale:

Gates catch mistakes before they reach production
They create opportunities for feedback on approach before implementation
They provide a paper trail for audits and incident investigation
They’re checkpoints, not blocks: a good design review takes 1 hour and prevents 2 weeks of rework

Alternative we rejected:

No gates (continuous deployment) - Fast but mistakes reach production
Heavy gates (multiple sign-offs) - Slower, creates bottlenecks

When to Use the Playbook

Excellent Fit

New teams establishing culture and practices from day one
Growing teams (5 → 50+ people) that need to scale processes
Distributed teams working across time zones
High-quality codebases where mistakes are expensive
Teams using agentic development tools (Claude Code or others) optimizing workflows
Organizations wanting to codify and transfer institutional knowledge

Not Ideal For

Tiny teams (< 3 people) - Overhead outweighs benefits
Prototypes that will be thrown away - Too much documentation
Teams with deeply established workflows that work well - Migration cost too high
Language-specific frameworks you’re deeply committed to (domain-specific commands exist but not complete)

Starting Points

Greenfield project: Follow Scenario 1 (plan → architecture → develop → release)
Existing codebase: Follow Scenario 2 (audit → establish baseline → integrate gradually)
Individual developer: Use individual commands as needed; build as you grow
Distributed team: Start with /pb-standup, /pb-knowledge-transfer, /pb-adr

Measuring Success

The playbook’s value shows up in:

Faster Code Review

With documented architecture, reviewers don’t need to ask “why is it designed this way?”
With clear standards, reviewers don’t need to nitpick style
Multi-perspective review happens in parallel, not sequentially

Fewer Regressions

Quality gates (testing, security, documentation) catch issues before production
Atomic commits make it easy to identify which change broke something
Documented decisions prevent breaking changes from architectural misunderstandings

Easier Onboarding

New team members read /pb-guide and understand the SDLC
ADRs explain “why” for every major decision
Structured standup templates and knowledge transfer process accelerate knowledge sharing

Faster Incident Response

/pb-incident provides a systematic assessment process
Pre-documented rollback steps mean faster recovery
Postmortem template ensures lessons are captured

Lower Burnout

Structured processes mean less “how do we do this?” Slack threads
Clear quality gates mean less endless revision cycles
Async-first communication means less context-switching across time zones

Implementation Philosophy

The playbook isn’t a “fork and use” system. It’s a “fork, read, adapt, and use” system.

Each command includes:

How it works - Concrete steps and examples
Why we do it - Rationale and philosophy
Where to customize - Instructions on adapting to your team

Your team’s context matters:

Size - XS team vs. 100-person org
Domain - Security-critical vs. user-facing frontend
Maturity - Greenfield vs. 10-year-old codebase
Culture - Startup vs. enterprise vs. open source

The playbook provides the framework. You adjust the rigor based on context.

What’s Included

Complete Framework + Command Library

Foundational Frameworks - /pb-preamble, /pb-design-rules (with expansions on specific contexts)

Complete philosophy for peer collaboration and technical design
Preamble expansion guides for async teams, power dynamics, decision discipline
Design Rules organized into 4 clusters with decision framework

Core Foundation - /pb-guide, /pb-standards, /pb-documentation, /pb-templates

SDLC framework with right-sized rigor
Collaboration norms and quality standards
Reusable templates for commits, PRs, decisions

Planning - /pb-plan, /pb-adr, /pb-patterns* (multiple families: async, core, database, distributed, security, cloud), /pb-performance, /pb-observability, /pb-deprecation

Scope planning and architectural decisions
Pattern library with trade-offs
Design considerations before implementation

Development - /pb-start, /pb-cycle, /pb-resume, /pb-commit, /pb-pr, /pb-testing, /pb-standup, /pb-todo-implement, /pb-knowledge-transfer, /pb-what-next

Feature branch establishment with clear scope
Iteration cycles with self and peer review
Atomic commits and pull requests
Testing, async communication, knowledge transfer
Contextual command recommendations

Deployment - /pb-deployment, /pb-incident

Deployment strategies (blue-green, canary, rolling)
Incident assessment, response, and recovery

Release - /pb-release

Pre-release checklists and production sign-off

Review - /pb-review* (comprehensive, code, product, tests, docs, hygiene, microservice, prerelease), /pb-security, /pb-logging

Multi-perspective code review with design rules as shared language
Specialized audits (security, logging, architecture)

Repository - /pb-repo* (init, organize, readme, about, blog, enhance)

Greenfield project initialization
Repository structure and documentation

People - /pb-onboarding, /pb-team

Structured team member onboarding
Retrospectives and team dynamics
Knowledge transfer processes

Reference - /pb-context

Project working context and decision log template

Documentation

Frameworks - Preamble and Design Rules with practical integration guides
Command reference with real-world examples
Integration guide showing framework and command relationships
Decision guide for choosing the right command
Getting started scenarios for different situations
Quick references for daily lookup

Ready to Install

git clone https://github.com/vnykmshr/playbook.git
cd playbook
./scripts/install.sh  # Creates symlinks in ~/.claude/commands/

All commands are immediately available in Claude Code.

The Bigger Picture

Engineering teams face the same challenges repeatedly. The Playbook solves them with a complete philosophy that combines two complementary frameworks:

How It Works

The Preamble (HOW teams think) - Establishes peer collaboration, psychological safety, correctness over agreement
Design Rules (WHAT teams build) - Classical principles ensuring clarity, simplicity, robustness, extensibility
Together - Enable teams to build systems that are both technically excellent AND arrived at through trustworthy processes

What This Enables

Codifying proven practices - Don’t invent, iterate (grounded in design rules)
Documenting the “why” - Future decisions are informed by past decisions (enabled by preamble thinking)
Integrating systems - Commands work together as a coherent whole, not in isolation
Right-sizing rigor - Lightweight process for small changes, thorough for large ones
Scaling across time zones - Distributed teams stay aligned through structured async communication

The Result

Teams that ship faster, maintain higher quality, respond to incidents better, and experience less burnout.

Quality becomes the default. Not because of individual heroics, but because:

Good processes are embedded in how work gets done (preamble thinking)
Sound design is enforced at every step (design rules)
Both frameworks work together to enable trust and excellence

Getting Started

Learn the Foundations First

The Preamble → Understand how teams think together: peer collaboration, challenge assumptions, correctness over agreement.

Design Rules → Understand what you build: 17 principles organized in 4 clusters (Clarity, Simplicity, Resilience, Extensibility).

Then Pick Your Scenario

Scenario 1: New Project → From greenfield to production with clear architecture and quality gates.

Scenario 2: Existing Codebase → Gradually adopt playbook practices without disrupting current flow.

Scenario 3: Daily Developer Workflow → See how a developer uses the playbook during a typical day.

Scenario 4: Code Review → Structure code review from multiple perspectives using design rules as shared language.

Scenario 5: Incident Response → Respond to production issues systematically, learning from failures.

Or Explore by Category

Browse the full command reference, decision guide, or quick references for daily use.

The Complete Philosophy

The playbook isn’t just documentation. It’s a decision framework that makes good development practices the default.

By integrating Preamble (peer thinking) with Design Rules (technical excellence), the playbook enables teams to:

Think together without hierarchy - Challenge assumptions professionally, surface problems early
Build systems that endure - Systems are clear, simple, and reliable by design
Ship confidently - Quality gates catch mistakes before they reach production
Scale without meetings - Distributed teams stay aligned through structured async communication
Sustain momentum - Good processes prevent burnout, not increase it

The culmination of this work is a complete engineering philosophy-not separated into “soft skills” and “technical skills,” but integrated as a unified whole. Teams that adopt both the Preamble and Design Rules don’t just write better code. They build better teams.

Getting Started with the Engineering Playbook

Welcome to the Engineering Playbook! This guide will help you get up and running quickly.

Installation

See Installation & Setup in the main README for prerequisites and installation steps.

Quick summary:

git clone https://github.com/vnykmshr/playbook.git
cd playbook
./scripts/install.sh

With Claude Code: Commands available as skills (e.g., /pb-start) Without Claude Code: Read command files as Markdown (see Using Playbooks with Other Tools)

Quick Start: Five Scenarios

Pick the scenario that matches your situation:

Scenario 1: Starting a New Project

You’ve decided to build something new. Here’s how to establish a strong foundation:

# Step 1: Plan the project
/pb-plan              # Define scope, success criteria, phases

# Step 2: Set up repository
/pb-repo-init         # Initialize directory structure
/pb-repo-organize     # Clean folder layout
/pb-repo-readme       # Write compelling README

# Step 3: Document architecture
/pb-adr               # Record architectural decisions
/pb-patterns          # Reference relevant patterns

# Step 4: Begin development
/pb-start             # Create feature branch
/pb-cycle             # (Repeat) Self-review → Peer review → Commit
/pb-pr                # Create pull request

# Step 5: Release
/pb-release           # Pre-release checklist
/pb-deployment        # Choose deployment strategy

See: Integration Guide for complete workflow with step-by-step guidance

Scenario 2: Adopting Playbook in Existing Project

Your project already has code and processes. Let’s integrate the playbook gradually:

# Step 1: Understand current state
/pb-context           # Document project context and decisions
/pb-review-hygiene       # Audit existing code quality
/pb-review-hygiene    # Identify technical debt

# Step 2: Establish baseline
/pb-standards         # Define working principles for your team
/pb-guide             # Learn the SDLC framework
/pb-templates         # Create commit/PR templates

# Step 3: Begin structured development
/pb-start             # First feature with new workflow
/pb-cycle             # Use quality gates for code review
/pb-commit            # Structured commits

# Step 4: Scale practices
/pb-team              # Team retrospectives
/pb-knowledge-transfer # Document tribal knowledge
/pb-review-*          # Periodic reviews (monthly, quarterly)

# Step 5: Continuous improvement
/pb-incident          # Handle production issues systematically
/pb-adr               # Document major decisions
/pb-performance       # Optimize when needed

See: Integration Guide → “Scenario 2: Adopting Playbook”

Scenario 3: Typical Developer Day

You’re in the middle of a feature sprint. Here’s your daily rhythm:

# Morning: Get context
/pb-resume            # Recover context from yesterday
/pb-standup           # Write async standup for team

# Development: Code → Review → Commit (repeat)
/pb-cycle             # Self-review changes
  # Includes: /pb-testing, /pb-security, /pb-standards, /pb-documentation

/pb-commit            # Atomic, well-explained commit

# Before lunch: Big picture
/pb-context           # Refresh project context (decisions, roadmap)
/pb-patterns          # Reference patterns for next component

# Afternoon: Ready to merge?
/pb-cycle             # Final self-review
/pb-pr                # Create pull request with context

# End of day: Status
/pb-standup           # Update team on progress, blockers

See: Integration Guide → “Workflow 1: Feature Development”

Scenario 4: Code Review

A PR is ready for review. As a reviewer, you can follow a structured approach:

/pb-review-hygiene       # Code quality checklist
/pb-security          # Security perspective
/pb-review-tests      # Test coverage and quality
/pb-logging           # Logging standards verification
/pb-review-product    # Product alignment (if user-facing)

Each command provides a different lens on the same code, catching different categories of issues.

Scenario 5: Incident Response

Production is down. Execute quickly:

/pb-incident          # Assess severity, choose mitigation
  # Options: Rollback (fastest), Hotfix, Feature disable

/pb-observability     # Monitor recovery

# After incident (within 24h)
/pb-incident          # Comprehensive review
/pb-adr               # Document decision to prevent repeat

See: Integration Guide → “Workflow 3: Incident Response”

Next Steps

I’m not sure which scenario fits me…

Use the Decision Guide to find the right command for your situation.

I need more context…

Read the Integration Guide to understand how all commands work together.

I have a specific question…

Check the FAQ for common questions and answers.

I want to browse all commands…

See the Full Command Reference organized by category.

Key Principles to Remember

Quality at Every Step

Never skip the review step. Each iteration includes self-review, testing, security checks, and peer review before committing.

Atomic, Logical Commits

Create small commits that address one concern, are always deployable, and have clear messages explaining the “why.”

Multi-Perspective Reviews

Get feedback from different angles: code quality, security, product alignment, test coverage, and performance.

Documented Decisions

Record architectural decisions so future team members understand the reasoning, not just the code.

Processes, Not Rules

Adapt the playbook to your team’s needs. These are frameworks, not commandments.

Common Questions

Q: Do I have to follow the playbook exactly? A: No. The playbook provides frameworks and best practices. Adapt them to your team’s needs and context.

Q: Can I integrate the playbook gradually? A: Yes! See Scenario 2 (Adopting Playbook in Existing Project) for a gradual integration approach.

Q: Which scenario should I choose? A: Match your situation to the 5 scenarios above. If unsure, start with Scenario 3 (Typical Developer Day) to see how commands work together.

Q: What if I have other questions? A: Check the FAQ or open an issue on GitHub.

Playbook Adoption Guide

Integrating the engineering playbook into your team’s workflow. This guide shows how to adopt across different team sizes and contexts.

Quick Start by Team Size

Startup (2-5 engineers)

Week 1: Read /pb-guide (understand 11 phases) + /pb-preamble (collaboration style)
Week 2: Start using /pb-start → /pb-cycle → /pb-commit → /pb-pr for feature work
Week 3: Add /pb-review-hygiene for peer review, /pb-standards for decision-making
Payoff: Clear development rhythm, better code review, shared decision language
Effort: 2-3 hours per engineer for onboarding

Small Team (6-12 engineers)

Phase 1 (Week 1-2):
- Run workshop: /pb-guide (SDLC overview) + /pb-preamble (team collaboration)
- Establish team norms from /pb-standards
- Pick 3-4 core commands: /pb-start, /pb-cycle, /pb-commit, /pb-pr
Phase 2 (Week 3-4):
- Add /pb-plan for feature planning
- Add /pb-review-hygiene + /pb-security for code review gates
- Document team decisions in /pb-context
Payoff: Structured planning, consistent code quality, documented decisions
Effort: 4-6 hours per engineer over 4 weeks

Medium Team (13-30 engineers)

Phase 1 (Week 1-2):
- Lead architect reads entire playbook
- Creates team guide: custom command selection + team-specific examples
- Runs workshops for different roles (frontend, backend, infra, QA)
Phase 2 (Week 3-4):
- Rollout core workflow: /pb-plan → /pb-adr → /pb-cycle → /pb-review-* → /pb-release
- Establish review ceremony using /pb-review-hygiene, /pb-review-tests
- Create project /pb-context document for current work
Phase 3 (Week 5-8):
- Integrate /pb-patterns-* into architecture discussions
- Establish release process using /pb-release + /pb-deployment
- Monitor adoption via /pb-review (periodic) and /pb-standards (decisions)
Payoff: Scaled decision-making, architecture consistency, knowledge sharing
Effort: 6-8 hours initial per engineer, 1-2 hours/week ongoing

Large Team (30+ engineers) or Multiple Teams

Phase 1:
- Platform/core team leads customize playbook
- Create role-specific subsets (frontend guide, backend guide, SRE guide)
- Run quarterly strategy sessions using /pb-preamble and /pb-design-rules
Phase 2:
- Rollout 8-week adoption program with checkpoints
- Pair experienced + new engineers on /pb-cycle and /pb-todo-implement
- Establish command adoption metrics (% using core workflow)
Payoff: Org-wide consistency, reduced onboarding time, better incident response
Effort: Ongoing, integrate into new engineer onboarding

4-Phase Adoption Pathway

Phase 1: Foundation (Weeks 1-2)

Goal: Team understands philosophy and core workflow

Activities:

Team reads /pb-guide (1-2 hours) and /pb-preamble (30 min)
Lead architect reads /pb-design-rules and creates team-specific reference
Establish working group: core decision-makers + IC representatives
Define team’s tier system (XS/S/M/L) for task sizing

Success Signals:

80%+ team members attended workshop
Shared understanding of 11 SDLC phases
Written team norms (from /pb-standards)

Phase 2: Development Workflow (Weeks 3-4)

Goal: Daily development process uses playbook

Activities:

Integrate /pb-start → /pb-cycle → /pb-commit → /pb-pr into real features
Use /pb-testing alongside /pb-cycle for test-driven development
Establish review process: /pb-review-hygiene for every PR
Create project /pb-context document for current decisions
Track metrics: % of features using playbook workflow

Success Signals:

50%+ of PRs reference playbook commands in PR description
Code review feedback uses /pb-review-hygiene language
Commit messages follow /pb-templates format

Phase 3: Planning & Architecture (Weeks 5-8)

Goal: Major decisions documented using playbook frameworks

Activities:

Next feature uses /pb-plan + /pb-adr workflow
Architecture decisions reference applicable /pb-design-rules
Team uses /pb-patterns-* for system design
Add /pb-observability and /pb-performance to planning
Establish /pb-review (monthly) and /pb-review-tests (monthly) cadence

Success Signals:

All major features have /pb-adr documents
Design discussions explicitly reference design rules
Monthly review ceremonies happening

Phase 4: Release & Operations (Weeks 9+)

Goal: Production safety and incident response follow playbook

Activities:

Implement /pb-release checklist before every release
Use /pb-deployment for deployment strategy selection
Establish incident response using /pb-incident
Connect observability to /pb-observability strategy
Run quarterly /pb-team retrospectives

Success Signals:

100% of releases use /pb-release checklist
Incident response time reduced
Team retention improved (per /pb-team feedback)

Adoption by Context

By Codebase Maturity

Stage	Focus	Key Commands
Greenfield	Structure first	`/pb-repo-init`, `/pb-plan`, `/pb-adr`, `/pb-patterns-*`
Growth	Quality gates	`/pb-cycle`, `/pb-review-*`, `/pb-testing`, `/pb-standards`
Maintenance	Consistency	`/pb-review-hygiene`, `/pb-deprecation`, `/pb-context`
Scaling	Governance	`/pb-plan`, `/pb-adr`, `/pb-design-rules`, `/pb-review`

By Team Distribution

Distribution	Approach	Key Commands
Co-located	In-person workshops, real-time decision-making	`/pb-preamble`, `/pb-cycle`, `/pb-team`
Distributed	Async decision framework, written decisions	`/pb-preamble-async`, `/pb-adr`, `/pb-context`
Mixed	Hybrid: in-person planning, async execution	`/pb-plan`, `/pb-preamble-decisions`, `/pb-standup`

By Risk Profile

Risk Level	Approach	Governance
Low-risk	Move fast, minimal gates	XS/S tier commands only
Medium-risk	Balanced approach	S/M tier with `/pb-review-hygiene`
High-risk	Multiple gates, documentation	M/L tier with `/pb-adr`, `/pb-security`
Mission-critical	All gates, design review	M/L with `/pb-release`, `/pb-incident`

Measuring Success

Adoption Metrics (Track weekly)

% of engineers actively using core commands
% of features following /pb-start → /pb-cycle → /pb-pr workflow
% of PRs using /pb-review-hygiene perspective
% of major decisions documented in /pb-adr

Quality Metrics (Track monthly)

Code review feedback quality (using design rules language)
Test coverage maintenance
Security issue density (post /pb-security adoption)
Deployment success rate (post /pb-release + /pb-deployment adoption)

Team Metrics (Track quarterly)

Time to onboard new engineer (-30% after 3 months)
Team satisfaction with decision-making (+20% per /pb-team surveys)
Incident response time (-25% average)
Knowledge retention across team transitions

Common Pitfalls & Solutions

Pitfall	Symptom	Solution
Adoption fatigue	Teams use 1-2 commands, ignore rest	Start small: focus 3-4 core commands for 4 weeks, then expand incrementally
Misaligned tier system	Features skip `/pb-plan` because “it’s just code”	Define team’s tier system explicitly; make `/pb-plan` requirement for M/L features
Design rules as dogma	Team debates “which rule applies” instead of deciding	Emphasize decision framework: rules guide, don’t dictate; preamble thinking resolves conflicts
No shared context	Engineers make decisions in isolation	Enforce `/pb-context` updates during `/pb-start`; review monthly
Review ceremonies die	Established `/pb-review` and `/pb-review-tests` → skip after month 2	Calendar invites, rotate facilitators, document findings in `/pb-context`
Preamble not internalized	Good intentions but team reverts to hierarchical decision-making	Schedule bi-weekly preamble discussion (30 min); connect to real decisions
Too much documentation	Engineers write ADRs for tiny changes	Only require `/pb-adr` for M/L features; use decision framework to know when

Implementation Checklist

Before Launch

Leadership team reads /pb-guide and /pb-preamble
Select initial command set (recommend: 5-7 commands to start)
Customize examples for your tech stack
Identify 2-3 “playbook champions” to drive adoption
Schedule workshops

Week 1-2: Kickoff

Run 60-min workshop: /pb-guide overview + /pb-preamble
Create team guide document
Establish /pb-context for current project
Share adoption timeline

Week 3-8: Rollout

Weekly 30-min “command spotlight” sessions
Include playbook reference in PR templates
Track adoption metrics
Address questions/concerns in Slack #playbook channel

Month 3+: Iterate

Run /pb-team retrospective on adoption
Refine command set based on feedback
Expand to advanced commands
Document team-specific customizations

FAQ

Q: Do we need to use ALL commands? A: No. Start with 5-7 core commands; expand based on team needs.

Q: How long does adoption take? A: 4-8 weeks to establish core workflow; 12 weeks to full integration.

Q: What if we’re already using different processes? A: Use playbook commands that fill gaps or improve existing process. Merge gradually.

Q: Should we customize the playbook? A: Yes. Keep philosophy intact; customize examples, tools, and process for your team.

Q: How do we handle team pushback? A: Connect to pain points: “ADRs solve our knowledge loss problem” or “Design rules help us debate architecture better.”

Start with Phase 1 this week. Pick 4 core commands. Add one workshop. Measure adoption in 30 days.

Workflows: How Commands Work Together

The Engineering Playbook is organized around major workflows. This page shows how commands combine to solve real problems.

Feature Development Workflow

From planning through production, here’s how commands work together to deliver features:

PLANNING PHASE        DEVELOPMENT PHASE       CODE REVIEW PHASE     RELEASE PHASE
│                     │                       │                      │
├─ /pb-plan           ├─ /pb-start            ├─ /pb-cycle           ├─ /pb-release
│                     │                       │                      │
├─ /pb-adr            ├─ /pb-cycle (iterate)  ├─ /pb-testing         ├─ /pb-deployment
│                     │                       │                      │
├─ /pb-patterns-*     ├─ /pb-testing          ├─ /pb-security        └─ Verify in
│                     │                       │                         production
├─ /pb-observability  ├─ /pb-security         ├─ /pb-logging
│                     │                       │
└─ /pb-performance    ├─ /pb-standards        ├─ /pb-review-*
                      │
                      ├─ /pb-documentation
                      │
                      ├─ /pb-commit
                      │
                      └─ /pb-pr

Step-by-Step Execution

Plan Phase (before coding)
- /pb-plan - Lock scope, define success criteria, identify risks
- /pb-adr - Document architectural decisions
- /pb-patterns-* - Reference relevant patterns (core, async, database, distributed)
- /pb-observability - Plan monitoring and observability requirements
- /pb-performance - Identify performance targets and constraints
Development Phase (iterative)
- /pb-start - Create feature branch, establish iteration rhythm
- /pb-cycle - Develop feature:
  - Write code following /pb-standards
  - Include tests as you code (/pb-testing)
  - Review logging strategy (/pb-logging)
  - Update documentation (/pb-documentation)
  - Self-review changes
  - Request peer review (quality gates)
- Repeat until feature is complete
Code Review Phase (before merging)
- /pb-cycle - Iterate on feedback if needed
- /pb-testing - Verify test coverage and quality
- /pb-security - Security checklist during review
- /pb-logging - Logging standards validation
- /pb-review-* - Additional specialized reviews as needed:
  - /pb-review-hygiene - Code quality and patterns
  - /pb-review-product - Product alignment (if user-facing)
  - /pb-review-tests - Test suite depth and coverage
  - /pb-release - Final senior engineer review
Commit & PR Phase
- /pb-commit - Create atomic, well-formatted commit(s)
- /pb-pr - Create pull request with context and rationale
Release Phase (after merge)
- /pb-release - Pre-release checklist (security, performance, docs)
- /pb-deployment - Choose deployment strategy (blue-green, canary, rolling)
- Verify in production (monitor, observe)

Incident Response Workflow

When production is down, this workflow guides rapid assessment and recovery:

INCIDENT DECLARED     ASSESSMENT               MITIGATION            RECOVERY           POST-INCIDENT
│                     │                        │                      │                  │
├─ PAGE ONCALL        ├─ /pb-incident          ├─ Rollback (fastest)  ├─ /pb-observability├─ /pb-incident
│                     │   (Severity: P0-P3)    │                      │                  │   (Root cause
├─ GATHER INFO        │                        ├─ Hotfix (targeted)   ├─ MONITOR          │    analysis)
│                     ├─ Identify root         │                      │                  │
└─ ESTABLISH          │   cause (quick)        └─ Feature disable     └─ Verify health  └─ /pb-adr
  COMMAND POST        │                           (safest)                                (Document
                      └─ Choose strategy                                                 decision)

Step-by-Step Execution

Incident Declaration (0 minutes)
- Page oncall engineer or incident lead
- Establish command post (Slack channel, bridge, etc.)
- Gather initial information (what’s broken, who’s affected, customer impact)
Assessment Phase (0-5 minutes)
- /pb-incident - Run triage checklist:
  - What’s the severity? (P0 = all users, P1 = major subset, P2 = feature, P3 = minor)
  - Quick root cause hypothesis?
  - What’s the fastest mitigation? (rollback, hotfix, disable feature)
- Decide: Rollback, Hotfix, or Feature Disable?
Mitigation Phase (5-30 minutes, depending on strategy)
- Rollback (fastest, 5-10 min) - Revert last deployment
- Hotfix (targeted, 15-30 min) - Emergency fix, test, deploy
- Feature Disable (safest, 5-15 min) - Kill feature flag, keep code
Recovery & Monitoring (30+ minutes)
- /pb-observability - Monitor key metrics during recovery:
  - Error rates returning to baseline?
  - Latency normalized?
  - User-visible impact resolved?
- Maintain open communication with stakeholders
Post-Incident (within 24 hours)
- /pb-incident - Comprehensive incident review:
  - What was the root cause?
  - How did we miss it pre-deployment?
  - What’s the permanent fix?
- /pb-adr - Document decision to prevent recurrence
- Schedule permanent fix into sprint

Team Onboarding Workflow

Bringing new team members up to speed systematically:

PREPARATION           FIRST DAY               FIRST WEEK             RAMP-UP             GROWTH & GROWTH
│                     │                       │                      │                  │
├─ /pb-onboarding     ├─ /pb-start            ├─ /pb-knowledge-      ├─ /pb-cycle        ├─ /pb-team
│   (Setup access)    │   (orientation)       │   transfer           │   (first feature)  │   (feedback)
│                     │                       │                      │                  │
├─ SETUP DEV ENV      ├─ INTRO TO CODEBASE    ├─ /pb-guide           ├─ /pb-pr           ├─ RETROSPECTIVE
│                     │                       │   (SDLC framework)   │                  │
├─ ASSIGN MENTOR      ├─ ROLE CLARIFICATION   ├─ /pb-standards       └─ Peer review     └─ CAREER
│                     │                       │   (working principles)    feedback        DEVELOPMENT
└─ DOCS ACCESS        └─ CALENDAR INVITES     └─ /pb-context
                                              (decisions, roadmap)

Step-by-Step Execution

Preparation Phase (before hire starts)
- /pb-onboarding - Prepare:
  - Set up development environment
  - Create accounts and access
  - Assign mentor/buddy
  - Gather documentation
First Day
- /pb-start - Orientation:
  - Welcome, team introductions
  - Development environment walkthrough
  - Assign initial tasks
- Set up calendar invites for regular syncs
First Week
- /pb-knowledge-transfer - Transfer knowledge:
  - System architecture overview
  - Key decision history
  - Code organization tour
- /pb-guide - Learn SDLC framework:
  - 11 phases of development
  - Quality gates
  - Review process
- /pb-standards - Learn working principles:
  - Coding standards
  - Communication norms
  - Collaboration expectations
- /pb-context - Understand project:
  - Current roadmap
  - Major decisions
  - Team priorities
Ramp-Up Phase (weeks 2-4)
- /pb-cycle - Contribute first feature:
  - Pick small feature or bug fix
  - Follow full cycle (plan → develop → review → commit → PR)
  - Get peer feedback
- Request review, fix feedback, merge PR
- Build confidence in workflow
Growth Phase (ongoing)
- /pb-team - Team feedback:
  - Retrospectives
  - 1-on-1s
  - Career development
- Increase ownership and autonomy
- Mentor future team members

Periodic Quality Reviews Workflow

Regular check-ins on different aspects of code and team health:

MONTHLY CADENCE       QUARTERLY CADENCE       AS-NEEDED
│                     │                       │
├─ /pb-review-hygiene    ├─ /pb-review-hygiene  ├─ /pb-review (comprehensive)
│   (Quality)         │   (Tech debt)        │
│                     │                       ├─ /pb-performance
├─ /pb-review-tests   ├─ /pb-review-product  │   (Bottlenecks)
│   (Coverage)        │   (Fit & vision)     │
│                     │                       ├─ /pb-review-docs
└─ /pb-logging        └─ Team retrospective   │   (Accuracy)
   (Standards)                               └─ /pb-release
                                                (Before release)

Recommended Schedule

Frequency	Review	Purpose
Monthly	`/pb-review-hygiene`	Code quality, patterns, maintainability
Monthly	`/pb-review-tests`	Test coverage, quality, edge cases
Monthly	`/pb-logging`	Logging strategy, standards, compliance
Quarterly	`/pb-review-hygiene`	Technical debt, cleanup opportunities
Quarterly	`/pb-review-product`	Feature fit, user feedback, roadmap alignment
Quarterly	Team retrospective	Team health, communication, growth
As-needed	`/pb-release`	Final gate before production release
As-needed	`/pb-review`	Comprehensive multi-perspective audit

Pattern Selection Workflow

When designing a new feature or system, follow this workflow to select and combine patterns:

UNDERSTAND PROBLEM    SELECT CORE PATTERN     IDENTIFY ASYNC NEEDS  COMPLETE DESIGN
│                     │                       │                      │
├─ Define constraints ├─ /pb-patterns-core    ├─ /pb-patterns-async  ├─ /pb-adr
│                     │   (SOA, events, etc.) │   (callbacks,         │   (Record decision)
├─ Identify goals     │                       │    promises, etc.)   │
│                     ├─ Check for conflicts/ ├─ /pb-patterns-db     ├─ /pb-observability
├─ Consider scale     │   composition         │   (pooling, etc.)     │   (Monitoring plan)
│                     │                       │                      │
└─ Review constraints └─ Validate trade-offs  ├─ /pb-patterns-       └─ /pb-performance
                                             │   distributed         (Perf targets)
                                             │   (saga, CQRS, etc.)
                                             │
                                             └─ Plan combinations

Step-by-Step Execution

Understand Problem
- Define requirements and constraints
- Identify scalability goals
- List non-functional requirements (latency, throughput, consistency)
Select Architectural Pattern (/pb-patterns-core + /pb-patterns-resilience)
- Architecture: SOA, Event-Driven, Strangler Fig (core)
- Resilience: Retry, Circuit Breaker, Rate Limiting (resilience)
- Match pattern to problem
- Check for conflicts with existing architecture
Identify Async Needs (/pb-patterns-async)
- Do you need callbacks, promises, async/await, reactive streams?
- Worker threads or job queues?
- Real-time vs. eventual consistency?
Database Considerations (/pb-patterns-db)
- Connection pooling strategy?
- Query optimization needed?
- Replication or sharding?
Distributed System Patterns (/pb-patterns-distributed)
- Multiple services / microservices?
- Need saga or distributed transactions?
- CQRS for read/write separation?
Document Decision (/pb-adr)
- Record pattern choices
- Explain trade-offs
- Document alternative considered
Plan Observability (/pb-observability)
- How will you monitor?
- Key metrics to track?
- Alerting strategy?
Set Performance Targets (/pb-performance)
- Latency requirements?
- Throughput targets?
- Resource limits?

Daily Workflow

A typical day for an engineer using the playbook:

MORNING               MIDDAY                AFTERNOON               END OF DAY
│                     │                      │                      │
├─ /pb-resume         ├─ /pb-context         ├─ /pb-cycle            ├─ /pb-pause
│ (Get context)       │ (Big picture)        │ (Final self-review)   │ (Preserve context)
│                     │                      │                      │
├─ /pb-standup        ├─ /pb-patterns        ├─ Ready to ship?       └─ Update trackers,
│ (Write standup)     │ (Plan next work)     │  → /pb-ship             document state
│                     │                      │
└─ /pb-cycle          └─ /pb-cycle           └─ Code review feedback
  (Self-review)         (Develop feature)        (Address if needed)
  (Peer review if ready)

Session boundaries: /pb-pause and /pb-resume work as bookends-pause preserves context at end of session, resume recovers it at start of next.

Shipping: When focus area is code-complete, use /pb-ship for the full journey: specialized reviews → PR → peer review → merge → release → verify.

Next Steps

Decision Guide - Find the right command for any situation
Command Reference - Browse all commands
Integration Guide - Deep dive on command relationships

Workflow Recipes

Pre-built command sequences for common development scenarios. Each recipe links commands into a coherent workflow, showing exactly when to use which command.

Philosophy: Commands are precision tools. Recipes show how to combine them effectively. Think of recipes as “playbooks within the playbook.”

Quick Reference

Recipe	Scenario	Tier	Time
recipe-bug-fix	Fixing bugs (simple to complex)	S/M	1-4 hours
recipe-feature	Building new features	M/L	Days-weeks
recipe-frontend	Frontend/UI development	M/L	Days-weeks
recipe-api	API development	M	Days
recipe-incident	Production emergencies	Emergency	Hours
recipe-context-switch	Pausing and resuming work	N/A	5-15 min
recipe-onboarding	New team member integration	N/A	Weeks
recipe-release	Pre-release preparation	L	Hours-days

Discovery tip: All recipes use the recipe- prefix for easy search and tab completion.

recipe-bug-fix

Scenario: Fixing bugs, from simple typos to complex investigations Tier: S (simple) or M (complex)

Workflow

1. /pb-start
   └─ Create fix/issue-123 branch

2. /pb-debug (if cause unclear)
   └─ Reproduce → Isolate → Hypothesize → Test

3. /pb-cycle
   └─ Fix → Self-review → Test
   └─ Repeat until fix is solid

4. /pb-commit
   └─ fix(scope): description
   └─ Fixes #123

5. /pb-pr
   └─ Summary: What was broken, how it's fixed
   └─ Test plan: How to verify

→ Merge after approval

Checklist

Bug reproduced before fixing
Root cause addressed (not just symptom)
Regression test added
No unrelated changes included

recipe-feature

Scenario: Building new features end-to-end Tier: M or L

Workflow

1. /pb-plan
   └─ Discovery: What problem? What boundaries?
   └─ Scope lock: In/out of scope, success criteria

2. /pb-adr (if architectural decisions needed)
   └─ Document alternatives, trade-offs, decision

3. /pb-start
   └─ Create feature/feature-name branch

4. /pb-cycle (repeat)
   └─ Implement → Self-review → Test
   └─ /pb-commit for each logical chunk

5. /pb-ship
   └─ Phase 1: Quality gates
   └─ Phase 2: Specialized reviews
   └─ Phase 3: Final gate
   └─ Phase 4: PR & peer review
   └─ Phase 5: Merge & release

6. /pb-release (if production deployment)
   └─ Deploy → Verify → Monitor

Checklist

Scope locked before implementation
Changes are atomic (one concern per commit)
Tests cover happy path and key edge cases
Documentation updated
No scope creep

recipe-frontend

Scenario: Frontend/UI feature development with design language and accessibility Tier: M or L

Workflow

1. /pb-plan
   └─ What problem? Who benefits?
   └─ Scope lock

2. /pb-design-language (if new project or new patterns)
   └─ Define tokens, vocabulary, constraints
   └─ Request/create required assets

3. /pb-patterns-frontend
   └─ Choose component patterns
   └─ Plan state management approach
   └─ Consider performance implications

4. /pb-start
   └─ Create feature/feature-name branch

5. /pb-cycle (repeat)
   └─ Build components (mobile-first)
   └─ /pb-a11y checks during development
   └─ Self-review → Test → Commit

6. /pb-ship
   └─ Include /pb-a11y checklist in reviews
   └─ Performance audit (bundle size, load time)

7. /pb-release
   └─ Deploy → Cross-browser testing → Monitor

Frontend-Specific Checklist

Mobile-first implemented (styles build up, not down)
Theme-aware (uses design tokens, supports dark mode)
Semantic HTML used (not div soup)
Keyboard navigable (Tab, Enter, Escape)
Screen reader tested
Assets optimized (images, fonts)
Bundle size acceptable

recipe-api

Scenario: API design and implementation Tier: M

Workflow

1. /pb-plan
   └─ Who consumes this API?
   └─ What operations needed?

2. /pb-patterns-api
   └─ Choose style (REST, GraphQL, gRPC)
   └─ Design resources/schema
   └─ Define error handling

3. /pb-adr (if significant decisions)
   └─ Document API style choice, versioning strategy

4. /pb-start
   └─ Create feature/api-name branch

5. /pb-cycle (repeat)
   └─ Implement endpoint
   └─ Write API tests
   └─ Update documentation (OpenAPI)
   └─ Commit

6. /pb-security
   └─ Authentication/authorization review
   └─ Input validation
   └─ Rate limiting

7. /pb-ship → /pb-release

API-Specific Checklist

OpenAPI/GraphQL schema documented
Error responses consistent
Authentication implemented
Rate limiting configured
Backward compatible (or version bumped)

recipe-incident

Scenario: Production incident response and recovery Tier: Emergency

Workflow

1. /pb-incident
   └─ ASSESS: What's broken? Who's affected?
   └─ MITIGATE: Rollback, disable, scale (stop bleeding)
   └─ COMMUNICATE: Status to stakeholders

2. /pb-debug (after bleeding stopped)
   └─ Reproduce → Isolate → Hypothesize
   └─ Find root cause

3. /pb-start (expedited)
   └─ Create hotfix/incident-123 branch

4. /pb-cycle (minimal)
   └─ Fix → Quick self-review → Test critical path

5. /pb-commit
   └─ fix(scope): hotfix for incident-123

6. /pb-pr (expedited review)
   └─ Sync review, not async

7. Deploy immediately
   └─ Verify fix in production
   └─ Monitor closely

8. Post-incident (within 24-48 hours)
   └─ Document timeline
   └─ Root cause analysis
   └─ Action items to prevent recurrence

Incident Checklist

Mitigation applied (bleeding stopped)
Stakeholders notified
Fix verified in production
Post-incident review scheduled

recipe-context-switch

Scenario: Pausing and resuming work across sessions Tier: N/A (operational)

Pausing Work

1. /pb-pause
   └─ Commit or stash current work
   └─ Push to remote
   └─ Update tracker (if applicable)
   └─ Write pause notes (todos/pause-notes.md)

Resuming Work

1. /pb-resume
   └─ git status, git log (current state)
   └─ Read pause notes
   └─ Sync with main (git fetch, rebase)
   └─ Verify environment (make dev, make test)

2. /pb-what-next (if unsure)
   └─ Context-aware recommendations

Context Switch Checklist

Before switching:

Work committed or stashed
Pushed to remote
Pause notes written

When returning:

Pause notes read
Branch up to date
Tests passing

recipe-onboarding

Scenario: New team member integration Tier: N/A (operational)

New Team Member Workflow

Week 1:
1. /pb-preamble
   └─ Understand collaboration philosophy
   └─ Challenge assumptions, peer thinking

2. /pb-design-rules
   └─ Understand technical principles
   └─ Clarity, Simplicity, Resilience, Extensibility

3. /pb-guide
   └─ Understand SDLC framework
   └─ Change tiers, checkpoints

4. /pb-standards
   └─ Code quality expectations
   └─ Commit and PR standards

Week 2:
5. /pb-onboarding (formal)
   └─ Codebase walkthrough
   └─ Architecture overview
   └─ Key contacts

6. First task (XS or S tier)
   └─ /pb-start → /pb-cycle → /pb-commit → /pb-pr
   └─ Experience the workflow

Week 3+:
7. /pb-knowledge-transfer
   └─ Deep dive into specific areas
   └─ Pair with senior engineer

Onboarding Checklist

Preamble philosophy understood
Development environment working
Access to all required systems
First PR merged
Key architecture understood

recipe-release

Scenario: Pre-release preparation and deployment Tier: L

Pre-Release Workflow

1. /pb-review (comprehensive)
   └─ Security audit
   └─ Performance review
   └─ Test coverage analysis
   └─ Code quality review

2. /pb-release (final gate)
   └─ Senior engineer sign-off
   └─ Go/no-go decision

3. /pb-release
   └─ Version bump
   └─ Changelog update
   └─ Tag release
   └─ Deploy to production
   └─ Smoke test
   └─ Monitor for 1-24 hours

4. Post-release
   └─ Announce release
   └─ Monitor metrics
   └─ Be ready for hotfix if needed

Release Checklist

All planned features complete
All tests passing
Security review complete
Documentation updated
Changelog updated
Rollback plan ready
Team available for monitoring

Recipe Selection Guide

What are you doing?

├─ Fixing a bug
│   └─ Simple bug? → Bug Fix recipe
│   └─ Complex investigation? → Add /pb-debug first
│
├─ Building something new
│   └─ Backend/API? → API Development recipe
│   └─ Frontend/UI? → Frontend Feature recipe
│   └─ Full stack? → Feature Development recipe
│
├─ Handling emergency
│   └─ Production down? → Incident Response recipe
│
├─ Switching context
│   └─ Leaving? → /pb-pause
│   └─ Returning? → /pb-resume
│
├─ Preparing release
│   └─ Release Preparation recipe
│
└─ Joining team
    └─ Onboarding recipe

Creating Custom Recipes

For project-specific workflows, create recipes in todos/recipes/ or docs/team-recipes.md:

## Recipe: [Name]

**When to use:** [Scenario]
**Tier:** [XS/S/M/L]

### Workflow

1. Command 1
   └─ What to do

2. Command 2
   └─ What to do

### Checklist

- [ ] Item 1
- [ ] Item 2

/pb-what-next - Intelligent command recommendations
/pb-guide - Full SDLC framework
/pb-ship - Complete shipping workflow

Frontend Development Workflow

Complete guide to frontend development using the Engineering Playbook. Covers the full lifecycle from design to deployment.

Philosophy: Mobile-first, theme-aware, accessible by default. Build the simple version first, then enhance.

Quick Start

New frontend project?

/pb-repo-init → /pb-design-language → /pb-patterns-frontend → /pb-start

Adding frontend feature?

/pb-start → /pb-patterns-frontend → /pb-a11y → /pb-cycle → /pb-ship

Frontend code review?

/pb-cycle (self-review) → /pb-a11y checklist → /pb-review-hygiene

The Frontend Command Stack

Phase	Command	Purpose
Foundation	`/pb-design-language`	Establish design tokens, vocabulary, constraints
Architecture	`/pb-patterns-frontend`	Component patterns, state management, performance
Accessibility	`/pb-a11y`	Semantic HTML, keyboard navigation, screen readers
API Integration	`/pb-patterns-api`	Backend communication patterns
Development	`/pb-cycle`	Iterate: code → self-review → test
Quality	`/pb-ship`	Full review workflow before merge

Phase 1: Foundation - Design Language

Before writing component code, establish the design language.

New Projects

/pb-design-language

This command guides you through creating:

Design tokens (colors, typography, spacing, motion)
Component vocabulary (naming conventions)
Constraints (what you don’t do)
Asset requirements (logos, icons, images)

Output: docs/design-language.md - living document that evolves with the project.

Existing Projects

If joining an existing project:

Read existing docs/design-language.md (or equivalent)
Understand the token system
Follow established vocabulary

Key Decisions at This Phase

Decision	Options	Guidance
CSS approach	CSS Modules, Tailwind, CSS-in-JS	Team familiarity, bundle size
Token format	CSS variables, Tailwind config, theme object	Framework alignment
Dark mode	CSS variables swap, class toggle, media query	User control preference
Icon system	SVG sprites, icon font, inline SVG	Bundle size, flexibility

Phase 2: Architecture - Component Patterns

Plan component structure before implementation.

/pb-patterns-frontend

Key Decisions

Component Organization:

components/
├── atoms/          # Button, Input, Icon
├── molecules/      # SearchField, UserAvatar
├── organisms/      # Header, ProductCard
├── templates/      # PageLayout, DashboardLayout
└── pages/          # Actual route pages

State Management:

State type?
├─ Single component → useState
├─ Parent-child sharing → Lift state up
├─ Deep nesting → Context
├─ Server data → React Query / SWR
├─ Complex client state → Zustand / Redux
└─ URL state → useSearchParams

Mobile-First Checklist:

Base styles are for mobile (smallest viewport)
min-width media queries (not max-width)
Touch targets 44x44px minimum
Layouts work at 320px width

Phase 3: Accessibility - Built In, Not Bolted On

Accessibility is part of development, not a separate phase.

/pb-a11y

During Component Development

For EVERY component, verify:

Semantic HTML - Using correct elements (<button>, <nav>, <main>)
Keyboard accessible - Tab, Enter, Escape work
Focus visible - Focus ring shows in all themes
Labels present - All inputs have labels (visible or aria-label)
Alt text - All informative images have alt text

Quick Semantic HTML Reference

Need	Use	Not
Clickable action	`<button>`	`<div onClick>`
Navigation link	`<a href>`	`<span onClick>`
Form field	`<input>` with `<label>`	Unlabeled input
Section heading	`<h1>`-`<h6>` in order	`<div class="heading">`
List of items	`<ul>` / `<ol>`	Multiple `<div>`

Testing Accessibility

Manual (every feature):

Tab through - logical order?
Enter/Space - activates buttons?
Escape - closes modals?
Screen reader - announces correctly?

Automated (in CI):

# axe-core in tests
npm install @axe-core/playwright

Phase 4: API Integration

When frontend needs backend data.

/pb-patterns-api

Data Fetching Pattern

// Server state with React Query
const { data, isLoading, error } = useQuery({
  queryKey: ['user', userId],
  queryFn: () => fetchUser(userId),
});

// Optimistic updates for mutations
const mutation = useMutation({
  mutationFn: updateUser,
  onMutate: async (newData) => {
    // Cancel outgoing refetches
    await queryClient.cancelQueries(['user', userId]);
    // Snapshot previous value
    const previous = queryClient.getQueryData(['user', userId]);
    // Optimistically update
    queryClient.setQueryData(['user', userId], newData);
    return { previous };
  },
  onError: (err, newData, context) => {
    // Rollback on error
    queryClient.setQueryData(['user', userId], context.previous);
  },
});

Error Handling Pattern

// Consistent error boundary
<ErrorBoundary fallback={<ErrorFallback />}>
  <Suspense fallback={<Loading />}>
    <UserProfile />
  </Suspense>
</ErrorBoundary>

Phase 5: Development Iteration

The core development loop.

/pb-cycle

Frontend Self-Review Checklist

Before requesting peer review:

Functionality:

Feature works on mobile viewport
Feature works on desktop viewport
Feature works in light mode
Feature works in dark mode
Loading states handled
Error states handled
Empty states handled

Accessibility:

Keyboard navigation works
Screen reader announces correctly
Focus management correct (modals, drawers)
Color contrast sufficient

Performance:

No unnecessary re-renders (React DevTools)
Images optimized
Bundle size reasonable

Code Quality:

Component is focused (single responsibility)
Props are minimal and clear
No hardcoded colors (use tokens)
No hardcoded breakpoints (use tokens)

Commit Pattern

# Component commits
feat(Button): add loading state variant
feat(Header): implement responsive navigation

# Style commits
style(tokens): add dark mode color variants
style(Button): adjust hover state for accessibility

# Accessibility commits
a11y(Modal): add focus trap and escape handling
a11y(Form): add aria-describedby for error messages

Phase 6: Quality - Ship Workflow

When feature is code-complete.

/pb-ship

Frontend-Specific Review Focus

Phase 2 reviews for frontend:

Review	Frontend Focus
`/pb-review-hygiene`	Component structure, prop design, dead code
`/pb-a11y`	Full accessibility checklist
`/pb-security`	XSS prevention, CSP compliance
`/pb-review-tests`	Component test coverage

Performance audit (add to Phase 2):

# Bundle analysis
npm run build -- --analyze

# Lighthouse audit
npx lighthouse http://localhost:3000 --view

Pre-Merge Checklist

All self-review items verified
Accessibility audit passed
Cross-browser tested (Chrome, Firefox, Safari)
Mobile tested (real device or emulator)
Performance acceptable (bundle size, load time)
No console errors or warnings

Common Frontend Recipes

Recipe: New Component

1. /pb-design-language
   └─ Check: Does vocabulary exist for this component?
   └─ If not: Define name, variants, states

2. /pb-patterns-frontend
   └─ Choose pattern: Atomic level, composition approach

3. Build component
   └─ Start mobile-first
   └─ Use design tokens
   └─ Add keyboard support

4. /pb-a11y checklist
   └─ Semantic HTML
   └─ ARIA if needed
   └─ Focus management

5. /pb-cycle
   └─ Self-review → Test → Commit

Recipe: Design System Update

1. /pb-design-language
   └─ Update tokens or vocabulary
   └─ Document in decision log

2. /pb-adr (if significant)
   └─ Document alternatives, trade-offs

3. Update components
   └─ One component per commit

4. /pb-ship
   └─ Visual regression check

Recipe: Accessibility Remediation

1. /pb-a11y
   └─ Audit existing component
   └─ Create issue list

2. /pb-start
   └─ Create a11y/component-name branch

3. Fix issues
   └─ One issue per commit
   └─ Test with screen reader

4. /pb-cycle → /pb-ship

Tools Quick Reference

Purpose	Tool
Component dev	Storybook
Accessibility audit	axe DevTools, WAVE
Performance	Lighthouse, WebPageTest
Bundle analysis	webpack-bundle-analyzer, Vite bundle visualizer
Cross-browser	BrowserStack, Sauce Labs
Screen reader	VoiceOver (Mac), NVDA (Windows)

/pb-design-language - Design token and vocabulary system
/pb-patterns-frontend - Component and state patterns
/pb-a11y - Accessibility deep-dive
/pb-patterns-api - API integration patterns
/pb-debug - Frontend debugging techniques
/pb-testing - Component testing patterns

Quick Decision Tree

What are you doing?

├─ Starting new frontend project
│   └─ /pb-design-language → /pb-patterns-frontend → /pb-start
│
├─ Building a component
│   └─ Check /pb-design-language → Build → /pb-a11y check → /pb-cycle
│
├─ Connecting to API
│   └─ /pb-patterns-api → /pb-patterns-frontend (state section)
│
├─ Reviewing frontend code
│   └─ /pb-a11y checklist → /pb-review-hygiene
│
├─ Fixing accessibility issue
│   └─ /pb-a11y → Fix → Test with screen reader
│
└─ Shipping frontend feature
    └─ /pb-ship (include /pb-a11y in Phase 2)

Version: 1.0

Decision Guide: Which Command Should I Use?

This guide helps you find the right command for any situation. Answer the questions to get directed to the command you need.

Quick Command Finder

I’m starting new work…

Starting a new project? → Use /pb-plan to lock scope, then /pb-repo-init to set up structure

Starting a feature or bug fix? → Use /pb-start to create a branch and establish iteration rhythm

Resuming after a break? → Use /pb-resume to get back in context

Looking at code that needs review? → Go to Code Review Questions

I’m in the middle of development…

Need to understand current patterns and architecture? → Use /pb-context to document and reference project context

Want to reference design patterns for what you’re building? → Use /pb-patterns for overview, then:

/pb-patterns-core for architectural patterns (SOA, events, repository, DTO)
/pb-patterns-resilience for resilience patterns (retry, circuit breaker, rate limiting)
/pb-patterns-async for async/concurrency patterns
/pb-patterns-db for database patterns
/pb-patterns-distributed for distributed system patterns

Ready to review your code before committing? → Use /pb-cycle for self-review and peer review

Ready to commit your changes? → Use /pb-commit to create atomic, well-formatted commits

Ready to create a pull request? → Use /pb-pr for streamlined PR creation

Need help with writing tests? → Use /pb-testing for testing philosophy and patterns

I’m reviewing code…

Reviewing a PR and need a structured approach? → Use /pb-cycle (peer review perspective) for architecture and correctness

Need to check security? → Use /pb-security for security checklist (quick, standard, or deep)

Need to check logging standards? → Use /pb-logging for structured logging validation

Need to check test coverage and quality? → Use /pb-review-tests for test suite quality review

Is this user-facing code or product change? → Use /pb-review-product for product alignment review

Doing a comprehensive code review? → Use /pb-review-hygiene for code quality and maintainability

Is this a microservice change? → Use /pb-review-microservice for service design and contract review

I’m preparing for release…

Ready to release to production? → Use /pb-release for pre-release checks and deployment readiness

Need to plan deployment strategy? → Use /pb-deployment to choose strategy (blue-green, canary, rolling)

Doing final code review before release? → Use /pb-release for senior engineer final review

Is this a major release? → Use /pb-review for comprehensive multi-perspective audit

I’m dealing with production issues…

Production is down or degraded? → Use /pb-incident for rapid assessment and mitigation

Need to monitor system behavior? → Use /pb-observability for monitoring, logging, tracing setup

After incident is resolved, need to analyze? → Use /pb-incident again for comprehensive post-mortem analysis

I’m doing architecture or planning work…

Planning a major feature or release? → Use /pb-plan to lock scope and define success criteria

Documenting an architectural decision? → Use /pb-adr for Architecture Decision Records

Need performance guidance? → Use /pb-performance for optimization and profiling

I’m working on team or organizational things…

Onboarding a new team member? → Use /pb-onboarding for structured onboarding process

Doing a knowledge transfer session? → Use /pb-knowledge-transfer for KT preparation

Want to do team retrospective or feedback? → Use /pb-team for team dynamics and growth

Writing daily standup for distributed team? → Use /pb-standup for async standup template

I’m working on repository or documentation…

Setting up a new project? → Use /pb-repo-init to initialize structure

Need to organize/clean up project directory? → Use /pb-repo-organize for repository cleanup

Writing or rewriting README? → Use /pb-repo-readme for compelling README guidance

Creating GitHub About section? → Use /pb-repo-about for GitHub presentation

Writing a technical blog post? → Use /pb-repo-blog for blog post guidance

Want to do all repository improvements at once? → Use /pb-repo-enhance for full suite

I’m setting standards or frameworks…

Need to understand the SDLC framework? → Use /pb-guide for full 11-phase SDLC with quality gates

Setting team standards and principles? → Use /pb-standards for coding standards and collaboration norms

Need templates for commits, PRs, or reviews? → Use /pb-templates for reusable templates

Need to document how this project works? → Use /pb-context for project context template

Need to write technical documentation? → Use /pb-documentation for technical writing guidance

Scenario-Based Flowchart

START
│
├─ "I'm starting something new"
│  ├─ "Entire project?" → /pb-plan → /pb-repo-init
│  ├─ "Feature/bug?" → /pb-start
│  └─ "Resuming?" → /pb-resume
│
├─ "I'm developing"
│  ├─ "Need patterns?" → /pb-patterns-*
│  ├─ "Ready to review?" → /pb-cycle
│  ├─ "Ready to commit?" → /pb-commit
│  ├─ "Ready to PR?" → /pb-pr
│  └─ "Need tests?" → /pb-testing
│
├─ "I'm reviewing code"
│  ├─ "Architecture?" → /pb-cycle
│  ├─ "Security?" → /pb-security
│  ├─ "Tests?" → /pb-review-tests
│  ├─ "Product fit?" → /pb-review-product
│  ├─ "Logging?" → /pb-logging
│  └─ "Full review?" → /pb-review-hygiene
│
├─ "I'm releasing"
│  ├─ "Pre-release?" → /pb-release
│  ├─ "How to deploy?" → /pb-deployment
│  └─ "Final check?" → /pb-release
│
├─ "Production issue"
│  ├─ "Incident?" → /pb-incident
│  └─ "Monitoring?" → /pb-observability
│
├─ "Architecture/Planning"
│  ├─ "Lock scope?" → /pb-plan
│  ├─ "Document decision?" → /pb-adr
│  └─ "Optimize?" → /pb-performance
│
├─ "Team/Org"
│  ├─ "Onboarding?" → /pb-onboarding
│  ├─ "Knowledge transfer?" → /pb-knowledge-transfer
│  ├─ "Team health?" → /pb-team
│  └─ "Daily standup?" → /pb-standup
│
└─ "Repository/Docs"
   ├─ "New project?" → /pb-repo-init
   ├─ "Organize?" → /pb-repo-organize
   ├─ "README?" → /pb-repo-readme
   ├─ "GitHub about?" → /pb-repo-about
   ├─ "Blog post?" → /pb-repo-blog
   └─ "Full polish?" → /pb-repo-enhance

By Frequency

Daily

/pb-resume - Get context
/pb-cycle - Code and review
/pb-standup - Team standup
/pb-commit - Create commits
/pb-context - Refresh project knowledge

Per Feature

/pb-plan - Lock scope
/pb-start - Create branch
/pb-testing - Add tests
/pb-security - Security gate
/pb-pr - Create pull request
/pb-commit - Logical commits

Per Release

/pb-release - Pre-release checks
/pb-deployment - Choose strategy
/pb-release - Final review

Monthly

/pb-review-hygiene - Code quality
/pb-review-tests - Test coverage
/pb-logging - Logging standards

Quarterly

/pb-review-hygiene - Tech debt
/pb-review-product - Product fit
Team retrospective

Occasionally

/pb-adr - Major decisions
/pb-patterns-* - Design decisions
/pb-performance - Optimization
/pb-incident - Production issues
/pb-observability - Monitoring setup
/pb-onboarding - New team members
/pb-knowledge-transfer - Knowledge transfer
/pb-team - Team dynamics

One-Time

/pb-repo-init - New project
/pb-repo-organize - Cleanup
/pb-repo-readme - Write README
/pb-repo-about - GitHub about
/pb-repo-blog - Tech blog post
/pb-guide - Learn framework
/pb-standards - Define standards
/pb-templates - Create templates
/pb-context - Document project

By Role

Individual Contributor

Daily: /pb-resume, /pb-cycle, /pb-standup, /pb-commit
Per feature: /pb-plan, /pb-start, /pb-testing, /pb-security, /pb-pr
As needed: /pb-patterns-*, /pb-context

Code Reviewer / Senior Engineer

Per PR: /pb-cycle, /pb-security, /pb-review-tests, /pb-review-hygiene, /pb-logging
Per release: /pb-release
Periodically: /pb-review-product, /pb-review-hygiene

Tech Lead / Architect

Per feature: /pb-plan, /pb-adr, /pb-patterns-*
Per release: /pb-release, /pb-deployment, /pb-release
Periodically: /pb-review, /pb-performance, /pb-observability

Engineering Manager

Onboarding: /pb-onboarding, /pb-knowledge-transfer
Team: /pb-team, /pb-standup, team retrospectives
Strategy: /pb-context, /pb-plan, /pb-adr

DevOps / Infrastructure

Deployment: /pb-deployment, /pb-release
Operations: /pb-incident, /pb-observability, /pb-performance
Setup: /pb-repo-organize, /pb-standards

Product Manager

Planning: /pb-plan, /pb-context
Reviews: /pb-review-product
Documentation: /pb-documentation

Next Steps

Full Command Reference - See all commands
Getting Started - Pick a scenario
Integration Guide - See how commands work together
FAQ - Common questions

Playbook Integration Guide

Complete reference for how all playbook commands work together to form a unified SDLC framework.

Complete reference for how commands compose into workflows.

Quick Start: Command Selection
Command Inventory
Specialized Review Personas
Workflow Maps
Command Clusters
Reference Matrix
Integration Patterns
Common Workflows

Quick Start: Command Selection

By Situation

Starting a new project? → /pb-plan (planning) → /pb-adr (architecture) → /pb-patterns-* (select patterns) → /pb-repo-init (setup)

Implementing a feature? → /pb-start (begin) → /pb-cycle (iterate) → /pb-commit (atomic commits) → /pb-pr (merge)

Implementing a specific todo? → /pb-todo-implement (structured checkpoint-based implementation)

Reviewing code before merge? → /pb-cycle (self-review) → /pb-review-hygiene (peer review) → /pb-security (security review)

Reviewing quality periodically? → /pb-review-tests (monthly) → /pb-review-hygiene (quarterly) → /pb-review-product (product alignment)

Deploying to production? → /pb-release (pre-release checks) → /pb-deployment (strategy selection) → /pb-observability (monitoring)

Incident response? → /pb-incident (assessment + mitigation) → /pb-observability (monitoring) → Post-incident /pb-incident (deep review)

Onboarding new team member? → /pb-onboarding (structured plan) → /pb-knowledge-transfer (KT session) → /pb-guide (SDLC overview)

Quick context recovery? → /pb-resume (get back in context) → /pb-context (refresh decision log)

Command Inventory

CORE FOUNDATION & PHILOSOPHY

These establish baseline understanding and guiding philosophy. Every engineer should know these.

#	Command	Purpose	Key Sections	When to Use	Tier
1	pb-guide	Master SDLC framework	11 phases from intake through post-release	Reference for all other commands	All
2	pb-preamble	Peer collaboration philosophy	Correctness, critical thinking, truth, holistic perspective	Foundation for all team interactions	All
3	pb-design-rules	Technical design principles	17 rules in 4 clusters (Clarity, Simplicity, Resilience, Extensibility)	When making architectural decisions	M/L
4	pb-standards	Working principles and collaboration	Decision-making, scope discipline, quality standards	Before starting any work	All
5	pb-documentation	Technical documentation at 5 levels	Code comments, APIs, system design, process docs, FAQ	When writing docs (inline with code per /pb-cycle)	M/L
6	pb-templates	Reusable SDLC templates	Commit strategy, checklists, testing standards	When creating commits, PRs, tests	All
7	pb-preamble-async	Preamble for distributed teams	Async decision-making, communication patterns	For teams working across time zones	M
8	pb-preamble-power	Power dynamics and challenge	Psychological safety, healthy disagreement, authority	For building stronger team dynamics	M
9	pb-preamble-decisions	Decision discipline through preamble	Decision frameworks, tradeoff analysis	When making complex technical decisions	M
10	pb-context	Project context and decision log	Current focus, recent decisions, architecture notes	Quick context refresh, decision tracking	All
11	pb-think	Unified thinking partner	Complete toolkit: ideate, synthesize, refine modes	Complex questions, research, multi-perspective	All

How they work together:

Read /pb-preamble and /pb-standards to understand philosophy and principles
Reference /pb-guide for framework (11 phases)
Use /pb-design-rules for technical design guidance
Use /pb-templates for format/structure
Use /pb-documentation for content quality
Use preamble expansions for specific team contexts
Use /pb-think for expert-quality collaboration (modes: ideate, synthesize, refine)

SPECIALIZED REVIEW PERSONAS (v2.11.0+)

Five specialized review agents providing complementary perspectives on code, security, reliability, product value, and documentation. Use for deep multi-perspective reviews.

#	Persona	Philosophy	Focus	When to Use	Tier
A	pb-linus-agent	Pragmatic security & directness	Correctness, assumptions, security, clarity, performance	Security-sensitive code, sensitive data, auth/payment	S/M/L
B	pb-alex-infra	Infrastructure resilience	Failure modes, degradation, deployment, observability, capacity	Infrastructure changes, deployment code, scaling	M/L
C	pb-maya-product	Product strategy & user value	Problem validation, scope, impact, alignment, maintenance burden	User-facing features, product decisions, scope discipline	M/L
D	pb-sam-documentation	Clarity & knowledge transfer	UI clarity, accessibility, error messages, code readability, docs	Frontend changes, APIs, documentation, onboarding	S/M/L
E	pb-jordan-testing	Testing quality & reliability	Coverage, error paths, concurrency, data integrity, integration	All features (testing always matters)	S/M/L

Multi-Perspective Review Workflows (combine complementary personas):

pb-review-backend - Alex (infrastructure) + Jordan (testing): For backend APIs, services, database operations
pb-review-frontend - Maya (product) + Sam (documentation): For UI/UX, components, user-facing features
pb-review-infrastructure - Alex (infrastructure) + Linus (security): For infrastructure code, deployment pipelines, security configs

Persona Composition (how to use together):

CODE REVIEW WORKFLOW WITH PERSONAS:

Single-perspective (for small changes):
  /pb-cycle (self-review)
    └─ Pick ONE persona based on change type:
         ├─ Security issue? → /pb-linus-agent
         ├─ Performance issue? → /pb-alex-infra
         ├─ Feature validation? → /pb-maya-product
         ├─ UI/docs issue? → /pb-sam-documentation
         └─ Test gaps? → /pb-jordan-testing

Multi-perspective (for features):
  /pb-cycle (self-review)
    └─ Use multi-perspective review:
         ├─ Backend: /pb-review-backend (Alex + Jordan parallel)
         ├─ Frontend: /pb-review-frontend (Maya + Sam parallel)
         └─ Infrastructure: /pb-review-infrastructure (Alex + Linus parallel)

Full review (for major releases):
  /pb-cycle (self-review)
    └─ Compose personas in recommended sequence:
       1. Maya (product): Is this solving a real problem?
       2. Parallel: Alex, Jordan, Linus (infrastructure, testing, security)
       3. Sam (documentation): Is this clear to users and maintainers?

When to use which persona:

Change Type	Recommended	Why
API endpoint	Linus, Alex, Jordan	Security, infrastructure resilience, test coverage
UI component	Maya, Sam, Jordan	Product fit, clarity, test coverage
Database change	Alex, Jordan	Failure modes, data integrity
Deployment pipeline	Alex, Linus	Infrastructure, security
Authentication	Linus, Alex	Security, resilience
Documentation	Sam	Clarity and accessibility
Feature gate	Maya	Product alignment
Refactoring	Jordan, Sam	Test coverage, code clarity

DEVELOPMENT WORKFLOW

Daily iterative development. Use these multiple times per week.

#	Command	Purpose	Flow	When to Use	Tier
5	pb-start	Begin feature development	Create branch, set iteration rhythm	Start of feature/bug	All
6	pb-resume	Get back in context after break	Restore working state, read pause notes	After context switch or day break	All
7	pb-pause	Gracefully pause work	Preserve state, update trackers, document handoff	End of day/session, before break	All
8	pb-cycle	Self-review + peer review iteration	Self-review → peer review → refine → commit	Multiple times per feature	All
9	pb-commit	Craft atomic, meaningful commits	One concern per commit, good messages	Before merging to main	S/M/L
10	pb-ship	Complete ship workflow	Reviews → PR → peer review → merge → release → verify	When focus area is code-complete	All
11	pb-pr	Streamlined pull request creation	PR title, description template, merge strategy	When ready for code review (standalone)	All
12	pb-testing	Testing philosophy and patterns	Unit/integration/E2E, test data, CI/CD	Alongside code in /pb-cycle	S/M/L
13	pb-knowledge-transfer	KT session preparation	12-section guide for knowledge sharing	Team transitions, onboarding	M
14	pb-todo-implement	Guided implementation with checkpoints	5 phases: INIT → SELECT → REFINE → IMPLEMENT → COMMIT	After /pb-plan, before /pb-cycle (for major work)	All

Development flow:

/pb-start
  ↓
ITERATION LOOP (repeat per task):
  /pb-cycle
    ├─ Self-review
    ├─ /pb-testing (write tests)
    ├─ /pb-standards (check principles)
    └─ Peer review
  /pb-commit (atomic commit)
  ↓
SESSION BOUNDARY (if needed):
  ├─ /pb-pause (end of session: preserve context)
  └─ /pb-resume (next session: recover context)
  ↓
READY TO SHIP:
  /pb-ship (comprehensive workflow)
    ├─ Specialized reviews (cleanup, hygiene, tests, security, docs)
    ├─ Final gate (prerelease)
    ├─ PR creation and peer review
    ├─ Merge and release
    └─ Verification

Key integration points:

/pb-start → /pb-cycle (iterative development)
/pb-cycle includes /pb-testing and /pb-standards
/pb-cycle → /pb-commit (after self-review)
/pb-pause ↔ /pb-resume (session boundary bookends)
/pb-ship orchestrates: reviews → PR → merge → release → verify
/pb-todo-implement provides structured checkpoint-based alternative to direct /pb-cycle workflow

PLANNING & ARCHITECTURE

Technical planning before implementation. Use these once per release.

#	Command	Purpose	Phases	When to Use	Tier
13	pb-plan	New focus area planning	Discovery, analysis, scope lock, documentation	Before major feature/release	All
14	pb-adr	Architecture Decision Records	When/how/format, examples, review process	When documenting technical decisions	M
15	pb-patterns	Pattern family overview	Links to 4 specialized pattern commands	Quick reference, pattern selection	M/L
16	pb-patterns-async	Async/concurrent patterns	Async/await, job queues, concurrency models	Designing concurrent systems	M/L
17	pb-patterns-core	Core architectural patterns	SOA, event-driven, repository, DTO	Designing system architecture	M/L
17b	pb-patterns-resilience	Resilience patterns	Retry, circuit breaker, rate limiting, cache-aside	Protecting system reliability	M/L
18	pb-patterns-db	Database patterns	Queries, optimization, N+1, sharding	Designing database layer	M/L
19	pb-patterns-distributed	Distributed system patterns	Saga, CQRS, eventual consistency, 2PC	Designing distributed systems	M/L
20	pb-performance	Performance optimization	Profiling, optimization strategies, monitoring	When performance is requirement	M/L
21	pb-observability	Monitoring, logging, tracing, alerting	Dashboards, SLOs, distributed tracing	When designing production systems	M/L
22	pb-deprecation	Safe API deprecation	Deprecation phases, versioning, migration	When needing backwards-compatible changes	M

Planning flow:

/pb-plan (clarify scope)
  ↓
/pb-adr (document decisions)
  ↓
/pb-patterns (select architectural patterns)
  ├─ /pb-patterns-async (if async work needed)
  ├─ /pb-patterns-db (if database changes)
  ├─ /pb-patterns-distributed (if microservices)
  ├─ /pb-patterns-core (core architecture)
  └─ /pb-patterns-resilience (if reliability concerns)
  ↓
/pb-observability (plan monitoring strategy)
/pb-performance (set performance targets)
  ↓
READY FOR IMPLEMENTATION
  ↓
/pb-todo-implement (implement individual todos)
  ↓
/pb-development workflow (pb-start → pb-cycle → pb-commit → pb-pr)

Pattern selection guide:

Async work? Use /pb-patterns-async (goroutines, channels, job queues, etc.)
Database layer? Use /pb-patterns-db (pooling, optimization, replication, sharding)
Core architecture? Use /pb-patterns-core (SOA, event-driven, repository, DTO)
Reliability? Use /pb-patterns-resilience (circuit breaker, retry, rate limiting)
Microservices? Use /pb-patterns-distributed (Saga, CQRS, eventual consistency)
Uncertain? Start with /pb-patterns (overview, then jump to specialized)

REVIEWS & QUALITY

Quality gates at multiple checkpoints. Use these during development, before merge, and periodically.

#	Command	Purpose	Trigger	When to Use	Frequency
23	pb-review	Periodic project review overview	Feature/release boundaries	Quick reference to all review types	Monthly or pre-release
24	pb-review-hygiene	Code quality and best practices	Every PR	Before merging code	Every PR
25	pb-review-product	Product alignment + tech perspective	Feature completion	Before merging user-facing changes	Every user-facing PR
26	pb-review-docs	Documentation accuracy and completeness	Periodic audit	Quarterly documentation review	Quarterly
27	pb-review-tests	Test suite quality and coverage	Periodic audit	Monthly test health check	Monthly
28	pb-review-hygiene	Codebase cleanup (dead code, deps, etc.)	Periodic maintenance	Quarterly code cleanup	Quarterly
29	pb-review-microservice	Microservice architecture review	Microservice development	Before microservice deployment	Per microservice
30	pb-security	Security checklist (quick/standard/deep)	Code review, pre-release, incidents	Quick (5min), Standard (20min), Deep (1+ hr)	Every PR, pre-release
31	pb-logging	Logging strategy & standards	Code review, pre-release	Verify structured logging, no secrets	Every PR, pre-release

Code review flow (per PR):

/pb-cycle (self-review)
  ↓
/pb-pr (create pull request)
  ↓
PEER REVIEW GATES:
  /pb-review-hygiene (code quality)
  /pb-security (security checklist)
  /pb-review-tests (test coverage)
  /pb-logging (logging standards)
  /pb-review-product (if user-facing)
  ↓
APPROVED
  ↓
/pb-commit (merge with atomic commit)

Periodic review schedule:

WEEKLY
  ├─ /pb-review-hygiene (spot check)
  └─ /pb-logging (log quality)

MONTHLY
  ├─ /pb-review-tests (test health)
  ├─ /pb-observability (dashboard/alert review)
  └─ /pb-review-product (alignment check)

QUARTERLY
  ├─ /pb-review-hygiene (code cleanup)
  ├─ /pb-review-docs (documentation audit)
  ├─ /pb-security (deep dive)
  └─ /pb-team (team retrospective)

RELEASE
  ├─ /pb-release (final gate)
  ├─ /pb-security (security review)
  └─ /pb-review-microservice (if applicable)

DEPLOYMENT & OPERATIONS

Infrastructure, deployment, and incident response.

#	Command	Purpose	When to Use	Tier
33	pb-deployment	Deployment strategies and safety	Before production deployment	Blue-green, canary, rolling, feature flags
34	pb-incident	Incident response framework	During production incidents	Severity assessment, mitigation, escalation

Deployment flow:

/pb-release (pre-release checks pass)
  ↓
/pb-deployment (select strategy: blue-green, canary, rolling)
  ↓
Deploy to production
  ↓
/pb-observability (monitor metrics, logs, alerts)
  ├─ All good? Declare victory
  └─ Issues? → /pb-incident (incident response)

Incident flow:

INCIDENT DETECTED
  ↓
/pb-incident (rapid assessment)
  ├─ Severity: P0/P1/P2/P3
  ├─ Choose mitigation:
  │  ├─ Rollback (quickest)
  │  ├─ Hotfix (if rollback not feasible)
  │  └─ Feature disable (safest for toggles)
  │
  ├─ /pb-deployment (if need detailed rollback strategy)
  ├─ /pb-observability (monitor recovery)
  │
  └─ POST-INCIDENT (within 24h)
     ├─ Comprehensive incident review
     ├─ Create /pb-adr if architectural change needed
     └─ Document in /pb-context (decision log)

REPOSITORY MANAGEMENT

Professional repository structure and presentation.

#	Command	Purpose	Use	Tier
35	pb-repo-init	Initialize greenfield project	Project start	Directory structure, README template, CI/CD
36	pb-repo-organize	Organize repository structure	Cleanup/improvement	Root layout, folder org, GitHub special files
37	pb-repo-readme	Write high-quality README	Repository documentation	Clear, searchable, language-specific
38	pb-repo-about	Set GitHub About section + tags	GitHub presentation	Profile optimization, tag selection
39	pb-repo-blog	Write technical blog post	Share project learnings	Medium post, dev.to, etc.
40	pb-repo-enhance	Complete repository enhancement suite	All of above at once	Combines all repo commands

Repository setup flow:

NEW PROJECT:
  /pb-repo-init (initial setup)
    ↓
  /pb-repo-organize (structure directories)
    ↓
  /pb-repo-readme (create README)
    ↓
  /pb-repo-about (set GitHub About)
    ↓
  /pb-repo-blog (write project post)

ENHANCE EXISTING:
  /pb-repo-enhance (one command does all above)

TEAM & CONTINUITY

Knowledge sharing and team development.

#	Command	Purpose	When to Use	Tier
41	pb-onboarding	Structured team onboarding	New team member joins	Preparation, first day, first week, ramp-up
42	pb-team	Team dynamics, feedback, growth	Team retrospectives and feedback	Team health, learning culture, feedback loops

Onboarding flow:

NEW TEAM MEMBER JOINS
  ↓
/pb-onboarding (structured 4-phase plan)
  ├─ Phase 1: Preparation
  │  └─ Repo setup, access, dev environment
  ├─ Phase 2: First Day
  │  └─ Welcome, orientation, first task
  ├─ Phase 3: First Week
  │  └─ Pair programming, small tasks, KT sessions
  └─ Phase 4: Ramp-up
     └─ Increasing responsibility, independent work
  ↓
/pb-knowledge-transfer (actual KT session)
  ↓
/pb-guide (SDLC overview and reference)
  ↓
/pb-context (project context and decision log)

Team health flow:

MONTHLY/QUARTERLY
  ↓
/pb-team (team retrospective)
  ├─ Team health check
  ├─ Feedback loops
  ├─ Learning culture
  └─ Growth opportunities
  ↓
Create action items for improvement

REFERENCE & CONTEXT

Project working context and decision log.

#	Command	Purpose	When to Use	Tier
43	pb-context	Project context and decision log	Quick context refresh	Current focus, recent decisions, architecture notes

Context usage:

CONTEXT REFRESH
  ↓
/pb-context (read current focus, decisions, architecture)
  ↓
Then:
  ├─ Starting work → /pb-start
  ├─ Resuming work → /pb-resume
  ├─ Making decision → Document in /pb-context
  └─ Understanding architecture → /pb-adr

Workflow Maps

Workflow 1: Complete Feature Delivery

PRE-DEVELOPMENT
├─ /pb-plan               ← Clarify scope
├─ /pb-adr                ← Document architecture
├─ /pb-patterns-*         ← Select patterns
├─ /pb-observability      ← Plan monitoring
└─ /pb-performance        ← Set targets

IMPLEMENTATION (iterative daily)
├─ /pb-start              ← Create branch
│
├─ FOR EACH TASK:
│  └─ ITERATION LOOP
│     ├─ /pb-cycle        ← Self-review + peer review
│     │  ├─ /pb-testing   ← Write tests
│     │  ├─ /pb-standards ← Check principles
│     │  ├─ /pb-security  ← Security check
│     │  └─ Refine based feedback
│     │
│     └─ /pb-commit       ← Atomic commit
│
└─ Repeat for each task

CODE REVIEW
├─ /pb-pr                 ← Create pull request
├─ /pb-review-hygiene        ← Code quality
├─ /pb-review-tests       ← Test coverage
├─ /pb-logging            ← Logging standards
├─ /pb-security           ← Security review
├─ /pb-review-product     ← Product alignment (if user-facing)
└─ Approve / Request changes

PRE-RELEASE
├─ /pb-release            ← Release checklist
├─ /pb-release  ← Senior engineer final gate
├─ /pb-deployment         ← Choose deployment strategy
└─ /pb-observability      ← Verify monitoring ready

DEPLOYMENT
├─ Execute deployment (blue-green/canary/rolling)
├─ /pb-observability      ← Monitor metrics
└─ POST-DEPLOYMENT
   ├─ Verify in production
   └─ If issues → /pb-incident

END

Workflow 2: Planning & Architecture

START (New Release/Feature)
├─ /pb-plan                  ← Lock scope
├─ /pb-adr                   ← Document decisions
├─ /pb-patterns              ← Overview of available patterns
│  ├─ /pb-patterns-async     ← If async/concurrency needed
│  ├─ /pb-patterns-db        ← If database changes
│  ├─ /pb-patterns-distributed ← If microservices
│  └─ /pb-patterns-core      ← If core architecture
├─ /pb-observability         ← Plan monitoring strategy
├─ /pb-performance           ← Set performance targets
└─ /pb-deprecation           ← If removing/deprecating existing

IMPLEMENTATION
└─ /pb-todo-implement        ← Structured implementation by todo

Workflow 3: Incident Response

INCIDENT DETECTED
├─ /pb-incident              ← Rapid assessment
│  ├─ Assess severity (P0/P1/P2/P3)
│  ├─ Choose mitigation:
│  │  ├─ Rollback
│  │  ├─ Hotfix
│  │  └─ Feature disable
│  └─ Communicate status
│
├─ /pb-deployment            ← If need detailed rollback
├─ /pb-observability         ← Monitor recovery
│
└─ POST-INCIDENT (within 24h)
   ├─ Comprehensive review
   ├─ Root cause analysis
   ├─ /pb-adr                ← If architectural fix needed
   ├─ Create action items
   └─ Document in /pb-context

PREVENT REPEAT
├─ /pb-cycle                 ← Implement prevention fixes
├─ /pb-testing               ← Add regression tests
└─ /pb-observability         ← Improve alerting

Workflow 4: Team Onboarding

NEW TEAM MEMBER JOINS
├─ /pb-onboarding            ← Structured 4-phase plan
│  ├─ Phase 1: Preparation   ← Setup, access, dev env
│  ├─ Phase 2: First Day     ← Welcome, orientation
│  ├─ Phase 3: First Week    ← Pair programming, KT
│  └─ Phase 4: Ramp-up       ← Independent work
│
├─ /pb-knowledge-transfer    ← KT session execution
├─ /pb-guide                 ← SDLC overview
├─ /pb-standards             ← Working principles
├─ /pb-context               ← Project context
├─ /pb-adr                   ← Architecture decisions
└─ /pb-patterns              ← Design patterns

CONTINUOUS DEVELOPMENT
├─ /pb-start                 ← Start feature work
├─ /pb-cycle                 ← Iterate with feedback
└─ /pb-team                  ← Ongoing feedback and growth

Workflow 5: Periodic Quality Reviews

WEEKLY
├─ /pb-review-hygiene           ← Code quality spot check
└─ /pb-logging               ← Log quality check

MONTHLY
├─ /pb-review-tests          ← Test suite health
├─ /pb-observability         ← Dashboard and alert tuning
└─ /pb-review-product        ← Product alignment

QUARTERLY
├─ /pb-review-hygiene        ← Code cleanup and deps
├─ /pb-review-docs           ← Documentation audit
├─ /pb-security              ← Security deep dive
└─ /pb-team                  ← Team retrospective

RELEASE
├─ /pb-release     ← Final release gate
├─ /pb-security              ← Security review
└─ /pb-review-microservice   ← If applicable

Command Clusters: Groups That Work Together

Cluster 1: Core Foundation

Commands: pb-guide, pb-standards, pb-templates, pb-context Purpose: Establish baseline understanding and discipline Frequency: Reference constantly; update /pb-context periodically Who: Every engineer

Cluster 2: Daily Development

Commands: pb-start, pb-cycle, pb-pause, pb-resume, pb-commit, pb-ship, pb-pr, pb-testing Purpose: Iterative feature development with quality gates, session management, and shipping Frequency: Use multiple times per week per feature Who: All developers

Cluster 3: Planning & Architecture

Commands: pb-plan, pb-adr, pb-patterns (+ 4 specialized), pb-observability, pb-performance Purpose: Design systems before implementation Frequency: Once per release or major feature Who: Tech leads, architects, senior engineers

Cluster 4: Checkpoint-Based Implementation

Commands: pb-plan → pb-todo-implement → pb-cycle Purpose: Structured implementation with checkpoints before full code review Frequency: For major features or refactoring Who: Developers with checkpoint-based approval preference

Cluster 5: Code Review & Quality

Commands: pb-review-*, pb-security, pb-logging, pb-testing Purpose: Multiple perspectives on quality Frequency: Every PR, periodic reviews, pre-release Who: All developers, leads, security team

Cluster 6: Production Safety

Commands: pb-deployment, pb-incident, pb-observability, pb-release Purpose: Safe production deployment and incident response Frequency: Every release, during incidents Who: SREs, DevOps, on-call engineers

Cluster 7: Repository Management

Commands: pb-repo-init, pb-repo-organize, pb-repo-readme, pb-repo-about, pb-repo-blog, pb-repo-enhance Purpose: Professional repository structure and presentation Frequency: Project start, periodic enhancement Who: Tech leads, project owners

Cluster 8: Knowledge & Continuity

Commands: pb-knowledge-transfer, pb-onboarding, pb-team, pb-documentation Purpose: Preserve and share knowledge Frequency: Team transitions, regular intervals Who: Mentors, managers, all engineers

Cluster 9: Thinking Partner

Commands: pb-think Purpose: Self-sufficient expert-quality collaboration Frequency: Throughout development for complex questions, ideation, synthesis Who: All engineers

Thinking Partner Stack:

/pb-think mode=ideate     → Explore options (divergent)
/pb-think mode=synthesize → Combine insights (integration)
/pb-preamble              → Challenge assumptions (adversarial)
/pb-plan                  → Structure approach (convergent)
/pb-adr                   → Document decision (convergent)
/pb-think mode=refine     → Refine output (refinement)

Reference Matrix: Which Commands Work Together

By Incoming References

Most Referenced (critical hub):

pb-guide: 25+ references (master framework)
pb-standards: 15+ references (working principles)
pb-cycle: 10+ references (core development loop)
pb-testing: 8+ references (quality verification)
pb-security: 7+ references (quality gate)

Well-Referenced (important workflow nodes):

pb-adr, pb-deployment, pb-incident, pb-observability, pb-review-hygiene (5-9 references each)

Moderately Referenced (specialized/optional):

pb-documentation, pb-pr, pb-commit, pb-patterns-* (2-4 references each)

Under-Referenced (isolation issues):

pb-resume: 0 references (should integrate with pb-start, pb-context)
pb-standup: 0 references (should integrate with pb-standards, pb-context)

By Category Connections

Core → Everything

All 44 other commands reference pb-guide and/or pb-standards

Development → Planning

pb-start → pb-plan (for major features)
pb-cycle → pb-testing
pb-cycle → pb-standards
pb-cycle → pb-security

Planning → Development

pb-plan → pb-todo-implement
pb-adr → pb-start (architectural context)
pb-patterns → pb-cycle (pattern selection)

Development → Review

pb-cycle → pb-review-hygiene
pb-commit → pb-review-tests
pb-pr → pb-review-product

Review → Deployment

pb-review-hygiene → pb-release (readiness gate)
pb-security → pb-release
pb-release → pb-deployment

Deployment → Observability

pb-deployment → pb-observability
pb-incident → pb-observability
pb-observability → pb-incident (feedback loop)

Integration Patterns

Pattern 1: Tiered Complexity

Commands often provide multiple depths:

QUICK (5-15 min)
├─ /pb-security quick checklist (top issues)
├─ /pb-testing unit test patterns
└─ /pb-incident rapid response

STANDARD (20-30 min)
├─ /pb-security standard checklist (20 items)
├─ /pb-testing unit + integration
└─ /pb-incident with escalation

DEEP (1+ hour)
├─ /pb-security deep dive (threat modeling)
├─ /pb-testing E2E + load testing
└─ /pb-incident comprehensive review

Choose based on feature tier (see pb-guide for XS/S/M/L)

Pattern 2: Workflow Sequences

Commands are ordered for maximum clarity:

/pb-plan → /pb-adr → /pb-patterns → /pb-todo-implement → /pb-cycle → /pb-pr → /pb-review-* → /pb-release

Each feeds into the next with clear handoffs.

Most commands include this section showing:

Prerequisites (what to do before)
Complementary commands (what to use alongside)
Next steps (what to do after)

Use these sections for guidance.

Pattern 4: Categories Map to Workflow Phases

PLANNING PHASE → /pb-plan, /pb-adr, /pb-patterns, /pb-performance, /pb-observability
DEVELOPMENT PHASE → /pb-start, /pb-cycle, /pb-commit, /pb-pr, /pb-testing, /pb-todo-implement
REVIEW PHASE → /pb-review-*, /pb-security, /pb-logging
DEPLOYMENT PHASE → /pb-release, /pb-deployment
OPERATIONS PHASE → /pb-incident, /pb-observability
TEAM PHASE → /pb-onboarding, /pb-team, /pb-knowledge-transfer
REPO PHASE → /pb-repo-*, /pb-documentation

Common Workflows: Step-by-Step

Scenario 1: Feature Request from Product

STEP 1: Planning
├─ Read /pb-plan (lock scope)
├─ Read /pb-adr (document architecture)
├─ Choose from /pb-patterns-* (select patterns)
└─ Review /pb-observability (plan monitoring)

STEP 2: Implementation
├─ /pb-start (create feature branch)
├─ LOOP: /pb-cycle (iterate)
│  ├─ Code changes
│  ├─ /pb-testing (add tests)
│  ├─ Self-review
│  └─ Peer review feedback
├─ /pb-commit (atomic commits)
└─ /pb-pr (create pull request)

STEP 3: Code Review
├─ /pb-review-hygiene (code quality)
├─ /pb-review-product (product alignment)
├─ /pb-security (security review)
├─ /pb-review-tests (test coverage)
└─ Approve / Merge

STEP 4: Release Preparation
├─ /pb-release (pre-release checks)
├─ /pb-release (senior review)
├─ /pb-deployment (choose strategy)
└─ /pb-observability (verify monitoring)

STEP 5: Deployment
├─ Execute deployment
├─ Monitor with /pb-observability
└─ Verify in production

Scenario 2: Bug Fix with Incident

STEP 1: Incident Response
├─ /pb-incident (assess severity)
├─ Choose mitigation (rollback/hotfix/disable)
├─ Execute mitigation
└─ Communicate status

STEP 2: Implement Fix
├─ /pb-start (create hotfix branch)
├─ Make minimal fix
├─ /pb-testing (add regression test)
└─ /pb-cycle (review)

STEP 3: Code Review
├─ /pb-cycle (fast-track review)
├─ /pb-security (safety check)
└─ Approve / Merge

STEP 4: Verification
├─ Deploy hotfix
├─ Monitor with /pb-observability
└─ Verify recovery

STEP 5: Post-Incident
├─ /pb-incident (comprehensive review)
├─ Root cause analysis
├─ /pb-adr (if architectural fix needed)
└─ Document in /pb-context

Scenario 3: Refactoring Large Component

STEP 1: Planning
├─ /pb-plan (refactoring scope)
├─ /pb-adr (new architecture decision)
├─ /pb-patterns (design patterns)
└─ /pb-performance (performance targets)

STEP 2: Implementation Phases
├─ Phase 1:
│  └─ /pb-todo-implement (checkpoint-based)
│     ├─ REFINE: Analyze codebase
│     ├─ PLAN: Outline refactoring steps
│     └─ IMPLEMENT: Execute checkpoint-by-checkpoint
├─ Phase 2:
│  └─ /pb-todo-implement (next component)
└─ Continue for each component

STEP 3: Code Review
├─ /pb-review-hygiene (architecture alignment)
├─ /pb-review-tests (regression test coverage)
├─ /pb-security (if security implications)
└─ Approve / Merge

STEP 4: Quality Verification
├─ /pb-observability (performance metrics)
├─ /pb-review-tests (no regressions)
└─ /pb-team (document learnings)

Scenario 4: New Team Member Joins

WEEK 0: Preparation (Before they arrive)
├─ /pb-onboarding (prepare environment)
├─ /pb-repo-organize (ensure clear structure)
└─ /pb-documentation (update docs)

DAY 1: First Day
├─ Follow /pb-onboarding Phase 2
├─ Dev environment setup
├─ Team introductions
└─ High-level project overview

WEEK 1: First Week
├─ /pb-knowledge-transfer (KT session)
├─ /pb-guide (SDLC overview)
├─ /pb-adr (architecture decisions)
├─ /pb-standards (working principles)
└─ Small task with pair programming

WEEK 2-4: Ramp-up
├─ Increasing task complexity
├─ Independent work with feedback
├─ /pb-cycle (code review feedback)
└─ /pb-team (feedback and support)

ONGOING: Growth
├─ /pb-cycle (iterate on features)
├─ /pb-standards (reinforce principles)
└─ /pb-team (regular feedback)

Summary: Playbook as Unified System

Core Principle

The commands form a unified SDLC framework. Use them in combination, not isolation:

ISOLATED:
[NO] /pb-cycle alone
[NO] /pb-security alone
[NO] /pb-testing alone
[NO] /pb-observability alone

EFFECTIVE:
[YES] /pb-cycle WITH /pb-testing, /pb-standards, /pb-security
[YES] /pb-plan WITH /pb-adr, /pb-patterns, /pb-observability
[YES] /pb-incident WITH /pb-observability, /pb-deployment, /pb-adr
[YES] /pb-onboarding WITH /pb-knowledge-transfer, /pb-guide, /pb-standards

Key Relationships

Foundation → All work
- pb-guide, pb-standards, pb-templates, pb-context
Plan → Implement
- pb-plan → pb-adr → pb-patterns → pb-observability → pb-todo-implement
Develop → Review → Release
- pb-start → pb-cycle → pb-commit → pb-pr → pb-review-* → pb-release
Safety → Observability → Incident
- pb-deployment → pb-observability → pb-incident
Knowledge → Growth
- pb-onboarding → pb-knowledge-transfer → pb-team → pb-documentation

When to Use Each Command

You’ll know you need a command when:

/pb-guide: You’re unsure how a phase works
/pb-standards: You’re making a decision on scope or quality
/pb-plan: You’re starting a major feature/release
/pb-adr: You’ve made an architectural decision
/pb-patterns-*: You’re designing a system component
/pb-start: You’re beginning feature work
/pb-cycle: You’ve coded something and need review
/pb-commit: You’re creating a commit message
/pb-pr: You’re merging code
/pb-testing: You’re writing tests
/pb-todo-implement: You want checkpoint-based approval
/pb-review-*: You need quality perspective
/pb-security: You need to verify security
/pb-deployment: You’re preparing production deploy
/pb-incident: Production is broken
/pb-observability: You need to monitor/trace
/pb-onboarding: Someone new is joining
/pb-team: Team health needs attention
/pb-repo-*: Repository structure needs improvement
/pb-context: You need quick context refresh

This guide is the map. Use it to navigate the playbook as an integrated system.

Using Playbooks with Other Agentic Tools

These playbooks were designed for Claude Code. They’re portable.

The underlying patterns work with any agentic development tool - different framework, same thinking.

The Three Layers

Layer 1: Principles (100% Portable)

What it is: How you think together and what you build

Preamble: Challenge assumptions. Prefer correctness over agreement. Think like peers.
Design Rules: Clarity, Simplicity, Resilience, Extensibility. 17 classical principles.
BEACONs: 9 guiding principles for code quality, decision-making, team dynamics

Portability: Works in any tool, any language, any team. These are universal.

Usage: Read /pb-preamble and /pb-design-rules. Apply them in your workflow, whatever tool you use.

Layer 2: Commands (95% Portable)

What it is: 100 structured prompts covering full SDLC (planning → dev → review → ship)

Command content: Universal. Patterns, questions, checklists don’t care about your tool.
Invocation: Tool-specific. Claude Code users type /pb-start. You adapt to your tool.
Metadata: Structured (Resource Hint, When to Use, Related Commands, etc.) - same everywhere.

Portability: Copy the Markdown files. Reference them however your tool surfaces prompts.

How to use:

Clone the repo: git clone https://github.com/vnykmshr/playbook.git
Read commands as Markdown: cat commands/development/pb-start.md
Apply the pattern to your workflow
Adapt the invocation to your tool

Example:

Claude Code user:

/pb-start "add user authentication"

You (with another tool):

Open commands/development/pb-start.md in your editor
Copy the questions from “Phase 1: Scope”
Ask your tool to answer them
Proceed with the ritual

Layer 3: Integration (Tool-Specific)

What it is: How commands surface and integrate with your development environment

Claude Code features:

Skills: /pb-start invokes directly in conversation
Keybindings: Fast shortcuts to common commands
Context management: Automatic pause/resume, working context snapshots
Hooks: Advisory warnings when context gets large
Status line: Token usage visibility

You (with another tool): Adapt this layer to your tool’s capabilities.

Examples:

Tool Feature	Claude Code	Your Tool
Invocation	Skill (`/pb-start`)	Shell alias, CLI subcommand, web form
Context	CLAUDE.md, working-context.md	Config files, environment vars, database
Preferences	`~/.claude/preferences.json`	`~/.config/yourtool/config`, CLI flags
Integration	Git hooks, keybindings, status line	Whatever makes sense for your platform

Adaptation Checklist

1. Adopt Principles (Zero Work)

Read and internalize:

/pb-preamble - How your team thinks together
/pb-design-rules - What you build
Apply them to: planning, code review, decision-making, incident response

2. Adopt Commands (Low Work)

For each command category you care about:

Read the Markdown file
Understand the phases/checkpoints
Adapt the ritual to your workflow
Document how your team invokes it (alias, script, manual, etc.)

Start with these core commands:

/pb-start - Begin work (scoping ritual)
/pb-cycle - Self-review and iteration
/pb-commit - Atomic, well-explained commits
/pb-review-hygiene - Code quality checklist
/pb-plan - Focus area planning

3. Adapt Integration (Medium Work)

Build tool-specific adapters:

How do you invoke playbook commands? (CLI, web UI, editor plugin, manual read, etc.)
Where do you store preferences/context? (Config files, environment, database, etc.)
How do you get reminders? (Hooks, alerts, dashboard, manual checklist, etc.)
How do you preserve context between sessions? (Git, files, tool-native storage, etc.)

Concrete Adaptation Examples

Example 1: Using with CLI Tool + Git

Tool: Command-line based, Git-aware

Adaptation:

# 1. Alias to playbook commands
alias pb-start='cat ~/playbook/commands/development/pb-start.md'
alias pb-cycle='cat ~/playbook/commands/development/pb-cycle.md'

# 2. Create a wrapper script for scope questions
# ~/bin/start-work.sh
#!/bin/bash
echo "=== Scope your work ==="
read -p "What are you building? " description
read -p "Why does this matter? " rationale
# ... (ask remaining questions from pb-start)
git switch -c feature/$description

# 3. Use Git hooks for checkpoints
# .git/hooks/pre-commit
# Verify: has atomic change (one concern)
# Verify: no debug artifacts
# Run: lint, tests

# 4. Environment-based context
# Set these in your shell profile
export PB_WORKING_CONTEXT="$HOME/project/context.md"
export PB_PRINCIPLES="$HOME/playbook/docs/preamble.md"

Invocation:

# Start work
start-work.sh

# During development
git diff  # See your atomic change

# Before commit
cat ~/playbook/commands/development/pb-commit.md  # Remind yourself of guidelines

# Code review
cat ~/playbook/commands/reviews/pb-review-hygiene.md  # Copy the checklist

Example 2: Using with Web-Based Tool

Tool: Web-based IDE or cloud development platform

Adaptation:

1. Import playbook as documentation
   - Create wiki/docs project in your tool
   - Copy all commands as pages
   - Link navigation between related commands

2. Create templates
   - PR template: Copy from /pb-pr guidance
   - Commit template: Copy from /pb-commit guidance
   - Issue template: Copy from /pb-plan phases

3. Dashboard/checklist
   - Pin key commands (Preamble, Design Rules, pb-cycle)
   - Create quick-reference card for your team

4. Workflows
   - Create automation that suggests relevant command
   - Example: "PR created → suggest /pb-review-code checklist"

Example 3: Using with Agent-Specific Tool (e.g., different LLM provider)

Tool: Different AI provider with agent/tool APIs

Adaptation:

1. Load commands as tool definitions
   - Playbook commands → Tool/function definitions
   - Metadata becomes tool descriptions
   - Phases become sequential steps

2. Example: /pb-start as a tool
   Tool: start-work
   Description: "Scope development work. Ask discovery questions."
   Input: Project description
   Output: Scope statement, success criteria, phases
   Next: Suggest /pb-plan if multi-phase

3. Chain tools together
   start-work → plan-focus → implement → review → commit → ship

4. Preserve context differently
   - Each message includes: current phase, why it matters, next checkpoint
   - Agent chooses which command/tool to invoke next

What Doesn’t Translate (And Why)

1. Skill Invocation (`/pb-start`)

Claude Code surface commands as skills. Your tool has different affordances.

Solution: Use the closest equivalent (alias, CLI subcommand, web form, manual reference).

2. Keybindings

Claude Code offers keyboard shortcuts. Your tool may not support them, or works differently.

Solution: Use your tool’s native shortcuts, or create a workflow guide for your team.

3. Context Bar (Token Usage)

Claude Code shows token usage in a status line. Different tools have different capabilities.

Solution: Use your tool’s native monitoring (IDE metrics, logs, API dashboards).

4. Hooks (Advisory Warnings)

Claude Code warns when context is approaching limits. Your tool may not have this concept.

Solution: Manual checkpoint: “Every 1 hour, review context size” or use your tool’s alerts.

Quick Reference: Command Mapping

Claude Code	Your Tool	Rationale
`/pb-start`	Read `pb-start.md`, answer questions, create branch	Scoping ritual is universal
`/pb-cycle`	Read `pb-cycle.md`, run lint/tests, review checklist	Self-review pattern is universal
`/pb-commit`	Read `pb-commit.md`, write atomic commit with good message	Commit discipline is universal
`/pb-plan`	Read `pb-plan.md`, work through discovery/analysis phases	Planning ritual is universal
`/pb-review-code`	Read `pb-review-code.md`, use checklist for PR review	Review patterns are universal

Principles Over Rules

The playbook is built on principles, not rules.

Principle: “Atomic changes are easier to review and revert”
- Claude Code: Enforce via commit templates
- Your tool: Enforce via PR naming convention
- Manual: Document the expectation, review for it
Principle: “Code quality gates prevent regressions”
- Claude Code: Automatic lint/test checks
- Your tool: CI/CD pipeline
- Manual: Pre-commit checklist

Bottom line: Adapt the mechanism (how you enforce it) to your tool. Keep the principle (why it matters) universal.

Getting Started (Choose Your Path)

Path A: I Use Claude Code

You’re all set. Commands are available as skills. Read the integration guide to understand workflows.

Path B: I Use Another Tool, Want Full Integration

Read /pb-preamble and /pb-design-rules (15 min)
Clone the playbook repo
Create adapters for your tool (1-2 hours)
Document your team’s workflow (30 min)
Start using commands for your next project

Path C: I Want to Explore First

Read /pb-preamble and /pb-design-rules
Pick one command (e.g., /pb-plan)
Read it as Markdown
Use it manually for your next project
Iterate and adapt as you learn

FAQ

Q: Will using these commands without Claude Code be awkward?

A: Not at all. The patterns are the point. How you invoke them is implementation detail. Many teams use similar rituals without special tooling.

Q: Can I modify commands for my team?

A: Yes. Fork the repo, adapt to your needs, share with your team. The principles are stable; implementation is flexible.

Q: Is there a “right” way to integrate with my tool?

A: No. Whatever makes sense for your team. Some teams use aliases and Markdown. Some build dashboards. Some print them and post them on the wall. All valid.

Q: Will these playbooks stay useful as tools evolve?

A: Yes. The principles (Preamble, Design Rules) never change. Commands may be refreshed quarterly. Integration mechanisms (how you invoke them) are tool-specific and always adaptable.

Start here: Read /pb-preamble and /pb-design-rules. Everything else flows from there.

Playbook in Action

The standard development cycle using playbook commands.

Development Cycle

/pb-start "what you're building"
  → code
/pb-review
  → automatic quality gate, auto-commit
/pb-pr
  → peer review

Command Quick Reference

Scenario	Command
Start new feature	`/pb-start`
Finish and commit	`/pb-review`
Submit for review	`/pb-pr`
Deep architecture	`/pb-plan`
Test strategy	`/pb-testing`
Code standards	`/pb-standards`
Security check	`/pb-security`
Debug an issue	`/pb-debug`

Common Scenarios

Adding a Feature

/pb-start "feat: add user profiles"
# write code, write tests
/pb-review
/pb-pr

Fixing a Bug

/pb-start "fix: email validation"
# write failing test, fix code, verify test passes
/pb-review
/pb-pr

Addressing Review Feedback

# make changes based on feedback
/pb-review
# auto-pushes to existing PR

See /pb-guide for the full SDLC framework.

Collaboration Preamble: Thinking Like Peers

This anchors how we think and work together. Not a process, but a mindset that every other playbook command assumes you bring.

Resource Hint: opus - Foundational philosophy; requires deep reasoning about collaboration dynamics.

When to Use

Setting team culture norms at the start of a project or engagement
Resolving collaboration friction (deference, silence, performative agreement)
Onboarding new team members to the “how we think” foundation
Referencing when other playbooks cite /pb-preamble thinking

I. The Core Anchor

Challenge assumptions. Prefer correctness over agreement. Think like peers, not hierarchies.

Why this matters:

Bad ideas multiply when left unchallenged
Politeness kills progress
Hierarchy stifles honest thinking
Senior engineers are wrong more often than you’d think

Without this anchor, teams default to performative agreement, risk-averse consensus, and deference over clarity. This preamble is the antidote.

What “Thinking Like Peers” Means

Hierarchy thinking:

Junior person defers to senior person
Senior person decides; others execute
Disagreement is disrespect
Silence protects relationships
Status informs correctness

Peer thinking:

All perspectives are examined equally
Best idea wins, informed by context and seniority
Disagreement is professional
Silence is complicity in bad decisions
Context and seniority inform but don’t overrule evidence

This doesn’t mean ignoring experience or authority. It means authority is earned through good reasoning, not just position.

I.5 Preamble + Design Rules: Complete Philosophy

The preamble answers: HOW do teams think together?

Challenge assumptions
Prefer correctness over agreement
Think like peers, not hierarchies
Use transparent reasoning

Design rules answer: WHAT do we build?

See /pb-design-rules for the 17 technical principles
Organized into 4 clusters: Clarity, Simplicity, Resilience, Extensibility
Guide every architectural and technical decision
Ensure systems that are clear, simple, reliable, and adaptable

Why both matter:

A team with preamble thinking but no design discipline builds wrong things. They collaborate well while making poor technical choices. A team with design rules but no preamble thinking debates endlessly without resolution. They know what good design looks like but can’t decide together.

How they work together:

Preamble thinking enables design discipline: When teams challenge assumptions openly, they can discuss design rules without defensiveness
Design rules anchor preamble thinking: When teams have shared design principles, they have concrete ground to stand on when challenging ideas
Both together: Better decisions, faster execution, systems that scale

Every command in the playbook assumes both: peer thinking (preamble) and sound design (design rules).

II. Four Principles

Principle A: Correctness Over Agreement

Disagree when needed. The goal is getting it right, not maintaining harmony.

Point out flaws early and directly
No flattery, no validation for its own sake
Weak ideas should be called weak
If something seems risky, say so
Better a tense 5-minute conversation than a silent problem in production

In practice: “I think this approach is risky because X. Have you considered Y instead?”

Principle B: Critical, Not Servile

Act as a critical peer, not a subordinate seeking approval.

Challenge premises before accepting tasks
Question scope, estimates, and assumptions
Peer-to-peer, not assistant-to-leader
Assume you have valuable input because you do
Your hesitation is a data point worth surfacing

In practice: “Before we scope this, I want to surface three assumptions I see. Can we validate them?”

Principle C: Truth Over Tone

Direct, clear language beats careful politeness.

Explain your reasoning, not just your conclusion
Offer alternatives with explicit trade-offs
Assume the other person values critical thinking over tone management
Short, honest feedback beats long, careful wordsmithing

In practice: “This is simpler, but slower. That one is faster, but more complex. Here’s why I’d pick X for our use case…”

Principle D: Think Holistically

Optimize for outcomes, not just code.

Consider product, UX, engineering, security, and operations simultaneously
Question trade-offs across all domains
Surface hidden costs and technical debt
One engineer’s elegant solution might create three problems elsewhere
Think end-to-end: will this scale? Is it secure? Can we operate it?

In practice: “This is architecturally clean, but our ops team can’t monitor it. Can we add observability hooks?”

Principle E: Respect Attention as a Finite Resource

Thinking like peers means respecting each other’s attention.

Your time is finite. So is everyone else’s. Code that’s hard to understand wastes attention.
User attention is finite. Systems that demand constant vigilance create friction.
Operator attention is finite. Systems that hide problems force constant vigilance.
Clear, calm systems are an act of respect: “I built this thinking about your attention.”

In practice: “This feature is powerful, but it demands constant tweaking. Can we make it self-tuning so operators don’t have to think about it?”

See /pb-calm-design for the complete calm design framework-how to build systems that respect user attention.

II.5 When to Challenge, When to Trust

Preamble doesn’t mean challenge everything. Discernment matters.

Challenge When:

Assumptions are unstated - “We need microservices” (why? under what constraints?)
Trade-offs are hidden - “Simple solution” (simple for whom? what’s the cost?)
Risk is glossed over - “This is production-ready” (have we tested failure modes?)
Scope is unclear - “Add this feature” (what does done look like?)
Process is unfamiliar - First time doing something, you don’t understand the reasoning
Context has changed - “We always do X” (still true? constraints changed?)
Your expertise applies - You have information others don’t

Trust When:

Expert has explained reasoning - They’ve shown their thinking, trade-offs are clear
You lack context - Decision is outside your domain, they have information you don’t
Time cost exceeds benefit - Challenging a button color wastes more time than it’s worth
Decision is made, execution is on - Time to align and execute, not re-litigate
Pattern is proven - “We’ve done this 20 times this way, it works” is data
You’re learning from them - Better to understand their reasoning than challenge it

The Balance

Best teams oscillate between:

Healthy challenge (pointing out risks, unstated assumptions)
Trust-based execution (alignment once decision is made)
Retrospective learning (why did that work or fail)

Worst teams get stuck in:

Perpetual debate (never deciding)
Blind trust (never questioning)
Post-mortem blame (only questioning after failure)

The goal is: Challenge early, decide clearly, execute aligned.

III. How Other Commands Embed This

Every playbook command assumes you’re reading with this preamble in mind:

/pb-guide - The framework is a starting point, not dogma. Challenge the tiers, rearrange gates, adapt to your team
/pb-standards - Principles, not rules. Understand why before following how
/pb-cycle - Peer review is designed to surface disagreement, not confirm approval
/pb-adr - Decisions are documented with required alternatives and trade-offs explicitly. Others can challenge the reasoning
/pb-plan - Scope lock is a negotiation. Challenge estimates, uncover hidden assumptions
/pb-commit - Clear messages force you to explain why, inviting scrutiny
/pb-pr - Code review assumes critical thinking from both author and reviewer
/pb-review-* - All review commands are designed to surface different perspectives and disagreement
/pb-patterns-* - Trade-offs are always discussed. No pattern is universally right
/pb-security - Security review explicitly looks for what was missed
/pb-testing - Tests are designed to catch flawed thinking, not validate it
/pb-deprecation - Thoughtful decisions require questioning the status quo
/pb-observability - Multi-perspective thinking: ops, security, product, engineering

The integration: This preamble is the why behind every command. Each command is more powerful when read with this lens.

IV. Examples: What This Looks Like

Example 1: In a Planning Session

Without preamble (common default):

Lead: "We'll build it with async queues."
Team: "Sounds good!" (silent concerns about complexity, maintainability unspoken)
Later: System is hard to debug, two engineers leave, we rewrite it

With preamble:

Lead: "We'll build it with async queues. I'm assuming we have
someone who understands event-driven systems. And that we can monitor it."
Team: "I think assumption 1 is risky. We don't have that expertise.
What about option B: synchronous with background jobs?"
Lead: "That's a fair point. Let me think through the trade-offs..."
Better decision, risks surfaced early, team stays.

What changed: Preamble gave permission to challenge. Assumptions got explicit. Thinking improved.

Example 2: In Code Review

Without preamble:

Reviewer: "Looks good to me!" (notices edge case, says nothing)
Later: Bug in production in that exact edge case

With preamble:

Reviewer: "This works, but I see a potential issue: what happens
when X is null? Have you tested that scenario?"
Author: "Actually, I didn't think about that. Let me add a test."
Code is more robust. Edge case caught early.

What changed: Preamble made challenging the default. Hidden risks surfaced.

Example 3: In Design Discussion

Without preamble:

Lead: "We'll use async pattern A for this."
Engineer: "Actually, pattern B is 40% faster..." (stops, defers instead)
Lead: "Pattern A is final."
Later: System is slow. Engineer regrets not speaking up.

With preamble:

Lead: "We'll use async pattern A. Trade-off: simpler code,
slightly higher latency. Any concerns?"
Engineer: "I think we should use pattern B instead. It's 40% faster.
More complex, but worth it for this use case."
Lead: "You're right. Let's do B."
Better decision. Engineer's thinking was heard.

What changed: Preamble invited challenge with reasoning. Better decision made.

Example 4: In a Security Review

Without preamble:

Security reviewer: "Looks secure to me." (notices SQL injection risk in one place, decides it's "not my job" to challenge the architecture)
Later: Data breach in that exact location

With preamble:

Security reviewer: "This input validation looks fragile. Have you tested what happens with special characters? I'm concerned about SQL injection risk."
Developer: "I didn't think about that. Let me add parameterized queries."
Risk prevented. Architecture improved.

What changed: Preamble made the reviewer responsible for surfacing flaws, not just approving. Critical thinking became the job, not optional.

Example 5: In a Deprecation Decision

Without preamble:

Lead: "We're deprecating the old API."
Team: "Okay." (silently worried about unknown consumers, backwards compatibility, migration path)
Later: Three production incidents from customers still using old API. Emergency support cost $50k.

With preamble:

Lead: "We're deprecating the old API in 6 months."
Engineer: "Before we commit, I want to surface some risks. Do we know all the consumers? What's our migration support plan? What happens to customers who don't upgrade?"
Lead: "Good point. Let me verify that first."
Better plan emerges: 12-month deprecation, migration guide, support window. Fewer surprises.

What changed: Preamble gave permission to surface risks before they became emergencies. Questions asked early saved months of pain.

V. Common Questions

Q: “Doesn’t this feel disrespectful?”

A: Only if you conflate challenge with rudeness. Challenging assumptions respectfully is professional. Disagreement shows you care about getting it right. Silence is disrespect to the team-you’re withholding your best thinking.

Q: “What if I’m wrong in my challenge?”

A: Good. That’s how you learn. The point isn’t that you’re always right; it’s that you think critically. If your challenge doesn’t hold up, explain why, and both of you understand the decision better.

Q: “What about seniority? Doesn’t the senior person decide?”

A: Yes, the senior person makes the final call when there’s disagreement. But they should only do so after genuinely considering the challenge. “Because I said so” is not a rationale. The senior person’s job is to have more context, not final truth.

Q: “How is this different from just ‘speaking up’?”

A: It’s systemic. Without this preamble, speaking up feels risky. Your instinct is to agree. With it, silence feels risky-to quality. It flips the default from “agree unless proven wrong” to “challenge unless it’s clearly rock-solid.”

Q: “What if the team uses this to nitpick everything?”

A: Fair worry. The principle is critical thinking, not obstruction. Challenge the risky assumptions. Challenge the trade-offs. Don’t challenge the color of the button. This requires judgment, which grows with practice.

VI. How to Use This Command

Before Starting Any Other Playbook Command

Read this first. It reframes how you read everything else. When /pb-cycle says “peer review,” it assumes this preamble. When /pb-adr requires alternatives, it’s enforcing this thinking.

Before Joining Any Collaboration

Reference this. Understand that challenges are expected, disagreement is professional, and silence is a failure mode.

When Feeling Uncertain About Speaking Up

Reread Principle C. Your hesitation is what this preamble is designed to overcome. Think truth over tone.

When Leading a Process

Reference this to your team. “This preamble applies to all our work together. I want your best thinking, not your agreement.”

When Receiving Feedback You Disagree With

Remember: they’re operating from this preamble. They’re not being rude; they’re trying to get it right. Respond with the same principle: explain your reasoning, explore the trade-offs, find the better answer together.

VII. Integration: Where This Anchors

This preamble is referenced by:

Core Commands:

/pb-guide - Scope lock is a collaborative decision, not a decree
/pb-standards - Collaboration principles section explicitly links to this
/pb-documentation - Clear writing invites healthy challenge

Development Workflow:

/pb-cycle - Step 3: Peer Review assumes preamble thinking. Reviewer challenges, author welcomes critical feedback.
/pb-commit - Clear messages force you to explain why, inviting scrutiny and challenge
/pb-pr - Code review process assumes critical thinking from both author and reviewer
/pb-start - Team alignment gate explicitly includes “assumptions are explicit, disagreements surfaced”
/pb-testing - Tests are designed to catch flawed assumptions, not validate them

Planning & Architecture:

/pb-plan - Clarify phase assumes peer-level challenge: “Clarify means ask hard questions and challenge assumptions”
/pb-adr - Alternatives and Rationale sections require explicit reasoning that can be challenged
/pb-patterns-* - Every pattern guide emphasizes: question if it fits, challenge the costs, explore alternatives
/pb-performance - “Question assumptions about slowness. Challenge whether optimization is worth the complexity cost.”
/pb-observability - “Multi-perspective thinking: no single perspective is complete”
/pb-deprecation - “Challenge whether change is really necessary. Surface impact on users.”

Reviews & Quality:

/pb-review - Comprehensive review assumes critical perspective from multiple experts
/pb-review-hygiene - “Challenge architectural choices. Point out duplication and complexity. Surface flaws directly.”
/pb-review-tests - “Question test assumptions. Challenge coverage claims. Point out flaky or brittle tests.”
/pb-review-docs - “Find unclear sections, challenge stated assumptions, and surface gaps”
/pb-security - “Your job is to find what was missed, challenge assumptions about safety, and surface risks”
/pb-review-product - “Each perspective should challenge the others. Surface disagreements-they surface real problems.”
/pb-review-microservice - “Question service boundaries. Challenge coupling. Surface design flaws early.”
/pb-logging - “Logs must reveal assumptions and make failures obvious, not hide them”
/pb-release - “Challenge readiness assumptions. Surface risks directly. Don’t hide issues at last gate.”

Team & Operations:

/pb-team - “Psychological safety is directly enabled by preamble thinking. When teams operate from that preamble, challenging assumptions becomes the default.”
/pb-incident - “During response: be direct about status, challenge assumptions about cause, surface unknowns”
/pb-standup - “Surface blockers and risks directly. Use preamble thinking: be direct about problems, don’t hide issues to seem productive.”
/pb-onboarding - “New team members learn this preamble first: challenge assumptions, prefer correctness, think like peers.”

Meta Commands:

/pb-what-next - Context analysis requires critical perspective
/pb-knowledge-transfer - Transferring knowledge requires honest discussion

Every command that involves collaboration, decision-making, or review assumes this preamble.

Why This Matters

Teams without this anchor fall into patterns:

Performative agreement - “Looks good!” without actual critical thought
Risk-averse consensus - Lowest common denominator wins, not best idea
Hierarchy over quality - Senior person decides, junior person stays quiet
Hidden problems - Issues surface in production, not in planning
Regret and burnout - Team members knew the risk but didn’t speak up

Teams with this preamble:

Better decisions - Assumptions get surfaced and tested
Psychological safety - You can disagree without fear
Faster learning - Mistakes are caught early
Ownership mindset - You’re responsible for quality, not just execution
Sustainable pace - Problems don’t surprise you in production

This preamble isn’t nice-to-have. It’s foundational. Everything else in the playbook depends on it.

VIII. When This Goes Wrong: Failure Modes

Failure Mode 1: Argumentative Culture

What it looks like: Team challenges everything. Every decision turns into debate. Nothing gets shipped.

Why it happens:

Preamble interpreted as “challenge everything, always”
No distinction between healthy challenge and obstruction
Judgment about what’s worth challenging never develops

Prevention:

Emphasize Section II.5: “When to Challenge, When to Trust”
Use post-mortems to reflect: “Was this debate valuable?”
Leader models when to stop debating and decide

Failure Mode 2: Leader Dismissal

What it looks like: “I’m challenging your concern, not ignoring it” becomes cover for dismissal.

Why it happens:

Leader uses preamble language as justification to override concerns
“Your concern is valid, but I disagree” without genuine engagement
Pseudo-listening that doesn’t actually consider the challenge

Prevention:

Leaders must demonstrate they’ve genuinely considered the challenge
Ask: “Am I actually engaging with this concern or just performing engagement?”
Team feels free to escalate if dismissal pattern becomes clear

Failure Mode 3: Tone Weaponization

What it looks like: “Just be more direct” becomes code for “shut up and accept it.”

Why it happens:

Preamble emphasizes “truth over tone”
Gets misused as “I can say anything harshly and you should accept it”
Actual rudeness gets justified as “just being direct”

Prevention:

Truth over tone ≠ Rudeness
Clarify: “Direct and respectful” is the standard, not “direct and harsh”
Challenge tone when it’s genuinely unhelpful

Failure Mode 4: Pseudo-Psychological Safety

What it looks like: Team publicly invites challenge but subtly punishes it.

Why it happens:

Leadership says “disagree with me” but reacts badly when people do
Preamble becomes theater instead of culture
People learn safe disagreement is punished in subtle ways (tone, assignment, promotion)

Prevention:

Leadership must visibly accept challenges and change decisions
Track patterns: does challenging ever affect promotion/assignment? If yes, you have a problem
Regular check-in: “Do you feel safe disagreeing with me?” If no, rebuild trust first

Failure Mode 5: Perpetual Indecision

What it looks like: Competing perspectives are all equally valid. Decisions never get made or keep getting reopened.

Why it happens:

Preamble emphasizes showing trade-offs, all perspectives
Confusion between “surface all perspectives” and “all perspectives are equally correct”
Leader afraid to decide, hiding behind “we need more input”

Prevention:

Decision time has a clock. Debate until then, then decide.
Decision authority is clear (senior person decides, after hearing challenge)
Decisions can be revisited if circumstances change, but not constantly

Failure Mode 6: Senior Person Abuse

What it looks like: Junior team member challenges decision. Senior person says “I’ve decided, preamble doesn’t apply to hierarchy.”

Why it happens:

Preamble is interpreted as “only works among equals”
Authority sees preamble as threat instead of improvement
Deliberate misreading: “You’re trying to override my authority”

Prevention:

Make explicit: Preamble applies across hierarchy
“Senior person decides” doesn’t mean “senior person isn’t challenged”
Senior person’s job is to genuinely engage with challenge, not just pretend to

What to Do If You Notice a Failure Mode

Name it - “I think we’re in perpetual debate mode. Should we set a decision deadline?”
Reference the preamble - “Preamble says to challenge early and decide clearly”
Propose the fix - “I suggest we debate this until Friday, then decide Monday”
Don’t go silent - If pattern persists, escalate (to leadership, 1-on-1, team retro)

The test: Does your team show the benefits listed in “Why This Matters”? If not, something’s gone wrong and needs addressing.

IX. What’s Next: Philosophy Expansion

This preamble establishes the foundational mindset. Three more parts are being developed to address nuance and context:

Part 2: Async & Distributed Teams (in progress)

How preamble thinking works in async communication (Slack, GitHub comments, async meetings)
Timing, tone, and intent in written feedback
Building trust across distributed teams
Psychological safety in remote-first cultures

Part 3: Power Dynamics & Psychology (in progress)

How preamble applies across hierarchies (reporting relationships, performance reviews)
Dissent escalation: when to accept vs. escalate
Building toward preamble thinking on teams with low psychological safety
Authority earned through reasoning, not just position

Part 4: Decision Making & Dissent (planned)

Decision reversal: when you’ve disagreed, now what?
Cost-benefit of continuous challenge
Loyalty after disagreement
Building toward organizational learning culture

These expansions deepen the philosophy with context-specific guidance while keeping core preamble intact.

/pb-preamble-async - Async and distributed team collaboration
/pb-preamble-power - Power dynamics and psychological safety
/pb-preamble-decisions - Decision making and dissent
/pb-design-rules - Technical principles (complement to preamble)
/pb-think - Structured thinking with preamble mindset

Read this before any other command. Reference it when you feel hesitation about speaking up. Build it into your culture from day one.

Preamble Part 2: Async & Distributed Teams

Extending core preamble thinking to asynchronous communication, distributed teams, and remote-first cultures.

Resource Hint: opus - Deep collaboration philosophy applied to async contexts; nuanced reasoning required.

When to Use

Transitioning a team to remote-first or async-heavy workflows
Diagnosing communication breakdowns in distributed teams
Establishing async norms for cross-timezone collaboration

I. The Async Challenge

Core preamble works in real-time: face-to-face conversation, synchronous meetings, immediate feedback. Tone is visible. Intent is clarified. Misunderstandings get resolved in minutes.

Async breaks this:

No immediate clarification when misunderstood
Tone disappears in text. Your “direct challenge” reads as harsh
Time zones mean decisions can’t happen synchronously
Context is fragmented across threads, messages, documents
Vulnerability is harder when unobserved
Trust must be built differently

The risk: Teams retreat to performative agreement because challenge feels even more risky async. Silence increases. Problems hide.

The opportunity: Written communication forces clarity. Challenge must be explicit. Reasoning is documented. Disagreement becomes visible.

The preamble still applies-but it requires new discipline in async contexts.

II. Async Principle 1: Write as If Explaining to the Team

In sync communication, you can hedge, soften, and gauge reaction live. In async, you must commit to the page.

Core preamble principle: Correctness Over Agreement

Async application: Your writing must invite scrutiny, not defensiveness.

How It Works

Bad (looks harsh in writing, invites defensiveness):

Your approach is flawed. We should use X instead.

Good (clear, invites discussion):

I'm concerned about this approach because [specific risk].
Have you considered X? Here's why I think it fits better: [reasoning].
Happy to discuss-maybe you've already thought through these concerns.

Better (even clearer):

Strong point about [their idea]. One concern I have: [specific issue].
Why? [reasoning with context].
I'm not certain this is the best path. Could be wrong-what am I missing?

The Discipline

Writing forces you to:

Name the assumption - “I’m assuming…” makes your thinking transparent
Show your reasoning - Not just “this is better,” but why
Invite counter-argument - “Maybe I’m wrong about this” is not weakness, it’s clarity
Separate observation from prescription - “Here’s what I see” vs. “Here’s what you should do”

Why this matters: Async readers can’t hear your tone. They can only read your words. If they feel dismissed, they won’t engage. If they see genuine thinking, they will.

III. Async Principle 2: Context Starvation Demands Explicitness

Async communication is fragmented: Slack threads, GitHub PRs, email chains, meeting notes. Each message stands alone. The full context isn’t present.

Core preamble principle: Truth Over Tone

Async application: Provide context in every message. Assume the reader doesn’t have the full picture.

How It Works

Bad (requires reader to have full context):

This is a problem. We talked about this last week.

Good (provides context in the moment):

Last week in standup we decided on approach X because [reason].
Looking at the implementation, I see [specific issue] that we didn't anticipate.
This means [impact]. I think we should revisit our decision because [reasoning].

The Discipline

Quote relevant context - If referencing a decision, quote it or link to it
Explain your frame - “From the security perspective, this matters because…”
State assumptions you’re making - “Assuming we still want [goal]…” makes it easy to correct you
Summarize the ask - What decision or input do you need?

Why this matters: Async readers can’t ask “what do you mean?” in real-time. If your message is unclear, they’ll either misunderstand or go silent. Explicitness prevents that.

IV. Async Principle 3: Timing Replaces Real-Time Negotiation

In synchronous communication, you debate until resolved. In async, timing becomes strategy.

Core preamble principle: Challenge early, decide clearly, execute aligned

Async application: Distinguish between discussion time and decision time.

How It Works

Decision Clock Pattern:

Starting discussion: [date/time]
Will decide by: [specific date/time]
Needed input: [what you need to decide]
Current options: [list with trade-offs]

What changes:

People know there’s a deadline
They can plan when to engage
No assumption of continuous debate
Clear when decision authority takes over

Example:

We need to decide on database approach. Here are the three options with trade-offs.
Discussion open until Friday EOD. I'll synthesize input and decide Monday morning.
If you have strong concerns, flag them with reasoning by Friday.

The Discipline

Set decision clocks explicitly - Not vague (“soon”), but specific
Announce who decides - “I’ll make the final call” is clearer than “we’ll see what the team thinks”
Accept you might be wrong - Decision clock doesn’t mean you’re certain, means you’re committing to move
Document the reasoning - Future you and the team will appreciate knowing why you decided

Why this matters: Async teams get stuck in perpetual debate because there’s no natural conversation endpoint. Decision clocks force closure while still inviting input.

V. Async Principle 4: Written Challenge Requires Courage, Not Softness

The biggest risk with async is that people go silent. They don’t challenge because it feels riskier in writing.

Core preamble principle: Critical, Not Servile

Async application: Be direct in writing. But direct ≠ harsh.

How It Works

Too soft (people miss the challenge):

Interesting approach! I wonder if maybe there could potentially be
some considerations around [vague concern]?

Direct AND respectful (people hear you):

I see value in this approach. I have a real concern: [specific issue].
Here's why it matters: [reasoning]. What am I missing?

Even better (invites counter-challenge):

I might be wrong here, but I see a risk: [specific].
I'm not certain we have the right answer. Your thoughts?

The Discipline

Name the concern directly - “I’m worried about X” not “one might wonder about possibly X”
Show you’ve thought it through - “Here’s why this specific issue matters…” not vague hand-waving
Leave room for being wrong - “Tell me if I’m missing something” shows confidence, not insecurity
Respect their expertise - “You know this better than me. But from my perspective…” honors different perspectives

Why this matters: In async, soft challenge reads as passive-aggressive (“are they actually concerned or just being polite?”). Direct challenge reads as engagement. People respect directness more than they appreciate artificial softness.

VI. Async Principle 5: Psychological Safety Requires Visibility

In sync teams, psychological safety builds through many small moments. You take a risk, it’s accepted, you take another. Repeat until trust exists.

In async, those moments are visible to everyone. But they’re also more fragile.

Core preamble principle: Think Holistically

Async application: Build trust through consistent patterns, not perfect moments.

How It Works

What kills async psychological safety:

Silent disagreement (person goes quiet)
Slow response to challenges (feels like dismissal)
Decisions that revert challenges (inviting input but ignoring it)
One harsh response in a thread (poisons the well)

What builds async psychological safety:

Leader visibly changes mind based on input
Quick acknowledgment of challenges (“good point, haven’t thought of that”)
Transparent decision-making (showing why you chose what you chose)
Consistent tone (professional, not defensive when challenged)
Escalating up, not shutting down (when someone challenges, others feel safer too)

Examples

Building it (over many interactions):

[Day 1] Someone challenges an approach.
Response: "You're right, I hadn't thought about X. Let me reconsider."

[Day 2] Someone asks a tough question in Slack.
Response: "Good catch. That's a real constraint I should have mentioned."

[Week 1] Someone disagrees in a PR.
Response: "I see your point. Different approach has trade-offs, but yours is better for this. Changed."

Pattern emerges: Challenges are welcomed, considered, and sometimes change outcomes.
Result: Team feels safe disagreeing.

Destroying it (one bad pattern):

[Iteration 1] Person challenges. Leader: "Sounds good, thanks for input."
[Iteration 2] Same person challenges. Leader: "We already discussed this."
[Iteration 3] Same person goes silent. Different person challenges. Also goes silent.

Pattern emerges: Challenges are acknowledged but ignored.
Result: Team stops trying. Async becomes performative.

The Discipline

Respond quickly to challenges - Even if your response is “good point, let me think about it”
Be visibly responsive - If someone raises a concern, they should see you considered it
Change your mind in public - When you do, explain why the challenge convinced you
Address not dismiss - “We’re going forward with X because [reason]” not “We’re doing X, final decision”

Why this matters: Async safety is fragile because silence is the default. You must actively build it through consistent patterns.

VII. Async Anti-Patterns

Anti-Pattern 1: The Long Thread That Never Resolves

What it looks like:

47 messages debating one decision
Half the team drops out
No clear resolution
Everyone confused about what was decided

Prevention:

Thread gets long (>10 messages), move to structured format
State decision at the top of thread, mark as resolved
Don’t let threads become archives of thinking

Anti-Pattern 2: “Synchronous Async” (Waiting for Responses)

What it looks like:

Person sends message, then waits
Keeps checking for response every 5 minutes
Frustrated when people don’t respond immediately

Prevention:

Async means async. Send your input, move on to other work
Don’t create urgency artificially
If you need something urgent, use sync communication (call, chat)
Respect that people are in different time zones

Anti-Pattern 3: Hidden Disagreement

What it looks like:

Person disagrees but goes quiet
Later, they undermine the decision in execution
Or they bring it up in 1-on-1, not in public

Prevention:

Make disagreement visible: “I think this is a risk, but I understand the decision”
Document your concern: “I wanted this recorded because it might matter later”
If you can’t live with the decision, escalate-don’t hide and sabotage

Anti-Pattern 4: Performative Inclusivity

What it looks like:

“What do you all think?” then decision already made
Asking for input on decided matters
Theater of collaboration, not actual collaboration

Prevention:

Only ask if you’re genuinely open to answers
Mark things as decided vs. still open
Explain constraints that limit options (“We need to decide by Friday because…”)

VIII. Async Skill Development

This doesn’t come naturally. Async communication requires discipline that sync doesn’t.

Skills to Build

Writing clarity:

Make your thinking visible
Explain assumptions explicitly
Separate observation from opinion

Timing judgment:

When to challenge vs. when to trust
How long to discuss vs. when to decide
When to escalate vs. when to accept

Reading between lines:

Understanding intent when tone is missing
Not assuming harsh tone when probably direct
Recognizing silent disagreement

Decision-making:

Making calls with incomplete input
Documenting reasoning
Being open to revisit if new info emerges

How Teams Improve

Model it - Leaders write clearly, decide with reasoning, change minds visibly
Normalize it - “That PR comment could be clearer, try [example]”
Debrief it - In retros: “That async discussion worked/didn’t work because…”
Iterate - Async communication improves with practice and feedback

IX. When to Use Sync Instead

Not everything should be async. Some decisions need sync communication:

Use sync when:

Decision is complex with many variables
Misunderstanding is high-risk
Emotion or relationship is at stake
Time is genuinely urgent
Creative brainstorming needed
Someone is clearly confused and async isn’t clarifying

Use async when:

Everyone can read the same information
Time isn’t urgent
Reasoning needs to be documented
People need time to think before responding
Decision doesn’t need many perspectives at once

Best teams use both: Async for most work, sync for the decisions that matter most.

Summary: Async Doesn’t Change Preamble, It Extends It

Core preamble principles remain:

Correctness Over Agreement - Write to invite scrutiny
Critical, Not Servile - Be direct in writing
Truth Over Tone - Provide context, not softness
Think Holistically - Build safety through patterns

Async adds discipline:

Explicitness - Say what you mean clearly in writing
Timing - Decision clocks replace natural conversation endpoints
Visibility - Your challenges and responses are all recorded
Courage - Speaking up in writing feels riskier and requires more intent

Teams that master async apply preamble thinking harder, not differently.

/pb-preamble - Core principles (Part 1)
/pb-standup - Async communication for status
/pb-pr - Code review as async challenge
/pb-cycle - How peer review can be async
/pb-team - Building psychological safety in remote teams

Async & Distributed Teams - Natural progression from core preamble thinking.

Preamble Part 3: Power Dynamics & Psychology

Extending core preamble thinking to hierarchies, authority, and the psychological reality of power differences.

Resource Hint: opus - Nuanced reasoning about power dynamics and psychological safety.

When to Use

Addressing situations where juniors hesitate to challenge seniors
Building structures that make honest feedback safe across levels
Diagnosing why “think like peers” is not working in practice

I. The Reality: Power Isn’t Irrelevant

The core preamble says “think like peers, not hierarchies.” This is the goal. But the honest truth:

In most organizations, power is real:

Your manager controls raises, promotions, assignments
Senior people have more context and experience
Hierarchy exists for reasons (speed, accountability)
Not everyone has equal ability to speak up

The preamble-in-real-life challenge: Can a junior engineer actually challenge their senior architect? Can a new team member question the director’s decision?

The honest answer: Not without effort. But with the right structure, they can.

This part addresses that gap. How do we extend preamble thinking to organizations that have power differences, while honestly acknowledging those differences exist?

II. The Power Dynamic: What’s Really Happening

What Power Means in Practice

Power is:

Ability to make decisions
Control over resources (budget, assignments, time)
Control over consequences (raises, promotions, feedback)
Access to information others don’t have
Authority to veto or overrule

Power isn’t:

Having the best ideas
Being right more often
Being smarter or more skilled
Deserving to have the final say

The mistake: Confusing authority with correctness.

Why This Matters for Preamble Thinking

Core preamble assumes the best idea wins regardless of who says it. But in hierarchies:

A junior person’s great idea might not surface because they feel unsafe saying it
A senior person’s mediocre idea might win because nobody dares challenge it
Psychological safety is impossible if power is weaponized

The goal: Separate authority (yes, you decide) from correctness (no, that doesn’t mean you’re right).

III. Challenge Across Power: The Rules

Rule 1: Challenge the Decision, Not the Authority

This kills challenge:

Senior person: "We'll use microservices."
Junior person (thinking): "That's wrong. But I can't say that."

This enables challenge:

Senior person: "We'll use microservices because [reasoning about scale, team composition]."
Junior person: "I understand the reasoning. One concern: [specific risk based on experience].
Have you considered [alternative]?"

What changed: Moving from implicit (“who are you to disagree?”) to explicit reasoning that can be examined.

Rule 2: Challenge With Evidence, Not Feelings

Vague challenge (easy to dismiss):

"I just feel like this is risky."

Strong challenge (hard to dismiss):

"I'm concerned about this risk: [specific technical or organizational issue].
Here's why: [reasoning]. I've seen this pattern in [examples/experience].
What am I missing about why you think it's okay?"

Why this matters: Evidence-based challenge is harder to reject emotionally. It forces the decision-maker to think, not just assert authority.

Rule 3: Challenge Privately If It’s About Them, Publicly If It’s About the Idea

Bad (public character challenge):

In a meeting: "You always do this. You never listen. That's why this decision is bad."

Good (public idea challenge):

In a meeting: "I have concerns about this decision. Here's the technical risk: [specific].
Happy to discuss."

Good (private character feedback):

1-on-1: "I've noticed a pattern where you seem dismissive of junior input.
I want to be direct: it makes me hesitant to speak up. Is that intentional?"

Why this matters: Public criticism of ideas is fair game. Public criticism of character is delegitimizing. Save character feedback for private, one-on-one settings.

Rule 4: Challenge When It Matters, Not Everything

Destroying the privilege with overuse:

Challenge about architecture decisions: Good.
Challenge about their coffee choice: Why?
Challenge about their word choice in a sentence: Respect their autonomy.

Building credibility:

Challenge 2-3 things per month, not 2-3 things per meeting
Challenge when the stakes are real
Let them win some discussions
Show judgment about what’s worth challenging

Why this matters: If you challenge everything, nothing gets challenged (you become noise). If you challenge thoughtfully, your challenges carry weight.

IV. When Authority Should Matter Less

Some domains require less deference to authority. Some domains require more. The job is knowing which is which.

Authority Matters Less In:

Technical correctness

A junior person can be right about a bug and senior person wrong
Code either works or it doesn’t
Example: “This function has off-by-one error. Here’s the fix.”

Customer impact

A junior person closer to customers might see risks senior people missed
Example: “I talked to users and they’re confused by this workflow. Have you gotten feedback?”

Operational reality

A junior person might see constraints senior people don’t live with daily
Example: “This deploy process you designed requires 4 hours. We’ve been shipping weekly.”

Risk identification

A junior person might see security or scale risks
Example: “This handles 10k requests. What if we hit 100k?”

Authority Matters More In:

Strategic context

Senior people have information you don’t
“We’re selling this line of business” is context that changes everything
You can ask questions, but they might not be able to fully answer

Resource constraints

Senior people manage budgets, timelines, organizational politics
“Why not hire more people?” might have answers you don’t see
You can question, but trust they’ve considered it

Accountability

Senior people are responsible if it goes wrong
Their authority is partly proportional to their responsibility
You can input, but they own the decision

Organizational boundaries

Some decisions aren’t your function to challenge
Junior engineer challenging CEO’s strategic direction is different from challenging tech lead’s architecture
Know the limits of your domain

V. Senior Person Responsibilities: Using Authority Well

If you have authority, you have special obligations.

Responsibility 1: Genuinely Invite Challenge

Theater (claiming to invite challenge while punishing it):

"I want to hear dissenting views. What do you think?"
[Person challenges]
"Well, I've already decided. Just wanted your input."
[Person learns: challenging is pointless]

Real (inviting and sometimes accepting challenge):

"I'm thinking about doing X because [reasoning]. I'm not certain.
What concerns do you have? I might change my mind."
[Person challenges with evidence]
"You know what, you're right about that risk. Let's do Y instead."
[Person learns: challenging sometimes works]

Responsibility 2: Explain Your Reasoning, Not Just Your Decision

Bad:

"We're using PostgreSQL. Final decision."

Good:

"We're using PostgreSQL because: [specific reasoning about our use case].
It's not perfect-tradeoffs are [list]. But for us, this is the right call.
Questions?"

Why this matters: When people understand your reasoning, they can challenge it meaningfully. When you just assert, they either agree or resist-no real thinking happens.

Responsibility 3: Demonstrate You Can Change Your Mind

This might be the most important one.

If you never change your mind based on input, you’re teaching people not to input. Even if you’re right 95% of the time, that 5% where you change builds trust for the 95%.

Examples of actually changing:

“I said X, but your point about [specific concern] changed my thinking. Let’s do Y.”
“I didn’t consider [that angle]. That’s a good catch. Let me reconsider.”
“You’re right, I was wrong. Here’s why I was wrong, and what we’ll do differently.”

Why this matters: People believe you want challenge when they see it work. Not promises, not theater. Actual instances where challenge changed the outcome.

Responsibility 4: When You Overrule, Explain Why

Bad (just deciding):

"I've heard all perspectives. We're going with A."

Good (explaining the overrule):

"I've heard the concerns about A: [summarize the challenge].
I'm still choosing A because [reasoning that explains why the challenge didn't convince you].
I could be wrong. We'll revisit in [timeframe] and see if the risks materialized."

Why this matters: Even when you decide not to be swayed, explaining why maintains the person’s dignity and shows you actually considered them.

VI. Challenge Across Hierarchy: For the Junior Person

How to Challenge Upward Safely

Setup (before you challenge):

Build credibility first. Do good work, ask thoughtful questions
Choose your battles. Challenge things that matter
Get evidence. Don’t challenge on vibes
Understand their perspective first. “I understand you’re deciding X because [reasoning], right?”

The challenge itself:

"I understand the reasoning. I have a concern I want to surface: [specific].
Here's why I think it matters: [reasoning].
What am I missing about this?"

Key elements:

Show you understand their perspective
Name the concern directly (not hint)
Provide reasoning (not just feelings)
Ask what you’re missing (leaves them authority)

After the challenge:

If they change their mind: “Thank you for listening. This is better.”
If they don’t: “I understand. Let’s execute this and see what happens. I’ll keep watching for my concern to materialize.”
If it does materialize: “Remember I flagged this? Happening now. What do we do?”

Why this matters: You’re building a track record. “I flag important things and I’m often right” is credibility. Over time, that means your challenges get heard.

What If They Punish You for Challenging?

This is a serious signal. If challenging has negative consequences (tone shift, unfair treatment, exclusion), you have a problem that’s bigger than preamble.

What to do:

Document it - Keep records of what you challenged and how they responded
Test it again - Is it consistent? Is it really punishment or projection?
Talk to them 1-on-1 - “I noticed you seemed frustrated when I raised [concern]. Did I handle that poorly?”
Escalate if it continues - Talk to HR, their manager, or someone you trust
Consider leaving - If authority is actually being weaponized, the organization has a bigger problem

The hard truth: Some organizations aren’t ready for preamble thinking. You can’t change that alone. Protect yourself.

VII. Building Toward Preamble: Teams Without Psychological Safety

Not all teams start with safety. Some start with hierarchy, fear, and silence. How do you build toward preamble thinking on those teams?

Stage 1: Safe Small Challenges (Months 1-3)

What to challenge: Low-stakes, technical questions where you’re clearly right

"Is this the latest version of the library? I see a security patch."

What not to challenge: Strategic decisions, resource allocation, their competence

Goal: Demonstrate that challenging is possible and doesn’t hurt

How leaders help: Respond positively to safe challenges. “Good catch! Thank you for paying attention.”

Stage 2: Build One Trusted Relationship (Months 2-6)

You don’t need the whole team to feel safe. Build one relationship where challenge works.

With your manager: Small challenges with evidence With a peer: Vulnerability, showing you don’t have all the answers With a senior person: Specific technical questions that respect their expertise

Goal: One person experiences safe challenge. They model it for others.

Stage 3: Make Safety Visible (Months 3-12)

Once someone changes their mind based on your input, the risk calculus changes. Others see that challenge has real power.

What leaders do:

When someone challenges and you change your mind, do it visibly: “I changed my mind because [person] pointed out [concern]. Better decision.”
Thank people for challenges in meetings: “I appreciate you flagging that.”
Follow up: If someone raised a concern and it turned out to matter, circle back: “Remember you were worried about X? It did become a problem. Your thinking was right.”

Goal: Challenge becomes normalized. Safety increases.

Stage 4: Systemic Safety (After 12+ months)

Once challenge is normal in meetings, retrospectives, planning, and decisions, you have safety at scale.

What this looks like:

People disagree in meetings and nobody panics
Leaders change their minds based on input
Problems surface early instead of in production
Junior people have input that senior people listen to

Important: This takes time. Don’t expect it in weeks. Culture change is months to years.

VIII. Special Cases: Sensitive Power Dynamics

Some situations are especially fraught. Here’s how preamble thinking applies:

Performance Reviews

Can you challenge your performance review? Yes. But with care.

Manager: "I think your execution could be faster."
You (bad): "That's not fair. You don't understand my work."
You (good): "I appreciate the feedback. Can you give me specific examples?
I want to understand what you're seeing so I can improve."
[Later, after thinking]
You (better): "I thought about your feedback. One thing I might do differently: [specific].
But I'm also concerned about [trade-off]. Can we talk about how to improve without sacrificing quality?"

Key: You’re not dismissing their authority. You’re asking clarifying questions and offering your perspective.

Compensation / Promotion

Can you challenge salary or promotion decisions? Yes. Carefully.

Manager: "We're not promoting you yet."
You (bad): "This is unfair. Everyone else..."
You (good): "I understand. Can you help me understand what I need to demonstrate
to earn a promotion? What are the gaps you see?"
[After working on those gaps]
You (better): "I've worked on [specific improvements]. I think I've closed the gaps you identified.
I'd like to revisit the promotion conversation."

Key: You’re not arguing about fairness. You’re asking for clarity and demonstrating progress.

Team Composition / Role Changes

Can you challenge being moved to a different team? Cautiously.

Manager: "We need you on the new platform team."
You (bad): "I don't want to. This is wrong."
You (good): "I want to understand the reasoning. Why this team, why now?
What happens to the project I'm on?"
You (better): "I understand the business need. I'm concerned about [specific impact].
Can we discuss options that meet the business need and address my concern?
[Specific alternatives]"

Key: You’re not refusing. You’re raising concerns and offering solutions.

Personality Conflicts

Can you challenge someone’s behavior toward you? Yes. Very carefully.

Not in a meeting with their boss: "You did X and it made me feel Y."
In a private 1-on-1: "I've noticed you interrupt me in meetings. Is that intentional?
It makes me hesitant to speak up."

Never: Publicly accuse someone of bias or poor behavior. Always: Handle it privately first.

IX. Dissent Escalation: A Clear Framework

When you disagree with a decision, what’s your path forward?

Level 1: Input During Decision (Primary)

Decision being made.
You: "I have concerns: [specific]. Here's why: [reasoning]."
Decision maker: Listens, considers, decides.
You: Execute and support, even if you disagree.

This is the normal path. Input is heard. Decision is made. You move forward.

Level 2: Request Reconsideration (Rarely)

Decision was made.
You: "I've been thinking about [specific risk you flagged].
It's becoming real. Can we reconsider?"
Decision maker: Considers new evidence. Might revert, might stick.
You: Accept and move forward.

This is when your concern becomes reality. The decision-maker reassesses.

Level 3: Escalation (Very Rarely)

Decision violates safety, ethics, or legality.
You: You speak to their manager or HR.

Examples: Safety risk being ignored, discrimination, fraud, destruction of value.

This should be rare. If you’re escalating frequently, either:

You don’t trust the decision-maker (deeper problem)
You don’t understand the constraints they’re operating under
The organization has deeper dysfunction

Level 4: Non-Compliance (Extremely Rare, Career-Affecting)

Decision violates your core values.
You: You refuse to execute.

This is the nuclear option. You’re saying “I can’t do this.” This usually leads to:

Being overruled and you leave the company, or
Your concern being serious enough that organization changes

Only do this if you’re willing to leave.

X. Authority Earned Through Reasoning

The deeper principle: Authority should be earned through demonstrated good thinking, not just position.

How Authority Grows

Early in career: “What does the senior person think?” → They have more experience Mid career: “What does the senior person think, and do they have good reasoning?” → You start weighing answers Late career: You earn authority by consistently being right and changing your mind when you’re wrong

How Authority Shrinks

Asserting decisions without reasoning
Punishing people who challenge you
Never changing your mind
Making decisions that turn out badly and not learning
Dismissing input from people with relevant expertise

The Goal

Authority based on reasoning is stronger than authority based on position.

When people follow your decisions because your reasoning is sound, not because you’re the boss:

They’re more engaged
They execute better
They’re more likely to catch your mistakes
The organization is healthier

Summary: Preamble Works Across Power, With Discipline

Core preamble principles remain:

Challenge assumptions
Correctness over agreement
Truth over tone
Think holistically

With power dynamics, you add:

Clarity: Be explicit about reasoning, not just decisions
Evidence: Challenge based on evidence, not feelings
Discretion: Know what’s yours to challenge vs. trust
Responsibility: Senior people must genuinely invite challenge and sometimes accept it
Escalation: Clear paths for when normal challenge isn’t enough

The test: Does the best idea win, or does the senior person’s idea win?

If it’s the former, you have preamble thinking working across hierarchy. If it’s the latter, you have hierarchy working despite preamble thinking.

/pb-preamble - Core principles (Part 1)
/pb-preamble-async - How these apply in async (Part 2)
/pb-team - Building team culture and psychological safety
/pb-incident - Honest assessment under stress
/pb-onboarding - Bringing people into preamble culture

Power Dynamics & Psychology - Real-world application of preamble thinking.

Preamble Part 4: Decision Making & Dissent

Extending core preamble thinking to decision finality, execution alignment, and organizational learning.

Resource Hint: opus - Decision frameworks require careful reasoning about trade-offs and organizational dynamics.

When to Use

Teams stuck in endless debate without reaching decisions
Establishing decision clocks and commitment protocols
Balancing challenge culture with the need to ship

I. The Tension: Challenge vs. Movement

Core preamble invites challenge. Every decision gets examined. Assumptions get questioned. Trade-offs get surfaced.

But there’s a cost:

If you can challenge forever, nothing ships. Teams get exhausted. Debate becomes the mode instead of decision.

The tension is real:

You want honest input
But you also need to decide and move forward
You want learning from past decisions
But not endless re-litigation of past choices
You want psychological safety
But not paralysis

This part addresses how to honor both: genuine challenge + decisive action.

II. Decision Clocks: Creating Closure

The core principle: Challenge early, decide clearly, execute aligned.

The mechanism: Decision clocks.

How Decision Clocks Work

Before significant decisions, announce:

When the decision needs to be made (specific date/time)
How much input you want (what information matters)
Who decides (you, team consensus, some other process)
What happens after (decision is final, revisitable in [timeframe], etc.)

Example 1: Architecture Decision

DECISION CLOCK: Database Choice

Timeline:
- Now to Friday EOD: Discussion open
- Monday 9am: Final decision announced

Input wanted:
- Technical constraints we haven't considered
- Experience with each option
- Deployment/operational impact
- Scaling concerns for our projected growth

Decision maker: I'm deciding this based on:
- Your input + my analysis
- Trade-offs documented (I'll share my reasoning)

After decision:
- We commit to this for 18 months minimum
- Revisit only if fundamental constraints change
- We'll document why we chose this for future reference

Example 2: Process Change

DECISION CLOCK: Code Review Process

Timeline:
- Feedback window: This week (I want your perspective)
- Decision: Friday morning
- Implementation: Next Monday

What I'm optimizing for:
- Catching real bugs
- Shipping faster
- Reducing meeting load

What would change my mind:
- Evidence this will hurt quality
- Operational concerns from teams doing the reviews
- Better alternative that addresses all three

After decision:
- We'll try it for 4 weeks
- We'll measure: bugs caught, shipping speed, meeting time
- We'll revisit based on results

The Discipline

Before launching a decision clock:

Be genuine about openness (are you actually willing to change your mind?)
Be clear about constraints (what can’t change, and why?)
Be specific about timing (not “soon,” but actual date/time)
Be explicit about process (how will you decide? it’s not just “I’ll think about it”)

During the discussion window:

Listen. Don’t defend your initial idea
Ask clarifying questions
Push back on vague input (“give me specifics”)
Take notes on concerns

When announcing the decision:

Explain your reasoning
Acknowledge concerns (even ones you’re not addressing)
Explain why you chose what you chose
Be clear about what’s not revisitable in the near term

Why This Works

Decision clocks solve the impossible choice between challenge and movement:

People know they have time to raise concerns (removes urgency pressure)
People know when debate stops (removes perpetual debate)
People know you’ve considered their input (even if you didn’t change your mind)
Decisions get made and teams move forward

Without decision clocks: Teams get stuck arguing forever, or leaders shut down discussion to force closure (kills safety).

With decision clocks: Challenge happens, then movement happens, then learning happens.

III. Loyalty After Disagreement: Execution Alignment

You challenged the decision. Your concerns weren’t addressed. Decision was made anyway. Now what?

The Three Levels

Level 1: Alignment

You: "I still have concerns about this. But I understand the decision.
Let's execute and see what happens. I'm all in."
[You execute well. You watch for your concerns to materialize.]

This is the normal path. You disagree, decision is made, you execute professionally.

Level 2: Documented Dissent

You: "I want to document that I had concerns about [specific risk].
Not to undermine the decision, but for the record.
If this comes up later, I want it noted that I flagged it."
[Decision maker documents your concern.]
[You execute the decision while maintaining documentation.]

This is for serious concerns. You’re saying “I think this might fail, but I’ll execute anyway.”

Level 3: Can’t Execute

You: "I can't execute this. It conflicts with [reason: ethics, safety, values].
I need to escalate."

This is rare. You’re saying the decision is fundamentally wrong and you won’t participate.

Level 4: Leaving

You: "This decision represents a fundamental mismatch between my values and the organization.
I'm leaving."

This is extremely rare. The decision has made you realize you don’t belong here.

The Key Distinction

Loyalty ≠ Agreement

Loyalty means:

You execute the decision well, even though you disagree
You help the team succeed
You don’t undermine the decision
You gather data on whether your concerns were valid
You do this professionally

Loyalty does NOT mean:

Pretending you agree
Suppressing your actual concerns
Sabotaging from within
Hoping it fails so you can say “I told you so”

What Leaders Should Expect

After a decision:

Some people will disagree and execute anyway (healthy)
Some people will have concerns they want documented (healthy)
Some people will check out mentally (problem to address)
Some people will sabotage (red flag)

Your job as leader: Monitor for the last two. Have 1-on-1s with people who seem disconnected.

You: "I noticed you seemed quiet during the decision.
How are you feeling about moving forward?"
Them: "Honest? I think it's a mistake."
You: "I get it. I'm concerned too. Here's why I'm still going forward anyway.
What would you need to feel okay executing this?"

IV. When to Revisit vs. When to Stick

Not all decisions are equal. Some should be revisited quickly. Some should stick for years.

Revisit Quickly When:

New information changes the equation:

Decided: "We're launching in Q2"
New info: Key team member leaving, supply chain disruption
Response: Revisit immediately

Assumptions were wrong in ways we can now verify:

Decided: "Use tech X because it's cheaper"
Reality: Tech X is actually more expensive to operate
Response: Revisit after 2-4 weeks

The decision was explicitly time-gated:

Decided: "Try approach A for 4 weeks, then revisit"
After 4 weeks: Revisit as planned
Response: Follow through on the gate

Stick When:

You’re in the implementation window:

Decided: Use PostgreSQL
2 days into implementation: "Actually, should we use MongoDB?"
Response: Not now. Finish the implementation cycle, then revisit.
Exception: Only if implementation reveals fundamental flaw (impossible to use, security risk)

The decision is costly to reverse:

Decided: Migrate to cloud platform
1 month in: "Hmm, maybe we should stay on-prem?"
Response: Stick for minimum 6 months. Revisit with clear criteria.
Exception: Only if costs are wildly different or outcomes are worse than projected

You just made the decision:

Decision was made 2 days ago. Someone wants to revisit.
Response: No. Decision windows close. Move forward.
Exception: New critical information (safety, legal, major business change)

People are using disagreement as power play:

Decision made on architecture. Senior person X didn't get their way.
X keeps suggesting alternatives in meetings.
Response: "The decision is made. We're moving forward. Revisit in [timeframe]."

Decision Reopening Criteria

If someone wants to reopen a decision, use these criteria:

How much new information?
- Trivial → No
- Clarifying → Maybe
- Game-changing → Yes
How far in are we?
- No work done → Can revisit
- 25% through → Expensive but possible
- 75% through → Stick unless critical
- Done → Only if major failure
Who’s asking?
- Person who didn’t like it first time → No (unless new info)
- Person with new information → Yes
- Team → Depends on criteria 1 & 2
What’s the cost of revisiting?
- Revisiting costs more than sticking → Stick unless critical
- Revisiting costs less → Might be worth it

Use all four criteria together. Not just one.

V. Decision Documentation: Why We Decided

One of the most useful practices: documenting why you decided, not just what you decided.

What to Document

Decision: What we’re doing Context: Business situation at the time Alternatives: What else we considered Rationale: Why we chose this Assumptions: What we’re assuming is true Revisit date: When we’ll check if this is still right

Example

DECISION: Use PostgreSQL for new service

Context:
- Growing user base (10k → 50k projected)
- Real-time reporting needed
- Team has PostgreSQL expertise
- Migration from legacy system

Alternatives considered:
1. MongoDB - flexible schema, easier scale-out
   Rejected because: No team expertise, real-time queries harder
2. Stay on legacy Oracle - maintains compatibility
   Rejected because: We're migrating away, doesn't help new features
3. DynamoDB - AWS-native, good scale
   Rejected because: costs would be higher at our scale, ACID important

Rationale:
- Mature, battle-tested
- Team knows it well
- ACID transactions important for reporting accuracy
- Good for our projected scale

Assumptions:
- We'll hit 50k users (if not, this is overkill, but doesn't hurt)
- Real-time reporting stays critical (might change if product strategy shifts)
- PostgreSQL keeps pace with growth (might need sharding in 5+ years)

Revisit: If we exceed 500k users or if reporting strategy changes

Why This Matters

For future decisions:

You can see what you assumed
You can see what alternatives you rejected and why
You can understand trade-offs

For learning:

Did your assumptions hold? Great data point.
Did they not? Learn what you missed.
Can improve future decision-making

For challenges:

“I disagree with this decision” is much easier to evaluate if you understand the reasoning
“I disagree with this alternative you rejected” can be reconsidered if circumstances changed

VI. Decision Learning: Post-Mortems Without Blame

Decisions fail sometimes. The goal: learn without creating blame culture.

What Kills Learning

Blame focus:

"This decision was stupid. Jane should have known better."
Result: Jane gets defensive. Others stay quiet. No one learns.

Perfection expectation:

"We should have seen that coming. Why didn't we predict it?"
Result: People become paralyzed. Next decisions take forever.

Decision reversal:

"That was the wrong call. We never should have done it."
Result: Trust in decision-making erodes. People second-guess everything.

What Enables Learning

Assumption focus:

"We assumed X was true. It turned out to be false. What does that tell us?"
Result: Understanding of how we think. Improvements to future decisions.

Context humility:

"With the information we had at the time, this was a reasonable decision.
New information changed the outcome. Here's what we learned."
Result: People understand good decisions can have bad outcomes.

Process improvement:

"The decision-making process served us well. The assumption-checking could be better.
Here's how we'll improve."
Result: Future decisions are stronger.

Running a Good Post-Mortem on Decisions

Step 1: Acknowledge the outcome

"We decided X. Outcome was Y (worse than hoped).
This is a post-mortem, not a judgment."

Step 2: Review the assumptions

"At the time, we assumed: A, B, C
Which of those turned out to be wrong?"

Step 3: Understand why the assumption was wrong

"We thought B would be true because [reasoning].
It wasn't because [what changed or what we missed]."

Step 4: What would have changed the decision?

"If we had known X was false, would we have decided differently?"
If yes: We made a good decision with bad luck.
If no: Our decision was flawed beyond assumptions.

Step 5: What do we learn?

"For next time, we should:
- Question this assumption more explicitly
- Gather data on this earlier
- Plan for this outcome
- Have a reversal mechanism
"

Step 6: Document it

Add to decision documentation:
"Outcome: [result]
What we learned: [key learnings]
"

The Shift

From: “Bad decision = someone failed” To: “Bad outcome = what did we learn?”

This subtle shift changes everything. People become willing to make bold decisions because failure is learning, not judgment.

VII. Challenge Fatigue: Knowing When to Stop

There’s a cost to perpetual challenge. Teams get exhausted. Debates drag on. Decisions never get made.

Signs of Challenge Fatigue

In individuals:

Stops speaking up (challenge feels pointless)
Complains in hallways instead of meetings (lost faith in process)
Less energy, more cynicism
Starts looking for new jobs

In teams:

Meetings get longer, not shorter
Same arguments come up repeatedly
New people ask “are we always like this?”
Nothing gets decided without hours of debate

In organizations:

Execution slows down
Competitors ship faster
People feel depleted

Preventing Challenge Fatigue

Use decision clocks (Section II) - Removes perpetual debate

Distinguish between:

Strategic challenges (worth debating more)
Tactical challenges (make decision and move)

Set challenge budgets:

"We can spend 4 hours on this decision.
Not more. Let's use the time well."

Track decision velocity:

"How many decisions are we making per week?"
[If down] "We're being too careful."
[If up] "We might be skipping important thinking."

Leader responsibility:

If you see fatigue, name it.
"I'm noticing people seem frustrated. We might be over-debating.
Let's tighten decision clocks next week."

The Balance

Too little challenge: Mediocre decisions, people feel unheard

Right amount of challenge: Good decisions, people feel heard, movement happens

Too much challenge: No decisions, people burned out, nothing ships

Finding the balance: Experiment. If you’re shipping slowly, tighten clocks. If quality is dropping, loosen them.

VIII. Cost-Benefit of Challenge

Not every decision deserves hours of debate.

High-Stakes Decisions (Debate More)

Characteristics:

Hard to reverse
Affects many people
Long-term impact
High financial impact
Security/safety implications

Examples:

Architecture decisions
Technology migrations
Hiring decisions
Firing decisions
Major product changes

How much debate: Hours to days. Worth the time.

Medium-Stakes Decisions (Moderate Debate)

Characteristics:

Can be reversed
Affects some people
Medium-term impact
Moderate cost to reverse

Examples:

Process changes
Tooling choices
Meeting structures
Documentation requirements

How much debate: Minutes to hours. Not days.

Low-Stakes Decisions (Minimal Debate)

Characteristics:

Easily reversible
Affects few people
Temporary
Minimal cost to reverse

Examples:

Meeting time
Communication channel
Formatting standards
Temporary workarounds

How much debate: Minutes. Decide and move.

The Judgment Call

Junior people often: Challenge everything equally (no discrimination)

Senior people often: Skip challenge on things that need it (overconfident)

Goal: Spend debate time where it matters most.

IX. Building Learning Organizations

The ultimate goal: an organization that gets smarter over time because it learns from decisions.

What Makes Organizations Learn

1. Decision documentation

Why did we decide this?
What were we assuming?
What happened?
What did we learn?

2. Regular review

Not “we were wrong” but “our assumptions didn’t hold”
Not blame but “what can we improve?”

3. Acting on learning

"Last time we assumed X and we were wrong.
This time, let's test it earlier."

4. Sharing across teams

"Team A learned that our prediction about scale was off.
Team B, this affects your planning."

5. Feedback loops

Decision made → Assumptions documented
Execution happens → Assumptions tested
Outcome measured → Learning captured
Future decisions improved

Scaling Learning

Small teams (5-10): Informal. Share in retros.

Medium teams (10-50): ADRs, decision documentation. Share in all-hands.

Large organizations (50+): Formal decision registry. Learning from one team shared across org.

Summary: Decision Discipline

Core preamble principles remain:

Challenge assumptions
Correctness over agreement
Truth over tone
Think holistically

Decision discipline adds:

Decision clocks - Challenge has a window, then closure
Execution alignment - After decision, you execute well even if you disagree
Revisit criteria - Clear rules for when to reopen vs. stick
Documentation - Why we decided, not just what
Learning culture - Outcomes teach us without blame
Challenge budgets - Debate time is finite, use it wisely

The result:

Genuine challenge happens
Decisions still get made
Teams stay energized
Organizations learn
Execution is strong

/pb-preamble - Core principles (Part 1)
/pb-preamble-async - How these apply async (Part 2)
/pb-preamble-power - Power dynamics (Part 3)
/pb-adr - Architecture Decision Records (decision documentation)
/pb-incident - Learning from failures

Decision Making & Dissent - Completing the philosophy foundation.

Design Rules: Core Technical Principles

The preamble tells us HOW teams think together. Design rules tell us WHAT we build. Together, they form the complete framework for engineering excellence.

Resource Hint: sonnet - Reference material for applying established design principles.

When to Use

Making architectural or design trade-off decisions
Reviewing code or designs against core principles
Settling disagreements about “the right way” to build something
Onboarding engineers to the team’s technical philosophy

Anchor: Why These 17 Rules Matter

These are 17 classical software design principles that have proven themselves across decades of software engineering. They’re not new. They’re not trendy. But they’re foundational because they describe how to build systems that work, last, and adapt.

The critical insight: When a team uses preamble thinking (challenge assumptions, prefer correctness over agreement, think like peers), they need design rules to guide WHAT they’re building. Without design rules, good collaboration produces poorly-designed systems. Without preamble thinking, teams debate design rules endlessly without resolution.

How they apply to everything:

Planning - Design decisions embody these rules from the start
Development - Every architectural choice reflects these principles
Review - Reviewers challenge based on which rules are violated
Operations - Systems designed by these rules stay maintainable and adaptable

The four clusters below group the first 17 rules into memorable themes: CLARITY, SIMPLICITY, RESILIENCE, and EXTENSIBILITY. A fifth theme, ATTENTION, captures Rule 18 (Attention as a Finite Resource). Together, these 18 rules provide a complete framework for technical decision-making.

Cluster 1: CLARITY - Design for Understandability

1. Rule of Clarity: Clarity is Better Than Cleverness

The Principle: When you have a choice between a clever solution and a clear solution, choose clarity every time. Clever solutions impress the author; clear solutions serve everyone who reads the code.

Why It Matters: Code is read far more often than it’s written. A clever solution that only the author understands becomes a liability: it’s hard to debug, hard to modify, hard to teach. A clear solution is learned once and used forever.

In Practice:

Explicit variable names beat cryptic abbreviations
Simple control flow beats nested ternaries
Obvious patterns beat surprising optimizations
Readable code beats compressed code

When It Costs: Clarity sometimes means writing more code. Sometimes it means passing more parameters. That’s a trade-off you accept because clarity enables all future work on this code.

Philosophy: Sam Rivera’s Perspective

See /pb-sam-documentation for the complete clarity philosophy applied to documentation and knowledge transfer.

Core insight: Clarity is an act of respect for future readers. When you write code that’s easy to understand, you’re saying “I believe your time is valuable, so I wrote this for you, not for myself.”

For yourself: You read code once and write it once.
For everyone else: They read it dozens of times without your context.
The math: 1 author, 10 readers over 3 years = clarity pays dividends.

2. Rule of Least Surprise: Always Do the Least Surprising Thing

The Principle: In interface design and API design, always choose the behavior users would expect. Don’t surprise them, even in clever ways.

Why It Matters: Surprise is context-switching. When an API behaves unexpectedly, developers stop working and debug. “Oh, that function modifies the original list” or “Oh, that parameter counts from zero” takes mental energy. Expected behavior is automatic; unexpected behavior is cognitive load.

In Practice:

Convention over configuration (use industry standards)
Consistent patterns across your codebase
Clear error messages that explain what went wrong
Predictable state transitions

Example: Don’t write a map() function that deletes elements. Write a filter() function instead. Users expect map() to transform without removing.

3. Rule of Silence: When There’s Nothing to Say, Say Nothing

The Principle: Programs should be quiet unless they have something important to communicate. Excessive logging, warnings, and output become noise that masks actual problems.

Why It Matters: When everything outputs constantly, important signals disappear. Someone runs the program, gets 50 lines of output, and can’t tell which lines matter. Real problems get missed because they’re drowned out by chatter.

In Practice:

Verbose logging during development, silent in production
Errors are loud; normal operation is quiet
No progress messages for fast operations
No warnings for expected edge cases

Example: A deployment that succeeds produces zero output. A deployment that fails produces a clear error. Not the reverse.

4. Rule of Representation: Fold Knowledge Into Data

The Principle: Make the data structure so clear that the logic becomes simple. The work of your program should be visible in the data, not hidden in the code.

Why It Matters: Logic is hard to reason about. Data structures are easy to reason about. When you push knowledge into data, the program becomes obviously correct instead of mysteriously working.

In Practice:

Data structures that represent the problem domain
Enums instead of magic numbers
Explicit state in data structures, not implicit in control flow
Type systems that enforce constraints

Example: Don’t represent “user role” as strings that you check with if role == "admin". Represent it as an enum:

enum Role { Admin, User, Guest }

Now the code is obviously correct: you can’t forget a case.

Cluster 2: SIMPLICITY - Design for Discipline

5. Rule of Simplicity: Design for Simplicity; Add Complexity Only Where You Must

The Principle: Simpler is better. Every line of code adds cost: reading, debugging, testing, maintaining. Before adding complexity, justify it.

Why It Matters: Complex systems fail in ways you didn’t anticipate. Simple systems fail in ways you can predict. A simple system with a known limitation is more reliable than a complex system that tries to handle everything.

In Practice:

Start with the simplest solution that works
Add features when you need them, not when you might
Delete code that isn’t used
Refuse “nice to have” complexity

When It’s Hard: Simplicity requires discipline. It’s harder in the moment: “Let me add support for X even though we don’t need it yet.” But you’re paying a cost every single day the code exists. That one “nice to have” feature might never be needed and costs you 1000 days of maintenance.

Philosophy: Simplicity as Product Discipline

See /pb-maya-product for the product lens on simplicity.

Core insight: Simplicity and scope discipline are inseparable. Every feature is an expense, paid daily in maintenance cost, complexity tax, and cognitive load. The simplest design isn’t about minimalist aesthetics-it’s about ruthlessly eliminating what you don’t need now.

Shipping simple is faster - You know when code is done because it does exactly one thing well
Debugging simple is faster - Fewer moving parts, fewer places where bugs hide
Learning simple is faster - New developers read and understand in minutes, not hours
Changing simple is faster - When requirements shift, you change less code

Trade-off clarity: You can have simple+slow or complex+fast. Prefer simple+slow every time-you can optimize later. Complex+fast almost always becomes complex+slow when you try to maintain it.

6. Rule of Parsimony: Write Big Programs Only When Clearly Nothing Else Will Do

The Principle: Before writing a big, complex system, prove that nothing simpler will work. Most monoliths started as microservices in someone’s head but couldn’t be simplified.

Why It Matters: Big programs are exponentially harder to understand and maintain. Before you choose this path, prove it’s necessary. Most of the time, three focused small programs beat one big one.

In Practice:

Can you build this as an add-on? Do that instead.
Can you use a library? Use it instead of writing it.
Can you simplify the requirements? Do that before building big.

The Anti-pattern: “We’ll build a flexible framework that handles all possible cases.” You won’t use 80% of it. Delete it.

7. Rule of Separation: Separate Policy From Mechanism; Separate Interfaces From Engines

The Principle: Don’t mix different levels of abstraction. Keep the “what should happen” separate from “how it happens.” Keep the interface separate from the implementation.

Why It Matters: When you mix abstraction levels, changes ripple everywhere. When you expose implementation details, clients depend on them. You lose the ability to change anything without breaking everything.

In Practice:

Interfaces that describe contracts
Implementations that fulfill contracts
Don’t leak implementation details
Don’t require callers to understand how it works

Example:

Good: public interface List<T> { void add(T item); }
Bad:  public interface List<T> { void add(T item); void resize(); }

The bad version exposes that lists resize internally. Now clients can’t be changed without breaking code.

8. Rule of Composition: Design Programs to Be Connected to Other Programs

The Principle: Build things that work well together. Design systems as components, not monoliths. Make your output useful as someone else’s input.

Why It Matters: The moment you design for composition, you get reusability, modularity, and flexibility for free. Monolithic design requires you to do everything yourself.

In Practice:

Clean interfaces between components
Use standard data formats
Unix philosophy: do one thing well
Components that are useful independently

Example: A linting tool that writes JSON output can be used with any downstream tool. A tool that writes HTML can’t be piped to anything else.

Cluster 3: RESILIENCE - Design for Reliability and Evolution

9. Rule of Robustness: Robustness Is the Child of Transparency and Simplicity

The Principle: You build robust systems not by adding error handling everywhere, but by making systems so transparent and simple that errors are obvious and handling is straightforward.

Why It Matters: Complex error handling hides bugs. Transparent systems reveal bugs immediately. Simple systems fail predictably. The path to robust systems is NOT “more error handling,” it’s “less hidden complexity.”

In Practice:

Fail fast and loudly
Make state changes explicit
Simple error handling (not nested try-catch blocks)
Transparency enables quick recovery

Example: Bad: Complex error handling that tries to recover from any failure Good: Fail immediately when invariants are violated, so you know exactly what went wrong

Philosophy: Transparency as Defense

See /pb-alex-infra for resilience thinking and /pb-jordan-testing for failure mode discovery.

Core insight: Robust systems don’t hide problems; they broadcast them. Every layer of abstraction that conceals state increases the time between failure and discovery. Long detection latency means cascading failures.

Fail at the boundary - Catch invalid input early, before it corrupts state
Assert invariants - If data should never reach this state, assert it and crash
Transparent state - Make it obvious what the system is doing (logs, metrics, traces)
Test for failure - Don’t test “it works”; test “it fails correctly”

The paradox: Systems that fail loud and fast feel fragile. Systems that hide errors feel stable-until they corrupt your data.

10. Rule of Repair: When You Must Fail, Fail Noisily and As Soon As Possible

The Principle: Errors that hide are worse than errors that scream. When something goes wrong, make it obvious immediately, not hours later when data is corrupted.

Why It Matters: Silent failures compound. By the time you discover a problem, you’ve processed gigabytes of corrupted data. Loud failures let you fix the problem at the source, while the scope is still manageable.

In Practice:

Assertions and checks
Fail-fast validation
Explicit error handling
Clear error messages

Example: Don’t silently return null. Throw an exception. The exception tells you where the real problem is; null hides the problem until it causes cascading failures.

Philosophy: Fail at the Source

See /pb-linus-agent for pragmatic security thinking that applies here: catch problems early, before they propagate.

Core insight: Silent failures are worse than crashes. When code swallows an error, you delay diagnosis. The longer an error hides, the further it propagates. By the time you discover it, you’ve lost data, accumulated corruption, or exposed a security issue.

Loud failures cost you hours of debugging. Silent failures cost you days of data recovery and customer trust.

Error at the edge - Validate input; reject early
Crash on invariant violation - If state is impossible, stop immediately
Clear error context - Stack traces, logs, and metadata that enable diagnosis
No recovery guessing - If you can’t recover safely, don’t pretend to

The measure: “Time from failure to diagnosis.” Loud systems are fast; silent systems bury the information you need.

Recovery-oriented errors: Error messages should tell the consumer what to do next, not just what went wrong. This applies to human developers AND AI agents consuming your APIs, CLIs, or tools.

Diagnostic only: “Element not found” - consumer is stuck
Recovery-oriented: “Element not found. Available elements: [list]. Run snapshot to refresh.” - consumer knows next step

As AI-assisted development grows, your error messages are read by both humans and AI agents. Recovery-oriented errors reduce time-to-resolution for both. Design errors that guide the next action, not just report the failure.

11. Rule of Diversity: Distrust All Claims for “One True Way”

The Principle: Any claim that there’s ONE best way to do something is probably wrong. Most meaningful choices have trade-offs. Understand the trade-offs instead of following dogma.

Why It Matters: Dogma kills thinking. “We always use X” prevents you from choosing the right tool for the job. “Best practices are law” prevents you from adapting to your context.

In Practice:

Understand why you’re choosing something
Be prepared to choose differently for different contexts
Challenge architectural dogma
Use preamble thinking: question assumptions, don’t just follow rules

Example: Microservices aren’t always better than monoliths. Sometimes a monolith is the right choice. Understand the trade-offs for YOUR problem, then decide.

12. Rule of Optimization: Prototype Before Polishing. Get It Working Before You Optimize It

The Principle: Build it first. Make it work. Make it clear. THEN optimize, but only if you measure and find a real bottleneck.

Why It Matters: Optimization is expensive: added complexity, reduced readability, hard-to-predict failures. Most programs spend 80% of time in 20% of the code. Optimizing randomly costs you everywhere and helps nowhere.

In Practice:

Measure before optimizing
Profile to find the real bottleneck
Optimize only the bottleneck
Document why this code is optimized

The Anti-pattern: “This might be slow, so let me optimize it.” You’re adding complexity to solve a problem that doesn’t exist.

Philosophy: Clarity Before Speed

See /pb-sam-documentation for clarity thinking and /pb-alex-infra for measuring infrastructure performance.

Core insight: Premature optimization trades clarity for speed nobody measures. Before you optimize, you must:

Know what’s actually slow (measure, don’t guess)
Understand the code so well you can optimize it safely
Document why the optimization exists (so future maintainers don’t remove it thinking it’s dead code)

Measure first - Profiling is cheaper than guessing
Optimize after clarity - Code you understand is code you can safely optimize
Document the optimization - Why is it this way? What’s the payoff vs cost?
Accept performance debt - If you don’t know where the problem is, accept slower code rather than introduce complexity

The arithmetic: 1 hour measuring + 1 hour optimizing the right thing = 100x better ROI than 4 hours optimizing the wrong thing.

Cluster 4: EXTENSIBILITY - Design for Long-Term Growth

13. Rule of Modularity: Write Simple Parts Connected by Clean Interfaces

The Principle: Build systems as a collection of simple modules that communicate through clear, stable interfaces. This is the foundation of all other extensibility.

Why It Matters: Modular systems are:

Easier to understand (one module at a time)
Easier to test (test each module independently)
Easier to change (change one module)
Easier to reuse (use the module elsewhere)

In Practice:

High cohesion within modules (similar things together)
Low coupling between modules (minimal dependencies)
Explicit interfaces (clear contracts)
Clear boundaries

Example: A payment module doesn’t know about logging. Logging doesn’t know about payments. They communicate through agreed-on interfaces.

14. Rule of Economy: Programmer Time Is Expensive; Conserve It in Preference to Machine Time

The Principle: If you have to choose between using more CPU/memory/network and saving programmer time, choose to save programmer time. Machines are cheap; programmers are expensive.

Why It Matters: A slow program that you can understand and modify is more valuable than a fast program that’s impossible to understand. The opposite used to be true when computers were expensive and programmers were cheap. That world is gone.

In Practice:

Use high-level languages and frameworks
Let the computer do grunt work (generate code, optimize, etc.)
Don’t optimize prematurely
Use libraries instead of building from scratch

Example: Use an ORM instead of hand-writing SQL, even though raw SQL might be slightly faster. Your programmer can modify it in minutes instead of hours.

15. Rule of Generation: Avoid Hand-Hacking; Write Programs to Write Programs When You Can

The Principle: If you’re doing the same thing repeatedly, write a program to do it. Code generation, templating, configuration files-use these instead of manual repetition.

Why It Matters: Hand-hacked code is full of subtle variations: copy-paste mistakes, inconsistencies, forgotten updates. Generated code is consistent: the pattern is written once and applied everywhere.

In Practice:

Makefiles and build scripts
Code generators
Configuration files
Templates and scaffolding

Example: Don’t write database access code by hand for each entity. Generate it from a schema. One mistake in the generator is one mistake fixed; one mistake in hand-written code is one mistake per entity.

16. Rule of Extensibility: Design for the Future, Because It Will Be Here Sooner Than You Think

The Principle: Systems outlive your assumptions about them. Design so that the next person (or future you) can add features without rebuilding from scratch.

Why It Matters: Software that served one purpose often needs to serve another. Features that seemed impossible now seem essential. Systems must be designed for adaptation.

In Practice:

Clean interfaces enable new uses
Modular design enables new components
Clear separation of concerns enables new policies
Documentation of assumptions enables future understanding

Example: When you design a logging system, assume it will need to:

Write to files
Write to cloud services
Be filtered by severity
Be enriched with context

Design for these possibilities now, even if you don’t need them yet.

17. Rule of Transparency: Design for Visibility to Make Inspection and Debugging Easier

The Principle: System behavior should be observable. You should be able to see what’s happening without guessing or inserting debugging code.

Why It Matters: Debugging invisible systems takes forever. Systems designed for transparency reveal their state and behavior clearly, making problems obvious when they occur.

In Practice:

Logging at appropriate levels
Metrics and observability
Clear state representations
Explicit error messages
Debuggable interfaces

Example: A system that logs every significant state change is much easier to debug than a system that requires stepping through a debugger.

18. Rule of Attention: Respect Attention as a Finite Resource

The Principle: Attention is finite. Systems that demand constant vigilance create friction. Design systems that communicate necessary information while respecting user and operator focus.

Why It Matters: Information overload reduces signal-to-noise ratio. When everything is urgent, nothing is. When systems demand constant attention, users disable alerts, miss real problems, or abandon the system entirely.

In Practice:

Distinguish critical from secondary information
Alert only when user action is required
Provide status through non-intrusive channels (icons, colors, optional indicators)
Silent operation for background work
Clear, actionable errors that don’t demand constant vigilance
Graceful degradation when something fails

Example: A sync system that works silently and shows status via an icon is calm. A system that interrupts with modal dialogs for every operation is demanding. Same functionality; vastly different attention cost.

Philosophy: Extending Clarity to Users

See /pb-calm-design for the complete calm design framework and 10-question checklist.

Core insight: The same clarity principle that makes code readable makes interfaces calm. Clarity for engineers means explicit, obvious code. Clarity for users means: “What’s happening?” and “What do I do?” are always obvious.

For engineers: Clear code prevents bugs, aids debugging, enables modification
For users: Clear interfaces enable understanding, reduce anxiety, support confidence
For operators: Clear systems are observable; failures are visible, not hidden

The unified principle: Minimize cognitive load. Whether you’re reading code or using a system, respect that attention is finite. Design accordingly.

Decision Framework: When Rules Conflict

These 17 rules don’t always agree with each other. Understanding the trade-offs is critical.

Common Tensions

Simplicity vs. Robustness

Simple systems sometimes need complex error handling
Robust systems sometimes need complex logic

Solution: Use preamble thinking. Surface the trade-off explicitly. Challenge assumptions: “Do we actually need this robustness?” Document the choice so future work understands why.

Clarity vs. Economy

Explicit code is clearer but longer
Concise code is shorter but less clear

Solution: Optimize for understanding first. Accept more code if it means clarity. Economy is about not writing unnecessary code, not about writing concise code.

Modularity vs. Performance

Modular systems have function-call overhead
Optimized systems sometimes require merging modules

Solution: Measure first (Rule of Optimization). Don’t assume modularity is slow. Only optimize after profiling. Even then, keep the modular design and optimize carefully within it.

Extensibility vs. Simplicity

Designing for future extensions adds complexity now
Simple designs don’t anticipate future needs

Solution: Design for extensibility through modularity, not through flexibility. Don’t try to handle all possible futures. Build modules that new code can extend without modifying existing code.

How Rules Apply Across the Playbook

In Planning (`/pb-plan`, `/pb-adr`)

Clarity: ADRs document decisions explicitly
Representation: Design documents show data structures clearly
Separation: Separate concerns in the architecture

In Development (`/pb-start`, `/pb-cycle`)

Simplicity: Start simple; add features when needed
Modularity: Build small, focused pieces
Optimization: Test first; optimize only if measured

In Review (`/pb-review-hygiene`, `/pb-review-product`)

Clarity: Code is understandable
Robustness: Error handling is appropriate
Modularity: Pieces are independent
Extensibility: Changes can be made without rebuilding

In Operations (`/pb-incident`, `/pb-observability`)

Transparency: Systems are observable
Repair: Failures are loud and clear
Simplicity: Operational procedures are straightforward

Examples: Rules in Action

Example 1: API Design (Clarity, Composition, Least Surprise)

Problem: You’re designing an API for user authentication.

Bad Design (Violates Clarity & Least Surprise):

POST /auth with body { user: "...", pass: "..." }
Returns 200 with { token: "...", etc: "..." } on success
Returns 200 with empty body on failure (unclear!)
Token expires silently; caller has no warning

Good Design (Follows Clarity & Least Surprise):

POST /auth with clear request body
Returns 200 with { token, expiresAt, refreshToken }
Returns 401 with { error, errorDescription } on failure
Includes expiresAt so caller can proactively refresh

Rules Applied:

Clarity: API is obviously correct. No surprises.
Least Surprise: Errors are clear; expiration is explicit
Composition: Other systems can easily use this API
Silence: Success returns just what’s needed

Example 2: Refactoring (Simplicity, Modularity, Repair)

Problem: You have a 500-line function that handles user creation, validation, logging, and error reporting.

Bad Approach (Violates Simplicity & Modularity): Try to optimize the function. Add more error handling. Make it more robust by adding checks everywhere.

Good Approach (Follows Design Rules):

Separate validation from creation
Separate logging from business logic
Separate error handling from happy path
Test each piece independently
Now you have five simple functions instead of one complex one

Rules Applied:

Simplicity: Each function is simple
Separation: Concerns are separate
Modularity: Each function is independent
Repair: Errors are clear at each step

Example 3: System Architecture (Separation, Composition, Extensibility)

Problem: You’re designing a notification system (emails, SMS, Slack).

Bad Design (Violates Separation & Modularity): One service handles all notification types. Each new type requires modifying core code. Logic is tangled.

Good Design (Follows Design Rules):

NotificationService (interface)
├── EmailNotification (implementation)
├── SMSNotification (implementation)
└── SlackNotification (implementation)

New notification types extend the interface, don't modify existing code

Rules Applied:

Separation: Policy (when to notify) from mechanism (how)
Composition: New types compose into the system
Modularity: Each implementation is independent
Extensibility: Adding new types doesn’t touch old code

Example 4: Documentation (Clarity, Representation, Least Surprise)

Problem: You’re documenting a library’s error handling.

Bad Documentation (Violates Clarity): “This function may throw errors. Handle appropriately.”

Good Documentation (Follows Clarity):

Throws ValidationError if input is invalid
Throws TimeoutError if operation exceeds 30 seconds
Throws ConnectionError if database is unavailable
Returns null if resource not found

All errors include error.code and error.message for handling

Rules Applied:

Clarity: Errors are completely clear
Representation: Error types encode the problem
Least Surprise: Caller expects exactly these errors
Silence: Documentation says only what matters

Example 5: Error Handling (Repair, Transparency, Robustness)

Problem: Your system has a bug where corrupted data silently accumulates.

Bad Response (Violates Repair): Add more error handling downstream hoping to catch it eventually.

Good Response (Follows Design Rules):

Add validation at the source (Repair: fail immediately)
Add logging so problems are visible (Transparency)
Make the corruption obvious, not subtle (Robustness through transparency)
Fix the root cause; don’t try to recover silently

Rules Applied:

Repair: Fail noisily at the source
Transparency: Log what’s happening
Robustness: Visible failures are more robust than silent ones

/pb-preamble - How teams think together (complement to design rules)
/pb-adr - Architecture decisions document rules
/pb-patterns - Patterns show rules in practice
/pb-review-hygiene - Code review checks rules
/pb-standards - Working principles and code quality

Design Rules - Technical principles that complement preamble thinking and guide every engineering decision.

Project Guidelines & Working Principles

See /pb-preamble and /pb-design-rules first. These standards assume you’re operating from both mindsets:

Preamble: Challenge assumptions, prefer correctness over agreement, think like peers
Design Rules: Build systems that are clear, simple, modular, robust, and extensible

Resource Hint: sonnet - Practical standards reference; implementation-level guidance.

When to Use

Setting up project conventions for a new codebase
Reviewing code against quality and collaboration standards
Resolving disagreements about coding practices or workflow norms
Onboarding team members to working principles

I. Collaboration & Decision Making

Decision Making

Always Ask Clarifying Questions when input is needed. If a task takes longer than 4 hours to spec out, it requires synchronous discussion.
Present Available Options with clear Pros/Cons to enable informed choices.
Make Informed Choices Together: No assumptions without discussion.
Document Key Decisions (ADR): Use the Architecture Decision Record format to capture the rationale behind major choices (Decisions as Code).

Communication Style

Be Concise but Thorough: Explain trade-offs clearly and surface ambiguities early.
Asynchronous First: Use issue tracking for standard tasks; reserve synchronous meetings for high-stakes decisions.
Propose Recommendations but defer to user/stakeholder judgment on final direction.

II. Strategic Focus & Scope Management

Project Motivation & North Star

Consult project-description.md: This is the single source of truth for scope. Any feature must directly serve the documented goals.
Goal: Deliver a clean, practical, self-contained solution demonstrating strong backend engineering and production-ready architecture.
Anti-Bloat Principle (YAGNI): Focus on real value. Do not implement features or abstract solutions for problems that do not exist yet. Over-engineering is technical debt.

Target Market & Localization

The primary userbase and workflow is [Country]-centric. All design decisions must prioritize the local ecosystem requirements.

Working Memory & Development Control

Todos are Dev-Only: The todos/ folder is for development notes only and must be .git-ignored. Never commit temporary files.
Never add new docs Anything published to docs/ must be confirmed, status report, working docs, ADR can be saved to todos/ for local reviews.
Time-Boxed Prototyping: Use temporary branches for experiments.
Task Output: Each task or todo must result in demonstrably working, testable code.

III. Quality Standards & Implementation

Core Quality Standards

Maintainability Over Complexity: Prefer clean, readable implementation. Code should be easy to delete.
DRY Principle: Strictly adhere to Don’t Repeat Yourself to minimize knowledge duplication.
Test Incrementally: Write automated tests (Unit, Integration) concurrently with the code. No significant feature is complete without passing tests.
Commit Hygiene: Commit small, logical units frequently. Use Conventional Commit format (e.g., feat:, fix:, refactor:) for clear history.

Test Quality Standards

Tests should catch bugs, not chase coverage numbers.

Test What Matters:

Error handling and edge cases
State transitions and side effects
Business logic and security-sensitive paths
Integration points (API, storage)

Avoid Low-Value Tests:

Static data validation (config, constants)
Implementation details / re-implemented internal functions
Every input permutation (use representative samples)
Trivial code paths

Maintain Test Health:

Prune low-value tests periodically
Speed up slow tests with proper mocking
Fix or quarantine flaky tests immediately

Accessibility Standards

Keyboard First: All interactive elements must work with keyboard (Enter/Space for actions)
Focus Management: Modals trap focus; closing restores focus to trigger
ARIA Labels: Icon-only buttons need aria-label; decorative icons use aria-hidden
Visible Focus: Focus rings visible in both light and dark modes
Touch Targets: Minimum 44x44px for mobile

IV. Technology-Specific Standards

A. Go (Microservices & High Performance)

Concurrency: Use sync.WaitGroup and context to manage Goroutine lifecycles. Prevent leaks.
Error Handling: Use errors.Is and errors.As. Do not use panic for expected runtime errors. Wrap errors with context.
Architecture: Favor Interfaces over concrete types for dependency injection and testability.

B. Node.js (APIs & Event-Driven)

Async/Await: Never block the Event Loop. Always use async/await for I/O operations.
Separation of Concerns: Use a layered structure (Controller-Service-Repository). Never put business logic in Express middleware.
Security: Centralize error handling. Use libraries like Helmet for headers and implement rate limiting.

C. Python (Data & Automation)

Environment: Always use a Virtual Environment (venv) and lock files.
Typing: Use Type Hinting extensively (e.g., def func(x: int) -> bool:) to improve readability and tooling support.
Frameworks: Prefer lightweight frameworks (FastAPI, Flask) for microservices over monolithic structures.

D. Frontend & Mobile Decisions

Styling: Standardize on Component-Based Styling (CSS Modules, Styled Components, Tailwind). Avoid global stylesheets.
Data Fetching: Use dedicated libraries (React Query, SWR) for API state management to handle caching and loading states automatically.

V. Live Documentation

Principles

project-description.md is a living document and the authoritative manual.

Compact & Focused: Document only significant decisions and rationale.
Actionable: Future developers must understand the “why,” not just the “what.”

Mandatory Update Points

Update documentation after:

Key design decisions are finalized.
Architecture changes are implemented.
New components are added.
Core patterns are changed.
Major milestones are completed.

VI. Release Planning & Tracking

Release Structure

Each release (v1.X.0) follows a structured approach:

todos/releases/v1.X.0/
├── 00-master-tracker.md    # Overview, success criteria, changelog
├── phase-1-*.md            # Detailed phase documentation
├── phase-2-*.md            # Tasks, verification, files to modify
└── ...

Phase Documentation

Each phase doc includes:

Objective - What and why
Tasks - Specific work items with checkboxes
Verification - How to confirm completion
Files to Modify - Concrete list of changes
Rollback Plan - How to undo if needed

Iterative Workflow

Plan - Create master tracker and phase docs
Implement - Work through phases, update checkboxes
Self-Review - Verify against phase criteria
Commit - Logical commits after each task
Update Tracker - Mark phases complete, add changelog entries
Deploy - Tag release, deploy, verify

Tracker Maintenance

Update phase status as work progresses
Add changelog entries for significant work
Mark Definition of Done items when complete
Document deferred items for next release

VII. Quality Bar: Minimum Lovable

Design Rules tell you how to build. This tells you when you’re done.

The MLP Criteria

Before declaring work complete, ask:

Would you use this daily without frustration? - Not just functional, but pleasant
Can you recommend it without apology? - “It works, but…” means it’s not done
Did you build the smallest thing that feels complete? - Scope discipline, not scope creep

If any answer is “no”: keep refining. If all are “yes”: ship it.

Calm Quality Bar (v2.12.0)

Extend the MLP criteria with attention-respect:

Does this respect user attention? - Works silently? Alerts only when critical? Optional instead of mandatory?
Are errors clear and recoverable? - User knows what went wrong and what to do next?
Does this fail gracefully? - Does it degrade to partial functionality, or does it break completely?
Would you use this daily without thinking about it? - Does it recede into the background?

See /pb-calm-design for the complete 10-question calm design checklist and philosophy.

What MLP Is Not

Feature-rich - MLP is about care, not quantity
Polished to perfection - Good enough to love, not flawless
Over-engineered - Simplicity is part of lovability

The Mindset Shift

MVP Thinking	MLP Thinking
“It works”	“It works well”
“We’ll fix it later”	“We’ll ship when it’s ready”
“Users won’t care”	“Would we use this?”
“Just an MVP”	“Is this lovable?”

MLP is a discipline, not a milestone. Build less. Care more.

VIII. SDLC Discipline & Code Quality Commitment

Our Commitment

We commit to bug-free, rock-solid results through disciplined adherence to a full Software Development Life Cycle. Every iteration, regardless of size, follows the same rigorous process. We do not cut corners.

Development Workflow

Start work: /pb-start - Creates feature branch, establishes iteration rhythm

Each iteration: /pb-cycle - Guides through develop → self-review → peer review → commit

Release: /pb-release - Pre-release checks, deployment

Iteration Cycle (Mandatory for All Changes)

┌─────────────────────────────────────────────────────────────┐
│  1. DEVELOP      Write code following standards             │
│         ↓                                                    │
│  2. SELF-REVIEW  Review your own changes critically         │
│         ↓                                                    │
│  3. TEST         Verify: lint, typecheck, tests pass        │
│         ↓                                                    │
│  4. PEER REVIEW  Get feedback on approach and quality       │
│         ↓                                                    │
│  5. COMMIT       Logical, atomic commit with clear message  │
└─────────────────────────────────────────────────────────────┘

Run /pb-cycle for detailed checklists at each iteration.

Quality Gates

Run after each iteration:

make lint        # Lint check passes
make typecheck   # Type check passes
make test        # All tests pass

All gates must pass before proceeding. Fix issues immediately.

Commit Discipline

One concern per commit - Each commit addresses a single feature, fix, or refactor
Always deployable - Every commit leaves the codebase working
Conventional format - Use feat:, fix:, refactor:, docs:, test:, chore: prefixes
Never use git add . - Add specific files that belong together

Commit timing: After each meaningful unit of work, not at end of session.

The Non-Negotiables

Never ship known bugs - Fix or explicitly defer with ticket
Never skip testing - Manual QA minimum, automated preferred
Never ignore warnings - Warnings become bugs
Never “just push it” - Every change deserves the full cycle

Quick Reference

Action	Command
Start development	`/pb-start`
Iteration cycle	`/pb-cycle`
Release prep	`/pb-release`
Full review	`/pb-review`

/pb-preamble - Collaboration philosophy (mindset)
/pb-design-rules - Technical principles (clarity, simplicity, modularity)
/pb-guide - Master SDLC framework
/pb-commit - Atomic commit practices
/pb-testing - Test patterns and strategies

Core Engineering SDLC Framework (Language-Agnostic)

A reusable end-to-end guide for any feature, enhancement, refactor, or bug fix. Right-size your process using Change Tiers, then follow required sections.

Mindset: This framework assumes you’re operating from both /pb-preamble (how teams think) and /pb-design-rules (what systems should be).

Challenge the tiers, rearrange gates, adapt to your team-this is a starting point, not dogma. Every gate should verify design rules are being honored, not just that work is complete.

Resource Hint: sonnet - Structured process reference; implementation-level guidance.

When to Use

Starting any new feature, enhancement, refactor, or bug fix
Determining the right change tier and required process gates
Onboarding team members to the development lifecycle
Reviewing whether your process matches the scope of the change

Quick Reference: Change Tiers

Determine tier FIRST, then follow only required sections.

Tier	Examples	Required Sections	Approvals
XS	Typo fix, config tweak, dependency bump	1.1, 5.2, 8.1, 10.2	Self
S	Bug fix, small UI change, single-file refactor	1, 3, 5, 6.1, 8, 10	Peer review
M	New endpoint, feature enhancement, multi-file change	1-6, 7.1, 8, 10, 11	Tech lead
L	New service, architectural change, breaking changes	All sections	Tech lead + Product

Default to one tier higher if uncertain.

Definition of Ready (Before Starting)

Before starting implementation, confirm:

Tier determined and documented
Scope documented (in-scope / out-of-scope)
Acceptance criteria defined and agreed
Dependencies identified and unblocked
Security implications assessed (see Appendix A)

Definition of Done (Before Release)

Before marking complete:

All acceptance criteria met
Tests passing (per tier requirements)
Security checklist completed (Appendix A)
Documentation updated (if applicable)
Monitoring/alerting configured (M/L tiers)
PR approved and merged
Deployed and smoke tested

Checkpoints & Gates

Gate	After Section	Who Signs Off	Tier
Scope Lock	§3	Product + Engineering	M, L
Design Approval	§4	Tech Lead	M, L
Ready for QA	§5	Developer (self-review)	S, M, L
Ready for Release	§6	QA + Product	M, L
Post-Release OK	§10.3	On-call / Developer	M, L

Do not proceed past a gate without sign-off.

0. Emergency Path (Hotfixes Only)

For P0/P1 production incidents requiring immediate fixes:

Process:

Fix the immediate problem (minimal change)
Get expedited review (sync, not async)
Deploy with rollback ready
Backfill documentation within 24 hours
Schedule post-incident review

Required: §1.1 (brief), §5.2, §8.2 (rollback), §10.2, §10.3

Skip: §2 (most), §4 (most), §9

Post-hotfix: Create follow-up ticket to address root cause properly.

1. Intake & Clarification

Before starting any work:

1.1 Restate the request

Document:

What is asked
Why it matters (business value)
Expected outcome
Success criteria (measurable)
Assumptions requiring validation
Tier assignment (XS/S/M/L)

1.2 Clarification checklist

Ask for details on:

Missing acceptance criteria
Ambiguities in requirements
Conflicting requirements
Third-party constraints
Dependencies on other teams or systems

If anything is unclear, stop and clarify.

2. Stakeholder Involvement & Alignment

Required for: M, L tiers

Every significant change needs validation from multiple angles.

2.1 Product

Confirm user story
Confirm acceptance criteria
Define measurable success metrics
Check interactions with existing features
Confirm visual/UI/UX expectations (if applicable)

2.2 Engineering (Backend, Frontend, Infra)

Impact on architecture
Data flow changes
Service boundary / API changes
Storage requirements
Observability needs
Performance expectations

2.3 Business & Operations

Risk assessment
Compliance (PII, audit, GDPR if applicable)
Revenue or cost implications
Customer impact and rollout timing

Output: Single aligned understanding documented before proceeding.

3. Requirements & Scope Definition

Required for: S, M, L tiers

Create a clear boundary so the team knows what to deliver.

3.1 In-scope Everything this change must include.

3.2 Out-of-scope Anything explicitly excluded to avoid scope creep.

3.3 Edge cases List special scenarios: failures, retries, degraded modes, empty states.

3.4 Dependencies

API or service dependencies
Schema updates
External systems
Libraries/packages
Feature flag or config dependencies

CHECKPOINT: Scope Lock (M/L tiers) - Get sign-off before proceeding.

4. Architecture & Design Preparation

Required for: M, L tiers

Provide a solid technical foundation.

4.1 High-level architecture Include:

Diagrams (flow, sequence, state as needed)
Inputs, outputs, transformations
Error pathways
Retry/timeout/circuit breaker behavior

Async & Distributed Patterns

For async and distributed system patterns, see dedicated guides:

/pb-patterns-async - Callbacks, Promises, async/await, job queues, worker pools
/pb-patterns-distributed - Saga, event sourcing, CQRS, eventual consistency

Key decision: Choose async patterns based on coupling requirements:

Tight coupling needed: Synchronous calls, 2PC
Loose coupling preferred: Events, Sagas, message queues

Pattern selection:

Need	Pattern	Reference
Non-blocking I/O	async/await	`/pb-patterns-async` §1
Background jobs	Job queues (Celery, Bull)	`/pb-patterns-async` §3
Multi-service transactions	Saga pattern	`/pb-patterns-distributed` §1
Service decoupling	Event-driven architecture	`/pb-patterns-distributed` §3

4.2 Data Model Design

Schema updates
Indexing strategy
Backward compatibility
Migration approach (online/offline, rollout steps)

4.3 API/Interface Design

Request/response format
Error codes and messages
Pagination, filtering, sorting
Idempotency requirements
Compatibility with existing consumers

4.4 Performance & Reliability

Expected load
Stress points
Concurrency handling
Latency targets
Resource usage (CPU, RAM, DB connections)

4.5 Security Design Reference Appendix A: Security Checklist and document:

How each applicable item is addressed
Any security trade-offs or accepted risks

CHECKPOINT: Design Approval (M/L tiers) - Get tech lead sign-off.

5. Development Plan

Required for: S, M, L tiers

Break work into implementable steps.

5.1 Implementation roadmap

For each component:

Backend tasks
Frontend tasks
Infra tasks
Data migration tasks
Monitoring/logging tasks

5.2 Coding practices

Follow standards:

Clean, readable structure
Type safety
Error handling with context
Proper logging (no sensitive data)
Retry & timeout patterns
Minimize duplication
Graceful degradation paths

5.3 Developer checklist

Before marking code complete:

Handle success path
Handle failure paths
Handle malformed/unexpected inputs
Handle concurrency and race conditions
Add cleanup logic where needed
Add idempotency where needed
Confirm testability

5.4 Iteration protocol

During implementation, if scope or design changes are needed:

Minor adjustment: Document in PR description, proceed
Significant change: Return to §3 or §4, get re-approval before continuing

Don’t silently expand scope.

CHECKPOINT: Ready for QA - Self-review complete.

6. Testing & Quality Assurance

Required for: S, M, L tiers (scope varies by tier)

6.1 Test Philosophy: Quality Over Quantity

Tests should catch bugs, not just increase coverage numbers.

DO Test:

Error handling and edge cases
State transitions and side effects
Business logic and calculations
Integration points (API calls, storage)
Security-sensitive paths (auth, validation)

DON’T Test:

Static data structures (config, constants)
Implementation details / internal functions
Every permutation of valid inputs
UI rendering details (prefer visual regression or E2E)
Trivial getters/setters

Anti-patterns to avoid:

Re-implementing internal functions in test files to test them
Testing that data exists (instead of testing behavior)
Over-parameterized tests for diminishing returns
Slow integration tests that should be unit tests

6.2 Test requirements by tier

Tier	Required Tests
XS	Existing tests pass
S	Unit tests for changed code + manual verification
M	Unit + Integration + QA scenarios
L	Unit + Integration + E2E + Load tests (if perf-critical)

6.2a Integration Testing

For comprehensive integration testing patterns, see /pb-testing:

Database fixtures and factories
Test isolation strategies
Docker Compose for test dependencies
Testcontainers patterns
CI/CD test configuration

Key point for M/L tier: Test component interactions (API → DB, Service A → Service B). Isolate each test with fresh state. Mock external services, use real databases.

6.3 Test types reference

Unit tests - Isolated function/method testing
Integration tests - Component interaction testing
End-to-end tests - Full user flow testing
API contract tests - Request/response validation
Regression tests - Ensure existing functionality unbroken
Negative tests - Invalid inputs, error conditions
Load tests - Performance under expected/peak load

6.4 QA scenarios (M/L tiers)

Document actual test cases covering:

Happy path
Alternate flows
Error scenarios
State transitions
Data consistency checks
Frontend usability (if applicable)

6.5 Test data

Create controlled, realistic test datasets. Never use production PII.

6.6 Test maintenance

Periodically review test suite for:

Low-value tests to prune (static data tests, over-parameterized tests)
Slow tests to speed up (missing mocks, over-integrated)
Flaky tests to fix or quarantine
Coverage gaps in critical paths

Target: Fewer, faster, more meaningful tests.

CHECKPOINT: Ready for Release (M/L tiers) - QA sign-off.

7. Infra, Deployment & Security Readiness

Required for: M, L tiers (7.1 always; 7.2-7.3 for L)

7.1 Infrastructure changes

New services or containers
New environment variables
New storage (DB, cache, files)
New queues/topics
Additional monitoring or logs

7.2 Security hardening

Reference Appendix A and confirm:

All applicable items addressed
No new attack surfaces introduced
Secrets properly managed

7.3 Observability

New dashboards needed?
Alert rules defined?
Log retention configured?
SLO metrics identified?

8. CI/CD Requirements

Required for: All tiers

8.1 CI (All tiers)

Linting passes
Type checks pass
Automated tests pass
Build succeeds

8.2 CD (S, M, L tiers)

Deployment sequencing defined
Feature flag plan (if applicable)
Rollback plan documented
Health checks in place
Canary/phased rollout (L tier)

9. Documentation

Required for: M, L tiers

9.1 Developer documentation

Architecture notes
Code flow explanation
Important decisions and trade-offs

9.2 API docs (if API changed)

Updated schemas
Example requests/responses
Error structures
Versioning notes

9.3 Operational docs (L tier)

Runbooks for common issues
Monitoring instructions
Scaling guidelines

9.4 User/business documentation (if user-facing)

Release notes
Customer-facing updates

10. Release & Post-Deployment

Required for: All tiers (scope varies)

10.1 Pre-release checklist (M/L tiers)

All tests passed
All approvals obtained
Monitoring/alerting configured
Feature flags tested (if used)
Rollback validated

10.2 Release execution (All tiers)

Deploy
Validate live metrics (M/L)
Validate logs
Smoke test

10.3 Post-release monitoring (M/L tiers)

Observe for at least 1 hour (L tier: 24 hours):

Error rates
Latency
Resource usage
DB load
Logs for anomalies
SLO adherence

10.4 Follow-up work

Bugs discovered
Optimizations identified
Out-of-scope items to backlog
Tech debt created

CHECKPOINT: Post-Release OK - Confirm stable before moving on.

11. Deliverable Summary Template

Required for: M, L tiers

Copy and fill for each significant change:

## Deliverable Summary: [Feature/Change Name]

**Tier:** [XS/S/M/L]
**Date:** [YYYY-MM-DD]
**Author:** [Name]

### What & Why
[One paragraph: what was built and the business value]

### How It Works
[Brief technical explanation of the approach]

### Key Decisions
| Decision | Choice | Rationale |
|----------|--------|-----------|
| [e.g., Auth method] | [e.g., JWT] | [Why this choice] |

### Files Changed
[List key files or link to PR]

### Config Changes
- Environment variables: [List]
- Feature flags: [List or N/A]

### Migration
- Required: [Yes/No]
- Rollback steps: [Description]

### Testing Evidence
- Unit tests: [X added/modified]
- Integration tests: [X scenarios]
- Manual QA: [Link to test results or N/A]

### Monitoring
- Dashboard: [Link or N/A]
- Alerts: [List or N/A]

### Known Limitations
[What doesn't work yet or known issues]

### Follow-up Items
[Backlog tickets created for future work]

Appendix A: Security Checklist

See /pb-security command for comprehensive security guidance and checklists.

For quick reference during development:

Use /docs/checklists.md Quick Security Checklist (5 min) for S tier work
Use /pb-security Standard Checklist (20 min) for M tier features
Use /pb-security Deep Dive (1+ hour) for L tier or security-critical work

This covers:

Input validation, SQL injection, XSS prevention, secrets management
Authentication, authorization, cryptography
Error handling, logging, API security, and compliance frameworks (PCI-DSS, HIPAA, SOC2, GDPR)

Appendix B: Operational Practices

Deployment

Use standardized deploy command (e.g., make deploy) - Single command that handles git push, server pull, secrets decryption, and container rebuild.
Root access - Only use root/SSH when deploy command cannot perform a specific action (e.g., debugging container issues, manual restarts).
Verify after deploy - Always check service health after deployment via dashboard or container status.

Secrets Management

Use standardized secrets command (e.g., make secrets-add) - Add production secrets to encrypted secrets file.
Keep secrets in sync - Always maintain consistency across:
- .env (local development)
- .env.example (template with placeholder values)
- Encrypted secrets file for production
Never commit plaintext secrets - All production secrets must be encrypted.

Git Commit Practices

Never use git add . - Considered risky; can accidentally stage unintended files.
Make logical commits - Add specific files that belong together logically.
Use descriptive commit messages - Follow conventional commits format (feat, fix, chore, etc.).
Review staged changes - Always run git status and git diff --staged before committing.

Configuration & Templating

Provisioning files - YAML/config provisioning files may not support environment variable interpolation. Use deploy-time substitution with sed for dynamic values.
Personal/sensitive info - Never hardcode personal email addresses or identifiable info in repo files. Use environment variables with deploy-time substitution.

Monitoring & Observability

Background workers - Workers without HTTP endpoints cannot be scraped directly. Monitor via queue/job metrics from the message broker.
Prometheus targets - Only add services that expose /metrics endpoints.
Dashboard panels - Ensure metrics exist before adding panels; missing metrics show as “No data”.

Frontend Compatibility

Check browser support - Newer language features may not work in older browsers.
Use polyfills or alternatives - When using cutting-edge features, verify browser compatibility or use libraries with broader support.
Test in multiple browsers - Especially for user-facing features.

Accessibility (WCAG 2.1 AA)

Keyboard navigation - All interactive elements must be keyboard accessible. Every onClick needs a keyboard equivalent (onKeyDown for Enter/Space).
Focus management - Modals/drawers must trap focus and restore it on close.
ARIA labels - Icon-only buttons require aria-label. Hide decorative icons with aria-hidden="true".
Focus visibility - Focus indicators must be visible in both light and dark modes.
Semantic HTML - Use appropriate elements (button not div with onClick).
Touch targets - Minimum 44x44px for mobile touch targets.

Troubleshooting

Container crash loops - Check container logs to identify startup failures.
Provisioning errors - Often caused by invalid YAML syntax or missing required fields. Check for proper indentation and required settings.
Environment variable issues - Shell sourcing may fail with special characters. Use grep + cut instead of source for robust extraction.

Integration with Playbook Ecosystem

This is the master SDLC framework. All other commands implement phases described in this guide.

Key command integrations by phase:

§1 Intake & Planning → /pb-plan, /pb-adr, /pb-patterns-core
§2 Team & Estimation → /pb-team, /pb-onboarding, /pb-knowledge-transfer
§3 Architecture & Design → /pb-patterns-core, /pb-patterns-async, /pb-patterns-db, /pb-patterns-distributed, /pb-patterns-frontend, /pb-patterns-api
§4 Implementation → /pb-start, /pb-cycle, /pb-testing, /pb-commit, /pb-todo-implement, /pb-debug
§5 Code Review → /pb-review-hygiene, /pb-security, /pb-logging, /pb-review-product, /pb-a11y
§6 Quality Gates → /pb-review-tests, /pb-review-hygiene, /pb-review-microservice
§7 Observability → /pb-observability, /pb-logging, /pb-performance
§8 Deployment → /pb-deployment, /pb-release, /pb-patterns-deployment
§9 Post-Release → /pb-incident, /pb-observability (monitoring)
Team & Growth → /pb-team, /pb-onboarding, /pb-documentation
Frontend Development → /pb-design-language, /pb-patterns-frontend, /pb-a11y (see /docs/frontend-workflow.md)

/pb-preamble - How teams think together (collaboration philosophy)
/pb-design-rules - What systems should be (technical principles)
/pb-standards - Working principles and code standards
/pb-start - Begin development work
/pb-cycle - Self-review and peer review iteration

Go SDLC Playbook (Language-Specific)

Language-specific guide for Go projects. Use alongside /pb-guide for general process.

Principle: Language-specific guidance still assumes /pb-preamble thinking (challenge idioms if they don’t fit) and applies /pb-design-rules thinking throughout.

Design Rules Applied Here:

Clarity: Go code should be obvious to readers; favor simplicity over cleverness
Simplicity: Goroutines and channels are powerful but complex; use only what you need
Robustness: Error handling must be explicit; systems should fail loudly, not silently
Modularity: Interfaces and dependency injection enable testability and clear boundaries
Optimization: Profile before optimizing; measure Go programs with go test -bench and pprof

Adapt this guide to your project-it’s a starting point, not dogma.

Resource Hint: sonnet - Language-specific implementation guidance; routine code standards.

When to Use

Starting a Go project or adding Go-specific workflow gates
Reviewing Go code quality practices (testing, linting, error handling)
Onboarding developers to Go project conventions

Go-Specific Change Tiers

Adapt tier based on Go complexity:

Tier	Examples	Key Considerations
XS	Typo, vendoring update, simple constant	Format check: `gofmt`
S	Bug in single handler, dependency update	Test one package: `go test ./handler`
M	New API endpoint, service refactor	Test full service: `go test ./...` + `go vet`
L	New service, goroutine patterns	Race detector: `go test -race ./...`

Go Project Structure

Standard Go project layout:

myproject/
├── cmd/
│   ├── server/
│   │   └── main.go              # API/Service entry point
│   └── cli/
│       └── main.go              # CLI tool
├── pkg/
│   ├── api/                     # HTTP handlers
│   ├── service/                 # Business logic
│   ├── repository/              # Data access
│   ├── model/                   # Data structures
│   └── config/                  # Configuration
├── internal/
│   ├── middleware/              # HTTP middleware
│   └── utils/                   # Internal helpers
├── go.mod                       # Dependencies
├── go.sum                       # Dependency checksums
├── Dockerfile                   # Container image
├── Makefile                     # Build targets
└── README.md

1. Intake & Clarification (Go-Specific)

1.1 Go-Specific Requirements Restatement

Document performance and concurrency expectations:

Concurrency model: goroutines, channels, mutex, or single-threaded?
Performance budget: latency targets, throughput, CPU/memory limits
Resource constraints: number of connections, open file descriptors
Graceful shutdown: timeout for in-flight requests

1.2 Go Dependency Check

Before starting:

go mod tidy          # Remove unused dependencies
go mod verify        # Check integrity
go list -u -m all    # Check for updates

2. Stakeholder Alignment

2.1 Infrastructure & Ops

Ensure agreement on:

Deployment: Single binary or containers?
Database drivers: PostgreSQL, MySQL, MongoDB?
Observability: Structured logging format, metrics library (Prometheus)
Graceful shutdown: How long to wait for in-flight requests?

2.2 Performance Expectations

Discuss with stakeholders:

Latency: <100ms for typical requests
Throughput: X requests/second
Memory: <500MB baseline
Goroutines: <1000 concurrent

3. Go-Specific Requirements Definition

3.1 Concurrency Model

Define how requests will be handled:

In-Scope Example:

Concurrent requests handled via goroutines
HTTP handlers parse request, call service, return response
Background jobs run in separate goroutine pool
Graceful shutdown waits 30 seconds for in-flight requests

Out-of-Scope Example:

Don’t add new database connection pools
Don’t change logging format (already defined)
Don’t modify config loading (use existing pattern)

3.2 Dependencies

List required packages:

// HTTP routing
go get github.com/gorilla/mux

// Database
go get github.com/lib/pq          // PostgreSQL
go get github.com/jmoiron/sqlx     // Query builder

// Logging
go get github.com/sirupsen/logrus

// Testing
go get github.com/stretchr/testify/assert
go get github.com/stretchr/testify/require

3.3 Goroutine & Channel Usage

Define patterns:

Pattern 1: Request-per-handler (standard)
  GET /api/users/{id} → Handler goroutine → Service → Response

Pattern 2: Background jobs
  Handler queues → Worker pool (5 goroutines) → Process → Log result

Pattern 3: Streaming/SSE
  Client connects → Server sends events → Client closes

4. Go Architecture & Design

4.1 Standard Go Architecture

HTTP Request
    ↓
API Handler (cmd/server/main.go)
    ↓
Middleware (auth, logging, metrics)
    ↓
Service Layer (pkg/service)
    ↓
Repository Layer (pkg/repository)
    ↓
Database

4.2 Concurrency Pattern

For typical web service:

// Option 1: Goroutines per request (HTTP server does this automatically)
func (h *UserHandler) GetUser(w http.ResponseWriter, r *http.Request) {
    // Handler runs in its own goroutine
    // Parallel requests run concurrently
    userID := r.PathValue("id")
    user, err := h.service.GetUser(r.Context(), userID)
    json.NewEncoder(w).Encode(user)
}

// Option 2: Background job processing
type JobQueue struct {
    queue chan Job
}

func (jq *JobQueue) Start(ctx context.Context) {
    for i := 0; i < 5; i++ {
        go jq.worker(ctx)  // 5 worker goroutines
    }
}

func (jq *JobQueue) worker(ctx context.Context) {
    for {
        select {
        case job := <-jq.queue:
            processJob(job)
        case <-ctx.Done():
            return
        }
    }
}

// Option 3: Context-based cancellation
func (s *UserService) GetUserWithTimeout(ctx context.Context, userID string) (*User, error) {
    // Create timeout context
    ctx, cancel := context.WithTimeout(ctx, 5*time.Second)
    defer cancel()

    // Database query respects timeout
    return s.repo.GetUser(ctx, userID)
}

4.3 Error Handling Pattern

// [YES] Explicit error handling
func (h *UserHandler) GetUser(w http.ResponseWriter, r *http.Request) {
    userID := r.PathValue("id")
    user, err := h.service.GetUser(r.Context(), userID)
    if err != nil {
        // Specific error handling
        if errors.Is(err, ErrNotFound) {
            http.Error(w, "User not found", http.StatusNotFound)
            return
        }
        http.Error(w, "Internal error", http.StatusInternalServerError)
        return
    }
    json.NewEncoder(w).Encode(user)
}

// [NO] Ignoring errors
func (h *UserHandler) GetUser(w http.ResponseWriter, r *http.Request) {
    user, _ := h.service.GetUser(r.Context(), userID)  // Error ignored!
    json.NewEncoder(w).Encode(user)
}

4.4 Interface-Driven Design

// Define interfaces for testability
type UserRepository interface {
    GetUser(ctx context.Context, id string) (*User, error)
    CreateUser(ctx context.Context, user *User) (*User, error)
}

type UserService interface {
    GetUser(ctx context.Context, id string) (*User, error)
}

// Implement with real database
type PostgresUserRepository struct {
    db *sqlx.DB
}

// Implement with mock for testing
type MockUserRepository struct {
    GetUserFunc func(ctx context.Context, id string) (*User, error)
}

5. Implementation (Go-Specific)

5.1 Code Quality Tools

Required for all commits:

# Format code (enforced)
gofmt -s -w ./...
go mod tidy

# Lint code
go vet ./...
golangci-lint run ./...  # If using

# Unit tests (S, M, L tiers)
go test -v -race -coverprofile=coverage.out ./...
go tool cover -html=coverage.out

5.2 Testing Patterns

Unit Test Structure:

package service_test

import (
    "context"
    "testing"
    "github.com/stretchr/testify/assert"
    "github.com/stretchr/testify/require"
)

func TestGetUser_Success(t *testing.T) {
    // Arrange
    mockRepo := &MockUserRepository{
        GetUserFunc: func(ctx context.Context, id string) (*User, error) {
            return &User{ID: id, Name: "John"}, nil
        },
    }
    service := NewUserService(mockRepo)

    // Act
    user, err := service.GetUser(context.Background(), "123")

    // Assert
    require.NoError(t, err)
    assert.Equal(t, "John", user.Name)
}

func TestGetUser_NotFound(t *testing.T) {
    mockRepo := &MockUserRepository{
        GetUserFunc: func(ctx context.Context, id string) (*User, error) {
            return nil, ErrNotFound
        },
    }
    service := NewUserService(mockRepo)

    user, err := service.GetUser(context.Background(), "999")

    assert.Nil(t, user)
    assert.Equal(t, ErrNotFound, err)
}

Integration Test:

func TestGetUserIntegration(t *testing.T) {
    // Use actual database or test container
    db := setupTestDB(t)
    defer db.Close()

    repo := NewPostgresUserRepository(db)
    service := NewUserService(repo)

    user, err := service.GetUser(context.Background(), "real_user_id")

    require.NoError(t, err)
    assert.NotNil(t, user)
}

5.3 Goroutine Best Practices

// [YES] Use WaitGroup for coordinating goroutines
func fetchDataConcurrently(ctx context.Context, userIDs []string) ([]User, error) {
    var wg sync.WaitGroup
    users := make([]User, len(userIDs))
    errors := make([]error, len(userIDs))

    for i, id := range userIDs {
        wg.Add(1)
        go func(idx int, userID string) {
            defer wg.Done()
            user, err := getUser(ctx, userID)
            users[idx] = user
            errors[idx] = err
        }(i, id)
    }

    wg.Wait()

    for _, err := range errors {
        if err != nil {
            return nil, err
        }
    }

    return users, nil
}

// [YES] Use context for cancellation
func (s *Service) ProcessRequest(ctx context.Context) error {
    done := make(chan error)

    go func() {
        done <- s.longRunningTask()
    }()

    select {
    case err := <-done:
        return err
    case <-ctx.Done():
        // Parent cancelled, clean up and return
        return ctx.Err()
    }
}

// [NO] Goroutine without way to stop
go func() {
    for {
        // Infinite loop, can't be cancelled
        doWork()
    }
}()

5.4 Database Patterns

Connection Pool:

import "database/sql"

db, err := sql.Open("postgres", "postgres://...")
db.SetMaxOpenConns(25)      // Max concurrent connections
db.SetMaxIdleConns(5)       // Keep idle connections for reuse
db.SetConnMaxLifetime(5*time.Minute)

// All queries use pooling automatically
user, err := db.QueryRow("SELECT * FROM users WHERE id=$1", userID).Scan(&user)

Query Pattern:

// [YES] Prepared statements prevent SQL injection
stmt, err := db.Prepare("SELECT * FROM users WHERE id = $1")
defer stmt.Close()

row := stmt.QueryRow(userID)
err = row.Scan(&user.ID, &user.Name, &user.Email)

// [NO] String concatenation (SQL injection risk!)
query := "SELECT * FROM users WHERE id = " + userID  // DANGER!

Transaction Pattern:

func (r *UserRepository) UpdateUser(ctx context.Context, user *User) error {
    tx, err := r.db.BeginTx(ctx, nil)
    if err != nil {
        return err
    }
    defer tx.Rollback()

    // Update user
    _, err = tx.ExecContext(ctx,
        "UPDATE users SET name=$1, email=$2 WHERE id=$3",
        user.Name, user.Email, user.ID)
    if err != nil {
        return err
    }

    // Update related data
    _, err = tx.ExecContext(ctx,
        "UPDATE user_profiles SET updated_at=NOW() WHERE user_id=$1",
        user.ID)
    if err != nil {
        return err
    }

    return tx.Commit().Err()
}

6. Testing Readiness (Go-Specific)

6.1 Test Coverage Requirements

Tier	Coverage	Command
S	>50%	`go test -cover ./...`
M	>70%	`go test -cover -race ./...`
L	>80%	`go test -cover -race ./...`

# Generate coverage report
go test -coverprofile=coverage.out ./...
go tool cover -html=coverage.out

# Run with race detector (M, L tiers)
go test -race ./...

6.2 Test Patterns

Table-Driven Tests (Go idiom):

func TestUserValidation(t *testing.T) {
    tests := []struct {
        name    string
        input   string
        want    bool
        wantErr bool
    }{
        {"valid email", "test@example.com", true, false},
        {"invalid email", "not-an-email", false, true},
        {"empty", "", false, true},
    }

    for _, tt := range tests {
        t.Run(tt.name, func(t *testing.T) {
            got, err := ValidateEmail(tt.input)
            if (err != nil) != tt.wantErr {
                t.Errorf("ValidateEmail() error = %v, wantErr %v", err, tt.wantErr)
            }
            if got != tt.want {
                t.Errorf("ValidateEmail() = %v, want %v", got, tt.want)
            }
        })
    }
}

Subtests:

func TestUserService(t *testing.T) {
    t.Run("GetUser", func(t *testing.T) {
        // Subtest for GetUser
    })

    t.Run("CreateUser", func(t *testing.T) {
        // Subtest for CreateUser
    })
}

7. Code Review Checklist (Go-Specific)

Before PR review:

go fmt applied (no formatting changes in review)
go vet ./... passes (no warnings)
go test -race ./... passes (no race conditions)
Test coverage maintained/improved (>70%)
Error handling explicit (no ignored errors)
Context used for cancellation (not timeout parameters)
Interfaces define contracts (for testability)
No goroutine leaks (all goroutines can be stopped)
Deadlock-free (proper channel usage)
Dependencies vendored/managed (go.mod/go.sum)

8. Deployment (Go-Specific)

8.1 Build Artifacts

# Build static binary
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o server cmd/server/main.go

# Build with version info
go build -ldflags "-X main.Version=1.0.0 -X main.Build=$(git rev-parse --short HEAD)" \
  -o server cmd/server/main.go

8.2 Container Image

# Multi-stage build
FROM golang:1.21-alpine AS builder
WORKDIR /app
COPY . .
RUN CGO_ENABLED=0 go build -o server cmd/server/main.go

FROM alpine:latest
RUN apk --no-cache add ca-certificates  # For HTTPS
COPY --from=builder /app/server /server
EXPOSE 8080
ENTRYPOINT ["/server"]

8.3 Graceful Shutdown

func main() {
    server := &http.Server{
        Addr:    ":8080",
        Handler: router,
    }

    // Handle shutdown signals
    sigChan := make(chan os.Signal, 1)
    signal.Notify(sigChan, os.Interrupt, syscall.SIGTERM)

    go func() {
        <-sigChan
        // Graceful shutdown: wait 30 seconds for requests to finish
        ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
        defer cancel()

        if err := server.Shutdown(ctx); err != nil {
            log.Fatalf("Server shutdown failed: %v", err)
        }
    }()

    log.Fatal(server.ListenAndServe())
}

9. Observability (Go-Specific)

9.1 Structured Logging

import "github.com/sirupsen/logrus"

log := logrus.New()
log.SetFormatter(&logrus.JSONFormatter{})

// Log with context
log.WithFields(logrus.Fields{
    "user_id": userID,
    "action":  "user.created",
    "duration": 150,  // milliseconds
}).Info("User created successfully")

// Error logging with stack trace
log.WithError(err).Error("Failed to get user")

9.2 Metrics (Prometheus)

import "github.com/prometheus/client_golang/prometheus"

// Counter for requests
var httpRequests = prometheus.NewCounterVec(
    prometheus.CounterOpts{Name: "http_requests_total"},
    []string{"method", "path", "status"},
)

// Histogram for latency
var httpDuration = prometheus.NewHistogramVec(
    prometheus.HistogramOpts{Name: "http_request_duration_seconds"},
    []string{"method", "path"},
)

// In handler
start := time.Now()
httpRequests.WithLabelValues(r.Method, r.URL.Path, "200").Inc()
httpDuration.WithLabelValues(r.Method, r.URL.Path).Observe(time.Since(start).Seconds())

9.3 Profiling

import _ "net/http/pprof"

// Enable profiling endpoint
go func() {
    log.Println(http.ListenAndServe("localhost:6060", nil))
}()

// Access profiles:
// CPU:    go tool pprof http://localhost:6060/debug/pprof/profile
// Memory: go tool pprof http://localhost:6060/debug/pprof/heap

10. Release & Post-Release

10.1 Release Checklist

All tests pass: go test -race ./...
Coverage >70%: go test -coverprofile=coverage.out ./...
Dependencies up-to-date: go mod tidy && go mod verify
Git tag created: git tag v1.2.3
Docker image built and pushed
Rollback plan documented
Monitoring alerts configured

10.2 Rollback

If deployed version has issues:

# Revert to previous tag
git checkout v1.2.2
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o server cmd/server/main.go
# Deploy previous binary

10.3 Post-Release Monitoring

Monitor for:

Error rates (logs, Prometheus)
Goroutine count (should be stable)
Memory usage (shouldn’t grow unbounded)
Latency (p50, p95, p99)

# Check goroutines
curl localhost:6060/debug/pprof/goroutine?debug=1

# Check memory
go tool pprof http://localhost:6060/debug/pprof/heap

Integration with Playbook

Related Commands:

/pb-guide - General SDLC process
/pb-patterns-core - Architectural patterns
/pb-patterns-async - Concurrency patterns
/pb-performance - Performance optimization
/pb-testing - Advanced testing strategies
/pb-deployment - Deployment and DevOps

Created: 2026-01-11 | Category: Language Guides | Language: Go | Tier: L

Python SDLC Playbook (Language-Specific)

Language-specific guide for Python projects. Use alongside /pb-guide for general process.

Principle: Language-specific guidance still assumes /pb-preamble thinking (challenge conventions if they don’t fit) and applies /pb-design-rules thinking throughout.

Design Rules Applied Here:

Clarity: Python code is read more often than written; make intent obvious to future readers
Simplicity: Async/await patterns are powerful but can hide complexity; use when concurrency is genuinely needed
Robustness: Type hints catch errors early; fail loudly (raise exceptions, don’t silently return None)
Modularity: Layered architecture (handlers → services → repositories) keeps concerns separate
Optimization: Profile Python with cProfile before optimizing; measure what actually matters

Adapt this guide to your project-it’s a starting point, not dogma.

Resource Hint: sonnet - Language-specific implementation guidance; routine code standards.

When to Use

Starting a Python project or adding Python-specific workflow gates
Reviewing Python code quality practices (typing, testing, linting)
Onboarding developers to Python project conventions

Python-Specific Change Tiers

Adapt tier based on Python complexity:

Tier	Examples	Key Considerations
XS	Typo, config constant, import cleanup	Lint check: `black`, `isort`, `flake8`
S	Bug in single handler, type annotation	Test one module: `pytest tests/test_handler.py`
M	New endpoint, ORM model change	Test full suite: `pytest --cov`
L	New async service, architectural change	Type check: `mypy`, async testing

Python Project Structure

Standard Python project layout:

myproject/
├── src/myproject/
│   ├── __init__.py
│   ├── main.py                  # Entry point (Flask/FastAPI app)
│   ├── api/                     # HTTP endpoints
│   │   └── handlers.py
│   ├── services/                # Business logic
│   │   └── user_service.py
│   ├── repositories/            # Data access layer
│   │   └── user_repository.py
│   ├── models/                  # Data structures, ORM models
│   │   └── user.py
│   ├── middleware/              # Request/response middleware
│   └── config.py                # Configuration
├── tests/
│   ├── test_handlers.py
│   ├── test_services.py
│   └── conftest.py              # Shared fixtures
├── requirements.txt             # Dependencies (or pyproject.toml)
├── Dockerfile
├── Makefile                     # Build targets
├── pytest.ini                   # Test configuration
└── README.md

1. Intake & Clarification (Python-Specific)

1.1 Python-Specific Requirements

Document async and performance expectations:

Async model: sync (threading), async/await (asyncio), or celery tasks?
Performance budget: response time targets, concurrency limits
Python version: 3.8, 3.9, 3.10, or 3.11+?
Async framework: FastAPI, Flask + asyncio, or custom?
Type hints: Required? Tools like mypy configured?

1.2 Virtual Environment Setup

Before starting:

python -m venv venv
source venv/bin/activate  # or venv\Scripts\activate on Windows

# Verify dependencies
pip list
pip check  # Check for dependency conflicts

1.3 Type Checking

Establish type checking baseline:

mypy src/  # Check for type errors

2. Stakeholder Alignment

2.1 Infrastructure & Ops

Ensure agreement on:

Deployment: WSGI (Gunicorn), ASGI (Uvicorn), or serverless?
Database ORM: SQLAlchemy, Django ORM, or raw SQL?
Async support: Do we need async/await or is threading OK?
Dependency isolation: Docker or virtualenv?
Python version: Does production need 3.10+ for newer syntax?

2.2 Performance Expectations

Discuss with stakeholders:

Response time: <200ms for typical requests
Throughput: X requests/second (if known)
Memory: <500MB baseline + per-request overhead
Concurrency: threading, async, or process-based?

3. Python-Specific Requirements Definition

3.1 Async Model

Define how concurrency will work:

In-Scope Example:

Requests handled via FastAPI (async endpoints)
Service layer uses async/await for I/O
Background tasks with Celery for long-running jobs
Type hints for all public functions

Out-of-Scope Example:

Don’t add new database migrations (use existing pattern)
Don’t change logging configuration
Don’t modify docker entrypoint

3.2 Dependencies

List required packages:

# Web framework
fastapi            # Modern async web framework
uvicorn            # ASGI server
starlette          # Underlying async framework

# Database
sqlalchemy         # ORM
alembic            # Migrations
psycopg2-binary    # PostgreSQL driver

# Async job processing
celery             # Task queue
redis              # Message broker

# Testing
pytest             # Testing framework
pytest-asyncio     # Async test support
pytest-cov         # Coverage reporting

# Code quality
black              # Code formatter
isort              # Import sorter
flake8             # Linter
mypy               # Type checker

# Logging
structlog          # Structured logging

Add to requirements.txt or pyproject.toml:

fastapi==0.104.0
sqlalchemy==2.0.23
celery==5.3.4
pytest==7.4.3
pytest-asyncio==0.21.1
black==23.11.0
mypy==1.7.0

3.3 Type Hints

Define type hint requirements:

# All public functions require type hints
def get_user(user_id: int) -> Optional[User]:
    pass

# All class attributes require type hints (or use @dataclass)
class UserService:
    db: Database
    cache: Redis

# Use Optional, List, Dict for complex types
def get_users(ids: List[int]) -> Dict[int, User]:
    pass

3.4 Async Patterns

Define async usage:

Pattern 1: FastAPI async endpoints (default for web)
  GET /api/users/{id} → async def get_user() → Service → Response

Pattern 2: Background jobs
  POST /api/email → Queue task → Celery worker → Send email → Log result

Pattern 3: Streaming/SSE
  GET /api/stream → async generator → Client receives events

4. Python Architecture & Design

4.1 Standard Python Architecture (FastAPI)

HTTP Request
    ↓
FastAPI Middleware (auth, logging, timing)
    ↓
Endpoint Handler (api/handlers.py)
    ↓
Service Layer (services/user_service.py)
    ↓
Repository Layer (repositories/user_repository.py)
    ↓
Database / Cache

4.2 Async Pattern

For typical web service:

# [YES] Async/await for I/O operations
from fastapi import FastAPI
from sqlalchemy.ext.asyncio import AsyncSession

app = FastAPI()

@app.get("/users/{user_id}")
async def get_user(user_id: int, db: AsyncSession = Depends(get_db)) -> User:
    """Async endpoint - doesn't block on I/O."""
    user = await db.get(User, user_id)
    return user

@app.post("/users")
async def create_user(data: UserCreate, db: AsyncSession = Depends(get_db)) -> User:
    """Create user with async database access."""
    user = User(**data.dict())
    db.add(user)
    await db.commit()
    await db.refresh(user)
    return user


# [YES] Concurrent I/O with asyncio.gather
import asyncio

async def get_user_with_posts(user_id: int, db: AsyncSession) -> dict:
    """Fetch user and posts concurrently."""
    user_coro = db.get(User, user_id)
    posts_coro = db.execute(
        select(Post).where(Post.user_id == user_id)
    )

    user, posts_result = await asyncio.gather(user_coro, posts_coro)
    return {"user": user, "posts": posts_result.scalars().all()}


# [NO] Blocking I/O (blocks event loop)
@app.get("/users/{user_id}")
def get_user(user_id: int, db: Session = Depends(get_db)) -> User:
    # This blocks the entire server - don't use for sync I/O!
    user = db.query(User).get(user_id)  # BLOCKS
    return user

For background jobs:

# Use Celery for long-running tasks
from celery import shared_task
import logging

logger = logging.getLogger(__name__)

@shared_task(bind=True, max_retries=3)
def send_welcome_email(self, user_id: int):
    """Send welcome email asynchronously."""
    try:
        user = get_user(user_id)
        email_service.send(
            to=user.email,
            subject="Welcome!",
            template="welcome"
        )
        logger.info(f"Email sent to user {user_id}")

    except Exception as exc:
        logger.error(f"Failed to send email: {exc}")
        # Retry with exponential backoff
        raise self.retry(exc=exc, countdown=2 ** self.request.retries)

# Queue task from endpoint (returns immediately)
@app.post("/users")
async def create_user(data: UserCreate, db: AsyncSession) -> User:
    user = User(**data.dict())
    await db.commit()

    # Send email asynchronously
    send_welcome_email.delay(user.id)

    return user

4.3 Error Handling Pattern

# [YES] Explicit error handling
from fastapi import HTTPException, status

@app.get("/users/{user_id}")
async def get_user(user_id: int, db: AsyncSession) -> User:
    user = await db.get(User, user_id)
    if user is None:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail=f"User {user_id} not found"
        )
    return user


# [YES] Custom exceptions
class UserNotFoundError(Exception):
    """Raised when user doesn't exist."""
    pass

@app.exception_handler(UserNotFoundError)
async def user_not_found_handler(request, exc):
    return JSONResponse(
        status_code=status.HTTP_404_NOT_FOUND,
        content={"detail": str(exc)}
    )


# [NO] Swallowing exceptions
@app.get("/users/{user_id}")
async def get_user(user_id: int, db: AsyncSession) -> User:
    try:
        user = await db.get(User, user_id)
    except Exception:
        pass  # NEVER swallow exceptions!
    return user  # Returns None silently

4.4 Dependency Injection (FastAPI)

from fastapi import Depends

# Define dependencies
async def get_db() -> AsyncSession:
    """Get database session."""
    async with get_async_session() as session:
        yield session

async def get_current_user(token: str = Depends(oauth2_scheme)) -> User:
    """Verify token and return user."""
    payload = jwt.decode(token, SECRET_KEY)
    user_id = payload.get("sub")
    return await get_user(user_id)

# Inject dependencies into handlers
@app.get("/me")
async def get_profile(
    current_user: User = Depends(get_current_user),
    db: AsyncSession = Depends(get_db)
) -> User:
    return current_user

5. Implementation (Python-Specific)

5.1 Code Quality Tools

Required for all commits:

# Format code (enforced)
black src/
isort src/

# Lint code
flake8 src/ --max-line-length=120
pylint src/

# Type checking
mypy src/ --ignore-missing-imports

# Dependency audit
pip check

# All together (add to pre-commit hook)
black src/ && isort src/ && flake8 src/ && mypy src/

5.2 Testing Patterns

Unit Test Structure (pytest):

import pytest
from unittest.mock import patch, AsyncMock

class TestUserService:
    """Test UserService class."""

    @pytest.fixture
    def mock_repo(self):
        """Mock repository fixture."""
        mock = AsyncMock()
        return mock

    @pytest.mark.asyncio
    async def test_get_user_success(self, mock_repo):
        """Test getting existing user."""
        # Arrange
        mock_repo.get_user.return_value = User(
            id=1, name="John", email="john@example.com"
        )
        service = UserService(repo=mock_repo)

        # Act
        user = await service.get_user(user_id=1)

        # Assert
        assert user.id == 1
        assert user.name == "John"
        mock_repo.get_user.assert_called_once_with(1)

    @pytest.mark.asyncio
    async def test_get_user_not_found(self, mock_repo):
        """Test getting non-existent user."""
        mock_repo.get_user.return_value = None
        service = UserService(repo=mock_repo)

        with pytest.raises(UserNotFoundError):
            await service.get_user(user_id=999)

Integration Test:

@pytest.mark.asyncio
async def test_create_user_integration(async_db: AsyncSession):
    """Test full user creation flow."""
    # Create user via service
    service = UserService(repo=UserRepository(async_db))
    user = await service.create_user(
        name="Alice",
        email="alice@example.com"
    )

    # Verify in database
    db_user = await async_db.get(User, user.id)
    assert db_user.name == "Alice"
    assert db_user.email == "alice@example.com"

Async Test Fixture:

@pytest.fixture
async def async_db():
    """Create test database session."""
    async_engine = create_async_engine(
        "sqlite+aiosqlite:///:memory:"
    )

    async with async_engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)

    async_session = sessionmaker(
        async_engine, class_=AsyncSession, expire_on_commit=False
    )

    yield async_session()

    await async_engine.dispose()

5.3 Async Best Practices

# [YES] Use async/await for concurrent I/O
import asyncio

async def fetch_users_concurrently(user_ids: List[int]) -> List[User]:
    """Fetch multiple users concurrently."""
    # Create coroutines for each fetch
    coros = [fetch_user(uid) for uid in user_ids]

    # Execute all concurrently
    users = await asyncio.gather(*coros)
    return users

# [YES] Use asyncio.TimeoutError for timeouts
async def get_user_with_timeout(user_id: int, timeout: int = 5) -> User:
    """Get user with timeout."""
    try:
        user = await asyncio.wait_for(
            fetch_user(user_id),
            timeout=timeout
        )
        return user
    except asyncio.TimeoutError:
        logger.error(f"User fetch timed out after {timeout}s")
        raise

# [YES] Use context managers for resource cleanup
async with aiohttp.ClientSession() as session:
    async with session.get(url) as response:
        data = await response.json()

# [NO] Blocking calls in async code
async def get_users(db: AsyncSession) -> List[User]:
    # Don't mix sync database calls with async code
    users = db.query(User).all()  # BLOCKS! Use await instead
    return users

5.4 Database Patterns (SQLAlchemy)

Async ORM:

from sqlalchemy.ext.asyncio import create_async_engine, AsyncSession
from sqlalchemy.orm import sessionmaker

# Create async engine
engine = create_async_engine("postgresql+asyncpg://user:password@localhost/db")

# Create async session factory
async_session = sessionmaker(
    engine, class_=AsyncSession, expire_on_commit=False
)

# Query pattern
async with async_session() as session:
    stmt = select(User).where(User.id == user_id)
    result = await session.execute(stmt)
    user = result.scalar_one_or_none()
    return user

Transaction Pattern:

async def update_user(user_id: int, data: UserUpdate) -> User:
    """Update user in transaction."""
    async with async_session() as session:
        # Start transaction
        async with session.begin():
            user = await session.get(User, user_id)
            if not user:
                raise UserNotFoundError(f"User {user_id} not found")

            # Update user
            for key, value in data.dict().items():
                setattr(user, key, value)

            await session.flush()  # Insert/update
            # On success, transaction commits automatically
            return user

6. Testing Readiness (Python-Specific)

6.1 Test Coverage Requirements

Tier	Coverage	Command
S	>50%	`pytest --cov=src tests/`
M	>70%	`pytest --cov=src --cov-fail-under=70 tests/`
L	>80%	`pytest --cov=src --cov-fail-under=80 tests/`

# Generate coverage report
pytest --cov=src --cov-report=html tests/
open htmlcov/index.html

# Run with timeout (prevent hanging tests)
pytest --timeout=5 tests/

6.2 Test Organization

tests/
├── test_handlers.py      # API endpoint tests
├── test_services.py      # Business logic tests
├── test_repositories.py  # Data access tests
├── conftest.py           # Shared fixtures
└── fixtures/
    └── sample_data.py    # Test data

conftest.py Example:

import pytest
from sqlalchemy.ext.asyncio import create_async_engine

@pytest.fixture
async def test_db():
    """In-memory test database."""
    engine = create_async_engine("sqlite+aiosqlite:///:memory:")
    async with engine.begin() as conn:
        await conn.run_sync(Base.metadata.create_all)
    yield engine
    await engine.dispose()

@pytest.fixture
def client():
    """FastAPI test client."""
    from fastapi.testclient import TestClient
    from app import app
    return TestClient(app)

7. Code Review Checklist (Python-Specific)

Before PR review:

black formatting applied
isort imports sorted
flake8 passes (no linting errors)
mypy passes (type checking)
pytest passes with >70% coverage
No import * (explicit imports)
All async functions tested with @pytest.mark.asyncio
Type hints on all public functions
Docstrings on complex functions/classes
No hardcoded secrets or credentials
Error handling explicit (no silent failures)
Dependencies in requirements.txt or pyproject.toml

8. Deployment (Python-Specific)

8.1 Application Server

ASGI (Async, Recommended):

# Install gunicorn and uvicorn workers
pip install gunicorn uvicorn

# Run with async workers
gunicorn \
  -w 4 \
  -k uvicorn.workers.UvicornWorker \
  -b 0.0.0.0:8000 \
  app:app

WSGI (Sync, if needed):

# Install gunicorn
pip install gunicorn

# Run with sync workers
gunicorn -w 4 -b 0.0.0.0:8000 app:app

8.2 Container Image

# Multi-stage build
FROM python:3.11-slim AS builder

WORKDIR /app
COPY requirements.txt .
RUN pip install --user --no-cache-dir -r requirements.txt

FROM python:3.11-slim

COPY --from=builder /root/.local /root/.local
ENV PATH=/root/.local/bin:$PATH

COPY . /app
WORKDIR /app

EXPOSE 8000
CMD ["gunicorn", "-w", "4", "-k", "uvicorn.workers.UvicornWorker", "-b", "0.0.0.0:8000", "app:app"]

8.3 Graceful Shutdown

import signal
import asyncio

async def main():
    app = create_app()
    server = uvicorn.Server(uvicorn.Config(app))

    # Handle shutdown signals
    def handle_signal(signum, frame):
        asyncio.create_task(server.shutdown())

    signal.signal(signal.SIGINT, handle_signal)
    signal.signal(signal.SIGTERM, handle_signal)

    await server.serve()

if __name__ == "__main__":
    asyncio.run(main())

9. Observability (Python-Specific)

9.1 Structured Logging

import structlog

logger = structlog.get_logger()

# Log with context
logger.info(
    "user_created",
    user_id=user_id,
    email=user_email,
    duration_ms=elapsed
)

# Error with exception info
try:
    result = await get_data()
except Exception as e:
    logger.exception("failed_to_get_data", error=str(e))

9.2 Metrics (Prometheus)

from prometheus_client import Counter, Histogram

# Counter for requests
http_requests = Counter(
    'http_requests_total',
    'HTTP requests',
    ['method', 'endpoint', 'status']
)

# Histogram for latency
http_duration = Histogram(
    'http_request_duration_seconds',
    'HTTP request latency',
    ['method', 'endpoint']
)

# In FastAPI middleware
@app.middleware("http")
async def add_metrics(request, call_next):
    start = time.time()
    response = await call_next(request)
    duration = time.time() - start

    http_requests.labels(
        method=request.method,
        endpoint=request.url.path,
        status=response.status_code
    ).inc()

    http_duration.labels(
        method=request.method,
        endpoint=request.url.path
    ).observe(duration)

    return response

9.3 Profiling

# Profile CPU usage
import cProfile
import pstats

profiler = cProfile.Profile()
profiler.enable()

# ... code to profile ...

profiler.disable()
stats = pstats.Stats(profiler)
stats.sort_stats('cumulative')
stats.print_stats(10)  # Top 10 functions

10. Release & Post-Release

10.1 Release Checklist

All tests pass: pytest tests/
Coverage >70%: pytest --cov=src tests/
Type checking passes: mypy src/
Code quality OK: black, isort, flake8
Dependencies up-to-date: pip list
Docker image built and pushed
Migrations applied (if DB changes)
Rollback plan documented
Monitoring alerts configured

10.2 Rollback

If deployed version has issues:

# Revert to previous version
git checkout v1.2.2
pip install -r requirements.txt
python -m alembic downgrade -1  # Revert migrations
# Deploy previous container/code

10.3 Post-Release Monitoring

Monitor for:

Error rates (logs, alerts)
Response time (p50, p95, p99)
Memory usage (shouldn’t grow unbounded)
Worker status (Celery, Uvicorn)

# Health check endpoint
@app.get("/health")
async def health_check():
    return {
        "status": "ok",
        "version": VERSION,
        "timestamp": datetime.now().isoformat()
    }

Integration with Playbook

Related Commands:

/pb-guide - General SDLC process
/pb-patterns-core - Architectural patterns
/pb-patterns-async - Async/concurrency patterns
/pb-performance - Performance optimization
/pb-testing - Advanced testing strategies
/pb-deployment - Deployment and DevOps

Created: 2026-01-11 | Category: Language Guides | Language: Python | Tier: L

SDLC Templates & Quality Standards

Reusable templates for consistent implementation across all focus areas.

Structure matters: These templates enforce clarity and consistency. Consistent format makes comparison and criticism easier.

This embodies /pb-preamble thinking (clear structure invites challenge) and applies /pb-design-rules thinking, particularly:

Key Design Rules for Templates:

Clarity: Consistent templates make expectations obvious and reduce confusion
Representation: Templates encode knowledge into structure-what should be documented where
Simplicity: Templates prevent over-engineering; use only what you need
Modularity: Reusable templates mean teams solve once, use everywhere

Resource Hint: sonnet - Template reference; mechanical application of established formats.

When to Use

Writing commit messages, PR descriptions, or changelogs
Creating ADRs, runbooks, or other structured documents
Ensuring consistency across team artifacts

Commit Strategy

Commit Message Format

<type>(<scope>): <subject>

<body>

<footer>

Types:

feat: New feature
fix: Bug fix
refactor: Code refactoring (no functional change)
docs: Documentation only
test: Adding/updating tests
chore: Build, config, tooling changes
perf: Performance improvement

Scope: Service or component name (e.g., identity, wallet, shared, user-app)

Examples:

feat(identity): add user-admin paired account creation

- Create user_admin_pairs table migration
- Modify registration to create paired accounts
- Add pairing validation middleware

Closes #123

fix(wallet): handle NULL rejection_reason in KYC query

Use sql.NullString for nullable columns to prevent
silent scan failures.

Commit Frequency

One logical change per commit
Commit after each subtask (not at end of phase)
Never commit broken code to main branch
Squash WIP commits before merge

Self-Review Checklist

See /docs/checklists.md for comprehensive checklist with all sections.

Quick reference before requesting peer review:

Code Quality: No hardcoded values, no dead code, naming, DRY, error messages
Security: No secrets, input validation, parameterized queries, auth/authz, no sensitive logging
Testing: Unit tests, integration tests, edge cases, error paths, all passing
Documentation: Doc comments, complex logic explained, README, API docs
Database: Reversible migrations, indexes, constraints, no breaking changes
Performance: No N+1, pagination, timeouts, no unbounded loops

Peer Review Checklist

See /docs/checklists.md for comprehensive peer review checklist.

Quick reference when reviewing:

Architecture: Aligns with patterns, no unnecessary complexity, separation of concerns
Correctness: Requirements met, edge cases handled, error handling, race conditions
Maintainability: Readable, single-purpose functions, clear naming
Security: No injection vulnerabilities, proper authorization, no info leakage
Tests: Tests verify behavior, clear names, appropriate mocks, no flaky tests

Quality Gates

Gate 1: Pre-Implementation

Before writing code:

Requirements are clear and documented
Database schema designed and reviewed
API contracts defined
Edge cases identified

Gate 2: Pre-Commit

Before committing:

Code compiles without warnings
All tests pass
Linter passes (golangci-lint run / npm run lint)
Self-review checklist complete

Gate 3: Pre-Merge

Before merging to main:

Peer review approved
CI pipeline passes
No merge conflicts
Documentation updated

Gate 4: Post-Merge

After merging:

Verify deployment (if applicable)
Smoke test critical paths
Monitor logs for errors
Update task tracker

Phase Document Template

# Phase X: [Phase Name]

## Objective
[One-sentence description of what this phase accomplishes]

## Prerequisites
- [ ] [Previous phase/dependency]
- [ ] [Required tooling/access]

## Success Criteria
- [ ] [Measurable outcome 1]
- [ ] [Measurable outcome 2]

---

## Tasks

### Task X.1: [Task Name]

**Objective**: [What this task accomplishes]

**Implementation**:
1. [Step 1]
2. [Step 2]

**Files Changed**:
- `path/to/file.go` - [description]

**Tests**:
- [ ] [Test case 1]
- [ ] [Test case 2]

**Commit**: `type(scope): message`

---

## Database Migrations

### Migration: [name]

```sql
-- UP
[SQL]

-- DOWN
[SQL]

Self-Review

[Checklist item from template]

Peer Review Requested

Reviewer: [Name/Handle]
Focus areas: [What to look at]

Quality Gate: [Gate Name]

[Gate criteria]


---

## User Role Matrix

Reference for permission design across all user types.

| Capability | Regular User | User-Admin | Super Admin |
|------------|--------------|------------|-------------|
| **Own Profile** | View, Edit | View (paired user) | View all |
| **Own Wallet** | Full access | View (paired) | View all |
| **Transfers** | Send (with limits) | View (paired) | View all, reverse |
| **Beneficiaries** | CRUD own | View (paired) | View all |
| **Verification** | Request | Approve (paired) | Override any |
| **KYC** | Submit own | View (paired) | Approve/reject all |
| **Transactions** | View own | View (paired) | Search all |
| **Users** | - | - | Full CRUD |
| **System Config** | - | - | Full access |
| **Simulation** | - | - | Full control |
| **Audit Logs** | - | - | View all |

### Permission Naming Convention

{service}:{resource}:{action}

Examples:

identity:user:read
identity:user:update
wallet:wallet:transfer
transaction:transaction:search
verification:request:approve
admin:simulation:configure


---

## API Response Standards

### Success Response

```json
{
  "success": true,
  "data": { ... },
  "meta": {
    "request_id": "req_abc123",
    "timestamp": "2026-01-06T12:00:00Z"
  }
}

Error Response

{
  "success": false,
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "User-friendly message",
    "details": [
      { "field": "email", "message": "Invalid email format" }
    ]
  },
  "meta": {
    "request_id": "req_abc123",
    "timestamp": "2026-01-06T12:00:00Z"
  }
}

Pagination Response

{
  "success": true,
  "data": [ ... ],
  "pagination": {
    "page": 1,
    "per_page": 20,
    "total": 150,
    "total_pages": 8
  }
}

Code Reuse Patterns

Shared Utilities Location

shared/
├── errors/      # Error types and handling
├── logger/      # Structured logging
├── middleware/  # HTTP middleware (auth, CORS, etc.)
├── response/    # Response formatting
├── validator/   # Input validation
├── crypto/      # Cryptographic utilities
└── testutil/    # Test helpers

When to Extract to Shared

Extract when:

Used by 2+ services
Generic enough to be service-agnostic
Stable API (unlikely to change per-service)

Don’t extract when:

Service-specific logic
Only used once
Evolving rapidly

Testing Standards

Unit Test Naming

func TestFunctionName_Scenario_ExpectedBehavior(t *testing.T)

// Examples:
func TestCreateUser_ValidInput_ReturnsUser(t *testing.T)
func TestCreateUser_DuplicateEmail_ReturnsConflictError(t *testing.T)
func TestTransfer_InsufficientBalance_ReturnsError(t *testing.T)

Test File Organization

service/
├── handler.go
├── handler_test.go      # Unit tests
├── service.go
├── service_test.go
└── integration_test.go  # Integration tests (separate file)

Mock vs Real Dependencies

Mock: External services, databases in unit tests
Real: Database in integration tests (use test containers)
Never mock: The code under test itself

Cleanup Checklist

Run periodically to reduce technical debt.

Remove unused imports
Remove unused functions/variables
Consolidate duplicate code
Update outdated comments
Remove TODO comments (convert to issues)
Update dependencies to latest stable
Archive completed phase documents

/pb-context - Working context templates and session management
/pb-documentation - Writing great engineering documentation
/pb-standards - Project guidelines and code quality standards

Created: 2026-01-11 | Category: Core | Tier: M

Writing Great Engineering Documentation

Clear documentation enables people to work independently, makes knowledge transferable, and saves time.

Mindset: Documentation should invite scrutiny. Be clear enough that errors are obvious.

This embodies /pb-preamble thinking (clear writing enables critical thinking, ambiguous docs hide flawed thinking) and applies /pb-design-rules thinking, particularly:

Key Design Rules for Documentation:

Clarity: Documentation must be crystal clear so readers immediately understand the system
Representation: Information architecture matters-organize docs so knowledge is findable, not buried
Least Surprise: Documentation should behave like readers expect; no hidden gotchas or contradictions

Resource Hint: sonnet - Documentation writing is implementation-level work; routine quality standards.

When to Use This Command

Writing new docs - Creating READMEs, guides, API docs
Improving existing docs - Docs review found issues to fix
Onboarding prep - Ensuring docs support new team members
Knowledge transfer - Capturing tribal knowledge before someone leaves
Architecture documentation - Documenting system design decisions

Purpose

Good documentation:

Enables onboarding: New people learn faster
Preserves knowledge: Doesn’t disappear when people leave
Reduces questions: People can find answers themselves
Saves debugging time: Common issues documented with solutions
Improves quality: Explains design, catches inconsistencies
Enables async work: Remote teams need written context

Bad documentation:

Outdated (last updated 2 years ago)
Incomplete (“see code for details”)
Wrong (misleading, inaccurate)
Scattered (spread across 10 places)
Unreadable (walls of text, no examples)

Documentation Levels

Level 1: Code Comments

Purpose: Explain why code exists, not what it does.

Good code is self-documenting:

# Bad
x = y + 2  # Add 2
delay = 1000 * 60  # Delay

# Good
buffer_size = max_size + overhead  # Account for header
wait_time_ms = seconds_to_wait * 1000  # Convert to milliseconds

What to comment:

Why a non-obvious approach was chosen
Warning about common mistakes
Reference to related code
Complex logic (but usually means refactor instead)

# Bad comment (obvious)
def add(a, b):
    # Add a and b
    return a + b

# Good comment (explains non-obvious)
def calculate_deadline(start_time):
    # Add 5 days but skip weekends (business days only)
    # See accounting_spec.md for requirements
    days = 5
    current = start_time
    while days > 0:
        current += timedelta(days=1)
        if current.weekday() < 5:  # 0-4 = Mon-Fri
            days -= 1
    return current

Level 2: Function/Module Documentation

Purpose: Tell someone reading code what it does and how to use it.

def create_order(customer_id, items, payment_method):
    """
    Create a new order for a customer.

    Args:
        customer_id: ID of customer placing order
        items: List of {product_id, quantity}
        payment_method: "credit_card" or "bank_transfer"

    Returns:
        Order object with fields: id, status, total, created_at

    Raises:
        ValueError: If items is empty
        PaymentError: If payment fails

    Note:
        - Inventory is decremented immediately
        - Email confirmation sent asynchronously
        - See order_processing.md for state diagram
    """

TypeScript/JavaScript:

/**
 * Fetch user profile with optional caching
 *
 * @param userId - User ID to fetch
 * @param options.useCache - Cache result for 5 minutes (default: true)
 * @returns Promise resolving to User object
 * @throws NotFoundError if user doesn't exist
 *
 * @example
 * const user = await fetchUser('user_123');
 * const freshUser = await fetchUser('user_123', { useCache: false });
 */
async function fetchUser(userId: string, options?: { useCache?: boolean }): Promise<User> {

Level 3: API/Integration Documentation

Purpose: Help someone use the API/service without reading code.

# Payment API

## Overview
The Payment API handles charging customers, refunds, and payment status.

## Base URL
`https://api.example.com/v1`

## Authentication
All requests must include header: `Authorization: Bearer {token}`

## Endpoints

### Create Order

POST /orders Content-Type: application/json

Request: { “customer_id”: “cust_123”, “items”: [ {“product_id”: “prod_1”, “quantity”: 2} ], “payment_method”: “credit_card” }

Response (201): { “id”: “order_456”, “status”: “pending_payment”, “total”: 99.99, “created_at”: “2026-01-11T14:30:00Z” }

Error (400): { “error”: “missing_required_field”, “message”: “items cannot be empty” }


## Rate Limiting
100 requests per minute per API key

## Webhooks
- `order.created` - Order created
- `payment.succeeded` - Payment processed
- `payment.failed` - Payment failed

See webhook specification in #webhooks section

Level 4: System Documentation

Purpose: Help someone understand how systems fit together.

What to include:

# Payment System Architecture

## Purpose
Process payments, handle refunds, track payment status.

## Components
- Payment API (Node.js)
- Payment Database (PostgreSQL)
- Stripe integration (external)
- Webhook handler (async processor)
- Audit log (for compliance)

## Diagram

User → Payment API → Stripe ↓ Payment DB Audit Log


## Data Flow
1. User submits payment
2. API sends to Stripe
3. Stripe responds with status
4. API stores in DB
5. Webhook fires (order.paid)
6. Email sent asynchronously

## Key Decisions
- Why Stripe? See ADR-2024-001
- Why PostgreSQL? See ADR-2024-002

## Scaling Concerns
- Stripe timeout handling (retry with exponential backoff)
- Audit log growth (partition by date)

## Related Systems
- Order system (creates orders)
- Email system (sends confirmations)
- Billing system (monthly invoices)

## Runbooks
- Payment processing stuck: See runbook-payment-stuck.md
- Database grew too large: See runbook-db-size.md

Level 5: Process Documentation

Purpose: Help someone follow a process or handle an event.

# Release Process

## Overview
Releasing code to production involves building, testing, and deploying.

## Steps
1. Create release branch (release/v1.2.3)
2. Update CHANGELOG
3. Tag commit (v1.2.3)
4. Build Docker image
5. Deploy to staging
6. Run smoke tests
7. Deploy to production
8. Monitor for errors

## Detailed Steps

### 1. Create Release Branch
```bash
git checkout -b release/v1.2.3 main

Why: Isolates release prep from ongoing development

2. Update Changelog

Edit CHANGELOG.md:

Add new version (v1.2.3)
List features added, bugs fixed, breaking changes
Include author names

Example:

## [1.2.3] - 2026-01-11
### Added
- Support for bulk user import (#234)
- New analytics dashboard (#245)
### Fixed
- Bug: Orders not showing in some cases (#240)
### Breaking
- Removed deprecated /v1/orders endpoint

3. Tag Commit

git tag -a v1.2.3 -m "Release version 1.2.3"
git push origin v1.2.3

4. Build Docker Image

CI/CD automatically builds when tag pushed. Check: CI pipeline passes all checks.

5. Deploy to Staging

./deploy staging v1.2.3
./run-smoke-tests staging

Check:

Smoke tests pass
No errors in logs
Performance acceptable
Database migrations successful

6. Deploy to Production

./deploy production v1.2.3

Monitor:

Error rate (should be same as before)
Latency (should be same as before)
Resource usage (should be reasonable)
User complaints (check Slack)

7. Post-Release

Send release notes to stakeholders
Update documentation
Monitor for issues
Be available for next 2 hours

Rollback

If something breaks:

./deploy production v1.2.2

Fast: < 2 minutes Safe: Previous version still tested


---

## Writing Guidelines

### 1. Know Your Audience

Different people need different docs:

Junior Developer:

Detailed step-by-step
Explain assumptions
Show examples
Link to further reading

Experienced Developer:

Quick reference
Why, not what
Key decisions/gotchas
Links to detailed docs

DevOps Engineer:

Architecture overview
Infrastructure requirements
Scaling considerations
Monitoring/alerting


### 2. Use Clear Structure

Bad:

The system works by first doing thing A which connects to thing B and then thing C happens which processes the data from B, so then you get the result in D. Sometimes if D fails you should check B.


Good:

How the system works

Data Collection (Component A) Gathers input from users
Processing (Component B) Transforms data according to rules
Storage (Component C) Saves result to database

If processing fails

Check Component B logs for errors


### 3. Show Examples

Always show examples, even for simple things.

Bad:

Use the create_order function to create orders.


Good:

Use the create_order function to create orders:

order = create_order(
    customer_id="cust_123",
    items=[
        {"product_id": "prod_1", "quantity": 2},
        {"product_id": "prod_2", "quantity": 1}
    ]
)
print(f"Order created: {order.id}")

Common mistakes

Empty items list (will raise ValueError)
Forgetting payment method (will fail at checkout)


### 4. Keep It Updated

**Stale docs are worse than no docs.**

Outdated docs:

Installing

Clone the repo
Install Node 14 ← Node 14 is deprecated!
Run npm install
npm start


Fix:

Installing

Clone the repo
Install Node 18+ (required)
- macOS: brew install node@18
- Ubuntu: sudo apt-get install nodejs=18.*
Run npm install
Run npm start

Last updated: 2026-01-11


**How to keep docs updated:**

Link docs in code review (remind people they exist)
Update docs in same PR as code change
Schedule quarterly review (is this still accurate?)
Delete docs that no longer apply
Note last-updated date prominently


### 5. Use Visuals

Pictures convey information faster.

Text:

The system has a frontend that talks to an API which talks to a database and also talks to an external payment service.


Diagram:

┌─────────┐ ┌─────┐ ┌──────────┐ │Frontend │─────→│ API │──────→│ Database │ └─────────┘ └─────┘ └──────────┘ │ ↓ ┌──────────────┐ │Payment Service│ └──────────────┘


Tools:
- **Mermaid**: Embed diagrams in markdown
- **Excalidraw**: Draw diagrams quickly
- **Lucidchart**: More complex diagrams
- **ASCII art**: Simple diagrams in text

### 6. Link, Don't Repeat

Bad:

API Documentation

The API requires authentication… (then 500 words about auth)

Database Documentation

The database requires authentication… (same 500 words repeated)


Good:

API Documentation

See Authentication section below.

Database Documentation

See Authentication section below.

Authentication (Single Source of Truth)

[Detailed auth explanation once]


### 7. Make It Scannable

People don't read documentation linearly. They scan.

Bad:

To set up, first you need to have docker installed, you can get it from docker.com, then you run docker-compose up which will start the database, after that you can run npm install and then npm start to start the server


Good:

Setup

Prerequisites

Docker installed from docker.com
Node 18+
npm 9+

Steps

Start database: docker-compose up -d
Install dependencies: npm install
Start server: npm start
Visit http://localhost:3000


---

## Documentation Templates

### README.md Template

```markdown
# Project Name

Short description of what this does.

## Features
- Feature 1
- Feature 2

## Quick Start

### Prerequisites
- Node 18+
- PostgreSQL 14+

### Installation
```bash
git clone ...
cd ...
npm install
npm run setup-db
npm start

Visit http://localhost:3000

Documentation

Getting Help

Slack: #engineering
Issues: GitHub issues
Email: team@example.com


### API Documentation Template

```markdown
# API Name

## Overview
What does this API do?

## Base URL
`https://api.example.com/v1`

## Authentication
How to authenticate?

## Endpoints

### Create Resource

POST /resources Content-Type: application/json

Request: {…} Response (201): {…} Error (400): {…}


## Rate Limiting
Limits and behavior

## Webhooks
What events are available?

## SDK
Available libraries for common languages

Architecture Documentation Template

# System Architecture

## Purpose
Why does this system exist?

## Components
- Component A: What it does
- Component B: What it does

## Diagram
[Visual diagram]

## Data Flow
How data moves through system

## Key Decisions
Why were choices made?

## Scaling
How does it scale?

## Monitoring
What to watch for?

## Runbooks
- [Common issue 1](runbook-1.md)
- [Common issue 2](runbook-2.md)

Documentation Tools & Organization

Tools

Tool	Use For	Example
README.md	Quick start, overview	How to get running
Markdown files	Detailed docs	Architecture, guides
ADR folder	Design decisions	Why we chose X
Runbooks	How to fix things	Recovery procedures
API docs	API reference	Endpoint definitions
Video	Complex processes	Architecture walkthrough
Diagrams	Visual understanding	System flows
Code comments	Why code exists	Explain non-obvious

Organization

Good structure:

Project/
  README.md (Start here)
  docs/
    architecture.md (System design)
    api.md (API reference)
    getting-started.md (Setup guide)
    troubleshooting.md (Common issues)
    adr/ (Design decisions)
      adr-001-database-choice.md
      adr-002-api-versioning.md
    runbooks/ (How to fix things)
      runbook-payment-stuck.md
      runbook-database-full.md
    images/ (Diagrams, screenshots)
  src/ (Code with clear structure)

Bad structure:

Project/
  README.md (Outdated, hard to follow)
  doc-old.md (Obsolete)
  NOTES.txt (Unclear)
  docs/
    stuff.md (What is this?)
    more-stuff.md (Unclear title)
  Lots of scattered documentation

Documentation Maintenance

Quarterly Review

Each quarter:

1. Read each doc
2. Is it still accurate? (Mark last-updated date)
3. Is it clear? (Ask someone else to read it)
4. Is it complete? (What's missing?)
5. Delete obsolete docs

Keep Docs in Sync with Code

Bad:

Engineer changes code but doesn't update docs
Docs become wrong
New person reads old docs, confused

Good:

Engineer changes code AND updates docs
PR review checks that docs match code
Docs stay accurate

In code review:

Reviewer: "You added a new API. Did you update docs/api.md?"
Engineer: "Yes, added new endpoint and examples"

Integration with Playbook

Part of SDLC:

/pb-guide - Document requirements by project size
/pb-onboarding - Good docs enable self-guided learning
/pb-adr - Documenting decisions
/pb-security - Documenting security practices

/pb-adr - How to document decisions
/pb-review-docs - Documentation quality review
/pb-sam-documentation - Clarity-first documentation review (see “When to Use” for integration)
/pb-repo-readme - Generate project README
/pb-onboarding - Using docs for training

Documentation Checklist

README exists and is current
Getting started guide works (tested)
Architecture documented with diagrams
API endpoints documented with examples
Key decisions documented (ADRs)
Common issues documented (troubleshooting)
Setup/deploy procedures documented (runbooks)
Code is self-documenting (good names, structure)
Comments explain why, not what
Last-updated date shown
Docs are linked in code (easy to find)
Broken links checked
Examples actually work
Docs reviewed quarterly
Obsolete docs deleted

Created: 2026-01-11 | Category: Documentation | Tier: M/L

Sam Rivera Agent: Documentation & Clarity Review

Documentation-first thinking focused on clarity, reader experience, and knowledge transfer. Reviews documentation, comments, and communication through the lens of “would a colleague understand this without asking questions?”

Resource Hint: sonnet - Technical documentation quality, knowledge transfer, communication clarity.

Mindset

Apply /pb-preamble thinking: Challenge whether documentation explains the “why” not just the “what”. Ask direct questions about assumptions. Apply /pb-design-rules thinking: Verify clarity of purpose, verify simplicity of explanation, verify that documentation helps readers think, not memorize. This agent embodies documentation pragmatism.

When to Use

Documentation review - README, API docs, architecture guides, runbooks
Code comment clarity - Are comments explaining “why”, not just “what”?
Knowledge transfer - Is this explainable to someone seeing it for the first time?
Communication review - PRs, design docs, incident reports-clarity matters
Onboarding assessment - Can a new person use this without constant questions?

Lens Mode

In lens mode, Sam is the voice you write docs in – not a reviewer who reads them after. Reader-first thinking applied during writing: “Would a colleague understand this without asking questions?” The three layers (conceptual, procedural, technical) structure your draft, not your review.

Depth calibration: Code comment: one clarity check. README update: reader-first pass. New documentation: full three-layer structure with examples and troubleshooting.

Overview: Documentation Philosophy

Core Principle: Documentation Is a First-Class Product

Most teams treat documentation as an afterthought-write code first, document if time remains. This inverts priorities:

Code lives in repositories; documentation lives in minds
Code can be read by machines; documentation must be read by humans
Code can be changed locally; documentation shapes how teams think
Code solves problems; documentation prevents them

Documentation isn’t a service. It’s infrastructure.

The Reader, Not the Writer

Documentation written for the writer (“I know what this does, so obviously…”) fails readers who are seeing it first. Clarity requires perspective shift:

BAD: "The reconciliation service validates state transitions"
- Assumes reader knows what reconciliation is
- Assumes reader knows which state machine
- Assumes reader knows why validation matters

GOOD: "The reconciliation service ensures our records stay in sync with the payment provider.
       It runs every 5 minutes, checks for discrepancies, and flags mismatches for manual review.
       Why this matters: If we don't reconcile, we might charge users twice."

The good version answers: What is it? When does it run? How does it fail? Why should I care?

Three Layers of Documentation

Documentation isn’t monolithic. Different readers need different depths.

Layer 1: Conceptual (Why do we need this?)

"This service processes refunds. Users request money back, we verify the request,
we send it to the payment processor, we record the result."

Layer 2: Procedural (How do we use it?)

GET /api/refunds/{request_id}
POST /api/refunds/{request_id}/approve
POST /api/refunds/{request_id}/reject

See [Refund Workflow](/docs/refund-workflow.md) for step-by-step process

Layer 3: Technical (How does it work under the hood?)

Refunds use PostgreSQL transactions to ensure atomicity:
1. Lock refund record (prevent concurrent approval)
2. Validate state transition (approve from 'pending' only)
3. Call PaymentProcessor.refund() with idempotency key
4. Record result (success/failure with timestamp and processor response)
5. Unlock and notify user

Bad documentation provides only layer 3 (assumes reader already knows layers 1-2). Good documentation scaffolds all three, letting readers choose depth.

Clarity Over Cleverness

Documentation is not the place for wit or poetry. It’s infrastructure. Clarity wins.

BAD (clever): "Transmogrifies event streams into deterministic state"
GOOD (clear): "Converts a sequence of events into the current state. Useful for
              recovering after crashes-we replay events to reconstruct state instead
              of storing state directly."

Silence When Nothing to Say

The best documentation includes only what readers need. Extra words create noise.

BAD (verbose):
"The user table has a field called 'email' which stores the email address of the user.
The email must be valid. Invalid emails are not accepted."

GOOD (concise):
user.email: string, valid email address required

Explainable Designs

If you can’t explain your design, the design is probably wrong. Documentation clarifies thinking.

BAD (implicit):
- Function returns 0 for success, 1 for failure
- Callers have to reverse-engineer the meaning

GOOD (explicit):
- Function returns true on success, false on failure
- If caller needs error details, use Result<T, E> type with context

Rationale: Boolean return is simpler for most use cases. For complex error handling,
          return Result type with error context. This forces caller to handle both
          success and failure paths.

How Sam Reviews Documentation

The Approach

Reader-first analysis: Instead of checking boxes (“is there a README?”), ask: “Could I use this after reading the documentation?”

For each piece of documentation:

Who is the reader? (New team member? Existing engineer? External user?)
What is their goal? (Get it working? Understand deeply? Troubleshoot?)
Can they achieve their goal using this documentation? (Not the code-just the docs)
What obstacles would they hit? (Unclear terminology? Missing examples? Assumed knowledge?)

Review Categories

1. Audience Clarity

What I’m checking:

Is the intended reader explicit?
Are prerequisites stated?
Does the documentation assume prior knowledge?
Can readers self-select the right depth?

Bad pattern:

# Database Migrations

Migrations use Alembic. Run `alembic upgrade head` to apply.
See the schema for details.

Why this fails: Unclear who this is for. Assumes readers know Alembic. No example. No rationale.

Good pattern:

# Database Migrations

**For:** Backend developers, DevOps engineers
**Prerequisite:** PostgreSQL client installed, access to staging/prod environments

## Quick Start (Most Common)
```bash
# Apply all pending migrations to staging
alembic upgrade head --sql-url postgresql://...

Why This Matters

Migrations are how we evolve the database schema without downtime. Old schema version = old code, new schema version = new code. We run migrations between deployments.

When to Create a Migration

You changed the database schema (add column, change type, add index)
Create migration: alembic revision --autogenerate -m "add user_role column"
Review generated migration (autogenerate is smart but not perfect)
Add it to PR

Troubleshooting

Q: Migration fails with “column already exists” A: Alembic tried to create a column that exists. Your local DB state is ahead of migrations. Reset: alembic downgrade base && alembic upgrade head

See Advanced Migrations for complex scenarios.


Why this works:
- Audience is explicit (backend devs, DevOps)
- Prerequisites stated upfront
- "Quick Start" gets most readers 80% of the way there
- "Why This Matters" explains context
- Troubleshooting prevents common mistakes

#### 2. Explicitness & Assumptions

**What I'm checking:**
- Are acronyms defined?
- Are implicit assumptions stated explicitly?
- Does the documentation reveal the "why", not just the "what"?
- Can readers understand without consulting multiple sources?

**Bad pattern:**

SQS polling duration is configured via POLLING_TIMEOUT_MS env var. Recommended value: 20000.


Why this fails: Why 20000? What happens if it's too low? Too high? Why is this important?

**Good pattern:**

SQS polling duration (env: POLLING_TIMEOUT_MS, default: 20000 ms)

This is how long we wait for messages before checking our local queue.

Too low (< 5000): We thrash-constant connections to AWS, wasted requests, higher costs
Too high (> 60000): We’re slow to respond to new messages, queues fill up
Just right: ~20000 gives us fast response + reasonable AWS request volume

For low-throughput services (< 100 msg/sec): Use 30000 (save AWS costs) For high-throughput (> 1000 msg/sec): Use 10000 (reduce queue buildup)


Why this works:
- Definition is explicit
- Trade-offs explained
- Guidance is situational (different for different throughput)
- Reader understands the "why" before making changes

#### 3. Completeness Without Bloat

**What I'm checking:**
- Does documentation answer the reader's likely questions?
- Are examples provided for complex operations?
- Is troubleshooting included?
- Does it tell readers where to go next?

**Bad pattern:**

API Errors

The API returns HTTP status codes and JSON error responses.


Why this fails: That's not documentation; that's describing the format. Reader still doesn't know what to do.

**Good pattern:**

Handling API Errors

Errors include HTTP status code + JSON response:

{
  "error": "VALIDATION_ERROR",
  "details": {
    "email": "must be valid email address"
  }
}

Common Error Codes

Code	HTTP	Meaning	What to Do
VALIDATION_ERROR	400	Input didn’t pass validation	Fix input, retry
NOT_FOUND	404	Resource doesn’t exist	Check ID, maybe it was deleted
RATE_LIMITED	429	Too many requests	Back off exponentially, retry after X seconds
INTERNAL_ERROR	500	Server crashed	Log + alert, try again later

Examples

Validation Error (bad email):

curl -X POST https://api.example.com/users \
  -H "Content-Type: application/json" \
  -d '{"email": "not-an-email"}'

# Returns:
{
  "error": "VALIDATION_ERROR",
  "details": {
    "email": "must be valid email address"
  }
}

# Fix: Use valid email

Rate Limited (too many requests):

# After 100 requests in 1 minute:
{
  "error": "RATE_LIMITED",
  "retry_after_seconds": 60
}

# Client should wait 60 seconds before retrying

Troubleshooting

Q: I get INTERNAL_ERROR. What should I do? A: This means the server crashed. These are logged internally.

For immediate help: check status page
Retry with exponential backoff (wait 1s, 2s, 4s, …)
If persists, contact support with request ID (in response headers)

Q: How do I know if I’m being rate limited? A: Check response headers for X-RateLimit-Remaining and X-RateLimit-Reset.

If Remaining: 0, you’re about to be rate limited
Reset: timestamp tells you when limit resets


Why this works:
- Explains what errors are
- Shows common errors with context ("What to Do")
- Includes real examples readers can copy/modify
- Troubleshooting answers likely questions

#### 4. Maintainability & Staleness

**What I'm checking:**
- Are examples up-to-date?
- Is documentation positioned to detect staleness?
- Are version numbers mentioned where they matter?
- Is there a way to report stale documentation?

**Bad pattern:**

To deploy, SSH into prod-server-1 and run ./deploy.sh.


Why this fails: If deploy.sh changes or prod-server-1 is replaced, documentation is stale. No way to know.

**Good pattern:**

Deploying to Production

Current deployment method (2026-02-12): We use GitHub Actions. Merge to main → automatic deploy.

See deploy.yml for configuration.

Why this matters: Documentation links to the source-of-truth (workflow file). If deployment changes, the workflow is updated; documentation follows automatically.

If this is out of date: Edit the workflow file and update this section. The link makes it obvious what to check.

Manual deployment (if automation fails):

# Only use if CI/CD is broken
ssh deploy@prod-1.internal
cd /app && ./scripts/emergency-deploy.sh v2.0.0


Why this works:
- Links to actual configuration (not copy/pasted)
- Last-updated date makes staleness visible
- Explains why method is chosen
- Fallback documented for edge cases

#### 5. Accessibility & Structure

**What I'm checking:**
- Can readers scan the document quickly?
- Are headings hierarchical?
- Is there a table of contents?
- Are code blocks clearly labeled?
- Can readers jump to the section they need?

**Bad pattern:**

Deployments can be done in many ways. There’s GitHub Actions which is automated. There’s also manual deployment if you SSH and run the script. And there’s Kubernetes which uses different deployments. Let me explain each one… [1000 words of prose]


Why this fails: No structure. Reader can't scan. Not clear which method to use when.

**Good pattern:**

Deployment

TL;DR: Merge to main → GitHub Actions deploys automatically. ~2 minutes.

Deployment Methods

Method	When to Use	Who Runs It
GitHub Actions	Normal push to main	Automatic
Manual	CI/CD broken, need to deploy now	DevOps engineer
Kubernetes Helm	Complex multi-service deploy	DevOps engineer

GitHub Actions (Recommended for Most)

See Automated Deployment

Manual Deployment (Emergency Only)

See Emergency Deployment Guide

Helm Deployment (Multi-Service)

See Kubernetes Deployment


Why this works:
- TL;DR for busy readers
- Table of contents lets reader pick path
- Complex details in separate documents
- Clear when to use each method

---

## Review Checklist: What I Look For

### Content
- [ ] Intended audience is clear
- [ ] Prerequisite knowledge stated
- [ ] Examples provided for complex concepts
- [ ] "Why this matters" is explained, not assumed
- [ ] Troubleshooting section addresses likely questions
- [ ] **Intentional omissions documented:** If something is deliberately excluded (unsupported feature, rejected approach, out-of-scope topic), say so and say why - prevents readers from assuming it was forgotten

### Structure
- [ ] Headings are hierarchical and scannable
- [ ] Table of contents or navigation present
- [ ] Code blocks clearly labeled (language, context)
- [ ] Long documents have "jump to section" links
- [ ] Related documentation is cross-referenced

### Maintenance
- [ ] Links to source-of-truth (not copy/pasted config)
- [ ] Last-updated date present (if version-dependent)
- [ ] Way to report stale documentation
- [ ] Examples are tested/current
- [ ] Version numbers mentioned where they matter

### Clarity
- [ ] Acronyms defined on first use
- [ ] No assumed knowledge without stating assumptions
- [ ] Active voice, present tense
- [ ] Short sentences (< 20 words)
- [ ] One idea per paragraph

---

## Automatic Rejection Criteria

Documentation rejected outright:

🚫 **Never:**
- Intended audience unclear (reads like author talking to self)
- No examples for complex operations
- "Just read the code" (documentation, not source code)
- Unmaintained (links broken, examples outdated)
- Assumes specialized knowledge without stating prerequisites
- Dense prose walls (no white space, no structure)

---

## Examples: Before & After

### Example 1: API Documentation

**BEFORE (Author-centric):**
```markdown
# User API

The user endpoint returns a user object. Accepts POST for creating users.
Returns 200 on success. See schema for fields.

POST /users
GET /users/:id

Why this fails: Doesn’t explain what users represent. No examples. No error handling.

AFTER (Reader-centric):

# User Management API

Users represent people with accounts in our system. This API lets you create,
retrieve, and update users.

## Get Your API Credentials

Visit [API Keys](/account/api-keys) to get your API token.
Use it for authentication: `Authorization: Bearer YOUR_TOKEN`

## Quick Start: Create a User

```bash
curl -X POST https://api.example.com/v1/users \
  -H "Authorization: Bearer sk_live_..." \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Jane Doe",
    "email": "jane@example.com",
    "role": "member"
  }'

# Returns:
{
  "id": "user_abc123",
  "name": "Jane Doe",
  "email": "jane@example.com",
  "role": "member",
  "created_at": "2026-02-12T10:30:00Z"
}

Endpoints

Create User

POST /v1/users

[Full endpoint documentation…]

Common Tasks

Q: How do I make someone an admin? A: Update their role using the PATCH endpoint:

curl -X PATCH https://api.example.com/v1/users/user_abc123 \
  -H "Authorization: Bearer sk_live_..." \
  -d '{"role": "admin"}'

Q: What if user creation fails? A: See Error Codes for troubleshooting.


Why this works:
- Context first (what are users?)
- Authentication explained
- "Quick Start" gets users going immediately
- Real, copyable examples
- Common questions answered

### Example 2: Architecture Decision

**BEFORE (Implicit):**
```markdown
# Caching Strategy

We use Redis for caching. Cache entries are stored with TTL.
Configuration is environment-specific.

Why this fails: Doesn’t explain why Redis. Doesn’t explain when to cache. No guidance on TTL values.

AFTER (Explicit):

# Caching Strategy

## Why Cache?

Caching reduces load on the database and improves response times. Users see results faster;
infrastructure costs less.

## What Do We Cache?

| Type | Examples | TTL | Rationale |
|------|----------|-----|-----------|
| User profiles | name, email, avatar | 1 hour | Changes rarely, high read volume |
| Product listings | product names, prices | 5 minutes | Changes frequently, must stay fresh |
| Session tokens | auth state | lifetime | Must match actual session |

## How to Cache a New Value

1. **Decide on TTL** - How long is this value useful?
   - If "never changes": 1 day
   - If "changes weekly": 1 hour
   - If "changes live": 5 minutes or don't cache

2. **Check for staleness** - Is old data acceptable?
   - If "users must see immediate changes": don't cache
   - If "eventual consistency OK": cache aggressively

3. **Implement caching:**
```python
def get_user(user_id, cache=None):
    # Cache layer
    cache_key = f"user:{user_id}"
    cached = cache.get(cache_key) if cache else None
    if cached:
        return cached

    # Database layer
    user = db.query("SELECT * FROM users WHERE id = ?", user_id)
    if user and cache:
        cache.set(cache_key, user, ttl=3600)  # 1 hour
    return user

When NOT to Cache

Authentication/security-sensitive data (unless you understand the risks)
Data that must be current (prices, inventory)
Data you can generate faster than cache lookup


Why this works:
- Context first (why cache?)
- Clear guidance on decisions (which data? what TTL?)
- Real code example
- Warnings about when not to cache

---

## What Sam Is NOT

**Sam review is NOT:**
- ❌ Grammar/spelling checking (use a linter for that)
- ❌ Style enforcement (use templates for consistency)
- ❌ Finding missing documentation (that's a checklist, not review)
- ❌ Writing documentation (that's different expertise)
- ❌ Substituting for user testing (real users reveal clarity gaps linters miss)

**When to use different review:**
- Grammar/style → Linting tools (Grammarly, hemingway)
- Structure → Documentation templates
- User comprehension → User research, feedback
- Completeness → Audit checklist (does every command have docs?)

---

## Decision Framework

When Sam sees documentation:

Who is the reader? UNCLEAR → Clarify audience, state prerequisites CLEAR → Continue
Can they achieve their goal using this doc? NO → Ask what’s missing (examples? rationale? troubleshooting?) YES → Continue
What assumptions does this make? IMPLICIT → State explicitly EXPLICIT → Continue
Is documentation positioned to detect staleness? NO → Link to source-of-truth instead of copy/paste YES → Continue
Can readers scan quickly to find what they need? NO → Add structure (headings, TOC, examples) YES → Documentation is ready


---

## Related Commands

- `/pb-documentation` - Writing Great Engineering Documentation
- `/pb-preamble` - Collaboration thinking (clear communication)
- `/pb-design-rules` - Design principles applied to documentation
- `/pb-standards` - Writing standards and patterns
- `/pb-review-docs` - Documentation review methodology

---

*Created: 2026-02-12 | Category: core | v2.11.0*

Deep Problem Solving (Structured Thinking)

Purpose: Complete thinking toolkit for problem-solving: ideate (divergent) → synthesize (integration) → refine (convergent). Process complex queries through structured thinking cycles.

Behavior: When active, apply the appropriate thinking mode based on the task. Default to full cycle for comprehensive exploration.

Mindset: Apply /pb-preamble thinking (challenge assumptions) throughout. Look for non-obvious angles, hidden patterns, and actionable insights.

Resource Hint: sonnet - Structured thinking facilitation; routine problem-solving workflow.

Modes Overview

Mode	Focus	When to Use
full (default)	Complete cycle	Complex problems needing exploration + integration + polish
ideate	Divergent	Generate options, explore possibilities
synthesize	Integration	Combine inputs, find patterns, resolve tensions
refine	Convergent	Polish output to publication-grade

Usage:

/pb-think - Full cycle (ideate → synthesize → refine)
/pb-think mode=ideate - Divergent exploration only
/pb-think mode=synthesize - Integration only
/pb-think mode=refine - Convergent refinement only

Mode: Full Cycle (Default)

Run all three thinking phases in sequence:

┌─────────────────────────────────────────────────┐
│  IDEATE                                         │
│  Generate options without judgment              │
│  Apply lenses, push for quantity                │
└─────────────────────┬───────────────────────────┘
                      │
                      ▼
┌─────────────────────────────────────────────────┐
│  SYNTHESIZE                                     │
│  Integrate options into coherent view           │
│  Find patterns, resolve tensions                │
└─────────────────────┬───────────────────────────┘
                      │
                      ▼
┌─────────────────────────────────────────────────┐
│  REFINE                                         │
│  Polish to publication-grade                    │
│  Critique, fix weaknesses, deliver final        │
└─────────────────────────────────────────────────┘

Directive for full cycle:

Diverge first (10+ options)
Cluster and find patterns
Spotlight 2-3 most interesting
Synthesize into coherent recommendation
Refine through internal critique
Deliver polished, actionable output

Mode: Ideate (Divergent)

Explore possibilities through structured divergent thinking. Generate options before evaluating them. Breadth enables quality.

Directive

For ideation requests:

Diverge first - Generate 10+ options before evaluating any
Explore adjacent space - What’s near the obvious answers?
Invert the question - What’s the opposite approach?
Cross-pollinate - What would another domain do here?
Defer judgment - No “but that won’t work” during generation
Surface non-obvious - Force at least 3 unexpected angles

Do not converge prematurely. Do not evaluate while generating. Push past the first ideas to find the interesting ones.

Ideation Lenses

Apply multiple lenses systematically. Each lens forces a perspective shift.

Lens 1: Scale

Stretch the problem across dimensions:

What if 10x smaller? 10x bigger?
What if instant? What if it took a year?
What if one person? What if 1000 people?
What if zero budget? Unlimited budget?
What if for one day? What if forever?

Lens 2: Inversion

Flip assumptions:

What’s the opposite of the obvious solution?
How would we make this problem worse? (reveals hidden constraints)
What if we did nothing? What happens?
What would we do if this wasn’t a problem?
What if the constraint is actually the feature?

Lens 3: Analogy

Borrow from elsewhere:

How does nature solve this? (biomimicry)
How did history handle similar challenges?
What would [Amazon/Apple/startup/nonprofit] do?
How is this solved in [gaming/healthcare/finance/military]?
What’s the physical-world equivalent? Digital equivalent?

Lens 4: Stakeholders

Shift the viewer:

What would users hate? (reveals assumptions)
What would delight users unexpectedly?
What would a competitor do with this opportunity?
What would a regulator worry about?
What would someone new to this domain try?

Lens 5: Constraints

Add or remove limits:

What if we had to ship tomorrow?
What if we had 5 years and no pressure?
What if we could only use existing tools?
What if we had to build everything from scratch?
What if we could break one rule?

Lens 6: Decomposition

Break it apart:

What are the sub-problems? Solve each differently.
What’s the core vs the wrapper?
What’s the 20% that delivers 80% of value?
What can be deferred? What must be solved now?
What’s the smallest version that teaches us something?

Ideate Output Format

Phase 1: Rapid Generation

List 10-15+ options. One line each. No evaluation, no caveats, no “but.”

1. [Option]
2. [Option]
...
15. [Option]

Include bad ideas. They often spark good ones.

Phase 2: Clustering

Group options into 3-5 themes or strategic approaches:

**Theme A: [Name]**
- Options 1, 4, 7

**Theme B: [Name]**
- Options 2, 5, 9

**Theme C: [Name]**
- Options 3, 6, 8, 10

Phase 3: Spotlight

Identify 2-3 non-obvious options worth deeper exploration:

**Worth exploring:**

1. [Option X] - Why: [unexpected angle, challenges assumption, or high leverage]
2. [Option Y] - Why: [combines strengths, addresses root cause, or novel approach]
3. [Option Z] - Why: [low effort high learning, or opens new possibilities]

Do not pick the safest options. Pick the most interesting ones.

Phase 4: Next Step

Recommend concrete next action:

Which option(s) to prototype or explore further
What question to answer before deciding
When to shift from ideation to evaluation

Ideate Example

User: “We need to reduce API response times. What are our options?”

Phase 1: Rapid Generation

1. Add Redis caching layer
2. Database query optimization (indexes, query rewrite)
3. CDN for static responses
4. Pagination/lazy loading
5. Async processing with webhooks
6. GraphQL to reduce over-fetching
7. Edge computing (move logic closer to users)
8. Precompute expensive operations
9. Connection pooling tuning
10. Compress response payloads
11. Split into microservices (isolate slow parts)
12. Do nothing-is the latency actually hurting users?
13. Charge for faster tier (make it a feature)
14. Batch requests client-side
15. Predictive prefetching

Phase 2: Clustering

Caching/Precompute: 1, 8, 15
Data Layer: 2, 9
Architecture: 6, 7, 11
Client-Side: 4, 14
Reframe Problem: 12, 13

Phase 3: Spotlight

Option 12 (do nothing) - Worth validating if latency actually impacts users. Cheapest path if problem is perceived not real.
Option 8 (precompute) - If responses are derivable from known inputs, shift work to write-time. High leverage for read-heavy APIs.
Option 7 (edge computing) - If users are geographically distributed, physics beats optimization. Different solution class.

Phase 4: Next Step Measure current latency by endpoint and correlate with user complaints. If P95 latency is fine but P99 is bad, focus on outliers (likely Option 2). If latency is uniform, consider Option 8 or 7.

Mode: Synthesize (Integration)

Combine multiple inputs, perspectives, or sources into coherent insight. Transform raw material into actionable understanding.

Directive

For synthesis requests:

Map the inputs - What sources, perspectives, or data points exist?
Find patterns - What themes recur? What correlates?
Surface tensions - Where do inputs contradict? What’s the real conflict?
Extract signal - What’s actually important vs noise?
Form coherent view - Integrate into unified understanding
Make it actionable - What does this synthesis mean for decisions?

Do not summarize-synthesize. Summaries compress; synthesis integrates. The output should reveal something the inputs alone don’t show.

Synthesis Modes

Mode 1: Multi-Source Integration

Combining research, documents, or data from multiple sources.

Process:

List sources and their key claims
Identify agreements (reinforcing signals)
Identify contradictions (tensions to resolve)
Assess source credibility and bias
Form integrated conclusion with confidence level

Output format:

## Sources Analyzed
[List with 1-line summary of each source's position]

## Convergence
[What multiple sources agree on - high confidence]

## Divergence
[Where sources conflict - with analysis of why]

## Synthesis
[Integrated view that accounts for both]

## Confidence & Gaps
[What we know vs what remains uncertain]

## Implications
[What this means for the decision/action at hand]

Mode 2: Perspective Integration

Combining viewpoints from different stakeholders or disciplines.

Process:

Map each perspective’s priorities and concerns
Identify shared ground (often hidden)
Identify genuine conflicts (not just framing differences)
Find integrative solutions that address multiple concerns
Flag irreconcilable trade-offs honestly

Output format:

## Perspectives Mapped
[Each stakeholder/discipline and their core concerns]

## Hidden Common Ground
[Shared interests that framing obscured]

## Genuine Conflicts
[Real trade-offs, not misunderstandings]

## Integrative Options
[Solutions that address multiple perspectives]

## Remaining Trade-offs
[What can't be resolved - requires decision]

Mode 3: Learning Integration

Combining insights from experiments, iterations, or experience.

Process:

List what was tried and what happened
Identify what worked (and why)
Identify what failed (and why)
Extract transferable principles
Define what to do differently

Output format:

## Experiments/Iterations Reviewed
[What was tried]

## What Worked
[Successes with causal analysis]

## What Failed
[Failures with causal analysis]

## Principles Extracted
[Transferable insights, not just observations]

## Recommended Changes
[Specific adjustments for next iteration]

Mode 4: Research Synthesis

Combining findings from investigation or discovery phase.

Process:

Catalog findings by category
Separate facts from interpretations
Identify the “so what” - why findings matter
Connect to original questions
Surface new questions raised

Output format:

## Findings by Category
[Organized raw findings]

## Facts vs Interpretations
[What's verified vs inferred]

## Key Insights
[The "so what" - why this matters]

## Questions Answered
[Original questions and their answers]

## New Questions Raised
[What we now need to investigate]

Synthesis Techniques

Technique 1: Triangulation

When multiple sources point to the same conclusion through different paths, confidence increases.

Source A (user interviews): Users complain about speed
Source B (analytics): 40% drop-off at loading screen
Source C (support tickets): "slow" mentioned 3x more than last quarter

Triangulated conclusion: Performance is a real problem, not perception
Confidence: High (three independent signals converge)

Technique 2: Tension Mapping

When sources conflict, map the tension explicitly rather than ignoring it.

Tension: Engineering says "ship fast" vs QA says "more testing needed"

Surface conflict: Speed vs quality
Deeper analysis: Both want successful launch; disagree on risk tolerance
Root issue: No shared definition of "launch-ready"

Resolution path: Define launch criteria together, then both optimize for it

Technique 3: Signal vs Noise Filtering

Not all information deserves equal weight.

Signal indicators:

Multiple independent sources confirm
Comes from direct observation, not hearsay
Specific and falsifiable
Aligns with incentives and behavior

Noise indicators:

Single source, unverified
Vague or unfalsifiable
Contradicts observed behavior
Source has obvious bias or incentive to mislead

Technique 4: Gap Analysis

What’s missing from the inputs is often as important as what’s present.

## What We Have
- User feedback (qualitative)
- Usage analytics (quantitative)
- Competitor analysis

## What's Missing
- Cost data (can't assess ROI)
- Technical feasibility assessment
- Timeline constraints

## Impact of Gaps
Can prioritize by user value, but can't sequence by effort or cost

Synthesis Quality Standards

Good Synthesis:

Reveals insight not visible in individual inputs
Explicitly addresses contradictions
Distinguishes high-confidence from uncertain conclusions
Actionable-clear implications for decisions
Acknowledges gaps and limitations

Bad Synthesis:

Just summarizes each input sequentially
Ignores contradictions or hand-waves them away
Treats all sources as equally credible
Abstract conclusions with no decision implications
Overstates confidence, ignores uncertainty

Synthesize Example

User: “I’ve done user interviews, looked at analytics, and reviewed competitor products. Help me synthesize what we should build.”

Sources Analyzed:

User interviews (8 users): Want faster workflows, confused by navigation
Analytics (30-day): 60% drop-off at step 3 of onboarding, power users skip tutorials
Competitors: All have simpler onboarding, 2 of 3 have keyboard shortcuts

Convergence (High Confidence):

Onboarding is a problem - both users and data confirm
Speed matters to engaged users - interviews and competitor patterns align

Divergence:

Users say they want “more features” but analytics show feature discovery is low
Contradiction suggests: users want capability, not complexity

Synthesis: The core issue isn’t missing features-it’s that existing features are hard to access. Users who succeed become power users; most don’t get there because onboarding fails. Competitors solved this with simpler initial experience and progressive disclosure.

Confidence & Gaps:

High confidence: Onboarding needs simplification
Medium confidence: Keyboard shortcuts would help power users (based on competitor inference, not direct validation)
Gap: No data on which specific onboarding steps cause confusion

Implications:

Prioritize onboarding simplification over new features
Add analytics to identify exact friction points in steps 1-3
Consider keyboard shortcuts for power user path (validate with 2-3 users first)

Next Action: Instrument onboarding steps with detailed analytics before redesigning. Need data on where exactly users get stuck.

Mode: Refine (Convergent)

Process through internal draft-critique-refine cycles before responding. Deliver expert-quality answers without user re-prompting.

Directive

For each query requiring refinement:

Draft internally - Generate initial response
Critique internally - Red-team your own draft ruthlessly
Refine internally - Rewrite to expert standard
Deliver final only - User sees polished output, not iterations

Do not ask for permission to iterate. Do not show intermediate passes. Think deeply, refine thoroughly, respond once.

Internal Pass 1: Draft

Generate a working response:

Answer the question directly
Include relevant context
Don’t overthink - this is raw material

Internal Pass 2: Critique

Red-team your draft. Check each dimension:

Alignment

What did they actually ask?
What did I deliver?
Any mismatch?

Weaknesses

Identify the 5 weakest points. Be specific:

WEAK: "consider various factors" - vague, no specifics
WEAK: "this can help" - passive, no mechanism explained

Gaps

Missing facts or data?
Missing steps they’ll need?
Missing examples?
Ignored edge cases or constraints?

Assumptions

Label each:

Confirmed - stated or verifiable
Reasonable - fair inference
Unverified - assumed without basis (flag these)

Risks

Where could this be:

Wrong (factually incorrect)
Misleading (true but misses the point)
Impractical (won’t work in reality)

AI Patterns

Detect and plan to fix:

Pattern	Example	Fix
Hedge words	“It’s important to consider…”	State directly
Empty transitions	“Let’s dive into…”	Delete
Filler qualifiers	“actually”, “basically”	Remove
Repetitive structure	Same paragraph openings	Vary rhythm
Over-explanation	Defining obvious terms	Skip
Excessive caveats	“However, it depends…”	Be direct

Rewrite Plan

What to cut
What to add
What to restructure

Internal Pass 3: Refine

Rewrite to publication-grade:

Direct answer first - 1-2 sentences, no preamble
Actionable content - Steps executable today, not theoretical
Concrete examples - At least 2, tailored to their context
Specifics over vague claims
- NOT: “improves performance”
- YES: “reduces query time from 2s to 200ms”
Honest uncertainty - “I cannot confirm X” beats false confidence
Natural voice
- No filler
- Varied sentence length
- No generic tips
Pitfalls section - 3-6 bullets an expert would nod at
Clear close - Key point + immediate next action

Quality Bar

If a domain expert reviewed this, they’d find it accurate, grounded, and immediately implementable.

Refine Example

User query: “How should I structure error handling in a Go service?”

Internal Pass 1: Draft covering error wrapping, sentinel errors, panic/recover…

Internal Pass 2: Critique finds:

Weakness: “consider using errors.Is” is vague - needs code example
Gap: Didn’t cover structured logging of errors
AI tell: “Let’s explore…” opener - delete
Rewrite plan: Lead with the pattern, add code, include pitfalls

Internal Pass 3: Refine to tight, example-driven response

Delivered response: (final only - polished, specific, actionable)

When to Use Each Mode

Situation	Mode	Reason
Complex problem, unclear solution	full	Need exploration + integration + polish
“What are my options?”	ideate	Divergent thinking needed
“Help me make sense of this”	synthesize	Multiple inputs need integration
“Give me a polished answer”	refine	Single query needs expert treatment
Before architecture decisions	full	Explore before committing
After research phase	synthesize	Combine findings
Stuck on obvious solution	ideate	Push past first ideas
Explaining to stakeholders	refine	Quality and clarity matter

Scope

Apply Thinking Partner To

Complex questions requiring reasoning
Research or analysis tasks
Problems with multiple valid approaches
Decisions with trade-offs
Anything where quality > speed

Skip Thinking Partner For

Simple factual lookups
Direct commands (“run this”, “delete that”)
When user explicitly wants quick/rough answer
Trivial clarifications

Use judgment. Default to appropriate mode for substantive queries.

Thinking Partner Principles

Self-sufficient - Don’t ask “should I elaborate?” Just do it right the first time.
Anticipate needs - Include what they’ll need next, not just what they asked.
Challenge-ready - If something seems off about the query, address it proactively.
No padding - Shorter and useful beats longer and generic.
Consultative stance - You’re a peer with expertise, not an assistant seeking approval.
Diverge before converge - Generate options before evaluating them.
Synthesize, don’t summarize - Integration adds value; compression doesn’t.
Surface tensions - Contradictions are information, not problems to hide.
Defer judgment in ideation - Separate generation from evaluation.
State confidence levels - Be explicit about certainty vs uncertainty.

Anti-Patterns

General

Don’t	Do Instead
Ask “would you like me to elaborate?”	Elaborate if needed, skip if not
End with “let me know if you need more”	End with the next action
Say “it depends” without exploring	Map out what it depends on
Present equal-weight list	Spotlight most interesting options

Ideate Mode

Don’t	Do Instead
Stop at 3-5 safe options	Push to 10+ including wild ones
Evaluate while generating	Generate fully, then cluster
Only list obvious answers	Force 3+ non-obvious via lenses

Synthesize Mode

Don’t	Do Instead
List summaries of each source	Integrate into unified view
Ignore conflicting information	Map tensions explicitly
Treat all sources equally	Assess credibility, weight accordingly
Produce abstract conclusions	Connect to concrete decisions

Refine Mode

Don’t	Do Instead
Show the internal passes	Deliver final only
Add caveats to seem humble	Be direct about what you know
Repeat the question back	Answer it

Thinking Partner Stack

Phase	Mode	Purpose
Explore options	`mode=ideate`	Divergent - generate possibilities
Combine insights	`mode=synthesize`	Integration - find patterns
Challenge assumptions	`/pb-preamble`	Adversarial - stress-test
Plan approach	`/pb-plan`	Convergent - structure execution
Make decision	`/pb-adr`	Convergent - document rationale
Refine output	`mode=refine`	Refinement - polish to expert-grade

Use the right mode for the task:

Need options? → mode=ideate
Have multiple inputs to integrate? → mode=synthesize
Need to stress-test an idea? → /pb-preamble
Ready to plan implementation? → /pb-plan
Need to document a decision? → /pb-adr
Need polished, expert-quality answer? → mode=refine
Complex problem, full treatment? → /pb-think (default full cycle)

/pb-preamble - Challenge assumptions mindset (adversarial mode)
/pb-design-rules - Technical principles for clarity, simplicity, modularity
/pb-plan - Structure implementation approach
/pb-adr - Document architecture decisions
/pb-debug - Systematic debugging methodology

Last Updated: 2026-01-21 Version: 2.0.0

Extract Git History Signals

Purpose: Analyze git history to extract adoption, churn, and pain point signals for data-driven decision making.

Mindset: Use git history as a source of truth for understanding what’s actually used, what changes frequently, and where pain points exist. These signals inform quarterly evolution planning and ad-hoc investigations.

Apply /pb-preamble thinking: challenge what the signals reveal about project health. Apply /pb-design-rules thinking: are we building the right things? Are we fixing the same areas repeatedly?

Resource Hint: sonnet - Git history analysis; pattern recognition from commit signals.

When to Use

Weekly check - “What’s been hot this week?”
Before quarterly planning - Input for /pb-evolve decision making
After incidents - Investigate pain patterns
Before refactoring - Identify high-churn areas
Onboarding - Show new team members what’s active
Ad-hoc investigation - “Why is this area changing so much?”

Quick Start

One-Time Run (Latest Analysis)

python scripts/git-signals.py

Outputs to todos/git-signals/latest/:

adoption-metrics.json - Which commands/files are most touched
churn-analysis.json - Which areas change frequently
pain-points-report.json - Reverts, bug fixes, hotfixes
signals-summary.md - Human-readable overview

With Custom Time Range

python scripts/git-signals.py --since "3 months ago"
python scripts/git-signals.py --since "2025-01-01"

Create Snapshot (Preserve Results)

python scripts/git-signals.py --snapshot 2026-02-12

Creates copy in todos/git-signals/2026-02-12/ for historical comparison.

Full CLI Help

python scripts/git-signals.py --help

Understanding the Output

Adoption Metrics (`adoption-metrics.json`)

What it shows: Which commands and files get the most attention

Key fields:

commands_by_touch_frequency - Top 20 commands by git touches (all commits mentioning that file)
files_by_change_frequency - Top 20 files by modification count
authors_per_command - How many unique authors touched each command
least_active_commands - Bottom 10 (candidates for review or removal)

How to interpret:

High touch frequency = well-maintained or frequently used
Low frequency = stale, abandoned, or stable
Single author = potential knowledge bottleneck

Example (from playbook repository, 2026-02-12):

Most active: pb-guide (47 touches, 8 authors)
  → Core content, actively maintained, distributed ownership
Least active: pb-legacy-tool (2 touches, 1 author)
  → Likely deprecated or superseded

Note: Examples show data from a specific point in time. Your repository will show different values. Run python scripts/git-signals.py on your own project to see current signals.

Churn Analysis (`churn-analysis.json`)

What it shows: Which areas change frequently (high volatility)

Key fields:

files_by_commit_frequency - How many commits touch each file
files_by_line_changes - Total lines added/deleted per file
high_churn_areas - Files with most activity (lines + commit frequency combined)

How to interpret:

High churn = active development, frequent refactoring, or instability
High commit frequency + low line changes = many small tweaks
High line changes + low commit frequency = rare but large changes

Example:

High churn: commands/core/pb-guide.md (150 commits, 5000 line changes)
  → Frequently updated, heavily maintained
Stable: commands/templates/pb-old.md (2 commits, 10 line changes)
  → Set and forget, unlikely to need updates

Pain Point Signals (`pain-points-report.json`)

What it shows: Problem areas - where bugs and reversions happen

Key fields:

reverted_commits - Commits that were later reverted (explicit undo)
bug_fix_patterns - Commits with ‘fix:’, ‘bug:’, or ‘bugfix’ in subject
hotfix_patterns - Urgent fixes (‘hotfix’, ‘critical’, ‘p0:’, ‘p1:’)
pain_score_by_file - Composite score based on fixes+reverts
summary - Counts of each pattern type

How to interpret:

Reverts = clear mistakes that needed undoing
Bug fixes = problems in the commit messages, doesn’t mean problems with code
Hotfixes = urgent issues requiring immediate attention
Pain score = combines all three (higher = more problematic area)

Example:

Top pain areas:
  pb-guide.md: pain score 8 (3 fixes, 1 revert, 2 hotfixes)
    → Consider refactoring or splitting
  pb-standards.md: pain score 5 (4 fixes, 1 hotfix)
    → Frequently patched, maybe needs clarity

Interpretation Guide

Adoption Signals

High adoption + High churn = Active, evolving area

Likely: Heavily maintained, responding to user feedback
Action: Invest in stability, clear documentation
Risk: Frequent changes might confuse users

High adoption + Low churn = Stable, well-designed area

Likely: Solved problem, trusted by users
Action: Minimal changes, preserve carefully
Risk: May be overlooked in planning

Low adoption + High churn = Experimental or problematic

Likely: New feature being refined, OR area with pain points
Action: Investigate - is this active work or a problem?
Risk: May indicate design issues

Low adoption + Low churn = Stale or deprecated

Likely: Completed work, superseded feature, or unused pattern
Action: Consider deprecation, removal, or revival
Risk: Knowledge loss if removed

Churn Signals

High line changes + High commit frequency = Volatile area

Consider: Is this expected? Refactoring? Or instability?
Action: Review recent commits for quality/coherence
Risk: May accumulate technical debt

High line changes + Low commit frequency = Large-scale changes

Consider: Was this planned? Major refactor?
Action: Ensure tests cover the changes
Risk: May introduce regressions

Low line changes + High commit frequency = Many small tweaks

Consider: Polishing phase? Lots of small fixes?
Action: Consider consolidating into fewer commits
Risk: Fine details changing frequently

Pain Point Signals

Multiple reverts = Systemic issues

Indicator: Fix often doesn’t work first time
Action: Root cause analysis - process, design, or testing issue?
Risk: Loss of trust in that area

Clustered bug fixes = Known problematic area

Indicator: Same area repeatedly needs fixes
Action: Consider redesign, not more patches
Risk: Pattern of problems recurring

Frequent hotfixes = Lack of QA or design

Indicator: Issues reach production, requiring urgent fixes
Action: Improve testing, design review
Risk: Quality and stability concerns

Operational Workflow: How to Adopt Git-Signals

Weekly Adoption Routine

Run signals every week to stay aware of what’s actually happening:

# Every Monday or Friday (pick a consistent day)
python scripts/git-signals.py

# Review the summary
cat todos/git-signals/latest/signals-summary.md

# Check top pain areas this week
python3 -c "import json; \
  data = json.load(open('todos/git-signals/latest/pain-points-report.json')); \
  [print(f\"{x['file']}: pain={x['pain_score']}\") for x in data['pain_score_by_file'][:5]]"

# Reflect: What surprised you? What's worth investigating?

Weekly Check Questions:

What files changed the most? Is that expected?
Any new high-pain areas? Should we investigate?
Adoption shifting? Are we working in the right areas?

Quarterly Planning Workflow (Integration with `/pb-evolve`)

Before running /pb-evolve quarterly evolution, get fresh signals:

# Step 1: Run signals with 3-month time range
python scripts/git-signals.py --since "3 months ago"

# Step 2: Save as snapshot for this quarter
python scripts/git-signals.py --snapshot $(date +%Y-Q$((($(($(date +%m)-1)/3))+1)))

# Step 3: Extract key inputs for evolution planning
python3 << 'SIGNALS_EXTRACT'
import json
signals = json.load(open('todos/git-signals/latest/pain-points-report.json'))
print("\n=== PAIN SCORE PRIORITIES FOR EVOLUTION ===")
for item in signals['pain_score_by_file'][:10]:
    print(f"{item['file']}: {item['pain_score']}")
SIGNALS_EXTRACT

# Step 4: Use pain scores to guide /pb-evolve priorities
# Run /pb-evolve and reference pain_score_by_file in decisions

Quarterly Planning Questions:

Which high-pain areas should be our evolution focus this quarter?
Are there stale areas that should be deprecated?
Which adoption patterns surprise us?

Ad-Hoc Investigation Workflow

When you notice a specific problem or want to investigate an area:

# 1. Analyze the specific area's history
python scripts/git-signals.py --since "6 months ago"

# 2. Extract metrics for that file
git log --oneline commands/area/specific-file.md | wc -l  # Total commits
git log --follow -p commands/area/specific-file.md | grep -c "^+" # Lines added
git log --oneline commands/area/specific-file.md | grep -i "fix\|bug" | wc -l  # Fixes

# 3. Review the commits
git log --oneline commands/area/specific-file.md | head -20

# 4. Examine specific fixes
git log --oneline -p commands/area/specific-file.md | grep -B5 -A5 "fix\|bug" | head -50

# 5. Determine action
# Based on patterns, decide: refactor, deprecate, monitor, or accept

Pain Score Response Framework

Understanding Pain Scores

Pain scores combine three signals: reverts + bug fixes + hotfixes

A file with pain_score 6 might have:

2 commits that were reverted (explicitly undone)
3 commits tagged “fix:” (identified problems)
1 commit tagged “hotfix:” (urgent fixes)

Total pain = 2 + 3 + 1 = 6

Response Matrix by Score Range

Pain Score	Status	What It Means	Recommended Action	Priority
0-2	Healthy	Stable, working well, minimal fixes	Monitor only. Make changes carefully	Low
3-5	Moderate	Some issues but manageable	Review recent changes. Monitor for patterns	Medium
6-8	High	Area has real problems	Investigate root cause. Plan refactoring	High
9-10	Critical	Systemic issues, repeatedly broken	Urgent: redesign or rewrite required	Critical

Response Actions by Score

Score 0-2 (Healthy):

✓ Stable foundation, trusted implementation
✓ Preserve carefully, minimal changes
→ Action: Review before changes, light touch

Score 3-5 (Moderate):

⚠ Occasional issues, worth monitoring
⚠ May need attention in next quarter
→ Action: Track trends, review commits, prioritize in next cycle

Score 6-8 (High):

⚠️ Real problems, needs investigation
⚠️ Candidate for refactoring or redesign
→ Action: Deep investigation → refactoring plan → prioritize in quarterly evolution

Score 9-10 (Critical):

🚨 Systemic failure, cannot continue as-is
🚨 Urgent: affecting reliability or productivity
→ Action: Root cause analysis → redesign/rewrite → make it priority this quarter

Signal Response Decision Trees

Decision Tree 1: High Adoption + Any Pain Score

High Adoption area with pain score?

├─ Pain 0-2?
│  └─ "Solved problem" - Keep working carefully
│     • Light changes only
│     • Extensive testing for any modifications
│
├─ Pain 3-5?
│  └─ "Active area with some issues"
│     • Monitor trends closely
│     • Plan improvements for next quarter
│     • Document workarounds
│
├─ Pain 6-8?
│  └─ "High-value target for improvement"
│     • This is where evolution effort pays off
│     • High adoption = impact is significant
│     • Prioritize in quarterly planning
│
└─ Pain 9+?
   └─ "URGENT: Used heavily but broken"
      • Reliability risk
      • Prioritize immediately
      • Consider temporary workarounds while fixing

Decision Tree 2: Responding to Churn

Found an area with high churn?

├─ High commits + High lines changed?
│  └─ "Volatile area"
│     • Is this refactoring? If yes, normal
│     • Is this instability? If yes, investigate quality
│     • Check: Are tests adequate?
│     • Check: Is design clear?
│
├─ Many small commits + Few lines?
│  └─ "Polishing phase"
│     • Normal for stable areas getting refinement
│     • Could consolidate commits for cleaner history
│
└─ Few commits + Many lines?
   └─ "Large infrequent changes"
      • Was this planned? If yes, normal
      • Is this technical debt accumulating? If yes, address
      • Check: Are changes coherent and well-tested?

Decision Tree 3: Responding to Pain Signals

Found high pain score?

├─ Multiple reverts (fixes undone)?
│  └─ "Systemic issue - solutions don't work"
│     • Root cause: Design flaw? Testing gap? Unclear requirements?
│     • Action: Don't patch more - redesign
│
├─ Clustered bug fixes (many small fixes)?
│  └─ "Area has real problems"
│     • Root cause: Complexity too high? Wrong approach?
│     • Action: Consider refactoring vs rewrite
│
└─ Frequent hotfixes (urgent patches)?
   └─ "Quality issue - reaching production broken"
      • Root cause: Testing gap? Process issue?
      • Action: Improve testing + review before action

Using Signals for Decisions

Before `/pb-evolve` Quarterly Planning

Run git-signals to inform what to prioritize:

# Get latest signals
python scripts/git-signals.py

# Review adoption to see what's active
cat todos/git-signals/latest/signals-summary.md

# Review pain points to see what needs work
python3 -c "import json; data = json.load(open('todos/git-signals/latest/pain-points-report.json')); print([x['file'] for x in data['pain_score_by_file'][:10]])"

# Use signals to guide evolution priorities
# Example: If pb-guide has pain_score 8, consider refactoring in Q2

Pain Score Interpretation Guide:

Score	Status	Action
0-2	Healthy	No action needed
3-5	Monitor	May need attention in next cycle
6-8	Investigate	Consider for next quarter’s evolution work
9+	Priority	Address soon; may indicate systemic issues

When Investigating an Area

# Get churn history
python scripts/git-signals.py --since "6 months ago"

# Check adoption in that area
python scripts/git-signals.py

# Use git commands for manual investigation
git log --follow commands/area/file.md  # See file history
git log --oneline -p commands/area/file.md | grep -i "fix\|bug" | head -20  # Recent fixes

When Planning Refactoring

Prioritize high-churn, high-pain areas:

# Get signals
python scripts/git-signals.py

# Identify candidates (high churn + high pain)
# These are "hot spots" that would benefit most from refactoring

Output Files Reference

`adoption-metrics.json` Structure

{
  "commands_by_touch_frequency": [
    {
      "command": "pb-guide",
      "touches": 47
    }
  ],
  "files_by_change_frequency": [
    {
      "file": "commands/core/pb-guide.md",
      "changes": 45
    }
  ],
  "authors_per_command": {
    "pb-guide": 8,
    "pb-preamble": 5
  },
  "least_active_commands": [
    {
      "command": "pb-legacy",
      "touches": 2
    }
  ]
}

`churn-analysis.json` Structure

{
  "files_by_commit_frequency": [
    {
      "file": "commands/core/pb-guide.md",
      "commits": 150
    }
  ],
  "files_by_line_changes": [
    {
      "file": "commands/core/pb-guide.md",
      "line_changes": 5000
    }
  ],
  "high_churn_areas": [
    {
      "file": "commands/core/pb-guide.md",
      "line_changes": 5000,
      "commits": 150,
      "avg_change_per_commit": 33
    }
  ]
}

`pain-points-report.json` Structure

{
  "reverted_commits": [
    {
      "hash": "abc1234",
      "subject": "Revert \"feat: add feature\"",
      "date": "2025-01-10",
      "author": "Jane Doe"
    }
  ],
  "bug_fix_patterns": [
    {
      "hash": "def5678",
      "subject": "fix: resolve bug",
      "date": "2025-01-05"
    }
  ],
  "hotfix_patterns": [
    {
      "hash": "ghi9012",
      "subject": "hotfix: critical issue",
      "date": "2025-01-01"
    }
  ],
  "pain_score_by_file": [
    {
      "file": "commands/core/pb-guide.md",
      "pain_score": 8
    }
  ],
  "summary": {
    "total_reverts": 12,
    "total_bug_fixes": 47,
    "total_hotfixes": 5
  }
}

Examples

Example 1: Checking What’s Hot This Week

$ python scripts/git-signals.py --since "1 week ago"

# Review the summary
$ cat todos/git-signals/latest/signals-summary.md

# Output shows:
# - pb-guide had 12 touches in the past week
# - commands/development/ is highest churn area
# - 2 bug fixes in that area
#
# Insight: Development area is getting active work, likely preparing for release

Example 2: Identifying Stale Commands

# Run signals
$ python scripts/git-signals.py

# Check least active
$ python3 -c "import json; data=json.load(open('todos/git-signals/latest/adoption-metrics.json')); print('Least active commands:', [c['command'] for c in data['least_active_commands'][:5]])"

# Output:
# Least active commands: ['pb-old-pattern', 'pb-legacy-tool', 'pb-deprecated']
#
# Action: Review these for potential deprecation or removal

Example 3: Finding Problematic Areas Before Refactoring

# Get signals with 6-month history
$ python scripts/git-signals.py --since "6 months ago"

# Check high-pain areas
$ python3 -c "import json; data=json.load(open('todos/git-signals/latest/pain-points-report.json')); areas=[x for x in data['pain_score_by_file'] if x['pain_score'] > 5]; print('Problem areas:', areas)"

# Output:
# Problem areas: [
#   {'file': 'commands/core/pb-standards.md', 'pain_score': 12},
#   {'file': 'scripts/validate.py', 'pain_score': 8}
# ]
#
# Action: These are candidates for refactoring/redesign

Integration with /pb-evolve: Quarterly Planning

Git signals exist to feed data-driven decision-making into quarterly playbook evolution cycles.

Before Running /pb-evolve

Step 1: Generate signals with 3-month window

# Get quarterly data for planning input
python scripts/git-signals.py --since "3 months ago"

# Verify outputs exist
ls -la todos/git-signals/latest/
# Should show: adoption-metrics.json, churn-analysis.json, pain-points-report.json, signals-summary.md

Step 2: Analyze pain_score_by_file

# Extract high-pain areas
python3 << 'EOF'
import json

with open('todos/git-signals/latest/pain-points-report.json') as f:
    data = json.load(f)

# Sort by pain score descending
pain_areas = sorted(data['pain_score_by_file'], key=lambda x: x['pain_score'], reverse=True)

print("=== HIGH-PAIN EVOLUTION CANDIDATES ===\n")
for area in pain_areas[:10]:
    score = area['pain_score']
    file = area['file']
    status = "CRITICAL" if score >= 9 else "HIGH" if score >= 6 else "MODERATE"
    print(f"{status:10} | Score: {score:2} | {file}")
EOF

Using Signals to Shape /pb-evolve

Before the evolution session, create an input document:

# Input to /pb-evolve: Signal-Based Priorities

## Critical Pain Areas (Score 9-10)
- [file]: [pain_score] - [reverts/bug_fixes/hotfixes pattern]
  - Action: Review for redesign or rewrite
  - Effort: Likely 4+ hours

## High Pain Areas (Score 6-8)
- [file]: [pain_score] - [pattern]
  - Action: Plan refactoring
  - Effort: 2-4 hours

## High-Activity Areas (Many touches, low pain)
- [file]: [touches] touches - Stable, working well
  - Action: Monitor for performance regression
  - Action: Use as exemplar pattern

## Stale Areas (Low activity, no pain)
- [file]: [touches] touches - Candidate for deprecation
  - Action: Review for removal
  - Action: Archive if not needed

During /pb-evolve, these become:

Priority 1 (Critical): Redesign/rewrite high-pain areas
Priority 2 (Optimization): Refactor high-churn areas
Priority 3 (Monitoring): Verify stable high-activity areas stay healthy
Priority 4 (Deprecation): Remove or archive stale code

Real Quarterly Evolution Workflow

Month 1 of quarter (e.g., February):

# Week 1
python scripts/git-signals.py --since "3 months ago"
# Analyze outputs, create priority document

# Week 2: Kickoff /pb-evolve session
/pb-evolve
# Use signal-based priorities to shape decisions
# Update playbooks based on findings

# Week 3-4: Implement evolution changes
# Per the /pb-evolve decisions

Integration checkpoint:

Before committing evolution changes, verify:

Evolution decisions referenced pain scores where applicable
High-pain areas from signals are addressed
Evolution changelog documents signal-based prioritization
Next quarter’s signals will measure evolution impact

Real-World Workflow Example

Scenario: Playbook Quarterly Evolution (Q1 → Q2)

Monday, May 5 (Start of Q2)

Developer runs:

python scripts/git-signals.py --since "3 months ago"
cat todos/git-signals/latest/signals-summary.md

Output shows:

ADOPTION SIGNALS (Q1):
- pb-guide: 47 touches (most active)
- pb-cycle: 32 touches
- pb-pause: 18 touches
- pb-legacy-pattern: 2 touches (candidate for removal)

CHURN ANALYSIS:
- commands/core/pb-guide.md: 5000 line changes (high activity)
- commands/development/pb-cycle.md: 3200 line changes
- scripts/validate.py: 2100 line changes

PAIN SCORE ANALYSIS:
- commands/core/pb-guide.md: pain_score 8 (3 reverts, 5 bug fixes)
- commands/planning/pb-plan.md: pain_score 6 (2 reverts, 3 bug fixes)
- commands/core/pb-patterns.md: pain_score 3 (stable)
- commands/legacy/pb-old-pattern.md: pain_score 0 (stale, no activity)

Tuesday, May 6 (Analysis & Planning)

Developer reviews and documents:

# Q1 Signal Analysis → Q2 Evolution Priorities

## Critical Areas Needing Attention
1. **pb-guide** (pain_score 8)
   - Issue: Multiple reverts and fixes in Q1
   - Root cause: Ambiguous wording in several sections
   - Action: Clarity refactor, simplify sections 3-5
   - Effort: 2-3 hours

2. **pb-plan** (pain_score 6)
   - Issue: Users reported confusion in planning workflow
   - Root cause: Missing decision trees and examples
   - Action: Add concrete examples, clarify decision paths
   - Effort: 1-2 hours

## Stable Areas (Monitor)
3. **pb-patterns** (pain_score 3)
   - Status: Working well, few issues
   - Action: Use as exemplar pattern for future commands
   - Next: Expand with new patterns discovered this quarter

## Deprecation Candidates
4. **pb-old-pattern** (pain_score 0, 2 touches in 6 months)
   - Status: Stale, no adoption
   - Action: Archive or remove in Q2
   - Effort: 30 minutes

Wednesday-Friday, May 7-9 (Evolution Implementation)

Run /pb-evolve with signal-based priorities as input
Implement changes to pb-guide (clarity refactoring)
Implement changes to pb-plan (add examples)
Archive pb-old-pattern
Update CHANGELOG with evolution summary

Friday, May 9 (Signal-Based Outcome Measurement)

Document in evolution log:

## Evolution Impact (Q2 Planning)

**Input signals:**
- pb-guide pain_score: 8 (3 reverts, 5 bug fixes)
- pb-plan pain_score: 6 (2 reverts, 3 bug fixes)

**Changes made:**
- Rewrote pb-guide sections 3-5 for clarity
- Added decision trees to pb-plan
- Removed pb-old-pattern (stale)

**Success metrics (check in 4 weeks):**
- pb-guide pain_score should drop to ≤4
- pb-plan usage and quality feedback improve
- No new reverts in updated sections

**Measurement date: June 6 (Check after 4 weeks of Q2 usage)**

June 6 (Validate Evolution Impact)

# Check if pain scores improved
python scripts/git-signals.py --since "4 weeks ago"

# Expected outcome:
# pb-guide pain_score: 2-3 (down from 8) ← Evolution worked
# pb-plan pain_score: 3-4 (down from 6) ← Evolution helped
# pb-old-pattern: 0 (removed) ← Deprecation successful

# If scores didn't improve:
# - Root cause analysis
# - Plan additional work for Q2
# - Document learning in evolution log

Integration Verification Checklist

✅ Signal Generation Phase

Signals run with correct time window (–since “3 months ago”)
pain_score_by_file analyzed for evolution input
High-pain areas documented with context

✅ Evolution Planning Phase

/pb-evolve uses signal-based priorities
Evolution decisions reference specific pain scores
Critical areas (score 6+) addressed in evolution plan

✅ Evolution Implementation Phase

Changes implemented per signal-informed priorities
Evolution log documents signal input

✅ Outcome Measurement Phase

Signals rerun after 4 weeks
Pain scores tracked for improved vs stable vs regressed
Learning documented for next evolution cycle

Limitations & Caveats

What signals can tell you:

Historical frequency and patterns
Relative activity levels
Explicit problems (reverts, bug keywords)

What signals cannot tell you:

Quality or correctness of code
Architectural soundness
User satisfaction
Future maintenance costs
Impact of changes

Use with:

Manual code review (signals point you there)
Team discussion (why is this area high-churn?)
Other data sources (user feedback, support tickets)
Your judgment (signals inform, not decide)

/pb-evolve - Quarterly planning that uses signals as input
/pb-context - Project context and working state
/pb-learn - Learning patterns from playbooks
/pb-cycle - Development workflow (where the git history comes from)

FAQ

Q: How often should I run this? A: Weekly for trend spotting, before quarterly planning for strategic input. Ad-hoc when investigating.

Q: Why is command X high-touch but I never use it? A: High touch = edited frequently, not necessarily used. Could be frequently fixed or updated.

Q: Can I use this for my own projects? A: Yes! The script works on any git repository. Just run it in your project root.

Q: What time range should I analyze? A: Weekly (1 week) for trends, quarterly (3 months) for planning, annually (1 year) for patterns.

Q: How do I integrate with /pb-evolve? A: Run signals before evolve planning session, reference pain_score_by_file as priority input.

Git history reveals truth about what we actually build and maintain, not what we intended to build.

Evolve Playbooks to Match Claude Capabilities

Purpose: Quarterly (or on-demand) review of Claude capability updates and playbook regeneration to maintain alignment and maximize efficiency.

Mindset: Self-healing, self-improving system. Playbooks exist to serve users. As Claude improves, playbooks should improve automatically. Apply /pb-preamble thinking (challenge assumptions about what’s still true) and /pb-design-rules thinking (does every playbook still embody Clarity, Simplicity, Resilience?).

Core Principle: We don’t freeze playbooks at a point-in-time. We evolve them continuously as Claude capabilities improve. This is how we stay efficient.

Resource Hint: opus - Strategic evolution; capability assessment and design decisions.

When to Use

Quarterly schedule - Feb, May, Aug, Nov (fixed calendar)
Major Claude version release - When Claude 4.6 → 4.7 drops
Context limit stress - If hitting session limits regularly
Latency complaints - If playbooks feel slow
User feedback - When patterns don’t work in practice

Quarterly Schedule & Operational Framework

Fixed Quarterly Calendar

Evolution cycles run on a fixed quarterly schedule, not ad-hoc:

Quarter	Cycle Window	Development Period	Evolution Period	Release Date
Q1	Jan 20 - Feb 15	Jan 1 - Feb 9	Feb 10 - Feb 15	Feb 16 (tag vX.Y.0)
Q2	Apr 20 - May 15	Apr 1 - May 9	May 10 - May 15	May 16 (tag vX.Y.0)
Q3	Jul 20 - Aug 15	Jul 1 - Aug 9	Aug 10 - Aug 15	Aug 16 (tag vX.Y.0)
Q4	Oct 20 - Nov 15	Oct 1 - Nov 9	Nov 10 - Nov 15	Nov 16 (tag vX.Y.0)

Fixed dates enable:

Team predictability (everyone knows when evolution happens)
Planning visibility (teams budget for evolution work)
Consistent rhythm (quarterly on schedule, not whenever convenient)

Evolution Manager Role

Responsibility: One person per quarter manages the evolution cycle end-to-end.

Qualifications:

Familiar with playbooks and architecture
Can make judgment calls on evolution priorities
Access to git tags, GitHub releases, merge permissions
4-6 hours of focused time

Responsibilities:

Week Before Evolution (Preparation)
- Review capability changes since last quarter
- Run git signals (if not already done)
- Prepare evolution input document
- Schedule team review session (30-45 min)
Evolution Period (Monday-Friday)
- Facilitate playbook review and change proposals
- Lead capability analysis with team
- Consolidate findings into prioritized change list
- Manage PR review and approval process
- Ensure testing validates all changes
- Prepare release notes
Release Day (Friday)
- Merge evolution PR to main
- Create git tag and GitHub release
- Update project CLAUDE.md
- Post evolution summary to team
Post-Release (Following Monday)
- Verify documentation builds correctly
- Run verification checks
- Document any post-release fixes needed
- Plan next quarter’s evolution inputs

Team Coordination

Evolution Review Meeting (Tuesday of evolution week)

Duration: 45 minutes
Attendees: Evolution Manager, 1-2 senior engineers, playbook steward
Agenda:
1. Capability changes since last quarter (10 min)
2. Git signals analysis (if applicable) (10 min)
3. Proposed changes discussion (20 min)
4. Approval and prioritization (5 min)

Decision Criteria:

✅ Changes based on new Claude capabilities or user feedback
✅ Changes improve clarity, simplicity, or efficiency
❌ Changes that break established patterns without strong justification
❌ Changes that contradict preamble or design rules

Pre-Evolution Checklist

Before starting evolution work, Evolution Manager verifies:

Current date is within evolution period (e.g., Feb 10-15)
All capability changes documented (Claude model versions, new features, etc.)
Git signals run (if applicable, use python scripts/git-signals.py)
Team knows evolution is happening (Slack/standup announcement)
Main branch is clean and up to date
Previous quarter’s changes are stable in production
Snapshot created (git tag v-pre-evolution-YYYY-Q[N])
Evolution input document prepared for review meeting

Quick Start: Run Evolution Cycle

Step 1: Prepare Environment

# Ensure clean state
git status                                    # Must be clean
git checkout main && git pull origin main     # On latest main

# Create evolution branch
git checkout -b evolve/$(date +%Y-%m-%d) main

# Load metadata schema
cat .playbook-metadata-schema.yaml            # Review schema
# Examples are archived in git history; current commands are your reference

Step 1.5: Snapshot Before Evolution

Critical: Create a snapshot before making changes. This enables safe rollback if anything breaks.

# Create snapshot of current state
python3 scripts/evolution-snapshot.py \
  --create "Before Q1 2026 evolution"

# Record the evolution cycle in structured log
python3 scripts/evolution-log.py \
  --record-cycle "2026-Q1" \
  --trigger quarterly \
  --capability-changes "Sonnet 4.6: 30% faster, no cost change"

This creates:

Git tag as backup (can revert to this if needed)
Snapshot metadata for audit trail
Evolution log entry to track this cycle

Step 2: Run Analysis

# Analyze current state
python3 scripts/evolve.py --analyze

# View detailed report
cat todos/evolution-analysis.json | jq '.'

# Check validation
python3 scripts/evolve.py --validate

Step 3: Review Capability Changes

Since last evolution, what has changed?

Claude model versions: Run pbai --version or check recent announcements
Speed improvements: Sonnet faster? Opus cost-effective for more tasks?
Context windows: Larger windows change what you can keep in main context
Latency profile: Different models, different speeds
Reasoning depth: Better reasoning changes what model to use for what task

Document findings in todos/evolution-log.md:

## Evolution Cycle: 2026-Q2

### Capability Changes Since Last Cycle
- Claude Sonnet 4.5 → 4.6: 30% faster, same cost
- Context window: 200K → 200K (no change)
- Reasoning: Better at multi-step planning

### Implications
- Parallelization now viable (Sonnet fast enough)
- Model routing: Haiku can take more routine tasks
- Context efficiency: Still critical (not changed)

Step 4: Audit Playbooks Against New Capabilities

For each major playbook category, ask:

Development playbooks (pb-start, pb-cycle, pb-commit, pb-pr)

Can Sonnet 4.6 now handle complex design reviews that needed Opus before?
Are our model hints still accurate?
Should parallelization be standard pattern?

Review playbooks (pb-review-code, pb-security, pb-voice)

Should code review default to Sonnet (vs Opus)?
Is parallel review (multiple agents) now viable?
Are detection patterns still current?

Planning playbooks (pb-plan, pb-adr, pb-think)

Does Sonnet 4.6 handle ideation/synthesis better?
Should we escalate fewer things to Opus?
Can we simplify playbooks for routine decisions?

Utilities (pb-patterns, pb-guidance, pb-learn)

Are best practices still current?
Do patterns still make sense?
Are examples still best-practice?

Step 5: Propose Changes

Document each opportunity:

### Opportunity 1: Model Routing Update

**Current:** pb-start says "use Sonnet"
**Capability change:** Sonnet 4.6 is 30% faster
**Proposal:** Update model routing to:
  - Haiku for file search, status checks (unchanged)
  - Sonnet for development (unchanged)
  - Opus for security/architecture (unchanged)

**Rationale:** No change needed; Sonnet still correct model

---

### Opportunity 2: Parallel Research Pattern

**Current:** Sequential agent execution in /pb-claude-orchestration
**Capability change:** Sonnet 4.6 fast enough for parallel fan-out
**Proposal:** Add "Parallel Research Pattern" section:
  1. Main launches 3 agents simultaneously
  2. Each agent explores independently
  3. Results merged in synthesis stage

**Impact:** Session runtime -30% for exploration tasks
**Confidence:** High (pattern validated in playbook development)

Step 6: Test Proposed Changes

For each significant change, validate on 2-3 real tasks:

# Example: Test parallel research pattern
# 1. Identify a task that would benefit
# 2. Run with old (sequential) approach
# 3. Time: 15 minutes
# 4. Run with new (parallel) approach
# 5. Time: 10 minutes
# 6. Document: "Parallel X saved Y minutes"

Record results:

### Validation: Parallel Research Pattern

**Task:** Investigate codebase for X feature
**Old pattern (sequential):** 20 min (Agent A) + 15 min (Agent B) = 35 min total
**New pattern (parallel):** max(20 min, 15 min) = 20 min total

**Result:** 43% faster. Impact = HIGH. Implement.

Step 7: Generate Diff and Request Approval

Before applying changes, generate a diff to see exactly what will change:

# Generate detailed diff comparing current to proposed
python3 scripts/evolution-diff.py \
  --detailed main HEAD

# Generate markdown report for PR
python3 scripts/evolution-diff.py \
  --report main HEAD

This creates todos/evolution-diff-report.md showing:

Which playbooks are affected
What fields change (old → new values)
Why changes are being proposed

GOVERNANCE GATE: Create a PR and request peer review BEFORE applying changes.

# Create feature branch for changes
git checkout -b evolution/$(date +%Y-Q$((($(date +%m)-1)/3+1)))

# Commit proposed changes
git add commands/
git commit -m "evolution: proposed changes for review"

# Push and create PR
git push origin evolution/...
gh pr create --title "evolution(quarterly): Q1 2026" \
  --body "See todos/evolution-diff-report.md for details"

Peer review checklist:

✅ Capability changes documented accurately
✅ Proposed changes make sense given new capabilities
✅ No unintended side effects
✅ Metadata is consistent (run test suite)
✅ Related commands still exist and are reachable

Only proceed after peer approval and merge to main.

Step 7.5: Apply Approved Changes

Once PR is approved and merged to main, apply the changes:

# Example: Update pb-claude-orchestration
# 1. Add "Parallel Research Pattern" section
# 2. Update examples to use parallel where applicable
# 3. Regenerate CLAUDE.md
# 4. Update MEMORY.md with new strategy

# Regenerate metadata-driven files
python3 scripts/evolve.py --generate

# Validate all metadata
python3 scripts/evolve.py --validate

Step 8: Update Metadata

For each playbook that changed:

# Example: Update pb-start metadata
# - Update last_reviewed date
# - Update execution_time_estimate if timing changed
# - Add last_evolved date
# - Update summary if scope changed
# - Update related_commands if topology changed

Run validation:

python3 scripts/evolve.py --validate

Step 9: Regenerate Auto-Generated Files

# Regenerate all auto-generated indices
python3 scripts/evolve.py --generate

# Regenerate project CLAUDE.md
/pb-claude-project

# Regenerate global CLAUDE.md
/pb-claude-global

# Run docs build
mkdocs build --strict

Step 10: Complete Evolution Cycle

# Stage changes
git add commands/ docs/ scripts/ .claude/ CHANGELOG.md

# Commit with evolution note
git commit -m "evolve(quarterly): $(date +%Y-Q$((($(date +%m)-1)/3+1)))"

# Tag release (if this is a versioned release)
git tag -a v2.X.0 -m "v2.X.0: Q1 2026 evolution"

# Record cycle completion
python3 scripts/evolution-log.py \
  --complete "2026-Q1" \
  --pr <pr-number>

# Push
git push origin main --tags

Step 11: If Evolution Breaks Something (Rollback)

If you discover issues after applying evolution changes:

# List available snapshots
python3 scripts/evolution-snapshot.py --list

# Show details of specific snapshot
python3 scripts/evolution-snapshot.py --show evolution-20260209-HHMMSS

# Rollback to snapshot (interactive confirmation)
python3 scripts/evolution-snapshot.py --rollback evolution-20260209-HHMMSS

# Or force rollback without confirmation
python3 scripts/evolution-snapshot.py --rollback evolution-20260209-HHMMSS --force

# Record the revert in evolution log
python3 scripts/evolution-log.py \
  --revert "2026-Q1" \
  --reason "Parallel patterns caused context bloat; needs refinement"

# Push rollback commit
git push origin main

Anatomy of a Good Evolution

What Changed?

New Claude capabilities (model speed, reasoning, capabilities)
User feedback (patterns that don’t work, confusing guidance)
Tech debt (playbooks that have become stale)
New patterns discovered in practice

How to Spot Evolution Opportunities?

Pattern 1: Capability-Execution Mismatch

You say “use Sonnet for X” but Sonnet 4.6 can now do Y (more complex) just as well
Fix: Update model hint, regenerate CLAUDE.md

Pattern 2: Manual Work That Could Automate

You’re manually updating 5 playbooks when you could update metadata + regenerate
Fix: Metadata-driven auto-generation, one source of truth

Pattern 3: Complexity That Could Simplify

Playbook has 10 decision trees but Sonnet 4.6 can handle the full decision at once
Fix: Consolidate into single decision, simpler playbook

Pattern 4: Serialization That Could Parallelize

You launch Agent A, wait for result, then launch Agent B
But now both could launch simultaneously, merge results
Fix: Document parallel pattern, add to orchestration guide

Pattern 5: Context That Could Compress

Main context has 50K tokens of file content
Could move to subagent (returns compression summary)
Fix: Update context strategy in pb-claude-orchestration

What Doesn’t Change?

Preamble thinking (challenge assumptions, peer collaboration) - timeless
Design rules (clarity, simplicity, robustness) - timeless
Atomic commits, quality gates - foundational, not outdated by capability
Test-first discipline - still best practice

Evolution Log Structure

The evolution system maintains two logs:

1. Structured Audit Log (todos/evolution-audit.json)

Machine-readable JSON format for pattern analysis and automation:

{
  "cycles": [
    {
      "cycle": "2026-Q1",
      "started_at": "2026-02-09T12:00:00",
      "trigger": "quarterly",
      "capability_changes": "Sonnet 4.6: 30% faster, same cost",
      "changes": [
        {
          "command": "pb-claude-orchestration",
          "field": "execution_pattern",
          "before": "sequential",
          "after": "parallel",
          "rationale": "Sonnet 4.6 fast enough for concurrent agents"
        }
      ],
      "status": "completed",
      "snapshot_id": "evolution-20260209-143022",
      "pr_number": 42
    }
  ]
}

Use this log to:

Detect patterns (what fields change most often?)
Measure impact (did evolution help or hurt?)
Enable automation (future cycles can suggest changes)
Audit decisions (why did we make this change?)

# View evolution history
python3 scripts/evolution-log.py --show

# Analyze patterns
python3 scripts/evolution-log.py --analyze

# Export timeline
python3 scripts/evolution-log.py --export

2. Narrative Release Notes (CHANGELOG.md)

Human-readable summary for each release:

## v2.11.0 (2026-05-15) - Q2 Evolution

### Capability Changes
- Sonnet 4.6 → 4.7: +15% reasoning depth
- No speed or cost changes
- New tool: structured output

### Improvements
- Parallel research patterns now standard in exploration tasks
- Model routing optimized (Haiku handles 10 more utility cases)
- Context efficiency improved 12% via better compression

### Metrics
- Average session time: -8% (from 32 min to 29 min)
- Cost per session: -3% (minor optimization)
- User satisfaction: +5% (feedback survey)

Common Evolution Scenarios

Scenario A: Speed Improvement (e.g., Sonnet 4.5 → 4.6)

Signal: “New Sonnet is 30% faster, same cost”

Analysis:

What was Sonnet+Opus before might be Sonnet-only now
Parallelization becomes more viable
Session times drop

Action:

Revisit model routing decisions
Test parallelization patterns
Update execution time estimates
Document efficiency gains

Scenario B: Context Window Expansion

Signal: “Claude context now 400K tokens (was 200K)”

Analysis:

Can now keep more files in main context
Compression strategy becomes optional
But context efficiency still matters (cost)

Action:

Update context loading strategy
Test keeping full codebase in context
Measure tokens used; may stay selective
Update MEMORY.md with new patterns

Scenario C: User Feedback (Patterns Don’t Work)

Signal: “This playbook guidance is confusing, I did it differently”

Analysis:

Reality doesn’t match documentation
Users are finding better way
Playbook is stale or unclear

Action:

Interview users on what worked
Update playbook with real pattern
Validate on 3+ users
Simplify if new pattern is simpler

Scenario D: New Capability (e.g., Tool Use, Custom Models)

Signal: “Claude now supports X”

Analysis:

This changes what’s possible
May enable new playbooks or patterns
May make old patterns obsolete

Action:

Research capability thoroughly
Design playbooks for new capability
Test extensively before releasing
Document when this capability became available

Evolution Release Strategy

Regular Releases (Every Quarter)

Run pb-evolve on fixed schedule
Document capability changes
Implement small improvements
Release as minor version bump (v2.X.0)

Emergency Evolution (New Capability)

Outside normal schedule
When major capability lands
Run full pb-evolve cycle
Release as patch or minor (v2.X.Y)

Versioning

v2.X.0: Quarterly evolution
v2.X.Y: Emergency evolution or small fix
v1.X.0: Major architectural change

Success Criteria for Evolution

Before publishing an evolution cycle, define and verify success metrics:

For Capability-Driven Evolution (e.g., Claude 4.6 release)

Define:

“What efficiency improvements do we expect?” (e.g., 15% faster sessions)
“Which playbooks can be simplified?” (list specific commands)
“Will model routing change?” (document before/after)

Verify:

Session timing improved by X% (measured on real tasks)
User satisfaction feedback positive
Cost per session unchanged or lower
No regressions in code quality

For User Feedback Evolution (e.g., Patterns don’t work)

Define:

“What feedback were we acting on?” (reference issue/comment)
“What’s the new pattern?” (specific changes to command)
“Who validates the fix?” (team member, user, or self-test)

Verify:

User can achieve the goal using updated docs/command
New pattern validated with 2+ real use cases
Existing related commands still work with new approach

For Technical Debt Evolution (e.g., Stale patterns)

Define:

“What pattern is now outdated?” (specific reason)
“What replaces it?” (new approach, with rationale)
“Is this a breaking change?” (affects users? need migration guide?)

Verify:

Migration guide written (if breaking)
Existing projects tested with new approach
Related commands still integrate properly

Checklist: Before Publishing Evolution

Success criteria defined (see section above)
Success criteria verified
All playbooks validated (python3 scripts/evolve.py –validate)
No circular cross-references
Metadata coverage > 95%
mkdocs build –strict passes
markdownlint passes
CHANGELOG updated
MEMORY.md updated with lessons
Evolution log entry written
Tests pass
Tested on 2-3 real tasks

Rollback Procedures

If evolution introduces issues after merging, follow these steps:

Immediate Response (Within 1 hour of issue discovery)

# 1. Identify the problem
# - Review recent changes
# - Check which playbooks caused the issue

# 2. Assess severity
# - Does this break user workflows? (CRITICAL)
# - Does this cause confusion? (HIGH)
# - Is this a minor clarity issue? (MEDIUM)

# 3. Decide: Fix Forward vs Rollback
# CRITICAL: Rollback immediately
# HIGH: Rollback if fix takes >30 min, fix forward if quick fix available
# MEDIUM: Fix forward (don't rollback for minor issues)

Rolling Back Evolution (If Needed)

# Step 1: Retrieve pre-evolution snapshot
python3 scripts/evolution-snapshot.py --list
# Shows: evolution-20260210-143022, evolution-20260211-091845, etc.

# Step 2: Review what will be restored
python3 scripts/evolution-snapshot.py --show evolution-20260210-143022

# Step 3: Restore (interactive confirmation)
python3 scripts/evolution-snapshot.py --rollback evolution-20260210-143022

# Step 4: Verify restoration
git log --oneline -3
mkdocs build --strict

# Step 5: Record the revert
python3 scripts/evolution-log.py \
  --revert "2026-Q1" \
  --reason "Caused confusion in pb-guide, needs refinement"

# Step 6: Push rollback commit
git push origin main

# Step 7: Communicate
# Announce rollback in team Slack/standup with reason

Post-Rollback Analysis

After rollback, document:

# Evolution Rollback Report: 2026-Q1

**Date:** Feb 15, 2026
**Reason:** Proposed changes to pb-guide clarity caused more confusion than before

## What Went Wrong
- Change assumed users familiar with concept X (they weren't)
- New section headings created ambiguity about scope
- Examples didn't match current usage patterns

## Learning for Next Cycle
- Earlier user validation before committing large doc changes
- Test changes with actual users (2-3 people) before merging
- Include examples that match documented patterns exactly

## Re-Planning
- Keep current pb-guide as-is for Q1
- Plan more targeted clarity improvements for Q2
- Assign to different reviewer with user feedback focus

Evolution Metrics & Reporting

Measuring Evolution Success

Track these metrics for each evolution cycle:

Quality Metrics:

✅ No bugs introduced (zero rollbacks needed)
✅ No regressions (existing functionality preserved)
✅ Documentation builds successfully
✅ All tests pass

Adoption Metrics:

When was the evolution PR merged? (commits per day unchanged)
Any user feedback about changes? (watch for GitHub issues)
Are new patterns being adopted? (track in next cycle’s signals)

Efficiency Metrics:

Time taken for evolution cycle (hours)
Lines of code/documentation changed
Number of playbooks touched

Quarterly Evolution Report Template

Create todos/evolution-report-YYYY-Q[N].md after each cycle:

# Evolution Report: Q1 2026

**Evolution Manager:** [Name]
**Cycle Period:** Feb 10-15, 2026
**Release Date:** Feb 16, 2026

## Capability Changes Assessed
- Claude Sonnet: [version change, if any]
- Claude Opus: [version change, if any]
- New capabilities: [e.g., tool use, structured output]

## Changes Made

### Playbooks Updated
- pb-guide (3 sections clarified)
- pb-cycle (added parallel review pattern)
- pb-git-signals (integrated with evolution planning)

### Impact Assessment
- Breaking changes: 0
- Potentially confusing changes: 0 (no rollbacks needed)
- User-facing improvements: 3

### Metrics
- Evolution time: 4 hours
- Lines changed: 280
- Tests run: 40 (all passed)

## User Feedback (If Any)
- [Positive feedback on changes]
- [Questions or confusion]
- [Suggestions for next cycle]

## Learnings & Improvements for Q2
1. [What went well]
2. [What to improve]
3. [Process improvements]

## Next Quarter Priorities
- [Based on feedback and evolution planning]

Post-Evolution Review

One week after evolution release (e.g., Feb 23), evaluate:

Stability Check

# 1. Verify no regressions
# - No user bug reports related to evolution changes
# - CI/CD still green
# - Deployment still smooth

# 2. Document any minor issues
# - Typos or clarity gaps found by users
# - Add to next quarter's evolution input

# 3. Measure actual impact
# - Did playbook improvements help? (user feedback)
# - Are new patterns being used? (git commits)
# - Did efficiency improve? (session times)

Updating Evolution Log

python3 scripts/evolution-log.py --complete-review "2026-Q1" \
  --stability "green" \
  --feedback "[user feedback summary]"

Planning Next Cycle

By end of week after evolution:

Document learnings for next Evolution Manager
Capture early user feedback for next evolution input
Update MEMORY.md with patterns discovered
Plan Q2 evolution inputs

Evolution Tracking System

Central Evolution Dashboard

Maintain todos/evolution-dashboard.md for quarter-at-a-glance status:

# Evolution Dashboard: 2026

## Q1 (Feb 10-15) - COMPLETE
- Evolution Manager: [Name]
- Status: ✅ Released Feb 16
- Capability focus: Sonnet 4.6 performance improvements
- Changes: 3 playbooks, 280 lines
- Impact: No regressions, positive feedback
- Post-review: Stable, metrics good

## Q2 (May 10-15) - UPCOMING
- Evolution Manager: [TBD - assign by April 20]
- Preliminary capability focus: Context window, reasoning improvements
- Estimated changes: TBD
- Key questions: [To be researched in May]

## Q3 (Aug 10-15) - PLANNING
- Evolution Manager: [Rotate from Q1]
- Preliminary focus: TBD

## Q4 (Nov 10-15) - PLANNING
- Evolution Manager: [Rotate from Q2]
- Preliminary focus: TBD

Pre-Evolution Preparation Tracking

30 days before evolution cycle:

# Q2 2026 Evolution Prep (30 days before May 10)

**Timeline:**
- April 10: Evolution Manager assigned, research phase begins
- April 15: Capability analysis draft completed
- April 20: Review meeting scheduled
- May 1: Evolution input document finalized
- May 9: Team review meeting
- May 10: Evolution work begins

**Checklist:**
- [ ] Evolution Manager assigned (person + backup)
- [ ] Capability changes researched
- [ ] Git signals run (if applicable)
- [ ] Evolution meeting scheduled
- [ ] Input document drafted
- [ ] Team notified

/pb-claude-global - Regenerate global CLAUDE.md
/pb-claude-project - Regenerate project CLAUDE.md
/pb-standards - Quality standards (validated by evolution)
/pb-preamble - Thinking philosophy (doesn’t change)
/pb-design-rules - Design principles (doesn’t change)

Tips for Sustainable Evolution

Make metadata source of truth - Everything derives from metadata
Automate what’s repetitive - scripts/evolve.py handles index generation
Document rationale - Every change explains why (for future evolution)
Test before releasing - Validate on real tasks
Measure impact - Track efficiency gains
Collect feedback - Users will find patterns that don’t work
Iterate publicly - Share evolution log so users understand changes

How This Works in Practice

Imagine Sonnet 4.6 is released and it’s 30% faster.

pb-evolve runs → analyzes capability changes
Opportunity identified → “Can now parallelize more tasks”
Pattern validated → tests on real task, confirms 30% speedup
Playbook updated → adds parallel pattern to pb-claude-orchestration
Metadata updated → updates execution_time_estimate, last_evolved
Files regenerated → mkdocs build, scripts/evolve.py –generate
Committed → git commit, tagged v2.10.0
Users benefit → faster sessions, happier users, sustainable excellence

This is self-healing DNA in action.

What Gets Evolved?

Command metadata (last_reviewed, execution_time_estimate, difficulty)
Model routing decisions (when to use Haiku vs Sonnet vs Opus)
Execution patterns (when to parallelize, when to serialize)
Context loading strategy (what to load in main, what to defer)
Best practices (patterns that work in practice)
Examples (keep them current)

What Doesn’t Get Evolved?

Preamble thinking (timeless)
Design rules (timeless)
Command structure (breaking change, very rare)
Commit discipline (timeless)
Testing standards (timeless)

Last Updated: 2026-02-09 Version: 1.0 (Foundation Release)

Self-improvement is how we stay relevant. When Claude evolves, we evolve. When users teach us better patterns, we implement them. This playbook is never “done”-it’s always improving.

Create New Engineering Playbook

Purpose: Meta-playbook for creating new playbook commands. Ensures every new command meets quality standards, follows conventions, and integrates coherently with the existing ecosystem.

Mindset: Playbooks should exemplify what they preach. Apply /pb-preamble thinking (clear reasoning invites challenge-your playbook should be easy to critique and improve) and /pb-design-rules thinking (Clarity, Modularity, Representation: structure should make intent obvious).

Resource Hint: sonnet - Structured command creation; follows established conventions.

Before writing a playbook, understand what type it is. Classification drives structure.

When to Use

Creating a new pb- command* - Before writing any new playbook
Restructuring existing playbook - When refactoring a command
Reviewing playbook quality - As a reference for standards
Onboarding contributors - Teaching playbook conventions

Step 1: Classify Your Playbook

What type of playbook is this? Classification determines required sections.

Type	Description	Key Characteristic	Examples
Executor	Runs a specific workflow	Has steps/process to follow	pb-commit, pb-deployment, pb-start
Orchestrator	Coordinates multiple commands	References other pb-* commands	pb-release, pb-ship, pb-repo-enhance
Guide	Provides philosophy/framework	Principles over procedures	pb-guide, pb-preamble, pb-design-rules
Reference	Pattern library, templates	Lookup material	`pb-patterns-*`, pb-templates
Review	Evaluates against criteria	Checklists and deliverables	`pb-review-*`, pb-security

Decision aid:

Does it have steps to execute? → Executor
Does it mainly call other commands? → Orchestrator
Does it explain philosophy/principles? → Guide
Is it lookup/reference material? → Reference
Does it evaluate/audit something? → Review

Step 2: Name Your Playbook

Naming Patterns

Pattern	Use When	Examples
`pb-<action>`	Single clear action	pb-commit, pb-ship, pb-deploy
`pb-<noun>`	Concept or thing	pb-security, pb-testing
`pb-<category>-<target>`	Part of a family	pb-review-code, pb-patterns-api
`pb-<noun>-<noun>`	Compound concept	pb-design-rules, pb-knowledge-transfer

Naming Rules

Lowercase only, hyphens between words
Verb-first for actions (pb-commit, pb-deploy, pb-review)
Noun-first for concepts (pb-security, pb-patterns)
Avoid generic names (not pb-do-stuff, pb-misc)
Match existing family patterns (pb-review-* for reviews, pb-patterns-* for patterns)

Category Placement

Category	Purpose	Examples
`core/`	Foundation, philosophy, meta	pb-guide, pb-preamble, pb-standards
`planning/`	Architecture, patterns, decisions	pb-plan, pb-adr, `pb-patterns-*`
`development/`	Daily workflow commands	pb-start, pb-commit, pb-cycle
`deployment/`	Release, ops, infrastructure	pb-deployment, pb-release, pb-incident
`reviews/`	Quality gates, audits	`pb-review-*`, pb-security
`repo/`	Repository management	pb-repo-init, pb-repo-enhance
`people/`	Team operations	pb-team, pb-onboarding
`templates/`	Context generators, Claude Code configuration	pb-claude-global, pb-context
`utilities/`	System maintenance	pb-doctor, pb-storage, pb-ports

Step 3: Required Sections

Universal (All Playbooks)

Every playbook must have:

# [Title]

**Purpose:** [1-2 sentences: what this does and why it matters]

**Mindset:** Apply /pb-preamble thinking ([specific aspect]) and /pb-design-rules thinking ([relevant rules]).

[1-2 sentence orienting statement]

---

## When to Use

- [Scenario 1]
- [Scenario 2]
- [Scenario 3]

---

[MAIN CONTENT - varies by classification]

---

## Related Commands

- /pb-related-1 - [Brief description]
- /pb-related-2 - [Brief description]

---

**Last Updated:** [Date]
**Version:** X.Y.Z

By Classification

Executor (Additional Required)

## Process / Steps

### Step 1: [Name]
[What to do]

### Step 2: [Name]
[What to do]

---

## Verification

How to confirm this worked:
- [ ] [Check 1]
- [ ] [Check 2]

Orchestrator (Additional Required)

## Tasks

### 1. [Task Name]
**Reference:** /pb-specific-command

- [What this task accomplishes]
- [Key subtasks]

### 2. [Task Name]
**Reference:** /pb-another-command

---

## Output Checklist

After completion, verify:
- [ ] [Outcome 1]
- [ ] [Outcome 2]

Guide (Additional Required)

## Principles

### Principle 1: [Name]
[Explanation with reasoning]

### Principle 2: [Name]
[Explanation with reasoning]

---

## Guidelines

**Do:**
- [Positive guidance]

**Don't:**
- [Anti-pattern to avoid]

---

## Examples

[Practical examples demonstrating principles]

Reference (Additional Required)

## [Content Type]

### [Category/Item 1]

[Reference content: patterns, templates, etc.]

### [Category/Item 2]

[Reference content]

---

## Usage Examples

[How to apply this reference material]

Review (Additional Required)

## Review Checklist

### [Category 1]
- [ ] [Check item with clear pass/fail criteria]
- [ ] [Check item]

### [Category 2]
- [ ] [Check item]

---

## Deliverables

### [Output 1: e.g., Summary Report]

```template
[Format/structure for this deliverable]

[Output 2: e.g., Findings List]

[Format specification]


---

## Step 4: Write Content

### Tone Guidelines

| Do | Don't |
|----|-------|
| Professional, direct | Casual, chatty |
| Concise, specific | Verbose, vague |
| Imperative mood ("Run X") | Passive ("X should be run") |
| State facts | Hedge with "maybe", "might" |

**Banned phrases:**
- "Let's dive in"
- "It's important to note"
- "As you can see"
- "Simply" / "Just" / "Easily"
- "Best practices" (be specific instead)

### Structure Guidelines

| Element | Rule |
|---------|------|
| Title | H1, imperative or noun phrase |
| Major sections | H2, separated by `---` |
| Subsections | H3, no divider needed |
| Lists | Use for 3+ parallel items |
| Tables | Use for structured comparisons |
| Code blocks | Use for commands, examples, templates |
| Checklists | Use `- [ ]` for verification items |

### Cross-References

- Use `/pb-command-name` format in text
- List related commands in dedicated section at end
- Ensure bidirectional links (if A references B, B should reference A)
- Only reference commands that exist

### Examples

Every playbook should include at least one example:

- Make examples practical and realistic
- Show both input and expected output where applicable
- For pattern guidance, show good AND bad examples
- Use real-world scenarios, not "foo/bar" abstractions

---

## Step 5: Scaffold Template

Copy this template and fill in:

```markdown
# [Command Title]

**Purpose:** [What this does and why it matters]

**Mindset:** Apply /pb-preamble thinking ([aspect]) and /pb-design-rules thinking ([rules]).

**Resource Hint:** [Model tier - see /pb-claude-orchestration]

[Orienting statement]

---

## When to Use

- [Scenario 1]
- [Scenario 2]
- [Scenario 3]

---

## [Main Section 1]

[Content]

---

## [Main Section 2]

[Content]

---

## [Main Section 3]

[Content]

---

## Related Commands

- /pb-related - [Description]

---

**Last Updated:** YYYY-MM-DD
**Version:** 1.0.0

Resource Hint by Classification

Classification	Default Model	Rationale
Executor	sonnet	Procedural steps, well-defined scope
Orchestrator	opus (main)	Coordinates subtasks, judgment needed
Guide	opus	Deep reasoning about principles
Reference	sonnet	Pattern application, lookup
Review	opus + haiku	Automated checks (haiku), evaluation (opus)

See /pb-claude-orchestration for full model selection strategy.

Step 6: Validate

Run this checklist before finalizing:

Structure Validation

Title is H1, clear and specific
Purpose statement exists and is concise
Mindset links to /pb-preamble and /pb-design-rules
“When to Use” section exists with 3+ scenarios
Major sections separated by ---
Related Commands section at end
Version and date in footer

Content Validation

Classification-appropriate sections present
At least one practical example
No placeholder text (“TBD”, “TODO”, “[fill in]”)
No duplicate content from other playbooks
Specific and actionable, not vague philosophy
Commands/code are tested and work

Quality Validation

Passes markdownlint (no lint errors)
No emojis
Professional tone throughout
No banned phrases
Could be understood by someone new to the playbook
Resource Hint present and appropriate for classification
Command is context-budget-appropriate (<300 lines for Standard tier)

Integration Validation

File in correct category folder
Filename matches command name (pb-foo.md for /pb-foo)
All /pb-* references point to existing commands
Added to docs/command-index.md
At least one other command references this (edit a related command’s “Related Commands” section to add back-link)
If command affects CLAUDE.md content, regenerate with /pb-claude-global
Run /pb-review-playbook quick review on the new command

Final Test

# Lint check
markdownlint commands/[category]/pb-new-command.md

# Install and verify
./scripts/install.sh

# Test invocation (in Claude Code)
# /pb-new-command

Anti-Patterns

Anti-Pattern	Problem	Fix
Vague title	“pb-helper” tells nothing	Be specific: “pb-lint-setup”
Missing “When to Use”	Reader doesn’t know if relevant	Add 3+ clear scenarios
Philosophy dump	2000 words, no actions	Add concrete steps
Duplicate content	Same checklist in 3 playbooks	Extract to one, reference
No examples	All abstract	Add realistic examples
Orphan command	No Related Commands	Connect to ecosystem
Wrong category	Review in development/	Move to reviews/
Inconsistent structure	Random heading levels	Follow H1/H2/H3 pattern
Stale references	Links to deleted commands	Audit before publishing

Playbook Lifecycle

Updating Existing Playbooks

When modifying an existing playbook:

Minor updates (typos, clarifications): Update directly, bump patch version
New sections or features: Update, bump minor version, note in commit
Breaking changes (renamed, restructured, different behavior): Bump major version, document migration path

Deprecating Playbooks

When a playbook is no longer needed:

Add deprecation notice at top: **DEPRECATED:** Use /pb-replacement instead. This command will be removed in vX.Y.
Update referencing commands to point to replacement
Remove from docs/command-index.md (or mark deprecated)
After grace period, delete file and remove symlink

Version Convention

**Version:** MAJOR.MINOR.PATCH

MAJOR: Breaking changes, significant restructure
MINOR: New sections, expanded content
PATCH: Typos, clarifications, minor fixes

Example: Creating a New Playbook

Scenario: Create a playbook for setting up linting in a project.

Step 1: Classify

Runs a workflow with steps → Executor

Step 2: Name

Action-oriented → pb-lint-setup
Category → development/ (daily workflow)

Step 3: Required Sections

Universal sections (Purpose, When to Use, Related)
Executor sections (Process/Steps, Verification)

Step 4: Write

# Lint Setup

**Purpose:** Configure linting for consistent code style...

## When to Use
- Starting new project
- Adding linting to existing codebase
- Standardizing team code style

## Process

### Step 1: Choose Linter
[Based on language...]

### Step 2: Install
[Commands...]

### Step 3: Configure
[Config files...]

## Verification
- [ ] Linter runs without errors
- [ ] Pre-commit hook installed

## Related Commands
- /pb-repo-init - Project initialization

Step 5: Validate

Run checklist
Test with markdownlint
Install and invoke

Playbook Quality Tiers

Reference for appropriate depth:

Tier	Line Count	When to Use
Minimal	50-100	Simple, focused commands
Standard	100-300	Most commands
Comprehensive	300-600	Complex workflows, guides
Reference	600+	Pattern libraries, extensive guides

Match depth to purpose. Simple commands don’t need 500 lines.

/pb-review-playbook - Review existing playbooks for quality
/pb-claude-orchestration - Model tier guidance for new commands
/pb-templates - Reusable templates and patterns
/pb-standards - Code quality standards
/pb-documentation - Writing great documentation

Last Updated: 2026-02-07 Version: 1.1.0

Start Development Work

Begin work on a feature, bug fix, or enhancement. Establishes scope through adaptive questions, then you work. No ceremony-just clarity.

Part of the ritual: /pb-start → code → /pb-review → decide → /pb-commit

Mindset: Apply /pb-preamble thinking (challenge assumptions) and /pb-design-rules thinking (verify clarity, simplicity, robustness). This command ensures you know what success looks like before writing code.

Resource Hint: sonnet - Scope detection and branch setup

Voice: Conversational. System asks clarifying questions naturally, like a peer reviewing your plan. See /docs/voice.md for how commands communicate.

Tool-agnostic: This command works with any development tool or agentic assistant. Claude Code users invoke as /pb-start. Using another tool? Read this file as Markdown and work through the phases with your tool. See /docs/using-with-other-tools.md for adaptation examples.

When to Use

Starting any new work (feature, fix, refactor)
Need to clarify scope before coding
Picking up work after a break (pair with /pb-resume)

The Quick Start: 5 Minutes

/pb-start "feature name"
  ↓ System asks 3-4 adaptive questions
  ↓ You answer (1-2 min)
  ↓ Branch created, scope detected
  ↓ You code

What the conversation looks like:

The system asks clarifying questions naturally-like a peer reviewing your approach before you dive in. Adapt to what you describe:

What are you building? (outcome, not solution)
- You: “Users can reset passwords via email”
- System uses this to understand scope
How complex? (files and LOC estimate)
- You: “~200 LOC, 3 files, touches auth + email”
- System detects: small/medium/large
Scope mode? (expanding, holding, or reducing)
- Expanding: New capability - building something that doesn’t exist yet
- Holding: Hardening - bulletproofing, fixing, improving what exists
- Reducing: Surgical minimalism - removing, simplifying, cutting scope
- System adjusts review expectations: expanding gets architecture review, holding gets correctness review, reducing gets regression review
Critical path? (production, security, payment, or nice-to-have)
- You: “Payment processing, yes”
- System prepares review depth accordingly
Any blockers?
- You: “Need staging DB access” or “None”
- System pauses if blockers exist, otherwise proceeds

After You Answer

System detects complexity level, criticality, and affected domains. Creates a feature branch with conventional naming, saves your scope for /pb-review later, then gets out of your way. You code. No more decisions, no ceremony. System watches in the background, tracking change complexity as you work.

The Ritual is Simple

This command is part of a 3-command ritual:

/pb-start [what you're building]
  ↓ Answer 3-4 questions
  ↓ Branch created, scope recorded

[You code here-no interruptions]

/pb-review
  ↓ Detects review depth from your change
  ↓ Consults personas automatically
  ↓ Clean? Auto-commits. Issues? Preferences decide.
  ↓ Ambiguous? Asks you, then commits.

/pb-commit
  ↓ Usually automatic (triggered by /pb-review)
  ↓ Use explicitly if you want manual control

Total cognitive load: 3 commands. That’s a habit.

Pro Tips

Before you start:

Read the outcome question carefully. “What are you building?” means outcome, not solution
Be honest about complexity. Small estimate = lean review. Large = deep review.
If blockers exist, resolve them now, don’t start coding with unknowns

After branch is created:

Just code. Don’t think about the ritual yet.
System is watching (tracking your changes)
When done, run /pb-review

Branch Naming

System auto-creates branch with conventional naming:

feature/short-description for new features
fix/issue-description for bug fixes
refactor/what-changed for refactoring

You don’t need to think about this.

Migration from Old Workflow

If you’ve used the playbook before, here’s what changed:

Old	New
`/pb-start` (long ceremony)	`/pb-start` (3-4 questions, 2 min)
`/pb-cycle` (self-review)	`/pb-review` (auto-detects depth)
`/pb-review-code` (peer review)	Built into `/pb-review`
`/pb-security`, `/pb-performance`	Consulted automatically by `/pb-review`
Manual persona selection	Automatic (system decides who to consult)

No more commands to remember: just /pb-start, /pb-review, /pb-commit.

/pb-review - Quality gate (the second part of the ritual)
/pb-commit - Make the commit (the third part)
/pb-pause - Pause work, save context
/pb-resume - Get back into context
/pb-plan - Plan architecture before starting (optional, for complex work)

One ritual. Three commands. Automagic depth detection. Quality by default.

Automated Quality Gate

Resource Hint: sonnet - Quality gate that applies your preferences, checks LLM trust boundaries, and auto-commits after code review.

Run this after you finish coding. System analyzes what you built, applies your established preferences, and commits if everything checks out. You get a report when done.

Note: This is the fast quality gate in the /pb-start → code → /pb-review workflow. For deep, comprehensive project reviews, see /pb-review-comprehensive.

Part of the ritual: /pb-start → code → /pb-review → done

Voice: Prose-driven feedback. Specific reasoning (what matters + why), not diagnostic checklists. See /docs/voice.md for how commands communicate.

Tool-agnostic: The quality gate principles (verify outcomes, check code quality, run tests, address feedback) work with any development tool. Claude Code users invoke as /pb-review. Using another tool? Read this file as Markdown for the checklist and process. Adapt the execution to your tool. See /docs/using-with-other-tools.md for examples.

Code Review Family

Use /pb-review (YOU ARE HERE) for fast quality gate right after coding
Use /pb-review-code for deep review of a specific PR/commit
Use /pb-review-hygiene for monthly codebase health check
Use /pb-review-tests for monthly test suite quality check

How It Works

System analyzes your change (LOC, files, domains, complexity, criticality), determines review depth, and runs quality checks through your preferences (from /pb-preferences).

Three outcomes:

Clean - No issues found. Auto-commits and reports.
Issues covered by preferences - Preferences decide: auto-fix, auto-defer, or auto-accept. Then auto-commits.
Ambiguous - Issue doesn’t fit your preferences, or new issue type. Asks you. Remembers your answer for next time.
Loop detected - Same issue flagged 3+ times across fix-review cycles. Stop auto-fixing. Surface to user: “This issue has come back 3 times. It may be a design problem, not a code problem. [describe the recurring issue]. Continuing to auto-fix risks masking the root cause.” Escalate as a design question, not a code fix.

Most reviews hit outcome 1 or 2. You only get involved for genuinely ambiguous cases or loop detection.

Pre-check: Diff-aware flow mapping. Before reviewing, system maps changed files to affected user flows. “This diff touches auth/ and email/ - affected flows: login, password reset, signup verification.” This focuses review on what the change actually impacts, not the entire codebase.

LLM trust boundary. If changes include LLM-generated code (SQL, auth logic, security boundaries, data mutations), system flags for elevated scrutiny. LLM output is untrusted input - validate it at trust boundaries the same way you’d validate user input. Escalates to /pb-review-code or /pb-security if LLM-generated code touches security-critical paths.

Critical-severity surfacing. When a critical-severity finding is detected, system surfaces it individually - one issue at a time, not batched. Critical findings require explicit acknowledgment before proceeding. This prevents critical issues from getting lost in a list of suggestions.

Examples

Clean review (no issues)

/pb-review
✓ Analyzed: 30 LOC, 1 file, logging statement
✓ No issues found
✓ Committed: 3c8f9a2d

Issues covered by preferences

/pb-review
✓ Analyzed: 250 LOC, 3 files, auth flow
✓ Depth: Standard

Issues found:

1. Email service is inline (architecture)
   Your preference: "Extract to service if possible"
   → Auto-fixing: extracting to separate service

2. Token expiration path doesn't handle cache failure (error handling)
   Your preference: "Error handling must be explicit"
   → Auto-fixing: adding explicit error handler

3. Failure paths untested (testing)
   Coverage: 85%
   Your preference: "Defer testing if coverage > 80%"
   → Auto-deferring: gap noted for later

✓ Ready to commit
✓ Committed: abc1234f
  feat(auth): add email verification with retry logic

  Extract email service for reuse, add explicit error handling
  on token expiration. Testing gap deferred (coverage 85%).

Ambiguous issue (asks you)

/pb-review
✓ Analyzed: 180 LOC, 2 files, retry logic
✓ Depth: Standard

⚠ Issue: Complex retry logic with 4 nested loops + 3 state machines

Your preference doesn't quite cover this. The code works, tests pass,
no logic errors. But it's clever-potentially hard to maintain.

Linus recommends: "This is too clever, simplify."

Two paths:
  A: Simplify (~2 hours, low risk, easier maintenance)
  B: Accept (~0 effort, higher maintenance burden later)

What's your call?

You pick A or B. System remembers for next time.

Preferences

Setup once (/pb-preferences --setup, takes ~15 minutes). Answer questions about your values: architecture (always fix or threshold?), testing (require 80%+ coverage?), security (zero-tolerance?), performance (benchmark-driven?), etc.

During /pb-review, system matches each issue to your preference and decides. Only asks when genuinely ambiguous:

Preference doesn’t cover it - New issue type. You set the precedent, system remembers.
Borderline - Coverage is exactly at your threshold. You decide.
Override needed - Use pb-review --override for edge cases.

When to Use

After coding: /pb-review - primary use case
After fixing feedback: /pb-review again to re-verify
Manual commit control: pb-review --no-auto-commit to review the message first

/pb-start - Begin work (sets scope signal)
/pb-preferences - Set your decision rules once
/pb-commit - Usually automatic, but can be manual if you prefer
/pb-pr - Peer review (next step after commit)

Fast quality gate. Preferences decide. You handle the edge cases. | v2.3.0

Commit (Usually Automatic)

Resource Hint: sonnet - Commit message drafting with context-aware summaries and bisectable splitting guidance.

Tool-agnostic: This command documents commit discipline (atomic, clear messages) that works with any version control system. Claude Code users invoke as /pb-commit. Using another tool? Read this file as Markdown for commit principles and message format. See /docs/using-with-other-tools.md for how to adapt the ritual.

Usually: /pb-review auto-commits when all passes. You get a notification.

Rarely: You want manual control. Use this command explicitly.

Part of the ritual: /pb-start → code → /pb-review → (automatic /pb-commit)

The Usual Flow

/pb-review
  ↓ System analyzes change
  ↓ Applies your preferences
  ↓ All passes
  ↓ AUTO-COMMITS

Notification: "✓ Committed abc1234f to feature/email-verification"

You: Keep working or run /pb-start on next feature

Your involvement: 0%

What happened: Commit message auto-drafted with:

What changed
Why you did it
Review decisions made
Issues addressed

If You Want Manual Control

/pb-review --no-auto-commit
  ↓ System analyzes, decides, reports
  ↓ Waits for you to manually commit

/pb-commit
  ↓ Shows auto-drafted message
  ↓ You can adjust if needed
  ↓ Confirm
  ↓ Commits and pushes

When to use: Prefer explicit control? Want to review message first? Use this mode.

Bisectable Commit Splitting

For changes touching >3 files across >1 concern, consider splitting into bisectable commits. This makes git bisect useful and rollbacks surgical.

Dependency order:

Infrastructure/config - Schema migrations, configuration changes, dependencies
Data/models + tests - Data layer changes with their tests together
Logic/controllers/UI - Application logic, API endpoints, frontend
Versioning - VERSION, CHANGELOG, release metadata last

When to split:

Multiple concerns in one change (infra + logic + tests)
Changes that could independently cause failures
Large changes where isolating the breaking commit matters

When NOT to split:

Single-concern changes (even across many files - e.g., a rename)
Small changes (<50 LOC) where splitting adds noise
Tightly coupled changes where splitting would leave broken intermediate states

If Something Went Wrong

/pb-commit --check
  ↓ Verify last auto-commit
  ↓ Show message, changes, push status

/pb-commit --undo
  ↓ Soft-reset last commit (rare emergency)
  ↓ Changes still in working directory

Integration

Before:

/pb-review auto-commits when all passes

This command:

Usually not needed (automatic)
Exists if you want manual control
Exists if something went wrong

After:

Commit is in remote
Ready for /pb-pr or next work

/pb-review - Runs auto-commit (you don’t need to do anything)
/pb-start - Begin next work
/pb-pr - Peer review (next step after commit)

Automatic by default | Manual if you prefer | v2.1.0

Ship Focus Area to Production

Complete a focus area through comprehensive review, PR creation, peer review, merge, release, and verification. This is the full journey from “code complete” to “in production.”

Mindset: This command embodies /pb-preamble thinking (challenge readiness assumptions, surface risks directly) and /pb-design-rules thinking (verify Clarity, Robustness, Simplicity before shipping).

Ship when ready, not when tired. Every review step is an opportunity to find issues-embrace them.

Resource Hint: sonnet - review orchestration and release coordination

When to Use This Command

Focus area complete - Feature/fix is code-complete, ready for final review
Release candidate - Preparing a version for production
End of sprint - Shipping accumulated work
Milestone delivery - Completing a planned deliverable

The Ship Workflow

PHASE 1              PHASE 2                PHASE 3           PHASE 4              PHASE 5
FOUNDATION           SPECIALIZED REVIEWS    FINAL GATE        PR & PEER REVIEW     MERGE & RELEASE
│                    │                      │                 │                    │
├─ Quality gates     ├─ /pb-review-docs     ├─ /pb-release    ├─ /pb-pr            ├─ Merge PR
│  (lint,test,type)  │  (REQUIRED)          │  Phase 1        │                    │
│                    │                      │  (readiness)    ├─ Peer review       ├─ /pb-release
├─ /pb-cycle         ├─ /pb-review-hygiene  │                 │  (scoped to PR)    │  Phase 2-3
│  (self-review)     │  (code quality)      └─ Ship decision  │                    │  (tag, deploy)
│                    │                         (go/no-go)     ├─ Address feedback  │
└─ Release artifacts ├─ /pb-review-hygiene                    │                    ├─ /pb-deployment
   (CHANGELOG etc)   │  (project health)                      └─ Approved sign-off │
                     │                                                             └─ Summarize
                     ├─ /pb-review-tests
                     │  (coverage)
                     │
                     ├─ /pb-security
                     │  (vulnerabilities)
                     │
                     └─ /pb-logging
                        (standards)

Release Type Quick Reference

Release Type	Phase 1	Phase 2	Phase 3	Phase 4-5
Versioned (vX.Y.Z)	Full + Artifacts	At least `/pb-review-docs`	Required	Required
S-tier versioned	Full + Artifacts	`/pb-review-docs` only	Quick check	Required
Hotfix (no tag)	Quality gates	Optional	Skip	Streamlined
Trivial (typo)	Lint only	Skip	Skip	Quick merge

Key rule: Any release that will be tagged (vX.Y.Z) requires CHANGELOG verification.

Phase 1: Foundation

Establish a clean baseline before specialized reviews.

Step 1.1: Run Quality Gates

# Run all quality checks
make lint        # or: npm run lint / ruff check
make typecheck   # or: npm run typecheck / mypy
make test        # or: npm test / pytest

Checkpoint: All gates must pass before proceeding. Fix failures now, not later.

Step 1.2: Verify CI Status (If Configured)

If the project has CI configured, verify it passes before proceeding:

# Check latest CI run status
gh run list --limit 3

# View details of a specific run
gh run view [RUN_ID]

# Wait for CI to complete if running
gh run watch

# Check PR-specific CI status (if PR already exists)
gh pr checks [PR-NUMBER]

CI Verification Checklist:

Latest CI run on current branch is passing
No flaky test failures (if failures, investigate root cause)
All required checks are green

Non-negotiable: If CI is configured for the project, it MUST pass before shipping. Do not proceed with “it was passing yesterday” or “it’s just a flaky test.” Fix the CI first.

No CI configured? Skip this step, but consider adding CI as a follow-up task (/pb-review-hygiene).

Step 1.3: Basic Self-Review

Run /pb-cycle for a quick self-review:

No debug code (console.log, print statements)
No commented-out code
No hardcoded secrets or credentials
No TODO/FIXME for critical items
Changes match the intended scope

Step 1.4: Release Artifacts Check

Required for any versioned release (vX.Y.Z):

# Verify CHANGELOG has entry for this version
grep -E "## \[v?X\.Y\.Z\]" CHANGELOG.md docs/CHANGELOG.md 2>/dev/null

# Verify version tag doesn't already exist
git tag -l "vX.Y.Z"

# Check version in package files (if applicable)
# For Go: no version file typically
# For Node: grep version package.json
# For Python: grep version pyproject.toml

Release Artifacts Checklist:

CHANGELOG.md has entry for this version with date
All changes documented in CHANGELOG (Added, Changed, Fixed, Removed)
Version links added at bottom of CHANGELOG
Version number updated in package files (if applicable)
Release notes drafted (can use CHANGELOG entry)

This check is NOT optional for versioned releases. No exceptions.

Phase 2: Specialized Reviews

Run reviews based on release type. Track issues found and address them before moving to the next.

Minimum Required (ALL versioned releases)

Step 2.1: Documentation Review (REQUIRED)

Run /pb-review-docs:

CHANGELOG.md updated with this version’s entry
README accurate (installation, usage examples)
API docs updated (if applicable)
Code comments meaningful (not obvious)
Migration guide updated (if breaking changes)

Do not proceed without completing this review for versioned releases.

Full Suite (M/L tier releases, recommended for all)

Step 2.2: Code Quality Review

Run /pb-review-hygiene:

Code patterns are consistent
No duplication (DRY)
No AI-generated bloat
Naming conventions followed
Complexity is justified

Address issues before proceeding.

Step 2.3: Project Hygiene Review

Run /pb-review-hygiene:

Dependencies up to date
No dead code or unused modules
CI/CD pipeline healthy
Configuration is clean
No stale files

Address issues before proceeding.

Step 2.4: Test Coverage Review

Run /pb-review-tests:

Critical paths have coverage
Edge cases tested
No flaky tests
Test quality is good (not just coverage %)
Integration tests for key flows

Address issues before proceeding.

Step 2.5: Security Review

Run /pb-security:

No secrets in code
Input validation at boundaries
SQL injection prevention
XSS/CSRF protection (if applicable)
Dependencies scanned for vulnerabilities
Auth/authz properly implemented

Address CRITICAL/HIGH issues before proceeding. Document deferred items.

Step 2.6: Logging Review (Optional)

Run /pb-logging if backend/API changes:

Structured logging used
No secrets in logs
Appropriate log levels
Request tracing in place
Error context preserved

Issue Tracking Template

Create or update todos/ship-review-YYYY-MM-DD.md:

# Ship Review: [Feature/Focus Area]
**Date:** YYYY-MM-DD
**Branch:** [branch-name]
**Version:** vX.Y.Z

## Release Artifacts
- [ ] CHANGELOG.md updated
- [ ] Version links added
- [ ] Release notes drafted

## Issues Found

### From pb-review-docs (REQUIRED)
| # | Issue | Severity | Status |
|---|-------|----------|--------|
| 1 | [description] | HIGH/MED/LOW | FIXED/DEFERRED |

### From pb-review-hygiene
| # | Issue | Severity | Status |
|---|-------|----------|--------|

[... other sections ...]

## Summary
- Total issues: X
- Critical: X (must fix)
- High: X (should fix)
- Medium: X (address if time)
- Low: X (defer)
- Fixed: X
- Deferred: X (with rationale)

Phase 3: Final Gate

Step 3.1: Release Readiness Review

Run /pb-release Phase 1 (Readiness Gate):

This is the senior engineer final gate. Review with fresh eyes:

Release checklist complete
Code is production-ready
All CRITICAL/HIGH issues addressed
Deferred items documented with rationale
Rollback plan exists

Step 3.2: Ship Decision

Go/No-Go Checklist:

All quality gates pass
CI passes (if configured) ← REQUIRED
All CRITICAL issues fixed
All HIGH issues fixed (or explicitly deferred with approval)
CHANGELOG.md updated with this version’s entry ← REQUIRED
Version links added to CHANGELOG ← REQUIRED
Documentation is accurate
Team is aware of the release
Rollback plan tested

Decision: GO / NO-GO

If NO-GO, document blockers and return to appropriate phase.

Phase 4: PR & Peer Review

Step 4.1: Create Pull Request

Run /pb-pr:

# Create PR with comprehensive context
gh pr create --title "[type]: brief description" --body "$(cat <<'EOF'
## Summary
[1-3 bullet points: what and why]

## Changes
[Key changes, grouped logically]

## Review Focus
[What reviewers should pay attention to]

## Test Plan
[How to verify this works]

## Ship Review
- Release artifacts: PASS (CHANGELOG updated)
- Code quality: PASS
- Hygiene: PASS
- Tests: PASS
- Security: PASS
- Docs: PASS
- Pre-release: PASS

Issues addressed: X | Deferred: X (see todos/ship-review-*.md)
EOF
)"

Step 4.2: Request Peer Review

Run /code-review:code-review or /pb-review scoped to PR changes:

# Get the diff for context
gh pr diff [PR-NUMBER]

# Or review specific files
gh pr view [PR-NUMBER] --json files

Review scope: Focus reviewer attention on:

Logic correctness
Edge cases
Security implications
Performance concerns
Maintainability

Step 4.3: Submit Feedback

Add review findings as PR comments:

## Review Feedback

### Must Address (Blocking)
- [ ] [Issue 1 with file:line reference]
- [ ] [Issue 2 with file:line reference]

### Should Address (Non-blocking)
- [ ] [Suggestion 1]
- [ ] [Suggestion 2]

### Notes
- [Observation or question]

Step 4.4: Address Feedback & Iterate

For each feedback item:

Address - Fix the issue
Respond - Comment explaining the fix or decision
Re-request - Ask for re-review

# After addressing feedback
git add -A && git commit -m "fix: address review feedback"
git push

# Re-request review
gh pr ready [PR-NUMBER]

Step 4.5: Get Approved Sign-Off

Approval criteria:

All blocking items addressed
Reviewer explicitly approves
CI passes on final commit (non-negotiable if CI is configured)

# Check PR status and CI checks
gh pr checks [PR-NUMBER]
gh pr status

# Ensure all checks pass - DO NOT merge with failing CI
gh pr checks [PR-NUMBER] --required

CI Gate: If CI is configured, all required checks must be green before merge. No exceptions. If CI is red:

Investigate the failure
Fix the issue (don’t dismiss as flaky)
Push the fix
Wait for CI to pass
Then proceed with approval

Approval comment template:

## Approved

- [x] Code quality verified
- [x] Security considerations reviewed
- [x] Test coverage adequate
- [x] Documentation accurate
- [x] CHANGELOG updated
- [x] Ready for production

LGTM - Ship it!

Phase 5: Merge & Release

Step 5.0: Bisectable Commit Splitting (Large Changes)

For changes touching >3 files across >1 concern, split into bisectable commits before push. This makes git bisect useful and rollbacks surgical. See /pb-commit for the full splitting guide.

Quick reference - dependency order:

Infrastructure/config (migrations, dependencies)
Data/models + tests (data layer with tests together)
Logic/controllers/UI (application code)
Versioning (VERSION, CHANGELOG last)

Skip this step for single-concern changes or small (<50 LOC) changes.

Step 5.1: Final CI Check & Merge PR

Before merging, verify CI one final time:

# Verify all checks pass
gh pr checks [PR-NUMBER]

# If any checks are failing, DO NOT proceed
# Fix the issue first, then return here

Only when all checks are green:

# Squash merge (recommended for clean history)
gh pr merge [PR-NUMBER] --squash --delete-branch

# Or merge commit if preserving history matters
gh pr merge [PR-NUMBER] --merge --delete-branch

Note: If your repository has branch protection rules requiring CI to pass, the merge will be blocked automatically. If not, enforce this discipline manually.

Step 5.2: Release

Run /pb-release:

# Verify main is updated
git checkout main && git pull

# Tag the release
git tag -a vX.Y.Z -m "vX.Y.Z - Brief description"
git push origin vX.Y.Z

# Create GitHub release (use CHANGELOG entry for notes)
gh release create vX.Y.Z --title "vX.Y.Z - Title" --notes "..."

# Deploy
make deploy  # or your deployment command

Step 5.3: Verify Release

# Health check
curl -s [PROD_URL]/api/health | jq

# Smoke test critical flows
# [Project-specific verification commands]

# Monitor for errors
# [Check logs, dashboards, alerts]

Verification checklist:

Health endpoint returns OK
Critical user flows work
No new errors in logs
Metrics look normal
Alerts are quiet

Step 5.4: Release Summary

Update todos/ship-review-YYYY-MM-DD.md:

## Release Summary

**Version:** vX.Y.Z
**Released:** YYYY-MM-DD HH:MM
**PR:** #[number]
**Commit:** [hash]

### What Shipped
- [Feature/fix 1]
- [Feature/fix 2]

### Review Stats
- Reviews completed: 6
- Issues found: X
- Issues fixed: X
- Issues deferred: X

### Verification
- Health check: PASS
- Smoke tests: PASS
- Monitoring: NOMINAL

### Notes
- [Any observations, learnings, or follow-ups]

### Next Steps
- [ ] Monitor for 24h
- [ ] [Any follow-up tasks]

Escape Hatch: Trivial Changes Only

For genuinely trivial changes (typo fix, comment update, README tweak):

# Phase 1: Foundation (still required)
make lint && make test
gh run list --limit 1  # Verify CI passes (if configured)

# Phase 2: Pick ONE relevant review
# /pb-review-hygiene (if code touched)
# /pb-review-docs (if docs touched)

# Phase 3: Skip

# Phase 4: PR (streamlined)
/pb-pr
# Quick peer review
# Get approval

# Phase 5: Ship
gh pr merge --squash --delete-branch
git checkout main && git pull
make deploy

IMPORTANT: This escape hatch is NOT for versioned releases.

Any release that will be tagged (vX.Y.Z) requires:

Phase 1 including Release Artifacts Check
/pb-review-docs from Phase 2 (CHANGELOG verification) - MANDATORY
Phase 3 Go/No-Go checklist
Full Phase 4-5

The escape hatch is for:

Fixing a typo in documentation
Updating a comment
Minor config tweaks
Hotfixes that don’t warrant a version bump

NOT for:

Any logic change
Any new functionality
Any test changes
Any configuration changes
Anything touching security, auth, or data
Any versioned release (vX.Y.Z)

Parallel Reviews (Advanced)

For faster shipping, some reviews can run in parallel:

Sequential (dependencies):
  pb-review-docs (REQUIRED FIRST) → pb-review-hygiene

Parallel (independent):
  ├─ pb-review-tests
  ├─ pb-security
  └─ pb-logging

Sequential (needs stable code):
  All above → pb-release (Phase 1: Readiness Gate)

Troubleshooting

Review found too many issues

Prioritize: CRITICAL > HIGH > MEDIUM > LOW
Timebox: Set a limit for fixes this session
Defer wisely: Document deferred items with rationale
Don’t ship debt: If CRITICAL issues remain, don’t ship

PR feedback cycle taking too long

Scope PRs smaller: Break into multiple PRs
Front-load reviews: Self-review thoroughly before PR
Communicate: Align on expectations with reviewer

Release verification failed

Rollback immediately: If critical
Investigate: Check logs, recent changes
Hotfix or disable: Choose based on severity
Run /pb-incident: If production impact

Forgot to update CHANGELOG

If discovered after merge but before tag:

# Update CHANGELOG on main
git checkout main && git pull
# Edit CHANGELOG.md
git add CHANGELOG.md && git commit -m "docs: add vX.Y.Z changelog entry"
git push
# Then proceed with tagging

If discovered after tag:

# Update CHANGELOG and create patch release or amend release notes
gh release edit vX.Y.Z --notes "..."

Integration with Playbook

Part of development workflow:

/pb-start → /pb-cycle (iterate) → /pb-pause/resume → /pb-ship
                                                        │
                                    ┌───────────────────┘
                                    ↓
                              Foundation
                              + Release Artifacts ← NEW
                                    ↓
                           Specialized Reviews
                           (docs REQUIRED)      ← CLARIFIED
                                    ↓
                              Final Gate
                              (CHANGELOG check) ← ADDED
                                    ↓
                            PR & Peer Review
                                    ↓
                            Merge & Release
                                    ↓
                                Verify

/pb-cycle - Self-review and peer review before shipping
/pb-pr - Create pull request for review
/pb-release - Detailed release tagging and notes
/pb-review-hygiene - Code and project health review
/pb-deployment - Deployment strategies and verification

Checklist Summary

PHASE 1: FOUNDATION
[ ] Quality gates pass (lint, typecheck, test)
[ ] CI passes (if configured) ← REQUIRED
[ ] Basic self-review complete (/pb-cycle)
[ ] Release artifacts verified (CHANGELOG, version)

PHASE 2: SPECIALIZED REVIEWS
[ ] /pb-review-docs - REQUIRED for versioned releases ← CLARIFIED
[ ] /pb-review-hygiene - code quality (recommended)
[ ] /pb-review-hygiene - project health (recommended)
[ ] /pb-review-tests - test coverage (recommended)
[ ] /pb-security - vulnerabilities (recommended)
[ ] /pb-logging - logging standards (optional)

PHASE 3: FINAL GATE
[ ] /pb-release Phase 1 - readiness gate (senior sign-off)
[ ] CHANGELOG.md verified
[ ] Ship decision: GO

PHASE 4: PR & PEER REVIEW
[ ] PR created (/pb-pr)
[ ] Peer review complete
[ ] Feedback addressed
[ ] Approved sign-off received
[ ] CI passes on final commit ← REQUIRED

PHASE 5: MERGE & RELEASE
[ ] Final CI verification (all checks green)
[ ] PR merged
[ ] /pb-release Phase 2-3 - version, tag, GitHub release
[ ] /pb-deployment - execute deployment, verify
[ ] Summary documented

Ship with confidence. Every review is a gift. Never skip CHANGELOG. Never merge with red CI.

Quick PR Creation

Streamlined workflow for creating a pull request with proper context and description.

Mindset: PR review is built on /pb-preamble thinking (challenge assumptions, surface issues) and applies /pb-design-rules thinking (reviewers check that code is Clear, Simple, Modular, Robust).

Reviewers will challenge your decisions. That’s the point. Welcome that feedback-it makes code better. Your job as author is to explain your reasoning clearly so reviewers can engage meaningfully.

Resource Hint: sonnet - PR creation and description formatting

When to Use This Command

Ready to create PR - Code complete, reviewed, and tested
Need PR guidance - Unsure about PR structure or description
PR description help - Want template for clear PR descriptions

Pre-PR Checklist

Before creating PR, verify:

All commits are logical and atomic
Quality gates pass: make lint && make typecheck && make test
Self-review completed (/pb-cycle)
Branch is up to date with main
No merge conflicts

Step 1: Prepare Branch

# Ensure branch is up to date
git fetch origin main
git rebase origin/main

# Verify all changes are committed
git status

# Push branch to remote
git push -u origin $(git branch --show-current)

Step 2: Review Changes

Before writing PR description, understand the full scope:

# See all commits on this branch
git log origin/main..HEAD --oneline

# See full diff against main
git diff origin/main...HEAD --stat

Step 3: Create PR

Use this template:

gh pr create --title "<type>(<scope>): <description>" --body "$(cat <<'EOF'
## Summary

<!-- 1-3 bullet points: what changed and why -->
-
-

## Changes

<!-- Key technical changes, grouped logically -->
-

## Test Plan

<!-- How to verify this works -->
- [ ]
- [ ]

## Screenshots

<!-- If UI changes, add before/after screenshots -->

EOF
)"

PR Title Format

<type>(<scope>): <subject>

Types:

feat: New feature
fix: Bug fix
refactor: Code refactoring
perf: Performance improvement
docs: Documentation
test: Tests
chore: Build/config changes

Examples:

feat(audio): add study mode with guided narration
fix(auth): handle expired token redirect loop
refactor(miniplayer): extract shared button components
perf(fonts): self-host fonts for faster loading

PR Description Guidelines

Summary Section

What changed (user-facing impact)
Why this change (problem being solved)
Keep to 1-3 bullet points

Changes Section

Group related changes logically
Mention key files/components affected
Note any breaking changes

Test Plan Section

Specific steps to verify the change
Include edge cases tested
Note any manual testing performed

Quick Commands

# Create PR with default template
gh pr create --fill

# Create PR and open in browser
gh pr create --web

# Create draft PR
gh pr create --draft --title "WIP: feature name"

# View PR status
gh pr status

# View PR checks
gh pr checks

After PR Created

Verify CI passes - Watch for lint, typecheck, test failures
Self-review in GitHub - Read through the diff one more time
Request review - Tag appropriate reviewers
Respond to feedback - Address comments promptly

Merge Strategy

Squash and merge - Keeps main history clean

Before merging:

All checks green
Approved by reviewer
Conflicts resolved
PR description accurate

/pb-commit - Craft atomic commits before creating PR
/pb-cycle - Self-review and peer review workflow
/pb-review-code - Code review checklist for reviewers
/pb-ship - Full review, merge, and release workflow

Good PRs are small, focused, and well-described.

Development Cycle: Self-Review + Peer Review

Run this after completing a unit of work. Guides you through self-review, quality gates, and peer review before committing.

Resource Hint: sonnet - iterative code review and quality gate checks

Tool-agnostic: This command works with any development tool or peer review process. Claude Code users invoke as /pb-cycle. Using another tool? Read this file as Markdown and follow the checklist with your tool. See /docs/using-with-other-tools.md for adaptation examples.

When to Use This Command

After completing a feature/fix - Before committing changes
During development iterations - Each cycle of code → review → refine
Before creating a PR - Final self-review pass
When unsure if code is ready - Checklist helps verify completeness

Step 0: Outcome Verification (Critical)

Before self-review, verify you’ve achieved the defined outcomes.

Pull up the outcome clarification document (created during /pb-start):

cat todos/work/[task-date]-outcome.md

Verify each success criterion:

Success criterion 1: VERIFIED? (How? Measured? Tested?)
Success criterion 2: VERIFIED?
Success criterion 3: VERIFIED?

If outcomes are NOT met:

Stop. Don’t proceed to self-review.
Ask: “What’s missing?” “Why wasn’t this done?”
Either complete the work, or escalate if blocked.

If outcomes ARE met:

Proceed to Step 1 (Self-Review)

Why this matters: Outcome verification prevents the common trap of “code is done but doesn’t solve the problem.” Verify the problem is solved before polishing the code.

Step 1: Self-Review

Review your own changes critically before requesting peer review.

Use the Self-Review Checklist from /docs/checklists.md:

Code Quality: hardcoded values, dead code, naming, DRY, error messages
Security: no secrets, input validation, parameterized queries, auth checks, logging
Testing: unit tests, edge cases, error paths, all tests passing
Documentation: comments for “why”, clear names, API docs updated
Database: reversible migrations, indexes, constraints, no breaking changes
Performance: N+1 queries, pagination, timeouts, unbounded loops

Step 2: Quality Gates

Run before proceeding to peer review:

make lint        # Linting passes
make typecheck   # Type checking passes
make test        # All tests pass

All gates must pass. Fix issues before proceeding.

Step 3: Peer Review

Request review from senior engineer perspective.

For reviewers: Use /pb-review-code for the complete code review checklist.

CRITICAL: Reviewers must verify outcomes before approving.

Before approving, reviewer should check:

Outcomes were defined (in outcome clarification document)
Success criteria are met (verified in code/tests)
If outcomes not met: Ask author to complete work or explain why criteria changed
If outcomes met: Proceed to code review

Why this matters: A perfectly written feature that doesn’t solve the problem is waste. Verify the problem is solved before approving.

Important: Peer review assumes /pb-preamble thinking (challenge assumptions, surface flaws, question trade-offs) and applies /pb-design-rules (check for clarity, simplicity, modularity).

Reviewer should:

Challenge architectural choices and design decisions
Check that code follows design rules: Clarity, Simplicity, Modularity
Ask clarifying questions about trade-offs
Surface flaws directly
Verify outcomes and success criteria met (not just code quality)

Author should welcome and respond to critical feedback. This is how we catch problems early-in code review, not production.

Architecture Review

Changes align with existing patterns
No unnecessary complexity introduced
Separation of concerns maintained
Dependencies appropriate (not pulling in large libs for small tasks)

Correctness Review

Logic handles all stated requirements
Edge cases considered
Error handling is comprehensive
Race conditions considered for concurrent operations

Maintainability Review

Code is readable without extensive comments
Functions are single-purpose and reasonably sized
Magic values extracted to constants
Naming clearly expresses intent

Security Review

No injection vulnerabilities (SQL, command, etc.)
Authorization properly enforced
Sensitive operations properly audited
No information leakage in error responses

Test Review

Tests actually verify the behavior (not just coverage%)
Test names describe what they verify
Mocks/stubs used appropriately
No flaky tests introduced

Step 4: Address Feedback

If issues identified:

Fix the issues - Don’t argue, just fix
Re-run self-review - Ensure fix didn’t break something else
Re-run quality gates - All must pass again
Request re-review if needed - For significant changes

Step 5: Commit

After reviews pass, create a logical commit:

git add [specific files]    # NEVER use git add . or git add -A
git status                  # Verify what's staged
git diff --staged           # Review staged changes
git commit -m "$(cat <<'EOF'
type(scope): subject

Body explaining what and why
EOF
)"

Warning: Never use git add . or git add -A. Always stage specific files intentionally. Blind adds lead to:

Committing debug code, secrets, or unrelated changes
Losing track of what’s in each commit
Breaking atomic commit discipline

Commit Message Guidelines

Types:

feat: New feature
fix: Bug fix
refactor: Code change (no behavior change)
docs: Documentation only
test: Adding/updating tests
chore: Build, config, tooling
perf: Performance improvement

Good Example:

feat(audio): add section track for study mode

- SectionTrack component with labeled horizontal pipeline
- Progress calculation spans all sections
- Visual states: completed (filled), current (glow), upcoming (hollow)

Bad Example:

update code

Step 6: Update Tracker

After each commit, update your progress tracker to capture what’s done and what remains.

# Check for master tracker / phase docs
ls todos/*.md
ls todos/releases/*/

Update in tracker:

Mark completed task as done
Note commit hash for reference
Review remaining tasks
Identify next task for upcoming iteration

Why this matters: Trackers keep you aligned with original goals. Without updates:

You lose track of progress
Next steps become “guessed” instead of planned
Scope creep goes unnoticed
Context is lost between sessions

Tracker update template:

## [Date] Iteration Update

**Completed:**
- [x] Task description - commit: abc1234

**In Progress:**
- [ ] Next task - starting next iteration

**Remaining:**
- [ ] Task 3
- [ ] Task 4

Tip: If no tracker exists, create one. Even a simple todos/tracker.md prevents drift.

Step 7: Context Checkpoint

After committing, assess context health. See /pb-claude-orchestration for detailed context management strategies (compaction timing, thresholds, preservation techniques).

Quick check: If 3+ iterations completed or 5+ files read this session, consider checkpointing - update tracker, start fresh session.

Quick Cycle Summary

1. Write code following standards
2. Self-review using checklist above
3. Run: make lint && make typecheck && make test
4. Request peer review (senior engineer perspective)
5. Address any feedback
6. Commit with clear message (specific files, not git add -A)
7. Update tracker (mark done, note commit, identify next)
8. Context checkpoint (assess if session should continue or refresh)
9. Repeat for next unit of work

When to Stop and Ask

Requirements are unclear
Multiple valid approaches exist
Change impacts system architecture
Peer review raises design concerns
Scope is expanding beyond original intent

Don’t proceed with uncertainty. Clarify first.

Anti-Patterns to Avoid

Anti-Pattern	Why It’s Bad	Do This Instead
Skip self-review	Wastes peer reviewer’s time	Always self-review first
Ignore lint warnings	Warnings become bugs	Fix all warnings
“It works” without tests	Technical debt	Add tests alongside code
Large commits	Hard to review/revert	Small, logical commits
Vague commit messages	History is useless	Explain what and why
Push and hope	Quality degradation	Verify before push

Iteration Frequency

Commit after each meaningful unit of work:

After completing…	Commit type
A new component/feature	`feat:`
A bug fix	`fix:`
A refactor (no behavior change)	`refactor:`
Backend API changes	`feat/fix:`
Config/build changes	`chore:`
Test additions	`test:`

Don’t wait until end of session. Commit incrementally.

Integration with Playbook

Part of feature development workflow:

/pb-start → Create branch, set iteration rhythm
/pb-resume → Get back in context (if context switching)
/pb-cycle → Self-review + peer review (YOU ARE HERE)
- Includes: /pb-testing (write tests), /pb-standards (check principles), /pb-security (security gate)
- Peer reviewer uses: /pb-review-code (code review checklist)
/pb-commit → Craft atomic commits (after approval)
/pb-pr → Create pull request
/pb-review-* → Additional reviews if needed
/pb-release → Deploy

Key integrations during /pb-cycle:

Peer Review: /pb-review-code for reviewer’s code review checklist
Testing: /pb-testing for test patterns (unit, integration, E2E)
Security: /pb-security checklist during self-review
Logging: /pb-logging standards for logging validation
Standards: /pb-standards for working principles
Documentation: /pb-documentation for updating docs alongside code

After /pb-cycle approval:

/pb-commit - Craft atomic, well-formatted commit
/pb-pr - Create pull request with context

See also: /docs/integration-guide.md for how all commands work together

/pb-start - Begin new development work
/pb-commit - Create atomic commits after cycle
/pb-pr - Create pull request when ready
/pb-review-code - Code review checklist for peer reviewers
/pb-testing - Test patterns and strategies

Every iteration gets the full cycle. No shortcuts.

Todo-Based Implementation Workflow

Structured implementation of individual todos with checkpoint-based approval. Transforms vague todos into concrete, tested features with full audit trail.

Checkpoint thinking: Each checkpoint is a gate where /pb-preamble thinking (challenge assumptions, surface risks) and /pb-design-rules thinking (verify Clarity, verify Simplicity) apply. Challenge assumptions at each stage. Don’t proceed past a gate without genuine confidence that design is sound and risks are surfaced.

Resource Hint: sonnet - structured task implementation with checkpoints

Philosophy

When to Use This

Use /pb-todo-implement when:

You have a clearly scoped todo or task to implement
You want structured checkpoint-based review (not just final review)
You want codebase analysis before implementation
You want full audit trail of completed work
You’re implementing on current branch (no feature branches)

Use /pb-plan instead if:

Planning a multi-phase release with multiple focus areas
Scope is still being clarified
You need multi-perspective alignment before starting

Use /pb-cycle instead if:

You’re ready for full self-review + peer review
Implementation is already complete, you need code review

Workflow Phases

You MUST follow these phases in order: INIT → SELECT → REFINE → IMPLEMENT → COMMIT

At each STOP, you MUST get user confirmation or input before proceeding.

Phase 1: INIT - Establish Context

Goal

Ensure project context is clear and detect any orphaned work from previous sessions.

Steps

1. Load Project Context

Check for todos/project-description.md:

If exists: Read in full
If missing: Use parallel Task agents to analyze:
- Purpose, features, business value
- Languages, frameworks, build tools (extract from package.json, Makefile, etc.)
- Components and architecture
- Key commands: build, test, lint, dev/run
- Testing setup and how to add new tests

Then propose:

# Project: [Name]
[1-2 sentence description]

## Features
[Key capabilities and purpose]

## Tech Stack
[Languages, frameworks, build/test/deploy tools]

## Structure
[Key directories, entry points, important files]

## Architecture
[How components interact, main modules]

## Commands
- Build: [command]
- Test: [command]
- Lint: [command]
- Dev/Run: [command]

## Testing
[How to create and run new tests]

STOP → “Are there corrections to the project description? (y/n)”

If yes: Gather corrections
If no: Proceed to detect orphans

2. Detect Orphaned Work

Check todos/work/ for any tasks from interrupted sessions:

mkdir -p todos/work todos/done
for task_dir in todos/work/*/; do
  [ -f "$task_dir/task.md" ] || continue
  status=$(grep "^**Status:**" "$task_dir/task.md" | head -1)
  echo "$(basename "$task_dir"): $status"
done

If orphaned tasks exist:

STOP → “Found incomplete tasks. Resume one? (number/name or ‘skip’)”

If resuming:

Read full task.md from selected task
Continue to appropriate phase:
- Status: Refining → Jump to Phase 2 (REFINE)
- Status: InProgress → Jump to Phase 3 (IMPLEMENT)
- Status: AwaitingCommit → Jump to Phase 4 (COMMIT)

If skipping: Continue to SELECT

Phase 2: SELECT - Choose Todo

Goal

Pick a todo from your backlog and create a task tracking document.

Steps

1. Read Todo List

Read todos/todos.md in full. If missing, create it:

# Project Todos

## Backlog

- [ ] [Todo 1 - one line summary]
- [ ] [Todo 2 - one line summary]
- [ ] [Todo 3 - one line summary]

## Completed

(Move items here after successful completion)

2. Present Todos

Show numbered list with one-line summaries:

1. [Todo 1 summary]
2. [Todo 2 summary]
3. [Todo 3 summary]

STOP → “Which todo to implement? (enter number)”

3. Create Task Tracking

Create task directory and initialize tracking file:

TASK_DIR="todos/work/$(date +%Y-%m-%d-%H-%M-%S)-[task-title-slug]/"
mkdir -p "$TASK_DIR"

Initialize $TASK_DIR/task.md:

# [Task Title]

**Status**: Refining
**Created**: [YYYY-MM-DD HH:MM:SS]
**Effort**: [estimate: 30min / 1-2hrs / 2-4hrs / 4hrs+]
**Priority**: [P0/P1/P2]

## Original Todo
[Raw text from todos/todos.md]

## Description
[What we're building - write after REFINE phase]

## Implementation Plan
[How we're building it - write after REFINE phase]
- [ ] Code change with location(s) if applicable (file.ts:45-93)
- [ ] Automated test: [what to test]
- [ ] Manual verification: [user-facing steps]
- [ ] Update docs: [if applicable]

## Notes
[Implementation notes and discoveries]

4. Update Todo List

Remove the selected todo from todos/todos.md (move it to “In Progress” section).

STOP → “Ready to refine this todo? (y/n)”

Phase 3: REFINE - Analyze and Plan

Goal

Understand exactly what needs to change and how to implement it.

Steps

1. Codebase Analysis

Use parallel Task agents to analyze:

Where in codebase changes are needed (specific files/lines)
Existing patterns to follow (naming, structure, error handling)
What related features/code already exist
Dependencies and integration points
Test structure for this area

Create $TASK_DIR/analysis.md with findings:

# Codebase Analysis

## Files to Modify
- [file.ts:45-93] - Description of what needs to change
- [file.ts:120-150] - Description of what needs to change

## Existing Patterns
- [Pattern name] - How it's currently used in [file.ts:XX]
- [Pattern name] - Applicable pattern for this feature

## Related Code
- [Related feature 1] implemented in [file.ts:XX]
- [Related feature 2] implemented in [file.ts:XX]

## Dependencies
- [External API/service] - Used in [file.ts:XX]
- [Internal module] - Imported in [file.ts:XX]

## Test Structure
- Test file: [test-file.ts]
- How to add tests: [steps]

2. Draft Description

Based on analysis, propose:

## Description

[Clear explanation of what we're building]
- What problem does this solve?
- Who benefits?
- What's the user-facing impact?

STOP → “Use this description? (y/n)”

If no: Refine and re-present
If yes: Add to task.md

3. Draft Implementation Plan

Based on analysis, propose:

## Implementation Plan

[How we're building it]

### Checkpoints
- [ ] [Code change] - [file.ts:XX], [description]
- [ ] [Automated test] - [test case description]
- [ ] [Manual verification] - [steps to verify manually]
- [ ] [Docs update] - [if applicable]

STOP → “Use this implementation plan? (y/n)”

If no: Refine and re-present
If yes: Add to task.md

4. Finalize

Update task.md:

Set **Status**: InProgress
Add analysis results to Notes section
Add final Description and Implementation Plan

STOP → “Ready to implement? (y/n)”

Phase 4: IMPLEMENT - Execute Plan

Goal

Execute the implementation plan checkpoint-by-checkpoint with user approval at each step.

Steps

1. Work Checkpoint-by-Checkpoint

For each checkbox in implementation plan:

A. Make the change

Code modifications
New files
Deletions
Test additions

B. Summarize Show what was changed, why, and how it aligns with the plan.

C. Ask for approval

STOP → “Approve these changes? (y/n)”

If no: Refine or revert and re-propose
If yes: Proceed to mark complete

D. Mark complete and stage

Update checkbox in task.md: - [x] [description]
Stage changes: git add -A

2. Handle Unexpected Work

If you discover work not in the plan:

STOP → “Plan needs a new checkpoint: [description]. Add it? (y/n)”

If yes: Add checkbox to plan, proceed with work
If no: Record in Notes as deferred, continue with plan

3. Validation

After all checkpoints complete, validate:

# Run tests
[TEST_COMMAND]

# Run lint
[LINT_COMMAND]

# Run build (if applicable)
[BUILD_COMMAND]

If validation fails:

STOP → “Validation failed. Add these checkpoints to fix? [list]”

If yes: Add to plan and continue IMPLEMENT from step 1
If no: Record in Notes and proceed (may need post-implementation follow-up)

4. Manual Verification

Present user test steps:

STOP → “Do all manual verification steps pass? (y/n)”

If no: Gather details on what failed, return to step 1
If yes: Proceed to COMMIT phase

5. Update Project Description (if needed)

If implementation changed structure, features, or commands:

STOP → “Update project description with these changes? (y/n)”

If yes: Update todos/project-description.md
If no: Record in Notes as doc debt

6. Ready for Commit

Update task.md: **Status**: AwaitingCommit

Phase 5: COMMIT - Finalize Work

Goal

Commit changes with full audit trail and move task to completed.

Steps

1. Present Summary

Show what was accomplished:

## What Was Accomplished

- [Specific change 1]
- [Specific change 2]
- [Test added for X]
- [Docs updated for Y]

Files Changed:
- [file.ts:XX-YY]
- [new-file.ts]

Tests Added:
- [test case 1]
- [test case 2]

STOP → “Ready to commit all changes? (y/n)”

2. Finalize Task Document

Update task.md:

Set **Status**: Done
Add completion timestamp

3. Move Task to Archive

mv todos/work/[timestamp]-[task-slug]/task.md todos/done/[timestamp]-[task-slug].md
mv todos/work/[timestamp]-[task-slug]/analysis.md todos/done/[timestamp]-[task-slug]-analysis.md
rmdir todos/work/[timestamp]-[task-slug]/

4. Create Atomic Commit

git add -A
git commit -m "[task-title]: [one-line summary]

[More detailed description if needed]

- Closes: [if applicable]
- Testing: [What was tested]"

5. Update Todo List

Move completed todo to “Completed” section in todos/todos.md:

## Completed

- [x] [Todo that was just completed]

6. Offer Next Step

STOP → “Continue with next todo? (y/n)”

If yes: Return to Phase 2 (SELECT)
If no: Done for this session

Checkpoints Summary

Phase	Stop Points	Decision
INIT	2	Corrections? Resume orphan?
SELECT	2	Which todo? Ready to refine?
REFINE	4	Description? Plan? Ready to implement?
IMPLEMENT	Per checkpoint	Approve changes? New checkpoints needed? Tests pass? Docs updated?
COMMIT	2	Summary correct? Continue with next?

Integration with Playbook

Workflow Integration

/pb-plan
  ↓ (after scope is locked)
/pb-todo-implement  ← YOU ARE HERE
  ↓ (when code is ready for review)
/pb-cycle (self-review + peer review)
  ↓ (when ready to finalize)
/pb-pr or /pb-commit (create PR or direct commit)

Before this: /pb-plan - Plan the focus area and phases
After implementation: /pb-cycle - Self-review + peer review
Finalizing: /pb-pr - Create pull request, /pb-commit - Direct commit
Code quality: /pb-review-hygiene - Code cleanup and review

Directory Structure

todos/
├── todos.md                      # Your backlog
├── project-description.md        # Project context
├── work/
│   └── YYYY-MM-DD-HH-MM-SS-task-slug/
│       ├── task.md             # Current task being implemented
│       └── analysis.md          # Codebase analysis findings
└── done/
    ├── YYYY-MM-DD-HH-MM-SS-task-slug.md           # Completed task
    └── YYYY-MM-DD-HH-MM-SS-task-slug-analysis.md  # Analysis archive

Best Practices

Checkpoint Design

[NO] Too coarse: "[ ] Implement everything"
[YES] Right-sized: "[ ] Add validation to email input (user.ts:45-60)"

[NO] Too vague: "[ ] Fix the bugs"
[YES] Clear: "[ ] Fix password reset error when email has +address (fix in auth-service.ts:120)"

[NO] Too many: "[ ] Change 1 variable, [ ] Change 2 variables, [ ] Change 3 variables"
[YES] Grouped: "[ ] Update config variables in config.ts:10-30"

Effort Estimation

Effort: 30min      - Trivial change, single file, no tests
Effort: 1-2hrs     - Simple change, 2-3 files, basic tests
Effort: 2-4hrs     - Moderate change, multiple files, comprehensive tests, docs
Effort: 4hrs+      - Large change, architectural impact, extensive testing

Priority Levels

Priority: P0       - Critical bug, blocks other work, prod incident
Priority: P1       - Important feature, needed for release, high business value
Priority: P2       - Nice to have, can be deferred, lower priority

Example: Adding a Feature

Phase 1: INIT

→ Project context loaded, no orphans detected

Phase 2: SELECT

→ Selected: “Add user profile endpoint”

Phase 3: REFINE

→ Analysis: Need to modify user-service.ts, add tests to user-service.test.ts → Plan: Endpoint implementation, request validation, response serialization, tests, docs

Phase 4: IMPLEMENT

→ Implement endpoint in user-service.ts → Add validation middleware → Create unit tests → Add integration test → Update API docs

Phase 5: COMMIT

→ Commit: “user-service: add user profile endpoint” → Update todos.md: move to Completed

Red Flags to Watch For

Scope Creep

“While I’m here, let me also…”
“This would be easy to add…”

Fix: Record in Notes as future todo, stay focused on current task

Missing Alignment

Discovery reveals different solution needed
Dependencies blocking implementation

Fix: STOP and discuss with user before proceeding

Test Gaps

Implementation complete but no tests
Tests don’t match stated acceptance criteria

Fix: Add test checkpoint, ensure coverage before COMMIT

Incomplete Analysis

Implementation reveals files/patterns we missed
Integration complexity was underestimated

Fix: Update analysis.md, propose new checkpoints, adjust effort estimate

Usage

Start implementing a todo:

/pb-todo-implement

The workflow will:

Load project context
Show your todos and let you pick one
Analyze the codebase thoroughly
Get your approval on description and plan
Walk through implementation checkpoint-by-checkpoint
Commit when complete with full audit trail
Offer to start next todo

Created: 2026-01-11 | Category: Development | Tier: M

Advanced Testing Scenarios

Move beyond unit tests. Test behavior, catch mutations, verify contracts, stress systems.

Mindset: Testing embodies /pb-preamble thinking (challenge assumptions, surface flaws) and /pb-design-rules thinking (tests should verify Clarity, verify Robustness, check that failures are loud).

Your tests should challenge assumptions about code behavior. Find edge cases you didn’t think of. Question whether tests are actually testing behavior, not just hitting lines of code. Write tests that surface flawed thinking and verify design rules are honored.

Resource Hint: sonnet - test strategy design and implementation patterns

When to Use

Moving beyond unit tests to property-based, mutation, or contract testing
Designing test strategy for a new service or critical path
Strengthening weak tests identified by code review or mutation analysis

Purpose

Unit tests find bugs in code. Advanced testing finds bugs in:

Property-based tests: Edge cases you didn’t think of
Mutation tests: Tests that are too weak
Contract tests: Integration between services
Chaos tests: Failure scenarios
Performance tests: Degradation under load

Property-Based Testing

The Problem with Example-Based Tests

# Example-based test (traditional)
def test_sort():
    assert sort([3, 1, 2]) == [1, 2, 3]  # One example
    assert sort([]) == []  # Another example

# Problem: What about edge cases you didn't think of?
# - Negative numbers? Duplicates? Very large lists? Mixed types?

Property-Based Testing Solution

Generate many random inputs, verify property holds for all.

from hypothesis import given, strategies as st

# Property: After sorting, all elements in order
@given(st.lists(st.integers()))
def test_sort_property(unsorted_list):
    sorted_list = sort(unsorted_list)
    # Verify property for ANY input
    for i in range(len(sorted_list) - 1):
        assert sorted_list[i] <= sorted_list[i + 1]
    # Hypothesis generates 100+ random inputs automatically

# Hypothesis finds edge cases:
# - Empty list: [] → []
# - Single item: [1] → [1]
# - Duplicates: [1, 1, 2] → [1, 1, 2]
# - Negative: [-5, 0, 3] → [-5, 0, 3]
# - Large list: [9123, -4, ...] → sorted

More Property Examples

# Property: Reversing twice gives original
@given(st.lists(st.integers()))
def test_reverse_twice(lst):
    assert reverse(reverse(lst)) == lst

# Property: Adding to set then checking membership is True
@given(st.lists(st.integers()))
def test_set_membership(lst):
    s = set(lst)
    for item in lst:
        assert item in s

# Property: JSON encode then decode gives original
@given(st.lists(st.dictionaries(st.text(), st.integers())))
def test_json_roundtrip(data):
    json_str = json.dumps(data)
    decoded = json.loads(json_str)
    assert decoded == data

When to Use Property-Based Testing

[YES] DO use for:

Utility functions (sort, parse, format)
Mathematical functions
Data structure operations
Encoding/decoding

[NO] DON’T use for:

Functions with complex business logic
Functions with side effects
Database queries
External API calls

Mutation Testing

The Problem: Weak Tests

# Code being tested
def is_adult(age):
    return age >= 18

# Traditional test (looks good)
def test_is_adult():
    assert is_adult(20) == True
    assert is_adult(10) == False

# Problem: These tests would PASS for ANY implementation
def is_adult_broken(age):
    return True  # Always returns True, test still passes!

def is_adult_broken2(age):
    return age >= 21  # Wrong threshold, test still passes!

Mutation Testing Solution

Mutate code (change >= to >, = to !=, etc) and verify tests fail.

# Mutation testing with mutmut (Python)
# 1. Run tests normally: all pass
pytest

# 2. mutmut finds all code mutations
# 3. Runs tests for each mutation
# 4. Reports which mutations "survived" (tests still pass)

mutmut run

# Results:
# - Mutation: age >= 18 → age > 18
#   Tests: FAIL (good, test caught mutation)
# - Mutation: age >= 18 → age <= 18
#   Tests: FAIL (good, test caught mutation)
# - Mutation: age >= 18 → age >= 17
#   Tests: PASS (BAD, test didn't catch this mutation!)
#   SCORE: 66% (2/3 mutations caught)

Fixing Weak Tests

# Weak test (mutant age >= 17 survives)
def test_is_adult():
    assert is_adult(20) == True
    assert is_adult(10) == False

# Better test (catches age >= 17 mutation)
def test_is_adult():
    assert is_adult(20) == True
    assert is_adult(18) == True   # Boundary: 18 should be True
    assert is_adult(17) == False  # Boundary: 17 should be False
    assert is_adult(10) == False  # Below boundary

# Now mutation age >= 17 is caught!

Mutation Testing Across Languages

JavaScript:

npm install stryker
npx stryker run
# Reports mutation score: % of mutations caught

Python:

pip install mutmut
mutmut run --html-report
# Reports detailed mutations and survival

Java:

mvn install pitest:mutationCoverage
# Generates HTML report of mutations

When to Use Mutation Testing

[YES] DO use for:

Critical code paths
Mathematical/utility functions
Security code
Data validation

[NO] DON’T use for:

Every function (slow, overkill)
Integration tests
UI code

Contract Testing

The Problem: Integration Breaks

Service A (depends on B)
├─ Expects: GET /users returns {"id": int, "name": string}
└─ Tests: Mocks this response, all pass

Service B (provides API)
├─ Implements: GET /users returns {"userId": int, "fullName": string}
└─ Tests: All pass

Problem: Service A calls Service B in production
         API contract changed (id → userId, name → fullName)
         Integration breaks in production
         Tests in both services passed!

Contract Testing Solution

Define contract, both services test against it.

# Shared contract definition
# contracts/user_service_contract.py

USER_CONTRACT = {
    "type": "object",
    "properties": {
        "id": {"type": "integer"},
        "name": {"type": "string"},
        "email": {"type": "string"}
    },
    "required": ["id", "name"]
}

Service B (Provider) Tests Contract

# Service B: Verify API returns contract
import json_schema_validator

def test_get_user_matches_contract():
    response = client.get('/users/123')
    # Verify response matches contract
    validate(response.json(), USER_CONTRACT)
    # If contract defines: {"id": int, "name": string}
    # But code returns: {"userId": int, "fullName": string}
    # Test FAILS (caught before shipping)

Service A (Consumer) Tests Contract

# Service A: Verify mocks match contract
def test_get_user():
    with mock_user_service(returns=CONTRACT):  # Mock uses contract
        response = user_service.get_user(123)
        # Test uses actual contract, not hand-written mock
        assert response['id'] == 123
        assert response['name'] == 'John'

# If contract changes in Service B, contract definition updates
# Both services see the change, both update their code/tests

Contract Testing Tools

Pact (Most popular):

# Provider: Verify API matches consumer contract
from pact import Provider
pact = Provider("UserService")

# Consumer recorded contract expectations
pact.upon_receiving('a request for user 123') \
    .with_request('get', '/users/123') \
    .will_respond_with(200, body={"id": 123, "name": "John"})

# Provider tests: Does our API match consumer expectations?
pact.verify()  # PASS or FAIL

When to Use Contract Testing

[YES] DO use for:

Microservices communication
Public APIs
Third-party integrations
Service boundaries

[NO] DON’T use for:

Internal functions
Single-service monoliths
Unit tests

Chaos Engineering

The Problem: Untested Failure Modes

def get_user_with_orders(user_id):
    user = user_service.get(user_id)      # What if this fails?
    orders = order_service.get(user_id)   # What if this fails?
    recommendations = ai_service.recommend(user_id)  # What if this fails?
    return {user, orders, recommendations}

# Tests: All services work → all tests pass
# Production: AI service is slow one day → what happens?
# Answer: We don't know (and users find out)

Chaos Testing Solution

Intentionally break things, verify system handles gracefully.

# Chaos test: Order service is slow
@chaos_test(failure_mode='latency', service='order_service', latency=10_000)
def test_order_service_slow():
    response = client.get('/users/123')
    # Service should handle gracefully:
    # - Return user with empty orders (fallback)
    # - OR return user without recommendations
    # - OR timeout after 5 seconds with cached data
    # - NOT return error 500
    assert response.status_code == 200
    assert 'user' in response.json()
    assert response.elapsed < 5  # Timeout after 5 seconds

# Chaos test: Database down
@chaos_test(failure_mode='error', service='database', error='connection refused')
def test_database_down():
    response = client.get('/users/123')
    # Should handle gracefully (use cache, return degraded data, etc)
    assert response.status_code in [200, 503]  # OK or degraded service

# Chaos test: External API returns 500
@chaos_test(failure_mode='error_rate', service='payment', error_rate=0.5)
def test_payment_errors():
    # When payment API fails 50% of time:
    results = [client.post('/checkout') for _ in range(100)]
    # Should handle: retry, fallback, queue for later, etc
    # Not just return 500 errors

Chaos Engineering Tools

Gremlin (Commercial):

Inject failures: latency, packet loss, CPU spike, memory leak
Gradual rollout: 5% of traffic → 25% → 100%
Automated recovery

Chaos Toolkit (Open Source):

# chaos-experiment.yml
title: "Order Service Handles Payment Failures"
description: "Verify orders queue when payment API down"

probes:
- type: http
  name: "Get orders"
  method: GET
  url: http://api/orders

actions:
- type: "latency"
  duration: 5000  # 5 second latency
  target: "payment-api"
  percentage: 100

rollbacks:
- type: "stop"
  target: "payment-api-failure"

When to Use Chaos Testing

[YES] DO use for:

Distributed systems
Microservices
Critical paths
Before major incidents happen

[NO] DON’T use for:

Development environments
Simple systems
Nice-to-have features

Performance Testing

Beyond Load Testing

Load testing answers: “Can it handle 10,000 users?”

Performance testing answers: “Is it still fast with 10,000 users? What breaks first?”

# Load test: Can it handle the load?
wrk -c 1000 http://localhost:8000/
# Result: 100 req/sec, system handling

# Performance test: What degrades first?
# 100 users: P99 = 50ms, CPU 20%, Memory 30%, DB connections 10
# 500 users: P99 = 150ms, CPU 60%, Memory 60%, DB connections 50
# 1000 users: P99 = 800ms, CPU 95%, Memory 85%, DB connections 90
# 1500 users: P99 = 8000ms, CPU 100%, Memory 100%, DB connections 100 (LIMIT!)

# Finding: Database connection pool is bottleneck at 1500 users
# Solution: Increase pool size, use connection pooling, optimize queries

Stress Testing (Finding Breaking Points)

# Start slow, gradually increase load until something breaks
# 10 req/sec → all pass
# 50 req/sec → all pass
# 100 req/sec → all pass
# 500 req/sec → 5% errors (connection pool limit?)
# 750 req/sec → 20% errors
# 1000 req/sec → 50% errors (broken)

# Breaking point found at 500 req/sec (connection pool limit)

Soak Testing (Finding memory leaks)

# Run constant load for long time (hours, days)
# 100 req/sec for 24 hours

# Monitor:
# Hour 0: Memory 500MB
# Hour 6: Memory 550MB
# Hour 12: Memory 650MB
# Hour 24: Memory 950MB (memory leak!)

# Finding: Memory growing 20MB/hour
# Solution: Find memory leak, fix it

Testing in Production

Safe Practices

[YES] Production Testing:

Real traffic reveals real issues
Catch edge cases not seen in tests
Validate actual performance
Test real integrations

[NO] But be careful:

Don’t corrupt user data
Don’t expose security issues
Have rollback ready
Monitor closely

A/B Testing Framework

# Serve two versions, compare metrics
def checkout():
    user = get_user()

    # 50% of users get new checkout, 50% get old
    if user.id % 2 == 0:
        version = 'new_checkout'
        checkout_flow = new_checkout(user)
    else:
        version = 'old_checkout'
        checkout_flow = old_checkout(user)

    # Log which version, then track metrics
    metrics.record('checkout_version', version)
    metrics.record('checkout_success', checkout_flow.succeeded)
    metrics.record('checkout_latency', checkout_flow.duration)

    return checkout_flow

# After 1 week:
# Old: 85% success, 1500ms avg latency
# New: 92% success, 800ms avg latency (BETTER!)
# → Rollout new_checkout to 100%

Synthetic Monitoring (Test Production Regularly)

# Run automated test against production periodically
@schedule(every_5_minutes)
def synthetic_test_production():
    # Test critical user flows
    user = create_test_user()

    # Signup flow
    signup_response = requests.post(
        'https://prod.example.com/api/signup',
        json={'email': user.email, 'password': user.password}
    )
    assert signup_response.status_code == 200

    # Login flow
    login_response = requests.post(
        'https://prod.example.com/api/login',
        json={'email': user.email, 'password': user.password}
    )
    assert login_response.status_code == 200

    # Checkout flow
    checkout_response = requests.post(
        'https://prod.example.com/api/checkout',
        json={'user_id': user.id, 'items': [1, 2, 3]}
    )
    assert checkout_response.status_code == 200

    # If any fail, alert on-call

Test Data Strategies

Problem: Production Data in Tests

# [NO] BAD: Using real production data
def test_checkout():
    user = User.objects.get(id=12345)  # Real user
    checkout = checkout_flow(user)
    # Problem: If test changes data, affects real user

Solution: Test Data Builders

# [YES] GOOD: Build test data on demand
class UserBuilder:
    def __init__(self):
        self.email = f"test_{uuid4()}@example.com"
        self.age = 30
        self.balance = 100

    def with_age(self, age):
        self.age = age
        return self

    def build(self):
        return User.create(**self.__dict__)

def test_checkout():
    user = UserBuilder().with_age(25).build()  # Fresh test user
    checkout = checkout_flow(user)
    assert checkout.succeeded
    # Test data cleaned up after test

Factories for Complex Objects

from factory import Factory, SubFactory

class UserFactory(Factory):
    class Meta:
        model = User

    email = factory.Sequence(lambda n: f"user{n}@example.com")
    age = 30
    balance = Decimal('100.00')

class OrderFactory(Factory):
    class Meta:
        model = Order

    user = SubFactory(UserFactory)
    total = Decimal('50.00')
    status = 'pending'

# Usage:
user = UserFactory(age=25)  # Create user with custom age
order = OrderFactory(user=user)  # Create order linked to user
orders = OrderFactory.create_batch(10)  # Create 10 orders

Testing Pyramid & Strategy

         ┌─────────────────────────┐
         │    E2E Tests (10%)      │  Slow, brittle, but test real flows
         ├─────────────────────────┤
         │ Integration Tests (30%) │  Test component interaction
         ├─────────────────────────┤
         │  Unit Tests (60%)       │  Fast, isolated, unit level
         └─────────────────────────┘

Advanced testing adds:

         ┌──────────────────────────────┐
         │  Chaos/Chaos (5%)            │  Failure scenarios
         ├──────────────────────────────┤
         │  Contract Tests (10%)        │  Integration boundaries
         ├──────────────────────────────┤
         │  Mutation Tests (5%)         │  Test strength
         ├──────────────────────────────┤
         │  Property-Based (10%)        │  Edge cases
         ├──────────────────────────────┤
         │  Synthetic Monitoring (5%)   │  Production health
         ├──────────────────────────────┤
         │  Traditional (65%)           │  Unit/Integration/E2E
         └──────────────────────────────┘

Advanced Testing Checklist

For Utility Functions

Unit tests: Happy path + edge cases
Property-based tests: Verify properties hold for any input
Mutation tests: Verify tests are strong enough

For Microservices

Unit tests: Service logic
Contract tests: API contracts with other services
Integration tests: With databases/caches
Chaos tests: Failure scenarios
Synthetic monitoring: Production health

For Critical Paths

Unit tests: Individual components
Integration tests: End-to-end flow
Performance tests: Can it handle load?
Chaos tests: What if external service fails?
A/B testing: Real user validation

Integration with Playbook

Part of quality and testing:

/pb-guide - Section 6 covers testing strategy
/pb-cycle - Includes testing in peer review
/pb-review-tests - Periodic test review
/pb-observability - Monitoring catches regression

/pb-cycle - Testing as part of development iteration
/pb-review-tests - Periodic test coverage review
/pb-standards - Code quality and testing principles
/pb-debug - Debugging methodology when tests fail

Advanced Testing Checklist

Setup

Property-based testing framework installed (Hypothesis, QuickCheck, etc)
Mutation testing tool configured (mutmut, Stryker, etc)
Contract testing tool ready (Pact, Spring Cloud Contract)
Chaos engineering platform available (Chaos Toolkit, Gremlin)
Load testing tool configured (wrk, k6, Locust)

Implementation

Property-based tests for utility functions
Mutation tests on critical code (target > 90% mutation score)
Contract tests on service boundaries
Chaos tests for failure scenarios
Synthetic monitoring on critical paths

Validation

Property tests find edge cases
Mutation tests catch weak tests
Contract tests prevent integration breaks
Chaos tests verify graceful degradation
Synthetic tests verify production health

Created: 2026-01-11 | Category: Development | Tier: M/L

Jordan Okonkwo Agent: Testing & Reliability Review

Test-centric quality thinking focused on finding gaps, not coverage numbers. Reviews test strategies through the lens of “what could go wrong that we haven’t tested?”

Resource Hint: opus - Test strategy quality, reliability assessment, gap identification.

Mindset

Apply /pb-preamble thinking: Challenge whether tests actually verify behavior, not just exercise code. Question assumptions about edge cases. Apply /pb-design-rules thinking: Verify tests expose gaps (Resilience), verify test code is clear and maintainable (Clarity), verify tests catch real bugs (not false positives). This agent embodies testing pragmatism.

When to Use

Test strategy review - Is the test approach sound?
Coverage discussion - Is coverage high where it matters?
Release confidence - Should we ship this?
Reliability assessment - What failure modes haven’t we tested?
Debugging production bugs - What test should have caught this?

Lens Mode

In lens mode, Jordan surfaces the test case you haven’t written yet. “What about an empty input here?” during test table construction, not a coverage report after. The value is the specific gap, not the coverage percentage.

Depth calibration: Single test addition: one edge case suggestion. Test suite for new feature: full gap analysis. Release readiness: comprehensive reliability assessment.

Overview: Testing Philosophy

Core Principle: Tests Reveal Gaps, Not Correctness

Most teams use coverage numbers as a proxy for quality. This inverts the purpose:

95% coverage can miss critical bugs (coverage ≠ correctness)
60% coverage in the right places catches most bugs
The goal isn’t “pass tests”; it’s “find problems before production”

Tests are failure predictors, not success checkers.

The Purpose of Different Test Types

Unit tests verify that isolated functions behave correctly.

Useful? Only if that function is likely to break
Overuse: Testing getters/setters, mocking everything
Underuse: Testing complex logic without edge cases

Integration tests verify that components work together.

Useful? When integration points are fragile
Overuse: Testing entire stack through UI
Underuse: Ignoring failure modes at boundaries

End-to-end tests verify complete user journeys.

Useful? For critical paths and happy paths
Overuse: E2E testing every feature (slow, brittle)
Underuse: Not testing the paths users actually use

Negative tests verify that failures are handled.

Useful? When errors are likely (network calls, invalid input)
Overuse: Testing every error path at every layer
Underuse: Assuming “error handling works”

Load tests verify behavior under stress.

Useful? When you care about performance or concurrency
Overuse: Constant load testing of trivial code
Underuse: Shipping without knowing breaking point

Not All Testing Is Created Equal

Good test:

Catches a real bug that could reach production
Fails if the bug is introduced
Doesn’t require maintenance when code changes
Runs fast enough to iterate on

Bad test:

Only fails if code is badly broken (not specific enough)
Requires maintenance whenever implementation changes
Slow, brittle, depends on external services
Tests framework behavior, not application logic

BAD: Testing that response status is 200
     (Status code can be right but response content wrong)

GOOD: Testing that valid user data returns correct fields
      (Catches real bugs: missing fields, wrong types, data corruption)

BAD: Mocking entire database layer
     (Tests pass but queries are wrong in production)

GOOD: Using test database with real queries
      (Catches N+1 queries, wrong indexes, data inconsistencies)

BAD: Testing internal implementation details
     (Refactoring breaks tests even when behavior is correct)

GOOD: Testing observable behavior from consumer's perspective
      (Tests only break when behavior actually changes)

Coverage Misunderstandings

“We have 95% coverage” doesn’t mean:

Code is correct (coverage doesn’t verify correctness)
Bugs are unlikely (uncovered bugs aren’t always rare)
We can ship safely (depends on which 95%)

“We have 95% coverage” does mean:

Most code has tests running (not all are good tests)
Some untested paths exist (the other 5%)

Good coverage looks like:

100% of critical paths tested
80%+ of error handling tested
60%+ of utility functions tested
<50% of one-liners and trivial accessors (don’t bother)

Test Maintenance Burden

Every test is maintenance debt. A bad test is worse than no test-it prevents refactoring.

BAD TEST (high maintenance):
def test_user_creation():
    user = User(name="John", email="john@example.com")
    user.save()
    assert User.objects.count() == 1
    assert User.objects.first().name == "John"
    assert User.objects.first().email == "john@example.com"
    # Breaks if you add a validation field, reorganize columns, etc.

GOOD TEST (low maintenance):
def test_user_creation_saves_name_and_email():
    user = User(name="John", email="john@example.com")
    user.save()

    loaded = User.objects.get(id=user.id)
    assert loaded.name == "John"
    assert loaded.email == "john@example.com"
    # Tests behavior: data persists and is retrievable
    # Not testing implementation details like count()

How Jordan Reviews Tests

The Approach

Gap-first analysis: Instead of checking “is there a test?”, ask: “What could go wrong that this test wouldn’t catch?”

For each test suite:

What could fail? (Database down? Network timeout? Invalid input?)
Do we have tests for these? (Either specific tests or integration tests)
What about edge cases? (Empty input? Huge input? Concurrent access?)
If production breaks, would tests have predicted it? (Did we test the failing path?)

Diff-aware test mapping: Before reviewing tests, map the code diff to affected flows. Read git diff main, identify which codepaths, user flows, routes, or APIs the change touches, then verify test coverage exists for each affected path. Don’t review tests in isolation - review them against what the diff actually changes.

Shadow path tracing: For every data flow, explicitly enumerate three shadow paths alongside the happy path:

Nil path: What happens when the value is null/nil/undefined?
Empty path: What happens when the value is present but empty (empty string, empty list, zero)?
Error path: What happens when the operation fails (timeout, exception, invalid state)?

This isn’t “test edge cases” - it’s systematic enumeration. If you can’t name the shadow paths, you haven’t understood the data flow.

Example - payment checkout flow:

Happy path:  user → cart → payment → confirmation
Nil path:    user has no payment method → what happens?
Empty path:  cart exists but has zero items → what happens?
Error path:  payment gateway times out → what happens?

Each shadow path either has a test or a documented reason why it doesn’t need one.

Review Categories

1. Test Coverage (Where It Matters)

What I’m checking:

Is coverage high in critical paths?
Are error cases tested?
Are edge cases identified?
Is integration coverage adequate?

Bad pattern:

# 100% coverage but misses production bug
def calculate_discount(price, discount_percent):
    return price * (1 - discount_percent / 100)  # Bug: if price is 0, still passes

# Test: only tests happy path
def test_calculate_discount():
    assert calculate_discount(100, 10) == 90

When discount_percent is 100 and price is 0, in production:

Result: 0 * (1 - 1) = 0  ✓ Test passes
But: What if discount is 150%? User gets paid?

Why this fails: Test coverage is 100% but catches only one scenario.

Good pattern:

def calculate_discount(price, discount_percent):
    if not 0 <= discount_percent <= 100:
        raise ValueError("discount must be 0-100")
    if price < 0:
        raise ValueError("price must be non-negative")
    return price * (1 - discount_percent / 100)

# Tests: cover normal case + edge cases
def test_calculate_discount():
    # Normal case
    assert calculate_discount(100, 10) == 90
    # Edge: zero price
    assert calculate_discount(0, 10) == 0
    # Edge: max discount
    assert calculate_discount(100, 100) == 0
    # Error: discount > 100
    with pytest.raises(ValueError):
        calculate_discount(100, 150)
    # Error: negative price
    with pytest.raises(ValueError):
        calculate_discount(-10, 10)

Why this works:

Happy path tested ✓
Edge cases tested ✓
Error cases tested ✓
Tests would catch the original bug ✓

2. Error Handling & Failures

What I’m checking:

Are errors tested, not just happy paths?
Do we test what happens when dependencies fail?
Are timeouts tested?
Are retry behaviors tested?

Bad pattern:

def fetch_user_data(user_id):
    # No error handling, no tests for failure
    response = requests.get(f"https://api.example.com/users/{user_id}")
    return response.json()

def test_fetch_user_data():
    # Only tests success case
    user = fetch_user_data(123)
    assert user['name'] == "John"

When API is down: RuntimeError in production. Tests all pass.

Good pattern:

import requests
from unittest.mock import patch

def fetch_user_data(user_id, timeout=5):
    try:
        response = requests.get(
            f"https://api.example.com/users/{user_id}",
            timeout=timeout
        )
        response.raise_for_status()  # Raise if 4xx/5xx
        return response.json()
    except requests.Timeout:
        logger.error(f"API timeout fetching user {user_id}")
        raise
    except requests.RequestException as e:
        logger.error(f"API error fetching user {user_id}: {e}")
        raise

def test_fetch_user_data_success():
    with patch('requests.get') as mock_get:
        mock_get.return_value.json.return_value = {'name': 'John'}
        user = fetch_user_data(123)
        assert user['name'] == 'John'

def test_fetch_user_data_timeout():
    with patch('requests.get') as mock_get:
        mock_get.side_effect = requests.Timeout()
        with pytest.raises(requests.Timeout):
            fetch_user_data(123)

def test_fetch_user_data_server_error():
    with patch('requests.get') as mock_get:
        mock_get.return_value.raise_for_status.side_effect = requests.HTTPError("500")
        with pytest.raises(requests.HTTPError):
            fetch_user_data(123)

Why this works:

Happy path tested ✓
Timeout behavior tested ✓
Server error behavior tested ✓
Error logging verified ✓
Would catch most production issues ✓

3. Concurrency & Race Conditions

What I’m checking:

Are concurrent accesses tested?
Do we test shared state modifications?
Are locks/transactions tested?
Could race conditions exist?

Bad pattern:

class Counter:
    def __init__(self):
        self.count = 0

    def increment(self):
        self.count += 1

def test_counter():
    c = Counter()
    c.increment()
    assert c.count == 1
    # Only tests single-threaded access

In production with concurrent requests: Race condition. Test never caught it.

Good pattern:

import threading

class Counter:
    def __init__(self):
        self.count = 0
        self.lock = threading.Lock()

    def increment(self):
        with self.lock:
            self.count += 1

def test_counter_single_threaded():
    c = Counter()
    c.increment()
    assert c.count == 1

def test_counter_concurrent():
    c = Counter()
    threads = []
    for _ in range(100):
        t = threading.Thread(target=c.increment)
        threads.append(t)
        t.start()

    for t in threads:
        t.join()

    assert c.count == 100  # Would fail without lock

Why this works:

Single-threaded case tested ✓
Concurrent case tested ✓
Would catch race conditions ✓

4. Data Integrity & Invariants

What I’m checking:

Are invariants documented?
Do tests verify invariants hold?
Are state transitions tested?
Could data corruption happen?

Bad pattern:

class User:
    def __init__(self, name, age):
        self.name = name
        self.age = age

def test_user_creation():
    u = User("John", 30)
    assert u.name == "John"
    assert u.age == 30

# What about invalid ages? No tests prevent that.

In production: User age set to -5, then to 999999. No tests caught it.

Good pattern:

class User:
    """Invariants:
    - name is non-empty string
    - age is integer between 0 and 150
    - created_at is always set
    """
    def __init__(self, name, age):
        if not isinstance(name, str) or not name.strip():
            raise ValueError("name must be non-empty string")
        if not isinstance(age, int) or not (0 <= age <= 150):
            raise ValueError("age must be integer 0-150")
        self.name = name
        self.age = age
        self.created_at = datetime.now()

    def set_age(self, age):
        if not isinstance(age, int) or not (0 <= age <= 150):
            raise ValueError("age must be integer 0-150")
        self.age = age

def test_user_creation():
    u = User("John", 30)
    assert u.name == "John"
    assert u.age == 30
    assert u.created_at is not None

def test_user_invalid_name():
    with pytest.raises(ValueError):
        User("", 30)  # Empty name

def test_user_invalid_age():
    with pytest.raises(ValueError):
        User("John", -5)
    with pytest.raises(ValueError):
        User("John", 200)

def test_user_set_age_invalid():
    u = User("John", 30)
    with pytest.raises(ValueError):
        u.set_age(999999)

Why this works:

Invariants documented ✓
Valid cases tested ✓
Invalid cases tested ✓
Would catch data corruption ✓

5. Integration & Dependency Failure

What I’m checking:

Are real database interactions tested?
Are external service failures tested?
Do we test timeout scenarios?
Are connection pool issues tested?

Bad pattern:

def save_user_to_database(user):
    # Real database call
    database.execute("INSERT INTO users ...", user)

def test_save_user():
    # Only tests success case
    save_user_to_database(user)
    assert database.query("SELECT * FROM users WHERE id = ?", user.id)

Database connection pool exhausted in production: Hangs. Tests never saw it.

Good pattern:

import pytest
from sqlalchemy import create_engine, Pool

def save_user_to_database(user, db_connection):
    # Explicit connection injection for testability
    try:
        db_connection.execute("INSERT INTO users ...", user)
        db_connection.commit()
    except Exception as e:
        db_connection.rollback()
        logger.error(f"Failed to save user {user.id}: {e}")
        raise

@pytest.fixture
def db_connection():
    # Use in-memory SQLite for tests
    engine = create_engine('sqlite:///:memory:')
    connection = engine.connect()
    yield connection
    connection.close()

def test_save_user_success(db_connection):
    user = User(id=1, name="John")
    save_user_to_database(user, db_connection)

    result = db_connection.execute("SELECT * FROM users WHERE id = 1")
    row = result.fetchone()
    assert row.name == "John"

def test_save_user_database_error(db_connection):
    user = User(id=1, name="John")
    # Simulate database connection closed
    db_connection.close()

    with pytest.raises(Exception):
        save_user_to_database(user, db_connection)

Why this works:

Real database schema tested ✓
Query correctness verified ✓
Error handling tested ✓
Would catch connection pool issues ✓

Review Checklist: What I Look For

Coverage Quality

Critical paths are 100% tested
Error cases are tested, not skipped
Edge cases (empty, huge, null) are identified
Integration points are tested with real systems
Coverage is measured, targets are set

Error Handling

Errors are tested, not assumed
Timeout scenarios are tested
Retry behavior is tested
Degradation is tested (what fails gracefully?)
Error messages are verified (logging is correct)

Reliability

Concurrency is tested (if applicable)
Data invariants are enforced and tested
State transitions are validated
Transaction boundaries are verified
Idempotency is tested (if applicable)

Test Quality

Tests are readable (names describe what’s tested)
Tests are independent (no side effects)
Tests are fast (can run frequently)
Tests don’t test framework behavior
Tests verify behavior, not implementation

Red Flags (Strong Signals for Rejection)

Tests that warrant scrutiny before committing to the test suite:

Watch for:

Only happy path tested (error cases ignored)
Tests that require manual intervention to run (non-deterministic)
100% coverage metrics but tests don’t verify correctness (coverage theater)
Tests of implementation details that break on harmless refactors (brittle tests)
Tests that depend on un-isolatable external services (Slack API, prod database)
- Note: Tests using real databases WITH rollback isolation are GOOD
- Tests hitting remote APIs WITHOUT fallback mocking are BAD

Override possible if: External service is critical path and worth the coupling cost. Document trade-off via /pb-adr.

Examples: Before & After

Example 1: Payment Processing

BEFORE (Incomplete tests):

def process_payment(user_id, amount):
    user = db.get_user(user_id)
    charge_card(user.card_id, amount)
    create_transaction(user_id, amount)

def test_process_payment():
    process_payment(123, 100)
    assert True  # "It didn't crash"

Why this fails: Doesn’t verify charge was created. Doesn’t test card failures. Amount could be negative.

AFTER (Complete tests):

def process_payment(user_id, amount, db, payment_processor):
    if amount <= 0:
        raise ValueError("amount must be positive")

    user = db.get_user(user_id)
    if not user:
        raise ValueError(f"user {user_id} not found")

    try:
        charge_result = payment_processor.charge(user.card_id, amount)
    except PaymentError as e:
        logger.error(f"Payment failed for user {user_id}: {e}")
        raise

    transaction = db.create_transaction(
        user_id=user_id,
        amount=amount,
        payment_id=charge_result['id'],
        status='completed'
    )

    return transaction

def test_process_payment_success(mock_db, mock_payment):
    mock_db.get_user.return_value = User(id=123, card_id="card_123")
    mock_payment.charge.return_value = {'id': 'charge_456'}

    result = process_payment(123, 100, mock_db, mock_payment)

    assert result.status == 'completed'
    assert result.amount == 100
    mock_payment.charge.assert_called_with('card_123', 100)

def test_process_payment_user_not_found(mock_db, mock_payment):
    mock_db.get_user.return_value = None

    with pytest.raises(ValueError):
        process_payment(999, 100, mock_db, mock_payment)

def test_process_payment_invalid_amount(mock_db, mock_payment):
    with pytest.raises(ValueError):
        process_payment(123, -10, mock_db, mock_payment)

def test_process_payment_charge_fails(mock_db, mock_payment):
    mock_db.get_user.return_value = User(id=123, card_id="card_123")
    mock_payment.charge.side_effect = PaymentError("card declined")

    with pytest.raises(PaymentError):
        process_payment(123, 100, mock_db, mock_payment)

    # Verify transaction was NOT created on failure
    mock_db.create_transaction.assert_not_called()

Why this works:

Happy path tested ✓
Error cases tested ✓
Invariants checked (amount > 0) ✓
Dependencies mocked ✓
Would catch most production bugs ✓

BEFORE (No error cases):

def create_user(email, password):
    user = User(email=email, password=hash(password))
    db.save(user)
    send_welcome_email(email)
    return user

def test_create_user():
    user = create_user("john@example.com", "password123")
    assert user.email == "john@example.com"

Why this fails: What if email already exists? What if email is invalid? What if welcome email fails?

AFTER (Complete error cases):

def create_user(email, password, db, email_service):
    if not email or '@' not in email:
        raise ValueError("invalid email")
    if len(password) < 8:
        raise ValueError("password too short")

    existing = db.find_user_by_email(email)
    if existing:
        raise ValueError("email already in use")

    user = User(email=email, password=hash(password))
    db.save(user)

    try:
        email_service.send_welcome_email(email)
    except EmailServiceError as e:
        # User created but email failed
        logger.error(f"Welcome email failed for {email}: {e}")
        # Don't fail-user can still login

    return user

def test_create_user_success(mock_db, mock_email):
    mock_db.find_user_by_email.return_value = None

    user = create_user("john@example.com", "password123", mock_db, mock_email)

    assert user.email == "john@example.com"
    mock_email.send_welcome_email.assert_called_with("john@example.com")

def test_create_user_invalid_email(mock_db, mock_email):
    with pytest.raises(ValueError):
        create_user("invalid_email", "password123", mock_db, mock_email)

def test_create_user_duplicate_email(mock_db, mock_email):
    mock_db.find_user_by_email.return_value = User(email="john@example.com")

    with pytest.raises(ValueError):
        create_user("john@example.com", "password123", mock_db, mock_email)

def test_create_user_email_service_fails(mock_db, mock_email):
    mock_db.find_user_by_email.return_value = None
    mock_email.send_welcome_email.side_effect = EmailServiceError("service down")

    # Should NOT raise-graceful degradation
    user = create_user("john@example.com", "password123", mock_db, mock_email)

    assert user.email == "john@example.com"
    # User created even though email failed

Why this works:

Happy path tested ✓
Input validation tested ✓
Duplicate email tested ✓
Email service failure tested ✓
Graceful degradation verified ✓

What Jordan Is NOT

Jordan review is NOT:

❌ Test count (more tests ≠ better quality)
❌ Coverage percentage (95% coverage with bad tests is worse than 60% with good tests)
❌ Test writing (that’s implementation, not review)
❌ Performance testing (different expertise)
❌ Substitute for production monitoring (tests predict, monitoring detects)

When to use different review:

Performance → /pb-performance
Test infrastructure → Build/CI configuration
Load testing → Dedicated performance team
Monitoring → /pb-observability

Decision Framework

When Jordan sees a test suite:

1. What are the failure modes?
   UNCLEAR → Ask: What's the riskiest path? How could production break?
   CLEAR → Continue

2. Do we have tests for these?
   NO → Which gaps are critical? Which can wait?
   YES → Continue

3. What about error cases?
   UNTESTED → Add them (most production bugs are error cases)
   TESTED → Continue

4. Could refactoring break these tests?
   YES → Tests are too coupled to implementation
   NO → Tests are robust

5. Would these tests catch the bug if it existed?
   NO → Add a test case for the bug
   YES → Tests are sufficient

6. For web applications: does the change affect UI?
   YES → Consider browser-based verification (Playwright, Cypress)
         Map UI changes to visual/functional tests
         Headless browser testing closes the feedback loop between code and user experience
   NO → Unit/integration tests are sufficient

/pb-testing - Testing patterns and strategies
/pb-preamble - Thinking about reliability through peer challenge
/pb-design-rules - Resilience principle applied to testing
/pb-review-tests - Periodic test suite review
/pb-standards - Testing standards

Created: 2026-02-12 | Category: development | v2.11.0

Debugging Methodology

Systematic approach to finding and fixing bugs. Hypothesis-driven, reproducible, methodical.

Debugging is not random poking. It’s a structured process: observe, hypothesize, test, repeat.

Mindset: Use /pb-preamble thinking to challenge your assumptions about what’s broken. Use /pb-design-rules thinking - especially Transparency (make the invisible visible), Repair (fail noisily to aid debugging), and Clarity (simple code is easier to debug).

Resource Hint: sonnet - systematic bug investigation and resolution

When to Use This Command

Stuck on a bug - Need a systematic approach instead of random poking
Bug is elusive - Can’t reproduce or isolate the issue
Complex debugging - Multiple systems, unclear root cause
Teaching debugging - Share methodology with team members

The Debugging Process

1. Reproduce

Before anything else, reproduce the bug reliably.

Can you reproduce it?
├─ Yes → Continue to Step 2
└─ No → Gather more information
    ├─ What were the exact steps?
    ├─ What environment? (browser, OS, user)
    ├─ What was the system state? (logged in, data present)
    └─ Was there anything unusual? (network, timing)

No reproduction = No debugging. If you can’t reproduce it, you can’t verify the fix.

2. Isolate

Narrow down the problem space.

Binary search: Cut the problem in half repeatedly.

Is it frontend or backend?
├─ Frontend → Is it JavaScript or CSS?
│   ├─ JavaScript → Is it this component or its parent?
│   └─ CSS → Is it this rule or inherited?
└─ Backend → Is it the API handler or the database?
    ├─ API handler → Is it request parsing or response?
    └─ Database → Is it the query or the data?

Minimal reproduction: Remove code until the bug disappears, then add it back.

3. Hypothesize

Form a specific, testable hypothesis.

# [NO] Vague
"Something is wrong with the login."

# [YES] Specific
"The login fails because the session cookie is not being set
when the SameSite attribute is 'Strict' and the request
comes from a different origin."

Good hypothesis properties:

Specific (points to a cause)
Testable (can be proven/disproven)
Explains the symptoms

4. Test

Test ONE variable at a time.

# [NO] Multiple changes
"I added logging, fixed the null check, and changed the query."

# [YES] Single change
"I added logging to see if the value is null."
→ Value is null
"Now I'll check where the null comes from."

Record your tests: What you tried, what you observed.

5. Fix and Verify

Fix the root cause, not the symptom.

# [NO] Symptom fix
if (user === null) return;  // Hide the crash

# [YES] Root cause fix
// Ensure user is loaded before this function is called
// Add proper error handling upstream

Verify:

Bug no longer reproduces
No new bugs introduced
Related functionality still works

6. Prevent

After fixing, prevent recurrence.

Add a test that would have caught this
Improve error messages to aid future debugging
Document in code comments if the fix is non-obvious
Consider: Is this a pattern? Should we lint for it?

Debugging Techniques

Print Debugging (Console/Log)

The simplest tool, often the most effective:

// Strategic logging
console.log('[DEBUG] fetchUser called with:', { userId, options });

// With timestamps
console.log(`[${new Date().toISOString()}] State changed:`, newState);

// Conditional logging
if (DEBUG) console.log('Expensive debug info:', computeDebugInfo());

Best practices:

Include context (function name, relevant values)
Use structured data (objects, not string concatenation)
Add timestamps for timing issues
Clean up before committing

Debugger (Breakpoints)

When to use debugger instead of console.log:

Need to inspect complex state
Need to step through logic
Need to examine call stack
Console.log would need many iterations

JavaScript:

function processOrder(order) {
  debugger;  // Pause here in DevTools
  // Or set breakpoint in DevTools directly
}

Python:

def process_order(order):
    import pdb; pdb.set_trace()  # Interactive debugger
    # Or use breakpoint() in Python 3.7+

Go:

// Use Delve debugger
// dlv debug main.go
// break main.processOrder
// continue

Network Debugging

Browser DevTools → Network tab:

Request/response headers
Request/response body
Timing breakdown
CORS issues (check console too)

cURL for API debugging:

# See full request/response
curl -v https://api.example.com/users

# With headers
curl -H "Authorization: Bearer token" https://api.example.com/users

# POST with data
curl -X POST -H "Content-Type: application/json" \
  -d '{"name":"test"}' https://api.example.com/users

Database Debugging

Log the actual queries:

-- PostgreSQL: Enable query logging
SET log_statement = 'all';

-- MySQL: Enable general log
SET GLOBAL general_log = 'ON';

Explain the query:

EXPLAIN ANALYZE SELECT * FROM users WHERE email = 'test@example.com';

Check for:

Full table scans (missing index)
Unexpected NULL handling
Type coercion issues
Lock contention

Performance Profiling

When the bug is “it’s slow”:

JavaScript (Browser):

// Console timing
console.time('operation');
doExpensiveOperation();
console.timeEnd('operation');

// Performance API
performance.mark('start');
doExpensiveOperation();
performance.mark('end');
performance.measure('operation', 'start', 'end');

Python:

import cProfile
cProfile.run('expensive_function()')

# Or with context manager
import time
start = time.perf_counter()
expensive_function()
print(f"Took {time.perf_counter() - start:.3f}s")

Go:

import "runtime/pprof"

// CPU profiling
f, _ := os.Create("cpu.prof")
pprof.StartCPUProfile(f)
defer pprof.StopCPUProfile()

// Then: go tool pprof cpu.prof

Frontend Debugging

Browser DevTools (F12):

Tab	Use For
Elements	DOM inspection, CSS debugging, layout issues
Console	JavaScript errors, logging, REPL
Network	API calls, timing, headers, CORS issues
Performance	Rendering bottlenecks, long tasks
Application	Storage, cookies, service workers
Sources	Breakpoints, source maps, call stack

Network waterfall analysis:

1. Check for failed requests (red)
2. Look for slow requests (long bars)
3. Check CORS errors in Console
4. Verify request/response headers
5. Inspect payload for unexpected data

Framework DevTools:

React DevTools:

- Components tab: Inspect component tree, props, state
- Profiler tab: Identify re-render bottlenecks
- Highlight updates: See what re-renders on each change

Vue DevTools:

- Components: Inspect component hierarchy and data
- Vuex/Pinia: Track state mutations
- Timeline: Event and mutation history

Component re-render debugging (React):

// Why did this render?
import { useRef, useEffect } from 'react';

function useWhyDidYouRender(name, props) {
  const prevProps = useRef(props);

  useEffect(() => {
    const changes = {};
    for (const key in props) {
      if (prevProps.current[key] !== props[key]) {
        changes[key] = { from: prevProps.current[key], to: props[key] };
      }
    }
    if (Object.keys(changes).length > 0) {
      console.log(`[${name}] re-rendered:`, changes);
    }
    prevProps.current = props;
  });
}

// Usage
function MyComponent(props) {
  useWhyDidYouRender('MyComponent', props);
  return <div>...</div>;
}

Source maps:

Enable “Enable JavaScript source maps” in DevTools settings
Build tools should generate .map files in development
Breakpoints work on original source, not bundled code

Common Bug Patterns

Null/Undefined Reference

Symptom: Cannot read property 'x' of undefined

Check:

Is the object actually defined?
Is the async operation complete?
Is the property name correct?
Is there a race condition?

// [NO] Assuming data exists
const name = user.profile.name;

// [YES] Defensive access
const name = user?.profile?.name ?? 'Unknown';

Off-by-One Errors

Symptom: Missing first/last item, index out of bounds

Check:

Loop bounds: < length vs <= length
Array indexing: 0-based vs 1-based confusion
Substring: inclusive vs exclusive end

// Common mistake
for (let i = 0; i <= arr.length; i++) // [NO] <= causes overflow

// Correct
for (let i = 0; i < arr.length; i++)  // [YES] <

Race Conditions

Symptom: Works sometimes, fails other times

Check:

Async operations completing in unexpected order
State mutations during async operations
Missing await/promise handling

// Race condition
let data;
fetchData().then(d => data = d);
console.log(data);  // undefined! (async not complete)

// Fixed
const data = await fetchData();
console.log(data);  // Has value

State Mutation Bugs

Symptom: Unexpected state changes, “stale” data

Check:

Direct mutation vs immutable update
Reference sharing between objects
Closure capturing outdated value

// Bug: Direct mutation
function addItem(arr, item) {
  arr.push(item);  // Mutates original
  return arr;
}

// Fixed: Immutable
function addItem(arr, item) {
  return [...arr, item];  // New array
}

Character Encoding Issues

Symptom: Garbled text, unexpected characters

Check:

Database encoding (UTF-8?)
HTTP Content-Type header
File encoding
String comparison with invisible characters

# Check for hidden characters
cat -A file.txt
hexdump -C file.txt | head

Timezone Bugs

Symptom: Times off by hours, different on different machines

Check:

Server vs client timezone
UTC vs local time confusion
Daylight saving time handling

// Always work in UTC internally
const utcDate = new Date().toISOString();

// Convert to local only for display
const localDate = new Date(utcDate).toLocaleString();

Production Debugging

Safe Investigation

Never debug production by:

Adding console.log and deploying
Connecting debugger directly
Running random queries against prod database

Instead:

Check existing logs - What do we already capture?
Check metrics - Latency spikes? Error rates?
Reproduce in staging - With production-like data
Add targeted logging - Feature-flagged, for specific users/requests

Log Analysis

# Search for errors
grep -i "error" /var/log/app.log | tail -100

# Count by type
grep -i "error" /var/log/app.log | sort | uniq -c | sort -rn

# Around a timestamp
grep -A5 -B5 "2024-01-15 10:30" /var/log/app.log

# Follow in real-time
tail -f /var/log/app.log | grep --line-buffered "user_123"

Distributed Tracing

For microservices, use trace IDs:

# Request flow
API Gateway (trace: abc123)
  → User Service (trace: abc123)
    → Database (trace: abc123)
  → Order Service (trace: abc123)
    → Payment Service (trace: abc123)

Tools: Jaeger, Zipkin, Datadog, Honeycomb

See /pb-observability for detailed tracing guidance.

Incident Debugging

When production is down, see /pb-incident for the full process. Quick reminder:

Mitigate first - Rollback, disable feature, scale up
Investigate second - After bleeding is stopped
Document everything - For post-incident review

Debugging Checklist

Before Debugging

Can I reproduce the bug?
Do I have logs/errors from the failure?
Do I understand what SHOULD happen?
Is this the right environment? (local, staging, prod)

During Debugging

Am I changing ONE thing at a time?
Am I recording what I’ve tried?
Do I have a specific hypothesis?
Am I avoiding assumptions?

After Fixing

Does the bug still reproduce? (It shouldn’t)
Did I add a regression test?
Did I fix the root cause, not just the symptom?
Is there cleanup needed? (debug logs, temporary code)

Tools Quick Reference

Category	Tool	Use
Browser	DevTools (F12)	JS debugging, network, performance
Node.js	`--inspect`	Chrome DevTools for Node
Python	pdb, ipdb	Interactive debugger
Go	Delve (dlv)	Go debugger
Database	EXPLAIN ANALYZE	Query performance
Network	cURL, Postman	API debugging
Logs	grep, jq	Log analysis
Tracing	Jaeger, Zipkin	Distributed tracing

/pb-logging - Effective logging for debugging
/pb-observability - Metrics and tracing
/pb-incident - Production incident response
/pb-testing - Tests that catch bugs early
/pb-learn - Capture debugging patterns for future reuse

Design Rules Applied

Rule	Application
Transparency	Make the invisible visible through logging and tracing
Repair	Fail noisily with useful error messages
Clarity	Simple code is easier to debug
Economy	Measure before optimizing; hypothesis before fixing

Last Updated: 2026-01-19 Version: 1.0

Pause Development Work

Gracefully pause or conclude work on a project. Use this when stepping away for an extended period (days, weeks) or wrapping up a phase of work.

Mindset: Future you will resume this. Leave breadcrumbs that make recovery effortless. Apply /pb-preamble thinking: be honest about blockers. Apply /pb-design-rules thinking: document decisions and trade-offs.

Resource Hint: sonnet - state preservation, context hygiene, handoff documentation

When to Use This Command

End of day - Wrapping up work for the day
End of week - Before weekend/time off
End of phase - Completing a milestone or release phase
Context switch - Moving to a different project
Extended break - Vacation, leave, or long pause
Handoff - Passing work to another developer

Pause Checklist

Step 1: Preserve Work State

Ensure no work is lost and current state is recoverable.

# Check current state
git status
git stash list

# Option A: Commit work in progress (preferred)
git add -A
git commit -m "wip: [describe current state]"

# Option B: Stash if not ready to commit
git stash push -m "WIP: [describe what's stashed]"

# Push to remote (backup)
git push origin $(git branch --show-current)

Rule: Never leave uncommitted work on a local-only branch overnight.

Step 2: Update Trackers and Task Lists

Review and update all relevant tracking documents.

# Find project trackers
ls todos/*.md
ls todos/releases/*/

# Common tracker locations:
# - todos/project-review-*.md
# - todos/releases/vX.Y.Z/00-master-tracker.md
# - GitHub Issues / Project boards

Update in trackers:

Mark completed tasks as done
Update status of in-progress items
Document blockers with specifics
Note any scope changes
Add newly discovered tasks

Tracker update template:

## Status Update: [Date]

**Completed:**
- [x] Task A - finished [brief note]
- [x] Task B - finished [brief note]

**In Progress:**
- [ ] Task C - 70% complete, [what remains]

**Blocked:**
- [ ] Task D - blocked on [specific blocker]

**Discovered:**
- [ ] New task E - [discovered during work]

**Next Session:**
- Resume Task C
- [Priority items]

Step 3: Review Project Documentation

Check that project review docs are current.

# Find the latest project review doc
ls -lt todos/project-review-*.md | head -1

# Or check for release-specific review
ls todos/releases/v*/project-review-*.md

Review and update:

Decisions made during this session
Technical debt identified
Architecture considerations
Open questions that need resolution
Risks or concerns surfaced

Step 4: Update Working Context

Run /pb-context to review and update the working context document.

# Verify working context exists
ls todos/*working-context*.md

# Check currency against actual state
git describe --tags
git log --oneline -5

Update in working context:

Current version (if changed)
Recent commits section
Active development section
Session checklist commands still work
Any new patterns or conventions

Step 5: Update CLAUDE.md (If Needed)

Run /pb-claude-project if significant changes were made:

New patterns or conventions introduced
Architecture changes
Tech stack additions
Workflow changes
New commands or scripts

When to skip: Minor bug fixes, small features, no structural changes.

Step 6: Write Pause Notes + Context Hygiene

This step does three things: writes the new pause entry, archives old entries, and reports context health.

6a. Write concise pause entry:

Replace the contents of todos/pause-notes.md (keep only the latest entry):

# Pause Notes

Latest session pause context. Old entries archived to `todos/done/`.

---

## Pause: [Date] ([context])

**Branch:** [name] | **Commit:** [hash] - [message]

### Where I Left Off
- Working on: [what]
- Progress: [status]
- Blocked on: [if anything]

### Next Steps
1. [Immediate next action]
2. [Following action]

### Open Questions
- [Question] - [context]

Target: ~20-30 lines. Be specific about what’s next. Skip sections that don’t apply.

6b. Archive old entries:

If todos/pause-notes.md has entries beyond the latest, move old entries to todos/done/:

# Archive if needed (pb-pause should do this automatically)
# Old entries go to: todos/done/pause-notes-archive-YYYY-MM-DD.md

6c. Report context health:

Check all context layer sizes and flag anything that needs attention:

# Context health report
wc -l ~/.claude/CLAUDE.md                              # Global (target: ~140)
wc -l .claude/CLAUDE.md                                # Project (target: ~160)
# Memory is auto-managed (target: ~100)
wc -l todos/1-working-context.md                       # Working context (target: ~50)
wc -l todos/pause-notes.md                             # Pause notes (target: ~30)

Flag if:

Working context hasn’t been updated since last release → suggest /pb-context
Pause notes has multiple entries → archive old ones
Any context file is significantly over its soft budget

Quick rule: If the session was long, update working context with exact next step. Preserve state in files, not conversation.

Step 7: Clean Up (Optional)

For end-of-phase or extended pauses:

# Review branches
git branch -a | grep -E "(feature|fix)/"

# Delete merged branches
git branch --merged main | grep -v main | xargs git branch -d

# Review stash
git stash list
git stash drop stash@{n}  # Drop old/irrelevant stashes

# Clean up local artifacts
make clean  # If available
rm -rf .cache/ tmp/  # Project-specific temp dirs

Quick Pause (Short Breaks)

For short breaks (hours, not days):

# Minimum viable pause
git add -A
git commit -m "wip: [current state]" || git stash push -m "WIP: [state]"
git push origin $(git branch --show-current)

# Quick note in tracker
echo "## $(date): paused on [task], resume [next step]" >> todos/quick-notes.md

Extended Pause Checklist

For vacations, handoffs, or long breaks:

All work committed and pushed
Trackers updated with current status
Project review doc current
Working context updated (/pb-context)
CLAUDE.md updated if needed (/pb-claude-project)
Handoff notes written
Team notified (Slack, standup, etc.)
PR status clear (draft/ready/blocked)
CI passing on current branch
No orphaned branches
Stashes cleaned up or documented

Pause vs. Stop

Pause	Stop
Temporary break	End of engagement
Context preserved	Context transferred
Branch stays active	Branch merged or closed
Minimal cleanup	Full cleanup
Update trackers	Archive trackers

Integration with Playbook

Part of development workflow:

/pb-start → /pb-cycle → /pb-commit → /pb-ship
     ↑                                   │
     │         ┌─────────────┐           │
     │         │   SESSION   │           ↓
     └─────────│   BOUNDARY  │       Reviews →
               └─────────────┘       PR → Merge →
                     ↑               Release
                     ↓
              /pb-resume ←──────── /pb-pause
              (recover)            (preserve)

Commands:

/pb-start → Begin work, establish rhythm
/pb-resume → Get back in context after break
/pb-cycle → Iterate with reviews
/pb-pause → Gracefully pause work (YOU ARE HERE)
/pb-commit → Atomic commits
/pb-ship → Full review → PR → release workflow

Commands to run during pause:

/pb-context - Update working context
/pb-claude-project - Update CLAUDE.md (if needed)

/pb-resume - Get back into context after a break
/pb-start - Begin work on a new feature or fix
/pb-standup - Post async status update to team

Tips for Better Pauses

Do

Commit or stash everything
Push to remote
Update trackers immediately (don’t defer)
Write notes while context is fresh
Be specific about blockers

Don’t

Leave uncommitted work on local only
Say “I’ll remember” - you won’t
Skip tracker updates
Leave WIP commits without explanation
Assume context will be obvious later

Recovery After Pause

When resuming, use /pb-resume to:

Check git state (branch, status, stash)
Sync with remote
Review working context
Read handoff notes
Verify environment
Run tests
Continue from documented next steps

Future you will thank present you. Leave context, not mysteries.

Resume Development Work

Quickly get back into context after a break. Use this to resume work on an existing feature branch.

Mindset: Resuming requires understanding assumptions made and verifying context is complete. Apply /pb-preamble thinking: challenge what was decided and why. Apply /pb-design-rules thinking: is the code clear, simple, and robust?

Resource Hint: sonnet - context recovery, state assessment, health check

When to Use

Returning to work after a break (hours, days, or weeks)
Picking up someone else’s in-progress feature branch
Resuming after a session compaction or context window reset

Quick Context Recovery

Step 1: Check Current State

# What branch am I on?
git branch --show-current

# What's the status?
git status

# What did I do last?
git log --oneline -5

# Any stashed work?
git stash list

Step 2: Sync with Remote

# Fetch latest from origin
git fetch origin

# Check if main has moved
git log --oneline HEAD..origin/main

# Rebase if needed
git rebase origin/main

Step 3: Review Recent Work

# See what changed on this branch
git log origin/main..HEAD --oneline

# See uncommitted changes
git diff

# See staged changes
git diff --staged

Step 3.5: Load Session State + Context Health Check

Read the session state files and check context health.

Load session state:

# Read working context (project snapshot)
cat todos/1-working-context.md

# Read latest pause notes (where you left off)
cat todos/pause-notes.md

Context health check - report actual sizes:

# Auto-loaded layers (already in context):
wc -l ~/.claude/CLAUDE.md            # Global principles (target: ~140)
wc -l .claude/CLAUDE.md              # Project guardrails (target: ~160)
# memory/MEMORY.md                   # Auto-loaded by Claude (target: ~100)

# Session state (loaded manually):
wc -l todos/1-working-context.md     # Project snapshot (target: ~50)
wc -l todos/pause-notes.md           # Latest pause entry (target: ~30)

Flag issues:

Working context version doesn’t match git describe --tags → run /pb-context
Pause notes has multiple entries → old entries should have been archived by /pb-pause
Any layer missing → run the appropriate regeneration command

Recovery if context is stale:

/pb-context - regenerate working context
/pb-claude-project - regenerate project CLAUDE.md
/pb-claude-global - regenerate global CLAUDE.md

Session Context Template

When resuming, establish context:

Resuming work on: [branch-name]

## Where I Left Off
- Last commit: [commit message]
- In progress: [what was being worked on]
- Blocked on: [if anything]

## Current Status
- [ ] Task 1: [status]
- [ ] Task 2: [status]
- [ ] Task 3: [status]

## Next Steps
1. [Immediate next action]
2. [Following action]

## Open Questions
- [Any unresolved questions]

Common Resume Scenarios

Scenario A: Clean Stop (all committed)

# Just verify and continue
git status                    # Should be clean
git log --oneline -3          # Review last commits
# Continue with next task

Scenario B: Work in Progress (uncommitted changes)

# Review what's uncommitted
git diff
git diff --staged

# Option 1: Continue where you left off
# Just keep working

# Option 2: Stash and start fresh
git stash push -m "WIP: description"
# Work on something else
git stash pop  # When ready to resume

Scenario C: Main Has Moved Ahead

# Rebase your branch
git fetch origin
git rebase origin/main

# Resolve conflicts if any
# Continue working

Scenario D: Long Break (days/weeks)

# Full context recovery
git fetch origin
git log --oneline origin/main..HEAD  # Your changes
git log --oneline HEAD..origin/main  # What you missed

# Check for pause notes (left by /pb-pause)
cat todos/pause-notes.md 2>/dev/null | tail -50

# Read relevant docs/issues for context
# Review your branch changes thoroughly
git diff origin/main...HEAD

# Rebase and continue
git rebase origin/main

If pause notes exist: Follow documented next steps, verify blockers resolved.

Recovery Checklist

Before continuing work:

On correct branch
Branch is up to date with main
Checked pause notes (todos/pause-notes.md)
Understand what was last done
Know what’s next
Working context is current (if project has one)
Dev environment running (make dev)
Tests pass (make test)

Quick Commands

Action	Command
Current branch	`git branch --show-current`
Recent commits	`git log --oneline -5`
Uncommitted changes	`git diff`
Staged changes	`git diff --staged`
Stash list	`git stash list`
Pop stash	`git stash pop`
Fetch origin	`git fetch origin`
Rebase on main	`git rebase origin/main`

Reading and Updating Working Context

For project-level context:

# Check for working context (location and naming may vary)
ls todos/*working-context*.md 2>/dev/null

# Read project working context (or run /pb-context)
cat todos/working-context.md

# Check release tracker if on a release branch
cat todos/releases/v1.X.0/00-master-tracker.md

Common locations: todos/working-context.md, todos/1-working-context.md

Working context currency check:

# Compare working context version with actual state
git describe --tags                    # Current version
git log --oneline -5                   # Recent commits

If the working context is stale (version mismatch, outdated commits, missing recent releases):

Run /pb-context to review and update
Update version, date, recent commits, and active development sections
Verify session checklist commands still work

Reading Pause Notes

If you (or someone else) used /pb-pause before stopping, look for handoff context:

# Check for pause notes
cat todos/pause-notes.md 2>/dev/null | tail -50

# Or grep for your branch
grep -A 30 "$(git branch --show-current)" todos/pause-notes.md

Pause notes contain:

Where work left off (last commit, in-progress items)
Current task status
Next steps (prioritized)
Open questions and blockers
Gotchas and environment notes

After reading pause notes:

Verify current state matches documented state
Check if blockers have been resolved
Review next steps and adjust if needed
Clear old pause notes once context is recovered

# Archive old pause notes (optional)
mv todos/pause-notes.md todos/pause-notes-$(date +%Y%m%d).md

If Completely Lost

# 1. What branches exist?
git branch -a

# 2. What branch was I on?
git reflog | head -20

# 3. What work exists?
git log --all --oneline --graph -20

# 4. Read the working context
# /pb-standards for patterns
# /pb-context for project context and decision log
# /pb-guide for SDLC framework reference

Session State Preservation

See /pb-claude-orchestration for comprehensive context management strategies including:

What to preserve before ending a session
Strategic compaction timing (when to compact vs. when not to)
Session notes template
Resuming after compaction

Key insight: Compact at logical transition points, not mid-task. Manual compaction at boundaries preserves context better than automatic compaction at arbitrary points.

Tips for Better Resume

Before Stopping Work (Use `/pb-pause`)

Run /pb-pause before stepping away. It guides you through:

Preserve work state - Commit or stash, push to remote
Update trackers - Mark progress, document blockers
Update context - Run /pb-context, /pb-claude-project if needed
Write pause notes - Document where you left off in todos/pause-notes.md

Quick pause (short breaks):

git add -A && git commit -m "wip: [state]" && git push

When Resuming

Start with status - git status first
Read before writing - Review recent commits
Verify environment - Ensure services running
Run tests - Confirm baseline is green
Post standup - Write /pb-standup to align with team

Context Efficiency on Resume

If previous session was long or context-heavy:

Start fresh - Don’t try to continue exhausted context
Load minimal context - Tracker + active file only
Reference by commit - Use git log, not re-reading entire files
Use subagents - Exploration tasks in separate context

See /pb-cycle Step 7 for context checkpoint guidance. See /pb-claude-global Context Management section for efficiency patterns.

/pb-start - Begin work on a new feature or fix
/pb-pause - Gracefully pause work and preserve context
/pb-cycle - Self-review and peer review during development

Context is expensive to rebuild. Leave breadcrumbs for future you.

Structured Work Handoff

Transfer work between contexts – agents, sessions, teammates, or future-you. Creates a self-contained document that initiates work without requiring the original conversation. The receiving context starts building, not re-discovering.

Resource Hint: sonnet – Synthesis, context compression, reasoning preservation.

Mindset

Apply /pb-preamble thinking: The receiving context has zero shared history. Every assumption must be made explicit. Reasoning is the payload – code is easy to re-derive, but the why behind decisions is what’s hard to reconstruct and easy to lose. Apply /pb-design-rules thinking: Clarity over cleverness (the document must stand alone), simplicity (skip sections that have no content), fail noisily (if the handoff is too thin, say so).

When to Use

Delegating work to another agent or session – Context doesn’t transfer automatically
Handing off to a teammate – They weren’t in your head during research
Resuming complex work after a long break – Future-you doesn’t remember the nuances
Cross-project work – Research in one repo, execution in another

Quality Gate

Before writing a handoff, verify substance exists. A handoff needs at minimum:

A clear problem, goal, or idea
At least one of: research findings, design direction, or a well-framed question

If the work is too thin to hand off, say so: “Not enough substance to hand off yet. Discuss further or provide more context.” Do not generate a hollow document. A bad handoff is worse than no handoff – it wastes the receiver’s time re-discovering what you should have documented.

Two Speeds

Directed handoff – You know what needs doing. Receiver executes in the right context. Includes specific findings, decisions, and concrete guidance. The Direction section has step-by-step work items.

Exploratory handoff – You’re passing an idea, direction, or early research. Receiver owns the investigation, planning, and execution. The Direction section has open questions and loose guidance. Receiver should use /pb-plan or /pb-start to build the execution plan.

Most handoffs fall somewhere between. Include whatever the source session produced – detailed steps if they exist, loose direction if not. The receiver adapts.

Document Structure

Save to: todos/handoff-YYYY-MM-DD-<slug>.md

The slug comes from the brief description (lowercase, hyphens, 3-5 words max).

Adapt the structure to the content. Skip sections that have no meaningful content. An idea handoff may have no findings. A bug-fix handoff may have no research. Don’t manufacture filler to match a template.

# Handoff: <brief title>

> From: <source context>, <date>
> For: <target context>
> Type: directed | exploratory

## Motivation

Why this work matters. What triggered it. 1-2 paragraphs max.

## Context

What was researched, explored, or discovered. Include enough detail that
the receiver doesn't need to re-do the research, but not so much that
it's a conversation dump. Link to external resources rather than inlining
them.

## Findings

Key discoveries. Bullet points or short paragraphs. Include code snippets
only when essential for understanding.

## Decisions

Choices already made and why. Format: "Chose X over Y because Z."
The receiver should respect these unless they find a strong reason not to.
For exploratory handoffs, this section may be empty.

## Direction

For directed handoffs: specific guidance, file paths, approach.
For exploratory handoffs: the idea, loose direction, open questions.

### Acceptance Criteria (directed handoffs)

3-5 measurable checkboxes that define "done." Not required for
exploratory handoffs. Required for directed ones.

- [ ] Criterion 1
- [ ] Criterion 2

### Constraints (optional)

Technical, timeline, or resource constraints that shape execution without
limiting direction. Examples: "Must work on Go 1.25+", "Don't introduce
new dependencies", "Timeline: this week."

## Scope

**In scope:** What the receiver should focus on.
**Out of scope:** What to explicitly skip (prevents scope creep).

## References

- Links, file paths, PR/issue URLs (all resolvable from target project)
- Any artifacts created during the source session

Writing Rules

Self-contained. The receiver has zero conversation context. Never reference the source session as something the receiver can consult. It won’t exist.

Reasoning is the payload. The why behind decisions, not just the what. “Chose X over Y because Z” lets the receiver challenge decisions intelligently. “Use X” gives them no basis to evaluate.

All references must be resolvable. Use full URLs for external repos, not bare relative paths. File paths must make sense from the target project.

No template filler. Every line earns its keep. If a section heading has nothing meaningful under it, drop the section.

One handoff, one concern. Don’t bundle unrelated work. Two handoffs to the same project is fine.

Dated, not versioned. Handoffs are point-in-time artifacts. If the work evolves, write a new handoff, don’t update the old one.

Apply /pb-voice. Organic prose, no em dashes in the template (use – instead), free-flowing reasoning.

Procedure

Step 1: Verify substance (quality gate)

Scan the current conversation for substance. If it’s too thin, stop and say so.

Step 2: Determine handoff type

Based on how much has been resolved: directed (approach decided, execution needs context) or exploratory (idea needs investigation with project context).

Step 3: Synthesize

Review the conversation to extract:

What triggered this work
Research done
Key findings
Decisions made (with reasoning)
Direction for the receiver
References (URLs, file paths, code snippets)

Step 4: Write the document

Follow the document structure above. For focused tasks (bug fix, small change), use a compact structure. For research-heavy transfers, use the full structure where separation adds clarity.

For directed handoffs, include acceptance criteria – 3-5 measurable checkboxes. For security work, always include reproduction steps and impact.

Step 5: Suggest the entry point

After writing, tell the receiver how to start:

Handoff written: todos/handoff-YYYY-MM-DD-<slug>.md

Start with:
  Read todos/handoff-YYYY-MM-DD-<slug>.md and execute the next steps.

Design Principles

Handoff initiates, receiver decides. The handoff starts work, it doesn’t prescribe every step. The receiver has context the source doesn’t. Trust them to make execution decisions.
Self-contained over complete. Better to link to a 500-line analysis than inline it. The receiver can read files.
Reasoning is the payload. Code is easy to re-derive. The reasoning behind decisions is what’s hard to reconstruct and easy to lose.
Dated, not versioned. Handoffs are point-in-time artifacts. If the work evolves, write a new handoff.
One handoff, one concern. Don’t bundle unrelated work.
Two speeds. Detailed when the source has done the thinking, exploratory when the idea needs context to develop. Both are valid.

/pb-start – Begin work from a handoff (receiver’s first step)
/pb-pause – Preserve context before stepping away (complementary to handoff)
/pb-plan – Build execution plan from an exploratory handoff
/pb-preamble – Challenge assumptions (apply to handoff decisions)
/pb-voice – Apply organic prose style to handoff writing

Context transfers cleanly. Receivers start building, not re-discovering. | v1.0.0

Async Standup & Status Updates

Keep team aligned on progress without synchronous meetings. Use this template for async standups, progress updates, or team check-ins during distributed work.

Mindset: Standups are where you surface blockers and risks.

Use /pb-preamble thinking: be direct about problems, don’t hide issues to seem productive. Use /pb-design-rules thinking in standups: highlight when code embodies good design (Clarity, Simplicity, Robustness) and flag design risks early.

Resource Hint: sonnet - status reporting and team communication

Purpose

Async standups provide visibility into:

What work got done and what’s in progress
Blockers or help needed
Team rhythm and cadence
Historical record of progress

When to use:

Daily async standups (instead of sync meetings)
Multi-day/week feature progress updates
Milestone check-ins during long-running work
Handoff documentation when someone takes over work
End-of-week team status summarization

Quick Template (5 min to write)

## Standup: [Your Name] - [Date]

### Yesterday [YES]
- [Task completed with link/PR/commit]
- [Task completed]

### Today in progress
- [Current focus]
- [Planned task]

### Blockers 🚧
- [What's blocking progress, if anything]

### Help Needed ❓
- [Specific ask, if any]

### Notes (optional)
[Anything else useful for team context]

Example:

## Standup: Sarah - 2026-01-13

### Yesterday [YES]
- Implemented user authentication endpoint (PR #234)
- Added unit tests for auth logic
- Fixed bug in password validation

### Today in progress
- Refactoring database queries for performance
- Adding integration tests for auth flow
- Pairing with James on API contract

### Blockers 🚧
- None currently

### Help Needed ❓
- Review for PR #234 when you get a chance

### Notes
- Performance improvements showing good results
- Database indexes now properly configured

Detailed Template (Comprehensive)

Use when you need to provide more context or detailed progress update.

Section 1: Yesterday (What Got Done)

List completed work from the previous working day:

Task description - Brief outcome
- Where to find it: PR link, commit, test results, screenshot

Guidelines:

One line per task (keep it scannable)
Link to artifacts (PRs, commits, deployments)
Focus on outcome, not effort (“Fixed login bug” not “Spent 3 hours debugging”)
Include both code and non-code work (reviews, meetings, docs)

Example:

### Yesterday [YES]
- Created payment webhook endpoint (PR #445)
- Added webhook signature validation tests
- Reviewed team's database design PR #440
- Updated API documentation

Section 2: Today (Current Focus & Plans)

What you’re working on right now and what’s planned:

in progress Current task - What you’re actively coding on
task Planned task - What comes next
⏸️ Waiting on - Things you’re waiting for (feedback, approval, dependency)

Guidelines:

Realistic scope (what you’ll actually complete today)
In priority order (what matters most first)
Include dependencies (“Can’t start integration tests until #450 merges”)
Flag if you’re jumping contexts

Example:

### Today in progress
- Debugging rate limiter edge case (in progress, hoping to complete by noon)
- Adding caching layer to user queries (if rate limiter done)
- Waiting on QA sign-off from yesterday's changes before deploying

Section 3: Blockers (What’s Stuck)

What’s preventing progress and needs intervention:

🚧 Blocker description - What’s stuck and why
- Impact: How much does this affect you?
- Needed: What’s required to unblock?

Example:

### Blockers 🚧
- Database migration script timing out (testing on staging)
  - Impacting: Can't ship auth refactor until migration works
  - Need: DBA to review migration strategy or provide alternative approach

Section 4: Help Needed (Explicit Requests)

What you explicitly need from others:

❓ Specific ask - Exactly what you need
- Who: Who should help (name or team)
- By when: Urgency (ASAP, this week, next week)

Example:

### Help Needed ❓
- Code review on PR #456 (auth refactor)
  - Who: Tech lead or senior engineer
  - Urgency: Need feedback this afternoon to stay on schedule
- Clarification on payment reconciliation logic
  - Who: Product/finance team
  - Urgency: Next 2 days is fine

Section 5: Notes & Context (Optional)

Anything else useful for team understanding:

Metrics or measurements (performance improvements, test coverage)
Architecture decisions made
Risks or concerns noticed
Positive progress or momentum
Learning or interesting findings
Upcoming changes that affect the team

Example:

### Notes
- Performance improvements: Query time down 40% with new indexing
- Upcoming: Payment vendor API deprecates v1 next month, starting migration planning
- Pairing tomorrow with frontend team on integration testing
- All tests passing, no blockers beyond those noted above

By Work Type

Feature Development Standup

Focus on:

Feature completion percentage
Design decisions made
Integration points with other systems
Timeline status (on track, at risk, etc.)

Bug Fix Standup

Focus on:

Root cause found/confirmed
Solution approach
Testing coverage
Deployment plan

Refactoring Standup

Focus on:

Refactoring scope
Testing strategy
Risk assessment
Performance impact

Multi-Week Project Standup

Expand to include:

Phase progress (which phase, % complete)
Dependency status (are we blocked on other teams?)
Team capacity (any changes to resource availability?)
Risks or mitigation actions taken

Best Practices

Writing Effective Standups

[YES] DO:

Be specific (“Added validation for email input” not “Worked on form”)
Include links (PR, commit, dashboard, screenshot)
Be honest about blockers and concerns
Keep it scannable (bullet points, one thought per line)
Write for someone who doesn’t know the project

[NO] DON’T:

Over-explain (“Spent 2 hours debugging” - just say “Fixed bug X”)
Use jargon without context
Make excuses (“Lots of meetings” - just note if it affected progress)
Go too long (standup should take 5 min to write, 2 min to read)

Frequency & Timing

Daily standups (async):

Post at start of your day (before you start coding)
Team reads async throughout the day
No meeting needed
Updates morale and transparency

Weekly standups (for M/L tier work):

Friday EOD or Monday morning
Summarize week’s progress
Highlight risks or blockers
Great for distributed teams

Milestone standups (for long-running work):

After significant milestone
Broader audience (stakeholders, product)
More formal tone
Includes metrics and outcomes

Using Standups for Async Alignment

Standups create a paper trail of:

What was built and why
Decisions made and rationale
Blockers and how they were resolved
Team coordination without meetings

Read standups before:

Meetings (know what’s already happened)
Code reviews (understand context)
Planning (understand where we are)

/pb-start - Begin work on a new feature or fix
/pb-resume - Get back into context after a break
/pb-cycle - Self-review and peer review during development

Template to Copy

## Standup: [Your Name] - [Date: YYYY-MM-DD]

### Yesterday [YES]
- [ ] Task 1
- [ ] Task 2

### Today in progress
- [ ] Current work
- [ ] Next task

### Blockers 🚧
- None (or describe)

### Help Needed ❓
- None (or describe)

### Notes
- (optional: metrics, risks, context)

Building Team Culture Around Standups

Standups are more than status updates-they’re about building trust and psychological safety.

Create Psychological Safety for Blockers

Why it matters: Teams that feel safe reporting blockers unblock faster and ship better.

Practice:

Celebrate blockers being surfaced (“Thank you for flagging that early”)
Never punish for being stuck (ask how to help instead)
Public blockers → team problem-solving (not individual failure)
Model vulnerability (leaders share their own blockers first)

Example:

Bad: "Why is auth still blocked? That's been 3 days."
Good: "I see auth is blocked on API review. How can we unblock that? Can I help review?"

Celebrating Progress in Distributed Teams

Weekly wins ritual:

Highlight completed features (not just checklist items)
Call out helpful peer reviews, knowledge sharing, or mentoring
Recognize cross-team collaboration
Share customer feedback or metrics

Why: Distributed teams lack hallway conversations. Standups are a moment to feel part of something.

Handling Sensitive Situations

Scope changes or deprioritization:

Acknowledge the shift explicitly
Explain impact (avoid sudden plan changes)
Provide new timeline/expectations
Ask if team has concerns

Extended blockers (1+ week):

Escalate explicitly (not buried in standup)
Propose solutions, don’t just report problem
Schedule dedicated unblocking session

Team dynamics or personal issues:

Normalize “personal circumstances affecting focus” (no details needed)
Offer flexibility without requiring explanation
Check in 1-on-1 separately if you notice patterns

Remote-First Best Practices

Written standups work best because:

Asynchronous (no meeting fatigue)
Skimmable (busy people can scan quickly)
Searchable (reference past decisions/blockers)
Inclusive (no one talking over each other)

Make them effective:

Post at consistent time (start of day recommended)
Don’t require immediate responses (async means async)
Link to artifacts (PRs, docs, tickets) not raw prose
Read others’ standups regularly (builds team awareness)

Video standups (avoid):

Same latency as meeting but less scannable
Makes async harder
Use for real-time discussions, not status

Standup Etiquette

For writers:

Be honest about blockers (don’t minimize)
Include “needs help” asks (don’t suffer silently)
Link everything (help readers find context)

For readers:

Read daily (takes 5 min, huge impact on collaboration)
Respond to help requests same day (or delegate)
Ask thoughtful follow-up questions (shows you’re paying attention)

Q: How detailed should standups be? A: Detailed enough that someone unfamiliar with the task understands progress. Link to PRs/commits for details.

Q: What if I’m blocked and can’t make progress? A: Explicitly state the blocker in the “Blockers” section. Be specific about what’s needed to unblock.

Q: Can I skip a standup if nothing changed? A: No, write it anyway. Even “No progress (waiting on external API response)” is useful for team visibility.

Q: Should I include meetings/interruptions? A: Only if they significantly affected work. “Lots of meetings” is context but not as useful as “Pairing on auth design with team lead”.

Q: How long should a standup take? A: 5 minutes to write, 2 minutes to read. If it’s longer, you’re over-explaining.

Created: 2026-01-11 | Category: Development | Updated: When first shipped

Pattern Learning

Purpose: Extract reusable patterns from the current session - error resolutions, debugging techniques, workarounds, and project conventions.

Mindset: Design Rules say “measure before optimizing” - learn from what you measure, not what you assume. Capture knowledge that would help future you (or teammates) solve similar problems faster. Focus on patterns that are reusable, not one-time fixes.

Resource Hint: sonnet - pattern extraction and documentation

When to Use

After resolving a non-trivial bug worth documenting
After discovering a debugging technique or library workaround
After establishing a project convention that teammates should follow
After a session where hard-won insights would otherwise be lost

What to Capture

Category	Good Candidate	Skip
Error Resolution	“Type X error in library Y means Z”	Typo fixes
Debugging Technique	“To debug A, check B then C”	Obvious checks
Workaround	“Library X has quirk Y, work around with Z”	Version-specific issues that will be fixed soon
Project Pattern	“In this codebase, we handle X by doing Y”	One-off decisions

Rule of thumb: If you’d explain this to a teammate joining the project, it’s worth capturing.

Pattern Template

# [Pattern Name]

## Problem

[What situation triggers this pattern - be specific about symptoms]

## Solution

[What to do - concrete steps or code]

## Example

[Code or commands demonstrating the solution]

## Context

[When this applies, when it doesn't, prerequisites]

## Discovered

[Date, project, session context]

Storage Locations

Location	Use For	Command
`.claude/patterns/`	Project-specific patterns, shareable with team	Default
`~/.claude/learned/`	Universal patterns, personal knowledge base	`--global` flag

Project Patterns (Default)

.claude/patterns/
├── error-axios-timeout-handling.md
├── debug-react-state-updates.md
└── workaround-jest-esm-modules.md

Commit these to share with your team. They become part of project knowledge.

Global Patterns

~/.claude/learned/
├── debug-memory-leaks-node.md
├── workaround-docker-m1-networking.md
└── pattern-api-retry-logic.md

These follow you across all projects - personal knowledge base.

Workflow

Step 1: Identify the Pattern

After resolving an issue, ask yourself:

Would this help me next time I hit this?
Would this help a teammate?
Is this specific enough to be actionable?
Did this take significant time to figure out?

If yes to any, proceed.

Step 2: Extract the Pattern

Review what happened:

What was the symptom? - Error message, unexpected behavior
What was the root cause? - Why it happened
What was the solution? - What fixed it
What made this non-obvious? - Why it took time to figure out

Step 3: Document

Use the template above. Be specific:

Bad	Good
“Check the logs”	“When axios throws ECONNRESET, check if server timeout < client timeout”
“Fix the types”	“TypeScript 5.x with ESM requires .js extensions in imports even for .ts files”
“Handle the error”	“Prisma P2025 means record not found - check if ID exists before update”

Step 4: Store

# Project-local (default) - creates .claude/patterns/[name].md
mkdir -p .claude/patterns

# Global - creates ~/.claude/learned/[name].md
mkdir -p ~/.claude/learned

Examples

Error Resolution Pattern

# TypeScript: Cannot find module with .js extension

## Problem

TypeScript compilation fails with "Cannot find module './foo.js'" even though
foo.ts exists. Happens after upgrading to TypeScript 5.x with ES modules.

## Solution

In tsconfig.json, set moduleResolution appropriately:
- For `Node16`/`NodeNext`: imports need .js extension even for .ts files
- For `bundler`: imports can omit extension

## Example

```json
{
  "compilerOptions": {
    "module": "NodeNext",
    "moduleResolution": "NodeNext"
  }
}

Then import with .js:

import { helper } from './helper.js';  // Even though file is helper.ts

Context

Applies to TypeScript 5.x with ES modules. Classic CommonJS projects don’t have this issue. If using a bundler (webpack, vite), use moduleResolution: "bundler" instead.

Discovered

2026-01-21, playbook project, debugging module resolution


### Debugging Technique Pattern

```markdown
# Debug React useEffect Running Twice

## Problem

useEffect cleanup and effect running twice in development, causing duplicate
API calls or unexpected state.

## Solution

This is intentional in React 18+ Strict Mode. It helps find bugs where:
- Cleanup doesn't properly reset state
- Effects have missing dependencies
- Effects aren't idempotent

To debug:
1. Check if cleanup function properly reverses the effect
2. Verify effect is idempotent (safe to run twice)
3. Use AbortController for fetch requests

## Example

```jsx
useEffect(() => {
  const controller = new AbortController();

  fetchData({ signal: controller.signal })
    .then(setData)
    .catch(err => {
      if (err.name !== 'AbortError') throw err;
    });

  return () => controller.abort();  // Proper cleanup
}, []);

Context

React 18+ development mode only. Production runs effects once. Don’t disable Strict Mode - fix the underlying issue instead.

Discovered

2026-01-21, investigating “duplicate API calls” issue


### Workaround Pattern

```markdown
# Jest ESM Modules: SyntaxError unexpected token export

## Problem

Jest fails with "SyntaxError: Unexpected token 'export'" when testing
code that imports from ESM-only packages (e.g., nanoid, chalk v5).

## Solution

Add the package to Jest's transformIgnorePatterns exception:

```javascript
// jest.config.js
module.exports = {
  transformIgnorePatterns: [
    'node_modules/(?!(nanoid|chalk)/)'
  ]
};

Context

Needed for ESM-only packages in Jest with CommonJS setup. Alternative: migrate project to native ESM or use vitest.

Discovered

2026-01-21, adding nanoid to project


---

## When NOT to Use

Skip pattern extraction for:

- **Trivial fixes** - Typos, missing imports, syntax errors
- **Temporary workarounds** - Hacks you'll remove soon
- **Highly version-specific** - Library will fix in next release
- **Well-documented elsewhere** - Official docs cover it well
- **One-time decisions** - Choices that won't recur

---

## Pattern Quality Checklist

Before saving, verify:

- [ ] **Problem is specific** - Someone can recognize when they have this issue
- [ ] **Solution is actionable** - Steps are concrete, not vague
- [ ] **Example is included** - Shows actual code or commands
- [ ] **Context explains scope** - When it applies, when it doesn't
- [ ] **Not already documented** - Check project docs, official docs first

---

## Organizing Patterns

### Naming Convention

[category]-[topic]-[specifics].md

error-prisma-p2025-not-found.md debug-react-hydration-mismatch.md workaround-jest-esm-modules.md pattern-api-retry-exponential.md


### Categories

| Prefix | Use For |
|--------|---------|
| `error-` | Error message resolutions |
| `debug-` | Debugging techniques |
| `workaround-` | Library/tool quirks |
| `pattern-` | Reusable code patterns |
| `setup-` | Environment/tooling setup |

---

## Integration

After resolving non-trivial issues in these workflows, consider capturing patterns:

- `/pb-debug` - After fixing a tricky bug, capture the resolution
- `/pb-cycle` - After discovering a better approach during iteration

---

## Related Commands

- `/pb-debug` - Debugging methodology (source of error/debug patterns)
- `/pb-cycle` - Development iteration (source of pattern discoveries)
- `/pb-resume` - Uses stored patterns for session continuity
- `/pb-documentation` - Writing clear documentation
- `/pb-standards` - Project conventions to document

---

*Patterns compound. Today's hard-won insight is tomorrow's instant recall.*

Set Your Decision Rules (One-Time Setup)

Resource Hint: sonnet - One-time setup (15 minutes) that enables 90% automation forever.

Run this once (or annually) to establish how you want /pb-review to auto-decide issues. After this, the system handles 90% of decisions automatically.

You: 15 minutes of setup System: Everything else, forever

When to Use

First time: pb-preferences --setup (full questionnaire)
Annual refresh: pb-preferences --review (revisit decisions)
One-off update: pb-preferences --adjust [category] (change one preference)

How It Works

First Time Setup

/pb-preferences --setup
  ↓ System asks 15 questions (takes ~10 min)
  ↓ You answer based on your values
  ↓ Preferences saved
  ↓ /pb-review uses them forever

Example questions:
  1. Architecture issues (e.g., tight coupling): always fix? defer if <1h? accept?
  2. Code quality: strict (fix everything) or pragmatic (accept some debt)?
  3. Testing: require 80%+ coverage? defer gaps if coverage good? accept risk?
  4. Performance: always optimize? accept debt if deadline tight? benchmark first?
  5. Security: zero-tolerance (always fix)? severity-based? case-by-case?
  6. Refactoring: always simplify if possible? defer if working? case-by-case?
  7. Documentation: always complete? defer if clear code? accept gaps?
  8. Breaking changes: auto-rebase before commit? squash? accept?
  9. Commit frequency: after every feature? batch by day? by complexity?
  10. Error handling: strict (all cases) or pragmatic (main paths only)?
  11. Async/concurrency: always add tests? defer if low-risk? accept?
  12. Database: require indexes upfront? performance-driven? accept?
  13. Dependencies: strict (minimize)? pragmatic (use what helps)? accept?
  14. Logging: verbose (capture everything)? selective? minimal?
  15. Deadline pressure: relax standards? compress testing? accept tech debt?

Your Answer Format

For each question, choose:

Always - Auto-fix every time
Never - Auto-defer every time
Threshold - Auto-fix if [condition], otherwise decide case-by-case
Case-by-case - Ask me each time

Example answer:

Q: "Testing: how strict?"
A: "Threshold: Always fix if coverage < 80%, defer if >= 85%, case-by-case if 80-84%"

Q: "Security: tolerance level?"
A: "Always: Fix security issues regardless of effort"

Q: "Performance: when to optimize?"
A: "Threshold: Auto-fix if effort < 1 hour, case-by-case if longer"

Q: "Breaking changes?"
A: "Case-by-case: Depends on impact"

Preferences Saved

.playbook-preferences.yaml
  Architecture:
    tight_coupling: "threshold<1h"
    circular_dependencies: "always"
    single_point_of_failure: "always"
  Code Quality:
    dry_violations: "threshold<30min"
    error_handling: "always"
    variable_naming: "case-by-case"
  Testing:
    coverage_target: 80
    failure_path_coverage: "always"
    edge_cases: "threshold<1h"
  Performance:
    optimization_threshold: 1h
    n_plus_one: "always"
    caching_opportunities: "case-by-case"
  Security:
    input_validation: "always"
    authentication: "always"
    data_access: "always"
  # ... etc

Using Your Preferences

During `/pb-review`

System applies your preferences automatically:

Issue: "Architecture: Email service should be extracted"
Your preference: "Architecture: threshold<1h"
Effort estimate: 30 minutes
Decision: AUTO-FIX ✓

Issue: "Testing: Missing edge cases in retry logic"
Your preference: "Testing failure paths: always"
Decision: AUTO-FIX ✓

Issue: "Performance: Consider caching strategy"
Your preference: "Performance optimization: case-by-case"
Decision: ASK YOU ⚠ (brief question)

Issue: "Documentation: Variable naming unclear"
Your preference: "Variable naming: case-by-case"
Decision: ASK YOU ⚠ (brief question)

When System Asks (The 10%)

Issue: "Complex retry logic (nested loops + state machine)"
Your preferences don't cover this type of complexity
System: "New issue type: Excessive code complexity. Usually fix? [Always] [Never] [Threshold] [Case-by-case]"
You: "Threshold: Fix if effort < 2h"
System: "This is 1.5 hours. Fixing it."
System: Saves your answer for future

When You Want to Override

/pb-review --override "skip-testing-defer"
  ↓ Issue that would normally auto-defer gets fixed
  ↓ System logs: "User overrode preference on [date] for [reason]"
  ↓ Quarterly report shows pattern if it happens often

Your Preferences Ladder (Typical)

Strict Mode (high quality, longer dev time)

Architecture: always fix
Code quality: always fix
Testing: always 80%+ coverage
Performance: always optimize
Security: always fix
Documentation: always complete

Pragmatic Mode (ship faster, accept debt)

Architecture: threshold<1h fix, else defer
Code quality: threshold<30min fix, else case-by-case
Testing: threshold<80% coverage accept, else case-by-case
Performance: threshold<1h optimize, else defer
Security: always fix (never compromise)
Documentation: case-by-case

Balanced Mode (default)

Architecture: always fix if critical, threshold<1h otherwise
Code quality: always fix error handling, threshold<30min else
Testing: require 80%+ coverage, defer gaps if timeline tight
Performance: case-by-case, benchmark if unsure
Security: always fix
Documentation: case-by-case

Annual Review

/pb-preferences --review
  ↓ System shows what you've decided this past year
  ↓ "Auto-fixed 387 issues, 47 ambiguous cases, 12 overrides"
  ↓ "Most common: error handling (78 fixes), testing (65 defers)"
  ↓ "Do your preferences still align? [Yes] [Adjust] [Reset]"
  ↓ Update any preferences that no longer fit

Examples: Setting Preferences

Example 1: Security-Critical Project

Q: Security issues?
A: "Always: Fix everything regardless of effort"

Q: Error handling?
A: "Always: Explicit error handling on all paths"

Q: Testing?
A: "Always: 90%+ coverage required"

Q: Performance?
A: "Threshold: Optimize if < 2h, defer if longer"

Q: Architecture?
A: "Always: Fix assumptions, dependency issues"

Q: Breaking changes?
A: "Always: Proper deprecation path"

→ /pb-review becomes conservative (fixes almost everything)

Example 2: Startup MVP

Q: Security issues?
A: "Always: But only critical (auth, data loss)"

Q: Testing?
A: "Threshold: 60% coverage OK, defer gaps if timeline tight"

Q: Performance?
A: "Case-by-case: Optimize after users find issues"

Q: Architecture?
A: "Threshold: Fix if <30min, defer if longer"

Q: Code quality?
A: "Pragmatic: Fix DRY if reused 3+times, else skip"

Q: Documentation?
A: "Never: Code is self-documenting enough for MVP"

→ /pb-review becomes lenient (ships fast, fixes only critical)

Example 3: Your Playbook (Recommended)

Q: Architecture?
A: "Always: Fix assumptions, dependencies, scaling"

Q: Code quality?
A: "Always: Error handling, DRY where it matters"

Q: Testing?
A: "Threshold: 80%+ coverage, defer if deadline < 1h away"

Q: Performance?
A: "Case-by-case: Benchmark first, then decide"

Q: Security?
A: "Always: Never compromise"

Q: Documentation?
A: "Always: Clear code + minimal docs for complex parts"

Q: Breaking changes?
A: "Always: Deprecation path required"

→ /pb-review enforces quality by default, pragmatic on timeline

Quick Setup (5 Minutes)

If you want fast setup:

/pb-preferences --template "balanced"
  ↓ System loads balanced defaults
  ↓ You review, adjust key ones
  ↓ Done

Default categories to adjust:
  - Security: [Your tolerance]
  - Performance: [Your threshold]
  - Testing: [Your coverage target]
  - Deadline: [Your pressure point]

What Gets Saved

~/.playbook-preferences.yaml
  version: 1.0
  last_updated: 2026-02-17
  preset: "balanced"

  Architecture:
    - issue_type: "tight_coupling"
      rule: "threshold<1h"
    - issue_type: "single_point_of_failure"
      rule: "always"
    # ...

  CodeQuality:
    - issue_type: "dry_violations"
      rule: "threshold<30min"
    # ...

  Testing:
    - issue_type: "coverage_gaps"
      rule: "threshold>80"
    # ...

This file is checked into your .claude/ directory (not repo) so it persists.

Integration

One-time:

/pb-preferences --setup (15 min)

Then forever:

/pb-review uses your preferences
System auto-decides 90% of issues
You only decide truly ambiguous cases

Annual:

/pb-preferences --review (5 min, optional adjustment)

The Philosophy

Goal: Codify your values into decision rules.

Quality standards don’t change per-commit (captured in preferences)
Deadlines don’t override standards (preferences handle timeline tension)
Automation doesn’t mean mediocrity (your preferences enforce quality)
Human judgment matters (only for genuinely ambiguous cases)

Result: Consistency, speed, quality. Pick two? No. Get all three.

/pb-review - Uses these preferences to auto-decide
/pb-start - Establishes scope (feeds into depth detection)
/pb-linus-agent - For deep dives if preferences don’t cover something

One-time setup enables automagic forever | v1.0.0

Get context-aware playbook command recommendations based on your current work state.

Mindset: This tool assumes both /pb-preamble thinking (challenge recommendations, don’t follow blindly) and /pb-design-rules thinking (verify design decisions at each stage).

The recommendations are starting points, not rules. Question them. Challenge the suggestion if you think a different path makes more sense. Use this as a thinking tool, not an oracle.

Resource Hint: sonnet - Git state analysis and context-aware command recommendation.

When to Use

Run this command when you’re unsure which playbook command to use next. The command analyzes:

Git state: Current branch, modified files, commit history
File types: What you’re working on (code, docs, tests, etc.)
Work phase: Early stage, mid-work, ready for review, etc.

Status

✅ Available Now (Phase 3+)

The /pb-what-next command is fully implemented and ready to use. It analyzes your git state and recommends the next playbook commands automatically.

Usage

# Get recommendations for your current state
python scripts/analyze-playbook-context.py

# Get detailed analysis with reasoning
python scripts/analyze-playbook-context.py --verbose

# Use custom metadata file
python scripts/analyze-playbook-context.py --metadata /path/to/metadata.json

This command analyzes:

Git branch and changed files
Commit count and work phase
File types (source, tests, docs, config, CI)
Related commands from metadata
Workflow patterns

Real-World Examples

Example 1: Starting a Feature

Your Situation:

Branch: feature/user-auth
Commits: 0
Changes: None

Recommendation Output:

Recommended Next Steps
━━━━━━━━━━━━━━━━━━━

1. `/pb-start` - Start Development Work
   - Begin iterative development
   - Time: 5 min

Why: You’ve just created the branch. /pb-start helps establish the rhythm for your work.

Example 2: Mid-Feature Development

Your Situation:

Branch: feature/user-auth
Commits: 3
Changes: Both src/auth.py and tests/test_auth.py modified

Recommendation Output:

Recommended Next Steps
━━━━━━━━━━━━━━━━━━━

1. `/pb-cycle` - Development Cycle
   - Self-review + peer review
   - Confidence: 90% | Time: 45 min

2. `/pb-testing` - Advanced Testing
   - Verify test coverage
   - Confidence: 85% | Time: 5 min

Why These Commands?
━━━━━━━━━━━━━━━━━━━

• Both source and test files changed → Full development cycle
• 3 commits → Time to iterate on feedback
• Active feature branch → In development mode

Why: You’re actively coding. /pb-cycle helps with self-review and peer feedback, while /pb-testing ensures your tests match your code.

Example 3: Ready to Submit

Your Situation:

Branch: feature/user-auth
Commits: 5
Changes: All staged

Recommendation Output:

Recommended Next Steps
━━━━━━━━━━━━━━━━━━━

1. `/pb-commit` - Atomic Commits
   - Organize into logical commits
   - Confidence: 90% | Time: 10 min

2. `/pb-pr` - Quick PR Creation
   - Create pull request
   - Confidence: 90% | Time: varies

Why These Commands?
━━━━━━━━━━━━━━━━━━━

• 5+ commits → Time to organize with /pb-commit
• All changes staged → Ready for PR
• Feature branch → Ready to integrate

Why: Your work is ready to submit. /pb-commit helps organize into clean commits, then /pb-pr creates the pull request.

Example 4: On Main Branch (Release Time)

Your Situation:

Branch: main
Commits: 10+
Changes: None

Recommendation Output:

Recommended Next Steps
━━━━━━━━━━━━━━━━━━━

1. `/pb-release` - Release Preparation
   - Prepare for production
   - Time: 45 min

2. `/pb-deployment` - Deployment Strategies
   - Plan deployment
   - Time: 5 min

Why These Commands?
━━━━━━━━━━━━━━━━━━━

• On main branch → Release mode detected
• Multiple commits → Ready for release checklist
• Clean working directory → All changes are committed

Why: You’re on main. It’s time to prepare the release and plan deployment.

Output Interpretation Guide

Current Work State

Branch: The git branch you’re on (feature/, fix/, main, etc.)
Phase: Detected workflow phase (START, DEVELOP, FINALIZE, REVIEW, RELEASE)
Changes: Number of modified files and their types

Recommended Next Steps

Each recommendation includes:

Command name: Which /pb-* command to run next
Purpose: Brief description of what the command does
Confidence: 0.6-1.0 score indicating how certain the recommendation is
Time: Estimated duration (5 min to 2 hours)

Confidence Levels

0.90-1.0 (Very High): Direct match to your situation
0.80-0.90 (High): Strong pattern match from context
0.70-0.80 (Moderate): Inferred from related changes
0.60-0.70 (Low): Suggested based on workflow

Why These Commands?

Explains the reasoning:

File types changed (source, tests, docs, config, CI)
Commit count and phase detection
Detected work patterns

Troubleshooting

“Metadata file not found”

Problem: The command can’t find .playbook-metadata.json

Solution: Run the metadata extraction command:

python scripts/extract-playbook-metadata.py

This generates the metadata that /pb-what-next uses for command details.

“No recommendations”

Problem: You get an empty recommendations list

Solution:

Verify you’re in a git repository: git status
Create or modify files to establish context
Run with --verbose to see detailed analysis: python scripts/analyze-playbook-context.py --verbose

“Unexpected recommendations”

Problem: Recommendations don’t match your expectations

Solution:

Run with --verbose to see how the phase was detected
Check your git state: git status, git log --oneline -5
Branch name matters: use feature/*, fix/*, refactor/* naming for best results

“Can’t analyze git state”

Problem: Git analysis fails

Solution:

Ensure you’re in a git repository: git init if needed
Ensure git is installed: git --version
Check git permissions: ls -la .git

Tips & Best Practices

Run after each unit of work
- After coding a feature, run /pb-what-next
- After code review feedback, run /pb-what-next
- At any point when you’re unsure what to do next
Use verbose mode to understand decisions
```
python scripts/analyze-playbook-context.py --verbose
```
See detailed traces of how phases were detected and why
Follow recommendations in order
- First recommendation is the highest priority
- Each command builds on the previous one
- Complete each step before returning for new recommendations
Use with feature/fix/refactor branch naming
- feature/new-feature → Development workflow
- fix/bug-name → Bug fix workflow
- refactor/cleanup → Refactor workflow
- Naming helps the tool detect your intent
Combine with /pb-standup for tracking
- Run /pb-what-next to see what’s next
- Complete that step
- Run /pb-standup to track progress
- Repeat until work is ready to merge

How It Works

The command analyzes your current situation and recommends relevant commands:

Branch Analysis

feature/* branch? → Development workflow
fix/* branch? → Bug fix workflow
refactor/* branch? → Refactor workflow
Just merged to main? → Release workflow

File Analysis

Changed tests/? → Run /pb-testing
Changed docs/? → Use /pb-documentation
Changed src/ + tests/? → Full cycle needed
No tests changed? → Add test coverage with /pb-testing

Time-Based Recommendations

Early in feature? → /pb-start, /pb-cycle, /pb-standards
Mid-feature? → /pb-cycle, /pb-testing
Ready to finalize? → /pb-commit, /pb-pr
Code review? → /pb-review-hygiene, /pb-review-tests, /pb-security
Release time? → /pb-release, /pb-deployment

Example Output

📊 Current Work State
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

Branch:    feature/v1.3.0-user-auth
Files:     3 changed (src/, tests/)
Status:    Mid-feature, tests need updating

✅ RECOMMENDED NEXT STEPS
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

1. 🔄 /pb-cycle  →  Self-review + peer feedback
   "Self-review your changes and get peer feedback on approach"
   Time: 30-60 minutes

2. ✅ /pb-testing  →  Verify test coverage
   "Ensure your tests match your changes"
   Time: 10 minutes

3. 🎯 /pb-commit  →  Craft atomic commits
   "Organize your work into logical commits"
   Time: 5 minutes

4. 🔗 /pb-pr  →  Create pull request
   "Submit your work for integration"
   Time: 10 minutes

━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

💡 WHY THESE COMMANDS?
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

• Both src/ and tests/ changed  → You're doing TDD (good!)
• Tests modified recently       → Run /pb-testing to verify coverage
• Feature branch active         → You're in development mode
• No commits yet                → Time to wrap up and PR

/pb-start - Begin feature work (creates branch)
/pb-cycle - Self-review + peer review loop
/pb-commit - Craft atomic commits
/pb-pr - Create pull request
/pb-release - Release preparation

How It Differs from Other Commands

Command	Purpose	When
`/pb-what-next`	Recommend next action	Unsure, need guidance
`/pb-start`	Create branch, establish rhythm	Starting feature
`/pb-cycle`	Self-review + peer review	After coding a unit
`/pb-release`	Release checklist	Preparing for production

Use /pb-what-next when in doubt. It analyzes your situation and points you to the right command.

How the Implementation Works

The /pb-what-next command analyzes your situation through these steps:

1. Git State Analysis

Runs these git commands to understand your work:

git branch --show-current    # Current branch
git status --porcelain       # Modified files
git log --oneline -10        # Recent commits
git diff --name-only         # Files changed

Returns: branch name, changed files, commit count, unstaged/staged changes

2. File Type Detection

Categorizes changes by type:

Tests: Files matching *test*.py, *.spec.ts, etc.
Docs: Markdown files, documentation directories
Source: Code files (.py, .ts, .js, .go, .rs)
Config: Docker, package.json, pyproject.toml, etc.
CI: GitHub Actions workflows, CI config files

3. Workflow Phase Detection

Maps your situation to one of 5 phases:

START (0 commits, fresh branch)
DEVELOP (1-4 commits, active changes)
FINALIZE (5+ commits, ready to wrap up)
REVIEW (PR created, in review)
RELEASE (on main branch, deployment time)

4. Recommendation Generation

Uses your phase + file types to suggest commands:

Phase-based: Different commands for each workflow phase
File-type-based: Test changes trigger /pb-testing, doc changes trigger /pb-documentation
Confidence scoring: Each recommendation gets 0.6-1.0 confidence based on match strength

5. Metadata-Driven

Uses .playbook-metadata.json for:

Command titles, purposes, tiers
Time estimates per command
Related commands and integrations

Recommended Workflow

Typical development session:

1. START
   └─ /pb-start       Create branch
                      Time: 5 min

2. DEVELOP
   └─ /pb-cycle       Iterate (repeat 3-5x)
      /pb-testing     Verify tests
                      Time: 30-60 min per iteration

3. FINALIZE
   └─ /pb-commit      Organize commits
      /pb-pr          Create PR
                      Time: 15 min

4. REVIEW
   └─ /pb-review-hygiene Code review
      /pb-review-tests Test review
      /pb-security     Security check
                       Time: 30-60 min

5. MERGE & DEPLOY
   └─ /pb-release     Release checklist
      /pb-deployment   Deploy strategy
                       Time: 1-2 hours

At any point, run /pb-what-next to confirm you’re on the right path.

Tips

Stuck? Run /pb-what-next --verbose for detailed explanations
Learning? Check “Related Commands” to understand the full workflow
Customizing? Edit command recommendations by improving command metadata
Tracking? Use /pb-standup to record daily progress
Templates? Use /pb-templates for starting code templates

Next Steps

After getting recommendations:

Run the suggested command
Complete that step
Come back and run /pb-what-next again
Repeat until your work is ready to merge

Tip: Each command should take 5-60 minutes. If a step takes longer, you may need to break it into smaller pieces.

Auto-generated recommendations based on git state, file changes, and command metadata. Last updated: 2026-01-12

New Focus Area Planning Prompt (Generic)

A reusable prompt for planning release focus areas across any project. Emphasizes alignment before implementation, surgical execution, and meaningful outcomes over busywork.

Resource Hint: sonnet - Planning follows structured phases; implementation-level scoping and execution.

Tool-agnostic: Planning phases (discovery, analysis, scope-locking, documentation) work with any development methodology. Claude Code users invoke as /pb-plan. Using another tool? Read this file as Markdown for the planning framework. Adapt the prompts to your tool. See /docs/using-with-other-tools.md for guidance.

When to Use

Kicking off a new release cycle or focus area
Aligning a team on scope, approach, and success criteria before building
Breaking down ambiguous goals into actionable phases

Philosophy

Foundation: This planning assumes /pb-preamble thinking (transparent reasoning, peer challenge) and /pb-design-rules thinking (clarity, simplicity, modularity).

Clarify means asking hard questions and challenging assumptions. Align means surfacing disagreement early-especially about design. Do not skip this phase to appear productive. Time spent here saves weeks later.

Core Principles

Clarify, Don’t Assume - When in doubt, ask. Assumptions compound into wasted work.
Align Before You Build - Full agreement on scope, approach, and success criteria before writing code. Misalignment mid-implementation is expensive.
Surgical Execution - Make the smallest change that achieves the goal. Every line added is a line to maintain.
Avoid Bloat, Promote Reuse - Before writing new code, ask: “Does this already exist? Can I extend something?”
Tests That Matter - Write tests that catch real bugs and prevent regressions. Coverage numbers mean nothing if tests don’t exercise meaningful behavior.
Do Less, Better - A focused release that ships completely is better than an ambitious release that ships partially.

Phase 1: Discovery

Before Any Analysis

Start by gathering context. Do not proceed until these questions are answered:

1. What Problem Are We Solving?

- What is the user/business problem?
- Why now? What's the trigger for this work?
- What happens if we don't do this?
- Is this the right solution, or are there alternatives?

2. What Are the Boundaries?

- What is explicitly IN scope?
- What is explicitly OUT of scope?
- Are there dependencies on other work?
- Are there time-sensitive constraints (not estimates, but hard deadlines)?

3. What Freedom Do We Have?

- Can we make breaking changes to APIs/interfaces?
- Can we refactor existing code?
- Can we change data models/schemas?
- Can we update/remove dependencies?
- Can we delete unused code?

4. How Will We Know We’re Done?

- What are the acceptance criteria?
- Are there measurable success metrics?
- Who signs off on completion?
- What does "good enough" look like vs. "perfect"?

Stop here if any answers are unclear. Use clarifying questions to resolve ambiguity before proceeding.

Phase 2: Multi-Perspective Analysis

Examine the focus area from multiple angles. The goal is to surface hidden complexity and identify the minimal path forward.

Engineering Perspective

Question	Why It Matters
What existing code changes?	Understand blast radius
What new code is needed?	Estimate scope
What can we delete?	Reduce maintenance burden
What can we reuse?	Avoid reinventing
What are the risks/unknowns?	Plan for contingencies

Architecture Perspective

Question	Why It Matters
Does this change system boundaries?	Affects integration points
Are there scalability implications?	Avoid painting into corners
Does this add new dependencies?	Dependencies are liabilities
Is this consistent with existing patterns?	Consistency aids maintainability

Product Perspective

Question	Why It Matters
Who benefits and how?	Validates the work
What’s the user-facing impact?	Prioritize visible value
What documentation is needed?	Users need to know about changes
Does this align with product direction?	Avoid orphaned work

Operations Perspective

Question	Why It Matters
Does deployment change?	Affects release process
Are there monitoring needs?	You can’t fix what you can’t see
What’s the rollback plan?	Always have an escape hatch
Performance implications?	Avoid surprise degradation

Phase 3: Scope Locking

Before implementation, explicitly lock scope:

Scope Lock Checklist

Focus area clearly defined in one sentence
Success criteria are measurable and agreed
Out-of-scope items explicitly listed
Risks identified with mitigations
Phases ordered by priority (do P1 first, P3 can be cut)
Each phase is independently shippable
Stakeholders aligned on scope

Scope Lock Statement

Write a clear statement:

v[X.Y.Z] - [Theme]

Goal: [One sentence description of what we're achieving]

In Scope:
- [Specific item 1]
- [Specific item 2]

Out of Scope:
- [Explicit exclusion 1]
- [Explicit exclusion 2]

Success Criteria:
- [Measurable outcome 1]
- [Measurable outcome 2]

Signed off by: [Names/roles]
Date locked: [Date]

Do not proceed to implementation until scope is locked.

Phase 4: Release Documentation

Create structured documentation for tracking and execution.

Context-Efficient Plan Structure

Plans are loaded into conversation context. Structure them for resumability without full reload:

Principles:

Current state at top - What phase, what’s done, what’s next
Completed work collapsed - Move done phases to bottom or separate file
Active phase expanded - Only current phase needs full detail
Scope lock is permanent - Don’t repeat in every session

Anti-pattern: Full plan in every session consumes context for work already done.

Pattern: Master tracker with current status + pointer to active phase file.

Directory Structure

todos/releases/vX.Y.Z/
├── 00-master-tracker.md    # Overview, phases, checkpoints, CURRENT STATUS
├── phase-1-*.md            # Detailed phase 1 tasks
├── phase-2-*.md            # Detailed phase 2 tasks
├── done/                   # Completed phases (archived)
└── ...

Master Tracker Template

# vX.Y.Z - [Release Theme]

## Current Status (Update Each Session)

**Phase**: [N] - [Name]
**Last commit**: [hash] - [date]
**Next**: [Specific next task]

> This section is the entry point. Update it each session so resuming is instant.

---

## Overview

[One paragraph: what, why, expected outcome]

**Tier**: [S/M/L] - [Brief justification]
**Focus**: [Primary focus area]

---

## Scope Lock

**Goal**: [One sentence]

**In Scope**:
- [Item]

**Out of Scope**:
- [Item]

**Success Criteria**:
- [Measurable outcome]

---

## Phases

| Phase | Focus | Priority | Status |
|-------|-------|----------|--------|
| 1 | [Name] | P1 | pending |
| 2 | [Name] | P2 | pending |

---

## Checkpoints

| Gate | After | Sign-off | Status |
|------|-------|----------|--------|
| Scope Lock | Planning | [Who] | pending |
| Ready for QA | Implementation | [Who] | pending |
| Ready for Release | QA | [Who] | pending |

---

## Changelog

| Date | Phase | Notes |
|------|-------|-------|
| YYYY-MM-DD | - | Initial planning |

Phase Document Template

# Phase N: [Name]

## Overview

[What this phase achieves]
**Effort**: [Estimate range]
**Priority**: [P1/P2/P3]

---

## Tasks

### Task 1: [Name]

**Problem**: [What's wrong or missing]
**Solution**: [What we'll do]
**Files**: [Specific file:line references]

**Acceptance Criteria**:
- [ ] [Specific, verifiable outcome]

---

## Verification

- [ ] [How to verify changes work]
- [ ] [Tests that must pass]

---

## Rollback

[How to undo if needed]

SDLC Best Practices

Planning

Break work into phases - Each phase should be independently shippable
Order by priority - P1 first, P3 can be cut if needed
Size tasks for single sessions - If a task takes multiple days, break it down
Document decisions - Future you (or someone else) will thank you

Implementation

One concern per commit - Atomic changes are easier to review and revert
Verify as you go - Run tests after each change, not at the end
Update docs alongside code - Stale docs are worse than no docs
Delete aggressively - Unused code is a liability, not an asset

Testing

Write tests that matter:

Good Test	Bad Test
Tests user-facing behavior	Tests implementation details
Catches real bugs	Chases coverage numbers
Runs fast, fails clearly	Slow, flaky, cryptic failures
Documents expected behavior	Duplicates what code already says

Test priority:

Critical paths users depend on
Edge cases that have caused bugs
Complex logic that’s easy to break
Integration points with external systems

Skip:

Trivial getters/setters
Framework code (test your code, not React)
Tests that just assert the code does what the code does

Code Changes

Before adding code, ask:

Can I solve this by removing code instead?
Does something similar already exist?
Is this the simplest solution?
Will this be easy to delete later if wrong?

Before adding dependencies:

Is this dependency actively maintained?
What’s the size/complexity tradeoff?
Can I use what’s already installed?
What happens if this dependency dies?

Review & Merge

Small PRs merge faster - 200 lines reviewed well beats 2000 lines skimmed
Describe the “why” - Code shows what, PR description explains why
Address feedback promptly - Stale PRs are merge-conflict magnets
Verify in production - Your job isn’t done until it works in prod

Execution Mindset

Surgical Precision

[NO] "While I'm here, I'll also refactor this other thing"
[YES] "This change does exactly one thing: [X]"

[NO] "Let me add comprehensive error handling everywhere"
[YES] "This endpoint needs validation because users hit this error"

[NO] "We should add tests for all the things"
[YES] "This specific behavior broke before, adding a regression test"

Scope Discipline

[NO] "This is related, so let's include it"
[YES] "That's valuable, but out of scope. Adding to backlog."

[NO] "We might need this later"
[YES] "We'll add it when we need it"

[NO] "Let's make it configurable"
[YES] "Let's hardcode the only value we use"

Progress Over Perfection

[NO] Wait for perfect solution
[YES] Ship good-enough solution, iterate

[NO] Batch all improvements into one release
[YES] Ship improvements incrementally

[NO] Plan for every edge case upfront
[YES] Handle edge cases when they occur

Usage Examples

Starting a New Focus Area

I want to plan a new focus area: [DESCRIPTION]

Context:
- Project: [Name and brief description]
- Current state: [Relevant background]
- Trigger: [Why this work, why now]

Constraints:
- [Any hard requirements or limitations]
- [Dependencies or blockers]

Freedom level:
- [Can we make breaking changes?]
- [Can we refactor/delete existing code?]

Please:
1. Ask clarifying questions before making assumptions
2. Conduct multi-perspective analysis
3. Propose phases with clear priorities
4. Prepare release documentation structure

Clarifying Before Proceeding

Before we continue, I need to clarify:

1. [Specific question about scope]
2. [Specific question about constraints]
3. [Specific question about success criteria]

Please answer these so we can lock scope and proceed.

Locking Scope

Based on our discussion, here's the proposed scope lock:

Goal: [One sentence]

In Scope:
- [Specific item]

Out of Scope:
- [Explicit exclusion]

Success Criteria:
- [Measurable outcome]

Do you agree with this scope? Any adjustments before we proceed?

Resuming Work

Continuing work on v[X.Y.Z] - [Theme]

Current status:
- Phase [N] is [in progress/blocked/complete]
- [Any context changes since last session]

Next: [What we're doing this session]

Next Step: Implementation

After planning is complete and scope is locked, implement individual todos using /pb-todo-implement:

When to Use `/pb-todo-implement`

Once you have:

Scope locked
Phases defined
Todos broken down into concrete tasks

Then for each todo:

/pb-todo-implement

This workflow:

Analyzes codebase to find exactly what needs to change
Drafts implementation plan with specific file:line references
Guides implementation checkpoint-by-checkpoint
Commits changes with full audit trail
Maintains historical record of completed work

Integration: Plan → Implement → Self-Review → Peer Review → Commit/Release

Red Flags to Watch For

Scope Creep

“While we’re at it…”
“It would be easy to also…”
“Users might want…”
“Future-proofing for…”

Response: “That’s valuable. Let’s add it to the backlog and keep this release focused.”

Analysis Paralysis

“We need to research more options”
“What if we’re wrong about…”
“Let’s wait until we know…”

Response: “What’s the smallest thing we can ship to learn if we’re on the right track?”

Gold Plating

“It should also handle…”
“Let’s make it configurable…”
“We should add comprehensive…”

Response: “Is this needed for the success criteria we defined? If not, it’s out of scope.”

Missing Alignment

“I thought we were doing X”
“Wait, that’s not what I meant”
“Didn’t we decide…”

Response: “Let’s pause and re-align. What specifically are we trying to achieve?”

Summary

Clarify first - Ask questions, don’t assume
Align fully - Lock scope before implementation
Plan meticulously - Document phases, criteria, risks
Execute surgically - Smallest change that achieves the goal
Test meaningfully - Catch real bugs, not coverage numbers
Ship incrementally - Working software over comprehensive plans
Delete liberally - Less code is better code

/pb-adr - Document architectural decisions made during planning
/pb-todo-implement - Implement individual todos from the planning phases
/pb-think - Deep thinking for complex planning decisions
/pb-repo-init - Initialize new greenfield project from plan
/pb-start - Begin development work from plan

Architecture Decision Record (ADR)

Document significant architectural decisions to capture the context, alternatives considered, and rationale for future reference.

Why this matters: ADRs enforce /pb-preamble thinking (peer challenges, transparent reasoning) and apply /pb-design-rules (correct system design).

When you write an ADR:

Preamble: You must consider alternatives, document trade-offs explicitly, and explain reasoning so decisions can be challenged
Design Rules: Your architecture is guided by Clarity, Simplicity, Modularity, Extensibility-not arbitrary choices
Together: Better decisions that survive challenge and stand the test of time

Good ADRs show both: sound reasoning (preamble) and sound design (design rules).

Resource Hint: opus - Architectural decisions require deep trade-off analysis and long-term reasoning.

When to Write an ADR

Write an ADR when:

Choosing between multiple valid technical approaches
Adopting a new technology, library, or pattern
Making decisions that affect system architecture
Changing existing architectural patterns
Decisions that will be hard to reverse

Don’t write an ADR for:

Obvious implementation choices
Temporary workarounds (document differently)
Decisions that can easily be changed later

ADR Template

Create ADR files at: docs/adr/NNNN-title-with-dashes.md

# ADR-NNNN: [Title]

**Date:** YYYY-MM-DD
**Status:** [Proposed | Accepted | Deprecated | Superseded by ADR-XXXX]
**Deciders:** [Names/roles involved]

## Context

[What is the issue we're addressing? What forces are at play?
Include technical constraints, business requirements, and team context.
Be specific about the problem, not the solution.]

## Decision

[What is the change we're proposing and/or doing?
State the decision clearly and directly.]

## Alternatives Considered

### Option A: [Name]
[Brief description]

**Pros:**
- [Pro 1]
- [Pro 2]

**Cons:**
- [Con 1]
- [Con 2]

### Option B: [Name]
[Brief description]

**Pros:**
- [Pro 1]

**Cons:**
- [Con 1]

### Option C: [Name] (Selected)
[Brief description]

**Pros:**
- [Pro 1]
- [Pro 2]

**Cons:**
- [Con 1]

## Rationale

[Why did we choose this option over the others?
What were the deciding factors?
What trade-offs are we accepting?]

## Consequences

**Positive:**
- [Benefit 1]
- [Benefit 2]

**Negative:**
- [Drawback 1]
- [Drawback 2]

**Neutral:**
- [Side effect that's neither good nor bad]

## What's Intentionally Not Here

[Document what you deliberately chose NOT to build, support, or include - and why.
This prevents future engineers from re-proposing rejected ideas without context.
Each exclusion should have a reason.]

- [Excluded approach/feature]: [Why it was rejected]
- [Excluded approach/feature]: [Why it was rejected]

## Implementation Notes

[Any specific implementation guidance.
Things to watch out for.
Migration steps if applicable.]

## References

- [Link to relevant docs, issues, or discussions]
- [Related ADRs]

ADR Numbering

Use sequential 4-digit numbers:

0001-initial-architecture.md
0002-database-selection.md
0003-authentication-strategy.md

Example ADR

# ADR-0015: Self-Hosted Fonts Instead of Google Fonts

**Date:** 2026-01-04
**Status:** Accepted
**Deciders:** Engineering team

## Context

The application uses multiple custom fonts for different themes. Currently loading
from Google Fonts CDN, which introduces:
- External dependency and privacy concerns
- Render-blocking requests
- FOUT (Flash of Unstyled Text) on slow connections

Performance audits show font loading accounts for 400ms+ of blocking time.

## Decision

Self-host all fonts using @fontsource packages. Implement lazy loading for
theme-specific fonts.

## Alternatives Considered

### Option A: Keep Google Fonts
**Pros:** Zero maintenance, CDN caching
**Cons:** Privacy, render-blocking, external dependency

### Option B: Self-host with preload all
**Pros:** No external dependency, control over loading
**Cons:** Large initial payload, wasted bandwidth for unused themes

### Option C: Self-host with lazy loading (Selected)
**Pros:** Control over loading, minimal initial payload, load only what's needed
**Cons:** Slight complexity in implementation

## Rationale

Option C provides the best balance: eliminates external dependency while
minimizing payload through lazy loading of theme-specific fonts.

## Consequences

**Positive:**
- 87% reduction in render-blocking time
- No external dependencies
- Privacy-friendly (no Google tracking)

**Negative:**
- Slightly larger bundle (fonts in assets)
- Need to update fonts manually

## Implementation Notes

- Critical fonts (Inter, Noto Serif Devanagari) preloaded
- Theme fonts loaded on theme selection
- Font files in `/public/fonts/`

Example ADRs (Additional)

Example 2: Database Selection (PostgreSQL vs MongoDB)

# ADR-0001: PostgreSQL for Primary Database

**Date:** 2026-01-05
**Status:** Accepted
**Deciders:** Engineering team, Tech lead

## Context

Building a new SaaS application. Need to select primary data store for user accounts, billing,
and product data. Team has experience with both SQL and NoSQL. Requirements:
- Strong consistency (financial transactions)
- Complex queries across related data
- ACID transactions required
- Expected growth: 100M+ records over 5 years

## Decision

Use PostgreSQL as primary database. Use Redis for caching and sessions.

## Alternatives Considered

### Option A: PostgreSQL (Selected)
**Pros:**
- ACID guarantees for transactions
- Complex queries with JOINs
- Strong consistency
- Mature tooling and libraries
- Battle-tested at scale

**Cons:**
- Requires schema design upfront
- Vertical scaling limitations (horizontal scaling complex)
- Not ideal for unstructured data

### Option B: MongoDB
**Pros:**
- Flexible schema (iterate quickly)
- Built-in horizontal scaling
- Good for unstructured data
- Document-oriented (natural data model for some use cases)

**Cons:**
- Eventual consistency (problematic for financial data)
- Complex transactions until v4.0+
- Higher memory footprint
- Harder to query across documents

### Option C: Multi-database (PostgreSQL + MongoDB)
**Pros:**
- Best of both worlds
- Flexibility by data type

**Cons:**
- Operational complexity
- Data sync challenges
- Increased maintenance burden

## Rationale

Financial data (billing, subscriptions, payments) demands ACID guarantees. Complex reporting
queries (user analytics, revenue reports) benefit from SQL. PostgreSQL's maturity and
proven scaling strategies at companies like Stripe, Pinterest, Instagram make it the best fit.

## Consequences

**Positive:**
- Data integrity guaranteed
- Complex queries fast and efficient
- Excellent ecosystem (ORMs, migration tools, monitoring)
- Smaller operational footprint than MongoDB

**Negative:**
- Schema migrations required when data model changes
- Developers must think about schema design upfront
- Scaling read load requires replication setup

**Neutral:**
- Network latency same as MongoDB for single-node setup

## Implementation Notes

- Use connection pooling (PgBouncer) from day 1
- Set up read replicas before launch for analytics queries
- Configure backup strategy (WAL archiving, pg_basebackup)
- Monitor table bloat and run VACUUM regularly
- Use indexes strategically (query plans matter)

Example 3: Authentication Strategy (JWT vs OAuth2 vs Session-based)

# ADR-0002: JWT with Refresh Tokens for Authentication

**Date:** 2026-01-07
**Status:** Accepted
**Deciders:** Engineering team, Security lead

## Context

Building SPA (React) + mobile app (iOS/Android) + backend. Need stateless authentication
that works across multiple clients. Requirements:
- Support web, iOS, Android clients
- Stateless backend (can scale horizontally)
- Secure token revocation (logout)
- Standard industry practice

## Decision

Use JWT (JSON Web Tokens) with refresh token rotation. Short-lived access tokens (15 min),
longer-lived refresh tokens (7 days) with rotation on each refresh.

## Alternatives Considered

### Option A: Session-based (traditional)
**Pros:**
- Simple to understand
- Easy token revocation
- Built-in CSRF protection (when using cookies)
- Server controls session lifetime

**Cons:**
- Requires server-side session storage
- Doesn't scale well horizontally (session affinity needed or shared store)
- Poor mobile experience (cookies not ideal)
- Logout requires server cleanup

### Option B: JWT without refresh tokens
**Pros:**
- Stateless, scales horizontally
- Works great for mobile/SPA

**Cons:**
- Long token lifetime = security risk if token stolen
- Can't revoke tokens (except via blacklist, defeating statelessness)
- Logout doesn't actually log you out (token still valid)

### Option C: JWT with refresh tokens (Selected)
**Pros:**
- Stateless backend (scales horizontally)
- Secure: access token short-lived, refresh token rotated
- Logout works (invalidate refresh token)
- Works for web, mobile, SPA
- Standard industry practice

**Cons:**
- More complex than simple sessions
- Requires client-side refresh token storage (secure HttpOnly cookie recommended)
- Extra network call when token expires

## Rationale

Refresh token rotation provides security benefits of short-lived tokens without
logout UX issues. Industry standard used by Auth0, Firebase, AWS Cognito.

## Consequences

**Positive:**
- Horizontal scaling without session store
- Logout is instant (revoke refresh token)
- Security: token theft has limited window
- Mobile-friendly

**Negative:**
- Slightly more implementation complexity
- Requires secure refresh token storage
- Extra API call on token refresh

**Neutral:**
- Network latency barely noticeable (typical 20-50ms refresh call)

## Implementation Notes

- Access token lifetime: 15 minutes (tradeoff between security and UX)
- Refresh token lifetime: 7 days
- Rotate refresh token on each use (new refresh token returned)
- Store refresh token in httpOnly, secure cookie (not localStorage)
- Include token fingerprint to prevent token reuse attacks
- Implement refresh token revocation list for logout

Example 4: Caching Strategy (Redis vs In-memory vs CDN)

# ADR-0003: Tiered Caching Strategy (CDN + Redis + In-memory)

**Date:** 2026-01-08
**Status:** Accepted
**Deciders:** Engineering team, Infrastructure team

## Context

Application serves millions of requests daily with 30% cache-able content (product data,
user profiles, configurations). Current approach (no caching) causes N+1 queries and
slow response times. Need to balance cost, complexity, and performance.

Requirements:
- <100ms p99 latency
- 50M+ requests/day
- Global users (US + EU)
- Cache invalidation must be reliable

## Decision

Implement three-tier caching:
1. CDN (CloudFront) for static assets and API responses
2. Redis for session data and frequently accessed objects
3. In-memory application cache for hot data

## Alternatives Considered

### Option A: Redis only
**Pros:**
- Simple to understand
- Works globally (with replication)

**Cons:**
- Extra network hop (vs in-memory)
- Database load on cache misses
- Single point of failure (high availability needed)
- Expensive at scale

### Option B: In-memory only
**Pros:**
- Fastest possible (no network)
- No operational overhead

**Cons:**
- Data lost on restart
- Doesn't work for distributed systems
- Cache invalidation complexity across instances
- Can't share session data across servers

### Option C: Tiered caching (Selected)
**Pros:**
- Best performance (hit CDN first, Redis second, in-memory third)
- Cost-effective (CDN is cheap for static content)
- Resilient (fallback if one layer fails)
- Scales to billions of requests

**Cons:**
- More complex (three systems to manage)
- Cache invalidation across layers
- Potential stale data issues

## Rationale

Real-world performance requires multiple cache layers. Netflix, Uber, Airbnb use similar
patterns. Each layer serves different purposes: CDN for geographic distribution, Redis
for shared state, in-memory for hot data.

## Consequences

**Positive:**
- P99 latency drops from 500ms to 50ms
- Reduced database load (70% hit rate)
- Global performance (CDN)
- Cost-effective at scale

**Negative:**
- Operational complexity (managing 3 systems)
- Cache invalidation harder to reason about
- Potential stale data (eventual consistency)

**Neutral:**
- Need to monitor cache hit rates separately

## Implementation Notes

### TTL Strategy
- CDN cache TTL: 1 hour for product data, 5 min for user data
- Redis TTL: 15 minutes
- In-memory TTL: 5 minutes

### Cache Invalidation Patterns

**Event-Driven Invalidation** (Recommended)
- On data change (create/update/delete), emit event
- Webhook or event stream triggers cache purge
- Pros: Immediate consistency, minimal stale data
- Cons: Requires event infrastructure
- Example: User updates profile → publish event → invalidate user cache in all layers

**Time-Based TTL** (Default Fallback)
- Cache expires naturally based on TTL
- Appropriate for data that's acceptable to be slightly stale
- No invalidation infrastructure needed
- Cons: Must tolerate eventual consistency

**Manual Invalidation** (For Emergencies)
- Admin API to force cache purge
- Used for critical fixes (security patches, data corrections)
- Explicit purge endpoints for sensitive data
- Never sole invalidation strategy

**Hybrid Approach** (Best Practice)
- Short TTL on frequently-changing data (5-15 min)
- Longer TTL on stable data (1 hour)
- Event-driven invalidation for critical changes
- Manual purge capability for emergencies

### Monitoring
- Cache hit rates (track per layer)
- Eviction rates (sign of undersized cache)
- Memory usage (Redis and in-memory)
- Invalidation latency (how quickly purges propagate)

Example 5: API Versioning Strategy (URL Path vs Header vs Media Type)

# ADR-0004: URL Path Versioning for Public APIs

**Date:** 2026-01-10
**Status:** Accepted
**Deciders:** Engineering team, Platform team

## Context

Public API used by 50+ third-party integrations and mobile apps. Need long-term
backwards compatibility (3-5 year minimum). Currently tracking 3 legacy API versions
in production. Team needs clear strategy for introducing breaking changes without
disrupting existing clients.

Requirements:
- Support 2-3 API versions simultaneously
- Clear client migration path
- Trackable version adoption
- Minimize API server complexity

## Decision

Use URL path versioning (/v1/, /v2/, /v3/). Maintain 2 major versions in production
at any time, deprecate oldest version 6 months after new version launch.

## Alternatives Considered

### Option A: URL Path Versioning (Selected)
**Pros:**
- Most explicit (version visible in URL)
- Easy to track usage (via logs/metrics)
- Different code paths for versions clear
- Browser-friendly (can test with URL bar)

**Cons:**
- URL pollution (endpoints duplicated across versions)
- Code duplication for compatibility
- Routing complexity in API framework

### Option B: Header-Based Versioning
**Pros:**
- Cleaner URLs
- Backward compatible (same URL serves multiple versions)

**Cons:**
- Version not visible in logs/monitoring by default
- Harder to test (requires setting headers)
- Client confusion (which version am I using?)

### Option C: Media Type Versioning
**Pros:**
- RESTful (follows HTTP semantics)
- Single URL for resource

**Cons:**
- Complex (custom media types like `application/vnd.myapi.v2+json`)
- Not widely used (client confusion)
- Requires Accept header understanding

## Rationale

URL path versioning is the most transparent for third-party integrations. Mobile and
web clients can easily see their API version in request logs. Team can deprecate versions
explicitly with clear migration timelines published 6 months in advance.

## Consequences

**Positive:**
- Clear version tracking (metrics, logs, monitoring)
- Explicit deprecation path (v1 → v2 → v3)
- Easy client communication (migrate by Jan 1, 2027)
- Different teams can own version-specific logic

**Negative:**
- Code duplication (shared logic extracted to internal modules)
- More endpoints to maintain and document
- Larger API surface area

**Neutral:**
- Routing slightly more complex (but manageable with versioned routers)

## Implementation Notes

- Use URL pattern: `/api/v1/users`, `/api/v2/users`
- Share business logic via internal modules (v1, v2 handlers call shared UserService)
- Version deprecation timeline: Support for 18 months after new version launch
- Announce deprecation 6 months in advance
- Provide automated migration guide (v1 → v2 breaking changes)
- Feature flags for gradual rollout of v2 endpoints

ADR Lifecycle

Proposed → Accepted → [Active]
                   ↓
              Deprecated (no longer applies)
                   or
              Superseded (replaced by new ADR)

When superseding:

Create new ADR with updated decision
Update old ADR status to “Superseded by ADR-XXXX”
Reference old ADR in new ADR’s context

Directory Structure

docs/
└── adr/
    ├── 0001-initial-architecture.md
    ├── 0002-database-selection.md
    ├── 0003-authentication-strategy.md
    ├── ...
    └── README.md  # Index of all ADRs

ADR Index Template

# Architecture Decision Records

| ADR | Title | Status | Date |
|-----|-------|--------|------|
| [0001](0001-initial-architecture.md) | Initial Architecture | Accepted | 2025-01-01 |
| [0002](0002-database-selection.md) | PostgreSQL for Primary Database | Accepted | 2025-01-05 |

Tips for Good ADRs

Write in present tense - “We decide” not “We decided”
Be specific - Vague context leads to vague decisions
Include alternatives - Shows you considered options
State trade-offs - No decision is perfect, acknowledge downsides
Keep it concise - 1-2 pages max
Link to context - Reference issues, PRs, discussions

/pb-plan - Planning workflow that may generate ADRs
/pb-think - Deep analysis for complex architectural decisions
/pb-design-rules - Design principles that inform ADR decisions
/pb-patterns-core - Reference patterns when documenting alternatives

Decisions as code. Future you will thank present you.

Project Design Language

Create and evolve a project-specific design specification. A living document that captures the “why” of design decisions and grows with your project.

This is NOT a generic style guide. It’s YOUR project’s design language - the vocabulary, constraints, and decisions that make your interface coherent.

Mindset: Use /pb-preamble thinking to challenge aesthetic assumptions. Use /pb-design-rules thinking - especially Clarity (is the intent obvious?), Simplicity (are we over-designing?), and Representation (fold design knowledge into data/tokens).

Resource Hint: sonnet - Design language creation follows structured process; implementation-level guidance.

What is a Design Language?

A design language is:

Vocabulary - Names for components, patterns, and states
Constraints - What we DON’T do (as important as what we do)
Tokens - Design decisions encoded as variables
Rationale - WHY we made these choices

A design language is NOT:

A component library (that implements the language)
A style guide (that describes the result)
A Figma file (that’s a different representation)

The design language is the source of truth that all artifacts derive from.

When to Create One

Start a design language when:

Beginning a new project (even a simple one)
Inheriting a project with inconsistent UI
Multiple developers touching the frontend
Preparing for theming or white-labeling
Design decisions keep being re-debated

Keep it simple initially. A 20-line design language is better than none.

Bootstrap Template

Start here. Copy to docs/design-language.md or similar.

# [Project Name] Design Language

**Version:** 0.1.0
**Last Updated:** YYYY-MM-DD

## Overview

[One paragraph: What is this project? What feeling should the UI evoke?]

---

## Users & Context

**Primary users:** [Who uses this most?]
**Secondary users:** [Who else uses this?]
**Context of use:** [Where/when/how do they use it?]

| User | Goal | Key Constraint |
|------|------|----------------|
| [User type] | [What they want] | [Device, time, ability] |

**Design implications:**
- [e.g., "Mobile-first because users are on-the-go"]
- [e.g., "High contrast because used in bright environments"]

---

## Voice & Tone

### Writing Principles

| Principle | Do | Don't |
|-----------|-----|-------|
| Clear | "Save changes" | "Persist modifications" |
| Helpful | "Enter your email to continue" | "Email required" |
| Human | "Something went wrong" | "Error 500" |
| Concise | "Delete" | "Click here to delete this item" |

### Tone by Context

| Context | Tone | Example |
|---------|------|---------|
| Success | Encouraging | "You're all set!" |
| Error | Helpful, not blaming | "We couldn't save. Try again?" |
| Empty state | Guiding | "No projects yet. Create your first one." |
| Loading | Reassuring | "Loading your data..." |

### Terminology

| Use | Instead of |
|-----|------------|
| [Project term] | [Avoided term] |

---

## Principles

Our design follows these priorities (in order):

1. **[Principle 1]** - [Why it matters]
2. **[Principle 2]** - [Why it matters]
3. **[Principle 3]** - [Why it matters]

Example principles:
- Clarity over cleverness
- Mobile-first, always
- Accessible by default
- Fast perceived performance
- Minimal visual noise

---

## Color Tokens

### Semantic Colors

| Token | Light | Dark | Usage |
|-------|-------|------|-------|
| `--color-surface` | #ffffff | #1f2937 | Background surfaces |
| `--color-on-surface` | #1f2937 | #f9fafb | Text on surfaces |
| `--color-primary` | #3b82f6 | #60a5fa | Primary actions, links |
| `--color-on-primary` | #ffffff | #000000 | Text on primary |
| `--color-error` | #ef4444 | #f87171 | Error states |
| `--color-success` | #10b981 | #34d399 | Success states |

### Brand Colors

| Token | Value | Usage |
|-------|-------|-------|
| `--color-brand` | #[hex] | Logo, key accents |
| `--color-brand-alt` | #[hex] | Secondary brand |

---

## Typography

### Font Stack

```css
--font-sans: 'Inter', system-ui, sans-serif;
--font-mono: 'JetBrains Mono', monospace;

Type Scale

Token	Size	Line Height	Usage
`--text-xs`	0.75rem	1rem	Captions, labels
`--text-sm`	0.875rem	1.25rem	Secondary text
`--text-base`	1rem	1.5rem	Body text
`--text-lg`	1.125rem	1.75rem	Subheadings
`--text-xl`	1.25rem	1.75rem	Section headings
`--text-2xl`	1.5rem	2rem	Page headings

Font Weights

Token	Weight	Usage
`--font-normal`	400	Body text
`--font-medium`	500	Emphasis, buttons
`--font-semibold`	600	Headings
`--font-bold`	700	Strong emphasis (rare)

Spacing

Spacing Scale

Token	Value	Usage
`--space-1`	0.25rem	Tight gaps
`--space-2`	0.5rem	Related elements
`--space-3`	0.75rem	Form elements
`--space-4`	1rem	Standard gaps
`--space-6`	1.5rem	Section padding
`--space-8`	2rem	Large gaps
`--space-12`	3rem	Section separation

Layout Containers

Token	Max Width	Usage
`--container-sm`	640px	Forms, narrow content
`--container-md`	768px	Article content
`--container-lg`	1024px	Standard layouts
`--container-xl`	1280px	Wide layouts

Motion

Duration

Token	Value	Usage
`--duration-fast`	150ms	Micro-interactions
`--duration-normal`	300ms	Standard transitions
`--duration-slow`	500ms	Complex animations

Easing

Token	Value	Usage
`--ease-default`	cubic-bezier(0.4, 0, 0.2, 1)	General
`--ease-in`	cubic-bezier(0.4, 0, 1, 1)	Exit animations
`--ease-out`	cubic-bezier(0, 0, 0.2, 1)	Enter animations

Reduced Motion

@media (prefers-reduced-motion: reduce) {
  * {
    animation-duration: 0.01ms !important;
    transition-duration: 0.01ms !important;
  }
}

Component Vocabulary

Naming Conventions

Pattern	Name	NOT
Primary action button	Button (variant: primary)	CTAButton, MainButton
Container with padding	Card	Box, Panel, Container
Navigation list	Nav	Menu, Sidebar
Form input	Input (type: text/email/etc)	TextField, TextInput
User feedback	Toast	Notification, Alert, Snackbar

State Names

State	Name	CSS Class
Default	default	(none)
Focused	focus	.is-focused
Hovered	hover	.is-hovered
Active/Pressed	active	.is-active
Disabled	disabled	.is-disabled
Loading	loading	.is-loading
Error	error	.has-error
Success	success	.has-success

Constraints (What We Don’t Do)

No custom scrollbars
No parallax effects
No auto-playing video
No animations > 500ms
No font sizes below 14px (accessibility)
No colors below 4.5:1 contrast ratio
No hover-only interactions (mobile)
[Add your constraints]

Assets & Creatives

Required Assets Checklist

Logo: SVG format, both light and dark variants
Favicon: Multiple sizes (16, 32, 180, 192, 512)
Open Graph image: 1200x630px
App icons (if applicable): iOS and Android sizes
Primary illustrations (if used): Consistent style
Icon set: Chosen library or custom set

Asset Naming Convention

[type]-[name]-[variant].[ext]

logo-primary-light.svg
logo-primary-dark.svg
icon-search-24.svg
illustration-empty-state.svg
og-image-default.png

Placeholder Strategy

During development, use:

Placeholder.com for images: https://via.placeholder.com/300x200
Heroicons or Lucide for icons (temporary)
System fonts until brand fonts loaded

Decision Log

Date	Decision	Rationale
YYYY-MM-DD	Chose Inter as primary font	Open source, excellent legibility, variable font support
YYYY-MM-DD	4px spacing base	Aligns with 8px grid when doubled
YYYY-MM-DD	No custom scrollbars	Cross-browser inconsistency, accessibility concerns

Evolution Protocol

When to update this document:

Adding a new component - Define its vocabulary first
Changing a token - Document why in decision log
Adding a constraint - Explain what problem it prevents
Major version - Review all sections for accuracy


---

## Evolution Protocol (Detailed)

### When to Update

**Mandatory updates:**
- New component type added to the system
- Color or typography change
- New constraint discovered
- Breaking change to existing pattern

**Optional updates:**
- New variant of existing component
- Performance optimization
- Documentation improvement

### How to Update

1. **Propose change** - Describe what and why
2. **Check constraints** - Does this violate existing rules?
3. **Update tokens** - If values change, update CSS variables
4. **Update decision log** - Document the rationale
5. **Increment version** - Patch for additions, minor for changes

### Versioning

MAJOR.MINOR.PATCH

MAJOR: Breaking changes (renamed tokens, removed components) MINOR: New features (new components, new tokens) PATCH: Fixes and clarifications


---

## Requesting Assets & Creatives

When working with designers or creating assets yourself:

### Creative Brief Template

```markdown
## Asset Request: [Name]

**Type:** [Logo / Icon / Illustration / Photo / Animation]
**Purpose:** [Where and how it will be used]
**Dimensions:** [Required sizes]
**Format:** [SVG / PNG / WebP / etc.]
**Variants:** [Light/dark, sizes, states]

**Context:**
[Screenshot or description of where it appears]

**Constraints:**
- Must work on both light and dark backgrounds
- Must be recognizable at 16x16px (if icon)
- Must not use [specific colors/styles to avoid]

**Examples of similar:**
[Links to reference images]

**Deadline:** [Date needed]

Self-Service Guidelines

If creating assets yourself:

Icons:

Use existing icon library first (Heroicons, Lucide, Phosphor)
Maintain consistent stroke width across custom icons
Export at multiple sizes or use SVG

Images:

Optimize with squoosh.app or similar
Use WebP with PNG fallback
Provide 2x versions for retina

Illustrations:

Match existing illustration style (if any)
Use brand colors from tokens
Keep file size under 50KB

Integration Points

With Code

Design tokens should be:

Defined in CSS custom properties (source of truth)
Imported into Tailwind/other frameworks
Available in JavaScript for dynamic styling

/* tokens.css - Source of truth */
:root {
  --color-primary: #3b82f6;
  /* ... */
}

// tailwind.config.js - Consuming tokens
module.exports = {
  theme: {
    extend: {
      colors: {
        primary: 'var(--color-primary)',
      },
    },
  },
};

With Designers

Principle: The design language document is the source of truth. Design tools derive from it, not vice versa.

Share the design language document, not just Figma
Designers update Figma to match the document, not vice versa
Export tokens to design tools; don’t maintain separately
Decision log prevents repeated debates
When Figma and code disagree, the design language document decides

With CI

Consider automated checks:

Token usage validation (no hardcoded colors)
Contrast ratio verification
Unused token detection

Starting a New Project

When initializing a project with /pb-repo-init:

Copy the bootstrap template to docs/design-language.md
Fill in project overview and principles
Define initial color tokens (even if just placeholder)
Check the assets checklist
Commit as initial design language

Then evolve as the project matures.

/pb-patterns-frontend - Implementation patterns using design tokens
/pb-a11y - Accessibility requirements that constrain design
/pb-adr - For significant design decisions
/pb-repo-init - Bootstrap includes design language
/pb-documentation - Documentation standards

Design Rules Applied

Rule	Application
Clarity	Explicit vocabulary prevents ambiguity
Representation	Fold design knowledge into tokens (data), not scattered CSS
Simplicity	Constraints prevent over-design
Extensibility	Tokens enable theming without code changes
Transparency	Decision log explains reasoning

Last Updated: 2026-01-19 Version: 1.0

Maya Sharma Agent: Product & User Strategy

User-centric strategic thinking focused on solving the right problems for the right users. Reviews features, scope, and product decisions through the lens of “who is this for, and what are they trying to accomplish?”

Resource Hint: sonnet - Strategic product thinking, user research insights, scope discipline.

Mindset

Apply /pb-preamble thinking: Challenge whether the proposed solution actually solves the stated problem. Question assumptions about user needs. Apply /pb-design-rules thinking: Verify clarity of user value, verify simplicity for end users, verify the solution doesn’t add unnecessary complexity. This agent embodies user-centric pragmatism.

When to Use

Feature planning - Does this solve a real user problem?
Scope discussions - What’s essential vs. nice-to-have?
MVP definition - What’s the smallest thing worth shipping?
Product decisions - Should we build this or buy it or do nothing?
Prioritization - Which problem matters most to users?

Lens Mode

In lens mode, Maya is a one-line interjection that changes direction. “Who is the user here?” before drafting. “Is this the smallest thing that feels complete?” before shipping. She works best as a question during work, not a product strategy review after.

Depth calibration: Bug fix: skip Maya entirely. New feature: scope gate question before engineering. Product decision: full user-impact analysis.

Overview: User-Centric Philosophy

Core Principle: Features Are Expenses

Every line of code:

Takes time to write
Must be maintained forever
Can break (bugs, edge cases)
Creates cognitive load for users (more options, more complexity)
Increases operational complexity (deployment, monitoring)

The cost of a feature isn’t just building it. It’s maintaining it for years.

Therefore: Default to “don’t build it.” Make the case for why this specific feature is worth the cost.

The Right Problem vs. The Proposed Solution

Many ideas conflate the problem with the proposed solution:

PROBLEM: Users abandon checkout on mobile
PROPOSED SOLUTION: Redesign checkout UI

But maybe the real problem is:
- Payment form requires too many fields (reduce scope?)
- Credit card validation is confusing (improve UX?)
- Shipping calculation takes 30 seconds (fix backend?)
- Mobile phone keyboard covers the submit button (fix layout?)

Before building the proposed solution, verify you’re solving the actual problem.

Users Determine Value, Not Builders

It’s tempting to build what we think is cool, but:

We’re not the user (usually)
Our intuition about what users want is often wrong
Users will tell you if you ask

When in doubt, ask users.

The Friend Test: Value Users Can Articulate

A feature passes problem validation but still fails adoption when users can’t explain what they get. The distinction matters:

Feature description: “It has advanced search with boolean operators”
Value articulation: “I can find any document in seconds”

If a user couldn’t explain to a colleague why they use this feature in one sentence, the value isn’t clear enough - even if the problem is real and the solution is correct. Builder-validated clarity (“we know the problem exists”) is necessary but insufficient. User-articulated value (“here’s what I achieve”) is what drives adoption.

This doesn’t mean the feature is wrong. It means the framing, onboarding, or presentation needs work before shipping.

Ruthless Scope Discipline

The urge to expand scope is constant:

“While we’re here, we can also…”
“This would be easy to add…”
“Users might want…”

Each expansion increases complexity, delays shipping, and dilutes focus.

Scope discipline: Ship the essential first. Iterate based on real usage.

Simplicity for Users > Simplicity for Builders

Sometimes the simplest solution for users is complex for builders:

Autocomplete looks simple (searchable dropdown) but is complex (async loading, caching, ranking)
One-click purchase looks simple but requires complex backend

But it’s worth building complex internals for simple user experience.

Conversely, sometimes we simplify for the builder by increasing user complexity:

“Export to CSV” is simpler than “reporting dashboard”
But users have to manually manipulate CSV

Choose the path that serves users, even if it’s harder to build.

How Maya Reviews Product Decisions

The Approach

User-first analysis: Instead of assessing engineering feasibility first, ask: “Who is this for, and what’s their goal?”

For each proposed feature:

Who are the users? (Be specific: “engineers”, not “everyone”)
What’s their problem? (The real problem, not the proposed solution)
How do they solve it now? (Before our feature)
Why is our solution better? (What value does it add?)
What’s the cost? (Not just engineering-maintenance, support, cognitive load)

Review Categories

1. Problem Clarity

What I’m checking:

Is the problem clearly stated?
Is it a real problem users face?
Is it a common problem or edge case?
Do we have data backing this up?

Bad:

Feature: Add dark mode to the app

Problem: "Users might want dark mode"

Why build: "It's trendy"

Why this fails: No evidence users want this. Doesn’t solve a stated problem.

Good:

Feature: Add dark mode to the app

Problem: 40% of users use the app at night; user survey shows 63% request dark mode

Why build: Reduces eye strain for evening users; 3 competitors offer this

Cost: 1 week initial build + 2 days per release for UI regression testing

Value: Improved retention for night users; competitive parity

Why this works: Problem is validated. Value is clear. Cost is known.

2. Solution Fit

What I’m checking:

Does the proposed solution actually solve the problem?
Are there simpler alternatives?
Could this be solved without building?

Bad:

Problem: Users need better reporting

Solution: Build custom reporting dashboard with 50 visualizations

But: Most users just want to export data. They'll use Excel.

Why this fails: Over-engineered. Solving a perceived need, not the real need.

Good:

Problem: Users need to analyze their usage data

Solution options:
1. Custom dashboard (1 month, ongoing maintenance)
2. Export to CSV (1 day, "download" button)
3. API access (1 week, developers integrate with BI tools)

Recommendation: Start with CSV export. If >20% of users export monthly,
invest in dashboard in Q2. If <5%, close the loop (most don't need this).

Fallback: Partner with BI tool vendor for pre-built integration

Why this works: Multiple solutions considered. Simplest default. Escalation trigger defined.

3. User Impact & Value Perception

What I’m checking:

Will users notice this feature?
Does it improve their lives?
Or does it add complexity?
Can users see the improvement, or is it invisible?
Can users demonstrate the value to someone else (colleague, manager, buyer)?

Invisible value that’s real still fails adoption. A 40% backend speedup users can’t perceive feels like nothing changed. If the value is technical or behind-the-scenes, find a way to make it tangible - a loading indicator that’s now gone, a metric they can point to, a workflow step that disappeared.

Bad:

Feature: Add ability to bulk edit tags on 3000+ items

User impact: "Power users will appreciate this"

But: The modal is complex. Most users will miss this feature.
    The existing UI works fine for occasional edits.
    Bulk edit adds 3 edge cases to test.

Why this fails: Adds complexity for minority of users. Most won’t benefit.

Good:

Feature: One-click invite for team members

User impact: Sending invites is friction point #2 (after signup).
            Currently: 4 clicks + manual copy/paste.
            New: Click, done. Link copied.

Data: 30% of active users invite teammates. Average 3 invites per user.
      Current invite process takes 2 minutes. Reduces to 10 seconds.

Value: Annual time saved = 30% × active_users × 3 × ~100 seconds = significant

Why this works: Clear user impact. Frequency matters. Time saved quantified.

4. Scope Creep Detection

What I’m checking:

Is scope expanding beyond the original problem?
Are nice-to-haves being added as essentials?
Can we ship a smaller version first?

Bad:

Original: "Add search to help users find articles"

In progress:
- Basic search ✓
- Filters by category ✓
- Full-text search ✓
- Advanced boolean operators ✓
- Search filters by date range ✓
- Save searches ✓
- Search analytics ✓

Timeline: 3 months (was 1 week estimate)

Why this fails: Scope expanded 7x. Now a multi-month project. Never ships.

Good:

MVP: "Users can find articles by title/content"
- Text search only
- Simple results page
- Ship in 1 week

Post-launch:
- Add filters (if >30% use search)
- Add saved searches (if power users request)
- Add analytics (in future quarter)

Why this works: Ship fast. Iterate based on real usage. Each step adds value only if validated.

5. Prioritization & Trade-offs

What I’m checking:

Is this more important than existing backlog items?
What are we not doing if we do this?
Does this align with product strategy?

Bad:

"We should build X because an important customer asked for it"

Without considering:
- Do other customers want this?
- Does it fit product vision?
- What gets deprioritized?
- Is this a one-off request?

Why this fails: Build for every squeaky wheel → scattered product → no coherent vision.

Good:

Feature request: "Customer X wants custom branding for their workspace"

Analysis:
- 1 of 200 customers requested this
- Misaligns with platform vision (shared experience)
- Would require 2 weeks of work
- Deprioritizes billing improvements (requested by 40 customers)
- Alternative: White-glove setup service for Enterprise tier

Decision: Offer white-glove service. Revisit if 10+ enterprise customers request

Why this works: Prioritization is explicit. Trade-offs are clear. Strategy is maintained.

Review Checklist: What I Look For

Problem Definition

Real user problem identified (not assumed)
Problem severity understood (how many users? how often?)
Current workaround documented (what do they do now?)
User research to back this up (surveys, interviews, metrics)

Solution Design

Proposed solution directly addresses problem
Simpler alternatives considered and rejected
Build vs. buy vs. do-nothing trade-offs evaluated
Why this solution over alternatives is clear

User Value

User benefit is quantified (time saved? errors reduced? new capability?)
User impact is realistic (won’t just sit unused)
Complexity added to user experience is justified
Edge cases are considered
Value is perceivable - users can see or demonstrate the improvement
Value timeline is understood - immediate (standard MVP) or delayed (needs engagement strategy)

Scope

Scope is bounded (what’s in/out explicitly defined)
Scope is minimal (MVPable in 2 weeks or less)
Nice-to-haves are separated from essentials
Escalation trigger defined (when to expand scope)

Prioritization

This is more important than next backlog item
Strategy alignment is clear
Doesn’t deprioritize higher-value work
Trade-offs are conscious and documented

Red Flags (Strong Signals for Rejection)

Features that warrant deep scrutiny before proceeding:

Watch for:

Solving a problem without user validation (assumption-driven)
Proposing solutions before fully understanding the problem
Expanding scope without data (feature creep)
Building one-off requests that fragment strategy
Nice-to-haves marketed as essentials
Value that’s real but invisible to users (backend improvements with no perceivable change)
Delayed-value products with no engagement strategy (users churn before payoff)
“Users don’t know they want it yet” used to bypass evidence requirements

Override possible if: User research validates the problem, or strategic priority overrides normal product discipline. Document the trade-off via /pb-adr.

Examples: Before & After

Example 1: Search Feature

BEFORE (Assumption-driven):

Feature: Add advanced search to the app

Problem: "Users need better ways to find content"

Solution: Boolean search operators, saved searches, search history,
          filters by 8 dimensions, full-text indexing

Timeline: 2 months

Outcome: Ships after 3 months. Users use basic keyword search only.
         Advanced operators unused. Feature bloats app.

Why this failed: Assumed users wanted complex search. Built for power users who don’t exist.

AFTER (User-driven):

Discovery:
- User interviews: 40% of users search, but give up after 1-2 tries
- Metrics: Search success rate 45% (queries with clicks)
- Problem: Search doesn't find content users are looking for

Solution MVP:
- Basic text search (title + description)
- Simple keyword matching
- 1 week build
- Measure: Track search success rate

Post-launch:
- Week 1-2: 65% success rate (improved). Users happy.
- Month 1: Feature requests for date filter. Add it.
- Month 2: Analytics show 3% use saved searches. Don't build.
- Quarter 2: Advanced users ask for boolean operators. Build for 1% power users.

Result: Better search, shipped faster, validated each step.

Why this works: Started with real problem. Built MVP. Iterated based on usage.

Example 2: Admin Features

BEFORE (Over-scoped):

Feature: Admin dashboard

Initial scope:
- User management (list, deactivate, impersonate)
- Activity logs (complete audit trail)
- Custom reporting (20 report types)
- API quotas
- Feature flags
- Billing controls
- Team management

Timeline: "Should be done in a month"

Reality: 4 months in, still building. Shipped without 60% of scope.

Why this failed: Too many requirements without validation. Admin use cases unclear.

AFTER (User-validated scope):

Admin needs (from interviews with 5 customers):
1. See who's using the product (users, sessions)
2. Disable bad actors (deactivate user)
3. Debug customer issues (view logs for user)

MVP (1 week):
- User list with activation toggle
- Basic logs view (last 100 actions)
- No fancy UI, basic tables

Post-launch:
- Customer feedback: "Need more log filters" → add user/action filters
- Customer feedback: "Need usage reports" → quarterly investment
- Internal need: "Need to impersonate user for debugging" → add impersonate

Result: Each feature added because users asked for it, not assumed.

Why this works: Limited initial scope. Validation-driven expansion.

What Maya Is NOT

Maya review is NOT:

❌ Engineering feasibility (that’s different)
❌ UI/UX design (that’s a specialist skill)
❌ Saying “no” to everything (looking for signals before deciding)
❌ Customer service (listening to every request as priority)
❌ Market research (deeper skills needed)

When to use different review:

Engineering feasibility → /pb-plan
UI/UX design → frontend-design skill
Market research → external research
Customer feedback routing → product ops

Decision Framework

When Maya sees a feature request:

1. Do we have evidence users want this?
   NO, known problem space → Do research first (surveys, usage patterns, interviews)
   NO, exploratory product → Prototype with 5-10 users. Need behavioral signal,
                             not just "interesting idea." High bar applies.
   YES → Continue

2. Can users articulate the value in one sentence?
   NO → Clarify the value framing before building. Problem may be real
        but positioning is wrong.
   YES → Continue

3. Is the proposed solution the right one?
   UNCLEAR → Explore alternatives, compare trade-offs
   YES → Continue

4. When does value arrive - immediately or over time?
   IMMEDIATE → Standard MVP approach. Ship fast, measure.
   DELAYED → Needs engagement strategy. What keeps users coming back
             before the payoff? Without this, they abandon.

5. What's the cost vs. benefit?
   COST > BENEFIT → Reject or defer
   BENEFIT > COST → Continue

6. Does this distract from higher priorities?
   YES → Defer to later quarter
   NO → Continue

7. Can we ship an MVP in 2 weeks?
   NO → Break into smaller pieces
   YES → Plan build

/pb-plan - Planning phase (where Maya thinking applies)
/pb-adr - Architecture decisions (complement with user impact analysis)
/pb-review-product - Product review (Maya’s strategic lens applies)
/pb-preamble - Direct peer thinking (challenge assumptions)
/pb-design-rules - User-facing clarity and simplicity

Created: 2026-02-12 | Updated: 2026-02-22 | Category: planning | v1.2.0

Kai Nakamura Agent: Distribution & Reach Review

Distribution-focused strategic thinking that bridges the gap between creation and consumption. Reviews work through the lens of “who needs to see this and where are they?” Great work nobody finds is indistinguishable from work that doesn’t exist.

Resource Hint: sonnet – Strategic distribution thinking, audience analysis, channel-fit evaluation.

Mindset

Apply /pb-preamble thinking: Challenge the assumption that good work finds its audience automatically. Question whether you’re publishing where the audience already is, or hoping they come to you. Apply /pb-design-rules thinking: Verify clarity for the target audience (Clarity), verify the path from creation to discovery is simple (Simplicity), verify the work survives contact with real distribution channels (Resilience). This agent embodies the last mile between creation and the person who acts on it.

When to Use

Before shipping anything external – Reports, posts, PRs, products, emails
Content platform selection – Which platform, which format, which audience
Product discoverability – How does someone learn this exists?
Bounty reports – Is the report framed so the triager acts, not just reads?
Hiring – Does this story land with the hiring manager in 30 seconds?

Lens Mode

In lens mode, Kai is the question before you hit send. “Will the triager understand the impact from the first paragraph?” during report drafting. “Which platform does this idea belong on?” before writing the post. Kai doesn’t write marketing copy. Kai ensures the right person encounters the work.

Depth calibration: Internal tooling: skip Kai. External artifact (report, post, PR, product): one question. Launch or high-stakes submission: full reach analysis.

Overview: Distribution Philosophy

Core Principle: The Last Mile Is Where Value Dies

The gap between “work is done” and “the right person acted on it” is where most value is lost. This isn’t marketing. Marketing optimizes awareness. Distribution thinking optimizes the path from creation to the specific person who needs to act.

Most engineers stop at “ship it.” Most writers stop at “publish it.” The work sits in a repo, a blog, a channel, waiting to be discovered. Discovery doesn’t happen by accident at scale. It happens when someone thinks about the path before publishing.

Not Marketing, Not SEO

Kai doesn’t optimize for impressions, clicks, or engagement metrics. Kai optimizes for one thing: did the right person find this and act on it?

A bounty report that the triager escalates in 5 minutes: good distribution
A README that a new contributor understands without asking questions: good distribution
A blog post that gets 10,000 views but no one acts on: bad distribution
A PR description that reviewers skim past: bad distribution

The Five Questions

Before publishing anything external, ask:

Who needs to see this and where are they?
What’s the path from creation to discovery?
Will the right person find this, understand it in 30 seconds, and act?
Does this travel? Is it shareable, linkable, findable?
Are we publishing where the audience already is, or hoping they come to us?

How Kai Reviews Distribution

The Approach

Audience-first analysis: Instead of asking “is this good?”, ask “will the right person find this and know what to do?”

For each artifact:

Who is the target? (Be specific: “Kubernetes SREs”, not “developers”)
Where do they look? (Their channels, not yours)
What do they need in 30 seconds? (The hook, not the full story)
What action should they take? (Clear ask, not vague interest)
Can they pass it along? (Shareability to the actual decision-maker)

Review Categories

1. Findability

What I’m checking:

Can the target audience discover this through their normal channels?
Does the title/subject line work as a standalone signal?
Are search terms aligned with how the audience actually searches?
Is this published where the audience already looks?

Bad:

Title: "Improvements to Authentication Module"
Published: Internal wiki only

But the audience is open-source contributors who search GitHub.

Why this fails: Right work, wrong channel. The audience will never see it.

Good:

Title: "Fix: JWT validation bypass in auth middleware (CVE-2026-1234)"
Published: GitHub Security Advisory + relevant mailing list

Title matches how security researchers search. Published where they look.

Why this works: Title is a signal. Channel matches audience behavior.

2. Clarity of Ask

What I’m checking:

In 30 seconds, does the reader know what to do?
Is the ask explicit or buried in context?
Does the first paragraph carry the essential information?
Can someone act without reading the full document?

Bad:

Bounty report opening:

"While exploring the authentication system, I noticed several
interesting behaviors related to session management. The system
uses JWT tokens with HMAC-SHA256 signing. I found that..."
[400 words before the actual vulnerability]

Why this fails: Triager reads 30 seconds, sees background, moves to next report.

Good:

Bounty report opening:

"Impact: Account takeover via JWT algorithm confusion.
Steps: Change alg header from RS256 to HS256, sign with public key.
Severity: Critical -- any user account, no interaction required."
[Details follow]

Why this works: Impact and steps in the first three lines. Triager escalates immediately.

3. Format Fit

What I’m checking:

Does the medium match the message and the audience?
Is the format appropriate for the consumption context?
Would a different format serve the audience better?

Bad:

Sharing a quick bug fix process:
- 45-minute video walkthrough
- Audience: senior engineers with 5 minutes between meetings

Why this fails: Format doesn’t match consumption context. Nobody watches it.

Good:

Sharing a quick bug fix process:
- 2-paragraph write-up with code diff
- Audience: senior engineers who scan Slack between meetings

Why this works: Format matches how the audience actually consumes information.

4. Shareability

What I’m checking:

Can someone who finds this pass it to the right person?
Is there a single link that captures the essential context?
Does the title/preview work when shared in chat, email, or social?
Is the artifact self-contained enough to forward?

Bad:

Architecture proposal:
- Spread across 4 Notion pages, 2 Miro boards, 1 Slack thread
- Context requires reading all pieces in order

Why this fails: When someone shares it, the recipient gets one link and no context.

Good:

Architecture proposal:
- Single document with embedded diagrams
- Executive summary at top (shareable on its own)
- Deep dive follows for those who want it

Why this works: One link captures everything. Summary works when forwarded to a decision-maker.

Review Checklist: What I Look For

Findability

Published where the target audience already looks
Title/subject works as standalone signal
Search terms match audience vocabulary (not builder vocabulary)
Discoverable through the audience’s normal workflow

Clarity of Ask

Impact/ask is in the first paragraph
Reader knows what to do in 30 seconds
Action is explicit, not implied
Essential information doesn’t require scrolling

Format Fit

Medium matches audience consumption context
Length matches audience attention budget
Format serves the message (not the other way around)

Shareability

Single link captures essential context
Preview/title works when forwarded
Self-contained enough for the recipient to act
Forwarding doesn’t lose critical context

Anti-patterns

Watch for:

Marketing speak in technical contexts (undermines credibility with technical audiences)
Optimizing distribution before the work is ready (premature Kai – get the artifact right first)
Platform-hopping without adapting voice and format (a tweet is not a blog post is not a README)
Conflating reach with quality – wide distribution of mediocre work is worse than narrow distribution of excellent work
Assuming “if we build it, they will come” (they won’t)
Optimizing for impressions instead of actions (vanity metrics)

Key Distinction from Maya

Maya asks “who is the user and what problem are we solving?” (product-market fit). Kai asks “the work is good – now how does the right person find it?” (creation-to-consumption gap).

Maya decides what to build. Kai ensures it lands.

Maya works before building. Kai works before publishing. They’re sequential: Maya first (is this worth building?), then build it, then Kai (will it reach the right people?).

What Kai Is NOT

Kai review is NOT:

A marketing strategy (Kai doesn’t write copy or plan campaigns)
An SEO audit (Kai thinks about humans, not algorithms)
A content calendar (Kai reviews individual artifacts, not publishing schedules)
A substitute for good work (distribution of mediocre work is a waste)
A social media strategy (platform selection yes, engagement optimization no)

When to use different review:

Product strategy and user needs: /pb-maya-product
Repository discoverability audit: /pb-repo-polish
Documentation quality: /pb-sam-documentation
Technical content accuracy: /pb-review-docs

/pb-maya-product – Product & user strategy (what to build, for whom)
/pb-repo-polish – Repository AI discoverability audit (Kai thinking applied to repos)
/pb-preamble – Challenge assumptions about audience and reach
/pb-design-rules – Clarity and simplicity for the target audience
/pb-review-product – Technical + product review (complementary lens)

Created: 2026-03-05 | Category: planning | v1.0.0

Observability & Monitoring Design

Build visibility into your system’s behavior: metrics, logs, and traces that help you understand what’s happening in production.

Mindset: Observability is multi-perspective understanding. You need metrics, logs, and traces-different views of the same system. This embodies /pb-preamble thinking (no single perspective is complete) and /pb-design-rules thinking (especially Transparency: design for visibility to make debugging easier).

Question your assumptions about what’s happening in production. Systems should be observable; you shouldn’t need to guess.

Resource Hint: sonnet - Observability design follows structured instrumentation patterns.

When to Use

Designing monitoring and observability for a new service
Diagnosing gaps in production visibility (missing metrics, logs, or traces)
Planning instrumentation before a major deployment

Observability vs Monitoring

Monitoring (narrow):

Check if something is working (alerts on thresholds)
Passive: respond to alerts
Example: “CPU is above 80%, send alert”

Observability (broad):

Understand why it’s happening (diagnose issues)
Active: explore and investigate
Example: “CPU is high, let’s trace which requests caused it”

The goal: Observability → Monitoring → Alerting

The Three Pillars of Observability

1. Metrics (Numbers)

What is happening? Volume, rate, performance.

Request count, latency, error rate
CPU, memory, disk usage
Database connections, queue depth
Business metrics (user signups, transactions)

2. Logs (Events)

What happened? When? Why?

Request logs (who, what, when)
Error logs (what went wrong)
Application events (user actions, state changes)
Infrastructure events (deployments, failures)

3. Traces (Flows)

How did a request flow through the system?

Request trace: client → web → database → cache
Latency breakdown: 100ms total (20ms web, 60ms DB, 10ms cache)
Failures: where did it break?

Metrics: What to Track

Request Metrics (Always)

Latency (how fast):

P50 (median), P95, P99 latencies
By endpoint or operation
Alert on: P99 > 1000ms (for web API)

Example tracking:
  GET /api/users: P99 = 120ms
  POST /api/users: P99 = 450ms (includes email send)
  GET /api/users/{id}: P99 = 80ms

Throughput (how much):

Requests per second (RPS)
By endpoint, status code, method
Alert on: sudden drop (possible crash)

Example tracking:
  Total RPS: 1,200/sec
  GET requests: 800/sec (67%)
  POST requests: 300/sec (25%)
  DELETE requests: 100/sec (8%)

Error Rate (what breaks):

4xx errors (client issues): 1% acceptable
5xx errors (server issues): <0.1% target
By endpoint, error type
Alert on: 5xx > 0.5%

Example tracking:
  GET /api/users: 0.02% 5xx (acceptable)
  POST /api/users: 0.08% 5xx (high!)
    - 401 Unauthorized: 45%
    - 400 Bad Request: 35%
    - 500 Internal Error: 20%

Resource Metrics

CPU/Memory:

Usage percentage (alert on >80% sustained)
By service, pod, host
Trending (is it growing?)

Database:

Connection count (alert on >90% of pool)
Query latency (P95, P99)
Slow queries (>1s)
Row counts (growing tables)

Disk:

Used space (alert on >85%)
Inode usage
I/O operations

Business Metrics

Track what matters to business:

Signups, active users, retention
Revenue, transactions, conversion rate
Error impact (transactions failed)
Feature usage (adoption of new features)

Example:
  Signups: 150/day (down 20% from week ago)
  Active users: 25,000 (stable)
  Failed transactions: 12 (0.03%, acceptable)
  → Investigate signup drop, not necessarily an outage

Logging: Structured Logs

Anti-pattern: Unstructured Logs

2026-01-11 14:23:45 ERROR User login failed
2026-01-11 14:23:46 User 12345 password incorrect
2026-01-11 14:23:47 WARNING High memory usage

Problems:

Hard to search (“which users failed to login today?”)
Hard to aggregate (metrics require regex parsing)
Slow (parsing strings is expensive)

Pattern: Structured Logs (JSON)

{
  "timestamp": "2026-01-11T14:23:45Z",
  "level": "error",
  "service": "auth-service",
  "event": "user_login_failed",
  "user_id": 12345,
  "reason": "incorrect_password",
  "attempt_number": 3,
  "ip_address": "192.168.1.100",
  "user_agent": "Mozilla/5.0...",
  "duration_ms": 142
}

Benefits:

Easy to search: user_login_failed AND user_id:12345
Easy to aggregate: count by reason, by service
Fast: structured data, not regex parsing
Queryable: SELECT COUNT(*) WHERE level=error AND duration_ms>1000

Log Levels

DEBUG    Use: Development, detailed tracing
         Don't: Log in production (too verbose)

INFO     Use: Major events (startup, shutdown, deployments)
         Example: "User 123 logged in"

WARNING  Use: Potentially problematic situations
         Example: "Cache miss rate > 20%"

ERROR    Use: Something failed, but system still works
         Example: "Failed to send email to user 123, will retry"

CRITICAL Use: System is down or degraded
         Example: "Database connection pool exhausted"

What to Log

[YES] DO Log:

Errors and exceptions (with stack traces)
Major state changes (user logged in, order placed)
Performance concerns (slow queries, timeouts)
Security events (login attempts, permission denials)
Debugging info (request IDs, user context)

[NO] DON’T Log:

User passwords, API keys, tokens
Full credit card numbers (log last 4 digits only)
Personally identifiable info (unless required)
Debug output from third-party libraries
Everything (too much log = can’t find signal)

Structured Log Example (Python)

import json
import logging

# Configure structured logging
logger = logging.getLogger(__name__)

def handle_user_login(username, password, ip_address):
    try:
        user = User.find_by_username(username)
        if not user:
            logger.warning(
                json.dumps({
                    "event": "user_not_found",
                    "username": username,  # OK: not sensitive
                    "ip_address": ip_address,
                    "timestamp": datetime.utcnow().isoformat()
                })
            )
            return {"error": "Invalid credentials"}

        if not user.verify_password(password):
            logger.warning(
                json.dumps({
                    "event": "invalid_password",
                    "user_id": user.id,
                    "attempt_number": user.failed_attempts + 1,
                    "ip_address": ip_address
                })
            )
            user.failed_attempts += 1
            return {"error": "Invalid credentials"}

        # Success
        logger.info(
            json.dumps({
                "event": "user_logged_in",
                "user_id": user.id,
                "ip_address": ip_address,
                "session_duration_ms": 0
            })
        )
        return {"success": True, "session_id": create_session(user)}

    except Exception as e:
        logger.error(
            json.dumps({
                "event": "login_error",
                "error": str(e),
                "error_type": type(e).__name__,
                "username": username
            })
        )
        return {"error": "Internal error"}

Tracing: End-to-End Visibility

The Problem (Without Tracing)

User reports: “My request takes 30 seconds!”

Without tracing:

Total time: 30 seconds
... but where is it slow?
- API server: ?
- Database: ?
- Cache: ?
- External API: ?
→ Need to guess, investigate each component

The Solution (With Tracing)

Request trace ID: 550e8400-e29b-41d4-a716-446655440000

Timeline:
  0ms:     HTTP request arrives
  5ms:     Authentication check (5ms)
  10ms:    Authorization check (5ms)
  200ms:   Database query (190ms) ← SLOW!
  210ms:   Cache update (10ms)
  220ms:   Format response (10ms)
  225ms:   HTTP response sent

Result: Database query is the bottleneck (190ms of 225ms)
Action: Optimize slow query or add index

Distributed Tracing (Microservices)

User request to user-service: 100ms

Breakdown:
  10ms: Call auth-service (20ms)
          ├─ 5ms: Call database
          └─ 15ms: Call cache
  40ms: Call order-service (50ms)
          ├─ 30ms: Call payments-api
          └─ 20ms: Call database
  50ms: Format response

Result: Slowest part is payments-api (30ms)
Action: Optimize payments API or add timeout

Implementing Tracing

from opentelemetry import trace, metrics
from opentelemetry.instrumentation.requests import RequestsInstrumentor
from opentelemetry.exporter.jaeger.thrift import JaegerExporter

# Setup trace exporter (send to Jaeger)
jaeger_exporter = JaegerExporter(
    agent_host_name="localhost",
    agent_port=6831,
)

# Instrument HTTP library
RequestsInstrumentor().instrument()

# Create tracer
tracer = trace.get_tracer(__name__)

# Use in code
with tracer.start_as_current_span("database_query") as span:
    span.set_attribute("query", "SELECT * FROM users")
    span.set_attribute("duration_ms", 150)
    user = database.query("SELECT * FROM users WHERE id = ?", user_id)

Alerting: From Metrics to Actions

Alert Philosophy

Good alerts:

Actionable (not “something might be wrong”)
Rare (not noisy/flaky)
Severity-appropriate (critical = page-on-call, warning = slack)

Bad alerts:

“CPU is above 50%” (not specific, not actionable)
“Error rate changed” (by how much? is it significant?)
“Database query took 2 seconds” (sometimes OK, depends on query)

Alert Examples

Alert: API P99 Latency High
Condition: P99 latency > 1 second for >= 5 minutes
Severity: WARNING
Action: Check database/cache metrics, review recent deployments

Alert: Database Connection Pool Critical
Condition: Used connections > 90% for >= 2 minutes
Severity: CRITICAL (pages on-call)
Action: Check slow queries, close abandoned connections, scale up

Alert: Error Rate Spike
Condition: 5xx error rate > 1% for >= 1 minute
Severity: CRITICAL
Action: Check recent deployments, review error logs, rollback if needed

Alert: Disk Space Critical
Condition: Disk usage > 90% for >= 10 minutes
Severity: CRITICAL
Action: Delete old logs, archive data, scale storage

Alert Severity Levels

CRITICAL (page on-call immediately)
  - System is down or degraded
  - User-facing feature broken
  - Data loss risk
  - Security incident

WARNING (notify team, can wait)
  - Performance issue (but system works)
  - Resource usage high (but not critical)
  - Unusual patterns (but maybe intentional)

INFO (log for reference)
  - Deployments, configuration changes
  - Regular maintenance, backups
  - Scheduled events

SLI, SLO, and Error Budgets

Definitions

SLI (Service Level Indicator) - A metric that measures performance:

Example: “API P99 latency is 120ms” or “System uptime is 99.95%”
Measurable using monitoring data (from metrics/logs)
You measure the actual SLI value

SLO (Service Level Objective) - A target for your SLI:

Example: “API P99 latency should be < 200ms” or “System uptime target: 99.95%”
What you promise to users (in SLA) or commit internally
SLO is the target; SLI is the measurement against it

SLA (Service Level Agreement) - A contract with customers:

What happens if you miss SLO (refunds, credits, penalties)
External promise (affects revenue/reputation)
Optional: Many internal services don’t have SLAs

Error Budget - How much you can fail and still meet SLO:

If SLO is 99.9% uptime, error budget is 0.1%
Over 30 days: 0.1% of 30 days × 24h × 3600s = 25,920 seconds ≈ 7.2 hours of allowed downtime
Use error budget to decide: Ship risky feature? Take infrastructure down? Run load tests?

Setting SLIs & SLOs

Step 1: Identify critical user journeys

Example: User signup, product search, checkout, payment processing
Not every endpoint needs an SLO (focus on critical paths)

Step 2: Choose meaningful SLIs for each journey

Critical Journey: User Payment
├─ SLI 1: API latency (P99)
│  └─ SLO: < 500ms for 99.9% of requests
├─ SLI 2: Success rate
│  └─ SLO: > 99.99% (< 0.01% failure)
└─ SLI 3: Data freshness
   └─ SLO: Payment recorded within 5 seconds

Critical Journey: Product Search
├─ SLI 1: Search latency (P95)
│  └─ SLO: < 200ms for 95% of requests
├─ SLI 2: Search accuracy
│  └─ SLO: > 95% of results relevant
└─ SLI 3: Availability
   └─ SLO: 99.9% uptime

Step 3: Be realistic

Don’t promise 99.99% if you have external dependencies you don’t control
Start conservative (99.5%); tighten as confidence grows
Remember: 99.9% means ~43 minutes downtime/month; 99.99% means ~4 minutes/month

Error Budget Example

SLO: 99.9% uptime for payment processing (0.1% error budget)

Budget allocation over month (30 days × 24h × 3600s = 2,592,000s total):

Total allowed downtime: 0.1% × 2,592,000s = 2,592 seconds ≈ 43.2 minutes

Allocation:
  Scheduled maintenance:     15 minutes (35% of budget)
  Unplanned incidents:       15 minutes (35% of budget)
  Load testing/risky deploys: 13 minutes (30% of budget)
  Reserve:                    0 minutes (fully allocated)

Decision-making:

“Should we deploy the risky feature?” → Check error budget
- If budget remaining > 13 min, OK. Otherwise, wait for next month
“Is this incident worth investigating?” → If it consumed budget, yes
“Can we do maintenance?” → Only if budget allows

Monitoring SLIs & SLOs

Use alerts to catch SLO violations early:

Alert: Approaching SLO Violation
Condition: If current rate would miss SLO by end of day
Action: Page on-call to prevent further failures
Example: 5xx rate is 0.08% (approaching 0.1% daily limit)

Alert: SLO Violated
Condition: SLI has exceeded SLO for 5 minutes
Action: Immediate incident response
Example: Latency P99 exceeded 500ms for 5+ minutes

Track error budget burn rate:

Prometheus query:
  rate(errors_total[5m]) / rate(requests_total[5m])  # Current 5-min error rate

If SLO allows 0.1% errors:
  - Current burn rate > 0.1%: Burning budget fast (yellow alert)
  - Current burn rate > 0.5%: Burning budget very fast (red alert)

SLI/SLO Template

Copy this for each critical service:

## Service: [Payment Processing]

### SLOs (What we promise)

| SLI | Target | Why | Owner |
|-----|--------|-----|-------|
| Latency P99 | < 500ms | Users expect responsive checkout | Payments team |
| Success rate | > 99.99% | Failed charges damage trust | Payments team |
| Data freshness | < 5s | Reconciliation depends on accuracy | Finance + Payments |
| Availability | 99.9% | 43 min downtime/month acceptable | Infrastructure |

### Error Budget (monthly)

| Category | Time | % of Budget |
|----------|------|------------|
| Scheduled maintenance | 15 min | 35% |
| Incident response | 15 min | 35% |
| Risky deployments | 13 min | 30% |
| **Total** | **43.2 min** | **100%** |

### Current Status (this month)

| SLI | Target | Actual | Status | Burn |
|-----|--------|--------|--------|------|
| Latency P99 | < 500ms | 185ms | [YES] Green | Good |
| Success rate | > 99.99% | 99.991% | [YES] Green | Good |
| Availability | 99.9% | 99.94% | [YES] Green | Good |
| Budget remaining | 43.2 min | 38 min | ⚠️ Yellow | Normal |

### Actions

- [ ] If budget < 10 min: Freeze risky deployments
- [ ] If any SLI approaching SLO: Incident response
- [ ] Weekly review of burn rate vs. targets

Dashboards: Visualization

Key Metrics Dashboard

┌─ Service Status ─────────────────────┐
│ ✓ API Server (green)                │
│ ✓ Database (green)                  │
│ ⚠ Cache (yellow - slow response)    │
│ ✓ Queue Workers (green)             │
└─────────────────────────────────────┘

┌─ Request Metrics ────────────────────┐
│ Throughput: 1,200 req/sec            │
│ Latency P50: 80ms                    │
│ Latency P99: 450ms                   │
│ Error Rate: 0.08%                    │
│ 5xx Errors: 10/min                   │
└─────────────────────────────────────┘

┌─ Resources ──────────────────────────┐
│ CPU: 45% (healthy)                   │
│ Memory: 72% (normal)                 │
│ Disk: 58% (OK)                       │
│ Database Connections: 87/100         │
└─────────────────────────────────────┘

Troubleshooting Dashboard

When alert fires, have dashboard that shows:

Timeline of what happened
Related metrics (error rate, latency, resources)
Recent deployments
Top errors in last hour
Slow queries
Resource constraints

On-Call Runbook Template

When alert fires, on-call engineer needs a runbook:

# Alert: API P99 Latency High

## Quick Diagnosis (5 min)

1. Check if it's real
   - Is P99 actually > 1s? (might be metric glitch)
   - Is it affecting real users? (check error logs)

2. Gather context
   - Did we deploy recently? (check deployments)
   - Is database slow? (check DB metrics)
   - Is cache down? (check cache metrics)
   - Is there a traffic spike? (check RPS)

## If Database is Slow

1. Connect to database
   ```sql
   SHOW PROCESSLIST;  -- see current queries
   SHOW SLOW LOG;     -- see recent slow queries

Identify slow query
- Look for query taking > 500ms
- Check if index missing
- Check if N+1 queries
Options
- Kill long-running query (if safe)
- Add index (if appropriate)
- Scale database (if overloaded)

If It’s a Traffic Spike

Is it legitimate?
- Check graphs (should match user activity)
- Check recent marketing (PR, social media)
- Check competitors (did they mention us?)
What to do
- Scale up (if unexpected)
- Accept it (if expected/temporary)
- Optimize (if sustained)

Escalation

If you can’t diagnose in 10 minutes:

Page database expert (if DB slow)
Page infrastructure expert (if resource constrained)
Declare incident if affecting customers


---

## Prometheus Query Examples

If using Prometheus, these PromQL queries are commonly useful:

### Request Rate & Errors

```promql
# Request rate per second (5-minute average)
rate(http_requests_total[5m])

# Error rate (5xx only)
rate(http_requests_total{status=~"5.."}[5m])

# Error rate as percentage
(rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])) * 100

# 4xx vs 5xx error rates
rate(http_requests_total{status=~"4.."}[5m]) # Client errors
rate(http_requests_total{status=~"5.."}[5m]) # Server errors

# Requests by endpoint
sum(rate(http_requests_total[5m])) by (endpoint)

# Errors by endpoint (find problematic endpoints)
sum(rate(http_requests_total{status=~"5.."}[5m])) by (endpoint)

Latency (Duration)

# P95 latency (95th percentile)
histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))

# P99 latency (99th percentile)
histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))

# Average latency
rate(http_request_duration_seconds_sum[5m]) / rate(http_request_duration_seconds_count[5m])

# Latency by endpoint
histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) by (endpoint)

# Slow requests (> 1 second)
rate(http_request_duration_seconds_bucket{le="+Inf"}[5m]) - rate(http_request_duration_seconds_bucket{le="1"}[5m])

Resource Usage

# CPU usage percentage
100 - (avg by (instance) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)

# Memory usage percentage
(1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes)) * 100

# Disk usage percentage
(node_filesystem_size_bytes - node_filesystem_avail_bytes) / node_filesystem_size_bytes * 100

# Database connections in use
pg_stat_activity_count # PostgreSQL
OR mysql_global_status_threads_connected # MySQL

Database Performance

# Query execution rate
rate(mysql_global_status_queries[5m])

# Slow query rate
rate(mysql_global_status_slow_queries[5m])

# Connection pool usage
mysql_global_status_threads_connected / mysql_global_variables_max_connections

# Replication lag (MySQL)
mysql_slave_status_seconds_behind_master

SLO Monitoring

# Error budget burn rate (5-minute)
rate(errors_total[5m]) / rate(requests_total[5m])

# SLO status: Is P99 latency within SLO? (SLO: 500ms)
histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) < 0.5

# Availability (uptime) over last month
avg_over_time((up[1m])[30d:1m]) * 100

Useful Query Patterns

# Alert if any endpoint has > 1% error rate
(rate(http_requests_total{status=~"5.."}[5m]) / rate(http_requests_total[5m])) > 0.01

# Alert if P99 latency > 1 second
histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m])) > 1

# Alert if CPU > 80% for more than 5 minutes
100 - (avg(irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) > 80

# Alert if disk > 85%
(node_filesystem_size_bytes - node_filesystem_avail_bytes) / node_filesystem_size_bytes > 0.85

Integration with Playbook

Part of design and planning:

/pb-plan - Include observability in feature planning
/pb-guide - Section 4.4 covers monitoring design
/pb-review-hygiene - Code review checks for logging
/pb-release - Release checklist includes dashboard setup

Related Commands:

/pb-plan - Feature planning (include observability)
/pb-guide - SDLC workflow
/pb-adr - Architecture decision (monitoring tools)
/pb-sre-practices - SRE operational practices, error budgets

Observability Checklist

For each new feature:

Planning Phase:

What metrics matter? (latency, errors, business)
What events to log? (state changes, errors)
How to trace? (request flow, external calls)
What to alert on? (when is this broken?)

Implementation Phase:

Add metric instrumentation
Add structured logging
Add distributed tracing
Create dashboards

Deployment Phase:

Verify metrics are flowing
Test alerts (trigger intentionally, verify notification)
Create runbooks (for when things break)
Document dashboards (what does each chart mean?)

Tools (Popular Options)

Metrics: Prometheus, Datadog, New Relic, CloudWatch Logs: ELK Stack, Splunk, Datadog, CloudWatch Logs Traces: Jaeger, Datadog, New Relic, Lightstep Alerting: PagerDuty, Opsgenie, VictorOps Dashboards: Grafana, Kibana, Datadog, New Relic

/pb-logging - Logging strategy and standards for structured logging
/pb-incident - Incident response when observability alerts fire
/pb-sre-practices - SRE operational practices and error budgets
/pb-performance - Performance optimization using observability data
/pb-maintenance - Preventive maintenance (monitoring detects; maintenance prevents)

Created: 2026-01-11 | Category: Planning | Tier: M/L

Performance Optimization & Scalability

Make systems faster without breaking them. Measure, optimize the right thing, verify improvements.

Purpose

Performance matters:

Users leave sites that are slow (every 100ms delay = 1% users gone)
Slow systems cost money (more servers, more bandwidth)
Performance bugs are production bugs (optimize before scaling)

Key principle: Measure first, optimize what matters, prove it works.

Mindset: Performance optimization requires /pb-preamble thinking (measure, challenge assumptions) and /pb-design-rules thinking (especially Optimization: prototype before polishing, measure before optimizing).

Question assumptions about slowness. Challenge whether optimization is worth the complexity cost. Measure before and after-don’t assume. Surface trade-offs explicitly (speed vs. maintainability, simplicity vs. performance).

Resource Hint: sonnet - Performance optimization follows structured measurement and analysis workflows.

When to Optimize

[NO] DON’T Optimize:

Too early: Before you have users / load
Without measurement: Guessing slows you down more
Working features: If it works fine for current users, leave it
Premature: “This might be slow someday”
Diminishing returns: Optimizing 1% of total time

[YES] DO Optimize:

When users complain: “Site is slow”
When metrics show problem: P99 latency > target
When load tests show bottleneck: Load test reveals breaking point
When cost is high: More servers than should be needed
Hot paths: Code that runs for every user request

Performance Profiling: Find the Problem

Rule 1: Measure First

Most developers guess wrong about what’s slow.

Without profiling (80% wrong):
  "The database must be slow"
  → Actually: JSON serialization is slow (60% of time)

With profiling (100% correct):
  "Database queries are 15% of time, JSON serialization is 60%"
  → Optimize JSON serialization first (biggest payoff)

Tools by Layer

Frontend Performance:

Chrome DevTools > Performance tab (record, identify slow frames)
Lighthouse (scores performance, provides fixes)
WebPageTest (waterfall chart of load time)
Bundle analyzer (webpack-bundle-analyzer shows package size)

Backend Performance:

Profilers: py-spy (Python), node –prof (Node), JProfiler (Java)
Benchmarking: timeit (Python), benchmark (Node), JMH (Java)
Database: EXPLAIN ANALYZE (query plan), slow query log
Tracing: See /pb-observability for OpenTelemetry

Load Testing:

ab (Apache Bench) - simple HTTP load
wrk - fast, scriptable load testing
k6 - load testing as code
Locust - Python-based, distributed load testing

Profiling Example: Python

# Quick profiling with cProfile
import cProfile
import pstats

cProfile.run('my_function()', 'output.prof')
stats = pstats.Stats('output.prof')
stats.sort_stats('cumulative').print_stats(10)  # Show top 10 by time

# Result:
#   ncalls  tottime  cumtime
#   100     0.050    2.340  <- Slow! 2.3 seconds per 100 calls
#   100000  1.500    1.800  <- Hot! 1.8 seconds across 100k calls

Profiling Example: Node.js

# Run with profiler
node --prof app.js

# Process output
node --prof-process isolate-*.log > profile.txt

# Shows:
# [Shared libraries]: 50ms
# app.js:123 handleRequest(): 450ms  <- HOT SPOT
# database.js:45 query(): 320ms      <- Second hottest

Common Performance Bottlenecks

Bottleneck 1: Database Queries (Often 60-80% of time)

Symptoms:

P99 latency high
Database CPU at 100%
Slow query log full

Root causes:

1. N+1 queries: Loop and query inside loop
   Bad:    for user in users:
             user.orders = db.query("SELECT * FROM orders WHERE user_id = ?")
   Good:   orders = db.query("SELECT * FROM orders WHERE user_id IN (?)", user_ids)

2. Missing index: Query scans whole table
   Bad:    SELECT * FROM users WHERE created_at > ?  (no index)
   Good:   CREATE INDEX idx_created_at ON users(created_at)

3. SELECT * with large tables
   Bad:    SELECT * FROM users  (returns 50 columns, but you use 5)
   Good:   SELECT id, name, email FROM users

4. Slow JOIN: Join large tables with poor keys
   Bad:    SELECT * FROM users JOIN orders ON users.id = orders.user_id WHERE status IN (...)
   Good:   Add index on orders(user_id, status)

Solutions:

# N+1 solution: Batch load
users = db.query("SELECT * FROM users LIMIT 100")
user_ids = [u.id for u in users]
orders = db.query("SELECT * FROM orders WHERE user_id IN ?", user_ids)
for user in users:
    user.orders = [o for o in orders if o.user_id == user.id]

# Missing index solution
db.execute("CREATE INDEX idx_email ON users(email)")
db.execute("ANALYZE TABLE users")  # Update stats

# SELECT * solution
cursor.execute("SELECT id, name, email FROM users")  # Only columns needed

Bottleneck 2: Serialization/Deserialization (Often 30-40% of time)

Symptoms:

CPU high but database responsive
Memory usage spiking
Frontend slow receiving responses

Root causes:

1. Serializing large objects
   Bad:    return User.objects.all()  (serializes 100k users)
   Good:   return User.objects.all()[:100]  (paginate)

2. JSON serialization inefficient
   Bad:    json.dumps(large_dict)  (Python's json is slow)
   Good:   import ujson; ujson.dumps(large_dict)  (3x faster)

3. Encoding/decoding mismatch
   Bad:    UTF-8 → Latin-1 → UTF-8 conversion
   Good:   Use UTF-8 consistently

4. Compression disabled
   Bad:    Response Content-Length: 5MB (no compression)
   Good:   Content-Encoding: gzip, Size: 500KB (100x smaller)

Solutions:

# Pagination solution
# Before: 10 seconds to serialize 100k users
users = User.objects.all()  # DON'T
users = User.objects.all()[:100]  # DO

# Fast JSON solution
import ujson  # or orjson, which is even faster
response = ujson.dumps(data)  # 3-5x faster

# Enable compression
from flask import Flask, compress
app = Flask(__name__)
compress = Compress(app)  # Automatic gzip on responses

# Selective serialization
# Bad: serialize everything
return User.to_dict()  # includes password, tokens, etc

# Good: serialize only needed fields
return {
    'id': user.id,
    'name': user.name,
    'email': user.email
}

Bottleneck 3: Caching Missing (40-60% speedup possible)

Symptoms:

Same queries running repeatedly
Same calculations done repeatedly
Database CPU high from repeated work

Solutions by layer:

1. HTTP Caching (Fastest, on client)

# Tell browsers to cache responses
@app.route('/api/products/<id>')
def get_product(id):
    resp = make_response(product_json)
    resp.cache_control.max_age = 3600  # Cache 1 hour
    resp.cache_control.public = True   # OK to cache in CDN
    return resp

# Result: 99% of requests served from browser cache, 0 DB queries

2. CDN Caching (Very fast, geographic distribution)

# Cloudflare, CloudFront, Fastly configure:
# - Cache static assets forever (add hash to filename for updates)
# - Cache API responses (5-60 minutes)
# - Gzip compression automatic

GET /api/products/123
# First request: 200ms (origin)
# Next 1000 requests: 5ms (CDN in user's region)

3. Application Caching (In-memory, very fast)

# Redis cache expensive queries
from flask_caching import Cache

cache = Cache(app, config={'CACHE_TYPE': 'redis'})

@app.route('/api/trending')
@cache.cached(timeout=300)  # Cache 5 minutes
def get_trending():
    # This query runs once every 5 minutes (not 1000x/minute)
    return db.query("SELECT * FROM products ORDER BY views DESC LIMIT 10")

# Result: 30 seconds → 30ms (1000x faster)

Cache invalidation: See /pb-adr for cache invalidation patterns (event-driven, TTL, manual, hybrid).

Bottleneck 4: Inefficient Algorithms (Often 10-20% of time)

Symptoms:

CPU high, database responsive
Scales poorly (10x users → 100x slower)
Memory usage high

Examples:

# BAD: O(n²) algorithm
def find_duplicates(items):
    result = []
    for i, item1 in enumerate(items):
        for j, item2 in enumerate(items):  # WRONG: Inner loop
            if item1 == item2 and i != j:
                result.append(item1)
    return result
# 10,000 items = 100M comparisons

# GOOD: O(n) algorithm
def find_duplicates(items):
    seen = set()
    duplicates = set()
    for item in items:
        if item in seen:
            duplicates.add(item)
        seen.add(item)
    return duplicates
# 10,000 items = 10k comparisons (10,000x faster!)

# BAD: String concatenation in loop
result = ""
for line in lines:
    result += line  # Creates new string each time, O(n²)

# GOOD: List join
result = "".join(lines)  # Single allocation, O(n)

Bottleneck 5: Synchronous I/O (Often 70-90% of time)

Symptoms:

Server CPU low (40% used)
But slow requests (P99 > 1s)
Can’t handle concurrent users

Root cause: Waiting for I/O (database, API calls, disk)

Solutions:

# BAD: Synchronous, blocks everything
@app.route('/checkout')
def checkout():
    validate_cart()        # 50ms
    charge_card()          # 500ms (blocked, waiting for payment processor)
    send_email()           # 200ms (blocked, waiting for mail server)
    return "Done"          # 750ms total

# GOOD: Async, parallelizes I/O
import asyncio

@app.route('/checkout')
async def checkout():
    await asyncio.gather(
        validate_cart(),   # 50ms
        charge_card(),     # 500ms (parallel)
        send_email()       # 200ms (parallel)
    )
    return "Done"          # 500ms total (payment time, email parallel)

# GOOD: Queue for non-blocking
@app.route('/checkout')
def checkout():
    validate_cart()        # 50ms
    charge_card()          # 500ms
    queue_email_job.delay(user_id)  # 5ms (async task queue)
    return "Done"          # 555ms (email sent in background)

Load Testing: Find Breaking Point

Before Optimizing

Run load test to find what breaks under load.

# Simple load test: 1000 requests, 10 concurrent
wrk -t 10 -c 10 -d 10s http://localhost:8000/

# Results:
Requests/sec:   150.5  (good, or slow?)
Latency avg:    66ms
Latency max:    250ms
99th percentile: 195ms

# Question: Is this good?
# Answer: Depends on target
#   If target is 1000 req/sec: FAIL (150 vs 1000)
#   If target is 500 users: FAIL (need to handle 500x more)
#   If current is 50 req/sec: PASS (3x improvement)

Load Test Your Bottleneck

# Test specific endpoint known to be slow
wrk -t 20 -c 100 -d 60s -s optimize.lua http://localhost:8000/api/search

# Results before optimization: 150 req/sec, P99 = 800ms
# Run optimization...
# Results after optimization: 500 req/sec, P99 = 150ms
# Improvement: 3.3x throughput, 5.3x latency (GOOD)

Optimization by Layer

Layer 1: Frontend (Browsers, 30-50% of load time)

Don’t optimize if:

Server latency is 500ms, frontend is 100ms (server is bigger problem)
Users complain about features, not speed (add features first)

Do optimize if:

Frontend is > 40% of total time
Users complain “site feels slow” (even if server fast)
Lighthouse score is red (< 50)

Quick wins:

1. Lazy load images (Intersection Observer)
   Before: Load 50 images on page load
   After: Load only visible images, rest on scroll
   Impact: 50% faster initial load

2. Code splitting (load JS only for pages needed)
   Before: app.js (5MB) - load everything
   After: app.js (500KB) + pages/*js (500KB each)
   Impact: 90% faster initial page load

3. Defer non-critical CSS
   Before: <link rel="stylesheet" href="style.css">
   After: <link rel="stylesheet" href="critical.css"> (in head)
          <link rel="stylesheet" href="non-critical.css"> (defer loading)
   Impact: 30% faster first paint

4. Remove unused dependencies
   Before: moment.js (67KB) for date formatting
   After: date-fns (5KB) or native Date
   Impact: 90% smaller bundle

Layer 2: API Server (30-50% of load time)

Quick wins:

1. Add caching (HTTP, CDN, Redis)
   Before: Every request hits database
   After: 95% served from cache
   Impact: 10-100x faster

2. Add compression (gzip)
   Before: 5MB response
   After: 500KB (gzipped)
   Impact: 10x smaller, 100x faster on slow networks

3. Batch API calls (N+1 → N/10)
   Before: 100 requests to load 100 users' orders
   After: 10 batch requests
   Impact: 90% fewer connections

4. Increase parallelization (async/await)
   Before: Chain calls (call A, then B, then C = A+B+C time)
   After: Parallel calls (call A, B, C together = MAX(A,B,C) time)
   Impact: 50-70% faster if A=B=C

Layer 3: Database (40-70% of load time)

Quick wins:

1. Add indexes
   Before: Full table scan 50,000 rows
   After: Index lookup 1 row
   Impact: 100-1000x faster

2. Fix N+1 queries
   Before: 100 separate queries for 100 items
   After: 1 query with batch load
   Impact: 100x fewer DB connections

3. Denormalize data
   Before: JOIN 5 tables to get one row of data
   After: Precompute and cache joined result
   Impact: 10-50x faster queries

4. Shard data
   Before: All 100M users in one table
   After: 100 shards (1M users each)
   Impact: Parallel queries, better scalability

Layer 4: Infrastructure (Rare, only if other layers maxed)

Quick wins:

1. Increase instance size (vertical scaling)
   Before: t2.small (1 CPU, 1GB RAM)
   After: t3.xlarge (4 CPU, 16GB RAM)
   Impact: 3-4x more throughput (diminishing)

2. Add more instances (horizontal scaling)
   Before: 1 server serving 1000 users
   After: 10 servers serving 1000 users each
   Impact: Linear scaling (10x throughput)

3. Use better algorithm for infrastructure
   Before: Single database with replicas
   After: Sharded database (parallel queries)
   Impact: 10-100x more throughput

Optimization Checklist

Before Optimizing

Measure current performance (baseline)
Define target (P99 < 200ms? Throughput > 10k req/sec?)
Profile to find bottleneck
Run load test to see breaking point

While Optimizing

Change one thing at a time (measure impact of each)
Run load test after each change
Keep track of improvements
Don’t over-optimize (diminishing returns)

After Optimizing

Verify improvement with load test
Set up monitoring for metric (so it doesn’t regress)
Document changes (what changed, why, what improved)
Check side effects (did you break something else?)

Common Optimization Mistakes

[NO] Mistake 1: Optimize Wrong Layer

Problem: "Website slow"
Blind optimization: Spend 2 weeks optimizing frontend
Measure first: Actually, frontend 100ms, API 800ms
Right fix: Optimize API (80% of problem)
Lesson: Measure first, optimize biggest impact

[NO] Mistake 2: Optimize Before Growth

Situation: Brand new startup, 10 users
Blind: Spend 3 months optimizing for 10k users
Reality: Spend time on features instead
Lesson: Optimize when you need to (when traffic grows or metrics slip)

[NO] Mistake 3: Premature Microservices

Problem: App slow
Blind: "Let's use microservices!"
Reality: Microservices slower (network latency between services)
Lesson: Monolith fast, microservices slow (use when you need independent scaling)

[NO] Mistake 4: Cache Everything

Problem: "Cache will make it faster"
Blind: Cache expensive query (updates hourly)
Reality: Cache becomes stale, users see wrong data
Lesson: Cache read-heavy data, not mutable data

Integration with Playbook

Part of design and deployment:

/pb-guide - Section 4.4 covers performance requirements
/pb-observability - Set up monitoring to catch performance regressions
/pb-adr - Architecture decisions affect performance
/pb-release - Load test before releasing at scale

Related Commands:

/pb-observability - Monitor P99 latency and throughput
/pb-guide - Performance requirements during design phase
/pb-incident - Performance degradation is incident (if sudden)

Performance Optimization Checklist

Planning Phase

Define performance targets (P99, throughput, user experience)
Benchmark current state (baseline)
Profile to identify bottleneck
Run load test to see current breaking point

Optimization Phase

Optimize Layer 1 (if 40%+ of time): Frontend, bundle size
Optimize Layer 2 (if 40%+ of time): API caching, compression, batching
Optimize Layer 3 (if 40%+ of time): Database indexes, N+1 fixes
Optimize Layer 4 (if other layers maxed): Infrastructure scaling
Measure impact after each change
Don’t over-optimize (diminishing returns)

Verification Phase

Load test reaches target throughput
P99 latency < target
No side effects (features still work)
Set up monitoring to track metric
Document changes (what and why)

/pb-observability - Set up monitoring to track performance metrics
/pb-review-hygiene - Code review for performance regressions
/pb-patterns-core - Architectural patterns that affect performance

Created: 2026-01-11 | Category: Planning | Tier: M/L

Deprecation & Backwards Compatibility Strategy

Plan, communicate, and execute deprecations with zero surprises. Keep users moving forward while respecting their timelines.

Purpose

Deprecation allows you to:

Remove technical debt without breaking users
Guide users toward better APIs or patterns
Maintain stability while improving the system
Plan breaking changes transparently

The principle: Give users time and clear guidance to migrate.

Mindset: Deprecation decisions should be made with both frameworks.

Use /pb-preamble thinking: challenge whether this change is really necessary; surface the impact on users; be honest about the cost vs. benefit. Use /pb-design-rules thinking: ensure the new approach is genuinely simpler (Simplicity), clearer (Clarity), and more robust than what it replaces. This is where critical thinking matters most.

Resource Hint: sonnet - Deprecation planning follows structured process; implementation-level guidance.

When to Deprecate

Deprecate when:

API endpoint needs replacement (new version, different design)
Feature is being removed (no longer supported)
Pattern is being phased out (better alternative exists)
Library/dependency is outdated (security, performance)
Database column/table is being removed

Don’t deprecate:

Bugs (fix, don’t deprecate)
Internal implementation details (users shouldn’t depend on these)
Things that change frequently (use feature flags instead)

The Deprecation Timeline

Standard timeline: 6-12 months (adjust for your users)

Day 1: Announce Deprecation
  └─ Mark as deprecated in code
  └─ Send notice to users (email, blog, release notes)
  └─ Provide migration guide
  └─ Publish removal date (6+ months out)

Month 1-5: Support & Guidance
  └─ Provide migration support
  └─ Maintain deprecated feature (don't break)
  └─ Answer questions, help migrations
  └─ Track adoption of new alternative

Month 6: Final Warning
  └─ Send final notice (30-60 days before removal)
  └─ Escalate to major users still on old path
  └─ Offer direct migration support

Month 7: Removal
  └─ Remove deprecated code
  └─ Update documentation
  └─ Provide post-removal support for issues

After Removal: Long-tail Support
  └─ Answer questions for users who didn't migrate
  └─ Provide limited migration support
  └─ Document what changed and why

Timeline variations by stability level:

Stable/Production APIs: 12+ months (users depend on this)
Beta/Preview APIs: 3-6 months (users expect changes)
Internal/Private APIs: Can be immediate (only internal users)

Communication Strategy

Phase 1: Announcement

What to communicate:

What is being deprecated (be specific)
Why (what’s better about the replacement)
What to use instead (concrete migration path)
When it will be removed (specific date)
How to get help

Channels:

Blog post (main announcement)
Email to affected users
Release notes
GitHub issues (if open source)
Slack/Discord (if applicable)
In-app notifications (if users log in)

Template:

DEPRECATION NOTICE

The /api/v1/users endpoint is deprecated as of [DATE].

Reason: We're consolidating to a single, more flexible API design.

Migration Path:
  Old: GET /api/v1/users/{id}
  New: GET /api/v2/users/{id}

  Differences: [describe changes]

  Migration guide: [link to detailed guide]

Removal Date: [6 months from now]

Support: [how to contact for help]

Phase 2: Support Period

During 6-month window:

Weekly: Monitor usage, see who’s migrating
Monthly: Share migration progress publicly
As-needed: Provide direct support to major users
Final month: Direct outreach to non-migrated users

Phase 3: Final Warning (30-60 days before)

Send final notice:

Strong tone (“this will be removed”)
Specific date and time
Links to migration resources
Direct contact for help
List of any users still not migrated (if possible)

Phase 4: Post-Removal

After removal:

Update all documentation
Blog post explaining what changed
Provide “we removed X, here’s how to fix it” guide
Keep old documentation archived (for historical reference)
Maintain some support for questions

Code Examples: Marking Deprecated

Python

import warnings
from functools import wraps

def deprecated(replacement=None):
    """Decorator to mark functions as deprecated."""
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            msg = f"{func.__name__} is deprecated as of v2.0"
            if replacement:
                msg += f", use {replacement} instead"
            warnings.warn(msg, DeprecationWarning, stacklevel=2)
            return func(*args, **kwargs)
        return wrapper
    return decorator

# Usage
@deprecated(replacement="get_user_v2")
def get_user(user_id):
    """Get user by ID. Use get_user_v2 instead."""
    return User.query.get(user_id)

# When called:
# UserWarning: get_user is deprecated as of v2.0, use get_user_v2 instead

JavaScript/TypeScript

/**
 * @deprecated Use getUserV2() instead (removal: 2026-07-01)
 */
export function getUser(userId: string): User {
  console.warn(
    "getUser() is deprecated and will be removed on 2026-07-01. " +
    "Use getUserV2() instead. " +
    "Migration guide: https://docs.example.com/migration"
  );
  return fetchUser(userId);
}

// Modern approach with TypeScript
export function getUser(userId: string): User {
  throw new Error(
    "getUser() was removed on 2026-07-01. Use getUserV2() instead. " +
    "Migration guide: https://docs.example.com/migration"
  );
}

REST API Endpoints

GET /api/v1/users/{id}  (Deprecated: 2026-04-01, Removed: 2026-07-01)

Response headers:
  Deprecation: true
  Sunset: Sun, 01 Jul 2026 00:00:00 GMT
  Link: </api/v2/users/{id}>; rel="successor-version"

Body:
{
  "user": {...},
  "_deprecation": {
    "message": "This endpoint is deprecated",
    "removal_date": "2026-07-01",
    "migration_guide": "https://docs.example.com/api/v1-to-v2",
    "use_instead": "GET /api/v2/users/{id}"
  }
}

Database Schema

-- Mark column as deprecated (PostgreSQL with comments)
COMMENT ON COLUMN users.old_phone_field IS
  'DEPRECATED (removal: 2026-07-01). Use phone_numbers table instead. '
  'Migration: https://docs.example.com/migrations/phone';

-- Add migration helper column
ALTER TABLE users ADD COLUMN phone_numbers_migrated BOOLEAN DEFAULT FALSE;

-- Track migration progress
SELECT COUNT(*) as unmigrated
FROM users
WHERE phone_numbers_migrated = FALSE;

Migration Guide Template

Create a migration guide for each deprecated feature:

# Migrating from X to Y

## What's changing
[Explain what's deprecated and why]

## Timeline
- Announced: [date]
- Removal date: [date]
- Support window: [duration]

## Step-by-step migration

### Step 1: Update imports
Before:
  import { getUserData } from 'old-api';

After:
  import { getUser } from 'new-api';

### Step 2: Update function calls
Before:
  const data = getUserData(userId, { include: ['profile', 'settings'] });

After:
  const user = getUser(userId);
  const profile = user.profile;
  const settings = user.settings;

### Step 3: Update error handling
Before:
  try {
    data = getUserData(userId);
  } catch (error) {
    // Handle 404, 403, 500
  }

After:
  try {
    user = getUser(userId);
  } catch (error) {
    // Handle NotFoundError, ForbiddenError, InternalError
  }

## Common issues & solutions

Q: What if I have custom code using old-api?
A: See [example](/docs/custom-code-migration)

Q: Will old code still work after [date]?
A: No, it will throw an error.

## Need help?
- Check [FAQ](/docs/faq)
- Ask in [community forum](/forum)
- Email support@example.com

Testing Deprecated Code Paths

Keep deprecated features working as long as they’re deprecated:

# Test that deprecated function still works
def test_deprecated_get_user_still_works():
    """Deprecated getUser() should still return correct data."""
    with pytest.warns(DeprecationWarning):
        user = get_user(user_id=123)

    assert user.id == 123
    assert user.name == "Test User"

# Test that replacement works
def test_new_get_user_v2_works():
    """New getUserV2() should work identically."""
    user = get_user_v2(user_id=123)

    assert user.id == 123
    assert user.name == "Test User"

# Test both produce same result
def test_old_and_new_produce_same_result():
    """Both APIs should return identical data."""
    with pytest.warns(DeprecationWarning):
        old_result = get_user(user_id=123)

    new_result = get_user_v2(user_id=123)

    assert old_result.id == new_result.id
    assert old_result.name == new_result.name

Tracking Deprecation Progress

Create a deprecation tracking dashboard:

Deprecation: GET /api/v1/users -> GET /api/v2/users

Timeline:
  Announced: 2026-01-15
  Removal: 2026-07-15
  Days until removal: 182
  Progress: 67%

Usage Statistics:
  Total requests: 10,000/day (baseline)
  v1 requests: 3,300/day (-67% from peak)
  v2 requests: 6,700/day (+67% from launch)

  Top users still on v1:
    1. company-a.com: 1,200 req/day (email sent 2x)
    2. company-b.com: 800 req/day (contact ongoing)
    3. internal-service: 600 req/day (team assigned)
    4. personal-projects: 700 req/day (not contacted)

Action Items:
  ☐ Send final notice to company-a (35 days to go)
  ☐ Escalate to company-b CTO
  ☐ Update internal service
  ☐ Check if personal projects still active

Handling Late Migrations

Some users will migrate late. Plan for it:

Option 1: Short grace period (7-30 days)

2026-07-15: Deprecation removed
2026-07-22: Last support date
2026-07-23: Hard error: "Feature removed, see migration guide"

Option 2: Extended support (negotiated)

For major customers:

2026-07-15: Deprecation removed for most
2026-10-15: Extended deadline for Company X
2026-10-16: Hard error for Company X

Option 3: Compatibility shim (short-term)

# Temporary shim that redirects old code to new
@app.route('/api/v1/users/<id>', methods=['GET'])
def v1_users(id):
    """Temporary shim for migrating users."""
    logging.warning(f"Deprecated v1 API called from {request.remote_addr}")
    return redirect(url_for('v2_users', id=id), code=301)

Red Flags: When Deprecation Goes Wrong

⚠️ Nobody knows about it

Solution: Better communication (blog, email, in-app notifications)

⚠️ No clear migration path

Solution: Provide detailed guides and examples

⚠️ Moving deadline

Solution: Commit to date, communicate early changes

⚠️ Breaking changes after “deprecation”

Solution: Keep deprecated code working until removal date

⚠️ Large sudden jump in errors

Solution: Gradual rollout, monitor metrics, extend deadline if needed

Integration with Playbook

Part of architecture and planning:

/pb-plan - Plan deprecations during scope phase
/pb-adr - Document deprecation decisions (ADR-style)
/pb-guide - Section 4.6 covers backwards compatibility
/pb-commit - Mark deprecated code clearly in commits

Related Commands:

/pb-plan - Feature planning (includes deprecation planning)
/pb-guide - SDLC workflow
/pb-release - Communication of deprecations in release notes

Deprecation Checklist

Before marking something deprecated:

Replacement exists (or plan to create it)
Migration guide drafted
Timeline decided (6+ months)
Communication plan ready
Code marked deprecated (warnings, docs)
Tests updated to cover deprecated path
Removal date documented everywhere

During deprecation period:

Monitor usage metrics weekly
Answer user questions promptly
Track migration progress
Send reminders at 1-month and 1-week marks
Keep deprecated code working (don’t break it)
Document any extensions or special cases

At removal time:

Remove deprecated code
Update all documentation
Add to migration guide
Send final announcement
Provide post-removal support

/pb-adr - Document deprecation decisions with rationale
/pb-release - Communicate deprecations in release notes
/pb-documentation - Write migration guides and deprecation notices

Created: 2026-01-11 | Category: Planning | Tier: M/L

Architecture & Design Patterns

Overview and navigation guide for the pattern family.

Every pattern has trade-offs: Use /pb-preamble thinking (challenge assumptions, transparent reasoning) and /pb-design-rules thinking (patterns should serve Clarity, Simplicity, and Modularity).

Question whether this pattern fits your constraints. Challenge the costs. Explore alternatives. Good patterns are tools you understand and choose, not dogma you follow.

Resource Hint: sonnet - Pattern navigation and selection; index-level reference material.

When to Use

Choosing which pattern family applies to your design problem
Getting an overview of available architectural patterns before diving deep
Navigating to the right specialized pattern command

Pattern Selection Workflow

DESIGN PROBLEM
│
├─ Service boundaries?     → /pb-patterns-core (SOA)
├─ Service communication?  → /pb-patterns-core (Event-Driven)
├─ Service failing?        → /pb-patterns-resilience (Circuit Breaker)
├─ Rate limit API?         → /pb-patterns-resilience (Rate Limiting)
├─ Database operations?    → /pb-patterns-db (Pooling, Optimization)
├─ Background processing?  → /pb-patterns-async (Job Queues)
├─ Multi-step across services? → /pb-patterns-distributed (Saga)
├─ Slow database?          → /pb-patterns-db (Caching)
├─ Complex UI events?      → /pb-patterns-async (Reactive/RxJS)
├─ Deployment strategy?    → /pb-patterns-deployment
├─ Frontend architecture?  → /pb-patterns-frontend
├─ Cloud infrastructure?   → /pb-patterns-cloud
└─ Security concerns?      → /pb-patterns-security

THEN: Read pattern family, understand trade-offs, implement with knowledge

Purpose

Patterns provide:

Proven solutions to recurring architectural problems
Shared vocabulary for design discussions
Trade-off documentation (pros, cons, gotchas)
Real code examples across languages
Failure learning (antipatterns from production)

Pattern Family Overview

The playbook organizes patterns into specialized commands:

1. Core Patterns (`/pb-patterns-core`)

Foundational architectural and structural patterns.

Topics:

Architectural: Service-Oriented Architecture (SOA), Event-Driven
Data Access: Repository, DTO
Integration: Strangler Fig
Antipatterns: When patterns fail
Pattern Interactions: How patterns work together in real systems

When to read:

Designing new system architecture
Understanding SOA/Event-Driven tradeoffs
Choosing data access patterns (Repository, DTO)
Real-world composition examples

Examples:

E-commerce order processing (SOA + Event-Driven + Saga)
Data layer design (Repository + DTO + Strangler Fig)
Cross-pattern composition (see Pattern Interactions section)

2. Async Patterns (`/pb-patterns-async`)

Non-blocking execution patterns for concurrent operations.

Topics:

Callbacks (when to use, callback hell)
Promises (chaining, error handling)
Async/Await (synchronous-looking code)
Reactive/RxJS (complex event streams)
Worker Threads (CPU-bound work)
Job Queues (background processing)

When to read:

Implementing concurrent/parallel operations
Handling event streams
Designing background job systems
Choosing between async approaches

Examples:

User input debouncing with RxJS
CPU-intensive calculations with workers
Email job queue with retries
Fetching data sequentially vs in parallel

Languages: JavaScript, Python, Go

3. Database Patterns (`/pb-patterns-db`)

Patterns for efficient, scalable database operations.

Topics:

Connection Pooling (reuse connections)
Query Optimization (N+1, indexes, EXPLAIN)
Replication (primary + replicas)
Sharding (split data by key)
Transactions (ACID across operations)
Batch Operations (insert/update efficiency)
Caching Strategies (write-through, write-behind)

When to read:

Database is performance bottleneck
Scaling beyond single database
Optimizing slow queries
Designing high-availability systems

Examples:

Connection pool tuning
Solving N+1 query problem
Read/write splitting with replicas
Sharding by customer_id
Batch loading for performance

Languages: Python, JavaScript, SQL

4. Distributed Patterns (`/pb-patterns-distributed`)

Patterns for coordinating across services/databases.

Topics:

Saga Pattern (choreography vs orchestration)
CQRS (separate read/write models)
Eventual Consistency (acceptance, guarantees)
Two-Phase Commit (strong consistency)
Pattern Interactions (combining patterns)

When to read:

System spans multiple services
Need to coordinate across boundaries
Dealing with distributed transactions
Balancing consistency and scalability

Examples:

Payment saga (order → payment → inventory)
Follower count with eventual consistency
CQRS for user profiles
When to use 2PC vs Saga

5. Resilience Patterns (`/pb-patterns-resilience`)

Patterns for making systems reliable under failure conditions.

Topics:

Retry with Exponential Backoff (transient failure recovery)
Circuit Breaker (prevent cascading failures)
Rate Limiting (protect against abuse)
Cache-Aside (performance + resilience)
Bulkhead (resource isolation)

When to read:

Service calls fail intermittently
Need to protect against cascading failures
API needs rate limiting
Adding caching layer for reliability

Examples:

Payment service retry with backoff
Circuit breaker protecting external API calls
Token bucket rate limiting implementation
Cache stampede prevention with locks

How to Use This Guide

Quick Pattern Selection

Question: I need to design something. Which pattern?

Service boundaries? → /pb-patterns-core → SOA
Service communication? → /pb-patterns-core → Event-Driven
Service failing? → /pb-patterns-resilience → Circuit Breaker, Retry
Rate limit API? → /pb-patterns-resilience → Rate Limiting
Database operations? → /pb-patterns-db → Pooling, Optimization, Replication
Background processing? → /pb-patterns-async → Job Queues
Multi-step across services? → /pb-patterns-distributed → Saga
Slow database? → /pb-patterns-db → Connection Pooling, Indexes, Caching
Complex UI events? → /pb-patterns-async → Reactive/RxJS

Common Scenarios

Building a new microservice:

Read /pb-patterns-core (SOA section)
Read /pb-patterns-distributed (Saga)
Design service boundary
Read /pb-patterns-api (API design)
Read /pb-review-microservice for review checklist

System is slow:

Measure bottleneck first (database query logs, network traces, CPU profiling)
Identify bottleneck (database, network, CPU?)
If database: Read /pb-patterns-db
If network/service communication: Read /pb-patterns-resilience (Circuit Breaker, Cache-Aside)
If CPU-intensive: Read /pb-patterns-async (Worker Threads)

Payment/Order processing:

Read /pb-patterns-core (Event-Driven)
Read /pb-patterns-resilience (Retry, Circuit Breaker)
Read /pb-patterns-distributed (Saga)
Read /pb-incident (handling Saga failures)

Scaling to 1M users:

Read /pb-patterns-db (Replication, Sharding)
Read /pb-patterns-resilience (Cache-Aside)
Read /pb-patterns-async (Job Queues)
Read /pb-deployment (deployment strategies)

Pattern Decision Tree

Problem: Need to...

├─ Decouple services?
│  └─ /pb-patterns-core: Event-Driven
│
├─ Handle external service failure?
│  └─ /pb-patterns-resilience: Circuit Breaker + Retry
│
├─ Rate limit API?
│  └─ /pb-patterns-resilience: Rate Limiting
│
├─ Add caching layer?
│  └─ /pb-patterns-resilience: Cache-Aside
│
├─ Scale database reads?
│  └─ /pb-patterns-db: Replication, Connection Pooling
│
├─ Scale database writes?
│  └─ /pb-patterns-db: Sharding
│
├─ Speed up slow database?
│  └─ /pb-patterns-db: Indexes, Caching, Batch Ops
│
├─ Process many events asynchronously?
│  └─ /pb-patterns-async: Job Queues, Event Streams
│
├─ Coordinate multi-step across services?
│  └─ /pb-patterns-distributed: Saga
│
├─ Separate read/write models?
│  └─ /pb-patterns-distributed: CQRS
│
├─ Run CPU-intensive work?
│  └─ /pb-patterns-async: Worker Threads
│
└─ Accept eventual consistency?
   └─ /pb-patterns-distributed: Eventual Consistency

Anti-Pattern: Too Many Patterns

[NO] Bad:

Using Circuit Breaker + Retry + Timeout + Bulkhead + Saga + CQRS
for a simple service (overkill, hard to maintain)

[YES] Good:

Start simple, add patterns only when needed
Service slow? Add cache (Cache-Aside)
Service fails? Add Circuit Breaker
Multiple services? Add Saga

Pattern Quality Standards

All patterns in this family follow these standards:

[YES] Real Code Examples (not pseudocode)

Python and JavaScript examples throughout
Copy-paste ready
Production tested

[YES] Trade-offs Documented

Pros and cons explicit
When to use, when not to
Comparison with alternatives

[YES] Gotchas Included

Real production failures
Why the gotcha happens
How to prevent it

[YES] Antipatterns Shown

Bad patterns from real systems
Lessons learned
How to do it right

Integration with Playbook

Architectural decisions:

/pb-adr - Document why specific patterns chosen
/pb-guide - System design using patterns
/pb-deployment - How patterns affect deployment

Implementation:

/pb-commit - Atomic commits for pattern implementations
/pb-testing - Testing pattern implementations
/pb-performance - Performance optimization using patterns

Operations:

/pb-observability - Monitoring patterns in production
/pb-incident - Handling pattern failures
/pb-security - Secure pattern implementations

Reviews:

/pb-review-microservice - Microservice design review (uses pattern knowledge)

Quick Reference

Pattern	Command	Use When	Avoid When
SOA	`/pb-patterns-core`	Services need independence	Single team project
Event-Driven	`/pb-patterns-core`	Loose coupling needed	Strict ordering required
Repository	`/pb-patterns-core`	Complex data access	Simple CRUD
Retry	`/pb-patterns-resilience`	Transient failures possible	Permanent failure (auth)
Circuit Breaker	`/pb-patterns-resilience`	Service might be down	One-time operations
Rate Limiting	`/pb-patterns-resilience`	API abuse protection	Internal-only services
Cache-Aside	`/pb-patterns-resilience`	High read load	Strict consistency
Bulkhead	`/pb-patterns-resilience`	Different load per service	Single service
Saga	`/pb-patterns-distributed`	Multi-step across services	Single service transaction
CQRS	`/pb-patterns-distributed`	Different read/write patterns	Simple CRUD
Eventual Consistency	`/pb-patterns-distributed`	Consistency delay acceptable	Strong consistency required

/pb-patterns-core - Core architectural and structural patterns (SOA, Event-Driven, Repository, DTO)
/pb-patterns-resilience - Resilience patterns (Retry, Circuit Breaker, Rate Limiting, Cache-Aside, Bulkhead)
/pb-patterns-async - Asynchronous patterns
/pb-patterns-db - Database patterns
/pb-patterns-distributed - Distributed systems patterns
/pb-patterns-frontend - Frontend architecture patterns (components, state, theming)
/pb-patterns-api - API design patterns (REST, GraphQL, gRPC)
/pb-patterns-deployment - Deployment strategies and patterns
/pb-patterns-cloud - Cloud deployment patterns (AWS, GCP, Azure)

Created: 2026-01-11 | Category: Architecture | Tier: L

Core Architecture & Design Patterns

Proven solutions to recurring problems. Patterns speed up design and prevent mistakes.

Purpose

Patterns:

Accelerate design: Don’t solve the same problem twice
Share knowledge: Common vocabulary for discussion
Prevent mistakes: Patterns have gotchas documented
Improve quality: Use proven solutions, not experimental ones
Enable communication: “Let’s use the retry pattern” means something

Mindset: Every pattern has trade-offs. Use /pb-preamble thinking (challenge assumptions, surface costs) and /pb-design-rules thinking (does this pattern serve Clarity, Simplicity, Modularity?).

Challenge whether this pattern is the right fit for your constraints. Surface the actual costs. Understand the alternatives. A pattern is a starting point, not a law.

Resource Hint: sonnet - Pattern reference and application; implementation-level design decisions.

When to Use Patterns

Use patterns when:

Problem is common (many projects have this issue)
Solution is proven (multiple implementations work well)
Trade-offs are understood (know pros/cons)
Context fits (pattern matches your system)

Don’t use patterns when:

Problem is unique (no precedent)
Pattern seems forced (doesn’t fit naturally)
Simple solution exists (YAGNI - You Aren’t Gonna Need It)
System is too small (overkill)

Architectural Patterns

Pattern: Service-Oriented Architecture (SOA)

Problem: Monolithic system is too big, scales badly, hard to test.

Solution: Break into independent services, each handling one thing.

Structure:

Monolith:
  [All code - Orders, Payments, Users, Inventory in one codebase]

SOA:
  [Order Service] ←→ [Payment Service]
       ↓ API calls
  [User Service] ←→ [Inventory Service]

How it works:

1. Each service owns its data (no shared database)
2. Services communicate via API (HTTP, gRPC, etc.)
3. Each service deployed independently
4. Each service has its own database

Example: E-commerce

- Order Service: Creates orders, tracks status
- Payment Service: Processes payments, refunds
- Inventory Service: Tracks stock, decrements
- User Service: Manages users, profiles
- Notification Service: Sends emails, SMS

Each service:
  - Has own database
  - Exposed via REST API
  - Deployed separately
  - Developed by own team

Pros:

Independent scaling (payment service under load? Scale just that)
Independent deployment (order service update doesn’t affect payments)
Technology flexibility (use Node for one, Python for another)
Clear boundaries (easy to understand what each does)

Cons:

Operational complexity (many services to manage)
Network latency (services talking over network)
Data consistency harder (each has own database)
Debugging harder (request spans multiple services)

When to use:

Team size > 10 people (each team owns a service)
Different parts scale differently (payments need more resources)
Different parts use different tech stacks
System is too large for one team

Gotchas:

1. "Too fine-grained services" - 20 services, each service per endpoint
   Bad: Too much operational overhead
   Good: 3-5 services, each service per business domain

2. "Synchronous everywhere" - Service A calls B calls C
   Bad: Slow, cascading failures
   Good: Async messaging (service A publishes event, B listens)

3. "Sharing databases" - All services use same DB
   Bad: Defeats purpose (tightly coupled)
   Good: Each service owns its data

Pattern: Event-Driven Architecture

Problem: Systems are tightly coupled (Order service must know about Payment service).

Solution: Services publish events, others listen. No direct coupling.

How it works:

Traditional (Tightly coupled):
  1. User submits order
  2. Order Service calls Payment Service
  3. Payment Service calls Inventory Service
  4. Inventory Service calls Notification Service

Problem: If Payment Service is slow, Order Service blocks

Event-Driven (Loosely coupled):
  1. User submits order
  2. Order Service creates order → publishes "order.created" event
  3. Payment Service listens, charges payment
  4. Inventory Service listens, decrements stock
  5. Notification Service listens, sends email

Benefit: Services don't know about each other

Technology:

Event bus: RabbitMQ, Kafka, AWS SNS/SQS, Google Pub/Sub
Event format: JSON events with type and data

Example event:

{
  "type": "order.created",
  "timestamp": "2026-01-11T14:30:00Z",
  "order_id": "order_123",
  "customer_id": "cust_456",
  "items": [
    {"product_id": "prod_1", "quantity": 2}
  ],
  "total": 99.99,
  "version": 1
}

Note: Include version field for event versioning (critical for schema evolution)

Service subscribing:

eventBus.subscribe('order.created', async (event) => {
  console.log(`Processing order ${event.order_id}`);

  // Decrement inventory
  await inventoryService.decrementStock(event.items);

  // Publish event for others
  await eventBus.publish('inventory.updated', {
    order_id: event.order_id,
    status: 'decremented'
  });
});

Pros:

Loose coupling (services don’t know about each other)
Scalable (can add listeners without changing publisher)
Resilient (if one service is slow, doesn’t block others)
Debuggable (event history is audit trail)

Cons:

Harder to debug (request spans multiple services asynchronously)
Eventual consistency (order created, payment might fail later)
Operational complexity (need event broker)
Ordering challenges (events might arrive out of order)

Gotchas:

1. "Event published but nobody listening"
   Bad: Event disappears, nobody processes it
   Good: Monitor for unprocessed events, alert if missing listeners

2. "Event processed twice"
   Bad: Payment processed twice, customer charged twice
   Good: Idempotent processing (processing same event twice = safe)

3. "No ordering guarantees"
   Bad: "order.created" arrives before "order.confirmed"
   Good: Listeners handle events arriving in any order

Resilience Patterns

See /pb-patterns-resilience for Retry, Circuit Breaker, Rate Limiting, Cache-Aside, and Bulkhead patterns – defensive patterns for making systems reliable under failure.

Data Access Patterns

Pattern: Repository Pattern

Problem: Data access code scattered everywhere. Hard to test. Hard to change database.

Solution: Central place for data access. All queries go through repository.

Structure:

Without Repository:
  User Service → SQL queries directly → Database
  Order Service → SQL queries directly → Database
  (Duplication, hard to test)

With Repository:
  User Service → User Repository → Database
  Order Service → Order Repository → Database
  (Centralized, easy to test)

Example:

class UserRepository:
    def __init__(self, db):
        self.db = db

    def get_by_id(self, user_id):
        """Get user by ID."""
        return self.db.query("SELECT * FROM users WHERE id = ?", user_id)

    def create(self, email, name):
        """Create new user."""
        result = self.db.execute(
            "INSERT INTO users (email, name) VALUES (?, ?)",
            email, name
        )
        return result.lastrowid

    def update(self, user_id, email=None, name=None):
        """Update user."""
        if email:
            self.db.execute("UPDATE users SET email = ? WHERE id = ?", email, user_id)
        if name:
            self.db.execute("UPDATE users SET name = ? WHERE id = ?", name, user_id)

    def delete(self, user_id):
        """Delete user."""
        self.db.execute("DELETE FROM users WHERE id = ?", user_id)

# Usage
repo = UserRepository(db)
user = repo.get_by_id(123)
repo.update(123, name="New Name")

Benefits:

Centralized data access (one place to change queries)
Easy to test (mock repository for unit tests)
Easy to swap databases (change repository, not whole app)
Consistency (same query patterns everywhere)

Pattern: DTO (Data Transfer Object)

Problem: Return database object directly. If database schema changes, API breaks.

Solution: Create separate object for API responses. API only returns DTOs.

How it works:

Without DTO (Tight coupling):
  Database: user {id, email, password_hash, created_at, updated_at}
  API returns entire user object
  Client sees password_hash (security issue!)
  Schema change breaks API

With DTO (Loose coupling):
  Database: user {id, email, password_hash, created_at, updated_at}
  API: class UserDTO {id, email, name}
  API returns only DTO fields
  Schema changes, API unchanged

Example:

# Database model (has extra fields)
class User:
    id: int
    email: str
    password_hash: str  # Don't expose!
    created_at: datetime
    updated_at: datetime
    last_login: datetime

# API DTO (only expose necessary)
class UserDTO:
    id: int
    email: str
    name: str

# API endpoint
@app.get("/users/{user_id}")
def get_user(user_id: int):
    user = db.query(User).filter(User.id == user_id).first()

    # Convert to DTO
    dto = UserDTO(
        id=user.id,
        email=user.email,
        name=user.name
    )

    return dto  # Only return DTO, not User object

Benefits:

Security (don’t expose internal fields)
Flexibility (database schema ≠ API contract)
Clarity (API shows exactly what’s available)

API Design Patterns

See /pb-patterns-api for API design patterns including Pagination, Versioning, REST, GraphQL, and gRPC.

Integration Patterns

Pattern: Strangler Fig Pattern

Problem: Have old system, want to replace with new one. Can’t rewrite everything at once.

Solution: New system gradually takes over. Old and new run together.

How it works:

Phase 1: Build new system alongside old
  Requests → Old System (still handling everything)
            → New System (not used yet)

Phase 2: Migrate one thing at a time
  Requests → Router → New System (for payments)
                   → Old System (for everything else)

Phase 3: Keep migrating
  Requests → Router → New System (for payments, orders)
                   → Old System (for legacy parts)

Phase 4: Remove old system when everything migrated
  Requests → New System (complete replacement)

Benefits:

No downtime (systems run in parallel)
Gradual migration (low risk)
Ability to rollback (old system still there)
Real traffic testing (new system handles real requests)

Antipatterns: When Patterns Fail

Patterns are powerful but can backfire. Learn from failures.

SOA Gone Wrong: Too Many Services

What happened: Uber’s early architecture (2009-2011)

Decision: "Decompose everything into services"
Result: 200+ services, too fine-grained

Problems:
- Service discovery nightmare (which service talks to which?)
- Testing hell (integration tests spanning 200 services)
- Deployment chaos (coordinating 200 deploys)
- Latency spikes (request spans 15 services)
- Ops complexity (200 services to monitor)

Lesson:
  Services should map to business domains, not functions
  Keep manageable: 3-10 services per team
  Not every function deserves its own service

Event-Driven Gone Wrong: Ordering Problems

What happened: Payment system with async events

Expected:
  1. order.created
  2. payment.processed
  3. order.confirmed

What actually happened:
  1. payment.processed ← arrived first!
  2. order.created
  3. order.confirmed

Why:
  Different services publish events asynchronously
  Network jitter (payment response faster)
  Message broker delays

Problem:
  Processing payment for order that doesn't exist
  Orphaned payments (no matching order)
  Data inconsistency

Lesson:
  Design events to handle out-of-order arrival
  Use idempotent processing (same event twice = safe)
  Add timestamp/sequence numbers to events

Repository Pattern Gone Wrong: Over-Abstraction

What happened: Repository for every entity

Result: 50+ Repository classes, all similar
  class UserRepository { ... }
  class AddressRepository { ... }
  class PaymentRepository { ... }
  ... 47 more ...

Problems:
- Boilerplate explosion
- Hides details under abstraction
- Over-generalized
- Slow to change (modify 50 files)

Lesson:
  Use Repository for complex entities
  Simple queries? Direct database calls are fine
  Patterns are tools, not dogma
  Sometimes simple > abstract

Pattern Interactions: How Patterns Work Together

Real systems combine multiple patterns. Understanding how they interact prevents conflicts.

Example: E-Commerce Order Processing

Architectural Level:

SOA: Separate Order, Payment, Inventory services
Event-Driven: Services communicate via events (not direct calls)

Service Internal Level:

Repository Pattern: Data access layer in each service
Cache-Aside: Redis cache in front of database
Connection Pooling: Database connection reuse

Communication Level:

Retry with Backoff: Retry failed calls to other services
Circuit Breaker: Stop calling failed service for a time
Bulkhead: Thread pool per service prevents resource starvation

Data Level:

DTO: API returns only public fields
Pagination: List endpoints return pages, not all records

System Design:

User Request
  ↓
API Gateway (Rate limiting, auth)
  ↓
[Order Service]
  • Repository for data access
  • Cache-Aside for product cache
  • Connection pool for DB
  ↓
[Event: order.created]
  ↓
Payment Service (Circuit Breaker)
  • Retry with backoff on failure
  • Bulkhead prevents thread exhaustion
  ↓
[Event: payment.processed] OR [Event: payment.failed]
  ↓
Inventory Service
  • Same pattern repetition
  ↓
[Event: order.completed]
  ↓
Notification Service
  • Job queue for emails (don't block response)

For resilience pattern interactions (Circuit Breaker + Retry, Cache-Aside + Bulkhead), see /pb-patterns-resilience.

SOA + Event-Driven + Saga Pattern

Real-World Scenario: Payment Processing

Service A (Order Service):
  Receives order
  Publishes: "payment_required"
  State: AWAITING_PAYMENT

Service B (Payment Service):
  Listens: "payment_required"
  Attempts payment with Retry + Circuit Breaker
  If success: Publishes "payment_received"
  If failure after retries: Publishes "payment_failed"

Service A (compensation):
  Listens: "payment_failed"
  Performs compensating action: Cancel order

Service C (Inventory):
  Listens: "payment_received"
  Decrements stock with Repository pattern
  Publishes: "stock_decremented"

DTO + Pagination + API Versioning

For Pagination and Versioning details, see /pb-patterns-api.

Real-World API Response

Old API (v1):
GET /users?page=1&per_page=20
{
  "users": [{id, email, password_hash, created_at, ...}],
  "page": 1,
  "per_page": 20,
  "total": 523
}

New API (v2, with DTO):
GET /v2/users?page=1&per_page=20
{
  "data": [{id, email, name}],  // DTO, no password_hash
  "pagination": {
    "page": 1,
    "per_page": 20,
    "total": 523,
    "has_next": true
  }
}

Benefits:
- DTO: Security (password_hash not exposed)
- Pagination: Prevents huge responses
- Versioning: Can change API without breaking v1 clients

When to Apply Patterns

Too many patterns:

[NO] Every new problem → find a pattern
[NO] Using Strangler Fig, Event-Driven, Microservices, Circuit Breaker, etc.
[NO] System is complex to understand

Right amount of patterns:

[YES] Use patterns for recurring problems
[YES] Only when simpler solution doesn't work
[YES] Understand pattern before using it
[YES] Document why pattern was chosen

Pattern checklist:

☐ Problem is common (not unique to this system)
☐ Pattern is proven (multiple successful implementations)
☐ Context fits (system matches pattern requirements)
☐ Trade-offs understood (know pros and cons)
☐ Simpler solution tried (patterns are last resort)
☐ Team understands (can maintain, debug, extend)

Integration with Playbook

Pattern Family: This is the core patterns command. It covers foundational architectural, design, data access, and API patterns.

Related Pattern Commands (Pattern Family):

/pb-patterns-async - Async patterns (callbacks, promises, async/await, reactive, workers, job queues)
/pb-patterns-db - Database patterns (connection pooling, optimization, replication, sharding)
/pb-patterns-distributed - Distributed patterns (saga, CQRS, eventual consistency, 2PC)

How They Work Together:

pb-patterns-core → Foundation (SOA, Event-Driven, Repository, DTO, Strangler Fig)
    ↓
pb-patterns-async → Async operations (implement Event-Driven, job queues)
    ↓
pb-patterns-db → Database implementation (pooling for performance)
    ↓
pb-patterns-distributed → Multi-service coordination (saga, CQRS)

Architecture & Design Decision:

/pb-adr - Document why specific patterns chosen
/pb-guide - System design and pattern selection
/pb-deployment - How patterns affect deployment strategy

Testing & Operations:

/pb-security - Security patterns and secure code
/pb-performance - Performance optimization using patterns
/pb-testing - Testing pattern implementations
/pb-incident - Handling pattern failures

/pb-patterns-resilience - Resilience patterns (Retry, Circuit Breaker, Rate Limiting, Cache-Aside, Bulkhead)
/pb-patterns-async - Async patterns for non-blocking operations
/pb-patterns-db - Database patterns for data access
/pb-patterns-distributed - Distributed patterns for multi-service coordination
/pb-adr - Document pattern selection decisions

Created: 2026-01-11 | Category: Architecture | Tier: L

API Design Patterns

Patterns for designing APIs that are consistent, intuitive, and maintainable. Covers REST, GraphQL, and RPC styles.

Trade-offs exist: API design is permanent once clients depend on it. Use /pb-preamble thinking (challenge assumptions about what clients need) and /pb-design-rules thinking (especially Clarity in naming, Least Surprise in behavior, and Extensibility for evolution).

Design for the consumer, not the implementation.

Resource Hint: sonnet - API pattern reference; implementation-level interface design decisions.

API Style Decision

When to Use Each Style

Style	Best For	Avoid When
REST	CRUD operations, resource-oriented systems, public APIs	Complex queries, real-time, tight coupling acceptable
GraphQL	Complex data requirements, multiple clients with different needs	Simple CRUD, strict caching needs, small team
gRPC	Service-to-service, high performance, streaming	Browser clients, public APIs, simple requests

Decision Framework

Is this a public API consumed by third parties?
├─ Yes → REST (widest compatibility, simplest tooling)
└─ No → Is performance critical (service-to-service)?
    ├─ Yes → gRPC (binary protocol, streaming)
    └─ No → Do clients have varied data needs?
        ├─ Yes → GraphQL (client-driven queries)
        └─ No → REST (simplest option)

REST Patterns

Resource Naming

Resources are nouns, not verbs:

# [YES] Nouns
GET    /users
GET    /users/{id}
POST   /users
PUT    /users/{id}
DELETE /users/{id}

# [NO] Verbs
GET    /getUsers
POST   /createUser
POST   /deleteUser/{id}

Plurals for collections:

# [YES] Plural
/users
/users/{id}/orders

# [NO] Singular (inconsistent)
/user
/user/{id}/order

Hierarchical relationships:

# [YES] Nested resources
GET /users/{userId}/orders
GET /users/{userId}/orders/{orderId}

# [NO] Flat with query params for relationships
GET /orders?userId=123  (OK for filtering, not for hierarchy)

HTTP Methods

Method	Purpose	Idempotent	Safe
GET	Read resource(s)	Yes	Yes
POST	Create resource	No	No
PUT	Replace resource	Yes	No
PATCH	Partial update	Yes*	No
DELETE	Remove resource	Yes	No

*PATCH is idempotent if the same patch produces the same result.

Idempotent means: Calling multiple times produces the same result as calling once.

# Idempotent (safe to retry)
PUT /users/123 { "name": "Alice" }  # Always results in name = Alice

# Not idempotent (retry creates duplicates)
POST /users { "name": "Alice" }  # Creates new user each time

Status Codes

Code	Meaning	Use When
200	OK	Successful GET, PUT, PATCH
201	Created	Successful POST that creates resource
204	No Content	Successful DELETE, or PUT with no body
400	Bad Request	Invalid input, validation error
401	Unauthorized	Missing or invalid authentication
403	Forbidden	Authenticated but not authorized
404	Not Found	Resource doesn’t exist
409	Conflict	Duplicate resource, version conflict
422	Unprocessable Entity	Validation failed (alternative to 400)
429	Too Many Requests	Rate limit exceeded
500	Internal Server Error	Server-side failure
503	Service Unavailable	Temporary outage, maintenance

Request/Response Format

Consistent envelope:

// Success response
{
  "data": { /* resource or array */ },
  "meta": {
    "page": 1,
    "totalPages": 10,
    "totalCount": 100
  }
}

// Error response
{
  "error": {
    "code": "VALIDATION_ERROR",
    "message": "Invalid email address",
    "details": [
      {
        "field": "email",
        "message": "Must be a valid email"
      }
    ]
  }
}

Alternatively, no envelope (simpler):

// Success: Just the data
{ "id": 1, "name": "Alice" }

// Success: Array
[{ "id": 1 }, { "id": 2 }]

// Error: Standard error object
{
  "error": "VALIDATION_ERROR",
  "message": "Invalid email address"
}

Pick one style and be consistent.

Response Design

API responses are contracts. What you return defines what consumers depend on. Returning your internal model directly is the “SELECT *” of API design - easy now, costly forever.

The core discipline: Separate your data layer from your API contract. Return what consumers need, not what the database has.

Why this matters:

Concern	Risk of Returning Everything
Performance	Large text fields, blobs, nested objects add latency and bandwidth cost - multiplied by every request, every user
Security	Internal attributes leak implementation details: workflow states, generation prompts, internal IDs, admin flags
Coupling	Consumers depend on your database schema shape; renaming a column breaks the API
Clarity	Consumer can’t tell which fields are for them vs. internal bookkeeping

Pattern: Response DTOs

Never serialize your data model directly. Define explicit response shapes per consumer need.

# [NO] Data layer leaking through API
@app.get("/api/tracks/{id}")
def get_track(id):
    track = db.query(Track).get(id)
    return jsonify(track.to_dict())  # Everything: embeddings, prompts, workflow_state

# [YES] Explicit response shape
@app.get("/api/tracks/{id}")
def get_track(id):
    track = db.query(Track).get(id)
    return jsonify({
        "id": track.id,
        "title": track.title,
        "artist": track.artist,
        "duration": track.duration,
        "coverUrl": track.cover_url,
    })

// [NO] Returning the database entity
app.get("/api/tracks/:id", async (req, res) => {
  const track = await db.track.findUnique({ where: { id: req.params.id } });
  res.json(track);  // Includes embeddingVector, generationPrompt, workflowState
});

// [YES] Explicit response type
interface TrackResponse {
  id: string;
  title: string;
  artist: string;
  duration: number;
  coverUrl: string;
}

app.get("/api/tracks/:id", async (req, res) => {
  const track = await db.track.findUnique({ where: { id: req.params.id } });
  const response: TrackResponse = {
    id: track.id,
    title: track.title,
    artist: track.artist,
    duration: track.duration,
    coverUrl: track.coverUrl,
  };
  res.json(response);
});

// [NO] Struct tags expose everything
type Track struct {
    ID                 string `json:"id"`
    Title              string `json:"title"`
    EmbeddingVector    []float64 `json:"embedding_vector"`    // Internal
    GenerationPrompt   string    `json:"generation_prompt"`   // Internal
    WorkflowState      string    `json:"workflow_state"`      // Internal
}

// [YES] Separate response type
type TrackResponse struct {
    ID       string `json:"id"`
    Title    string `json:"title"`
    Artist   string `json:"artist"`
    Duration int    `json:"duration"`
    CoverURL string `json:"coverUrl"`
}

Field Selection Guidance

Ask these questions for every field in a response:

Does the consumer need this? If no, don’t return it.
Is this an internal implementation detail? Workflow states, processing flags, internal IDs, embeddings - keep these server-side.
Is this large? Text blobs, HTML content, base64 data - return only in detail endpoints, not in list endpoints.
Is this sensitive? Even non-secret data can be sensitive in aggregate (usage patterns, internal scores, admin metadata).

List vs. Detail Responses

A common and effective pattern: return lean summaries in lists, full detail on individual fetch.

GET /api/tracks          → id, title, artist, duration, coverUrl
GET /api/tracks/{id}     → id, title, artist, duration, coverUrl, description, lyrics

Don’t return description and lyrics for 50 tracks in a list response when the UI shows titles and cover art.

Large Fields

For fields that are legitimately large (content bodies, transcripts, generated text):

Exclude from list endpoints - Always
Consider lazy loading - Separate endpoint or query parameter (?fields=lyrics)
Set size expectations - Document max sizes in API docs
Compress - Use gzip/brotli for text-heavy responses

When NOT to Optimize

This is not about premature optimization. It’s about informed decisions:

Internal tools with 3 users - Returning the full model is fine; don’t build DTO layers for admin dashboards
Prototyping - Ship fast, shape later. But track the debt.
Single consumer, small payloads - If the response is 200 bytes, field selection adds complexity without benefit

The question isn’t “always optimize” - it’s “know what you’re sending and why.”

Design Rules Applied

Rule of Separation - API contract is separate from data model
Rule of Clarity - Response shape communicates what consumers should use
Rule of Repair - Large unintended payloads should be noticed, not silently tolerated
Rule of Simplicity - Don’t build DTO layers where they aren’t needed, but don’t skip them where they are

Input Binding Discipline

The inbound counterpart to Response Design: don’t bind request bodies directly into your data model.

The problem:

# [NO] Mass assignment - attacker sends {"role": "admin", "name": "Alice"}
@app.put("/api/users/{id}")
def update_user(id):
    user = db.query(User).get(id)
    user.update(**request.json)  # Binds ALL fields, including role
    db.commit()

# [YES] Allowlisted fields per operation
UPDATABLE_FIELDS = {'name', 'email', 'bio'}

@app.put("/api/users/{id}")
def update_user(id):
    user = db.query(User).get(id)
    data = {k: v for k, v in request.json.items() if k in UPDATABLE_FIELDS}
    user.update(**data)
    db.commit()

Discipline:

Allowlist writable fields per operation - Create and update may accept different fields
Readonly fields are never writable - id, createdAt, role, internalScore cannot be set via API
Validate types and constraints - Don’t just filter fields; validate values (use Pydantic, Zod, Go struct validation)

This is the mirror of Response Design: be explicit about what goes in, not just what comes out.

Error Handling

Error Response Standard

{
  "error": {
    "code": "RESOURCE_NOT_FOUND",
    "message": "User not found",
    "details": {
      "resourceType": "user",
      "resourceId": "123"
    },
    "requestId": "req_abc123",
    "documentation": "https://api.example.com/docs/errors#RESOURCE_NOT_FOUND"
  }
}

Components:

code - Machine-readable error type (for client logic)
message - Human-readable description (for debugging/display)
details - Additional context (varies by error type)
requestId - For support/debugging correlation
documentation - Link to error documentation (optional)

Error Codes

Define a consistent error taxonomy:

# Authentication/Authorization
UNAUTHORIZED           # Not authenticated
FORBIDDEN              # Authenticated but not allowed
TOKEN_EXPIRED          # Auth token needs refresh

# Validation
VALIDATION_ERROR       # Input validation failed
MISSING_FIELD          # Required field not provided
INVALID_FORMAT         # Field format wrong

# Resources
RESOURCE_NOT_FOUND     # Requested resource doesn't exist
RESOURCE_CONFLICT      # Duplicate or version conflict
RESOURCE_GONE          # Resource was deleted

# Rate Limiting
RATE_LIMITED           # Too many requests
QUOTA_EXCEEDED         # Usage quota exceeded

# Server Errors
INTERNAL_ERROR         # Generic server error
SERVICE_UNAVAILABLE    # Temporary outage

Client Error Handling

async function fetchUser(id: string): Promise<User> {
  const response = await fetch(`/api/users/${id}`);

  if (!response.ok) {
    const error = await response.json();

    switch (error.error.code) {
      case 'RESOURCE_NOT_FOUND':
        throw new UserNotFoundError(id);
      case 'UNAUTHORIZED':
        throw new AuthenticationError();
      case 'RATE_LIMITED':
        // Retry after delay
        await sleep(error.error.details.retryAfter);
        return fetchUser(id);
      default:
        throw new ApiError(error.error.message);
    }
  }

  return response.json();
}

Pagination

Cursor-Based (Recommended)

Best for real-time data, no “page drift” when items are added/removed:

GET /users?cursor=abc123&limit=20

Response:
{
  "data": [ ... ],
  "pagination": {
    "nextCursor": "def456",
    "prevCursor": "xyz789",
    "hasMore": true
  }
}

Cursor is opaque: Client doesn’t decode it, just passes it back.

Offset-Based (Simple)

Easier to implement, allows jumping to pages:

GET /users?page=2&limit=20
GET /users?offset=20&limit=20

Response:
{
  "data": [ ... ],
  "pagination": {
    "page": 2,
    "limit": 20,
    "totalPages": 10,
    "totalCount": 200
  }
}

Problem: “Page drift” when items added/removed during pagination.

Keyset-Based

For sorted data with unique keys:

GET /users?after_id=123&limit=20

Response:
{
  "data": [ ... ],
  "pagination": {
    "lastId": 143
  }
}

Most efficient for large datasets (uses index).

Versioning

URL Versioning (Recommended for REST)

/v1/users
/v2/users

Pros: Explicit, easy to route, cacheable Cons: URL pollution, can’t version individual endpoints

Header Versioning

GET /users
Accept: application/vnd.api+json; version=2

Pros: Clean URLs, per-request versioning Cons: Hidden, harder to test, caching complexity

Query Parameter

GET /users?version=2

Pros: Explicit, easy to test Cons: Pollutes query string, caching issues

Versioning Strategy

Avoid breaking changes - Add fields, don’t remove or rename
Deprecation period - Warn before removing (6-12 months)
Version when necessary - Not every release needs a version bump

# Non-breaking (no version needed)
- Adding new optional field
- Adding new endpoint
- Adding new optional query param

# Breaking (needs version)
- Removing field
- Renaming field
- Changing field type
- Changing error format
- Removing endpoint

Authentication

API Key (Simple)

GET /api/users
Authorization: Bearer api_key_abc123

# Or header
X-API-Key: api_key_abc123

Use for: Server-to-server, simple integrations Don’t use for: User authentication, browser apps

JWT (Token-based)

POST /auth/login
{ "email": "...", "password": "..." }

Response:
{
  "accessToken": "eyJ...",
  "refreshToken": "...",
  "expiresIn": 3600
}

# Subsequent requests
GET /api/users
Authorization: Bearer eyJ...

Token refresh:

POST /auth/refresh
{ "refreshToken": "..." }

Response:
{
  "accessToken": "eyJ...(new)...",
  "expiresIn": 3600
}

OAuth 2.0 (Third-party)

For “Login with Google” etc. See OAuth 2.0 spec for flows.

Rate Limiting

Response Headers

HTTP/1.1 200 OK
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 95
X-RateLimit-Reset: 1640000000

Rate Limited Response

HTTP/1.1 429 Too Many Requests
Retry-After: 60

{
  "error": {
    "code": "RATE_LIMITED",
    "message": "Rate limit exceeded",
    "details": {
      "limit": 100,
      "window": "1 minute",
      "retryAfter": 60
    }
  }
}

Rate Limit Strategies

Strategy	Description
Fixed window	X requests per minute/hour
Sliding window	X requests in rolling window
Token bucket	Burst allowed, refills over time

GraphQL Patterns

Schema Design

type User {
  id: ID!
  email: String!
  name: String!
  orders(first: Int, after: String): OrderConnection!
}

type Order {
  id: ID!
  total: Money!
  status: OrderStatus!
  items: [OrderItem!]!
}

type OrderConnection {
  edges: [OrderEdge!]!
  pageInfo: PageInfo!
}

type OrderEdge {
  node: Order!
  cursor: String!
}

type PageInfo {
  hasNextPage: Boolean!
  endCursor: String
}

Query Patterns

# Good: Specific fields
query GetUserOrders($userId: ID!) {
  user(id: $userId) {
    name
    orders(first: 10) {
      edges {
        node {
          id
          total
        }
      }
    }
  }
}

# Bad: Over-fetching
query GetEverything($userId: ID!) {
  user(id: $userId) {
    ...AllUserFields
    orders {
      ...AllOrderFields
      items {
        ...AllItemFields
      }
    }
  }
}

Mutation Patterns

type Mutation {
  createOrder(input: CreateOrderInput!): CreateOrderPayload!
  updateOrder(input: UpdateOrderInput!): UpdateOrderPayload!
  deleteOrder(id: ID!): DeleteOrderPayload!
}

input CreateOrderInput {
  userId: ID!
  items: [OrderItemInput!]!
}

type CreateOrderPayload {
  order: Order
  errors: [UserError!]!
}

type UserError {
  field: String
  message: String!
}

Pattern: Return both success data AND errors in payload.

GraphQL Pitfalls

Common issues to avoid:

N+1 queries - Use DataLoader for batching
Over-fetching in resolvers - Fetch only requested fields
Schema complexity - Start simple, evolve carefully
Missing error handling - Return errors in payload, not HTTP errors

GraphQL Security

Query depth limiting - Without limits, nested queries ({ user { friends { friends { ... } } } }) exhaust the server. Set max depth (typically 7-10 levels).
Query complexity/cost analysis - Assign cost to fields and reject queries exceeding a budget. Prevents expensive queries even within depth limits.
Disable introspection in production - Introspection exposes every type, field, and relation. Enable only in development.
Batching limits - GraphQL allows multiple operations per request. Without limits, an attacker sends thousands of mutations in one HTTP call, bypassing per-request rate limiting.
Field-level authorization - In REST you protect endpoints; in GraphQL you must protect individual fields and nested resolvers. Authorization middleware must run per-field, not just per-query.

Future consideration: For comprehensive GraphQL guidance (subscriptions, federation, caching, tooling), see /pb-patterns-graphql when available.

Documentation

OpenAPI (REST)

openapi: 3.0.0
info:
  title: User API
  version: 1.0.0

paths:
  /users:
    get:
      summary: List users
      parameters:
        - name: page
          in: query
          schema:
            type: integer
            default: 1
      responses:
        '200':
          description: Success
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/UserList'

components:
  schemas:
    User:
      type: object
      properties:
        id:
          type: string
        email:
          type: string
          format: email
        name:
          type: string
      required:
        - id
        - email

Documentation Checklist

All endpoints documented
Request/response examples for each endpoint
Error responses documented
Authentication explained
Rate limits documented
Changelog maintained

API Design Checklist

Before Building

Who are the consumers? (Frontend, mobile, third-party)
What style fits? (REST, GraphQL, gRPC)
What’s the versioning strategy?
What’s the authentication method?
What are the rate limits?

During Design

Resource names are nouns, plural
HTTP methods used correctly
Status codes are appropriate
Error format is consistent
Pagination strategy chosen
Fields are named consistently (camelCase or snake_case, pick one)
Response shapes are explicit (not serialized data models)
No internal/backend-only attributes in responses (workflow states, embeddings, processing flags)
List endpoints return lean summaries; detail endpoints return full data
Large text fields excluded from collection responses

Before Release

Documentation complete
Examples for all endpoints
Error codes documented
Rate limits communicated
Breaking changes identified

/pb-patterns-frontend - Frontend data fetching patterns (client-side API consumption)
/pb-security - API security patterns
/pb-patterns-resilience - Resilience patterns (Circuit Breaker, Retry, Rate Limiting)
/pb-patterns-async - Async API patterns
/pb-testing - API contract testing

Design Rules Applied

Rule	Application
Clarity	Consistent naming, predictable behavior, response shapes communicate intent
Least Surprise	Standard HTTP methods and status codes
Simplicity	REST for simple needs, complexity only when justified
Separation	API contract decoupled from data layer; explicit DTOs over model serialization
Extensibility	Add fields without breaking, versioning strategy
Robustness	Clear error handling, rate limiting

Last Updated: 2026-02-03 Version: 1.1

Asynchronous Patterns

Non-blocking execution patterns for concurrent operations. Essential for scalable systems.

Trade-offs exist: Async patterns add complexity. Use /pb-preamble thinking (challenge assumptions) and /pb-design-rules thinking (especially Simplicity-do you need this complexity?).

Question whether async is necessary. Challenge the complexity cost. Understand the actual constraints before choosing.

Resource Hint: sonnet - Async pattern reference; implementation-level concurrency decisions.

Purpose

Async patterns:

Improve responsiveness - Non-blocking operations don’t freeze the application
Scale concurrency - Handle thousands of operations with few threads
Prevent deadlocks - Avoid blocking on I/O, allowing other work to proceed
Enable parallelism - Leverage multi-core processors effectively
Improve user experience - Applications stay responsive under load

When to Use Async

Use async when:

I/O operations (network, database, file system)
Operations take unpredictable time
System needs to handle many concurrent requests
Want to avoid blocking the event loop / main thread

Don’t use async when:

Operation completes instantly
System is single-threaded and simple
Complexity outweighs benefits
CPU-bound work (use parallel processing instead)

Callback Pattern

Problem: Need to execute code after an async operation completes.

Solution: Pass a function to be called when done.

JavaScript Example:

function fetchUser(userId, callback) {
  fetch(`/api/users/${userId}`)
    .then(response => response.json())
    .then(user => callback(null, user))
    .catch(error => callback(error));
}

// Usage
fetchUser(123, (error, user) => {
  if (error) {
    console.error('Failed to fetch user:', error);
  } else {
    console.log('User:', user);
  }
});

Python: Use threading.Thread with callback function, or prefer asyncio for modern async.

Callback Hell (Anti-pattern):

// [NO] Nested callbacks - hard to read and maintain
fetchUser(123, (error, user) => {
  if (error) {
    handleError(error);
  } else {
    fetchOrders(user.id, (error, orders) => {
      if (error) {
        handleError(error);
      } else {
        fetchPayments(orders[0].id, (error, payments) => {
          if (error) {
            handleError(error);
          } else {
            console.log('All data:', user, orders, payments);
          }
        });
      }
    });
  }
});

// [YES] Better: Use Promises or async/await instead

Pros:

Simple concept
No special syntax needed
Works in all JavaScript environments

Cons:

Error handling repetitive
Callback hell (deeply nested)
Hard to sequence operations
Hard to parallelize operations

When to use:

Simple one-off async operations
Event handlers
Generally avoid in favor of Promises/async-await

Promise Pattern

Problem: Callbacks get messy with multiple async operations.

Solution: Promise object represents future value, can be chained.

JavaScript Example:

function fetchUser(userId) {
  return fetch(`/api/users/${userId}`)
    .then(response => response.json());
}

// Chain operations
fetchUser(123)
  .then(user => {
    console.log('User:', user);
    return fetchOrders(user.id);  // Chain next promise
  })
  .then(orders => {
    console.log('Orders:', orders);
    return fetchPayments(orders[0].id);  // Chain next promise
  })
  .then(payments => {
    console.log('Payments:', payments);
  })
  .catch(error => {
    // Single error handler for all
    console.error('Failed:', error);
  });

Parallel Operations with Promise.all:

// Run multiple operations in parallel
Promise.all([
  fetchUser(123),
  fetchOrders(123),
  fetchPayments(123)
])
  .then(([user, orders, payments]) => {
    console.log('All data:', user, orders, payments);
  })
  .catch(error => {
    console.error('One of the operations failed:', error);
  });

Promise.race (first to complete):

// Use whichever completes first
const fast = Promise.race([
  fetchFromServer1(),
  fetchFromServer2(),
  fetchFromServer3()
]);

Gotchas:

1. "Unhandled rejection"
   Bad: Promise error not caught, silent failure
   Good: Always add .catch() or use async/await with try/catch

2. "Swallowed errors"
   Bad: Returning promise in .then() but not awaiting
   Good: Ensure error flows through chain

3. "Parallel instead of sequential"
   Bad: .then(op1).then(op2) if op2 doesn't need op1 result
   Good: Use Promise.all() for independent operations

Pros:

Cleaner than callbacks
Easy to chain operations
Easy to parallelize with Promise.all()
Standardized error handling

Cons:

Still somewhat verbose
Easy to get wrong (unhandled rejections)
Hard to debug (.then() chains)

When to use:

Multiple async operations to sequence
Parallel operations with Promise.all()
Legacy code (before async/await available)

Async/Await Pattern

Problem: Promises still verbose and hard to read. Want synchronous-looking code.

Solution: async/await keywords make promises look like synchronous code.

JavaScript Example:

async function processOrder(orderId) {
  try {
    // Fetch data sequentially
    const order = await fetchOrder(orderId);
    const customer = await fetchCustomer(order.customerId);
    const payment = await processPayment(order.total);

    console.log('Order:', order);
    console.log('Customer:', customer);
    console.log('Payment:', payment);

    return { order, customer, payment };
  } catch (error) {
    console.error('Failed to process order:', error);
    throw error;
  }
}

// Usage
processOrder(123).then(result => {
  console.log('Success:', result);
});

Python: Use asyncio with async def / await syntax. Run with asyncio.run(coro()).

Parallel Operations with async/await:

async function processOrder(orderId) {
  try {
    const order = await fetchOrder(orderId);

    // Run in parallel (not sequential)
    const [customer, payment] = await Promise.all([
      fetchCustomer(order.customerId),
      processPayment(order.total)
    ]);

    return { order, customer, payment };
  } catch (error) {
    console.error('Failed:', error);
    throw error;
  }
}

Python Parallel: Use asyncio.gather(coro1(), coro2()) for concurrent execution.

Gotchas:

1. "Sequential instead of parallel"
   Bad: result = await op1(); await op2(); (2 seconds if each 1 second)
   Good: result = await Promise.all([op1(), op2()]); (1 second)

2. "Forgetting async"
   Bad: function processOrder() { ... await fetchOrder(...) }
   Good: async function processOrder() { ... await fetchOrder(...) }

3. "No timeout"
   Bad: await operation() // hangs forever if operation hangs
   Good: await Promise.race([operation(), timeout(5000)])

Pros:

Reads like synchronous code
Easy to understand flow
Standard try/catch error handling
Easy to parallelize with Promise.all()

Cons:

Can accidentally serialize operations (using await sequentially)
No built-in timeout mechanism
Can hide performance issues

When to use:

Most modern async code
Cleaner than callbacks/promises
When code structure matches sequential thinking

Reactive/Observable Pattern

Problem: Complex event streams (multiple events, transformations, filtering).

Solution: Treat events as streams, apply functional transformations.

JavaScript/RxJS Example:

import { from, interval } from 'rxjs';
import { map, filter, take } from 'rxjs/operators';

// Stream of events
const numbers = interval(1000);  // Emit 0, 1, 2, 3... every second

numbers
  .pipe(
    take(5),              // Only first 5
    filter(n => n % 2 === 0),  // Only even
    map(n => n * 2)       // Multiply by 2
  )
  .subscribe(
    value => console.log('Value:', value),      // Next
    error => console.error('Error:', error),    // Error
    () => console.log('Complete')               // Complete
  );

// Output:
// Value: 0
// Value: 4
// Value: 8
// Complete

Real-World Example: User Input Stream

import { fromEvent } from 'rxjs';
import { debounceTime, map, distinctUntilChanged } from 'rxjs/operators';

// Convert input element to stream
const searchInput = document.getElementById('search');
const searchStream = fromEvent(searchInput, 'input');

searchStream
  .pipe(
    map(event => event.target.value),           // Extract value
    debounceTime(300),                          // Wait 300ms after last char
    distinctUntilChanged(),                     // Only if value changed
    map(query => fetchSearchResults(query))     // Fetch results
  )
  .subscribe(
    results => displayResults(results),
    error => console.error('Search failed:', error)
  );

Python: Use aiostream library for reactive streams, or async for with async generators.

Pros:

Powerful for complex event flows
Functional transformations (map, filter, etc.)
Built-in operators (debounce, throttle, etc.)
Handles backpressure automatically

Cons:

Steep learning curve
Can be overkill for simple cases
Error handling can be tricky
Debugging observable chains difficult

When to use:

Complex event streams (user input, WebSocket messages)
Multiple transformations needed
Backpressure handling needed
Avoid for simple fetch operations

Worker Threads / Processes

Problem: CPU-bound work blocks event loop / main thread.

Solution: Offload work to separate thread or process.

JavaScript Worker Thread Example:

// main.js
const { Worker } = require('worker_threads');

const worker = new Worker('./worker.js');

// Send data to worker
worker.postMessage({ data: [1, 2, 3, 4, 5] });

// Receive result from worker
worker.on('message', result => {
  console.log('Worker result:', result);
});

worker.on('error', error => {
  console.error('Worker error:', error);
});

// worker.js (runs in separate thread)
const { parentPort } = require('worker_threads');

parentPort.on('message', (message) => {
  // CPU-intensive work in background
  const result = message.data.map(x => x * x);
  parentPort.postMessage(result);
});

Python Multiprocessing Example:

from multiprocessing import Pool
import math

def cpu_intensive(n):
    """CPU-intensive calculation."""
    return sum(1 for i in range(n) if i % 2 == 0)

# Use multiple processes
with Pool(4) as pool:
    results = pool.map(cpu_intensive, [1000000, 2000000, 3000000])
    print(f"Results: {results}")

# Or use concurrent.futures
from concurrent.futures import ProcessPoolExecutor

with ProcessPoolExecutor(max_workers=4) as executor:
    futures = [
        executor.submit(cpu_intensive, 1000000),
        executor.submit(cpu_intensive, 2000000),
        executor.submit(cpu_intensive, 3000000)
    ]
    results = [f.result() for f in futures]
    print(f"Results: {results}")

Pros:

Parallel execution on multiple cores
Event loop doesn’t block
True parallelism (not just concurrency)

Cons:

Communication overhead (passing data)
Can’t share memory directly
More resource intensive

When to use:

CPU-intensive work (calculations, image processing)
Long-running tasks
Not for I/O operations (use async instead)

Job Queue Pattern

Problem: Many tasks, can’t process all simultaneously. Need background processing.

Solution: Queue tasks, process with limited workers.

JavaScript Example (using Bull queue with Redis):

const Queue = require('bull');

// Create queue
const emailQueue = new Queue('emails', {
  redis: { host: 'localhost', port: 6379 }
});

// Add jobs to queue
async function sendEmail(to, subject, body) {
  const job = await emailQueue.add(
    { to, subject, body },
    { attempts: 3, backoff: { type: 'exponential', delay: 2000 } }
  );
  return job.id;
}

// Process jobs (limited concurrency)
emailQueue.process(5, async (job) => {
  const { to, subject, body } = job.data;

  try {
    await sendEmailViaProvider(to, subject, body);
    return { success: true };
  } catch (error) {
    throw error;  // Retry automatically
  }
});

// Track progress
emailQueue.on('completed', (job) => {
  console.log(`Email ${job.id} sent successfully`);
});

emailQueue.on('failed', (job, error) => {
  console.error(`Email ${job.id} failed:`, error);
});

Python Example (using Celery with Redis):

from celery import Celery

# Configure Celery
app = Celery('tasks', broker='redis://localhost:6379/0')

@app.task(bind=True, max_retries=3)
def send_email(self, to, subject, body):
    """Send email asynchronously."""
    try:
        # Simulate sending email
        import time
        time.sleep(1)

        if not email_provider.send(to, subject, body):
            raise Exception("Email provider failed")

        return {"success": True}
    except Exception as e:
        # Retry with exponential backoff
        self.retry(exc=e, countdown=2 ** self.request.retries)

# Usage
from tasks import send_email

# Queue task
send_email.delay('user@example.com', 'Welcome', 'Welcome to our app!')

# Or schedule for later
send_email.apply_async(
    args=('user@example.com', 'Welcome', 'Welcome to our app!'),
    countdown=60  # Execute after 60 seconds
)

Pros:

Handles burst loads (queue absorbs spikes)
Automatic retries
Can scale workers independently
Decouples producer from consumer

Cons:

Requires external service (Redis, RabbitMQ)
More operational complexity
Eventual consistency (task might not execute immediately)

When to use:

Background tasks (emails, notifications)
Rate limiting (only N tasks at a time)
Deferred processing (process later, not now)
Retryable operations

Pattern Interactions

How to combine async patterns:

Scenario: Fetch user, their orders (parallel), then process each order

async function processUserOrders(userId) {
  try {
    // 1. Fetch user
    const user = await fetchUser(userId);

    // 2. Fetch orders in parallel
    const orders = await fetchOrders(userId);

    // 3. Process each order asynchronously (limited concurrency)
    const results = await Promise.all(
      orders.map(order => processOrderWithQueue(order))
    );

    return { user, orders: results };
  } catch (error) {
    console.error('Failed:', error);
    throw error;
  }
}

Scenario: Real-time search with debounce and cancellation

let currentAbortController;

async function searchWithDebounce(query) {
  // Cancel previous request
  if (currentAbortController) {
    currentAbortController.abort();
  }

  currentAbortController = new AbortController();

  try {
    const response = await fetch(`/api/search?q=${query}`, {
      signal: currentAbortController.signal
    });

    const results = await response.json();
    displayResults(results);
  } catch (error) {
    if (error.name !== 'AbortError') {
      console.error('Search failed:', error);
    }
  }
}

// Debounce input
let timeout;
searchInput.addEventListener('input', (e) => {
  clearTimeout(timeout);
  timeout = setTimeout(() => {
    searchWithDebounce(e.target.value);
  }, 300);
});

Antipatterns

Mixing async and sync (confusing code):

// [NO] Bad: async function called without await
function processUser(userId) {
  const user = fetchUser(userId);  // Missing await!
  console.log(user);  // Promise, not user object
}

// [YES] Good: Properly await
async function processUser(userId) {
  const user = await fetchUser(userId);
  console.log(user);  // User object
}

Swallowing errors:

// [NO] Bad: Error not caught
fetchUser(userId).then(user => {
  console.log(user);
});  // If fetchUser fails, error is uncaught

// [YES] Good: Error handled
fetchUser(userId)
  .then(user => console.log(user))
  .catch(error => console.error('Failed:', error));

// Or with async/await
try {
  const user = await fetchUser(userId);
  console.log(user);
} catch (error) {
  console.error('Failed:', error);
}

Creating promise per iteration:

// [NO] Bad: Creates promise for each item (slow)
for (const userId of userIds) {
  await fetchUser(userId);  // Sequential, not parallel
}

// [YES] Good: Parallel execution
await Promise.all(
  userIds.map(userId => fetchUser(userId))
);

Go Concurrency

Go uses goroutines and channels for concurrency. Key patterns:

Use go func() for concurrent operations
Use channels for communication between goroutines
Use context.Context for cancellation and timeouts
Use sync.WaitGroup to wait for multiple goroutines
Use errgroup for error handling in concurrent operations

Integration with Playbook

Related to async patterns:

/pb-performance - Async for scalability
/pb-guide - Testing async code and Go goroutine patterns
/pb-testing - Async test patterns
/pb-patterns-core - Core architectural patterns
/pb-patterns-db - Database async operations

Decision points:

When to use callbacks vs promises (JavaScript) vs goroutines (Go)
When to introduce job queues or worker pools
How to handle backpressure
Error handling in async flows
Context usage for timeouts and cancellation

/pb-patterns-core - Foundation patterns (SOA, Event-Driven, Repository)
/pb-patterns-resilience - Resilience patterns (Retry, Circuit Breaker, Cache-Aside)
/pb-patterns-distributed - Distributed patterns that build on async
/pb-observability - Monitor and trace async operations

Created: 2026-01-11 | Category: Architecture | Tier: L Updated: 2026-01-11 | Added Go examples

Database Patterns

Patterns for efficient, scalable database operations.

Caveat: Database patterns solve specific problems. Use /pb-preamble thinking (question assumptions) and /pb-design-rules thinking (especially Simplicity and Transparency-can you keep it simple and observable?).

Challenge the assumption that the database is the bottleneck. Question whether you need this complexity. Measure before optimizing.

Resource Hint: sonnet - Database pattern reference; implementation-level data layer decisions.

Purpose

Database patterns:

Maximize throughput - More requests per second
Minimize latency - Faster response times
Ensure consistency - Data integrity
Enable scalability - Handle growth without redesign
Prevent failures - Graceful degradation

When to Use Database Patterns

Use database patterns when:

Database is performance bottleneck
System scales beyond single database
Need high availability or disaster recovery
Consistency requirements are critical

Don’t use when:

Database is not bottleneck
System is small (single database sufficient)
Complexity outweighs benefits

Connection Pooling

Problem: Creating new database connection for each request is slow. Connections are expensive.

Solution: Reuse connections. Pool holds ready-to-use connections.

How it works:

Without pooling:
  Request 1 → Create connection → Query → Close → Response (slow)
  Request 2 → Create connection → Query → Close → Response (slow)

With pooling:
  Pool: [Connection 1] [Connection 2] [Connection 3]

  Request 1 → Borrow Connection 1 → Query → Return Connection 1
  Request 2 → Borrow Connection 2 → Query → Return Connection 2
  Request 3 → Borrow Connection 3 → Query → Return Connection 3
  Request 4 → Wait for Connection 1 to be free → Borrow → Query → Return

Python Example (using psycopg2 with built-in pooling):

from psycopg2 import pool
import psycopg2

# Create connection pool
import os

connection_pool = pool.SimpleConnectionPool(
    minconn=5,      # Minimum 5 connections kept
    maxconn=20,     # Maximum 20 connections
    user=os.environ.get("DB_USER", "postgres"),
    password=os.environ.get("DB_PASSWORD"),
    host=os.environ.get("DB_HOST", "localhost"),
    database=os.environ.get("DB_NAME", "myapp")
)

def get_user(user_id):
    # Borrow connection from pool
    conn = connection_pool.getconn()

    try:
        cursor = conn.cursor()
        cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
        user = cursor.fetchone()
        conn.commit()
        return user
    finally:
        # Return connection to pool (important!)
        connection_pool.putconn(conn)

JavaScript: Use pg.Pool with max, idleTimeoutMillis configuration. Always client.release() in finally block.

Gotchas:

1. "Connection leak"
   Bad: Borrow connection but never return it
   Good: Always use try/finally to return connection

2. "Pool exhaustion"
   Bad: All connections in use, new requests blocked
   Good: Monitor pool usage, increase max connections if needed

3. "Timeout on borrow"
   Bad: Application waits forever for available connection
   Good: Set timeout, fail fast if no connection available

Configuration Tips:

min_connections: Start with (CPU cores * 2) + extra for spikes
max_connections: Set based on database max connections
idle_timeout: 30 seconds (PostgreSQL default)
Monitor: Pool usage, connection creation rate, slow queries

Pros:

Huge performance improvement (10-100x faster than creating connections)
Simple to implement (most libraries have built-in)
Automatic connection reuse

Cons:

Requires tuning (finding right pool size)
Easy to leak connections
Resource overhead (idle connections consume memory)

Query Optimization

Problem: N+1 Query Problem

Problem: Fetching objects and then related objects one at a time.

Find user (1 query)
Find user's orders (N queries, one per user)
Total: 1 + N queries (bad!)

Solution: Fetch related data in single query (JOIN) or batch.

Bad Example:

# [NO] N+1 queries
users = db.query("SELECT * FROM users")
for user in users:
    orders = db.query("SELECT * FROM orders WHERE user_id = ?", user.id)
    user.orders = orders
    # Result: 1 query for users + N queries for orders = N+1 total

Good Solution 1: JOIN Query

# [YES] 1 query using JOIN
query = """
SELECT users.*, orders.* FROM users
LEFT JOIN orders ON orders.user_id = users.id
"""
results = db.query(query)

# Group results
users_dict = {}
for row in results:
    user_id = row['user_id']
    if user_id not in users_dict:
        users_dict[user_id] = {'id': row['user_id'], 'orders': []}
    users_dict[user_id]['orders'].append({'id': row['order_id']})

users = list(users_dict.values())

Good Solution 2: Batch Query

# [YES] 2 queries: one for users, one for all orders
users = db.query("SELECT * FROM users")
user_ids = [u.id for u in users]

orders = db.query(
    "SELECT * FROM orders WHERE user_id IN (?)",
    [user_ids]  # Batch all IDs in one query
)

# Group orders by user
orders_by_user = {}
for order in orders:
    if order.user_id not in orders_by_user:
        orders_by_user[order.user_id] = []
    orders_by_user[order.user_id].append(order)

# Attach to users
for user in users:
    user.orders = orders_by_user.get(user.id, [])

Good Solution 3: ORM With Eager Loading

# [YES] 1 query (ORM handles JOIN)
from sqlalchemy.orm import joinedload

users = db.query(User).options(joinedload(User.orders)).all()
# ORM automatically fetches orders with users

Problem: Missing Indexes

Problem: Queries scan entire table (slow).

Solution: Create indexes on frequently queried columns.

Example:

-- [NO] Without index: Full table scan (1,000,000 rows scanned)
SELECT * FROM orders WHERE customer_id = 123;

-- [YES] With index: Direct lookup (10 rows scanned)
CREATE INDEX idx_orders_customer_id ON orders(customer_id);
SELECT * FROM orders WHERE customer_id = 123;

Index Checklist:

☐ WHERE clause columns - indexed?
☐ JOIN columns - indexed?
☐ ORDER BY columns - indexed?
☐ Too many indexes? (slows down writes)
☐ Unused indexes? (delete them)

Query Analysis:

# Use EXPLAIN to see execution plan
import psycopg2

conn = psycopg2.connect(...)
cursor = conn.cursor()

# Show execution plan
cursor.execute("EXPLAIN ANALYZE SELECT * FROM orders WHERE customer_id = 123")
plan = cursor.fetchall()
for row in plan:
    print(row)

# Look for: "Seq Scan" (bad, no index) vs "Index Scan" (good)

Gotchas:

1. "Over-indexing"
   Bad: Index on every column
   Good: Index only on columns used in WHERE/JOIN/ORDER BY

2. "Composite index wrong order"
   Bad: CREATE INDEX (city, name) but query only by name
   Good: Index order matches query patterns

3. "Index fragmentation"
   Bad: Index becomes fragmented over time
   Good: Rebuild indexes periodically (REINDEX)

Database Replication

Problem: Single database is single point of failure. High load on single instance.

Solution: Copy data to replicas. Route reads to replicas, writes to primary.

How it works:

Primary Database:
  - Receives writes
  - Logs all changes
  - Sends log to replicas

Replica 1 (Read-only):
  - Receives log from primary
  - Applies changes
  - Serves read queries

Replica 2 (Read-only):
  - Receives log from primary
  - Applies changes
  - Serves read queries

Architecture:

Writes → [Primary Database] → Replication Log
                                ↓
                        [Replica 1] (reads)
                        [Replica 2] (reads)
                        [Replica 3] (reads)

Application:
  - Write queries → Primary
  - Read queries → Replica (round-robin or least-connections)

Implementation:

from psycopg2 import pool

import os

# Connection to primary (for writes)
primary_pool = pool.SimpleConnectionPool(
    minconn=5, maxconn=10,
    host=os.environ.get("DB_PRIMARY_HOST", "primary.db.example.com"),
    database=os.environ.get("DB_NAME", "myapp"),
    user=os.environ.get("DB_USER", "postgres"),
    password=os.environ.get("DB_PASSWORD")
)

# Connection to replicas (for reads)
replica_hosts = [
    os.environ.get("DB_REPLICA_1", "replica1.db.example.com"),
    os.environ.get("DB_REPLICA_2", "replica2.db.example.com"),
]

replica_pools = [
    pool.SimpleConnectionPool(
        minconn=5, maxconn=10,
        host=host,
        database=os.environ.get("DB_NAME", "myapp"),
        user=os.environ.get("DB_USER", "postgres"),
        password=os.environ.get("DB_PASSWORD")
    )
    for host in replica_hosts
]

def get_write_connection():
    """Get connection to primary for writes."""
    return primary_pool.getconn()

def get_read_connection():
    """Get connection to replica for reads (round-robin)."""
    import random
    replica_pool = random.choice(replica_pools)
    return replica_pool.getconn()

# Usage
async def get_user(user_id):
    # Read from replica
    conn = get_read_connection()
    try:
        cursor = conn.cursor()
        cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
        return cursor.fetchone()
    finally:
        conn.close()

async def update_user(user_id, name):
    # Write to primary
    conn = get_write_connection()
    try:
        cursor = conn.cursor()
        cursor.execute(
            "UPDATE users SET name = %s WHERE id = %s",
            (name, user_id)
        )
        conn.commit()
    finally:
        conn.close()

Gotchas:

1. "Replication lag"
   Problem: Write to primary, read from replica immediately sees old data
   Solution: Read from primary after write, or wait for replica to catch up

2. "Replica failure"
   Problem: Replica goes down, application still tries to read from it
   Solution: Health check, route around failed replica

3. "Data inconsistency"
   Problem: Replica is behind primary
   Solution: Accept eventual consistency, or read from primary

Pros:

Scale reads (many replicas)
High availability (replicas become primary if primary fails)
Analytics (dedicated replica for reporting)

Cons:

Eventual consistency (replicas behind)
Operational complexity (more servers to manage)
Replication lag issues

Database Sharding

Problem: Database too large for single server. Need to scale writes.

Solution: Split data across multiple databases based on shard key.

How it works:

Sharding by customer_id:

Shard 1 (customers 1-1000):
  [Orders for customer 1-1000]
  [Payments for customer 1-1000]

Shard 2 (customers 1001-2000):
  [Orders for customer 1001-2000]
  [Payments for customer 1001-2000]

Application:
  shard_id = customer_id % num_shards  (or hash(customer_id))
  Connect to shard_id database
  Execute query

Implementation:

def get_shard_id(customer_id, num_shards=4):
    """Determine which shard this customer belongs to."""
    return customer_id % num_shards

def get_shard_connection(customer_id):
    """Get connection to appropriate shard."""
    import os
    shard_id = get_shard_id(customer_id)
    hosts = [
        os.environ.get("DB_SHARD_0", "shard0.db.example.com"),
        os.environ.get("DB_SHARD_1", "shard1.db.example.com"),
        os.environ.get("DB_SHARD_2", "shard2.db.example.com"),
        os.environ.get("DB_SHARD_3", "shard3.db.example.com"),
    ]
    shard_host = hosts[shard_id]
    return psycopg2.connect(
        host=shard_host,
        database=os.environ.get("DB_NAME", "myapp"),
        user=os.environ.get("DB_USER", "postgres"),
        password=os.environ.get("DB_PASSWORD")
    )

async def get_customer_orders(customer_id):
    """Get orders for customer from correct shard."""
    conn = get_shard_connection(customer_id)
    try:
        cursor = conn.cursor()
        cursor.execute(
            "SELECT * FROM orders WHERE customer_id = %s",
            (customer_id,)
        )
        return cursor.fetchall()
    finally:
        conn.close()

Choosing Shard Key:

Good: customer_id, user_id, company_id (queries naturally by this key)
Bad: order_id (hard to query across shards later)
Bad: timestamp (uneven distribution, hot shards)

Gotchas:

1. "Queries across shards"
   Problem: Need data from multiple shards
   Solution: Scatter-gather (query all shards, merge results)

2. "Resharding"
   Problem: Need to add more shards as system grows
   Solution: Planned, use consistent hashing, plan ahead

3. "Hot shards"
   Problem: Some shards get more traffic than others
   Solution: Better shard key choice, or pre-split shards

4. "Distributed transactions"
   Problem: Transaction spans multiple shards
   Solution: Avoid if possible, use eventual consistency

Pros:

Scale writes (each shard handles portion)
Scale storage (data distributed)
Performance (smaller databases faster)

Cons:

Complex queries (might span shards)
Resharding painful (moving data)
Distributed transactions difficult

Transaction Management

Problem: Multiple operations need to succeed or fail together.

Solution: Use transactions. All-or-nothing.

Python Example:

def transfer_money(from_account_id, to_account_id, amount):
    """Transfer money from one account to another."""
    conn = db.connect()

    try:
        # Start transaction
        cursor = conn.cursor()

        # Deduct from source account
        cursor.execute(
            "UPDATE accounts SET balance = balance - %s WHERE id = %s",
            (amount, from_account_id)
        )

        # Check balance is not negative
        cursor.execute("SELECT balance FROM accounts WHERE id = %s", (from_account_id,))
        balance = cursor.fetchone()[0]
        if balance < 0:
            raise ValueError("Insufficient funds")

        # Add to destination account
        cursor.execute(
            "UPDATE accounts SET balance = balance + %s WHERE id = %s",
            (amount, to_account_id)
        )

        # Commit all changes together
        conn.commit()
        return {"success": True}

    except Exception as e:
        # Rollback on any error
        conn.rollback()
        return {"success": False, "error": str(e)}

    finally:
        conn.close()

Isolation Levels:

READ UNCOMMITTED:
  Can read uncommitted changes (dirty reads) - avoid

READ COMMITTED (Default):
  Can't read uncommitted changes
  But can see committed changes during transaction (non-repeatable reads)

REPEATABLE READ:
  Snapshot of data at transaction start
  Consistent view throughout transaction

SERIALIZABLE:
  Complete isolation (as if transactions run one at a time)
  Slowest, but safest

PostgreSQL Example:

cursor.execute("SET TRANSACTION ISOLATION LEVEL REPEATABLE READ")
# Now all queries in this transaction see consistent data snapshot

Gotchas:

1. "Long transactions"
   Bad: Transaction holds locks for too long
   Good: Keep transactions short, minimize work in transaction

2. "Deadlocks"
   Bad: Transaction A waits for Transaction B, B waits for A
   Good: Always acquire locks in same order

3. "Lost updates"
   Bad: Transaction 1 reads value, Transaction 2 updates it, Transaction 1 overwrites
   Good: Use SELECT FOR UPDATE to lock row during transaction

Batch Operations

Problem: Inserting/updating many rows one at a time is slow.

Solution: Batch multiple operations in single call.

Bad (Slow):

# [NO] N individual queries (slow)
for user in users:
    cursor.execute(
        "INSERT INTO users (name, email) VALUES (%s, %s)",
        (user.name, user.email)
    )
    conn.commit()

Good (Fast):

# [YES] 1 batch query (fast)
cursor.executemany(
    "INSERT INTO users (name, email) VALUES (%s, %s)",
    [(user.name, user.email) for user in users]
)
conn.commit()

Multi-Row Insert (Fastest):

# [YES] Super fast - single SQL statement
query = """
INSERT INTO users (name, email) VALUES
(%s, %s),
(%s, %s),
(%s, %s),
...
"""
values = []
for user in users:
    values.extend([user.name, user.email])

cursor.execute(query, values)
conn.commit()

Performance Comparison:

Individual inserts: 1000 rows → 10 seconds
Batch inserts (50 rows per batch): 1000 rows → 200ms
Multi-row insert: 1000 rows → 50ms

Caching Strategies

Write-Through Cache

How it works:

Write:
  1. Write to cache
  2. Write to database (synchronously)
  3. Return to client

Read:
  1. Check cache
  2. If miss, query database
  3. Store in cache
  4. Return to client

Pros:

Data always consistent (cache = database)
Simple to reason about

Cons:

Every write hits database (slower)

Write-Behind Cache

How it works:

Write:
  1. Write to cache only
  2. Return to client immediately
  3. Asynchronously flush to database (background)

Read:
  1. Check cache
  2. If miss, query database
  3. Store in cache
  4. Return to client

Pros:

Very fast writes (cache only)
Database load spread out

Cons:

Data inconsistency if cache crashes before flush
Complex implementation

Denormalization & Materialized Views

Problem: Normalized database is slow for reads. Too many JOINs, too slow.

Scenario:

Normalized schema:
  Users table
  Orders table
  Order_Items table
  Products table

Query: Get user with all order details
  SELECT users.*, orders.*, order_items.*, products.*
  FROM users
  JOIN orders ON users.id = orders.user_id
  JOIN order_items ON orders.id = order_items.order_id
  JOIN products ON order_items.product_id = products.id
  (4 table JOINs = slow!)

Solution: Denormalize - store pre-computed results for fast reads.

Two Approaches:

1. Denormalized Table (Application-Managed)

Store copied data in a denormalized table. Application keeps it in sync.

Example:

-- Normalized: 4 JOINs to get order details
SELECT users.*, orders.*, order_items.*, products.*
FROM users
JOIN orders ...
JOIN order_items ...
JOIN products ...

-- Denormalized: 1 simple query
CREATE TABLE user_orders_denormalized (
  id BIGINT PRIMARY KEY,
  user_id INT,
  user_name VARCHAR(255),
  order_id INT,
  order_total DECIMAL(10, 2),
  order_created_at TIMESTAMP,
  item_name VARCHAR(255),
  item_quantity INT,
  item_price DECIMAL(10, 2),
  product_category VARCHAR(100)
);

-- Fast read: Single table query
SELECT * FROM user_orders_denormalized WHERE user_id = 123;

Keeping denormalized table in sync:

def create_order(user_id, items):
    """Create order and update denormalized table."""
    with db.transaction():
        # Insert into normalized tables
        order = insert_order(user_id, items)

        # Denormalize: Copy relevant data
        user = get_user(user_id)
        for item in items:
            product = get_product(item.product_id)

            db.execute(
                """INSERT INTO user_orders_denormalized
                   (user_id, user_name, order_id, order_total, item_name, item_quantity, item_price, product_category)
                   VALUES (%s, %s, %s, %s, %s, %s, %s, %s)""",
                user.id, user.name, order.id, order.total,
                product.name, item.quantity, item.price, product.category
            )

        return order

Pros:

Fast reads (no JOINs)
Simple queries
Flexible (store whatever denormalization needed)

Cons:

Data duplication (extra storage)
Consistency risks (keep in sync manually)
Complex updates (change in one place affects multiple tables)

2. Materialized Views (Database-Managed)

Database creates and maintains denormalized view.

SQL Example:

-- Create materialized view (pre-computed result)
CREATE MATERIALIZED VIEW user_orders_mv AS
SELECT
  users.id as user_id,
  users.name as user_name,
  orders.id as order_id,
  orders.total as order_total,
  orders.created_at as order_created_at,
  products.name as item_name,
  order_items.quantity as item_quantity,
  products.price as item_price,
  categories.name as product_category
FROM users
JOIN orders ON users.id = orders.user_id
JOIN order_items ON orders.id = order_items.order_id
JOIN products ON order_items.product_id = products.id
JOIN categories ON products.category_id = categories.id;

-- Create index on materialized view for fast lookups
CREATE INDEX idx_user_orders_mv_user_id ON user_orders_mv(user_id);

-- Fast read: Query materialized view
SELECT * FROM user_orders_mv WHERE user_id = 123;

-- Refresh materialized view (recompute)
REFRESH MATERIALIZED VIEW user_orders_mv;

PostgreSQL Incremental Refresh (Efficient):

-- Create materialized view with no data
CREATE MATERIALIZED VIEW user_orders_mv AS
SELECT ... FROM ...;

-- PostgreSQL extension for incremental refresh
CREATE OR REPLACE FUNCTION refresh_user_orders_mv()
RETURNS void AS
'SELECT count(*) FROM pg_matviews WHERE matviewname = ''user_orders_mv'''
LANGUAGE SQL;

-- Refresh only changed data (more efficient than full refresh)
REFRESH MATERIALIZED VIEW CONCURRENTLY user_orders_mv;

Refresh Strategies:

Full Refresh (Slow but Complete)

REFRESH MATERIALIZED VIEW user_orders_mv;
-- Recomputes entire view (might be slow for large datasets)

Scheduled Refresh (Periodic)

import schedule
import time

def refresh_materialized_views():
    """Refresh views every hour."""
    with db.connect() as conn:
        conn.execute("REFRESH MATERIALIZED VIEW user_orders_mv")
        conn.execute("REFRESH MATERIALIZED VIEW product_analytics_mv")
    print("Materialized views refreshed")

# Schedule every hour
schedule.every(1).hours.do(refresh_materialized_views)

while True:
    schedule.run_pending()
    time.sleep(60)

Event-Driven Refresh (Real-time)

def create_order(user_id, items):
    """Create order and refresh materialized view."""
    with db.transaction():
        # Create order
        order = insert_order(user_id, items)

        # Refresh only relevant materialized view
        db.execute("REFRESH MATERIALIZED VIEW user_orders_mv")

    return order

When to use:

Normalized queries have too many JOINs (>3)
Read performance critical (reporting, analytics)
Data doesn’t change frequently
Can tolerate slight inconsistency

Gotchas:

1. "Stale data"
   Bad: Materialized view not refreshed, shows old data
   Good: Schedule refreshes, or refresh on data change

2. "Storage bloat"
   Bad: Denormalized tables duplicate all data
   Good: Only denormalize frequently-read columns

3. "Consistency nightmare"
   Bad: Denormalized data out of sync with source
   Good: Automate refresh, use database triggers

4. "Complex updates"
   Bad: Update one table, must update denormalized copies
   Good: Use application transactions, or database constraints

Comparison:

Denormalized Table (Application-managed):
  Pros: Flexible, can store anything
  Cons: Must keep in sync manually, risk of inconsistency

Materialized View (Database-managed):
  Pros: Simpler, database maintains, can refresh incrementally
  Cons: Less flexible, refresh overhead

Pattern Interactions

Typical Production Database Setup:

Application
    ↓
[Connection Pool] (reuses connections)
    ↓
[Read/Write Router]
    ↓
Primary Database          Replica 1          Replica 2
(Write queries)          (Read queries)     (Read queries)
    ↓                         ↓                  ↓
(Optimized indexes)  (Replication lag 1-2 sec)
    ↓
[Application Cache]
(Redis, Memcached)
    ↓
[Batch Operations]
(reduce query count)

Antipatterns

Unoptimized Queries:

# [NO] No indexes, full table scans
SELECT * FROM orders WHERE customer_id = 123;

# [YES] With index
CREATE INDEX idx_orders_customer_id ON orders(customer_id);

Connection Leak:

# [NO] Connection never returned to pool
conn = get_connection()
result = conn.query("...")
# Forgot to close/return!

# [YES] Always return connection
try:
    conn = get_connection()
    result = conn.query("...")
finally:
    return_connection(conn)

Reading after write without waiting:

# [NO] Replication lag - might read old data from replica
write_to_primary(data)
read_from_replica(id)  # Might not see write yet!

# [YES] Read from primary after write
write_to_primary(data)
read_from_primary(id)  # Guaranteed to see write

Go Examples

Connection Pooling with database/sql:

// Go: Built-in connection pooling with database/sql
package main

import (
    "database/sql"
    "fmt"
    "os"
    "time"

    _ "github.com/lib/pq" // PostgreSQL driver
)

func main() {
    // database/sql automatically manages connection pooling
    db, err := sql.Open("postgres", os.Getenv("DATABASE_URL"))
    if err != nil {
        panic(err)
    }
    defer db.Close()

    // Configure connection pool
    db.SetMaxOpenConns(25)          // Max 25 open connections
    db.SetMaxIdleConns(5)            // Keep 5 idle connections
    db.SetConnMaxLifetime(5 * time.Minute) // Close connections after 5 min

    // Health check - verify connection pool is working
    if err := db.Ping(); err != nil {
        panic(err)
    }

    // Query with automatic connection pooling
    row := db.QueryRow("SELECT id, name FROM users WHERE id = $1", 123)
    var id int
    var name string
    if err := row.Scan(&id, &name); err != nil {
        fmt.Println("Query failed:", err)
        return
    }

    fmt.Printf("User %d: %s\n", id, name)
}

Other patterns (Query Optimization, Replication, Sharding, Transactions, Batch Operations, Caching) follow similar Go idioms using database/sql. Key points:

Use prepared statements for repeated queries
Use transactions (db.Begin()) for multi-step operations
Use batch operations for bulk inserts
Always close rows with defer rows.Close()

/pb-patterns-core - Core architectural and design patterns
/pb-patterns-distributed - Distributed patterns (saga, CQRS, eventual consistency)
/pb-database-ops - Database operations (migrations, backups, connection pooling)
/pb-performance - Performance optimization and profiling strategies
/pb-patterns - Pattern overview and quick reference

Distributed Patterns

Patterns for coordinating operations across multiple services/databases.

Caveat: Distributed patterns add significant complexity. Use /pb-preamble thinking (challenge assumptions) and /pb-design-rules thinking (especially Simplicity and Resilience-can you achieve your goals with simpler approaches?).

Question whether you truly need distributed systems. Challenge the assumption that you can’t keep things simple. Understand the real constraints before choosing.

Resource Hint: sonnet - Distributed pattern reference; implementation-level coordination decisions.

Purpose

Distributed patterns:

Maintain consistency across services
Handle failures gracefully (one service down doesn’t cascade)
Manage complexity of distributed systems
Enable scalability without data consistency nightmare
Provide visibility into system state

When to Use Distributed Patterns

Use when:

System spans multiple services/databases
Operations must coordinate across boundaries
Consistency matters but flexibility needed
Need visibility into distributed transactions

Don’t use when:

Single database sufficient
Operations are local
Simple solutions available
System complexity not justified

Saga Pattern

Problem: Multi-step transaction spans multiple services. Standard ACID transaction won’t work.

Solution: Choreograph steps, with compensating actions for rollback.

How it works:

Saga: Fulfilling an order across multiple services

Step 1: Order Service creates order
Step 2: Payment Service charges payment
Step 3: Inventory Service decrements stock
Step 4: Shipping Service creates shipment

Problem: What if Payment fails after Order created?
Solution: Compensating transactions (reverse steps)

Order created → Payment fails → Order compensating action (cancel order)

Two Approaches:

1. Choreography (Event-Based)

Services listen for events and trigger next step.

Example: Order Fulfillment

1. Order Service receives order → publishes "order.created"
2. Payment Service listens → charges payment → publishes "payment.processed" OR "payment.failed"
3. If "payment.processed":
     Inventory Service listens → decrements stock → publishes "stock.decremented"
4. If "payment.failed":
     Order Service listens → publishes "order.cancelled"
     (No need to decrement stock, order was never created)

JavaScript Example:

// Order Service
eventBus.subscribe('order.requested', async (event) => {
  try {
    const order = await createOrder(event);
    await eventBus.publish('order.created', { orderId: order.id });
  } catch (error) {
    await eventBus.publish('order.failed', { error });
  }
});

// Payment Service
eventBus.subscribe('order.created', async (event) => {
  try {
    const payment = await chargePayment(event.customerId, event.amount);
    await eventBus.publish('payment.processed', {
      orderId: event.orderId,
      paymentId: payment.id
    });
  } catch (error) {
    // Compensating: notify order service to cancel
    await eventBus.publish('payment.failed', { orderId: event.orderId });
  }
});

// Inventory Service
eventBus.subscribe('payment.processed', async (event) => {
  try {
    await decrementStock(event.orderId);
    await eventBus.publish('stock.decremented', { orderId: event.orderId });
  } catch (error) {
    // If inventory unavailable, compensate: refund payment
    await eventBus.publish('stock.failed', { orderId: event.orderId });
    await refundPayment(event.paymentId);
  }
});

Pros:

Loose coupling (services don’t know about each other)
Scalable (add new steps without changing others)
Decentralized (no orchestrator)

Cons:

Hard to track state (which step are we in?)
Hard to debug (events scattered across services)
Difficult to add timeouts/retries

2. Orchestration (Centralized)

One service orchestrates the saga steps.

Example:

// Order Orchestrator Service
async function fulfillOrder(order) {
  const sagaState = {
    orderId: order.id,
    state: 'pending',
    completedSteps: [],
    failedAt: null
  };

  try {
    // Step 1: Create order
    sagaState.state = 'creating_order';
    const createdOrder = await orderService.create(order);
    sagaState.completedSteps.push('order_created');

    // Step 2: Charge payment
    sagaState.state = 'charging_payment';
    const payment = await paymentService.charge(order.customerId, order.amount);
    sagaState.completedSteps.push('payment_charged');

    // Step 3: Decrement inventory
    sagaState.state = 'decrementing_stock';
    await inventoryService.decrement(order.itemIds);
    sagaState.completedSteps.push('stock_decremented');

    // Step 4: Create shipment
    sagaState.state = 'creating_shipment';
    await shippingService.create(order.id, order.items);
    sagaState.completedSteps.push('shipment_created');

    sagaState.state = 'completed';
    return sagaState;

  } catch (error) {
    // Compensate: undo steps in reverse order
    sagaState.failedAt = sagaState.state;

    if (sagaState.completedSteps.includes('shipment_created')) {
      await shippingService.cancel(order.id);
    }

    if (sagaState.completedSteps.includes('stock_decremented')) {
      await inventoryService.increment(order.itemIds);
    }

    if (sagaState.completedSteps.includes('payment_charged')) {
      await paymentService.refund(payment.id);
    }

    if (sagaState.completedSteps.includes('order_created')) {
      await orderService.cancel(order.id);
    }

    throw new SagaFailedError(sagaState);
  }
}

Pros:

Easy to track state (one place)
Easy to debug (centralized logic)
Easy to add timeouts/retries

Cons:

Tight coupling (orchestrator knows all services)
Single point of failure (orchestrator goes down)
Orchestrator becomes bottleneck

Gotchas:

1. "Idempotency"
   Bad: If step retries, might charge payment twice
   Good: Make operations idempotent (same operation twice = safe)

2. "Timeout"
   Bad: Payment charged but timeout before marking complete
   Good: Set timeouts, have compensating action for timeout

3. "Cascading failures"
   Bad: One service down brings whole saga down
   Good: Timeouts and fallbacks

Saga Idempotency Pattern

Problem: Saga step retries. Payment charged twice. Inventory decremented twice.

Solution: Ensure each step is idempotent. Running same operation twice = running it once.

Approaches:

1. Request Deduplication (Recommended)

Track request ID. If request ID seen before, return cached result.

Payment Service:
  Request: POST /charge with requestId=abc123
  Service stores: requestId → paymentId=pay_xyz

  Retry: POST /charge with requestId=abc123 (same ID)
  Service checks: I've seen abc123 before
  Returns cached: paymentId=pay_xyz (no new charge)

2. Idempotent Operations

Design operation to be idempotent:

  Bad (not idempotent):
    inventory.count = 100
    inventory.count -= 10  // Decremented to 90
    [retry happens]
    inventory.count -= 10  // Now 80 (wrong!)

  Good (idempotent):
    UPDATE inventory SET count = count - 10
    WHERE product_id = 123
    [retry happens]
    UPDATE inventory SET count = count - 10
    WHERE product_id = 123
    (Both decrements happen, but only once because of logic)

JavaScript example with idempotency:

// Payment Service with idempotency
const paymentRegistry = new Map(); // requestId → result

async function chargePayment(customerId, amount, requestId) {
  // Check if already processed
  if (paymentRegistry.has(requestId)) {
    console.log("Idempotent: Returning cached payment");
    return paymentRegistry.get(requestId);
  }

  try {
    // Process payment
    const payment = await paymentGateway.charge(customerId, amount);

    // Cache result before returning
    paymentRegistry.set(requestId, payment);
    return payment;
  } catch (error) {
    // Don't cache failures - allow retry
    throw error;
  }
}

// Saga orchestrator
async function fulfillOrder(order) {
  const sagaId = order.id;
  const requestIds = {
    payment: `${sagaId}-payment-${order.customerId}`,
    inventory: `${sagaId}-inventory`,
    shipping: `${sagaId}-shipping`
  };

  try {
    // Payment (retry safe - idempotent)
    const payment = await chargePayment(
      order.customerId,
      order.total,
      requestIds.payment  // Same ID for retries
    );

    // Inventory (retry safe)
    await inventoryService.decrement(
      order.items,
      requestIds.inventory
    );

    // Shipping (retry safe)
    await shippingService.create(
      order.id,
      order.items,
      requestIds.shipping
    );

    return { success: true };
  } catch (error) {
    // Compensation on failure
    await compensate(sagaId);
    throw error;
  }
}

When to implement:

All saga steps (payment, inventory, shipping)
Any operation that might retry
Multi-step workflows

Event Versioning

Problem: Event format changes. Old events become unreadable. New services can’t handle old events.

Solution: Version events. Support multiple versions simultaneously.

Strategies:

1. Version Field (Simplest)

{
  "version": 2,
  "type": "order.created",
  "order_id": "order_123",
  "customer_id": "cust_456",
  "amount": 99.99,
  "currency": "USD"
}

vs.

Version 1 (old):
{
  "type": "order.created",
  "order_id": "order_123",
  "amount": 99.99
}

2. Schema Evolution Map

v1 → v2: Add currency field (default: USD)
v2 → v3: Split amount into amount + tax
v3 → v4: Add shipping_address field

JavaScript example:

class EventVersionHandler {
  constructor() {
    this.handlers = {
      1: this.handleV1,
      2: this.handleV2,
      3: this.handleV3
    };
  }

  // v1: Basic order data
  handleV1(event) {
    return {
      orderId: event.order_id,
      customerId: event.customer_id,
      amount: event.amount,
      currency: 'USD' // Default
    };
  }

  // v2: Added currency field explicitly
  handleV2(event) {
    return {
      orderId: event.order_id,
      customerId: event.customer_id,
      amount: event.amount,
      currency: event.currency || 'USD'
    };
  }

  // v3: Split amount and tax
  handleV3(event) {
    return {
      orderId: event.order_id,
      customerId: event.customer_id,
      amount: event.amount,
      tax: event.tax || 0,
      currency: event.currency || 'USD'
    };
  }

  process(event) {
    const version = event.version || 1; // Default to v1
    const handler = this.handlers[version];

    if (!handler) {
      throw new Error(`Unknown event version: ${version}`);
    }

    return handler.call(this, event);
  }
}

// Usage
const eventHandler = new EventVersionHandler();

// Old v1 event
const oldEvent = {
  type: 'order.created',
  order_id: 'order_123',
  customer_id: 'cust_456',
  amount: 99.99
};

const normalized = eventHandler.process(oldEvent);
console.log(normalized);
// { orderId: 'order_123', customerId: 'cust_456', amount: 99.99, currency: 'USD' }

// New v3 event
const newEvent = {
  version: 3,
  type: 'order.created',
  order_id: 'order_123',
  customer_id: 'cust_456',
  amount: 95.00,
  tax: 4.99,
  currency: 'USD'
};

const normalized2 = eventHandler.process(newEvent);
console.log(normalized2);
// { orderId: 'order_123', customerId: 'cust_456', amount: 95.00, tax: 4.99, currency: 'USD' }

Python example - Upcasting old events:

class EventUpgrader:
    """Convert old event versions to new format."""

    @staticmethod
    def upgrade_to_latest(event):
        """Upgrade event to latest version."""
        version = event.get('version', 1)

        # Chain upgrades
        if version == 1:
            event = EventUpgrader._upgrade_v1_to_v2(event)
        if version == 2:
            event = EventUpgrader._upgrade_v2_to_v3(event)

        return event

    @staticmethod
    def _upgrade_v1_to_v2(event):
        """v1 → v2: Add currency field."""
        event['currency'] = event.get('currency', 'USD')
        event['version'] = 2
        return event

    @staticmethod
    def _upgrade_v2_to_v3(event):
        """v2 → v3: Split amount and tax."""
        if 'tax' not in event:
            event['tax'] = 0
        event['version'] = 3
        return event

# Usage
old_event_v1 = {
    'type': 'order.created',
    'order_id': 'order_123',
    'amount': 99.99
}

upgraded = EventUpgrader.upgrade_to_latest(old_event_v1)
print(upgraded)
# {'type': 'order.created', 'order_id': 'order_123', 'amount': 99.99, 'currency': 'USD', 'tax': 0, 'version': 3}

Migration strategy:

Phase 1: Add version field to events
  Existing events: version = 1
  New events: version = 2

Phase 2: Support both versions in consumers
  Consumers handle v1 and v2

Phase 3: Migrate old events
  Background job upgrades v1 → v2

Phase 4: Remove v1 support
  Only v2+ consumers exist

Outbox Pattern

Problem: Publishing event fails after database commit. Event lost. Inconsistency.

Scenario:

Transaction 1: Update order status + publish "order.shipped" event
  1. UPDATE orders SET status='shipped'
  2. Publish event to message broker
  3. If 2 fails: Event never published, but order already updated

Result: Order shipped but nobody notified → inconsistency

Solution: Write event to database first, then publish from database.

How it works:

Transaction 1: Write to outbox
  1. BEGIN TRANSACTION
  2. UPDATE orders SET status='shipped'
  3. INSERT INTO outbox (event_type, payload) VALUES (...)
  4. COMMIT (atomic)

Background process:
  1. SELECT * FROM outbox WHERE published=false
  2. FOR EACH event: Publish to message broker
  3. UPDATE outbox SET published=true

PostgreSQL example:

import json
import time
from datetime import datetime

class OrderService:
    def __init__(self, db, event_publisher):
        self.db = db
        self.event_publisher = event_publisher

    def ship_order(self, order_id):
        """Ship order and publish event atomically."""
        with self.db.transaction():
            # Update order status
            self.db.execute(
                "UPDATE orders SET status='shipped', updated_at=NOW() WHERE id=%s",
                order_id
            )

            # Write event to outbox (same transaction)
            self.db.execute(
                """INSERT INTO outbox (event_type, payload, created_at)
                   VALUES (%s, %s, NOW())""",
                'order.shipped',
                json.dumps({
                    'order_id': order_id,
                    'status': 'shipped',
                    'timestamp': datetime.now().isoformat()
                })
            )
            # Transaction commits atomically
            # If either fails, both rolled back

    def poll_and_publish(self):
        """Background process: Poll outbox, publish events."""
        while True:
            try:
                # Fetch unpublished events
                events = self.db.query(
                    "SELECT id, event_type, payload FROM outbox WHERE published=false LIMIT 100"
                )

                for event in events:
                    try:
                        # Publish to message broker
                        self.event_publisher.publish(
                            event['event_type'],
                            json.loads(event['payload'])
                        )

                        # Mark as published
                        self.db.execute(
                            "UPDATE outbox SET published=true, published_at=NOW() WHERE id=%s",
                            event['id']
                        )

                    except Exception as e:
                        # Log but continue (handle next event)
                        print(f"Failed to publish event {event['id']}: {e}")

                # Sleep before next poll
                time.sleep(1)

            except Exception as e:
                print(f"Outbox poll failed: {e}")
                time.sleep(5)

# Database schema
"""
CREATE TABLE outbox (
    id BIGSERIAL PRIMARY KEY,
    event_type VARCHAR(255) NOT NULL,
    payload JSONB NOT NULL,
    published BOOLEAN DEFAULT false,
    created_at TIMESTAMP DEFAULT NOW(),
    published_at TIMESTAMP
);

CREATE INDEX idx_outbox_unpublished ON outbox(published) WHERE published = false;
"""

JavaScript/Node.js: Same pattern - use BEGIN/COMMIT transaction with INSERT to outbox, then setInterval polling.

Benefits:

Atomic writes and events
No lost events
Guaranteed eventual consistency
Simple to implement

Gotchas:

1. "Polling lag"
   Bad: Polling every 10 seconds, events delayed
   Good: Poll every 1-5 seconds, or use change data capture

2. "Outbox grows unbounded"
   Bad: Published events never deleted
   Good: Archive/delete old published events after 1-2 weeks

3. "Duplicate publishing"
   Bad: Network hiccup, publish twice
   Good: Message broker deduplicates by requestId

CQRS (Command Query Responsibility Segregation)

Problem: Same data model used for reads and writes. Causes complexity and inconsistency.

Solution: Separate models - one for writes, one for reads.

How it works:

Traditional (Same model):
  Write Request → Business Logic → Update Model → Read Model (same as write)
  Problem: Complex logic, slow reads, hard to optimize

CQRS (Separate models):
  Write Request → Business Logic → Write Model (optimized for writes)
                                 → Event Stream
                                 → Read Model (optimized for reads)

  Read Request → Read Model (optimized for reads)
  Benefit: Can optimize each independently

Example: Event Sourcing + CQRS

// Command: Update user profile
async function updateUserProfile(userId, name, email) {
  // Write to write model: append event
  const event = {
    type: 'UserProfileUpdated',
    userId,
    name,
    email,
    timestamp: new Date()
  };

  // Store event in event store
  await eventStore.append(userId, event);

  // Event triggers read model update asynchronously
  return { success: true, eventId: event.id };
}

// Read: Get user profile
async function getUserProfile(userId) {
  // Read from read model (optimized, denormalized)
  return await readModel.getUser(userId);
}

// Eventual consistency: read model updates asynchronously
eventBus.subscribe('UserProfileUpdated', async (event) => {
  // Update read model
  await readModel.updateUser(event.userId, {
    name: event.name,
    email: event.email
  });
});

Pros:

Optimize reads and writes separately
Read model can be denormalized (fast reads)
Event sourcing enables audit trail
Scale reads and writes independently

Cons:

Eventual consistency (read model behind write model)
Complex to implement
More storage (storing events + read model)
Hard to delete data (audit trail preserved)

Gotchas:

1. "Eventual consistency"
   Bad: Write data, read immediately sees old data
   Good: Accept slight delay, or read from write model

2. "Event versioning"
   Bad: Change event format, old events can't be read
   Good: Version events, have migration logic

3. "Read model rebuild"
   Bad: Read model corrupted, no way to recover
   Good: Rebuild from event stream (events are source of truth)

Eventual Consistency

Problem: Can’t always have strong consistency across services. Too slow, too complex.

Solution: Accept eventual consistency. Data will be consistent eventually.

How it works:

Scenario: Update user profile

Strong consistency:
  1. Update primary database
  2. Wait for all replicas to update (slow!)
  3. Return to user

  Latency: 500ms+

Eventual consistency:
  1. Update primary database
  2. Return to user immediately
  3. Background process updates replicas/caches/read models

  Latency: <10ms
  Eventual: Replicas catch up within seconds

Example: Updating user’s follower count

// Strong consistency (slow):
async function followUser(currentUserId, targetUserId) {
  // Acquire lock on both users
  // Update follower count
  // Update following count
  // Wait for all replicas
  // Release locks
  // Return (500ms+ latency)
}

// Eventual consistency (fast):
async function followUser(currentUserId, targetUserId) {
  // Publish event immediately
  await eventBus.publish('user.followed', {
    follower: currentUserId,
    target: targetUserId
  });

  // Return immediately
  return { success: true };  // <10ms latency

  // Asynchronously update counts
  // (user sees count update within seconds)
}

// Background processor
eventBus.subscribe('user.followed', async (event) => {
  await Promise.all([
    // Increment target's follower count
    userService.incrementFollowerCount(event.target),
    // Increment follower's following count
    userService.incrementFollowingCount(event.follower),
    // Update caches/replicas
    // Update search index
  ]);
});

Guarantees:

Fast writes (return immediately)
Eventual reads (data consistent within seconds)
Scalable (no locking)

Trade-offs:

Users see temporary inconsistency
Complex to reason about
Requires compensating actions for errors

Two-Phase Commit (2PC)

Problem: Transaction spans multiple databases. Need all-or-nothing.

Solution: Coordinator asks all parties to prepare, then commit/rollback.

How it works:

Phase 1: Prepare (can we commit?)
  Coordinator asks: "Can you commit this transaction?"
  Service A: "Yes, I've locked resources"
  Service B: "Yes, I've locked resources"
  Service C: "No, constraint violation"

Phase 2: Commit or Rollback
  Coordinator: "Service C said no, ROLLBACK"
  Service A: "Releasing locks"
  Service B: "Releasing locks"
  Service C: "Releasing locks"

Result: All-or-nothing, consistent across databases

Example:

class DistributedTransaction:
    def __init__(self, services):
        self.services = services
        self.prepared = []

    async def execute(self, operations):
        try:
            # Phase 1: Prepare
            for service, operation in zip(self.services, operations):
                result = await service.prepare(operation)
                if not result['ready']:
                    raise Exception(f"{service} not ready")
                self.prepared.append(service)

            # Phase 2: Commit
            for service in self.prepared:
                await service.commit()

            return {'success': True}

        except Exception as e:
            # Rollback all
            for service in self.prepared:
                await service.rollback()

            return {'success': False, 'error': str(e)}

# Usage
txn = DistributedTransaction([service_a, service_b, service_c])
result = await txn.execute([
    operation_a,
    operation_b,
    operation_c
])

Pros:

Strong consistency (all-or-nothing)
ACID guarantees across services

Cons:

Slow (two round-trips)
Blocking (locks held during prepare phase)
Coordinator failure means stuck transaction
Poor availability (one service down fails whole transaction)

Gotchas:

1. "Heuristic completion"
   Problem: Coordinator crashes after services prepare but before commit
   Services locked, manual intervention needed

2. "Timeout"
   Bad: Service takes too long to prepare, whole transaction blocks
   Good: Timeouts, fallback to eventual consistency

3. "Deadlock"
   Bad: Multiple concurrent transactions, resources locked in different order
   Good: Consistent lock ordering, or use MVCC

When to use:

Strong consistency critical (financial transactions)
Prefer Saga for loosely coupled services

Pattern Interactions

How patterns work together:

Saga + Event-Driven Architecture

Order Fulfillment using Saga + Events:

1. Frontend → Order Service
2. Order Service publishes "order.created" event
3. Payment Service listens → processes payment
4. If payment succeeds → publishes "payment.processed"
5. Inventory Service listens → decrements stock
6. If stock available → publishes "stock.decremented"
7. If payment fails → publishes "payment.failed"
8. Order Service compensates (cancels order)

Result: Distributed transaction using events (loose coupling)

CQRS + Saga

User Profile Updates + Follower Count:

Write side (Command: Follow User):
1. Append event to event store
2. Publish "user.followed" event
3. Return immediately

Event processor (Saga orchestrator):
1. Listen for "user.followed"
2. Coordinate updates across services
3. Update follower/following counts
4. Update caches

Read side (Query: Get user profile):
1. Read from optimized read model
2. Shows follower count (eventually consistent)

Circuit Breaker + Saga Retry

Service calling another service in Saga:

try {
  const result = await circuitBreaker.call(
    () => paymentService.charge(amount)
  );
} catch (CircuitBreakerOpen) {
  // Service is down
  // Saga handler: mark saga as "retrying"
  // Retry with exponential backoff
  // Or compensate if max retries exceeded
}

Antipatterns

Using 2PC with loosely coupled services:

[NO] Bad: Tight coupling, poor availability
Service A → Coordinator → Service B → Service C
(All must be up and responsive)

[YES] Good: Use Saga + events instead
Service A → Event → Service B
Event → Service C
(Services can be down independently)

Ignoring eventual consistency window:

[NO] Bad: Write data, immediate read assumes consistent
data = write(user, 'John')
user = read(user)  // Might be old data!

[YES] Good: Accept delay or read from write model
write(user, 'John')  // Async
return { success: true }  // Don't promise immediate visibility
// Client retries read in UI if needed

Creating saga with too many steps:

[NO] Bad: 20-step saga, hard to debug
Step 1 → Step 2 → ... → Step 20
(If step 15 fails, debugging nightmare)

[YES] Good: Break into smaller sagas
Saga 1: Order fulfillment (5 steps)
Saga 2: Inventory management (3 steps)
(Each saga can be tested independently)

Go Examples

Saga Pattern with Compensation:

// Go: Order saga with distributed transaction
package main

import (
    "context"
    "fmt"
    "log"
)

type OrderSaga struct {
    orderService     OrderService
    paymentService   PaymentService
    inventoryService InventoryService
}

type Order struct {
    ID         string
    CustomerID string
    Items      []Item
    Total      float64
}

// Execute saga with compensation on failure
func (s *OrderSaga) Execute(ctx context.Context, order *Order) error {
    completed := []string{} // Track completed steps for compensation

    // Step 1: Create order
    if err := s.orderService.CreateOrder(ctx, order); err != nil {
        return fmt.Errorf("order creation failed: %w", err)
    }
    completed = append(completed, "order_created")

    // Step 2: Process payment
    payment, err := s.paymentService.Charge(ctx, order.CustomerID, order.Total)
    if err != nil {
        s.compensate(ctx, completed, order, payment)
        return fmt.Errorf("payment failed: %w", err)
    }
    completed = append(completed, "payment_charged")

    // Step 3: Deduct inventory
    if err := s.inventoryService.DeductInventory(ctx, order.Items); err != nil {
        s.compensate(ctx, completed, order, payment)
        return fmt.Errorf("inventory deduction failed: %w", err)
    }
    completed = append(completed, "inventory_deducted")

    // Step 4: Update shipping
    if err := s.orderService.UpdateShippingStatus(ctx, order.ID, "confirmed"); err != nil {
        s.compensate(ctx, completed, order, payment)
        return fmt.Errorf("shipping update failed: %w", err)
    }

    log.Printf("Order %s completed successfully", order.ID)
    return nil
}

// Compensate: undo steps in reverse order
func (s *OrderSaga) compensate(ctx context.Context, completed []string, order *Order, payment *Payment) {
    // Undo steps in reverse order
    for i := len(completed) - 1; i >= 0; i-- {
        step := completed[i]

        switch step {
        case "inventory_deducted":
            if err := s.inventoryService.RestoreInventory(ctx, order.Items); err != nil {
                log.Printf("Failed to restore inventory: %v", err)
            }

        case "payment_charged":
            if err := s.paymentService.Refund(ctx, payment.ID); err != nil {
                log.Printf("Failed to refund payment: %v", err)
            }

        case "order_created":
            if err := s.orderService.CancelOrder(ctx, order.ID); err != nil {
                log.Printf("Failed to cancel order: %v", err)
            }
        }
    }

    log.Printf("Compensation completed for order %s", order.ID)
}

Other patterns (Event-Driven, Outbox, CQRS, Eventual Consistency) follow similar Go idioms-use channels for events, context for cancellation, and interfaces for testability.

Integration with Playbook

/pb-patterns-core - SOA and Event-Driven (foundation)
/pb-patterns-async - Async operations (needed for Saga)
/pb-guide - Distributed systems design
/pb-incident - Handling distributed failures
/pb-observability - Tracing sagas across services
/pb-deployment - Coordinating deployments across services

Decision points:

When to use Saga vs 2PC
When to accept eventual consistency
How to handle distributed failures
How to monitor saga execution
gRPC vs REST for inter-service communication

/pb-patterns-core - Foundation patterns (SOA, Event-Driven)
/pb-patterns-async - Async patterns needed for distributed operations
/pb-observability - Tracing and monitoring distributed systems

Created: 2026-01-11 | Category: Distributed Systems | Tier: L Updated: 2026-01-11 | Added Go examples

Frontend Architecture Patterns

Patterns for building scalable, maintainable user interfaces. Mobile-first and theme-aware by default.

Trade-offs exist: Frontend complexity compounds quickly. Use /pb-preamble thinking (challenge the need for each abstraction) and /pb-design-rules thinking (Clarity in component boundaries, Simplicity in state management, Resilience through graceful degradation).

Question whether that library is necessary. Challenge whether that abstraction earns its complexity. Understand the constraints before adding patterns.

Resource Hint: sonnet - Frontend pattern reference; implementation-level UI architecture decisions.

When to Use

Designing component architecture for a new frontend project
Choosing state management, styling, or rendering patterns
Reviewing frontend code against scalability and maintainability principles

Philosophy

Mobile-First is Not Optional

Mobile-first means:

Start with the smallest viewport, enhance upward
Simplest layout is the default; complexity is opt-in
Touch targets before hover states
Performance budget starts tight, not loose

Why mobile-first:

/* [NO] Desktop-first: Start complex, override to simple */
.sidebar {
  display: flex;
  width: 300px;
}
@media (max-width: 768px) {
  .sidebar {
    display: none;  /* Undoing work */
  }
}

/* [YES] Mobile-first: Start simple, enhance to complex */
.sidebar {
  display: none;  /* Simple default */
}
@media (min-width: 768px) {
  .sidebar {
    display: flex;
    width: 300px;  /* Enhancement */
  }
}

The second approach:

Faster on mobile (no CSS to override)
Progressive enhancement (features are additive)
Forces prioritization (what matters on small screens?)

Theme-Aware is Foundational

Design systems that support theming from day one:

/* [NO] Hardcoded colors scattered everywhere */
.button {
  background: #3b82f6;
  color: white;
}

/* [YES] Design tokens enable theming */
.button {
  background: var(--color-primary);
  color: var(--color-on-primary);
}

Theme-awareness enables:

Dark/light mode without refactoring
Brand customization for white-label
Accessibility adjustments (high contrast)
Future design evolution

See /pb-design-language for project-specific token systems.

Component Patterns

Atomic Design (Component Hierarchy)

Organize components by composition level:

Atoms       → Basic building blocks (Button, Input, Icon)
Molecules   → Simple combinations (SearchField = Input + Button)
Organisms   → Complex sections (Header = Logo + Nav + SearchField)
Templates   → Page layouts (empty of content)
Pages       → Templates filled with real content

Key insight: Components at lower levels should know NOTHING about higher levels.

// [NO] Atom that knows about the page
function Button({ onClick, pageContext }) {
  const label = pageContext.isCheckout ? 'Buy Now' : 'Submit';
  return <button onClick={onClick}>{label}</button>;
}

// [YES] Atom that is context-agnostic
function Button({ onClick, children }) {
  return <button onClick={onClick}>{children}</button>;
}

// Page provides context
function CheckoutPage() {
  return <Button onClick={handleCheckout}>Buy Now</Button>;
}

Compound Components

For components with related pieces that share implicit state:

// [NO] Prop drilling and configuration overload
<Tabs
  tabs={[
    { label: 'Overview', content: <Overview /> },
    { label: 'Details', content: <Details /> },
  ]}
  activeTab={0}
  onTabChange={setActiveTab}
/>

// [YES] Compound pattern - flexible, readable
<Tabs>
  <Tabs.List>
    <Tabs.Tab>Overview</Tabs.Tab>
    <Tabs.Tab>Details</Tabs.Tab>
  </Tabs.List>
  <Tabs.Panels>
    <Tabs.Panel><Overview /></Tabs.Panel>
    <Tabs.Panel><Details /></Tabs.Panel>
  </Tabs.Panels>
</Tabs>

Compound components:

Share state via Context internally
Expose flexible composition externally
Self-document their structure

Use when: Component has multiple related parts (Tabs, Accordion, Dropdown, Modal)

Container/Presentational Split

Separate data fetching from rendering:

// Presentational: Pure rendering, no data fetching
function UserCard({ name, avatar, onEdit }) {
  return (
    <article className="user-card">
      <img src={avatar} alt="" />
      <h2>{name}</h2>
      <button onClick={onEdit}>Edit</button>
    </article>
  );
}

// Container: Data fetching and state
function UserCardContainer({ userId }) {
  const { data: user, isLoading } = useUser(userId);
  const { mutate: updateUser } = useUpdateUser();

  if (isLoading) return <UserCardSkeleton />;

  return (
    <UserCard
      name={user.name}
      avatar={user.avatar}
      onEdit={() => updateUser(userId)}
    />
  );
}

Benefits:

Presentational components are easy to test and Storybook
Containers can be swapped (different data sources)
Clear responsibility boundaries

Modern evolution: Hooks blur this line. The principle (separate concerns) still applies even if the boundary is within a single component.

State Management

State Location Decision Tree

Is this state used by only ONE component?
├─ Yes → Local state (useState)
└─ No → Is it used by SIBLINGS or PARENT?
    ├─ Yes → Lift state to common ancestor
    └─ No → Is it DEEPLY nested (prop drilling)?
        ├─ Yes → Context or state library
        └─ No → Is it SERVER state (fetched data)?
            ├─ Yes → Data fetching library (React Query, SWR)
            └─ No → Is it URL state (search, filters)?
                ├─ Yes → URL parameters
                └─ No → Global state library (if truly global)

Server State vs Client State

Server state: Data from backend (users, products, orders)

Use: React Query, SWR, Apollo
Characteristics: Async, cacheable, can be stale

Client state: UI state (modals, selections, form inputs)

Use: useState, useReducer, Context, Zustand
Characteristics: Sync, ephemeral, always fresh

// [NO] Treating server state like client state
const [users, setUsers] = useState([]);
const [loading, setLoading] = useState(true);
const [error, setError] = useState(null);

useEffect(() => {
  setLoading(true);
  fetchUsers()
    .then(setUsers)
    .catch(setError)
    .finally(() => setLoading(false));
}, []);

// [YES] Dedicated server state management
const { data: users, isLoading, error } = useQuery({
  queryKey: ['users'],
  queryFn: fetchUsers,
});

Benefits of server state libraries:

Automatic caching and invalidation
Background refetching
Optimistic updates
Request deduplication
Loading/error states handled

URL State

State that should survive refresh or be shareable:

// [NO] Filters in local state (lost on refresh)
const [filters, setFilters] = useState({ category: 'all', sort: 'newest' });

// [YES] Filters in URL (shareable, survives refresh)
function useFilters() {
  const [searchParams, setSearchParams] = useSearchParams();

  const filters = {
    category: searchParams.get('category') || 'all',
    sort: searchParams.get('sort') || 'newest',
  };

  const setFilters = (newFilters) => {
    setSearchParams(new URLSearchParams(newFilters));
  };

  return [filters, setFilters];
}

URL state candidates:

Search queries
Filters and sorting
Pagination
Selected items (for sharing)
Modal/drawer open state (debatable)

UI States

Every component that fetches data or performs async operations needs three states: loading, error, and empty. Handle all three explicitly.

Loading States

// [NO] Boolean loading with no visual feedback
if (loading) return null;

// [YES] Skeleton that matches content shape
if (isLoading) return <UserCardSkeleton />;

// [YES] Progressive loading for lists
function UserList({ users, isLoading }) {
  if (isLoading && users.length === 0) {
    return <UserListSkeleton count={5} />;
  }

  return (
    <>
      {users.map(user => <UserCard key={user.id} user={user} />)}
      {isLoading && <LoadingSpinner />} {/* Loading more */}
    </>
  );
}

Loading patterns:

Skeletons: Match content shape, use for initial load
Spinners: Use for actions (button click, form submit)
Progress bars: Use for known-duration operations (uploads)
Optimistic UI: Show expected result immediately, rollback on error

Error States

// [NO] Silent failure
if (error) return null;

// [YES] Actionable error with retry
function DataDisplay({ data, error, refetch }) {
  if (error) {
    return (
      <ErrorCard>
        <p>Failed to load data. Please try again.</p>
        <Button onClick={refetch}>Retry</Button>
      </ErrorCard>
    );
  }
  return <DataContent data={data} />;
}

// [YES] Error boundary for unexpected errors
<ErrorBoundary fallback={<ErrorFallback />}>
  <UserProfile />
</ErrorBoundary>

Error patterns:

Inline errors: For form fields, local failures
Error cards: For section-level failures with retry
Error boundaries: For unexpected crashes (React)
Toast notifications: For background operation failures

Empty States

// [NO] Just nothing
if (items.length === 0) return null;

// [YES] Contextual empty state with action
function ProjectList({ projects, onCreateProject }) {
  if (projects.length === 0) {
    return (
      <EmptyState
        icon={<FolderIcon />}
        title="No projects yet"
        description="Create your first project to get started."
        action={<Button onClick={onCreateProject}>Create Project</Button>}
      />
    );
  }
  return <ProjectGrid projects={projects} />;
}

Empty state types:

First-use: No data yet, guide user to create
No results: Search/filter returned nothing, suggest clearing filters
Filtered empty: Data exists but filter excludes all, show “clear filters”
Error empty: Failed to load, show retry option

Form Patterns

Forms are where users interact most. Get the patterns right for validation, layout, and multi-step flows.

Form Layout

// Stacked (mobile-first, default)
<form className="space-y-4">
  <FormField label="Email" name="email" />
  <FormField label="Password" name="password" />
  <Button type="submit">Sign In</Button>
</form>

// Inline (for simple, related fields)
<form className="flex gap-2">
  <Input placeholder="Search..." />
  <Button type="submit">Search</Button>
</form>

// Multi-column (desktop enhancement)
<form className="grid grid-cols-1 md:grid-cols-2 gap-4">
  <FormField label="First Name" name="firstName" />
  <FormField label="Last Name" name="lastName" />
  <FormField label="Email" name="email" className="md:col-span-2" />
</form>

Validation Patterns

// [NO] Only validate on submit (frustrating)
// [NO] Validate on every keystroke (annoying)

// [YES] Validate on blur + submit
function FormField({ name, validate }) {
  const [touched, setTouched] = useState(false);
  const [value, setValue] = useState('');
  const error = touched ? validate(value) : null;

  return (
    <div>
      <input
        value={value}
        onChange={(e) => setValue(e.target.value)}
        onBlur={() => setTouched(true)}
        aria-invalid={!!error}
        aria-describedby={error ? `${name}-error` : undefined}
      />
      {error && <span id={`${name}-error`} role="alert">{error}</span>}
    </div>
  );
}

// [YES] Real-time validation for specific fields (username availability)
function UsernameField() {
  const [username, setUsername] = useState('');
  const { data: available, isLoading } = useUsernameCheck(username);

  return (
    <div>
      <input value={username} onChange={(e) => setUsername(e.target.value)} />
      {isLoading && <span>Checking...</span>}
      {available === false && <span>Username taken</span>}
      {available === true && <span>Available!</span>}
    </div>
  );
}

Validation timing:

On blur: Most fields (email, password, text)
On change (debounced): Async validation (username check)
On submit: Final validation, scroll to first error

Multi-Step Forms

function MultiStepForm() {
  const [step, setStep] = useState(1);
  const [data, setData] = useState({});

  const updateData = (stepData) => {
    setData(prev => ({ ...prev, ...stepData }));
  };

  return (
    <div>
      {/* Progress indicator */}
      <StepIndicator current={step} total={3} />

      {/* Step content */}
      {step === 1 && <PersonalInfo data={data} onNext={(d) => { updateData(d); setStep(2); }} />}
      {step === 2 && <AccountSetup data={data} onNext={(d) => { updateData(d); setStep(3); }} onBack={() => setStep(1)} />}
      {step === 3 && <Review data={data} onSubmit={handleSubmit} onBack={() => setStep(2)} />}
    </div>
  );
}

Multi-step principles:

Show progress (step 2 of 3)
Allow going back without losing data
Validate each step before proceeding
Show summary before final submit
Save progress for long forms (localStorage or server)

Form State Management

// Simple forms: Local state
const [email, setEmail] = useState('');

// Complex forms: useReducer or form library
// React Hook Form example
const { register, handleSubmit, formState: { errors } } = useForm();

// Form state decision:
// - 1-3 fields → useState
// - 4-10 fields → useReducer or form library
// - 10+ fields or complex validation → Form library (React Hook Form, Formik)

Performance Patterns

Code Splitting

Load code when needed, not upfront:

// [NO] Everything in main bundle
import { Dashboard } from './Dashboard';
import { Settings } from './Settings';
import { Analytics } from './Analytics';

// [YES] Route-based code splitting
const Dashboard = lazy(() => import('./Dashboard'));
const Settings = lazy(() => import('./Settings'));
const Analytics = lazy(() => import('./Analytics'));

function App() {
  return (
    <Suspense fallback={<PageSkeleton />}>
      <Routes>
        <Route path="/dashboard" element={<Dashboard />} />
        <Route path="/settings" element={<Settings />} />
        <Route path="/analytics" element={<Analytics />} />
      </Routes>
    </Suspense>
  );
}

Split on:

Routes (always)
Heavy libraries (charts, editors, maps)
Below-the-fold content
Conditionally rendered features

Lazy Loading Images

// Native lazy loading (modern browsers)
<img src={src} alt={alt} loading="lazy" />

// With responsive images
<img
  src={src}
  srcSet={`${src}?w=400 400w, ${src}?w=800 800w`}
  sizes="(max-width: 600px) 400px, 800px"
  alt={alt}
  loading="lazy"
/>

Memoization (Use Sparingly)

// [NO] Premature memoization
const MemoizedButton = memo(Button); // Button is already fast

// [YES] Memoization for expensive renders
const MemoizedChart = memo(Chart); // Chart is genuinely expensive

// [YES] Memoization to prevent unnecessary re-renders
const MemoizedListItem = memo(ListItem, (prev, next) => {
  return prev.id === next.id && prev.selected === next.selected;
});

Memoize when:

Component is expensive to render
Component receives same props often
Profiler shows it’s a bottleneck

Don’t memoize when:

“Just in case”
Component is simple
Props change frequently anyway

Bundle Analysis

Regularly audit bundle size:

# webpack-bundle-analyzer
npx webpack-bundle-analyzer stats.json

# vite
npx vite-bundle-visualizer

# Next.js
ANALYZE=true npm run build

Budget guidance:

Main bundle: < 200KB gzipped
Initial JS: < 100KB for fast Time to Interactive
Largest chunk: < 100KB (for good caching)

Theming Patterns

Design Tokens

Design decisions as variables:

:root {
  /* Color tokens */
  --color-primary: #3b82f6;
  --color-primary-hover: #2563eb;
  --color-on-primary: #ffffff;

  /* Semantic tokens */
  --color-surface: #ffffff;
  --color-on-surface: #1f2937;
  --color-error: #ef4444;

  /* Spacing scale */
  --space-1: 0.25rem;
  --space-2: 0.5rem;
  --space-4: 1rem;
  --space-8: 2rem;

  /* Typography scale */
  --text-sm: 0.875rem;
  --text-base: 1rem;
  --text-lg: 1.125rem;
  --text-xl: 1.25rem;

  /* Motion */
  --duration-fast: 150ms;
  --duration-normal: 300ms;
  --easing-default: cubic-bezier(0.4, 0, 0.2, 1);
}

Dark Mode Implementation

/* Light mode (default) */
:root {
  --color-surface: #ffffff;
  --color-on-surface: #1f2937;
  --color-primary: #3b82f6;
}

/* Dark mode */
:root[data-theme="dark"] {
  --color-surface: #1f2937;
  --color-on-surface: #f9fafb;
  --color-primary: #60a5fa;
}

/* System preference */
@media (prefers-color-scheme: dark) {
  :root:not([data-theme="light"]) {
    --color-surface: #1f2937;
    --color-on-surface: #f9fafb;
    --color-primary: #60a5fa;
  }
}

// Theme toggle hook
function useTheme() {
  const [theme, setTheme] = useState(() => {
    if (typeof window === 'undefined') return 'system';
    return localStorage.getItem('theme') || 'system';
  });

  useEffect(() => {
    const root = document.documentElement;

    if (theme === 'system') {
      root.removeAttribute('data-theme');
    } else {
      root.setAttribute('data-theme', theme);
    }

    localStorage.setItem('theme', theme);
  }, [theme]);

  return [theme, setTheme];
}

Skinnable Interfaces

For white-label or heavily customizable products:

/* Base component - uses semantic tokens only */
.card {
  background: var(--card-background, var(--color-surface));
  border: 1px solid var(--card-border, var(--color-border));
  border-radius: var(--card-radius, var(--radius-md));
  box-shadow: var(--card-shadow, var(--shadow-sm));
}

/* Brand A overrides */
[data-brand="brand-a"] {
  --card-radius: 0;
  --card-shadow: none;
  --card-border: 2px solid var(--color-primary);
}

/* Brand B overrides */
[data-brand="brand-b"] {
  --card-radius: var(--radius-xl);
  --card-shadow: var(--shadow-lg);
  --card-border: none;
}

See /pb-design-language for creating project-specific token systems.

Responsive Patterns

Mobile-First Breakpoints

/* Mobile-first breakpoint scale */
:root {
  /* Breakpoints (min-width) */
  --breakpoint-sm: 640px;   /* Large phones */
  --breakpoint-md: 768px;   /* Tablets */
  --breakpoint-lg: 1024px;  /* Small laptops */
  --breakpoint-xl: 1280px;  /* Desktops */
  --breakpoint-2xl: 1536px; /* Large screens */
}

/* Usage: Always min-width, mobile-first */
.grid {
  display: grid;
  grid-template-columns: 1fr; /* Mobile: single column */
}

@media (min-width: 768px) {
  .grid {
    grid-template-columns: repeat(2, 1fr); /* Tablet: 2 columns */
  }
}

@media (min-width: 1024px) {
  .grid {
    grid-template-columns: repeat(3, 1fr); /* Desktop: 3 columns */
  }
}

Fluid Typography

Scale typography smoothly between breakpoints:

/* Fluid type scale using clamp() */
:root {
  --text-base: clamp(1rem, 0.5vw + 0.875rem, 1.125rem);
  --text-lg: clamp(1.125rem, 0.75vw + 1rem, 1.5rem);
  --text-xl: clamp(1.25rem, 1vw + 1rem, 2rem);
  --text-2xl: clamp(1.5rem, 2vw + 1rem, 3rem);
}

/* Usage */
h1 {
  font-size: var(--text-2xl);
}

clamp() formula: clamp(min, preferred, max)

min: Smallest size (mobile floor)
preferred: Fluid calculation based on viewport
max: Largest size (desktop ceiling)

Container Queries

Style based on container size, not viewport:

/* Define container */
.card-container {
  container-type: inline-size;
  container-name: card;
}

/* Style based on container */
@container card (min-width: 400px) {
  .card {
    display: grid;
    grid-template-columns: auto 1fr;
  }
}

Use for: Components that exist in different contexts (sidebar vs main content).

Anti-Patterns

Props Explosion

// [NO] Too many props
<Button
  size="lg"
  variant="primary"
  isLoading={false}
  isDisabled={false}
  leftIcon={<Icon />}
  rightIcon={null}
  onClick={handleClick}
  onHover={handleHover}
  tooltip="Click me"
  ariaLabel="Submit form"
  className="custom-button"
  style={{ marginTop: 10 }}
/>

// [YES] Composition over configuration
<Button size="lg" variant="primary" onClick={handleClick}>
  <Icon /> Submit
</Button>

Premature Abstraction

// [NO] Abstracting after one use
// utils/formatUserName.ts
export function formatUserName(first, last) {
  return `${first} ${last}`;
}

// [YES] Inline until pattern emerges
const fullName = `${user.first} ${user.last}`;

// Abstract when you see the SAME pattern THREE times

God Components

// [NO] Component does everything
function UserDashboard() {
  // 500 lines of data fetching, state, rendering, effects
}

// [YES] Composition of focused components
function UserDashboard() {
  return (
    <DashboardLayout>
      <UserHeader />
      <UserStats />
      <RecentActivity />
      <QuickActions />
    </DashboardLayout>
  );
}

Over-Engineering State

// [NO] Redux for a todo list
const todoSlice = createSlice({
  name: 'todos',
  initialState: { items: [], filter: 'all' },
  reducers: {
    addTodo: (state, action) => { /* ... */ },
    toggleTodo: (state, action) => { /* ... */ },
    setFilter: (state, action) => { /* ... */ },
  },
});

// [YES] Local state for simple features
function TodoList() {
  const [todos, setTodos] = useState([]);
  const [filter, setFilter] = useState('all');
  // Simple, testable, deletable
}

Accessibility Integration

Frontend patterns MUST be accessible by default. See /pb-a11y for comprehensive guidance.

Quick checklist for components:

Semantic HTML used (button not div, etc.)
Keyboard navigable (Tab, Enter, Escape)
Focus visible and logical
ARIA only when semantic HTML insufficient
Color not sole indicator
Touch targets 44x44px minimum

/pb-design-language - Project-specific design token systems
/pb-a11y - Accessibility deep-dive
/pb-patterns-async - Data fetching patterns
/pb-patterns-api - API design patterns
/pb-testing - Component testing patterns

Design Rules Applied

Rule	Application
Clarity	Component boundaries are explicit; no hidden state
Simplicity	Mobile-first forces prioritization; no premature abstraction
Composition	Compound components, composition over props explosion
Resilience	Error boundaries, graceful degradation, loading states
Extensibility	Design tokens enable theming without code changes

Last Updated: 2026-01-19 Version: 1.0

Resilience & Protection Patterns

Patterns for making systems reliable under failure. These are defensive patterns added during or after implementation to protect against transient failures, cascading outages, resource exhaustion, and abuse.

Purpose

Resilience patterns:

Protect against transient failures: External services time out, networks flap
Prevent cascading outages: One service down shouldn’t take everything down
Control resource usage: Rate limiting, connection isolation
Improve perceived reliability: Caching reduces dependency on slow backends

Mindset: Use /pb-preamble thinking (challenge assumptions - do you actually need this pattern, or is the root cause fixable?) and /pb-design-rules thinking (Fail noisily and early; patterns should add clarity, not hide problems).

Resource Hint: sonnet - Pattern reference and application; implementation-level design decisions.

When to Use

Service calls fail intermittently and you need retry/backoff logic
External dependencies go down and you need to prevent cascading failures
API needs protection against abuse or resource exhaustion
Adding a caching layer for performance and reliability

Pattern: Retry with Exponential Backoff

Problem: External service timeout. Should we fail immediately or retry?

Solution: Retry a few times, wait longer between each attempt.

How it works:

Attempt 1: Fail immediately, wait 1 second
Attempt 2: Try again, wait 2 seconds
Attempt 3: Try again, wait 4 seconds
Attempt 4: Try again, wait 8 seconds
Attempt 5: Fail permanently

Why exponential? Gives external service time to recover.
Why 5? More than 5 usually means service is down.

Python example:

import time

def call_with_retry(func, max_retries=5):
    """Call function with exponential backoff retry."""
    for attempt in range(max_retries):
        try:
            return func()
        except Exception as e:
            if attempt == max_retries - 1:
                raise  # Last attempt, fail

            wait_time = 2 ** attempt  # 1, 2, 4, 8 seconds
            print(f"Attempt {attempt + 1} failed, retrying in {wait_time}s")
            time.sleep(wait_time)

# Usage
def charge_payment():
    return payment_api.charge(amount=99.99)

call_with_retry(charge_payment)

When to use:

Calling external APIs (network timeouts happen)
Database operations (short temporary outages)
NOT for validation errors (retrying won’t help)
NOT for authorization failures (retrying won’t help)

Gotchas:

1. "Retry forever"
   Bad: Server stuck in retry loop
   Good: Max retries (usually 3-5)

2. "Retry synchronously"
   Bad: User waits 15 seconds (1+2+4+8) for result
   Good: Fail fast, queue for async retry

3. "No jitter"
   Bad: All clients retry at exact same time, thundering herd
   Good: Add random jitter (retry at 1-2 seconds, not exactly 1)

Pattern: Circuit Breaker

Problem: External service is down. Calling it repeatedly wastes time, resources.

Solution: After N failures, stop calling for a while. Check periodically.

States:

Closed (Normal):
  Service working
  Calls go through
  Count failures

Open (Broken):
  Service down
  Fail immediately (don't try calling)
  After timeout, try one request

Half-Open (Testing):
  One request allowed through
  If succeeds: Close (back to normal)
  If fails: Open again (still broken)

Visual:

Normal state (Closed):
  Request → External Service → Success

Service goes down (Open after 5 failures):
  Request → Circuit Breaker → Fail Immediately
  (Don't even try calling service)

After timeout, test recovery (Half-Open):
  Request → Circuit Breaker → Try once → Success
  Circuit Closed (back to normal)

Python example:

class CircuitBreaker:
    def __init__(self, failure_threshold=5, timeout=60):
        self.failure_threshold = failure_threshold
        self.timeout = timeout
        self.failure_count = 0
        self.last_failure_time = None
        self.state = 'closed'  # closed, open, half-open

    def call(self, func):
        if self.state == 'open':
            # Check if timeout passed
            if time.time() - self.last_failure_time > self.timeout:
                self.state = 'half-open'
            else:
                raise CircuitBreakerOpen("Service unavailable")

        try:
            result = func()
            if self.state == 'half-open':
                self.state = 'closed'
                self.failure_count = 0
            return result
        except Exception as e:
            self.failure_count += 1
            self.last_failure_time = time.time()

            if self.failure_count >= self.failure_threshold:
                self.state = 'open'
            raise

# Usage
breaker = CircuitBreaker()
try:
    breaker.call(lambda: external_api.get_data())
except CircuitBreakerOpen:
    # Service is down, use fallback or fail gracefully
    return cached_data_or_default

When to use:

Calling external APIs (prevent cascading failures)
Database connection pooling
Any resource that might be temporarily down
NOT for immediate failures you want to handle differently

Pattern: Rate Limiting

Problem: API being abused. Too many requests from one client. Resources exhausted (CPU, memory, database).

Solution: Limit requests per time window. Too many requests? Reject or delay.

Strategies:

1. Token Bucket (Recommended)

Bucket holds N tokens
Every request uses 1 token
Tokens refill at rate R per second

Example: 100 tokens, refill 10/second
  Request 1: 100 → 99 tokens (OK)
  Request 2: 99 → 98 tokens (OK)
  ...
  Request 100: 1 → 0 tokens (OK)
  Request 101: 0 tokens (REJECTED)
  After 1 second: Refilled to 10 tokens
  After 10 seconds: Refilled to 100 tokens

2. Sliding Window (Simple but Less Accurate)

Count requests in last N seconds
Too many requests? Reject

Example: Max 100 requests per minute
  11:00:00 - 11:00:59: 100 requests (at limit)
  11:01:00: First old request falls out
  Request 101 now allowed (oldest expired)

3. Leaky Bucket (Fair, Process at Constant Rate)

Requests arrive at variable rate
Leak (process) at constant rate

Like a queue:
  Requests → [Bucket] → Processing at constant rate
  If bucket full: Reject or queue (backpressure)

Python token bucket example:

import time
from threading import Lock

class RateLimiter:
    def __init__(self, capacity=100, refill_rate=10):
        """
        capacity: max tokens in bucket
        refill_rate: tokens per second
        """
        self.capacity = capacity
        self.refill_rate = refill_rate
        self.tokens = capacity
        self.last_refill_time = time.time()
        self.lock = Lock()

    def allow_request(self):
        """Check if request allowed."""
        with self.lock:
            now = time.time()
            elapsed = now - self.last_refill_time

            # Refill tokens
            refilled = elapsed * self.refill_rate
            self.tokens = min(
                self.capacity,
                self.tokens + refilled
            )
            self.last_refill_time = now

            if self.tokens >= 1:
                self.tokens -= 1
                return True
            return False

    def wait_if_needed(self):
        """Wait until request is allowed."""
        while not self.allow_request():
            time.sleep(0.1)

# Usage
limiter = RateLimiter(capacity=100, refill_rate=10)

if limiter.allow_request():
    print("Request allowed")
else:
    print("Rate limit exceeded")
    # Return 429 Too Many Requests

Where to implement:

API Gateway (Best): Rate limit before hitting services
- All services protected
- Single configuration point
- Can reject early
Individual Service: Rate limit per service
- Finer control (payment service stricter than logging)
- Redundant (if gateway exists)
Redis (Distributed): Share limits across servers
- Multiple API instances
- Fair across load balancer

Levels of rate limiting:

Global (All users): 10,000 requests/minute
Per user: 100 requests/minute
Per IP: 50 requests/minute
Per endpoint: Payment API strict (10/minute), Logging lenient (1000/minute)

HTTP Response Headers:

X-RateLimit-Limit: 100
X-RateLimit-Remaining: 42
X-RateLimit-Reset: 1673456789 (unix timestamp)

429 Too Many Requests
Retry-After: 60

When to use:

Public APIs (prevent abuse)
Resource-intensive endpoints (batch processing, exports)
Protecting against DDoS
Fair-sharing (one user can’t monopolize)
Cost control (if calls cost money)

Gotchas:

1. "Too strict, blocks legitimate traffic"
   Bad: 1 request/minute on public API
   Good: Match expected usage (100/minute for public, 10,000 for internal)

2. "No distinction between client types"
   Bad: Free user and premium user same limit
   Good: Premium gets higher limit, free gets lower

3. "Rate limits not visible"
   Bad: Client gets 429 with no explanation
   Good: Send X-RateLimit headers + Retry-After

4. "In-memory only on single server"
   Bad: Multiple servers, each has separate limits
   Good: Use Redis for distributed counting

5. "No graceful degradation"
   Bad: Instant reject when at limit
   Good: Queue requests, process in order

Pattern: Cache-Aside

Problem: Database is slow, customers wait. Same queries run repeatedly.

Solution: Check cache first, if miss, fetch from DB and cache it.

How it works:

Request arrives:
  1. Check cache: Is data there?
  2. Hit: Return immediately
  3. Miss: Query database, store in cache, return

Next request for same data:
  1. Check cache: Is data there?
  2. Hit: Return immediately (much faster)

Code:

def get_user(user_id):
    # Check cache first
    cached = cache.get(f"user:{user_id}")
    if cached:
        return cached

    # Cache miss, query database
    user = database.query(f"SELECT * FROM users WHERE id = {user_id}")

    # Store in cache for 5 minutes
    cache.set(f"user:{user_id}", user, expire=300)

    return user

Tools:

Redis (fast, flexible, recommended)
Memcached (simple, fast)
Database query cache (depends on database)

Pros:

Simple to implement
Huge performance improvement (10-100x faster)
Scales well (distribute caches across servers)

Cons:

Stale data (cache might be old)
Cache invalidation (when data changes)
Memory cost (storing data twice)

Gotchas:

1. "Cache stampede"
   Bad: Key expires, 100 requests hit DB simultaneously
   Good: Use locks (only 1 request queries DB, others wait for cache)

2. "Stale data"
   Bad: User updates profile, sees old data
   Good: Invalidate cache on write (delete from cache)

3. "Unbounded growth"
   Bad: Cache grows until server runs out of memory
   Good: Set TTL (time to live) on all cache entries

Pattern: Bulkhead

Problem: One part fails, brings down whole system. (If payments service crashes, orders service affected?)

Solution: Isolate resources. If one part is slow, doesn’t affect others.

How it works:

Without Bulkheads (Shared Resources):
  [Payment Service] ← Slow API
  [Order Service]   ← Shares connection pool

Result: Payment service uses all connections, Order service blocked

With Bulkheads (Isolated Resources):
  [Payment Service] ← Slow API, own connection pool
  [Order Service]   ← Uses different connection pool

Result: Payment slow, but Order service unaffected

Implementation:

# Without bulkheads (bad)
pool = ConnectionPool(size=10)  # Shared

def process_payment():
    # Might use 10 connections, starve other services
    for i in range(10):
        conn = pool.get_connection()

def process_order():
    # Can't get connections because payment took them all
    conn = pool.get_connection()


# With bulkheads (good)
payment_pool = ConnectionPool(size=5)
order_pool = ConnectionPool(size=5)

def process_payment():
    # Can use at most 5 connections
    for i in range(5):
        conn = payment_pool.get_connection()

def process_order():
    # Guaranteed at least 5 connections
    conn = order_pool.get_connection()

Thread pool bulkhead:

from concurrent.futures import ThreadPoolExecutor

# Each service has own thread pool
payment_executor = ThreadPoolExecutor(max_workers=5)
order_executor = ThreadPoolExecutor(max_workers=5)

def slow_payment_api_call():
    # Can use at most 5 threads
    return payment_executor.submit(call_api)

def order_processing():
    # Guaranteed to have threads available
    return order_executor.submit(process)

When to use:

Protecting against resource exhaustion
Services with different loads (payment slow, orders fast)
Critical systems that must stay available

Pattern Interactions

Circuit Breaker + Retry Interaction

Wrong: Retry without Circuit Breaker

[NO] Bad: Keep retrying failed service
Request 1 → Wait 1s, fail
Request 2 → Wait 2s, fail
Request 3 → Wait 4s, fail
...
Result: Slow cascading failure

Right: Circuit Breaker first, Retry later

[YES] Good: Circuit breaker detects failure, stops retrying
Request 1-5 → All fail → Circuit Breaker opens
Request 6 → Fail immediately (don't even try)
Request 7 → Half-open test → Success → Circuit closes
Retry: Automatic with exponential backoff for transient failures

Cache-Aside + Bulkhead Interaction

Problem: Cache stampede with bulkhead

Key expires, 100 requests hit database
Bulkhead: Only 5 threads available
95 requests queued, 5 in progress
Database overloaded

Solution: Lock-based cache repopulation

Request 1: Cache miss → Gets lock → Queries DB
Requests 2-100: Cache miss → Wait for lock → Get value from request 1
Result: Only 1 database query, others served from cache

Antipattern: Circuit Breaker Gone Wrong

What happened: Misconfigured protection

Scenario:
  Service B goes down
  Service A opens Circuit Breaker (stops calling B)
  Service A's request queue backs up
  Service A becomes slow

Cascade:
  Service C times out waiting for Service A
  Service C opens its Circuit Breaker
  Now both A and C affected because B is down

Lesson:
  Circuit Breaker helps temporarily
  Fix the root cause (why is Service B down?)
  Use async messaging to decouple
  Don't hide problems, solve them

/pb-patterns-core - Core architectural patterns (SOA, Event-Driven, Repository, DTO)
/pb-patterns-distributed - Distributed patterns (Saga, CQRS, Eventual Consistency)
/pb-patterns-async - Asynchronous patterns (Job Queues, Reactive Streams)
/pb-hardening - Production security hardening
/pb-incident - Incident response and recovery

Created: 2026-02-07 | Category: Architecture | Tier: L

Security Patterns & Microservice Security

Overview

Security in microservices requires a multi-layered approach: authentication proves who you are, authorization proves what you can do, and data protection ensures information stays safe. Rather than bolting security on at the end, effective architectures embed security patterns throughout design.

This guide covers proven security patterns for microservices, showing when to use each and real-world trade-offs.

Caveat: Security patterns can add significant complexity. Use /pb-preamble thinking (challenge assumptions, surface trade-offs) and /pb-design-rules thinking (does this pattern serve Simplicity while maintaining Robustness?).

Question threat models. Challenge assumed attack surfaces. Surface the real risk vs. implementation cost trade-off. Don’t add complexity without understanding the actual risk.

Resource Hint: sonnet - Security pattern reference; implementation-level authentication and authorization decisions.

Authentication Patterns

Authentication answers: “Are you who you claim to be?”

Pattern 1: OAuth 2.0 with Authorization Code Flow

When to use: Third-party integrations, user-facing APIs, token-based access

How it works:

User requests access to their data
App redirects to authorization server
User grants permission
Authorization server returns authorization code
App exchanges code for access token (backend-to-backend)
App uses access token to call APIs

Python Example:

from requests_oauthlib import OAuth2Session
from flask import Flask, request, redirect, url_for

app = Flask(__name__)
client_id = "your-client-id"
client_secret = "your-client-secret"
authorization_base_url = "https://auth.example.com/authorize"
token_url = "https://auth.example.com/token"

@app.route("/login")
def login():
    oauth = OAuth2Session(client_id, redirect_uri=url_for('callback', _external=True))
    authorization_url, state = oauth.authorization_url(authorization_base_url)
    session['oauth_state'] = state
    return redirect(authorization_url)

@app.route("/callback")
def callback():
    oauth = OAuth2Session(client_id, state=session['oauth_state'])
    token = oauth.fetch_token(
        token_url,
        client_secret=client_secret,
        authorization_response=request.url
    )
    session['oauth_token'] = token
    return redirect(url_for('dashboard'))

@app.route("/api/user-data")
def get_user_data():
    oauth = OAuth2Session(client_id, token=session['oauth_token'])
    user_data = oauth.get("https://api.example.com/user").json()
    return user_data

JavaScript Example:

// Frontend: Using OAuth 2.0 Authorization Code Flow with PKCE
const clientId = 'your-client-id';
const redirectUri = 'https://yourapp.com/callback';
const authorizationUrl = 'https://auth.example.com/authorize';

function generateCodeChallenge(codeVerifier) {
  return btoa(String.fromCharCode.apply(null,
    new Uint8Array(codeVerifier)
  )).replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
}

function loginWithOAuth() {
  const codeVerifier = generateRandomString(128);
  sessionStorage.setItem('code_verifier', codeVerifier);

  const codeChallenge = generateCodeChallenge(codeVerifier);
  const params = new URLSearchParams({
    client_id: clientId,
    response_type: 'code',
    scope: 'openid profile email',
    redirect_uri: redirectUri,
    code_challenge: codeChallenge,
    code_challenge_method: 'S256'
  });

  window.location.href = `${authorizationUrl}?${params}`;
}

// After redirect back to app
async function handleCallback(authCode) {
  const codeVerifier = sessionStorage.getItem('code_verifier');
  const response = await fetch('/api/token', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({
      grant_type: 'authorization_code',
      code: authCode,
      code_verifier: codeVerifier,
      client_id: clientId
    })
  });

  const { access_token } = await response.json();
  localStorage.setItem('access_token', access_token);
}

Go: Use golang.org/x/oauth2 with go-oidc/v3/oidc for OIDC. Same flow: redirect to auth URL, handle callback, exchange code for token, verify ID token claims.

Trade-offs:

✅ Industry standard, well-supported
✅ Doesn’t expose user password to application
✅ Easy delegation to third-party identity providers
❌ More complex than basic authentication
❌ Requires redirect flow (not suitable for server-to-server)

Antipatterns:

❌ Storing authorization codes indefinitely
❌ Sending access tokens through unsecured channels
❌ Not validating state parameter (CSRF vulnerability)
❌ Storing user password instead of using OAuth

Pattern 2: JWT (JSON Web Tokens) for API Authentication

When to use: Stateless API authentication, microservice-to-microservice, mobile apps

How it works:

Client authenticates with credentials
Server creates JWT (Header.Payload.Signature)
Client includes JWT in Authorization header for each request
Server validates signature to verify authenticity

JWT Structure:

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.
eyJzdWIiOiJ1c2VyMTIzIiwiZW1haWwiOiJ1c2VyQGV4YW1wbGUuY29tIiwiaWF0IjoxNTE2MjM5MDIyfQ.
SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Python Example:

import jwt
from datetime import datetime, timedelta
from flask import Flask, request, jsonify

app = Flask(__name__)
secret_key = "your-secret-key-keep-safe"

def create_jwt(user_id, email):
    payload = {
        'user_id': user_id,
        'email': email,
        'iat': datetime.utcnow(),
        'exp': datetime.utcnow() + timedelta(hours=24)
    }
    token = jwt.encode(payload, secret_key, algorithm='HS256')
    return token

def verify_jwt(token):
    try:
        payload = jwt.decode(token, secret_key, algorithms=['HS256'])
        return payload
    except jwt.ExpiredSignatureError:
        return None  # Token expired
    except jwt.InvalidTokenError:
        return None  # Invalid token

@app.route('/login', methods=['POST'])
def login():
    credentials = request.get_json()
    # Verify username/password (simplified)
    if verify_password(credentials['username'], credentials['password']):
        user = get_user(credentials['username'])
        token = create_jwt(user['id'], user['email'])
        return jsonify({'access_token': token})
    return jsonify({'error': 'Invalid credentials'}), 401

@app.before_request
def verify_token():
    if request.path.startswith('/api/'):
        auth_header = request.headers.get('Authorization')
        if not auth_header:
            return jsonify({'error': 'Missing token'}), 401

        try:
            token = auth_header.split(' ')[1]  # "Bearer <token>"
            payload = verify_jwt(token)
            if not payload:
                return jsonify({'error': 'Invalid token'}), 401
            request.user_id = payload['user_id']
        except:
            return jsonify({'error': 'Invalid token'}), 401

@app.route('/api/user-profile')
def user_profile():
    user = get_user_by_id(request.user_id)
    return jsonify(user)

Go: Use github.com/golang-jwt/jwt/v5 with custom claims struct. Same pattern: create with jwt.NewWithClaims(), verify with jwt.ParseWithClaims(), middleware extracts claims to context.

Trade-offs:

✅ Stateless (no server session needed)
✅ Scalable across multiple servers
✅ Works well for APIs and microservices
❌ Token size larger than session cookies
❌ Can’t revoke tokens immediately (use token blacklists for logout)

Antipatterns:

❌ Storing sensitive data in JWT (it’s base64-encoded, not encrypted)
❌ Using weak secret keys
❌ Not validating expiration
❌ Storing JWT in local storage (use httpOnly cookies for web apps)

Pattern 3: mTLS (Mutual TLS) for Service-to-Service Authentication

When to use: Internal microservice communication, service mesh, high-security requirements

How it works:

Both client and server present certificates
Both verify each other’s certificates
TLS handshake establishes encrypted connection
Communication is authenticated and encrypted

Go Example (mTLS Server):

package main

import (
  "crypto/tls"
  "log"
  "net/http"
)

func main() {
  // Load server certificate and key
  cert, err := tls.LoadX509KeyPair("server.crt", "server.key")
  if err != nil {
    log.Fatal(err)
  }

  // Load client CA certificate for verification
  caCert, err := ioutil.ReadFile("client-ca.crt")
  if err != nil {
    log.Fatal(err)
  }

  caCertPool := x509.NewCertPool()
  caCertPool.AppendCertsFromPEM(caCert)

  // Configure TLS with client certificate verification
  tlsConfig := &tls.Config{
    Certificates: []tls.Certificate{cert},
    ClientCAs:    caCertPool,
    ClientAuth:   tls.RequireAndVerifyClientCert,
    MinVersion:   tls.VersionTLS12,
  }

  server := &http.Server{
    Addr:      ":8443",
    TLSConfig: tlsConfig,
  }

  http.HandleFunc("/api/data", func(w http.ResponseWriter, r *http.Request) {
    // Client cert is verified by TLS layer
    clientName := r.TLS.PeerCertificates[0].Subject.CommonName
    log.Printf("Request from service: %s\n", clientName)
    w.WriteHeader(http.StatusOK)
    w.Write([]byte("Authenticated service data"))
  })

  log.Println("mTLS server listening on :8443")
  log.Fatal(server.ListenAndServeTLS("", ""))
}

Go Example (mTLS Client):

func createMTLSClient(certFile, keyFile, caFile string) (*http.Client, error) {
  // Load client certificate
  cert, err := tls.LoadX509KeyPair(certFile, keyFile)
  if err != nil {
    return nil, err
  }

  // Load server CA certificate
  caCert, err := ioutil.ReadFile(caFile)
  if err != nil {
    return nil, err
  }

  caCertPool := x509.NewCertPool()
  caCertPool.AppendCertsFromPEM(caCert)

  // Configure TLS
  tlsConfig := &tls.Config{
    Certificates: []tls.Certificate{cert},
    RootCAs:      caCertPool,
    MinVersion:   tls.VersionTLS12,
  }

  client := &http.Client{
    Transport: &http.Transport{
      TLSClientConfig: tlsConfig,
    },
  }

  return client, nil
}

// Usage
client, _ := createMTLSClient("client.crt", "client.key", "ca.crt")
resp, _ := client.Get("https://internal-service:8443/api/data")

Trade-offs:

✅ Strongest authentication (mutual verification)
✅ Encrypted in transit
✅ No shared secrets
❌ Certificate management overhead
❌ More complex to set up than API keys
❌ Performance cost of TLS handshake

Authorization Patterns

Authorization answers: “What are you allowed to do?”

Pattern 1: RBAC (Role-Based Access Control)

When to use: Most common authorization, clear role definitions

How it works: Users have roles, roles have permissions. Check if user’s role has required permission.

Python Example:

from enum import Enum
from functools import wraps

class Role(Enum):
    ADMIN = "admin"
    MANAGER = "manager"
    USER = "user"

class Permission(Enum):
    READ = "read"
    WRITE = "write"
    DELETE = "delete"
    MANAGE_USERS = "manage_users"

ROLE_PERMISSIONS = {
    Role.ADMIN: [Permission.READ, Permission.WRITE, Permission.DELETE, Permission.MANAGE_USERS],
    Role.MANAGER: [Permission.READ, Permission.WRITE, Permission.DELETE],
    Role.USER: [Permission.READ],
}

def require_permission(required_permission):
    def decorator(func):
        @wraps(func)
        def wrapper(*args, **kwargs):
            user_role = get_current_user_role()
            if required_permission not in ROLE_PERMISSIONS.get(user_role, []):
                raise PermissionError(f"User role {user_role} lacks {required_permission}")
            return func(*args, **kwargs)
        return wrapper
    return decorator

@app.route('/api/data', methods=['POST'])
@require_permission(Permission.WRITE)
def create_data():
    # Only users with WRITE permission can access this
    return jsonify({'created': True})

@app.route('/api/users/<user_id>', methods=['DELETE'])
@require_permission(Permission.MANAGE_USERS)
def delete_user(user_id):
    # Only admins can delete users
    return jsonify({'deleted': user_id})

Go Example:

type Role string

const (
  RoleAdmin    Role = "admin"
  RoleManager  Role = "manager"
  RoleUser     Role = "user"
)

type Permission string

const (
  PermissionRead       Permission = "read"
  PermissionWrite      Permission = "write"
  PermissionDelete     Permission = "delete"
  PermissionManageUsers Permission = "manage_users"
)

var rolePermissions = map[Role][]Permission{
  RoleAdmin:    {PermissionRead, PermissionWrite, PermissionDelete, PermissionManageUsers},
  RoleManager:  {PermissionRead, PermissionWrite, PermissionDelete},
  RoleUser:     {PermissionRead},
}

func hasPermission(userRole Role, requiredPerm Permission) bool {
  permissions := rolePermissions[userRole]
  for _, p := range permissions {
    if p == requiredPerm {
      return true
    }
  }
  return false
}

func requirePermission(perm Permission) func(http.Handler) http.Handler {
  return func(next http.Handler) http.Handler {
    return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
      userRole := getUserRole(r)
      if !hasPermission(userRole, perm) {
        http.Error(w, "Insufficient permissions", http.StatusForbidden)
        return
      }
      next.ServeHTTP(w, r)
    })
  }
}

// Usage
mux.HandleFunc("/api/data", requirePermission(PermissionWrite)(createDataHandler))
mux.HandleFunc("/api/users/{id}", requirePermission(PermissionManageUsers)(deleteUserHandler))

Trade-offs:

✅ Simple and understandable
✅ Easy to implement
❌ Inflexible for fine-grained control
❌ Doesn’t account for context (time, location, resource)

Pattern 2: ABAC (Attribute-Based Access Control)

When to use: Fine-grained control, context-dependent access, complex business rules

How it works: Access decisions based on attributes of user, resource, action, and environment.

Python Example:

from dataclasses import dataclass
from typing import Dict, Any

@dataclass
class AccessContext:
    user_id: int
    user_dept: str
    resource_owner: int
    resource_type: str
    resource_sensitivity: str
    action: str
    time_of_day: int
    is_vpn: bool

def check_access(context: AccessContext) -> bool:
    """
    Complex access control rules:
    - Users can only read/write their own data
    - Managers can read team data
    - High-sensitivity resources only accessible during business hours on VPN
    - Admins have unrestricted access
    """

    rules = [
        # Rule 1: Owner can always access their own data
        lambda ctx: ctx.user_id == ctx.resource_owner,

        # Rule 2: Managers can read team data
        lambda ctx: (ctx.user_dept == "management" and
                    ctx.action == "read" and
                    ctx.resource_type == "team_data"),

        # Rule 3: High-sensitivity only during business hours on VPN
        lambda ctx: not (ctx.resource_sensitivity == "high" and
                        (ctx.time_of_day < 9 or ctx.time_of_day > 17 or not ctx.is_vpn)),

        # Rule 4: Admins bypass all checks
        lambda ctx: ctx.user_dept == "admin",
    ]

    return any(rule(context) for rule in rules)

# Usage
context = AccessContext(
    user_id=123,
    user_dept="engineering",
    resource_owner=123,
    resource_type="personal_data",
    resource_sensitivity="high",
    action="read",
    time_of_day=14,
    is_vpn=True
)

if check_access(context):
    return get_resource()
else:
    raise PermissionError("Access denied")

Trade-offs:

✅ Highly flexible
✅ Handles complex business logic
❌ Hard to understand and maintain
❌ Performance overhead of evaluation

Secret Management Patterns

Pattern 1: Encrypted Secret Vault

When to use: Production applications, sensitive credentials (API keys, database passwords)

Go Example with HashiCorp Vault:

import "github.com/hashicorp/vault/api"

func getSecretFromVault(secretPath string) (string, error) {
  config := api.DefaultConfig()
  config.Address = "https://vault.example.com:8200"

  client, err := api.NewClient(config)
  if err != nil {
    return "", err
  }

  // Authenticate with service token or approle
  auth := client.Auth().Token()
  secret, err := auth.RenewSelf(1, 3600)
  if err != nil {
    return "", err
  }

  // Read secret
  secret, err = client.Logical().Read(secretPath)
  if err != nil {
    return "", err
  }

  // Extract value
  dbPassword := secret.Data["data"].(map[string]interface{})["password"].(string)
  return dbPassword, nil
}

// Usage
dbPassword, _ := getSecretFromVault("secret/database/prod")
db.Connect(dbPassword)

Trade-offs:

✅ Centralized secret management
✅ Audit trail of secret access
✅ Rotation without app restart
❌ Additional infrastructure
❌ Single point of failure

Data Protection Patterns

Pattern 1: Encryption at Rest

When to use: Sensitive data in databases, file systems, backups

Python Example:

from cryptography.fernet import Fernet
import base64
import hashlib

def encrypt_field(plaintext: str, encryption_key: str) -> str:
    """Encrypt a single field using Fernet (AES)"""
    key = base64.urlsafe_b64encode(
        hashlib.sha256(encryption_key.encode()).digest()
    )
    cipher = Fernet(key)
    encrypted = cipher.encrypt(plaintext.encode())
    return encrypted.decode()

def decrypt_field(ciphertext: str, encryption_key: str) -> str:
    """Decrypt a field"""
    key = base64.urlsafe_b64encode(
        hashlib.sha256(encryption_key.encode()).digest()
    )
    cipher = Fernet(key)
    decrypted = cipher.decrypt(ciphertext.encode())
    return decrypted.decode()

# Usage in ORM
class User(Base):
    __tablename__ = 'users'

    id = Column(Integer, primary_key=True)
    email = Column(String)
    ssn = Column(String)  # Always encrypted

    @property
    def ssn_decrypted(self):
        return decrypt_field(self.ssn, app.config['ENCRYPTION_KEY'])

    @ssn_decrypted.setter
    def ssn_decrypted(self, value):
        self.ssn = encrypt_field(value, app.config['ENCRYPTION_KEY'])

# In database: ssn is stored encrypted
user = User(email='user@example.com')
user.ssn_decrypted = '123-45-6789'  # Automatically encrypted on save
session.add(user)
session.commit()  # Stored as encrypted ciphertext

# On retrieval: transparently decrypted
retrieved_user = session.query(User).first()
print(retrieved_user.ssn_decrypted)  # '123-45-6789'

Trade-offs:

✅ Protects data at rest (database breaches)
✅ Compliance requirement (PCI-DSS, HIPAA, GDPR)
❌ Key management complexity
❌ Performance overhead (encrypt/decrypt on every access)

Input Validation Pattern

Validate All External Input

When to use: Every entry point (APIs, forms, file uploads, external systems)

Python Example:

from pydantic import BaseModel, EmailStr, Field, validator
from typing import Optional

class UserCreateRequest(BaseModel):
    email: EmailStr
    username: str = Field(..., min_length=3, max_length=50)
    password: str = Field(..., min_length=8)
    age: int = Field(..., ge=0, le=150)

    @validator('username')
    def username_alphanumeric(cls, v):
        if not v.isalnum():
            raise ValueError('must be alphanumeric')
        return v

    @validator('password')
    def password_complexity(cls, v):
        if not any(c.isupper() for c in v):
            raise ValueError('must contain uppercase')
        if not any(c.isdigit() for c in v):
            raise ValueError('must contain number')
        return v

@app.post("/api/users")
def create_user(user: UserCreateRequest):
    # pydantic validates automatically
    # Invalid input returns 422 error
    db_user = create_in_db(user.dict())
    return db_user

Go Example:

type UserCreateRequest struct {
  Email    string `json:"email" binding:"required,email"`
  Username string `json:"username" binding:"required,min=3,max=50"`
  Password string `json:"password" binding:"required,min=8"`
  Age      int    `json:"age" binding:"required,min=0,max=150"`
}

func createUser(c *gin.Context) {
  var req UserCreateRequest

  // Validate input
  if err := c.ShouldBindJSON(&req); err != nil {
    c.JSON(http.StatusBadRequest, gin.H{"error": err.Error()})
    return
  }

  // Additional validation
  if !isStrongPassword(req.Password) {
    c.JSON(http.StatusBadRequest, gin.H{"error": "weak password"})
    return
  }

  user := createInDB(req)
  c.JSON(http.StatusCreated, user)
}

func isStrongPassword(pwd string) bool {
  hasUpper := false
  hasDigit := false
  for _, c := range pwd {
    if unicode.IsUpper(c) {
      hasUpper = true
    }
    if unicode.IsDigit(c) {
      hasDigit = true
    }
  }
  return hasUpper && hasDigit && len(pwd) >= 8
}

Common Security Antipatterns

❌ Storing passwords in plaintext - Always hash with bcrypt/scrypt ❌ Logging sensitive data - Never log passwords, tokens, PII ❌ Hardcoding secrets - Use vault or environment variables ❌ SQL injection - Use parameterized queries, never string concatenation ❌ XSS vulnerabilities - Always encode/escape output ❌ Trusting client-side validation - Always validate server-side ❌ Weak TLS versions - Use TLS 1.2+ minimum ❌ Ignoring certificate expiration - Monitor and rotate regularly

When to Use Security Patterns

Use these patterns when:

Building APIs with external users
Handling sensitive data (PII, payments, health)
Meeting compliance requirements (HIPAA, GDPR, PCI-DSS, SOC 2)
Building multi-tenant systems
Microservices with inter-service communication

Don’t over-engineer:

Internal tools with limited users: simple auth is fine
Publicly documented data: encryption not needed
MVPs: start simple, add security as you scale

See /pb-security for security review checklist
See /pb-review-microservice for microservice security review
See /pb-patterns-core for OWASP patterns overview
See /pb-logging for secure logging practices

Use these patterns as building blocks. Security is layered, not single-solution.

Cloud Deployment Patterns (AWS, GCP, Azure)

Overview

Cloud platforms (AWS, GCP, Azure) offer multiple ways to deploy the same architecture. Choosing patterns based on your constraints-cost, latency, skill, scale-is crucial. This guide covers proven deployment patterns across the three major cloud platforms, with real-world trade-offs.

Caveat: Each platform has competing patterns. Use /pb-preamble thinking (challenge assumptions, surface trade-offs) and /pb-design-rules thinking (especially Simplicity and Parsimony-choose what you actually need, not what’s available).

Question your actual constraints before choosing. Challenge vendor recommendations. The cheapest or most featured pattern isn’t always the right one. Choose based on your requirements, not vendor features.

Resource Hint: sonnet - Cloud deployment pattern reference; platform-specific implementation guidance.

AWS Patterns

Pattern 1: API on EC2 with RDS

When to use: Small-to-medium services, full control needed, existing infrastructure knowledge

How it works:

Application runs on EC2 instances (managed servers)
PostgreSQL/MySQL in RDS (managed database)
Auto Scaling Group scales instances based on CPU/memory
Application Load Balancer (ALB) distributes traffic

Go/Python Example (Deployment):

# AWS CloudFormation template (simplified)
AWSTemplateFormatVersion: '2010-09-09'
Resources:
  # Security group
  WebSecurityGroup:
    Type: AWS::EC2::SecurityGroup
    Properties:
      GroupDescription: Allow HTTP/HTTPS
      SecurityGroupIngress:
        - IpProtocol: tcp
          FromPort: 80
          ToPort: 80
          CidrIp: 0.0.0.0/0
        - IpProtocol: tcp
          FromPort: 443
          ToPort: 443
          CidrIp: 0.0.0.0/0

  # RDS Database
  Database:
    Type: AWS::RDS::DBInstance
    Properties:
      DBInstanceClass: db.t3.micro
      Engine: postgres
      AllocatedStorage: 20
      MasterUsername: admin
      MasterUserPassword: !Sub '{{resolve:secretsmanager:db-password::password}}'
      VPCSecurityGroups:
        - !GetAtt WebSecurityGroup.GroupId

  # Launch Configuration
  LaunchConfig:
    Type: AWS::AutoScaling::LaunchConfiguration
    Properties:
      ImageId: ami-0c55b159cbfafe1f0  # Amazon Linux 2
      InstanceType: t3.micro
      UserData:
        Fn::Base64: |
          #!/bin/bash
          yum update -y
          yum install -y golang
          git clone https://github.com/yourorg/app.git /app
          cd /app
          go build -o app ./cmd/main.go
          ./app

  # Auto Scaling Group
  AutoScalingGroup:
    Type: AWS::AutoScaling::AutoScalingGroup
    Properties:
      LaunchConfigurationName: !Ref LaunchConfig
      MinSize: 2
      MaxSize: 10
      DesiredCapacity: 2
      LoadBalancerNames:
        - !Ref LoadBalancer
      VPCZoneIdentifier:
        - subnet-12345678
        - subnet-87654321

  # Load Balancer
  LoadBalancer:
    Type: AWS::ElasticLoadBalancingV2::LoadBalancer
    Properties:
      Type: application
      Scheme: internet-facing
      Subnets:
        - subnet-12345678
        - subnet-87654321

Terraform Alternative:

provider "aws" {
  region = "us-east-1"
}

# RDS Database
resource "aws_db_instance" "app_db" {
  identifier     = "app-db"
  engine         = "postgres"
  engine_version = "14"
  instance_class = "db.t3.micro"
  allocated_storage = 20
  username       = "admin"
  password       = random_password.db.result
  skip_final_snapshot = true

  lifecycle {
    ignore_changes = [password]
  }
}

# EC2 Instance
resource "aws_instance" "app_server" {
  count           = 2
  ami             = data.aws_ami.amazon_linux.id
  instance_type   = "t3.micro"
  security_groups = [aws_security_group.app.id]

  user_data = base64encode(file("${path.module}/user_data.sh"))

  tags = {
    Name = "app-server-${count.index + 1}"
  }
}

# Application Load Balancer
resource "aws_lb" "app" {
  name               = "app-alb"
  internal           = false
  load_balancer_type = "application"
  security_groups    = [aws_security_group.alb.id]
  subnets            = aws_subnet.public[*].id
}

Trade-offs:

✅ Full control over infrastructure
✅ Cost-effective for steady workloads
✅ Familiar to traditional sysadmins
❌ Requires managing patches, security
❌ Manual scaling not as responsive
❌ Overkill for small/bursty workloads

Pattern 2: Containerized Service on ECS

When to use: Consistent deployments, rolling updates, container-based workflows

How it works:

Application containerized in Docker
ECS Fargate runs containers (serverless container orchestration)
RDS for data persistence
ALB routes traffic
CloudWatch monitors logs and metrics

Dockerfile:

FROM golang:1.21 AS builder
WORKDIR /build
COPY . .
RUN go build -o app ./cmd/main.go

FROM debian:bookworm-slim
COPY --from=builder /build/app /app
EXPOSE 8080
CMD ["/app"]

AWS CloudFormation (ECS Fargate):

Resources:
  ECRRepository:
    Type: AWS::ECR::Repository
    Properties:
      RepositoryName: app
      ImageScanningConfiguration:
        ScanOnPush: true

  TaskExecutionRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: ecs-tasks.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AmazonECSTaskExecutionRolePolicy

  TaskDefinition:
    Type: AWS::ECS::TaskDefinition
    Properties:
      Family: app-task
      NetworkMode: awsvpc
      RequiresCompatibilities:
        - FARGATE
      Cpu: 256
      Memory: 512
      ExecutionRoleArn: !GetAtt TaskExecutionRole.Arn
      ContainerDefinitions:
        - Name: app
          Image: !Sub '${AWS::AccountId}.dkr.ecr.${AWS::Region}.amazonaws.com/app:latest'
          PortMappings:
            - ContainerPort: 8080
          Environment:
            - Name: DATABASE_URL
              Value: !Sub 'postgres://user:pass@${Database.Endpoint.Address}:5432/app'
          LogConfiguration:
            LogDriver: awslogs
            Options:
              awslogs-group: !Ref LogGroup
              awslogs-region: !Ref AWS::Region
              awslogs-stream-prefix: ecs

  Service:
    Type: AWS::ECS::Service
    DependsOn: LoadBalancerListener
    Properties:
      Cluster: !Ref Cluster
      TaskDefinition: !Ref TaskDefinition
      DesiredCount: 2
      LaunchType: FARGATE
      NetworkConfiguration:
        AwsvpcConfiguration:
          AssignPublicIp: DISABLED
          Subnets: [subnet-12345, subnet-67890]
          SecurityGroups: [sg-abc123]
      LoadBalancers:
        - ContainerName: app
          ContainerPort: 8080
          TargetGroupArn: !Ref TargetGroup

  AutoScaling:
    Type: AWS::ApplicationAutoScaling::ScalableTarget
    Properties:
      MaxCapacity: 10
      MinCapacity: 2
      ResourceId: !Sub 'service/${Cluster}/${Service.Name}'
      RoleARN: !Sub 'arn:aws:iam::${AWS::AccountId}:role/service-role'
      ScalableDimension: ecs:service:DesiredCount
      ServiceNamespace: ecs

  ScalingPolicy:
    Type: AWS::ApplicationAutoScaling::ScalingPolicy
    Properties:
      PolicyName: cpu-scaling
      PolicyType: TargetTrackingScaling
      ScalingTargetId: !Ref AutoScaling
      TargetTrackingScalingPolicyConfiguration:
        TargetValue: 70.0
        PredefinedMetricSpecification:
          PredefinedMetricType: ECSServiceAverageCPUUtilization
        ScaleOutCooldown: 60
        ScaleInCooldown: 300

Trade-offs:

✅ Consistent deployments (same container everywhere)
✅ Easy rolling updates
✅ Fargate abstracts infrastructure
❌ Docker knowledge required
❌ Less control than EC2
❌ Startup time longer than serverless

Pattern 3: API Gateway + Lambda (Serverless)

When to use: Event-driven, variable load, minimal operations, cost-conscious

How it works:

API Gateway exposes HTTP endpoint
Lambda functions execute on-demand
DynamoDB for ultra-high throughput data
Pay only for compute used

Go Lambda Example:

package main

import (
  "context"
  "github.com/aws/aws-lambda-go/events"
  "github.com/aws/aws-lambda-go/lambda"
)

func HandleRequest(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
  // Get user ID from path
  userID := request.PathParameters["id"]

  // Query DynamoDB
  item, err := getUser(userID)
  if err != nil {
    return events.APIGatewayProxyResponse{
      StatusCode: 500,
      Body:       "Error retrieving user",
    }, nil
  }

  return events.APIGatewayProxyResponse{
    StatusCode: 200,
    Body:       item.String(),
  }, nil
}

func main() {
  lambda.Start(HandleRequest)
}

CloudFormation:

Resources:
  ApiRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
            Action: sts:AssumeRole
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: dynamodb-access
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Effect: Allow
                Action:
                  - dynamodb:GetItem
                  - dynamodb:PutItem
                  - dynamodb:Query
                Resource: !GetAtt UsersTable.Arn

  GetUserFunction:
    Type: AWS::Lambda::Function
    Properties:
      FunctionName: get-user
      Runtime: go1.x
      Handler: bootstrap
      Code:
        S3Bucket: deployment-bucket
        S3Key: lambda.zip
      Role: !GetAtt ApiRole.Arn
      Environment:
        Variables:
          TABLE_NAME: !Ref UsersTable

  ApiGateway:
    Type: AWS::ApiGatewayV2::Api
    Properties:
      Name: user-api
      ProtocolType: HTTP

  ApiRoute:
    Type: AWS::ApiGatewayV2::Route
    Properties:
      ApiId: !Ref ApiGateway
      RouteKey: 'GET /users/{id}'
      Target: !Sub 'integrations/${GetUserIntegration}'

  GetUserIntegration:
    Type: AWS::ApiGatewayV2::Integration
    Properties:
      ApiId: !Ref ApiGateway
      IntegrationType: AWS_PROXY
      IntegrationUri: !Sub 'arn:aws:apigatewayv2:${AWS::Region}:lambda:path/2015-03-31/functions/${GetUserFunction}/invocations'
      PayloadFormatVersion: '2.0'

  UsersTable:
    Type: AWS::DynamoDB::Table
    Properties:
      TableName: Users
      BillingMode: PAY_PER_REQUEST
      AttributeDefinitions:
        - AttributeName: userId
          AttributeType: S
      KeySchema:
        - AttributeName: userId
          KeyType: HASH

Trade-offs:

✅ No infrastructure management
✅ Cost-effective for bursty load
✅ Automatic scaling
❌ Cold start latency (500ms+)
❌ Limited execution time (15 minutes)
❌ Harder to debug and test

GCP Patterns

Pattern 1: Cloud Run (Containers)

When to use: Containerized services, stateless workloads, simple to manage

How it works:

Push container to Container Registry
Cloud Run deploys and manages
Auto-scales based on requests
Traffic split for canary deployments
Cloud SQL for databases

Deployment (gcloud CLI):

# Build container
gcloud builds submit --tag gcr.io/PROJECT/app:latest

# Deploy to Cloud Run
gcloud run deploy app \
  --image gcr.io/PROJECT/app:latest \
  --platform managed \
  --region us-central1 \
  --memory 512Mi \
  --cpu 1 \
  --min-instances 1 \
  --max-instances 100 \
  --allow-unauthenticated \
  --set-env-vars DATABASE_URL=cloudsql://... \
  --clear-sql-instances

# Canary deployment (10% to new version)
gcloud run services update-traffic app \
  --to-revisions app-v1=90,app-v2=10 \
  --region us-central1

Terraform:

resource "google_cloud_run_service" "app" {
  name     = "app"
  location = "us-central1"

  template {
    spec {
      containers {
        image = "gcr.io/my-project/app:latest"
        ports {
          container_port = 8080
        }
        env {
          name  = "DATABASE_URL"
          value = google_sql_database_instance.postgres.connection_name
        }
        resources {
          limits = {
            cpu    = "1"
            memory = "512Mi"
          }
        }
      }
      service_account_name = google_service_account.app.email
      timeout_seconds      = 3600
    }
    metadata {
      annotations = {
        "autoscaling.knative.dev/maxScale" = "100"
        "autoscaling.knative.dev/minScale" = "1"
      }
    }
  }

  traffic {
    percent        = 100
    latest_revision = true
  }
}

resource "google_cloud_run_service_iam_member" "public" {
  service  = google_cloud_run_service.app.name
  location = google_cloud_run_service.app.location
  role     = "roles/run.invoker"
  member   = "allUsers"
}

Trade-offs:

✅ Simple deployment (push container, auto-manages)
✅ Easy traffic splitting (canary/blue-green)
✅ Pay per request
❌ Cold start for idle services
❌ Limited to 1 hour execution
❌ Not suitable for background jobs

Pattern 2: GKE (Kubernetes)

When to use: Complex microservice architectures, multi-region, advanced networking

How it works:

Kubernetes cluster manages containers
Service mesh (Istio) for networking
Advanced routing, load balancing, retry logic
StatefulSet for stateful services

Kubernetes Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  replicas: 3
  selector:
    matchLabels:
      app: api
  template:
    metadata:
      labels:
        app: api
    spec:
      containers:
      - name: app
        image: gcr.io/project/app:v1.2
        ports:
        - containerPort: 8080
        env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: db-credentials
              key: url
        resources:
          requests:
            cpu: 100m
            memory: 128Mi
          limits:
            cpu: 500m
            memory: 512Mi
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          initialDelaySeconds: 10
          periodSeconds: 10
        readinessProbe:
          httpGet:
            path: /ready
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5

---
apiVersion: v1
kind: Service
metadata:
  name: app
spec:
  selector:
    app: api
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
  type: LoadBalancer

---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: app-hpa
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: app
  minReplicas: 3
  maxReplicas: 50
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70

Trade-offs:

✅ Powerful multi-region orchestration
✅ Advanced networking and routing
✅ Service mesh capabilities
❌ Steep learning curve
❌ Operational overhead
❌ Overkill for simple services

Azure Patterns

Pattern 1: App Service (PaaS)

When to use: Simple to moderately complex services, .NET/Node/Python/Go apps

How it works:

Deploy code or container directly
App Service handles infrastructure
Auto-scaling based on metrics
Azure Database (SQL, PostgreSQL, MySQL)
Traffic Manager for multi-region

Azure CLI Deployment:

# Create App Service plan
az appservice plan create \
  --name myplan \
  --resource-group mygroup \
  --sku B1 \
  --is-linux

# Create App Service
az webapp create \
  --resource-group mygroup \
  --plan myplan \
  --name myapp \
  --runtime "go|1.21"

# Deploy from GitHub
az webapp deployment github-actions add \
  --repo-url https://github.com/user/app \
  --branch main \
  --runtime-version 1.21

# Configure environment
az webapp config appsettings set \
  --resource-group mygroup \
  --name myapp \
  --settings DATABASE_URL="Server=mydb..." ENVIRONMENT="production"

# Enable auto-scaling
az monitor autoscale create \
  --resource-group mygroup \
  --resource myapp \
  --resource-type "microsoft.web/serverfarms" \
  --min-count 2 \
  --max-count 10 \
  --count 2

az monitor autoscale rule create \
  --resource-group mygroup \
  --autoscale-name myappautoscale \
  --condition "Percentage CPU > 70 avg 5m" \
  --scale out 1

Terraform:

resource "azurerm_app_service_plan" "app" {
  name                = "app-plan"
  location            = azurerm_resource_group.app.location
  resource_group_name = azurerm_resource_group.app.name
  kind                = "Linux"
  reserved            = true

  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_app_service" "app" {
  name                = "myapp"
  location            = azurerm_resource_group.app.location
  resource_group_name = azurerm_resource_group.app.name
  app_service_plan_id = azurerm_app_service_plan.app.id

  site_config {
    linux_fx_version = "DOCKER|myregistry.azurecr.io/app:latest"
  }

  app_settings = {
    DATABASE_URL = azurerm_postgresql_server.db.fqdn
    ENVIRONMENT  = "production"
  }
}

resource "azurerm_monitor_autoscale_setting" "app" {
  name                = "app-autoscale"
  resource_group_name = azurerm_resource_group.app.name
  location            = azurerm_resource_group.app.location
  target_resource_id  = azurerm_app_service_plan.app.id

  profile {
    name = "default"

    capacity {
      default = 2
      minimum = 2
      maximum = 10
    }

    rule {
      metric_trigger {
        metric_name        = "CpuPercentage"
        metric_resource_id = azurerm_app_service_plan.app.id
        time_grain         = "PT1M"
        statistic          = "Average"
        time_window        = "PT5M"
        operator           = "GreaterThan"
        threshold          = 70
      }
      scale_action {
        direction = "Increase"
        type      = "ChangeCount"
        value     = 1
        cooldown  = "PT5M"
      }
    }
  }
}

Trade-offs:

✅ Simple to deploy and manage
✅ Good integration with .NET ecosystem
✅ Built-in auto-scaling
❌ Less control than IaaS
❌ Vendor lock-in to Azure
❌ Cold starts for idle apps

Pattern 2: Azure Container Instances + Functions

When to use: Serverless workloads, event-driven, minimal management

How it works:

Azure Functions run code on demand
Timer triggers, HTTP triggers, event triggers
Auto-scaling per trigger
Pay per execution

Python Azure Function Example:

import azure.functions as func
import json
from azure.data.tables import TableClient

def main(req: func.HttpRequest) -> func.HttpResponse:
    user_id = req.route_params.get('id')

    try:
        # Query Azure Table Storage
        table_client = TableClient.from_connection_string(
            conn_str=os.environ['STORAGE_CONNECTION_STRING'],
            table_name='Users'
        )
        entity = table_client.get_entity(partition_key='user', row_key=user_id)

        return func.HttpResponse(json.dumps(entity), status_code=200)
    except:
        return func.HttpResponse("User not found", status_code=404)

Terraform:

resource "azurerm_function_app" "app" {
  name                       = "myapp"
  location                   = azurerm_resource_group.app.location
  resource_group_name        = azurerm_resource_group.app.name
  app_service_plan_id        = azurerm_app_service_plan.consumption.id
  storage_account_name       = azurerm_storage_account.app.name
  storage_account_access_key = azurerm_storage_account.app.primary_access_key

  app_settings = {
    FUNCTIONS_WORKER_RUNTIME       = "python"
    APPINSIGHTS_INSTRUMENTATIONKEY = azurerm_application_insights.app.instrumentation_key
  }
}

Trade-offs:

✅ No infrastructure management
✅ Cheap for sporadic workloads
✅ Event-driven (timers, queues, HTTP)
❌ 10-minute execution limit
❌ Cold start latency
❌ Vendor lock-in

Cloud Selection Matrix

Pattern	AWS	GCP	Azure	Best For
Simple CRUD API	EC2+RDS	Cloud Run	App Service	Simplicity
Serverless Events	Lambda+DynamoDB	Cloud Functions	Functions	Cost-sensitive, bursty
Kubernetes Microservices	EKS	GKE	AKS	Complex, multi-region
Container Services	ECS Fargate	Cloud Run	Container Instances	Consistency
Global CDN	CloudFront	Cloud CDN	Azure CDN	Static/media content
Data Warehouse	Redshift	BigQuery	Synapse	Analytics
Message Queue	SQS	Pub/Sub	Service Bus	Async processing

Cost Comparison (Example: API server, 1M requests/month)

Platform	Compute	Database	Total (monthly)
AWS Lambda	$0.20	$8	$8.20
AWS EC2	$15	$8	$23
GCP Cloud Run	$2.50	$12	$14.50
Azure Functions	$0.16	$15	$15.16

Costs vary by region, data transfer, and specific services. Use cloud calculators for accurate estimates.

Anti-Patterns

❌ Lift-and-shift without optimization - Refactor for cloud, not just migrate ❌ Multi-cloud without strategy - Complexity without clear benefit ❌ Ignoring data residency - Some data must stay in specific regions ❌ Not monitoring costs - Cloud spending grows silently ❌ Manual infrastructure - Use Infrastructure as Code (Terraform, CloudFormation) ❌ No disaster recovery - Plan for region failures

When to Use Cloud Patterns

MVP: Start simple (Lambda/Cloud Functions), add complexity as needed
High scale: Multi-region architecture with data replication
Cost-sensitive: Serverless for bursty workloads
Operations-heavy: Kubernetes for full control
Simple services: PaaS (App Service, Cloud Run)

/pb-deployment - Deployment strategy selection
/pb-patterns-core - Architectural patterns
/pb-observability - Cloud monitoring setup
/pb-patterns-distributed - Multi-region patterns
/pb-zero-stack - $0/month app architecture (static + edge proxy + CI)

Choose cloud patterns based on your constraints: cost, skill, latency, scale. Start simple, evolve with needs.

Deployment Patterns & Strategies

Reference guide for deployment strategies, patterns, and best practices. Use this to learn about and plan deployment approaches.

For executing deployments, use /pb-deployment (actionable deployment workflow).

Principle: Every deployment strategy involves trade-offs.

Use /pb-preamble thinking: question your actual risk tolerance before choosing. Use /pb-design-rules thinking: balance Simplicity (don’t use complex strategies you don’t need) with Robustness (design for failure and rollback). Challenge whether you need the complexity of advanced strategies or if simpler approaches work.

Resource Hint: sonnet - Deployment pattern reference; implementation-level release strategy decisions.

When to Use

Choosing a deployment strategy for a new service or major release
Evaluating risk tolerance and rollback requirements
Planning blue-green, canary, or rolling deployments

Purpose

Deployment is a controlled risk. Goals:

Zero downtime: Users don’t notice deployment
Fast rollback: If something breaks, revert in seconds
Gradual rollout: Start small, expand to all users
Safety first: Catch problems before users see them

Deployment Strategies

Choose strategy based on risk and scope.

Strategy 1: Blue-Green Deployment (Safest)

How it works:

Keep current version running (Blue)
Deploy new version to separate environment (Green)
Test Green environment fully
Switch traffic to Green instantly
Old Blue stays running for quick rollback

Diagram:

Before:
  Users → [Blue - current version running]

Deploy:
  Users → [Blue - current version]
  [Green - new version deployed, not receiving traffic yet]

After:
  Users → [Green - new version live]
  [Blue - previous version, ready for rollback]

Advantages:

Zero downtime (instant switch)
Fast rollback (switch back to Blue)
Full testing before traffic switch
Two environments to compare

Disadvantages:

Expensive (need 2x resources)
Database migrations must be compatible
Can’t test at full production load

When to use:

Critical systems (payment, auth)
Zero downtime required
Budget allows 2x infrastructure

Implementation:

# 1. Deploy new version to green environment
kubectl set image deployment/app-green app=myapp:v2.0

# 2. Wait for green to be ready
kubectl rollout status deployment/app-green

# 3. Test green (health checks pass)
curl http://green.internal/health  # Should return 200

# 4. Switch traffic
kubectl patch service app -p '{"spec":{"selector":{"version":"v2.0"}}}'

# 5. If broken, switch back instantly
kubectl patch service app -p '{"spec":{"selector":{"version":"v1.0"}}}'

Strategy 2: Canary Deployment (Balanced)

How it works:

Deploy new version alongside current
Send small % of traffic to new version (5%)
Monitor for errors
Gradually increase % (5% → 25% → 50% → 100%)
If errors spike, rollback the canary

Diagram:

Phase 1: 5% traffic to v2.0
  90% → [v1.0 - stable]
  10% → [v2.0 - canary, low traffic]

Phase 2: 50% traffic to v2.0
  50% → [v1.0]
  50% → [v2.0]

Phase 3: 100% traffic to v2.0
  [v2.0 - all traffic, fully rolled out]

Advantages:

Catch bugs with real traffic (small blast radius)
Gradual rollout (if errors, affect few users)
Monitor real user impact
Easy to rollback (just reduce canary %)

Disadvantages:

Longer deployment time (30min - 2 hours)
Complex monitoring (compare v1 vs v2 metrics)
Database must be compatible

When to use:

Medium-risk deployments
Want real traffic testing
Can monitor and react quickly

Implementation:

# Kubernetes Canary with Flagger
---
apiVersion: flagger.app/v1beta1
kind: Canary
metadata:
  name: app
spec:
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: app
  service:
    port: 80

  # Gradually shift traffic
  skipAnalysis: false
  analysis:
    interval: 1m
    threshold: 5  # Max 5% error rate increase
    maxWeight: 50  # Max 50% traffic in canary phase
    stepWeight: 5  # Increase by 5% each minute

  metrics:
  - name: error-rate
    thresholdRange:
      max: 0.05  # Error rate < 5%
  - name: latency
    thresholdRange:
      max: 500m  # P99 latency < 500ms

Manual canary (without Flagger):

# 1. Deploy new version (initially gets 0% traffic)
kubectl set image deployment/app app=myapp:v2.0

# 2. Verify new pods are healthy
kubectl get pods -l app=app

# 3. Use load balancer to send 5% traffic to v2.0
kubectl patch service app -p '{"spec":{"trafficPolicy":{"canary":{"weight":5}}}}'

# 4. Monitor error rate and latency (should match v1.0)
# Watch metrics dashboard for 5 minutes

# 5. If good, increase to 25%
kubectl patch service app -p '{"spec":{"trafficPolicy":{"canary":{"weight":25}}}}'

# 6. If errors spike, rollback to 0%
kubectl patch service app -p '{"spec":{"trafficPolicy":{"canary":{"weight":0}}}}'
kubectl delete deployment app

Strategy 3: Rolling Deployment (Fast)

How it works:

Gradually replace old instances with new
Take down one instance, deploy new, bring up
Repeat until all replaced
If errors detected, stop and rollback

Diagram:

Phase 1: Replace 1/5 instances
  [v1.0] [v1.0] [v1.0] [v1.0] [v2.0]

Phase 2: Replace 2/5 instances
  [v1.0] [v1.0] [v1.0] [v2.0] [v2.0]

Phase 3: All replaced
  [v2.0] [v2.0] [v2.0] [v2.0] [v2.0]

Advantages:

No extra infrastructure needed
Fast (completes in minutes)
Automatic rollback on error
Uses existing instance capacity

Disadvantages:

Temporary reduced capacity during rollout
Must support both versions simultaneously (database!)
Can’t fully test before rolling out
Harder rollback (must roll back the rollout)

When to use:

Budget-constrained
Fast deployments
Confident in changes

Implementation:

# Kubernetes Rolling Update (default)
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
spec:
  replicas: 5
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1  # Max 1 extra instance during rollout
      maxUnavailable: 0  # Min 0 unavailable (no service interruption)

  template:
    spec:
      containers:
      - name: app
        image: myapp:v2.0  # New version

        # Health check (stop rollout if failing)
        readinessProbe:
          httpGet:
            path: /health
            port: 8000
          initialDelaySeconds: 10
          periodSeconds: 5

Feature Flags: Deploy Without Releasing

Problem: New code deployed but not visible to users (until enabled).

Solution: Feature flags to toggle features on/off without redeploying.

# Feature flag pattern
def checkout():
    # Old code still runs (feature flag OFF)
    if feature_flag_enabled('new_checkout'):
        return new_checkout()  # New code (feature flag ON)
    else:
        return old_checkout()  # Old code

Benefits:

Decouple deployment from release
Deploy at any time (flag off)
Release when ready (flag on)
Instant rollback (flag off)
A/B testing (flag on for 10% of users)

Implementation:

# Using LaunchDarkly or similar
import ld_client

def checkout():
    user = get_current_user()

    # Check if flag enabled for this user
    if ld_client.variation('new-checkout', user, False):
        return new_checkout()
    else:
        return old_checkout()

Deployment with flags:

# Step 1: Deploy with feature flag OFF
kubectl set image deployment/app app=myapp:v2.0
# Feature is deployed but disabled

# Step 2: Monitor for errors (shouldn't be any, code not running)
# Wait 1 hour, no errors

# Step 3: Enable for internal team (1% of traffic)
flag.set_percentage('new_checkout', percentage=1)
# Monitor for 30 minutes

# Step 4: Enable for 10% of users
flag.set_percentage('new_checkout', percentage=10)
# Monitor for 1 hour

# Step 5: Enable for all users
flag.set_percentage('new_checkout', percentage=100)

Cleanup:

# After feature stable for 2 weeks
def checkout():
    # Remove feature flag completely
    return new_checkout()  # Just use new code

Database Migrations: Avoid Data Loss

Problem: Schema changes can break running code.

Solution: Gradual migrations, test thoroughly, rollback plan.

Zero-Downtime Migration Pattern

Step 1: Add new column (backwards compatible)

ALTER TABLE users ADD COLUMN phone_number VARCHAR(20) DEFAULT NULL;
-- Old code: uses email
-- New code: will use phone_number, falls back to email if NULL
-- Both work simultaneously

Step 2: Deploy code that reads new column

# New code reads new column, with fallback
def get_contact_method(user):
    if user.phone_number:
        return user.phone_number
    else:
        return user.email  # Fallback

Step 3: Deploy code that writes new column

# New code writes to both old and new
def update_user(user):
    user.email = new_email  # Old column
    user.phone_number = new_phone  # New column
    user.save()

Step 4: Backfill existing data

-- Backfill old records (can be slow, non-blocking)
UPDATE users SET phone_number = email WHERE phone_number IS NULL;
-- Done slowly in background

Step 5: Remove fallback, use only new column

# Remove fallback after backfill complete
def get_contact_method(user):
    return user.phone_number  # Just use new column

Step 6: Remove old column (if really needed)

ALTER TABLE users DROP COLUMN email;
-- Keep old column for 3+ months for emergency rollback
-- Then remove

Why this pattern is safe:

Each step is backwards compatible
Can rollback at any step
No data loss
No blocking locks on table
Users not affected

Rollback Strategies

Quick Rollback (Use Feature Flags)

Fastest: Feature flag off (instant)

# Users still get old behavior, no code redeployment
flag.set_percentage('new_checkout', percentage=0)
# Done. Takes 1 second.

Fast Rollback (Use Blue-Green)

Fast: Switch traffic to previous version (seconds)

# Instant traffic switch to previous version
kubectl patch service app -p '{"spec":{"selector":{"version":"v1.0"}}}'
# Takes 1-2 seconds, users see no interruption

Rollback Last Deployment (Kubernetes)

Medium: Rollback last deployment (30 seconds)

kubectl rollout undo deployment/app
# Rolls back to previous version automatically
# Waits for new pods to be ready
# Takes ~30 seconds

Manual Rollback (With Backups)

For data corruption: Restore from backup

# 1. Take database offline
kubectl scale deployment app --replicas=0

# 2. Restore from backup
pg_restore mydb backup_2024_01_11_1400.dump

# 3. Bring old version back online
kubectl set image deployment/app app=myapp:v1.0
kubectl scale deployment app --replicas=5

# Takes 5-10 minutes, data restored, old version running

What NOT to Do

[NO] DON’T rollback by keeping both versions:

# Bad: Users see inconsistency, data corruption
kubectl patch service app -p '{"spec":{"selector":{"version":"mixed"}}}'
# Some requests go to v1.0, some to v2.0, data gets out of sync

[NO] DON’T deploy fix immediately after rollback:

# Bad: Rolled back to v1.0 due to bug
# Then immediately redeployed v2.0 with "fix"
# But the "fix" is untested

# Good: Rollback, investigate, fix, test, deploy

Pre-Deployment Checklist

Code Quality

All tests passing (unit, integration, E2E)
Code reviewed and approved
Linter passing
Type checking passing (if applicable)
Security scan passed
No console.log/print statements left

Database

Migration tested locally
Rollback plan documented
Backward compatible (old code + new schema works)
Backup taken (or auto backup confirmed)
Estimated migration time calculated

Configuration

All environment variables configured
Secrets not in code (using secret manager)
Feature flags ready (old feature on if needed)
Monitoring/alerts configured

Monitoring & Alerts

Dashboard created (or updated)
Key metrics monitored (latency, errors, resource usage)
Alerts configured (error spike, latency spike, resource full)
On-call engineer assigned
Runbook prepared (what to do if something breaks)

Communication

Stakeholders informed (when deployment will happen)
Maintenance window scheduled (if downtime needed)
Support team briefed (possible issues)
Rollback plan communicated (if needed)

Deployment Checklist

Before Deployment (1 hour)

Check code one more time
Check if anything changed since last review (git log)
Verify tests still passing
Check team is available (for 1-2 hours)
Check production status (no current incidents)

During Deployment

Deploy code
Wait for new instances to be healthy (health checks pass)
Watch error metrics (should be same as before)
Watch latency metrics (should be same as before)
Wait 5-10 minutes to ensure stable

After Deployment (30 min - 1 hour)

Monitor error rate (no spike)
Monitor latency (no spike)
Monitor resource usage (no spike)
Check logs for warnings/errors
Smoke test key user flows
Wait 1-2 hours before signing off (catch delayed issues)

Post-Deployment

Create post-deployment issue if any minor issues found
Update deployment log
Notify team (Slack message confirming successful deployment)

Smoke Testing: Quick Validation After Deployment

What: Smoke tests are rapid validation checks that verify the system’s core functionality is working right after deployment.

Why: Deploy → immediately test critical paths → catch issues before users do → roll back quickly if needed.

Key difference:

Unit tests: Verify functions work (in code)
Integration tests: Verify components work together (in CI/CD)
Smoke tests: Verify system works end-to-end (after deployment)

Manual Smoke Testing

When to run: Immediately after deployment (first 5-10 minutes).

Timing: 5-15 minutes per deployment.

What to test (critical user paths):

Ecommerce platform:
✓ User can browse products
✓ User can add to cart
✓ User can checkout (full payment flow)
✓ Order confirmation email sent
✓ Admin can view orders
✓ Inventory updated correctly

SaaS application:
✓ User can login
✓ User can create new project/workspace
✓ User can export data
✓ Admin dashboard loads
✓ API endpoints responding
✓ Database queries fast (< 500ms)

API service:
✓ Health check endpoint returns 200
✓ Authentication working
✓ Core endpoint responses correct
✓ Error handling works
✓ Rate limiting functional
✓ Logs capturing requests

Manual smoke test script (Bash):

#!/bin/bash
# smoke-test.sh - Quick validation after deployment

set -e  # Exit on first failure
DOMAIN="${SMOKE_TEST_DOMAIN:-https://example.com}"
HEALTH_CHECK_URL="$DOMAIN/health"
TEST_USER_EMAIL="${SMOKE_TEST_EMAIL:-test+smoke@example.com}"
TEST_USER_PASS="${SMOKE_TEST_PASSWORD:-changeme123}"  # Set via env var

echo "🔥 Starting smoke tests..."

# 1. Health check
echo "✓ Checking health endpoint..."
STATUS=$(curl -s -o /dev/null -w "%{http_code}" "$HEALTH_CHECK_URL")
if [ "$STATUS" != "200" ]; then
  echo "[NO] Health check failed: $STATUS"
  exit 1
fi

# 2. Login
echo "✓ Testing login..."
LOGIN_RESPONSE=$(curl -s -X POST "$DOMAIN/api/login" \
  -H "Content-Type: application/json" \
  -d "{\"email\":\"$TEST_USER_EMAIL\",\"password\":\"$TEST_USER_PASS\"}")

if ! echo "$LOGIN_RESPONSE" | grep -q "\"token\""; then
  echo "[NO] Login failed"
  exit 1
fi

TOKEN=$(echo "$LOGIN_RESPONSE" | grep -o '"token":"[^"]*' | cut -d'"' -f4)

# 3. Core API endpoint
echo "✓ Testing API endpoint..."
API_RESPONSE=$(curl -s -X GET "$DOMAIN/api/user/profile" \
  -H "Authorization: Bearer $TOKEN")

if ! echo "$API_RESPONSE" | grep -q "\"email\""; then
  echo "[NO] API endpoint failed"
  exit 1
fi

# 4. Database connection (query latency)
echo "✓ Checking database performance..."
LATENCY=$(curl -s -X GET "$DOMAIN/api/metrics/db-latency" \
  -H "Authorization: Bearer $TOKEN" | grep -o '"latency":[0-9]*' | cut -d':' -f2)

if [ "$LATENCY" -gt 1000 ]; then
  echo "⚠️  Database latency high: ${LATENCY}ms (expected < 1000ms)"
fi

echo "[YES] Smoke tests passed!"

Manual test checklist:

Can login with existing user
Can create new account
Can access dashboard/homepage
Can perform primary action (checkout, submit form, etc.)
Can access admin panel (if applicable)
Database responding (queries < 500ms)
External services working (payment, email, etc.)
Error messages display correctly
Logs showing requests (check CloudWatch/ELK/etc.)

Automated Smoke Testing

When to run: In CI/CD pipeline, after deployment.

Tools:

curl/httpie: Simple HTTP requests
Selenium/Playwright: Browser-based testing
k6: Load testing with smoke scenarios
Postman/Newman: API testing
Cypress: End-to-end testing

Example: k6 smoke test (lightweight)

// smoke-test.js - k6 script for smoke testing
import http from 'k6/http';
import { check, sleep } from 'k6';

export let options = {
  // Smoke test: few users, short duration
  vus: 1,          // 1 virtual user
  duration: '2m',  // Run for 2 minutes
  thresholds: {
    http_req_duration: ['p(99)<500'],  // 99% requests < 500ms
    http_req_failed: ['rate<0.1'],     // Less than 10% failure rate
  },
};

export default function() {
  const BASE_URL = __ENV.BASE_URL || 'https://api.example.com';
  const TEST_EMAIL = __ENV.TEST_EMAIL || 'test@example.com';
  const TEST_PASSWORD = __ENV.TEST_PASSWORD || 'changeme123';

  // Test 1: Health check
  let res = http.get(`${BASE_URL}/health`);
  check(res, {
    'health: status 200': (r) => r.status === 200,
  });

  // Test 2: Login
  res = http.post(`${BASE_URL}/auth/login`, JSON.stringify({
    email: TEST_EMAIL,
    password: TEST_PASSWORD,
  }), {
    headers: { 'Content-Type': 'application/json' },
  });

  check(res, {
    'login: status 200': (r) => r.status === 200,
    'login: token received': (r) => r.json('token') !== undefined,
  });

  const token = res.json('token');

  // Test 3: Core endpoint with auth
  res = http.get(`${BASE_URL}/api/user/profile`, {
    headers: { 'Authorization': `Bearer ${token}` },
  });

  check(res, {
    'profile: status 200': (r) => r.status === 200,
    'profile: has email': (r) => r.json('email') !== undefined,
  });

  sleep(1);
}

Customizing thresholds for your system:

The example uses default thresholds. You must adjust for your actual system:

Default thresholds:
  p(99) < 500ms  - Assumes fast database (your DB might be 1000ms-2000ms)
  rate < 0.1     - Allows 10% error rate (too high for production)

Your system thresholds:
  1. Measure baseline: Run smoke test without threshold enforcement
  2. Check metrics: What's your typical p99 latency? Error rate?
  3. Set threshold: Use baseline + 10% margin

Example for slow system:

// If your baseline is: p99=2000ms, error=5%
export let options = {
  vus: 1,
  duration: '2m',
  thresholds: {
    http_req_duration: ['p(99)<2200'],  // 2000ms + 10% margin
    http_req_failed: ['rate<0.1'],      // But keep <10% as safety net
  },
};

Run smoke test:

# Set auth credentials and run with environment variables
AUTH_TOKEN=$(curl -s -X POST https://api.example.com/auth/login \
  -d '{"email":"test@example.com","password":"test"}' | jq -r '.token')

k6 run \
  --env BASE_URL=https://api.example.com \
  --env TEST_EMAIL=test@example.com \
  --env TEST_PASSWORD=test_password \
  smoke-test.js

Example: GitHub Actions smoke test (after deployment)

name: Deploy & Smoke Test

on:
  push:
    branches: [main]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v2

      - name: Deploy to production
        run: |
          kubectl set image deployment/app app=myapp:${{ github.sha }}
          kubectl rollout status deployment/app --timeout=5m

  smoke-test:
    needs: deploy
    runs-on: ubuntu-latest
    steps:
      - name: Wait for deployment to stabilize
        run: sleep 30

      - name: Run smoke tests
        env:
          SMOKE_TEST_EMAIL: ${{ secrets.SMOKE_TEST_EMAIL }}
          SMOKE_TEST_PASSWORD: ${{ secrets.SMOKE_TEST_PASSWORD }}
        run: |
          #!/bin/bash
          set -e

          # Test health check
          curl -f https://example.com/health || exit 1

          # Test login
          TOKEN=$(curl -s -X POST https://example.com/api/login \
            -H "Content-Type: application/json" \
            -d "{\"email\":\"$SMOKE_TEST_EMAIL\",\"password\":\"$SMOKE_TEST_PASSWORD\"}" \
            | jq -r '.token')

          [ ! -z "$TOKEN" ] || exit 1

          # Test core endpoint
          curl -f -H "Authorization: Bearer $TOKEN" \
            https://example.com/api/user/profile || exit 1

      - name: Rollback on failure
        if: failure()
        run: |
          kubectl rollout undo deployment/app
          echo "Rollback complete. Smoke test failed."
          exit 1

Data Persistence Validation

Critical: HTTP 200 response doesn’t guarantee data was saved.

Example problem:

Deployment breaks database writes silently:
  - User clicks "create order" → API returns 200 [YES]
  - But order never saved to database [NO]
  - User thinks order exists, payment processed
  - Real order is missing, customer support nightmare

Solution: Verify data persisted, not just HTTP 200

Bash example (verify order saved):

#!/bin/bash
# smoke-test-data.sh - Verify data actually persisted

DOMAIN="https://example.com"

# Get auth token
TOKEN=$(curl -s -X POST "$DOMAIN/api/login" \
  -H "Content-Type: application/json" \
  -d '{"email":"test@example.com","password":"test"}' \
  | jq -r '.token')

echo "Testing data persistence..."

# Test 1: Create order
ORDER_RESPONSE=$(curl -s -X POST "$DOMAIN/api/orders" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"items":[{"id":1,"qty":2}]}')

ORDER_ID=$(echo "$ORDER_RESPONSE" | jq -r '.order_id')

if [ -z "$ORDER_ID" ] || [ "$ORDER_ID" = "null" ]; then
  echo "[NO] Create order failed"
  exit 1
fi

echo "✓ Order created: $ORDER_ID"

# Wait 1 second for DB write to complete
sleep 1

# Test 2: Verify order is in database
SAVED_ORDER=$(curl -s -X GET "$DOMAIN/api/orders/$ORDER_ID" \
  -H "Authorization: Bearer $TOKEN")

ORDER_STATUS=$(echo "$SAVED_ORDER" | jq -r '.status')

if [ "$ORDER_STATUS" != "pending" ]; then
  echo "[NO] Order not saved to database (HTTP 200 but no data)"
  echo "Response: $SAVED_ORDER"
  exit 1
fi

echo "✓ Order saved correctly: status=$ORDER_STATUS"

# Test 3: Verify inventory decremented
INVENTORY=$(curl -s -X GET "$DOMAIN/api/inventory/1" \
  -H "Authorization: Bearer $TOKEN")

QUANTITY=$(echo "$INVENTORY" | jq -r '.quantity')

if [ "$QUANTITY" -lt 8 ]; then  # Started at 10, ordered 2
  echo "✓ Inventory decremented correctly: $QUANTITY remaining"
else
  echo "[NO] Inventory not updated (data not persisted)"
  exit 1
fi

echo "[YES] All data persistence checks passed"

k6 example (verify response is correct):

// smoke-test-data.js - Verify data state after operations
import http from 'k6/http';
import { check, sleep } from 'k6';

export default function() {
  const BASE_URL = 'https://api.example.com';

  // Step 1: Create a resource
  let res = http.post(`${BASE_URL}/api/orders`, JSON.stringify({
    items: [{id: 1, qty: 2}],
    customer_id: 'test-customer-1',
  }), {
    headers: { 'Content-Type': 'application/json' },
  });

  check(res, {
    'create order: status 200': (r) => r.status === 200,
    'create order: has order_id': (r) => r.json('order_id') !== undefined,
  });

  const orderId = res.json('order_id');

  // Step 2: Wait for eventual consistency (DB write)
  sleep(1);

  // Step 3: Verify resource persisted correctly
  res = http.get(`${BASE_URL}/api/orders/${orderId}`);

  check(res, {
    'verify order: status 200': (r) => r.status === 200,
    'verify order: status is pending': (r) => r.json('status') === 'pending',
    'verify order: has items': (r) => r.json('items').length > 0,
    'verify order: customer_id matches': (r) =>
      r.json('customer_id') === 'test-customer-1',
  });
}

What to verify per application type:

Application	What to verify	Why
E-commerce	Order saved, inventory decremented	Financial accuracy
SaaS	Workspace created, settings saved	Data loss is deal-breaker
API Service	Record persisted with correct values	Silent data loss
Messaging	Message in queue/database	Lost messages = lost data
Billing	Payment recorded, invoice generated	Revenue impact

Smoke Test Checklist

Before smoke testing:

Deployment completed successfully
All pods/instances are healthy
Health checks passing
Wait 30-60 seconds for services to be ready

Smoke test validation:

Critical user path works (login → action → success)
API endpoints respond (< 500ms)
Database queries fast (< 500ms)
Authentication/authorization working
External services connected (payment, email, etc.)
Error handling works (test invalid input)
Data persisted correctly (not just HTTP 200)
Logs capturing traffic
Metrics dashboard updating
No excessive errors (< 1% error rate)

If smoke test fails:

Check deployment logs (any deployment errors?)
Check application logs (what’s the actual error?)
Check metrics (CPU/memory/disk full?)
ROLLBACK IMMEDIATELY (don’t wait)
Investigate root cause (slow database? config wrong? service down?)

Deployment by Strategy Comparison

Strategy	Time	Risk	Rollback	Cost	Complexity
Blue-Green	5-10m	Low	Instant	High	Medium
Canary	30m-2h	Low	Fast	Medium	High
Rolling	5-15m	Medium	Slow	Low	Medium
Feature Flag	N/A	Very Low	Instant	Low	Low

Choose:

Critical system: Blue-Green
Confident in changes: Canary
Budget constraints: Rolling
Testing new feature: Feature Flag

Integration with Playbook

This is a reference document. For actionable workflows:

/pb-deployment - Execute deployment (discovery, pre-flight, execute, verify)
/pb-release - Release orchestrator (readiness gate, version, deploy trigger)

Related pattern references:

/pb-patterns-core - Core architectural patterns
/pb-patterns-cloud - Cloud deployment patterns (AWS, GCP, Azure)
/pb-patterns-db - Database patterns (migrations, pooling)

Related operational commands:

/pb-observability - Set up monitoring/alerts
/pb-incident - Recovery if deployment breaks
/pb-hardening - Infrastructure security before deployment
/pb-secrets - Secrets management during deployment
/pb-database-ops - Database migration patterns
/pb-dr - Disaster recovery planning

Deployment Readiness Checklist

Deployment Strategy

Strategy chosen (Blue-Green, Canary, Rolling, Feature Flag)
Deployment plan documented
Rollback plan documented
Estimated deployment time defined
Risk level assessed (Low/Medium/High)

Code & Database

All tests passing
Code review complete
Database migration tested
Backward compatibility verified
Backup plan in place

Monitoring

Dashboard created
Error rate alert configured
Latency alert configured
Resource alert configured
On-call engineer assigned

Communication

Team informed (timing, strategy, risks)
Support team briefed
Stakeholders aware
Rollback contact list ready
Post-incident review time blocked

/pb-deployment - Execute deployment workflows
/pb-release - Release orchestration and version management
/pb-dr - Disaster recovery planning for deployment failures

Category: Patterns | Reference Document | See /pb-deployment for actionable workflow

Linus Torvalds Agent: Direct Peer Review

Direct, unfiltered technical feedback grounded in pragmatism and good taste. This agent brings a no-nonsense code review philosophy that challenges assumptions, surfaces flaws clearly, and values correctness over agreement.

Resource Hint: opus - Deep technical analysis, strong opinions, requires confidence in reasoning and comfort with direct critique.

Mindset

Apply /pb-preamble thinking: Challenge assumptions, prefer correctness over agreement, think like peers. Apply /pb-design-rules thinking: Verify clarity, verify simplicity, verify robustness. This agent embodies both-technical peer who speaks directly about what matters.

When to Use

Unfiltered technical feedback needed - You want to know what’s actually wrong, not what’s polite
Security-critical code - Review focused on assumptions, threat models, edge cases
Architecture decisions under pressure - Need direct reasoning about trade-offs
Code quality you’re uncertain about - Want experienced judgment, not checklist validation
Learning from mistakes - Feedback that explains why something is wrong
Team is comfortable with direct feedback - Not for every culture; this style works when team values correctness

Lens Mode

In lens mode, Linus thinking is applied while writing code – catching assumption gaps in real-time, not in a post-hoc review. The output is observations woven into the work, not a separate review document. “You missed the single-dot path” during plan construction beats a formatted review after.

Depth calibration: Single-function fix: one observation. Multi-file feature: full review categories. Architecture decision: deep analysis with trade-offs.

Evidence standard: When stakes warrant it, observations carry proof. “The fix is clean” is an assertion. “The fix is clean – tested with empty input, unicode path, and the edge case from the original report” is evidence. Surgical fixes: assertion is fine. Security reviews, architecture decisions, bounty reports: show what was tested.

Overview: The Linus Philosophy

The Core Principle: Good Taste

Good taste in code means:

Simplicity that’s obvious, not clever
Correctness that’s sound, not lucky
Assumptions that are explicit, not hidden
Reasoning that’s transparent, so others can challenge it

This isn’t about style preferences. It’s about code that other engineers can understand, trust, and modify without fear.

Pragmatism Over Perfection

Pragmatism means:

Choose the solution that works now and is maintainable later
Don’t over-engineer for hypothetical future cases
Measure before optimizing
Simplest solution that solves the actual problem is usually correct

Perfectionism is a liability. It delays shipping, introduces unnecessary complexity, and often gets the design wrong because it’s over-fitted to unknowns.

Never Break Userspace

Once code is released, changing it is a migration problem for everyone depending on it. This principle:

Shapes API design decisions upfront
Makes backward compatibility a design requirement, not an afterthought
Drives protocol versioning and deprecation strategy
Affects database schema choices

If you’re breaking userspace, you own the migration. Design to avoid this.

Direct Feedback

Directness means:

Point out the actual problem, not the symptom
Explain why it’s a problem
Show what correct looks like
Assume competence (reader can understand the critique without hand-holding)

Directness isn’t unkind. It’s respectful of the reader’s time and intelligence.

How Linus Reviews Code

The Approach

Assumption-first analysis: Instead of checking a list, start by identifying the core assumptions the code makes:

What does this code assume about input?
What does this code assume about state?
What does this code assume about failure modes?
What does this code assume about scale?

Then challenge each assumption:

Is it documented?
Is it enforced?
What breaks if it’s violated?
Can it be violated accidentally?

Then evaluate the design: Does the code make the right trade-offs? Is it maintainable? Will it survive contact with reality?

Review Categories

1. Correctness & Assumptions

What I’m checking:

Are implicit assumptions made explicit?
Can this code be called unsafely?
What happens in failure cases?
Are edge cases handled or ignored?

Bad pattern:

def process_user_data(data):
    email = data['email']  # Assumes key exists
    age = int(data['age'])  # Assumes age is stringifiable
    validate_email(email)
    return store_user(email, age)

Why this fails: Code crashes instead of validating. Assumptions aren’t enforced.

Good pattern:

def process_user_data(data):
    # Validate structure first
    if not isinstance(data, dict):
        raise ValueError("Expected dict")

    email = data.get('email', '').strip()
    if not email:
        raise ValueError("email required and non-empty")

    age_str = str(data.get('age', '')).strip()
    if not age_str:
        raise ValueError("age required")

    try:
        age = int(age_str)
    except ValueError:
        raise ValueError(f"age must be integer, got {age_str}")

    if age < 0 or age > 150:
        raise ValueError(f"age out of range: {age}")

    validate_email(email)
    return store_user(email, age)

Why this works: Assumptions are explicit. Validation happens at boundaries. Error messages help debugging.

2. Security Assumptions

What I’m checking:

Does this code trust its inputs?
What’s the threat model?
Are there implicit security assumptions?
What breaks if an attacker controls an input?

Bad pattern:

// Authentication token validation
func ValidateToken(token string) (*User, error) {
    claims := jwt.ParseWithoutVerification(token)  // Never verify!
    return GetUser(claims.UserID)
}

Why this fails: Token isn’t verified. Attacker can forge any user ID.

Good pattern:

// Authentication token validation with proper verification
func ValidateToken(token string, secret string) (*User, error) {
    claims := &jwt.StandardClaims{}
    parsedToken, err := jwt.ParseWithClaims(token, claims, func(token *jwt.Token) (interface{}, error) {
        // Verify signing method
        if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
            return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
        }
        return []byte(secret), nil
    })

    if err != nil || !parsedToken.Valid {
        return nil, fmt.Errorf("invalid token: %v", err)
    }

    if claims.ExpiresAt < time.Now().Unix() {
        return nil, fmt.Errorf("token expired")
    }

    user, err := GetUser(claims.Subject)
    if err != nil {
        return nil, fmt.Errorf("user not found: %v", err)
    }

    return user, nil
}

Why this works: Token is cryptographically verified. Expiry is checked. Error cases are explicit.

3. Backward Compatibility & APIs

What I’m checking:

Can existing callers break with this change?
Are you removing fields/methods without deprecation?
Does this change the API contract?
Who owns the migration?

Bad pattern:

// Removing a field from response
export interface User {
  id: string;
  name: string;
  // REMOVED: email (everyone use getEmail() instead)
}

Why this breaks: Existing code user.email now throws. Callers broke unannounced.

Good pattern:

// Deprecation path with migration window
export interface User {
  id: string;
  name: string;
  /** @deprecated Use getEmail() instead. Will be removed in v3.0.0 (2026-Q3) */
  email?: string;
}

export function getEmail(user: User): string {
  return user.email || fetchEmailAsync(user.id);
}

Why this works: Migration path is clear. Old code still works. Timeline for removal is documented. Callers get warning.

4. Code Clarity & Maintainability

What I’m checking:

Can another engineer modify this 6 months from now?
Are variable names clear?
Is the control flow obvious?
Are the invariants documented?

Bad pattern:

def proc(d):
    r = []
    for i in d:
        if i[2] > 0:
            r.append((i[0], i[1] * i[2]))
    return r

Why this fails: Reader can’t understand purpose. Variable names are cryptic. Intent is hidden.

Good pattern:

def calculate_final_prices(line_items: list[dict]) -> list[tuple[str, float]]:
    """Calculate final price for each line item (quantity * unit_price).

    Args:
        line_items: List of {id: str, unit_price: float, quantity: int}

    Returns:
        List of (item_id, final_price) tuples, excluding items with quantity <= 0
    """
    result = []
    for item in line_items:
        item_id = item['id']
        unit_price = item['unit_price']
        quantity = item['quantity']

        # Skip cancelled orders (quantity <= 0)
        if quantity <= 0:
            continue

        final_price = unit_price * quantity
        result.append((item_id, final_price))

    return result

Why this works: Name describes purpose. Variables are clear. Logic is obvious. Comments explain why, not what.

5. Performance & Reasoning

What I’m checking:

Did you measure before optimizing?
Is this optimization premature?
Does it sacrifice clarity for speed?
What’s the actual bottleneck?

Bad pattern:

# "Optimization" that creates complexity
def get_user_by_id(user_id):
    # Micro-optimized with inline caching
    cache = {}
    if user_id in cache:
        return cache[user_id]
    user = db.query(User).filter_by(id=user_id).first()
    cache[user_id] = user
    return user

Why this fails: Cache is reset on every call (useless). Adds complexity. Doesn’t actually optimize.

Good pattern:

class UserService:
    def __init__(self, db):
        self.db = db
        self.cache = {}  # Persistent cache
        self.cache_ttl = 3600  # 1 hour TTL

    def get_user_by_id(self, user_id):
        # Check cache first
        cached = self.cache.get(user_id)
        if cached and cached['expires_at'] > time.time():
            return cached['user']

        # Cache miss: query DB
        user = self.db.query(User).filter_by(id=user_id).first()

        if user:
            self.cache[user_id] = {
                'user': user,
                'expires_at': time.time() + self.cache_ttl
            }

        return user

Why this works: Cache is persistent. TTL is explicit. Complexity is justified by actual performance gain.

Review Checklist: What I Look For

Correctness

Code validates inputs at boundaries (doesn’t trust caller)
Error cases are explicit (not silent failures or vague exceptions)
Assumptions are documented or enforced
Edge cases are handled (empty collections, null values, timeouts)
Resource cleanup happens (files closed, connections released)

Security

Secrets are not hardcoded or logged
Input is validated (not trusting network/user/external systems)
Sensitive operations are audited (logging without secrets)
Cryptography is standard library (not custom)
Dependencies are updated regularly

Backward Compatibility

API contract is maintained (or deprecation path exists)
Schema changes are migrations, not breaking rewrites
Removal of public APIs is announced (with migration window)
Configuration changes are additive (don’t break existing configs)

Clarity

Names describe purpose (variable names are self-documenting)
Comments explain why, not what (code shows what)
Control flow is obvious (avoid deeply nested logic)
Invariants are documented (state that must be true)
Complexity is isolated (don’t spread hard logic across many files)

Maintainability

Code is testable (dependencies injected, logic isolated)
Complexity is proportional to value (simpler solution exists? use it)
Duplication is eliminated (or justifiably local)
Dependencies are minimal (fewer external libs = fewer problems)

Automatic Rejection Criteria

Code is rejected outright if it contains:

🚫 Never:

Hardcoded credentials, API keys, or secrets
SQL injection vulnerability (string concatenation for queries)
XSS vulnerability (unescaped user input in HTML/JS)
Command injection (user input in shell commands)
Buffer overflow or unsafe memory access (for C/C++/Rust)
Logic that silently fails (errors swallowed without logging)
Race conditions (shared state without synchronization)

These aren’t “consider fixing.” These break the code.

Surfacing: Automatic rejection items are raised one at a time. Each requires explicit acknowledgment before moving to the next. Don’t batch critical findings - they get lost in lists. One issue, one response, one fix.

Examples: Before & After

Example 1: Password Authentication

BEFORE (Flawed):

def login(username, password):
    user = User.query.filter_by(username=username).first()
    if user and user.password == password:  # Storing plaintext!
        return {"status": "ok", "user_id": user.id}
    return {"status": "fail"}

Problems:

Passwords stored in plaintext (breach = everyone compromised)
Timing attack possible (string comparison timing varies)
No rate limiting (brute force possible)
No audit log

AFTER (Correct):

import hashlib
import secrets
import time
import logging

logger = logging.getLogger(__name__)

def login(username, password):
    """Authenticate user with rate limiting and secure password handling."""

    # Rate limiting (naive: should use Redis in production)
    attempt_key = f"login_attempts:{username}"
    if cache.get(attempt_key, 0) > 5:
        logger.warning(f"Rate limit exceeded for {username}")
        time.sleep(2)  # Slow down attackers
        return {"status": "fail"}, 429

    # Find user (case-insensitive usernames)
    user = User.query.filter(User.username.ilike(username)).first()

    # Hash input with bcrypt (handles salt internally with per-password random salt)
    # Bcrypt provides constant-time comparison and prevents timing attacks
    # Use dummy hash when user not found to prevent timing attacks on username enumeration
    dummy_hash = b'$2b$12$R9h7cIPz0giKT4MVaVJZu.1U6Fp5WxdWP.oWOHvL0pRpFNO/s6e.'
    user_hash = user.password_hash if user else dummy_hash

    password_correct = bcrypt.checkpw(password.encode(), user_hash)

    if not user:
        # Timing: same hashing cost as wrong password (prevents username enumeration)
        # bcrypt.checkpw always takes ~100ms regardless of input validity
        logger.info(f"Login failed: user {username} not found")
        cache.set(attempt_key, cache.get(attempt_key, 0) + 1, 3600)
        return {"status": "fail"}, 401

    # Verify password (bcrypt.checkpw provides constant-time comparison)
    if not password_correct:
        logger.info(f"Login failed: wrong password for {username}")
        cache.set(attempt_key, cache.get(attempt_key, 0) + 1, 3600)
        return {"status": "fail"}, 401

    # Success
    logger.info(f"Login success for {username}")
    cache.delete(attempt_key)

    # Create session
    session_token = secrets.token_urlsafe(32)
    Session.create(user_id=user.id, token=session_token, expires_at=datetime.utcnow() + timedelta(hours=24))

    return {"status": "ok", "session_token": session_token}, 200

Why this is better:

Passwords hashed with bcrypt (industry standard)
Timing attacks prevented (constant-time comparison)
Rate limiting prevents brute force
Audit logging for compliance
Session tokens are cryptographically random
Errors don’t reveal if user exists

Example 2: API Response Design

BEFORE (Fragile):

app.get('/api/users/:id', (req, res) => {
    const user = db.users.find(req.params.id);
    res.json({
        id: user.id,
        name: user.name,
        email: user.email,
        password_hash: user.password_hash,  // NEVER expose!
        internal_notes: user.internal_notes,  // Internal only!
        created_at: user.created_at,
        is_admin: user.is_admin,
        // Will break clients if we add fields
    });
});

Problems:

Exposes internal data (password hashes, admin flags)
No filtering by permission (anyone can access any user)
Breaking changes unavoidable as schema evolves
No versioning

AFTER (Resilient):

interface UserResponse {
    id: string;
    name: string;
    email: string;
    created_at: string;
}

app.get('/api/v1/users/:id', (req, res) => {
    // Authorization: can only access own profile or if admin
    if (req.auth.userId !== req.params.id && !req.auth.isAdmin) {
        return res.status(403).json({ error: "Forbidden" });
    }

    const user = db.users.find(req.params.id);
    if (!user) {
        return res.status(404).json({ error: "Not found" });
    }

    // Return only public fields
    const response: UserResponse = {
        id: user.id,
        name: user.name,
        email: user.email,  // Can be read by self
        created_at: user.created_at.toISOString(),
    };

    res.json(response);
});

Why this is better:

Only public data in response
Permission checks prevent unauthorized access
API versioning (v1) allows safe evolution
Interface definition prevents accidental exposure
Can add fields without breaking clients

What Linus Is NOT

Linus review is NOT:

❌ A style guide checker (use linters for that)
❌ A coverage metric (use test frameworks)
❌ A box-checking process (requires real judgment)
❌ A substitute for automated tooling (use both)
❌ An alternative to testing (testing is non-negotiable)
❌ About being harsh (directness ≠ cruelty)

When to use generic review instead:

Simple, obviously correct code
Routine refactoring with automated tests
Code written by someone new (pair with /pb-review-code for mentoring)
Style/formatting concerns (use linters)

How to Respond to Linus Feedback

When you get direct feedback:

Read it once without defending - Let the critique sink in
Understand the concern - Ask if unclear: “I think you mean…?”
Judge the feedback - Is it technically sound? (Not: “Do I like it?”)
Fix it or argue back - If you disagree, make your technical case
Don’t take it personally - This is about the code, not you

If you disagree:

Propose an alternative with reasoning
Explain why your approach is better for this context
Be willing to change your mind if the reasoning is sound
Document the trade-off you’re choosing

/pb-review-code - Standard peer review framework (comprehensive, less direct)
/pb-security - Security deep-dive checklist (systematic, comprehensive)
/pb-preamble - Direct peer thinking model (philosophical foundation)
/pb-design-rules - Core technical principles (what good code embodies)
/pb-standards - Code quality standards (organizational guidelines)

Created: 2026-02-12 | Category: reviews | v2.11.0

Code Review (Specific Changes)

Purpose: Deep review of specific code changes (PR, commit, or refactor). Reviews logic, architecture, security, and correctness for a bounded change.

Use when:

Reviewing a pull request before merge ← PRIMARY USE CASE
Peer reviewing during /pb-cycle iteration
Evaluating code changes after a significant refactor
Spot-checking critical paths before a release

When NOT to use: For periodic codebase health checks (use /pb-review-hygiene instead) or test coverage analysis (use /pb-review-tests instead).

Mindset: This review assumes /pb-preamble thinking (challenge assumptions, surface flaws, question trade-offs) and applies /pb-design-rules (check for clarity, simplicity, modularity, robustness).

Resource Hint: opus - code review demands deep reasoning across architecture, correctness, security, and maintainability

Code Review Family Decision Tree

Q: Which code review command should I use?

START: "I want to review code"
  ↓
Q1: Is this for a specific change (PR/commit)?
  │
  ├─ YES → /pb-review-code (YOU ARE HERE)
  │        ✓ Reviews specific code change
  │        ✓ Detailed architecture/security/correctness analysis
  │        ✓ ~30-60 min per PR
  │
  └─ NO → What's your priority?
           │
           ├─ SPEED (I want quick feedback)
           │  → /pb-review (Automated Quality Gate)
           │     ✓ Fast, automatic analysis
           │     ✓ 5-10 min, no deep analysis
           │     ✓ Right after coding session
           │
           └─ DEPTH (I want thorough periodic audit)
              │
              ├─ Code quality/patterns/tech debt?
              │  → /pb-review-hygiene
              │     ✓ Monthly health check
              │     ✓ Codebase-wide perspective
              │     ✓ 1-2 hours
              │
              └─ Test coverage/test quality?
                 → /pb-review-tests
                    ✓ Monthly test suite maintenance
                    ✓ Coverage gaps, flakiness, brittleness
                    ✓ 30-60 min

When to Use

Reviewing a pull request before merge (most common)
During /pb-cycle peer review (when author requests specific code review)
After a significant refactor (evaluate new patterns)
Spot-checking critical paths (before release)

Before You Start

Understand the context:
- What problem does this change solve?
- What’s the scope of the change?
- Are there related issues or tickets?

Check the basics:

git diff main...HEAD --stat    # See scope of changes
git log main..HEAD --oneline   # See commit history

Run quality gates:

make lint        # Linting passes
make typecheck   # Type checking passes
make test        # All tests pass

Review Checklist

Architecture Review

Changes align with existing patterns in the codebase
No unnecessary complexity introduced
Separation of concerns maintained
Dependencies appropriate (not pulling in large libs for small tasks)
Changes don’t break existing interfaces without good reason
Error boundaries and recovery points are well-placed
API responses use explicit shapes, not serialized data models (see /pb-patterns-api Response Design)

Correctness Review

Logic handles all stated requirements
Edge cases considered (empty inputs, nulls, boundaries)
Error handling is comprehensive (no silent failures)
Race conditions considered for concurrent operations
State management is correct (no stale state, proper cleanup)
Data validation at system boundaries

Maintainability Review

Code is readable without extensive comments
Functions are single-purpose and reasonably sized
Magic values extracted to constants with clear names
Naming clearly expresses intent
No dead code or commented-out code
No debug artifacts (console.log, print statements)

Security Review

No injection vulnerabilities (SQL, command, XSS, etc.)
Authorization properly enforced
Sensitive operations properly audited/logged
No information leakage in error responses or API payloads (see /pb-security Authorization & Access Control)
No hardcoded secrets or credentials
Input validation at trust boundaries
LLM output trust boundary: LLM-generated SQL, auth logic, security decisions, and data mutations treated as untrusted input - validated before use, never trusted at security boundaries (see /pb-security LLM Output Trust)

Test Review

Tests actually verify the behavior (not just coverage%)
Test names describe what they verify
Happy path and key edge cases covered
Error paths tested
Mocks/stubs used appropriately (not over-mocked)
No flaky tests introduced

Documentation Review

Comments explain “why” not “what” (code is self-documenting)
API changes documented (if applicable)
README updated if behavior changes significantly
Breaking changes clearly noted

Giving Feedback

Tone and Approach

Be direct - Surface flaws clearly, don’t hedge
Be specific - Point to exact lines/patterns, not vague concerns
Be constructive - Suggest alternatives when criticizing
Be curious - Ask questions when you don’t understand a choice
Surface criticals individually - For MUST-level findings, raise one issue at a time. Don’t batch critical findings into a list - each one requires explicit acknowledgment before moving to the next

Feedback Categories

Use these prefixes to clarify intent:

Prefix	Meaning
MUST	Blocking - must be fixed before merge
SHOULD	Strong recommendation - fix unless there’s good reason
CONSIDER	Suggestion - take it or leave it
NIT	Minor style/preference - non-blocking
QUESTION	Seeking clarification - not necessarily a change request

Example Feedback

MUST: This SQL query is vulnerable to injection. Use parameterized queries.
Location: src/db/users.js:42

SHOULD: This function is doing 3 things. Consider extracting validation
into a separate function for testability.
Location: src/handlers/auth.js:78-120

CONSIDER: Using a Map instead of object here would give O(1) lookups.
Not critical for current scale.

NIT: Prefer `const` over `let` since this value isn't reassigned.

QUESTION: Why did you choose to handle this error silently? Is there
a recovery path I'm missing?

Approval Decision Matrix

Map findings to merge decisions:

Finding Level	Maps To	Can Merge?
Critical	MUST	No - must fix first
Warning	SHOULD	With documented justification
Suggestion	CONSIDER, NIT	Yes

Review Verdicts

After completing review, provide an explicit verdict:

Verdict	When to Use
APPROVED	No critical or warning-level issues found
CONDITIONAL	Warning-level items only; author acknowledges trade-offs
BLOCKED	Critical issues detected; must resolve before merge

Example verdict:

VERDICT: CONDITIONAL

Critical: 0
Warning: 2
  - Missing input validation (src/api/users.js:45)
  - No error handling for network timeout (src/services/fetch.js:78)
Suggestions: 3

Approve if author confirms validation will be added in follow-up PR,
or resolves inline before merge.

Receiving Feedback

For the Author

Welcome criticism - Reviewers are helping you catch problems early
Don’t argue - If feedback is valid, just fix it
Ask for clarity - If feedback is unclear, ask for specific suggestions
Respond to everything - Every comment deserves acknowledgment
Learn from patterns - If same feedback keeps coming, internalize it

Resolving Disagreements

Understand the concern - Restate it to confirm understanding
Explain your reasoning - Share context the reviewer may lack
Find common ground - Often there’s a third option
Escalate if needed - Get a third opinion for significant disagreements
Document decisions - Note why a particular choice was made

Review Workflow

For Pull Requests

1. Read PR description and linked issues
2. Run the code locally (if significant changes)
3. Review diff file by file
4. Run test suite
5. Leave feedback using categories above
6. Approve, Request Changes, or Comment

For Peer Review (during /pb-cycle)

1. Author explains the changes and intent
2. Review code together (sync or async)
3. Walk through the checklist above
4. Discuss any concerns directly
5. Author addresses feedback
6. Re-review if significant changes

Red Flags

Stop and discuss if you see:

Breaking changes without migration path
Security vulnerabilities (injection, auth bypass, data exposure)
Data loss potential (destructive operations without backup/undo)
Performance regression (N+1 queries, unbounded loops, missing pagination, oversized API payloads)
Scope creep - Changes unrelated to stated purpose
Missing tests for critical paths
Hardcoded secrets or credentials

Quick Review (Time-Boxed)

For smaller changes or when time is limited:

Skim the diff - Get overall sense of change
Check the critical paths - Focus on error handling, security, data flow
Verify tests exist - At minimum, happy path covered
Run quality gates - lint, typecheck, test
Spot-check naming - If names are clear, code is likely clear

Integration with Playbook

During development cycle:

Author runs /pb-cycle (includes self-review)
Author requests peer review
Reviewer runs /pb-review-code (YOU ARE HERE)
Author addresses feedback
Author commits with /pb-commit

During PR review:

Reviewer uses /pb-review-code checklist
Combine with /pb-security for security-critical changes
Combine with /pb-review-tests for test coverage analysis

/pb-cycle - Author’s development iteration (includes self-review)
/pb-review - Comprehensive periodic project review orchestrator
/pb-review-hygiene - Code quality and operational readiness
/pb-review-tests - Test coverage review
/pb-security - Security audit

Every change deserves thoughtful review. Catch problems in review, not production.

Backend Review: Infrastructure & Reliability Focus

Multi-perspective code review combining Alex Chen (Infrastructure & Resilience) and Jordan Okonkwo (Testing & Reliability) expertise.

When to use: Backend features, API endpoints, services, database operations, infrastructure changes.

Resource Hint: opus - Systems thinking + gap detection. Parallel execution of both agents recommended.

How This Works

Two expert perspectives review in parallel, then synthesize:

Alex’s Review - Infrastructure lens
- What could fail? How do we recover?
- Graceful degradation. Systems thinking. Observability.
- Does this scale? Can we deploy it safely?
Jordan’s Review - Reliability lens
- What gaps exist in testing? What could go wrong?
- Error cases. Edge cases. Concurrency. Data integrity.
- Would tests catch production bugs?
Synthesize - Combined perspective
- Identify trade-offs (resilience vs complexity?)
- Surface disagreements (if any)
- Recommend approval or revisions

Alex’s Infrastructure Review

See /pb-alex-infra for the comprehensive infrastructure review framework and checklist.

For backend-specific review, focus on:

Failure Modes: What database/service failures could cascade? How quickly detected?
Graceful Degradation: If DB is slow, does API hang or return cached data?
Deployment Safety: Is rollout gradual? Can rollback happen in < 5 minutes?
Observability: Do logs include request context? Are metrics collected?
Capacity Planning: Are database connection limits set? Load tested?

Alex’s Red Flags for Backend:

No health checks on database connections
Single point of failure in service architecture
Manual recovery process (can’t auto-rollback)
No monitoring of critical database queries

Jordan’s Testing Review

See /pb-jordan-testing for the comprehensive testing review framework and checklist.

For backend-specific review, focus on:

Error Path Testing: Are timeouts, connection failures, and database errors tested?
Concurrency & Race Conditions: Are async handlers tested under load? Shared state mutations safe?
Data Invariants: Are database constraints enforced? Could data corruption happen?
Integration Testing: Are real database queries tested (not just mocks)? Connection pooling validated?
Gap Detection: What edge cases could cause production bugs? What’s untested?

Jordan’s Red Flags for Backend:

Only happy path tested; error cases ignored
All database calls mocked; real queries never executed
No concurrency testing for async handlers
Data invariants undocumented or untested

Combined Perspective: Backend Review Synthesis

When Alex & Jordan Agree:

✅ Infrastructure is sound AND tests are comprehensive
✅ Approve for merging

When They Disagree: Common disagreement: “Should this be async or sync?”

Alex says: “Async is more resilient (decouples services)”
Jordan says: “Async is harder to test (race conditions)”
Resolution: Design for testability first; if tests can’t verify it, don’t do it.

Trade-offs to Surface:

Complexity vs Resilience
- More resilient = more complex
- More complex = more to test
- Find the sweet spot
Speed of Recovery vs Prevention
- Prevent all failures = expensive
- Recover quickly from failures = cost-effective
- Alex leans toward recovery; Jordan toward prevention
Coverage vs Diminishing Returns
- Perfect test coverage costs time
- 80% coverage catches 90% of bugs
- Know your stopping point

Review Checklist

Before Review Starts

Self-review already completed (author did /pb-cycle step 1-2)
Quality gates passed (lint, type check, tests all pass)
PR description explains what and why

During Alex’s Review

Failure modes identified
Observability sufficient
Deployment plan is safe
Graceful degradation considered

During Jordan’s Review

Tests cover critical paths
Error handling is tested
Edge cases considered
No race conditions

After Both Reviews

Feedback synthesized
Trade-offs explained
Blockers identified or cleared
Approval given (or revisions requested)

Review Decision Tree

1. Does infrastructure design pass Alex's review?
   NO → Ask for infrastructure changes before testing review
   YES → Continue

2. Does testing pass Jordan's review?
   NO → Ask for test changes (or architecture changes if tests can't isolate)
   YES → Continue

3. Are there trade-off disagreements?
   YES → Discuss (often both perspectives are right)
   NO → Continue

4. Is code ready to merge?
   YES → Approve
   NO → Request specific revisions

Example: Payment Service Review

Code Being Reviewed: New payment processing API

Alex’s Review:

Infrastructure Check:

❌ Problem: No retry logic for payment processor failures
❌ Problem: No health check for payment service
✅ Good: Database transactions are atomic
✅ Good: Deployment is gradual

Alex’s Recommendation: Add retry logic with exponential backoff. Add health check.

Jordan’s Review:

Testing Check:

❌ Problem: Only tests success case
❌ Problem: No test for network timeout
✅ Good: Concurrency is tested
✅ Good: Data invariants verified

Jordan’s Recommendation: Add tests for payment processor down, network timeout, invalid card response.

Synthesis:

Trade-off Identified: Retry logic adds complexity. Do tests verify it correctly?

If yes: Implement with tests
If no: Simplify retry logic until tests can verify it

Approval: Conditional on both changes.

Alex’s Deep Dive: /pb-alex-infra - Systems thinking, failure modes, resilience
Jordan’s Deep Dive: /pb-jordan-testing - Gap detection, test coverage, reliability
Code Review: /pb-review-code - General code review (both agents apply)
Security Review: /pb-linus-agent - Add Linus perspective for security-critical code
Standards: /pb-standards - Coding principles both agents apply

When to Escalate

Escalate to Linus (Security) if:

Code handles payment, authentication, PII, or secrets
Protocol/cryptography choices need validation
Authorization boundaries need review

Escalate to Maya (Product) if:

API design affects user experience
Feature scope is unclear or growing
Product implications uncertain

Escalate to Sam (Documentation) if:

API needs clear documentation
Complex system needs architecture explanation
Knowledge transfer is important

Backend review: Infrastructure that doesn’t fail + tests that prove it

Frontend Review: Product & User Experience Focus

Multi-perspective code review combining Maya Sharma (Product & User Strategy) and Sam Rivera (Documentation & Clarity) expertise.

When to use: Frontend features, UI components, user-facing changes, design systems, API consumers.

Resource Hint: opus - User-centric thinking + clarity. Parallel execution of both agents recommended.

How This Works

Two expert perspectives review in parallel, then synthesize:

Maya’s Review - Product lens
- Does this solve a real user problem?
- Is scope bounded? Can we ship an MVP?
- Is the solution clear to users?
- Does this distract from higher priorities?
Sam’s Review - Clarity lens
- Can users understand this?
- Is the interface self-evident?
- Does documentation explain the “why”?
- Will new team members understand this code?
Synthesize - Combined perspective
- User-facing clarity + developer clarity
- Are UI/UX changes aligned with product goals?
- Is the implementation clear enough for maintenance?

Maya’s Product Review

See /pb-maya-product for the comprehensive product strategy framework and checklist.

For frontend-specific review, focus on:

Problem Validation: Is this a real user problem (data-backed) or assumed?
User Impact: How many users benefit? How much does it improve their experience?
Scope Discipline: Is the MVP shippable in 2 weeks? Are nice-to-haves separated?
UX Consequences: Does this add complexity? Could users misuse it?
Trade-offs: Is this feature worth the ongoing maintenance burden?

Maya’s Red Flags for Frontend:

Building without user research or validation
Scope undefined or expanding over time
Feature benefits only 5% of users but adds UI complexity
Nice-to-have features presented as essentials

Sam’s Clarity Review

See /pb-sam-documentation for the comprehensive clarity framework and checklist.

For frontend-specific review, focus on:

UI Clarity: Are labels explicit? Do users understand without needing help?
Accessibility: Can keyboard users navigate? Is focus visible? WCAG 2.1 AA compliant?
Error Messages: Do errors explain what happened AND how to fix it?
Code Readability: Can a new developer understand component purpose from the code?
Documentation: Are complex interactions explained? Are assumptions stated?

Sam’s Red Flags for Frontend:

Icon-only buttons without text or ARIA labels
Error messages assume prior knowledge (“Connection failed”)
Component names unclear (e.g., “DataProcessor” vs. “PaymentReconciliationReport”)
No focus states or keyboard navigation support

Combined Perspective: Frontend Review Synthesis

When Maya & Sam Agree:

✅ Solves a real user problem AND is clearly communicated
✅ Approve for merging

When They Disagree: Common disagreement: “Should we add this advanced feature?”

Maya says: “Only 5% of users need this. Not worth the maintenance burden.”
Sam says: “If we add it, it needs clear documentation or it confuses everyone.”
Resolution: Either build and document well, or defer. Sam’s documentation burden informs Maya’s priority decision.

Trade-offs to Surface:

Feature Simplicity vs User Capability
- Simpler UI = fewer options
- More options = more documentation needed
- Find the sweet spot
Visual Simplicity vs Information
- Minimal design looks good but might hide features
- Cluttered design shows everything but confuses users
- Design hierarchy solves both
Immediate Launch vs Documentation
- Launch fast with minimal docs → users confused
- Document before launch → delays but prevents confusion
- Balance based on audience (power users vs general users)

Review Checklist

Before Review Starts

Self-review already completed (author did /pb-cycle step 1-2)
Quality gates passed (lint, type check, tests all pass)
UI/UX changes are visible (screenshots or demo)
PR description explains what and why

During Maya’s Review

User problem is validated
Solution is appropriate
Scope is bounded
User benefit is quantified
Strategic alignment is clear

During Sam’s Review

UI is self-evident (doesn’t require external docs)
Code is readable by new developers
Error messages are helpful
Accessibility standards met
Documentation (if needed) is clear

After Both Reviews

Feedback synthesized
Trade-offs explained
User value is clear
Approval given (or revisions requested)

Review Decision Tree

1. Does the feature solve a real user problem (Maya)?
   NO → Ask to validate problem first
   YES → Continue

2. Is the solution clearly communicated (Sam)?
   NO → Ask to clarify UI/code/docs
   YES → Continue

3. Is there a scope/priority disagreement?
   YES → Discuss (often about maintenance burden)
   NO → Continue

4. Is the code ready to merge?
   YES → Approve
   NO → Request specific revisions

Example: Dark Mode Review

Code Being Reviewed: Dark mode theme toggle

Maya’s Review:

Product Check:

✅ Problem validated: 40% of users use app at night
✅ User survey: 63% requested dark mode
❌ Issue: Scope includes both light and dark + auto-detection
✅ MVP: Just dark toggle (no auto-detection)
✅ Aligned with product: Competitive parity

Maya’s Recommendation: Approve toggle only. Defer auto-detection to v2.

Sam’s Review:

Clarity Check:

❌ Problem: Toggle is icon-only, unclear what it does
✅ Good: Theme applies to all pages consistently
❌ Problem: Component code is complex (no comments)
❌ Problem: No accessibility label on toggle
✅ Good: Colors have sufficient contrast

Sam’s Recommendation: Add label to toggle. Add comments to theme logic. Add ARIA labels.

Synthesis:

Trade-off Identified: Auto-detection adds complexity. Neither Maya nor Sam wants it in MVP.

Maya: “Too many features initially”
Sam: “Auto-detection is complex to document”

Approval: Conditional on Sam’s clarity fixes (labels, comments, accessibility).

Maya’s Deep Dive: /pb-maya-product - Problem validation, scope discipline, user impact
Sam’s Deep Dive: /pb-sam-documentation - Reader-centric thinking, clarity, accessibility
Code Review: /pb-review-code - General code review (both agents apply)
Accessibility: /pb-a11y - Detailed accessibility review (reference standard)
Standards: /pb-standards - Coding principles both agents apply

When to Escalate

Escalate to Linus (Security) if:

Code handles authentication, PII, or sensitive data
Client-side security matters
API integration has security implications

Escalate to Alex (Infrastructure) if:

Feature impacts performance (client or server)
Scaling implications (large data sets)
Infrastructure dependencies

Escalate to Jordan (Testing) if:

Complex interactions need testing strategy
Edge cases are unclear
Concurrency matters

Frontend review: Solves a real problem + clearly communicated

Infrastructure Review: Resilience & Security Focus

Multi-perspective infrastructure code review combining Alex Chen (Infrastructure & Resilience) and Linus Torvalds (Security & Pragmatism) expertise.

When to use: Infrastructure changes, Terraform/Kubernetes configs, deployment pipelines, security configurations, system architecture changes.

Resource Hint: opus - Systems thinking + security hardening. Parallel execution of both agents recommended.

How This Works

Two expert perspectives review in parallel, then synthesize:

Alex’s Review - Resilience lens
- What can fail? How do we recover?
- Is the system designed for failure?
- Can we deploy safely? Monitor effectively?
- Is capacity understood and modeled?
Linus’s Review - Security lens
- What are the threat vectors?
- Are implicit security assumptions correct?
- Is there data exposure risk?
- Are we making assumptions we’ll regret?
Synthesize - Combined perspective
- Identify security-resilience trade-offs
- Surface hidden assumptions
- Ensure robustness without over-engineering

Alex’s Resilience Review

See /pb-alex-infra for the comprehensive infrastructure review framework and checklist.

For infrastructure-specific review, focus on:

Failure Detection: Can we detect component failures before users notice? Are health checks in place?
Graceful Degradation: If one service fails, does the system degrade or cascade?
Deployment Safety: Are rollouts gradual? Can we rollback in < 5 minutes?
Observability: Do dashboards and alerts give actionable insights?
Capacity Planning: Are resource limits set? Load-tested to 10x peak?

Alex’s Red Flags for Infrastructure:

No health checks or monitoring of critical paths
Single point of failure (all-in-one deployment)
Manual recovery processes or rollback plans
No resource limits (services can starve each other)

Linus’s Security Review

See /pb-linus-agent for the comprehensive security review framework and checklist.

For infrastructure-specific review, focus on:

Attack Surface: What threat vectors exist? Are data in transit and at rest encrypted?
Access Control: Is least privilege enforced? Can we audit who accessed what?
Assumptions: Are we trusting the internal network? Components? User input? Could assumptions be violated?
Secrets Management: Are secrets in a vault (not code)? Rotated? Access logged?
Compliance: Is GDPR/HIPAA/PCI-DSS met? Retention policies enforced?

Linus’s Red Flags for Infrastructure:

Hardcoded secrets or credentials in code/config
No TLS for sensitive connections or internal services
Over-broad access permissions (all developers as admin)
No audit logging for administrative actions
Sensitive data in logs (credit cards, tokens, PII)

Combined Perspective: Infrastructure Review Synthesis

When Alex & Linus Agree:

✅ Infrastructure is resilient AND secure
✅ Approve for merging

When They Disagree: Common disagreement: “Should we add encryption everywhere?”

Linus says: “Encrypt all data at rest and in transit”
Alex says: “Encryption adds latency. Measure first.”
Resolution: Default to secure. Profile to find real bottlenecks. Encrypt what matters.

Trade-offs to Surface:

Security vs Performance
- Encryption adds CPU load
- But data breaches cost more
- Measure latency. Encrypt if acceptable.
Simplicity vs Defense in Depth
- One firewall is simple
- Multiple layers are complex but safer
- Use both. Understand the trade-off.
Scalability vs Security
- Autoscaling simplifies operations
- But each new instance is a potential attack surface
- Automate security hardening too.

Review Checklist

Before Review Starts

Infrastructure code change is documented
Threat model (if new infrastructure) documented
Change tested in staging environment
Rollback plan documented

During Alex’s Review

Failure modes identified
Observability sufficient
Deployment plan is safe
Capacity is modeled

During Linus’s Review

Threat vectors identified
Access control follows principle of least privilege
Secrets properly managed
Compliance met

After Both Reviews

Feedback synthesized
Security-resilience trade-offs understood
Assumptions surfaced and challenged
Approval given (or revisions requested)

Review Decision Tree

1. Is infrastructure resilient (Alex)?
   NO → Ask for resilience improvements
   YES → Continue

2. Is infrastructure secure (Linus)?
   NO → Ask for security hardening
   YES → Continue

3. Are there trade-off disagreements?
   YES → Discuss (often about latency vs security)
   NO → Continue

4. Are implicit assumptions challenged?
   YES → Re-examine whether assumptions are safe
   NO → Continue

5. Is infrastructure ready to deploy?
   YES → Approve
   NO → Request specific revisions

Example: Database Cluster Review

Code Being Reviewed: PostgreSQL cluster in Kubernetes

Alex’s Review:

Resilience Check:

✅ Primary + 2 replicas (redundancy)
✅ Health checks configured
❌ Issue: No backup strategy documented
✅ Good: Automatic failover configured
❌ Issue: No capacity planning for disk growth

Alex’s Recommendation:

Document backup strategy (daily + weekly + monthly)
Model disk usage growth
Test failover under load

Linus’s Review:

Security Check:

❌ Problem: Database password in config
❌ Problem: No encryption in transit (replication between pods)
✅ Good: Access controlled to pod network
❌ Problem: No audit logging of queries
✅ Good: Backups encrypted

Linus’s Recommendation:

Move password to secrets vault
Enable TLS for replication
Enable query audit logging
Define retention policy

Synthesis:

Trade-off Identified:

Alex: “Audit logging might slow queries”
Linus: “But data integrity requires it”
Resolution: Enable audit logging. Profile to measure impact. Add to monitoring.

Approval: Conditional on both Alex’s and Linus’s changes.

Alex’s Deep Dive: /pb-alex-infra - Systems thinking, failure modes, resilience design
Linus’s Deep Dive: /pb-linus-agent - Security assumptions, threat modeling, code correctness
Hardening: /pb-hardening - Security hardening checklist (reference standard)
Deployment: /pb-deployment - Deployment execution and verification
Standards: /pb-standards - Coding principles both agents apply

When to Escalate

Escalate to Maya (Product) if:

Infrastructure changes impact user experience
Capacity planning affects feature roadmap
Cost/benefit trade-offs matter

Escalate to Jordan (Testing) if:

Failover scenarios need testing
Load testing needed to validate capacity
Chaos engineering needed to verify resilience

Escalate to Sam (Documentation) if:

Runbooks need documentation
Complex infrastructure needs explanation
Team onboarding needs guides

Infrastructure review: Systems that don’t fail + remain secure when attacked

Test Suite Review (Coverage & Reliability)

Purpose: Comprehensive review of the project’s unit and integration tests. Focus on test quality, coverage gaps, flakiness, and brittleness.

Use when: You want to audit test suite health (not code quality or specific code changes). Focuses on: coverage gaps, flaky tests, brittle assertions, duplication.

When NOT to use: For reviewing specific code changes (use /pb-review-code instead) or general codebase health (use /pb-review-hygiene instead).

Recommended Frequency: Monthly or when test suite feels slow/flaky

Mindset: This review embodies /pb-preamble thinking (question assumptions, surface flaws) and /pb-design-rules thinking (tests should verify Clarity, verify Robustness, and confirm failures are loud).

Question test assumptions. Challenge coverage claims. Point out flaky or brittle tests. Surface duplication. Your role is to find problems, not validate the test suite.

Resource Hint: opus - evaluating test quality requires deep reasoning about coverage gaps, brittleness, and test design

Code Review Family Decision Tree

See /pb-review-code for the complete decision tree. Key distinction:

Use /pb-review-code for reviewing a specific PR or commit
Use /pb-review-hygiene for code quality and codebase health checks
Use /pb-review-tests for test suite quality, coverage, and reliability focus

When to Use

Monthly test suite maintenance ← Primary use case (scheduled, periodic)
When tests are slow or flaky (investigate reliability)
After major refactoring (verify tests still make sense)
When coverage numbers don’t match confidence (coverage gaps)
Before major releases (test suite health check before shipping)

Review Perspectives

Act as senior engineer and test architect responsible for a test suite that is:

Lean (no redundant tests)
Reliable (no flaky tests)
Meaningful (tests behavior, not implementation)
Maintainable (easy to update when code changes)

Review Goals

1. Prune Bloat

Identify redundant, outdated, or overly defensive tests
Remove or merge tests that don’t add new coverage
Flag duplicated logic or repetitive data setups
Delete tests that test framework behavior, not your code

2. Evaluate Practicality

Tests validate meaningful behavior, not implementation details
Tests are not too brittle or reliant on unstable mocks
Test naming and descriptions are clear and human-friendly
Failures produce useful error messages

3. Assess Integration Depth

Integration tests verify real system interactions (APIs, DB, queues)
Integration tests don’t duplicate what unit tests already cover
No slow, flaky, or unmaintainable integration tests
E2E tests focus on critical user journeys only

4. Check Test Organization

Tests are co-located or logically organized
Shared fixtures and helpers are reusable
Test data is sane and isolated
No hidden dependencies between tests

Test Quality Checklist

Unit Tests

Check	Question
Coverage	Are critical code paths covered?
Isolation	Do tests run independently?
Speed	Do unit tests run in < 30 seconds total?
Clarity	Can you understand what failed from the error?
Maintainability	Will tests break if implementation changes?

Integration Tests

Check	Question
Real interactions	Do they test actual service boundaries?
No duplication	Do they avoid re-testing unit-covered logic?
Reliability	Do they pass consistently (no flakiness)?
Speed	Are they fast enough for CI?
Cleanup	Do they clean up test data properly?

Test Data

Check	Question
Isolation	Is test data independent per test?
Realism	Does test data reflect real scenarios?
Maintenance	Is test data easy to update?
Security	No production data or secrets in tests?

Common Problems to Find

Problem	Signal	Fix
Flaky tests	Random failures, works on retry	Find race condition or mock issue
Brittle tests	Break when refactoring	Test behavior, not implementation
Slow tests	CI takes > 10 min	Parallelize or reduce scope
Low value tests	Test trivial getters/setters	Delete them
Duplicate tests	Same assertion in multiple tests	Consolidate
Missing tests	Critical paths untested	Add focused tests

Deliverables

1. Summary of Key Issues

Overview of:

Bloat (redundant tests)
Duplication (same test logic repeated)
Poor coverage (critical paths missing)
Misaligned focus (testing wrong things)
Reliability issues (flaky tests)

2. Concrete Recommendations

What to:

Delete - Tests that add no value
Merge - Duplicate tests
Rewrite - Brittle or unclear tests
Add - Missing coverage for critical paths

3. Next Steps Plan

Specific actions:

Split slow suites
Remove problematic mocks
Improve naming conventions
Add missing edge case tests

4. Metrics to Track

Test runtime (total and by suite)
Coverage % (lines, branches, critical paths)
Flakiness rate (failures per run)
Test count (unit vs integration vs E2E)

Example Output

## Summary of Key Issues

**Overall Health:** Needs Attention

- Test suite runs in 8 minutes (target: < 5 min)
- 3 flaky tests in API suite causing CI failures
- 15% of tests are redundant (same assertions repeated)
- Missing coverage for payment flow error handling
- Integration tests duplicate unit test coverage

## Concrete Recommendations

### Delete
- `test_user_exists.py` - Duplicates `test_user_creation.py`
- `test_config_defaults.py` - Tests framework, not our code

### Rewrite
- `test_api_auth.py` - Brittle, breaks on header changes
- `test_payment_flow.py` - No error path coverage

### Add
- Error handling tests for payment service
- Edge cases for user validation

## Next Steps

1. [1 hour] Fix 3 flaky tests in API suite
2. [2 hours] Delete 12 redundant tests
3. [4 hours] Add payment error handling tests
4. [1 hour] Split slow integration suite

## Metrics

| Metric | Current | Target |
|--------|---------|--------|
| Total runtime | 8 min | < 5 min |
| Flaky tests | 3 | 0 |
| Unit test coverage | 72% | 80% |
| Integration tests | 45 | 30 (reduce) |

/pb-review - Orchestrate comprehensive multi-perspective review
/pb-review-hygiene - Code quality and operational readiness
/pb-testing - Testing guidance and patterns
/pb-cycle - Self-review + peer review iteration

Last Updated: 2026-01-21 Version: 2.0

Documentation Review

Purpose: Conduct a comprehensive review of project documentation for accuracy, completeness, and maintainability. Ensure docs remain human-readable and actionable.

Recommended Frequency: Monthly or before major releases

Mindset: Documentation review embodies /pb-preamble thinking (surface gaps, challenge assumptions) and /pb-design-rules thinking (especially Clarity: documentation should be obviously correct).

Find unclear sections, challenge stated assumptions, and surface gaps. Good documentation invites scrutiny and makes the system’s reasoning transparent.

Resource Hint: opus - documentation review requires nuanced judgment across accuracy, clarity, completeness, and audience fit

When to Use

Before major releases (verify docs match new features)
Monthly maintenance check
After significant code changes
When onboarding reveals confusion
When support tickets indicate doc gaps

Review Perspectives

Act as these roles simultaneously:

Senior Engineer - Technical accuracy, API correctness
Product Manager - User journey, feature coverage
Technical Writer - Clarity, structure, readability
Security Reviewer - Secrets exposure, compliance gaps
New Engineer - Onboarding experience, setup clarity

Review Checklist

1. Quick Summary

For each document:

One or two lines describing intended purpose and audience
Does it serve that purpose? If not, mark for rewrite or removal

2. Accuracy Check

Facts, architecture diagrams, API signatures are correct
Environment variables and configuration are current
Commands are copy-paste ready and validated
Links are not broken
Code examples match current codebase

3. Conciseness and Focus

No repetitive, irrelevant, or verbose sections
No unnecessary background or history
Each section has clear purpose
Examples are minimal but complete

4. Actionability

Instructions are copy-paste ready
All steps are explicit (no assumed knowledge)
Missing context is identified and added
Next steps are clear

5. Completeness

For critical areas, ensure docs include:

Quickstart - Works for a new contributor
Architecture overview - Responsibilities and data flows
API reference - Matches current code
Runbooks - Common failures and recovery steps
Security notes - Secrets, scopes, approvals
Onboarding checklist - For new engineers
Changelog - Recent major changes

6. Ownership and Maintenance

Owner/maintainer identified
Last updated date is present and recent
Review cadence is specified
Stale docs are flagged

7. Links and References

No broken links
No outdated external references
No docs that duplicate each other unnecessarily

8. Readability and Tone

Plain human language
Sensible headings and clear bullets
Example usage provided
Active, pragmatic wording (not passive/robotic)

AI Content Detection

Flag sections matching these signals:

Signal	Example	Action
Repetitive phrasing	Same sentences across docs	Deduplicate or rewrite
Generic placeholders	`<thing>` used repeatedly	Add concrete values
Shallow polish	Confident but no actionable content	Rewrite with specifics
Incorrect specifics	Wrong dates, versions, configs	Verify and correct
Jargon without steps	Technical terms, no examples	Add concrete examples
Marketing tone	PR-speak in technical docs	Rewrite for engineers

When flagging, suggest replacement text or mark for human rewrite.

Deliverables

1. Executive Summary

3-5 bullets of overall documentation health and top priorities.

2. Per-Document Findings

For each doc reviewed:

**File:** `README.md`
- **Purpose:** Quickstart + project overview
- **Audience:** New contributors
- **Issues:**
  - Outdated command on line 45
  - Verbose background section (lines 70-120)
- **Recommended fix:**
  - Update command to `docker compose up --build`
  - Move background to `docs/history.md`
- **Priority:** Short term
- **Owner:** @alice
- **Effort:** 1 hour

3. Prioritized Action List

Priority	File	Issue	Fix	Owner	Effort
Immediate	security.md	Missing auth flow	Add diagram	@bob	2h
Short term	README.md	Stale commands	Update	@alice	1h
Long term	api.md	Incomplete	Expand	TBD	4h
Remove	old-setup.md	Obsolete	Delete	@alice	15m

4. AI Content Flagged

Sections likely AI-generated, with suggested rewrites.

5. Metrics to Track

Number of docs changed
Average doc length
Number of broken links
Coverage of quickstart/runbooks
Number of flagged AI-like passages

Sample Output

## Executive Summary

- README is current but verbose in background section
- API docs are 3 months stale, missing new endpoints
- Runbooks exist but lack troubleshooting steps
- No broken links found
- 2 sections flagged as potentially AI-generated

## Per-Document Findings

### README.md
- Purpose: Quickstart + overview
- Issues: Lines 70-120 too verbose, command on line 45 outdated
- Fix: Update command, move background to separate doc
- Priority: Short term | Owner: @alice | Effort: 1 hour

### docs/api.md
- Purpose: API reference
- Issues: Missing /users/profile endpoint, wrong auth header
- Fix: Add endpoint, correct header example
- Priority: Immediate | Owner: @bob | Effort: 2 hours

/pb-review - Orchestrate comprehensive multi-perspective review
/pb-review-hygiene - Code quality and operational readiness
/pb-documentation - Documentation writing guidance
/pb-repo-readme - Generate comprehensive README
/pb-repo-docsite - Set up documentation site

Last Updated: 2026-01-21 Version: 2.0

Technical + Product Review

Purpose: Periodic, in-depth review from four expert perspectives: Senior Engineer, Technical Architect, Security Expert, and Product Manager.

Recommended Frequency: Quarterly or before major product decisions

Mindset: Multi-perspective review embodies /pb-preamble thinking (each perspective challenges the others) and /pb-design-rules thinking (design decisions should honor Clarity, Simplicity, and user needs).

Surface disagreements-they often surface real problems that single views miss.

Resource Hint: opus - multi-perspective review spanning engineering, architecture, security, and product strategy

When to Use

Quarterly strategic alignment check
Before major product decisions or pivots
After significant feature launches
When engineering and product seem misaligned
Before annual planning

Context

You are seasoned, pragmatic experts in your field. You value simplicity, maintainability, and genuine user value over theoretical perfection or trendy complexity. Provide critical, constructive feedback grounded in real-world experience.

Write in a natural, conversational yet professional tone - not stilted AI-generated language.

Review Perspectives

1. Senior Engineer (Code Health & Maintainability)

Readability & Clarity:

Does the code tell a clear story?
Can a new engineer understand flow and intent without excessive comments?
Point to specific files or modules that are exemplary or problematic.

Simplicity & Over-engineering:

Where have we made things more complex than necessary?
Look for convoluted abstractions, dogmatic design patterns, or “clever” code that sacrifices readability.

Technical Debt & Bottlenecks:

Identify areas of accumulating technical debt.
Are there slow tests, flaky integrations, or modules that are difficult to change?
Be specific about potential consequences.

Testing Strategy:

Is the test suite effective and practical?
Good balance of unit, integration, and end-to-end tests?
Are tests focused on behavior rather than implementation?

2. Technical Architect (System Design & Evolution)

Architectural Integrity:

Is the system’s design adhering to its intended principles?
Have recent features introduced coupling or violated separation of concerns?

Scalability & Efficiency:

How does the architecture handle scale?
Are there components that would become bottlenecks under load?
Consider data flow, API design, and database interactions.

Dependency & Bloat Audit:

Are we using dependencies effectively?
Are there libraries we’ve outgrown or that are overly heavy for our use case?
Are we at risk of dependency hell?

Future-Proofing:

How easy would it be to extend the system with a new significant feature?
Are the right extension points in place?

3. Security Expert (Security & Compliance)

Practical Security Review:

How is security actually implemented?
Are secrets managed properly?
Is authentication/authorization logic consistent and robust?
Are we logging security-relevant events effectively?

Dependency Vulnerabilities:

State of dependency vulnerability management?
Are we responsive to patches?

Data Handling & Privacy:

Is sensitive data handled appropriately?
Are we following least privilege and data minimization principles?

Anti-Patterns:

Custom crypto?
Exposed internal errors?
Misconfigured security headers?

4. Product Manager (Product Fit & Value)

Feature Efficacy & Usage:

Are features delivering expected user value?
Based on what evidence (metrics, feedback)?
Are there features that are underused or could be simplified/removed?

Avoiding Bloat:

Where are we adding complexity without commensurate value?
Are we building for edge cases at the cost of common cases?

Cohesion & User Journey:

Does the product feel like a cohesive whole?
Is the user experience consistent?

Pragmatism vs. Perfection:

Did we over-invest in perfecting a feature that only needed “good enough”?
Did we under-invest in a critical user-facing area?

Cross-Cutting Concerns

Be a guardian against bloat and synthetic code artifacts:

Unnecessary Abstraction: Code abstracted too early or for a single use case.
Overly Descriptive Naming: Variable names so verbose they harm readability.
Inconsistent Code Style: Sections that feel alien, suggesting copy-paste without integration.
Solution in Search of a Problem: Components that are architecturally “interesting” but solve trivial or non-existent problems.

Goals

Keep codebase lean, human-readable, maintainable
Eliminate bloat, redundancy, over-abstraction
Encourage clarity, simplicity, real-world usefulness
Maintain human tone in naming, docs, and communication

Deliverables

1. Summary of Key Findings

Per-role summary of most important observations.

2. Actionable Recommendations

Specific, prioritized as:

High: Must address soon
Medium: Should address when convenient
Low: Nice to have

3. Next Steps

What should be done before the next review cycle.

4. Risk Assessment (Optional)

Trade-offs, effort estimates, or risks of inaction.

Output Format

## Review Summary

### Senior Engineer
[Key findings in 2-3 paragraphs]

### Technical Architect
[Key findings in 2-3 paragraphs]

### Security Expert
[Key findings in 2-3 paragraphs]

### Product Manager
[Key findings in 2-3 paragraphs]

---

## Recommendations

| Priority | Area | Recommendation | Rationale |
|----------|------|----------------|-----------|
| High | [Area] | [Specific action] | [Why] |
| Medium | [Area] | [Specific action] | [Why] |

---

## Next Steps

1. [Immediate action]
2. [Follow-up action]
3. [Longer-term consideration]

/pb-review - Orchestrate comprehensive multi-perspective review
/pb-review-code - Code change review for PRs
/pb-review-hygiene - Code quality and operational readiness
/pb-plan - Feature and release planning
/pb-adr - Architecture decision records

Last Updated: 2026-01-21 Version: 2.0

Codebase Hygiene Review (Periodic Health Check)

Purpose: Periodic, codebase-wide review of code quality and operational readiness. Combines cleanup (code patterns, duplication, complexity) and hygiene (operational health, dependencies, documentation).

Use when: You want a periodic audit of your entire codebase (not a specific PR). Monthly or before starting new development.

When NOT to use: For reviewing specific code changes (use /pb-review-code instead) or focusing on test quality (use /pb-review-tests instead).

Recommended Frequency: Monthly or before starting new development

Mindset: This review embodies /pb-preamble thinking (surface flaws directly, challenge assumptions) and /pb-design-rules thinking (Clarity, Simplicity, Modularity, Robustness).

Challenge hidden assumptions about what “health” means. Surface risks directly. Focus on reducing complexity and tech debt. Don’t soften findings to be diplomatic.

Resource Hint: opus - comprehensive hygiene review spans code quality, operations, security, and documentation across entire codebase

Code Review Family Decision Tree

See /pb-review-code for the complete decision tree. Key distinction:

Use /pb-review-code for reviewing a specific PR or commit
Use /pb-review-hygiene for periodic (monthly) health checks of entire codebase
Use /pb-review-tests for test suite quality and coverage focus

When to Use

Monthly maintenance check ← Primary use case (scheduled, periodic)
Before starting a fresh round of development (cleanup mode)
Pre-release operational readiness assessment
After major refactoring (verify patterns still clean)
When codebase feels “heavy” or hard to work with (signal that health check is needed)

Review Perspectives

Act as these roles simultaneously:

Senior Engineer - Technical soundness, codebase cleanliness, dependency health
Technical Architect - System design, infrastructure readiness, scalability
DevOps/Operations - Automation, deployment, observability coverage
Security Reviewer - Security posture, compliance gaps

Part 1: Code Quality (Cleanup Focus)

1.1 Repository Health Check

Repo structure aligns with best practices (scripts, configs, docs clearly separated)
Versioning, tags, and branches are clear and consistent
README accurately describes purpose, setup, and usage
LICENSE, CONTRIBUTING, and CHANGELOG are present and current

1.2 Code Review and Cleanup

Remove duplication across scripts/modules (dedupe functions, configs)
Consolidate constants, paths, config variables into single source of truth
Strip unused code, comments, placeholders from prior iterations
Refactor overly complex logic into simple, maintainable patterns

1.3 AI/Boilerplate Bloat Detection

Look for telltale signs of over-generation:

Signal	Example	Action
Generic error handling	`catch(e) { /* ignore */ }`	Add meaningful handling
Repeated boilerplate	Same setup in 10 test files	Extract to shared fixture
Over-commenting	Comments stating the obvious	Remove or rewrite
Verbose naming	`theUserWhoIsCurrentlyLoggedIn`	Simplify to `currentUser`
Copy-paste artifacts	Code from unrelated projects	Remove or adapt

1.4 Telltale Signs Checklist

No generic error handling that hides useful context
No repeated boilerplate where a function/loop is better
No over-commenting or comments stating the obvious
No inconsistent variable names
No copy-paste leftovers from unrelated projects

Part 2: Operational Readiness (Hygiene Focus)

2.1 Codebase Health

Clear, readable structure with no major dead code
Dependencies up to date and pinned
Build scripts and Makefiles functional and minimal
Linting, formatting, and static checks passing
Sensitive info (API keys, creds) properly excluded

2.2 Tests and Quality Gates

Unit/integration tests running in CI
Coverage reports available and meaningful
Flaky tests identified and tracked
Test data sane and isolated

2.3 Documentation and Metadata

README covers setup, run, and contribution steps
Architecture overview updated with recent changes
Owner/maintainer info available
CHANGELOG reflects recent changes

2.4 CI/CD and Infrastructure

Pipelines consistent, reproducible, and passing
Deployments versioned and auditable
Monitoring, alerting, and rollback procedures exist
Environment variables and secrets documented

2.5 Security and Compliance

Dependencies scanned for vulnerabilities
Secrets properly stored (Vault, Secret Manager, etc.)
Logging and access controls verified
No unpatched services or public exposure risks

2.6 Operational Readiness

New engineer can onboard easily
Recovery/runbooks available for production issues
Resource usage (CPU, memory, DB) monitored
Error budgets or SLAs tracked

Human-Level Sanity Check

Ask these questions:

Question	Target
Readability	Can another engineer grasp intent at a glance?
Minimalism	Does each line have a purpose?
Maintainability	Can future contributors extend it easily?
Consistency	Does the repo feel like it was written by one person?

Quick Wins Identification

List small improvements (< 2 hours each) that yield immediate benefits:

Examples:

Update README section with current setup steps
Remove unused Docker image from CI
Add missing env var documentation
Enable Dependabot for dependency updates
Refresh lock file to remove vulnerabilities
Delete dead code module

Deliverables

1. Executive Summary

3-5 bullet overview of overall health:

Good - Minor issues, ready for development
Needs Attention - Notable issues, address before heavy development
At Risk - Critical issues, stop and fix first

2. Key Findings

Grouped by category with severity tags:

Category	Finding	Severity	Location
Codebase	Dead code in utils/	Medium	utils/legacy.ts
Security	Hardcoded API key	Critical	config.ts:45
Docs	README setup outdated	Minor	README.md

3. Quick Wins List

Practical actions sorted by effort:

[15 min] Remove unused imports in 5 files
[30 min] Update README quickstart
[1 hour] Add missing error handling in API client

4. Next Review Focus

Areas that need deeper follow-up next cycle.

Example Output

## Executive Summary

**Overall Health:** Needs Attention

- Codebase is generally clean but has accumulated dead code in utils/
- Security posture is good, no critical vulnerabilities found
- Documentation is stale, README doesn't match current setup
- Test coverage is adequate but 3 flaky tests need attention
- Dependencies are 6 months old, recommend update cycle

## Key Findings

| Category | Finding | Severity | Location |
|----------|---------|----------|----------|
| Codebase | 200+ lines of dead code | Medium | utils/legacy.ts |
| Codebase | Duplicate config loading | Low | config/*.ts |
| Tests | 3 flaky tests | Medium | tests/api.test.ts |
| Docs | Outdated quickstart | Medium | README.md |
| Deps | 12 outdated packages | Low | package.json |

## Quick Wins

1. [15 min] Delete utils/legacy.ts (confirmed unused)
2. [30 min] Fix README quickstart section
3. [1 hour] Update 12 outdated dependencies
4. [2 hours] Investigate and fix flaky tests

## Next Review Focus

- Deep security audit before v2.0 release
- Performance review after new caching layer

/pb-review - Orchestrate comprehensive multi-perspective review
/pb-review-code - Code change review for PRs
/pb-review-tests - Test suite health review
/pb-security - Security audit
/pb-repo-organize - Clean up repository structure

Last Updated: 2026-01-21 Version: 2.0.0

Microservice Architecture Review

Framework for reviewing microservice design, implementation, and operations.

Mindset: Microservice reviews embody /pb-preamble thinking (question service boundaries) and /pb-design-rules thinking (especially Modularity and Separation: are services correctly decoupled?).

Question whether the service boundary is correct. Challenge the coupling assumptions. Surface design flaws before they become operational problems.

Resource Hint: opus - microservice review requires deep analysis of boundaries, coupling, data ownership, and operational concerns

When to Use

Evaluating a new service before it goes to production
Periodic architecture review of existing microservices
After splitting a monolith or extracting a new service
When inter-service communication issues arise

Purpose

Microservice reviews ensure:

Clear boundaries - Service owns specific business domain
Loose coupling - Services don’t depend on each other’s internals
Scalability - Service can scale independently
Resilience - Service failures don’t cascade
Observability - Can debug issues across services
Deployability - Can deploy independently

Review Checklist

1. Service Boundaries

Question: Is this the right scope for a service?

Bad Service Boundaries:

Service per function (getUser, createUser, deleteUser = 3 services)
Service per tier (frontend, backend, database services)
Service per database table
Shared database between services

Good Service Boundaries:

Service per business domain (User Service, Order Service, Payment Service)
Service owns its data (no shared database)
Service encapsulates related functionality
Service is independently deployable

Checklist:

☐ Service boundary aligns with business domain
☐ Service has clear responsibility
☐ Service owns its data (no shared database)
☐ Service can be deployed independently
☐ Service makes sense to teams (not fragmented across 10 teams)
☐ Not too big (>3 teams can't understand it)
☐ Not too small (<1 person can't maintain it)

Example: Good vs Bad Boundaries

[NO] Bad:

UserService:
  - User authentication
  - User profile
  - User permissions
  - User sessions
  - User roles

(Too big, mixing auth + profile + permissions)

[YES] Good:

Identity Service:
  - User authentication
  - User sessions
  - Token generation

User Service:
  - User profile
  - User data management

Authorization Service:
  - Permissions
  - Role-based access control

(Each service has focused responsibility)

2. API Contract & Versioning

Question: Is the service API stable and well-defined?

API Checklist:

☐ API endpoints documented with examples
☐ Request/response formats defined (JSON schema)
☐ Authentication mechanism documented
☐ Error responses documented (what can fail?)
☐ Rate limiting defined (requests/sec)
☐ Timeout values defined
☐ Retry policy defined
☐ API versioning strategy (v1, v2, etc.)
☐ Deprecation timeline documented

Good API Design:

// Example: Well-documented API

/**
 * Get user by ID
 *
 * Endpoint: GET /api/v1/users/:id
 *
 * Response: 200 OK
 * {
 *   "id": "uuid",
 *   "email": "user@example.com",
 *   "name": "John Doe"
 * }
 *
 * Errors:
 * - 404 Not Found: User doesn't exist
 * - 401 Unauthorized: Missing auth token
 * - 403 Forbidden: No permission to view user
 *
 * Rate limit: 100 requests/min
 * Timeout: 5 seconds
 * Retry: Idempotent (safe to retry)
 */
async function getUser(userId) {
  if (!userId) throw new BadRequest("userId required");
  const user = await db.users.findById(userId);
  if (!user) throw new NotFound("User not found");
  return {
    id: user.id,
    email: user.email,
    name: user.name
  };
}

Python Example:

from flask import jsonify, request
from functools import wraps

def require_auth(f):
    """Decorator to require authentication."""
    @wraps(f)
    def decorated(*args, **kwargs):
        token = request.headers.get('Authorization')
        if not token:
            return jsonify({"error": "Missing auth token"}), 401
        return f(*args, **kwargs)
    return decorated

@app.get('/api/v1/users/<user_id>')
@require_auth
def get_user(user_id):
    """
    Get user by ID

    Response: 200 OK {id, email, name}
    Errors: 404 Not Found, 401 Unauthorized, 403 Forbidden
    Rate limit: 100 requests/min
    Timeout: 5 seconds
    """
    user = db.query(User).filter(User.id == user_id).first()
    if not user:
        return jsonify({"error": "User not found"}), 404

    # Check permissions
    current_user = get_current_user()
    if not can_view_user(current_user, user):
        return jsonify({"error": "Permission denied"}), 403

    return jsonify({
        "id": user.id,
        "email": user.email,
        "name": user.name
    })

API Versioning Strategy:

Option 1: URL Versioning (Simple)
GET /v1/users/123
GET /v2/users/123

Option 2: Header Versioning (Clean)
GET /users/123
Header: API-Version: 2

Option 3: Content Negotiation
GET /users/123
Header: Accept: application/vnd.myapp.v2+json

Recommend: URL versioning (simple, clear)
Deprecation: Support v1 for 6 months, then remove

3. Data Management

Question: How does service manage data?

Checklist:

☐ Service owns its data (no shared database)
☐ Data migrations documented
☐ Backup strategy defined
☐ Data retention policy defined
☐ Database indexes optimized (EXPLAIN ANALYZE run)
☐ Connection pooling configured
☐ Read replicas set up (if needed)

Good Data Practice:

# Service owns its database (no shared access)

class UserService:
    def __init__(self, db_pool):
        # Own database, not shared
        self.db_pool = db_pool

    def get_user(self, user_id):
        """Query from own database."""
        conn = self.db_pool.get_connection()
        try:
            cursor = conn.cursor()
            cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
            return cursor.fetchone()
        finally:
            conn.release()

# [NO] Bad: Sharing database
# Both services query same database
class OrderService:
    def __init__(self, shared_db_pool):
        self.db_pool = shared_db_pool

    def create_order(self, user_id):
        # Querying shared database
        cursor = self.db_pool.query("SELECT * FROM users WHERE id = ?", user_id)
        # Coupled to User Service's schema

4. Service Communication

Question: How do services talk to each other?

Checklist:

☐ Communication pattern documented (sync vs async)
☐ Service discovery mechanism (DNS, Consul, etc.)
☐ Resilience patterns (Circuit Breaker, Retry)
☐ Timeout values set
☐ Error handling defined
☐ Cascading failure prevention (bulkheads)

Good Communication Pattern:

from circuitbreaker import circuit

class OrderService:
    def __init__(self, payment_service):
        self.payment_service = payment_service

    @circuit(failure_threshold=5, recovery_timeout=60)
    def process_payment(self, amount):
        """Call Payment Service with Circuit Breaker."""
        try:
            # Call with timeout
            result = self.payment_service.charge(
                amount=amount,
                timeout=5
            )
            return result
        except ServiceUnavailable:
            # Service down, circuit breaker will open
            # Next call fails immediately without trying
            raise
        except Exception as e:
            # Log and fail
            logger.error(f"Payment failed: {e}")
            raise

    def create_order(self, customer_id, items):
        try:
            # Try to charge payment
            payment = self.process_payment(total_amount)

            # Create order asynchronously
            self.queue_order_creation(customer_id, items, payment.id)

            return {"success": True, "payment_id": payment.id}

        except ServiceUnavailable:
            # Circuit breaker open, service down
            return {"success": False, "error": "Payment service unavailable"}

        except Exception:
            # Unexpected error, fail the order
            raise

Service Discovery:

# Using Consul for service discovery
from consul import Consul

class ServiceDiscovery:
    def __init__(self):
        self.consul = Consul(host='consul.example.com')

    def get_service(self, service_name):
        """Get service address from Consul."""
        _, services = self.consul.health.service(service_name, passing=True)
        if not services:
            raise ServiceNotFound(f"{service_name} not available")

        # Pick a service (round-robin)
        service = services[0]
        return f"http://{service['Service']['Address']}:{service['Service']['Port']}"

# Usage
discovery = ServiceDiscovery()
payment_service_url = discovery.get_service('payment-service')
response = requests.get(f"{payment_service_url}/api/charge", ...)

5. Health & Observability

Question: Can we monitor and debug the service?

Health Checks:

Checklist:
☐ Health check endpoint (GET /health)
☐ Readiness probe (can handle requests?)
☐ Liveness probe (is service alive?)
☐ Dependency health (can reach database? Other services?)

Example Health Endpoint:

@app.get('/health')
def health_check():
    """Service health status."""
    checks = {}

    # Check database connectivity
    try:
        db.query("SELECT 1")
        checks['database'] = 'healthy'
    except Exception as e:
        checks['database'] = f'unhealthy: {e}'

    # Check cache connectivity
    try:
        cache.ping()
        checks['cache'] = 'healthy'
    except Exception as e:
        checks['cache'] = f'unhealthy: {e}'

    # Check downstream service
    try:
        requests.get('http://payment-service/health', timeout=2)
        checks['payment_service'] = 'healthy'
    except Exception as e:
        checks['payment_service'] = f'unhealthy: {e}'

    # Overall status
    is_healthy = all(v == 'healthy' for v in checks.values())
    status = 200 if is_healthy else 503

    return jsonify({
        'status': 'healthy' if is_healthy else 'unhealthy',
        'checks': checks
    }), status

@app.get('/ready')
def readiness():
    """Is service ready to handle requests?"""
    # Check critical dependencies only
    if not database_available():
        return jsonify({'ready': False}), 503
    return jsonify({'ready': True}), 200

@app.get('/live')
def liveness():
    """Is service alive?"""
    # Simple check, doesn't verify dependencies
    return jsonify({'alive': True}), 200

Observability Checklist:

☐ Structured logging (JSON with correlation ID)
☐ Metrics exported (Prometheus, StatsD)
☐ Distributed tracing configured (Jaeger, Zipkin)
☐ Alerts defined (high error rate, latency, etc.)
☐ SLI/SLO defined (what's success?)

Example: Structured Logging

import logging
import json
from uuid import uuid4

class JSONFormatter(logging.Formatter):
    def format(self, record):
        return json.dumps({
            'timestamp': self.formatTime(record),
            'level': record.levelname,
            'message': record.getMessage(),
            'service': 'user-service',
            'request_id': getattr(record, 'request_id', None),
            'user_id': getattr(record, 'user_id', None),
            'extra': getattr(record, 'extra', {})
        })

logger = logging.getLogger('user-service')
handler = logging.StreamHandler()
handler.setFormatter(JSONFormatter())
logger.addHandler(handler)

# Usage with correlation ID
def process_request(request):
    request_id = str(uuid4())
    logger.info(
        "Processing request",
        extra={'request_id': request_id}
    )
    try:
        # Process...
        logger.info("Request succeeded", extra={'request_id': request_id})
    except Exception as e:
        logger.error(
            f"Request failed: {e}",
            extra={'request_id': request_id}
        )

6. Deployment & Operations

Question: Can we deploy and operate this service independently?

Checklist:

☐ Service can be deployed without deploying others
☐ Backward compatibility maintained (old and new versions work)
☐ Database migrations handled gracefully
☐ Canary deployment tested
☐ Rollback procedure documented
☐ Monitoring/alerting in place before deployment

Good Deployment Practice:

# Kubernetes Deployment

apiVersion: apps/v1
kind: Deployment
metadata:
  name: user-service
spec:
  replicas: 3
  selector:
    matchLabels:
      app: user-service
  template:
    metadata:
      labels:
        app: user-service
    spec:
      containers:
      - name: user-service
        image: myregistry.azurecr.io/user-service:v1.2.3
        ports:
        - containerPort: 8080

        # Health checks
        livenessProbe:
          httpGet:
            path: /live
            port: 8080
          initialDelaySeconds: 10
          periodSeconds: 5

        readinessProbe:
          httpGet:
            path: /ready
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 3

        # Resource limits (prevent resource exhaustion)
        resources:
          requests:
            memory: "256Mi"
            cpu: "250m"
          limits:
            memory: "512Mi"
            cpu: "500m"

        # Environment variables
        env:
        - name: DATABASE_URL
          valueFrom:
            secretKeyRef:
              name: user-service-secret
              key: database-url
        - name: CACHE_REDIS_URL
          value: "redis://cache:6379"

Canary Deployment Script (Go Example):

package main

import (
    "fmt"
    "log"
    "time"
)

func canaryDeploy(serviceName, newVersion string) error {
    log.Printf("Starting canary deployment of %s:%s", serviceName, newVersion)

    // Step 1: Deploy new version with 10% traffic
    fmt.Printf("Deploying %s:%s with 10%% traffic\n", serviceName, newVersion)
    if err := setTrafficSplit(serviceName, oldVersion=90, newVersion=10); err != nil {
        return fmt.Errorf("failed to set traffic split: %w", err)
    }

    // Step 2: Monitor for 5 minutes
    fmt.Println("Monitoring new version for 5 minutes...")
    time.Sleep(5 * time.Minute)

    // Step 3: Check error rate
    errorRate := getErrorRate(serviceName, newVersion)
    if errorRate > 0.05 { // >5% error rate
        log.Printf("Error rate too high (%.2f%%), rolling back", errorRate*100)
        return rollback(serviceName)
    }

    // Step 4: Increase to 50% traffic
    fmt.Printf("Increasing %s to 50%% traffic\n", newVersion)
    if err := setTrafficSplit(serviceName, oldVersion=50, newVersion=50); err != nil {
        return fmt.Errorf("failed to increase traffic: %w", err)
    }

    // Step 5: Monitor for 10 minutes
    time.Sleep(10 * time.Minute)

    // Step 6: Check again
    errorRate = getErrorRate(serviceName, newVersion)
    if errorRate > 0.05 {
        log.Printf("Error rate too high, rolling back")
        return rollback(serviceName)
    }

    // Step 7: Full deployment
    fmt.Printf("Full deployment of %s:%s\n", serviceName, newVersion)
    if err := setTrafficSplit(serviceName, oldVersion=0, newVersion=100); err != nil {
        return fmt.Errorf("failed to finalize deployment: %w", err)
    }

    log.Printf("Successfully deployed %s:%s", serviceName, newVersion)
    return nil
}

7. Testing

Question: Is the service tested thoroughly?

Checklist:

☐ Unit tests cover critical paths
☐ Integration tests with real database
☐ Contract tests with other services
☐ Load tests show performance baseline
☐ Chaos testing (what if service X is slow?)
☐ Error scenarios tested

Example: Contract Test

import requests
import pytest

class PaymentServiceContractTest:
    """Test contract between Order Service and Payment Service."""

    @pytest.fixture
    def payment_service_url(self):
        return 'http://localhost:8082'

    def test_charge_payment_success(self, payment_service_url):
        """Test successful payment charge."""
        response = requests.post(
            f'{payment_service_url}/api/v1/charges',
            json={
                'amount': 99.99,
                'currency': 'USD',
                'customer_id': 'cust_123'
            }
        )

        assert response.status_code == 200
        assert 'charge_id' in response.json()
        assert response.json()['amount'] == 99.99

    def test_charge_payment_insufficient_funds(self, payment_service_url):
        """Test payment failure (insufficient funds)."""
        response = requests.post(
            f'{payment_service_url}/api/v1/charges',
            json={
                'amount': 999999.99,
                'currency': 'USD',
                'customer_id': 'cust_poor'
            }
        )

        assert response.status_code == 400
        assert 'insufficient_funds' in response.json()['error']

    def test_charge_payment_timeout(self, payment_service_url):
        """Test payment service timeout."""
        response = requests.post(
            f'{payment_service_url}/api/v1/charges',
            json={'amount': 99.99, 'customer_id': 'cust_123'},
            timeout=5
        )

        # Service should timeout, not hang
        assert response.status_code in [408, 504]

Common Microservice Issues

Issue 1: Shared Database

Problem:

User Service → Shared Database ← Order Service
              (tight coupling)

Why Bad:

User Service can’t change schema without coordinating
Order Service depends on User database being up
Scaling difficult (can’t scale User db independently)

Fix:

User Service → User Database
Order Service → Order Database

Services communicate via API (loose coupling)

Issue 2: Cascading Failures

Problem:

Request → Service A → Service B (down) → Timeout → Request hangs
(Service B down affects Service A)

Why Bad:

One service down cascades to all upstream services
Whole system becomes slow/unavailable

Fix:

Request → Service A
          (with Circuit Breaker, Retry, Timeout)
          → Service B

If Service B down:
- Circuit breaker opens
- Service A fails fast (doesn't hang)
- System stays responsive

Issue 3: Data Consistency

Problem:

Order created in Order Service
Payment processed in Payment Service
(Events arrive out of order, data inconsistent)

Why Bad:

Payment might be processed before order exists
Orphaned payments, invalid orders

Fix:

Use Saga pattern:
1. Order Service receives order
2. Publishes "order.created" event
3. Payment Service listens, validates order exists
4. Publishes "payment.processed" or "payment.failed"
5. If failed, Order Service compensates (cancels order)

Review Template

Use this template to review a microservice:

# Review: [Service Name]

## Service Boundaries
- [ ] Domain clearly defined
- [ ] Owns its data
- [ ] Independently deployable

## API Contract
- [ ] Endpoints documented
- [ ] Response formats defined
- [ ] Error handling defined
- [ ] Versioning strategy defined

## Data Management
- [ ] Own database (no shared)
- [ ] Migrations handled
- [ ] Indexes optimized
- [ ] Connection pooling configured

## Communication
- [ ] Pattern documented (sync/async)
- [ ] Resilience patterns implemented
- [ ] Timeouts configured
- [ ] Error handling defined

## Health & Observability
- [ ] Health checks implemented
- [ ] Logging configured (JSON, correlation IDs)
- [ ] Metrics exported
- [ ] Tracing configured
- [ ] Alerts defined

## Deployment
- [ ] Independent deployment tested
- [ ] Backward compatibility maintained
- [ ] Canary deployment documented
- [ ] Rollback procedure documented

## Testing
- [ ] Unit tests adequate
- [ ] Integration tests in place
- [ ] Contract tests with dependencies
- [ ] Load tests performed
- [ ] Error scenarios tested

## Issues Found
1. [Issue]: [Description] [Severity: P1/P2/P3]
2. ...

## Recommendations
1. [Recommendation]
2. ...

## Sign-off
Reviewed by: [Name]
Date: [Date]
Status: APPROVED / APPROVED WITH CONDITIONS / REJECTED

/pb-patterns-core - SOA and Event-Driven architecture
/pb-patterns-resilience - Resilience patterns (Circuit Breaker, Retry, Rate Limiting)
/pb-patterns-distributed - Saga, CQRS patterns
/pb-observability - Health checks, monitoring
/pb-incident - Handling microservice failures

Created: 2026-01-11 | Category: Architecture | Tier: L

Comprehensive Project Review

Purpose: Orchestrate multi-perspective reviews by coordinating specialized review commands. Consolidate findings into actionable priorities.

Recommended Frequency: Monthly or before major releases

Mindset: This review embodies /pb-preamble thinking (challenge assumptions, surface risks) and /pb-design-rules thinking (verify Clarity, Simplicity, Robustness across the codebase).

Resource Hint: opus - orchestrates multiple review perspectives requiring deep cross-cutting analysis

When to Use

Pre-release comprehensive audit
Monthly project health check
After major architectural changes
Post-incident review
New team member onboarding (codebase assessment)

Multi-Perspective Reviews (v2.11.0+)

For deeper, more contextualized reviews by complementary personas:

Review Type	Purpose	Use When
`/pb-review-backend`	Systems reliability & testing	Backend code, APIs, data layer
`/pb-review-frontend`	User experience & clarity	Frontend code, UI, documentation
`/pb-review-infrastructure`	Security & resilience	Infrastructure, deployments, hardening

Persona Deep Dives:

/pb-linus-agent - Security pragmatism and threat modeling
/pb-alex-infra - Systems thinking and resilience design
/pb-maya-product - User impact and scope discipline
/pb-sam-documentation - Clarity and knowledge transfer
/pb-jordan-testing - Test coverage and reliability

See /pb-preamble for the team thinking philosophy that enables these perspectives to complement rather than conflict.

Persona Composition: When to Use Together

Recommended sequence for multi-persona reviews:

Phase 1: Scope Lock (Start Here)

Persona: /pb-maya-product - 15-20 minutes
Goal: Validate you’re solving the right problem for the right users
Outcome: “This feature solves a real user problem, scope is bounded”
Result: Proceed or pivot before engineering effort

Phase 2: Quality Review (Run in Parallel)

Persona 1: /pb-linus-agent - 30-45 minutes
- Goal: Verify code correctness, security assumptions, simplicity
Persona 2: /pb-alex-infra - 20-30 minutes
- Goal: Verify resilience, failure modes, scalability
Persona 3: /pb-jordan-testing - 20-30 minutes
- Goal: Verify test coverage, edge cases, invariants

Running in parallel: Launch all 3 simultaneously. They work independently; results synthesize naturally.

Phase 3: Communication & Clarity (Last)

Persona: /pb-sam-documentation - 15-20 minutes
Goal: Verify code and decisions are clearly documented
Outcome: Team can understand and modify code 6 months later
Note: Run after quality reviews; Sam often catches assumptions other personas missed

When Single-Persona Review Suffices

Change Type	Use This Persona	Rationale
Security-critical code	`/pb-linus-agent`	Security assumes no other concerns override safety
Infrastructure change	`/pb-alex-infra`	Infrastructure failures cascade; need resilience depth
Test coverage review	`/pb-jordan-testing`	Testing is isolated; doesn’t require other perspectives
Documentation only	`/pb-sam-documentation`	Documentation doesn’t require code review
Feature planning	`/pb-maya-product`	Product decisions before engineering effort

Resolving Persona Conflicts

If personas disagree, it’s not a bug-it’s a design decision:

Example:

Linus says: “Add input validation (improves security)”
Alex says: “Validation adds 20ms latency in hot path”

Resolution: Not a contradiction. This is a trade-off:

Document via /pb-adr - Architecture Decision Record explaining the trade-off
Measure the impact - Get actual latency data before deciding
Make conscious choice - Choose security+latency, or skip validation+accept risk
Record the trade-off - Future reviewers understand why

Persona disagreements expose real design choices. That’s valuable.

Review Tiers

Choose based on available time and review depth needed.

Quick Review (30 min - 1 hour)

For rapid health check or time-constrained situations.

Run in parallel:

Command	Focus
`/pb-review-code`	Recent changes quality
`/pb-security quick`	Critical security issues
`/pb-review-tests`	Test suite health

Consolidate: Top 3 critical issues, immediate next actions.

Standard Review (2-3 hours)

For monthly reviews or pre-feature-release checks.

Run in parallel (add to Quick Review):

Command	Focus
`/pb-review-hygiene`	Code quality + operational readiness
`/pb-review-docs`	Documentation currency
`/pb-logging`	Logging standards

Consolidate: Prioritized issue list with effort estimates.

Deep Review (Half day)

For major releases, quarterly reviews, or comprehensive audits.

Run in parallel (add to Standard Review):

Command	Focus
`/pb-review-product`	Engineering + product alignment
`/pb-review-microservice`	Architecture (if applicable)
`/pb-security deep`	Full security audit
`/pb-a11y`	Accessibility compliance
`/pb-performance`	Performance review

Consolidate: Full report with executive summary.

Orchestration Process

Step 1: Scope the Review

Before starting, clarify:

- Review tier: Quick / Standard / Deep
- Focus areas: Any specific concerns?
- Scope: Full codebase or changes since [commit/date]?
- Time budget: For review and for fixes?
- Pre-release? If yes, what version?

Step 2: Launch Parallel Reviews

Run the appropriate review commands concurrently:

For Quick Review:
  - Launch /pb-review-code for recent changes
  - Launch /pb-security quick
  - Launch /pb-review-tests

For Standard Review (add):
  - Launch /pb-review-hygiene
  - Launch /pb-review-docs
  - Launch /pb-logging

For Deep Review (add):
  - Launch /pb-review-product
  - Launch /pb-review-microservice (if applicable)
  - Launch /pb-security deep
  - Launch /pb-a11y

Step 3: Consolidate Findings

After all reviews complete, synthesize into unified report:

## Executive Summary

**Overall Health:** [Good / Needs Attention / At Risk]
**Production Readiness:** [Ready / Conditional / Not Ready]

### Top 5 Priorities
1. [Issue] - [Severity] - [Source review]
2. ...

---

## Issue Tracker

| # | Issue | Severity | Source | Location | Effort |
|---|-------|----------|--------|----------|--------|
| 1 | [Issue description] | CRITICAL | Security | [file:line] | S |
| 2 | [Issue description] | HIGH | Code Quality | [file:line] | M |
...

---

## Quick Wins (< 15 min each)
- [ ] [Action item]
- [ ] [Action item]

## Technical Debt (Track for later)
- [ ] [Item with rationale]

## Deferred (Intentionally not addressing)
- [ ] [Item] - Rationale: [why]

Step 4: Create Action Plan

Prioritize findings into:

CRITICAL - Must fix before production/release
HIGH - Should fix soon (this sprint)
MEDIUM - Address when convenient
LOW - Nice to have

Step 5: Track Progress

Create/update review document:

todos/project-review-YYYY-MM-DD.md

Include:

Review tier and duration
Issues found per category
Items completed
Remaining items with status
Commits created for fixes

Specialized Review Commands

Command	Focus	Use When
`/pb-review-code`	PR/code change review	Reviewing specific changes
`/pb-review-hygiene`	Code quality + operational readiness	Periodic maintenance
`/pb-review-tests`	Test suite health	Test coverage concerns
`/pb-review-docs`	Documentation quality	Docs need updating
`/pb-review-product`	Engineering + product alignment	Strategy alignment
`/pb-review-microservice`	Architecture review	Distributed systems
`/pb-security`	Security audit	Security-focused review
`/pb-logging`	Logging standards	Observability concerns
`/pb-a11y`	Accessibility audit	Accessibility compliance
`/pb-performance`	Performance review	Performance concerns
`/pb-review-playbook`	Playbook meta-review	Reviewing playbook commands

Review Cadence Recommendations

Cadence	Tier	Focus
Weekly	Quick	Recent changes, CI health
Monthly	Standard	Hygiene, docs, test coverage
Quarterly	Deep	Full audit, architecture, security
Pre-release	Standard/Deep	Based on release scope
Post-incident	Targeted	Affected areas only

Example Invocation

Conduct a Standard Review of this codebase.

Context:
- Pre-release review for v2.0.0
- Changes since commit abc1234
- Time budget: 2 hours review, 4 hours fixes

Priorities:
1. Security (adding user auth features)
2. Test coverage (new payment module)
3. Documentation (API changes)

Create review document at todos/project-review-2026-01-21.md

Tips for Effective Reviews

Parallelize - Run independent reviews concurrently
Focus scope - Use git diff to limit to changed files
Time-box - Set review duration upfront
Prioritize ruthlessly - Not every finding needs immediate action
Track progress - Use the review document across sessions
Follow up - Schedule remediation session after review

/pb-review-code - Code change review
/pb-review-hygiene - Code quality and operational readiness
/pb-review-tests - Test suite health
/pb-security - Security audit
/pb-cycle - Self-review + peer review iteration

Last Updated: 2026-01-21 Version: 2.0.0

Playbook Command Review

Purpose: Comprehensive multi-perspective review of playbook commands to ensure correct intent, quality implementation, and ecosystem coherence.

When to Use: Periodically (monthly), after adding multiple commands, or before major releases.

Mindset: Apply /pb-preamble thinking (challenge assumptions, surface flaws) and /pb-design-rules principles to the playbook itself. The playbook should exemplify what it preaches.

Resource Hint: opus - meta-review of playbook commands requires nuanced evaluation of intent, design alignment, and ecosystem coherence

When to Use

After adding multiple new commands to the playbook
Before major playbook releases
Monthly playbook health check
When commands feel overlapping or inconsistent

Review Perspectives

Launch the following review perspectives. For large command sets, batch by category.

1. Intent Clarity

Does the command name match what it does?

Name follows pb-<action> or pb-<category>-<target> pattern
Purpose statement is clear in first 10 seconds of reading
“What” and “Why” are immediately obvious
No misleading names (e.g., “review” that doesn’t review, “deploy” that only documents)
Verb choice matches action (reference vs execute vs orchestrate)

Red flags: Vague names, purpose buried in content, name/content mismatch.

2. Actionability

Is this an executable prompt or just reference material?

Can be invoked and produces useful output
Has clear phases/steps that guide execution
Includes concrete actions, not just principles
Distinguishes between “do this” vs “read this for context”

Classification:

Executor - Runs a workflow (pb-deployment, pb-commit)
Orchestrator - Coordinates other commands (pb-release, pb-ship)
Guide - Provides framework/philosophy (pb-guide, pb-preamble)
Reference - Pattern library, checklists (pb-patterns-*, pb-templates)
Review - Evaluates against criteria (pb-review-*, pb-security)

Red flag: Command claims to “do” something but only provides reading material.

3. Design Rules Alignment

Does the command honor what we preach?

Rule	Check
Clarity	Is the command obviously correct? No ambiguity?
Simplicity	Minimal complexity for the task? No bloat?
Modularity	Single responsibility? Clean boundaries?
Robustness	Handles edge cases? Fails gracefully?
Separation	Policy (what) separate from mechanism (how)?

Red flag: 1000+ line reference doc masquerading as actionable command.

4. Preamble Alignment

Does the command enable the collaboration philosophy?

Encourages challenge and dissent, not compliance
Frames work as peer-to-peer, not hierarchical
Surfaces trade-offs explicitly
Invites critique of its own recommendations
Treats failures as learning, not blame

Red flag: Command that prescribes “the one right way” without alternatives.

5. Overlap Analysis

Is there redundancy or blurred responsibilities?

No significant content duplication with other commands
Clear boundary with related commands
Complementary, not competing, with similar commands
If overlap exists, one should reference the other (not duplicate)

Check matrix: Compare against commands in same category and related categories.

Red flag: Two commands that could be merged, or one that should be split.

6. Cross-reference Accuracy

Do links work and make sense?

All /pb-* references point to existing commands
Related commands are linked (not orphaned)
References are bidirectional where appropriate
No circular dependencies that confuse users

Validation: grep -r "/pb-" commands/ | extract unique refs | verify each exists

7. Structure Consistency

Does it follow playbook patterns?

Title is # Command Name (not description)
Has Purpose/When to Use at top
Uses --- dividers between major sections
Headings follow hierarchy (H2 for sections, H3 for subsections)
Tone is professional, concise, no fluff
No emojis (unless explicitly part of output format)
Examples are practical and runnable
Ends with Related Commands section

8. Completeness

Does it adequately cover the topic?

Core use case fully addressed
Common variations/options covered
Edge cases acknowledged
Examples for non-obvious scenarios
No “TODO” or placeholder sections

Red flag: Command that stops halfway through a workflow.

9. User Journey Fit

Does it integrate into workflows naturally?

Listed in /docs/command-index.md
Appears in /docs/decision-guide.md where relevant
Workflow placement is logical (when would user invoke this?)
Entry points are clear (how do users discover this?)
Exit points connect to next logical command

10. DRY Compliance

Is content duplicated unnecessarily?

Checklists not copy-pasted across commands
Shared concepts reference canonical source
If same content in 2+ places, extract to one and reference
Templates are in pb-templates, not scattered

Quick Review Mode

For reviewing a small number of changed commands (after adding 1-3 commands or making targeted edits), use this abbreviated flow instead of the full review process.

Scope

# Find commands changed since last tag
git diff $(git describe --tags --abbrev=0)..HEAD --name-only -- commands/

Abbreviated Perspectives (4 of 10)

Apply these four perspectives to each changed command:

Intent Clarity - Name matches action? Purpose obvious in 10 seconds?
Structure Consistency - Follows heading/section patterns?
Cross-reference Accuracy - All /pb-* refs valid? Bidirectional links?
Completeness - Core use case covered? No TODOs?

Escalation to Full Review

Escalate to the full review process if:

More than 5 commands changed
New category added or existing category restructured
Cross-category dependencies modified
Preparing for a major release

Review Process

Phase 1: Automated Checks

Resource: Delegate to haiku via Task tool - mechanical checks.

# Count commands
find commands -name "*.md" | wc -l

# Find all cross-references
grep -roh "/pb-[a-z-]*" commands/ | sort | uniq -c | sort -rn

# Find potential duplicates (similar content)
# Manual review required for semantic similarity

# Check for orphaned commands (not in index)
diff <(find commands -name "pb-*.md" -exec basename {} .md \; | sort) \
     <(grep -oh "pb-[a-z-]*" docs/command-index.md | sort | uniq)

Phase 2: Category-by-Category Review

Resource: Use opus - nuanced evaluation of intent, quality, design alignment.

Review commands by category, applying all 10 perspectives:

# Get current counts per category
for dir in commands/*/; do
  category=$(basename "$dir")
  count=$(find "$dir" -name "*.md" | wc -l | tr -d ' ')
  echo "$count $category"
done

Core - Foundation, philosophy, meta-playbook commands
Planning - Architecture, patterns, decisions
Development - Daily workflow commands
Deployment - Release, operations, infrastructure
Reviews - Quality gates, audits
Repo - Repository management
People - Team operations
Templates - Context generators, Claude Code configuration
Utilities - System maintenance

Phase 3: Cross-Category Analysis

Resource: Use opus in main context - cross-cutting pattern recognition.

After individual review:

Identify commands that should be merged
Identify commands that should be split
Identify missing commands (gaps in workflows)
Verify workflow continuity (can user flow through without dead ends?)

Self-improvement trigger: After review, record systemic patterns in auto-memory. If a gap appears in 3+ commands, propose a playbook update rather than noting the same issue repeatedly.

Output Format

Per-Command Assessment

## pb-command-name

**Category:** [category]
**Classification:** Executor | Orchestrator | Guide | Reference | Review

### Verdict: [PASS | NEEDS WORK | RESTRUCTURE | DEPRECATE]

### Scores (1-5)
| Perspective | Score | Notes |
|-------------|-------|-------|
| Intent Clarity | X | |
| Actionability | X | |
| Design Rules | X | |
| Preamble | X | |
| Overlap | X | |
| Cross-refs | X | |
| Structure | X | |
| Completeness | X | |
| Journey Fit | X | |
| DRY | X | |

### Issues Found
- [CRITICAL] ...
- [HIGH] ...
- [MEDIUM] ...
- [LOW] ...

### Recommendations
1. ...
2. ...

Consolidated Report

# Playbook Review: [Date]

## Executive Summary
- Commands reviewed: X
- Pass: X | Needs Work: X | Restructure: X | Deprecate: X
- Overall health: [A-F]

## Critical Issues (address immediately)
| # | Command | Issue | Recommendation |
|---|---------|-------|----------------|

## Structural Changes Needed
| Action | Commands | Rationale |
|--------|----------|-----------|
| Merge | pb-a + pb-b | Overlapping responsibility |
| Split | pb-c | Two concerns in one |
| Rename | pb-d → pb-e | Name doesn't match intent |
| Create | pb-new | Gap in workflow |

## Quick Wins
- [ ] Fix in <15 min...

## Backlog Items
- [ ] Larger refactoring...

## Category Health
| Category | Commands | Avg Score | Top Issue |
|----------|----------|-----------|-----------|

Review Tracking

Create review document at todos/playbook-review-YYYY-MM-DD.md:

Session progress
Commands reviewed
Issues found
Actions taken
Remaining work

/pb-new-playbook - Create new playbooks (classification, scaffold, validation)
/pb-claude-orchestration - Model delegation guidance for review phases
/pb-review-docs - Documentation quality review
/pb-standards - Quality standards the playbook should meet
/pb-design-rules - Principles commands should embody

Security Review & Checklist

Comprehensive security guidance for code review, design assessment, and pre-release validation. Use the checklist appropriate to your context: quick review, standard audit, or deep dive.

Mindset: Security review embodies /pb-preamble thinking (find what was missed, challenge safety assumptions) and /pb-design-rules thinking (especially Robustness and Transparency: systems should fail safely and be observable).

Your job is to surface risks and vulnerabilities. Reviewers should ask hard questions. Authors should welcome this scrutiny.

Resource Hint: opus - security review demands thorough analysis of attack surfaces, threat models, and vulnerability patterns

When to Use This Command

Code review - Checking PRs for security issues
Pre-release - Security validation before shipping
Security audit - Periodic comprehensive review
New authentication/authorization - Changes to access control
Handling sensitive data - PII, payments, credentials

Overview

Security is not an afterthought. Integrate these checks into:

Code review - Before merging to main
Design phase - Architecture decisions
Pre-release - Before shipping to production

Choose the checklist that fits your context:

Quick Checklist - 5-10 minutes, S tier changes
Standard Checklist - 20 minutes, M tier changes
Deep Dive - 1+ hour, L tier changes, security-critical features

Quick Security Checklist (5 minutes)

Use for small changes, bug fixes, single-file updates.

Input & Validation

All user inputs validated (never trust user input)
No SQL injection (use parameterized queries)
No XSS (output encoded, Content-Security-Policy set)
No command injection (no shell eval, use APIs instead)

Secrets & Configuration

No secrets in code (no hardcoded passwords, API keys, tokens)
Secrets in environment variables or secrets manager
No secrets in git history (use git-secrets or similar)

Authentication & Authorization

Authentication required for protected endpoints
Authorization checks present (not just auth, but correct permissions)
Session/token management secure

LLM Output Trust

LLM-generated SQL, auth logic, or security decisions validated before use
LLM output in data mutations treated as untrusted input at trust boundaries
No LLM-generated content in dynamic code execution or shell commands
LLM-generated configuration validated against allowlists

Dependency Security

No new dependencies with known vulnerabilities
Dependencies from trusted sources (not random npm packages)

Logging

No sensitive data logged (no PII, passwords, tokens)
Error messages don’t leak information

Standard Security Checklist (20 minutes)

Use for feature development, API changes, multi-file changes.

Input Validation & Data Processing

All user inputs validated and sanitized
Input size limits enforced (prevent buffer overflow, DoS)
File uploads restricted: extension allowlist, magic byte verification, content validation, size limits per type
File upload bypasses considered: double extensions (shell.jpg.php), null bytes, MIME spoofing, polyglot files, SVG with JS, XXE via DOCX/XLSX, ZIP slip (../ in archive paths)
Uploaded files renamed (UUID), stored outside webroot, served with Content-Disposition: attachment and X-Content-Type-Options: nosniff
Data type validation (not just format, but values)
Null/empty input handling
SQL injection prevention (parameterized queries, ORMs)
SQL edge cases: ORDER BY and table/column names cannot be parameterized - use allowlist
NoSQL injection prevention (use proper query builders)
Command injection prevention (no shell execution)
Path traversal prevention (canonicalize path, validate against base directory, reject .. and absolute paths)
Deserialization safety (validate JSON/XML structure)
XXE prevention: disable DTD processing, external entity resolution, and XInclude in all XML parsers

Output Encoding & XSS Prevention

HTML output properly encoded
JavaScript output properly escaped
URL parameters encoded
CSS escaping where needed
Content-Security-Policy headers configured
No innerHTML with user input (use textContent or sanitize)
Indirect input sources sanitized (URL fragments, WebSocket messages, postMessage, localStorage/sessionStorage values rendered in DOM)
Often-overlooked vectors checked (error messages reflecting input, PDF/email generators with user data, SVG uploads, markdown rendering allowing HTML, admin log viewers)

CSRF Prevention

All state-changing endpoints protected (POST, PUT, PATCH, DELETE)
CSRF tokens cryptographically random and tied to user session
Missing token = rejected request (never skip validation when token is absent)
SameSite cookie attribute set (Strict or Lax)
Session cookies use Secure and HttpOnly flags
JSON APIs also protected (Content-Type header alone does not prevent CSRF; validate Origin/Referer AND use tokens)
Pre-auth endpoints covered (login, signup, password reset)
Note: APIs using Authorization header with bearer tokens (not cookies) are inherently CSRF-immune - the browser does not attach the header automatically. CSRF tokens are unnecessary in this case.

Open Redirect Prevention

Redirect URLs validated against allowlist of trusted domains
Or: only relative paths accepted (starts with /, no //)
Common bypasses blocked: @ symbol (https://legit.com@evil.com), protocol-relative (//evil.com), javascript: protocol, double URL encoding, backslash normalization
For sensitive redirects: consider blocking non-ASCII domains (IDN homograph attacks)

Authentication

Authentication mechanism appropriate (basic auth not over HTTP, etc.)
Passwords never logged or stored in plain text
Password requirements reasonable (length, complexity)
Failed login attempts rate-limited
Multi-factor authentication available for sensitive operations
Session timeout configured (15-30 min recommended)
Session tokens invalidated on logout
Token/session storage secure (secure HttpOnly cookies preferred)
JWT-specific: algorithm validated server-side (alg: none rejected), secret/key appropriate for algorithm (HMAC vs RSA), tokens not stored in localStorage for web apps

Authorization & Access Control

Authorization checks at correct layer (server-side, not client)
Principle of least privilege (minimum required permissions)
All restricted endpoints protected
Cross-tenant data isolation (if multi-tenant)
Admin functions only accessible to admins
API endpoints check user ownership before returning data (IDOR: verify requesting user has access to the specific resource ID)
Mass assignment prevented: filter writable fields per operation, don’t bind request body directly to models
API responses don’t expose internal model attributes (workflow states, processing flags, internal scores, admin metadata)
Data layer models not serialized directly to API responses (use explicit response shapes)

Secrets Management

No hardcoded secrets (API keys, tokens, passwords)
Secrets stored in secure location (AWS Secrets Manager, HashiCorp Vault, etc.)
Secrets rotated regularly
Service-to-service authentication uses temporary credentials
Database credentials use principle of least privilege
API keys scoped to minimum required permissions

Cryptography

Sensitive data encrypted in transit (HTTPS/TLS)
Sensitive data encrypted at rest (database encryption, file encryption)
Use strong algorithms (AES-256, SHA-256 minimum)
No custom cryptography (use established libraries)
Random values use cryptographically secure random (not Math.random())

Error Handling

Error messages don’t leak sensitive information
Stack traces not exposed to users
Generic error message to user (“An error occurred”) with code for logging
Logging includes full error details for debugging
Don’t reveal information about the system (versions, paths, etc.)

Logging & Monitoring

No PII logged (names, emails, passwords, credit cards, etc.)
Authentication/authorization events logged
Failed login attempts logged and alerted
Data access logged (who accessed what data)
API key/token usage logged
Suspicious activities logged (unusual patterns, rapid requests, etc.)

Dependencies

No known vulnerabilities in dependencies (npm audit, safety check)
Dependencies from trusted sources
Dependency versions locked (lock file committed)
Dependency update process regular and tested
Unused dependencies removed

API Security

HTTPS enforced (no HTTP)
CORS configured correctly (not * for sensitive APIs)
Rate limiting enforced
API versioning (clear deprecation path)
Request size limits
Timeout limits on API calls
API authentication (OAuth2, JWT, or API keys)

Deep Dive Security Review (1+ hour)

Use for security-critical features, payment processing, authentication systems, data handling.

Threat Modeling

Threat model created (STRIDE, PASTA, or similar)
High-risk data flows identified
Attack surfaces enumerated
Mitigation strategies documented

Advanced Input Validation

Unicode handling correct (no bypass with special characters)
Regex validation doesn’t have ReDoS (Regular Expression Denial of Service) vulnerability
Input length limits enforce min/max (not just max)
Whitelist validation where possible (only allow known good input)
Special characters handled correctly
Format validation (email, phone, dates) uses libraries, not custom regex
Batch input size limits (prevent bulk operations DoS)

Advanced Authentication

Password hashing uses strong algorithm (bcrypt, argon2, scrypt)
Password salt used and unique per user
Account lockout after failed attempts
Password reset flow secure (token expiration, one-time use)
Email verification before account activation
Session fixation prevention
Brute force protection
CAPTCHA or similar for login forms (if public)
Consider passwordless auth (passkeys, magic links) for UX improvement

Advanced Authorization

Role-based access control (RBAC) or attribute-based (ABAC)
Permission model documented
Admin actions require additional verification
Sensitive operations (delete, transfer, etc.) require confirmation
Delegation of permissions possible and auditable
Temporary elevated privileges possible (not permanent admin accounts)

Security-Relevant Race Conditions

Financial/transactional operations are atomic (double-spend, double-enrollment, coupon reuse)
Check-then-act sequences use proper locking or database constraints (TOCTOU)
Rate limiting checks are atomic (not vulnerable to race between check and increment)

LLM Output Trust (Deep Dive)

All LLM-generated code paths reviewed as if written by an untrusted contributor
LLM-generated SQL validated against schema and parameterized (never concatenated)
Auth/authz logic generated by LLMs tested with adversarial inputs (privilege escalation, bypass attempts)
LLM-generated API responses validated against explicit response shapes before returning to clients
Audit trail exists for LLM-generated code that touches security-critical paths
Team has clear policy: which LLM outputs require human review before deployment?

Data Protection

PII identification complete (name, email, phone, SSN, IP, etc.)
PII storage justified (do we actually need to store this?)
PII encrypted in database
PII encrypted in transit
Data retention policy defined
Data deletion process defined (not just flag as deleted)
Database backups encrypted
Backup restoration tested and documented
Cross-tenant data isolation verified

Advanced Cryptography

Key management process documented
Key rotation schedule established
Key derivation uses proper KDF (not custom)
Encryption authenticated (not just encrypted, use AEAD)
IV/nonce handling correct (random, not reused)
TLS version recent (1.2 or 1.3, not 1.0 or 1.1)
Cipher suites strong (no weak algorithms)
Certificate pinning considered for mobile apps

Advanced API Security

OAuth2/OIDC implementation correct (not homemade auth)
CSRF prevention verified per Standard Checklist above
Security headers configured (see Security Headers section below)
API rate limiting per user and IP
API request timeout configured

Security Headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Security-Policy configured (avoid unsafe-inline and unsafe-eval for scripts)
X-Content-Type-Options: nosniff
X-Frame-Options: DENY (or CSP frame-ancestors 'none')
Referrer-Policy: strict-origin-when-cross-origin
Cache-Control: no-store on sensitive pages

Infrastructure Security

Network isolation (not all services accessible from everywhere)
Firewall rules minimal (default deny)
Database not directly accessible from internet
Secrets not in environment (consider Secrets Manager)
Container image scanning for vulnerabilities
Container running as non-root
Secret scanning in CI/CD pipeline

Incident Response

Logging sufficient for investigation
Alerting on suspicious activities
Incident response plan documented
Communication plan for security incidents
Forensics capability (log retention, audit trail)

OWASP Top 10 (Application Security)

Broken Access Control - Verified authorization checks
Cryptographic Failures - Verified encryption and key management
Injection - Verified input validation and parameterized queries
Insecure Design - Threat modeling done, secure defaults
Security Misconfiguration - Production config reviewed, defaults changed
Vulnerable Components - Dependencies checked for vulnerabilities
Authentication Failures - Authentication mechanism secure
Software & Data Integrity - Dependencies from trusted sources, no tampering
Logging & Monitoring Failures - Logging sufficient and alerting configured
SSRF - Internal service discovery protected, not accessible from untrusted sources

Language-Specific Guidance

JavaScript/Node.js

Common vulnerabilities:

eval(), Function() constructor - NEVER use with user input
innerHTML with user input → Use DOMPurify or textContent
Prototype pollution - Validate object keys
Regex DoS - Use safe-regex or library validation

Best practices:

// [NO] DANGEROUS
const result = eval(userInput);
element.innerHTML = userInput;
const obj = JSON.parse(userInput); // Trust JSON.parse, not the input

// [YES] SAFE
// Use libraries for evaluation
const safe = DOMPurify.sanitize(userInput);
element.textContent = userInput;  // Text is safe
const obj = JSON.parse(userInput); // Safe to parse
// Validate object keys
if (!allowedKeys.includes(key)) throw new Error('Invalid key');

XXE: If parsing XML, use libraries that disable DTD by default. With libxmljs: { noent: false, dtdload: false }.

Recommended packages:

helmet - Security headers middleware
express-rate-limit - Rate limiting
bcryptjs - Password hashing
jsonwebtoken - JWT handling
dompurify - HTML sanitization

Python

Common vulnerabilities:

pickle.loads(userInput) → Use JSON instead
SQL string formatting - Use parameterized queries (SQLAlchemy)
exec(), eval() with user input - NEVER
File path concatenation → Use pathlib, not string concat

Best practices:

# [NO] DANGEROUS
user_data = pickle.loads(request.data)  # Arbitrary code execution
query = f"SELECT * FROM users WHERE id = {user_id}"  # SQL injection
exec(user_input)  # Arbitrary code execution

# [YES] SAFE
user_data = json.loads(request.data)  # Safe parsing
query = db.session.query(User).filter_by(id=user_id)  # SQLAlchemy ORM
# Execute only trusted code, not user input

XXE: Use defusedxml instead of stdlib xml.etree. With lxml: etree.XMLParser(resolve_entities=False, no_network=True).

Recommended packages:

flask - Web framework with security features
sqlalchemy - ORM with parameterized queries
cryptography - Encryption library
bcrypt - Password hashing
pydantic - Input validation and serialization
defusedxml - Safe XML parsing

Go

Common vulnerabilities:

sql.Query with string concatenation → Use parameterized queries
exec.Command with user input → Use array args, not shell
Insecure deserialization → Validate before unmarshaling

Best practices:

// [NO] DANGEROUS
query := fmt.Sprintf("SELECT * FROM users WHERE id = %d", userID)
cmd := exec.Command("sh", "-c", userInput)  // Shell injection
json.Unmarshal(data, &obj)  // No validation

// [YES] SAFE
db.QueryRow("SELECT * FROM users WHERE id = ?", userID)
cmd := exec.Command("program", args...)  // No shell
// Validate before unmarshaling
json.Unmarshal(data, &obj)
validator.Validate(obj)

XXE: Go’s encoding/xml is safe by default (no external entity resolution). Verify third-party XML parsers disable DTD processing.

Recommended packages:

database/sql - Parameterized queries
net/http - Standard library routing (Go 1.22+ supports path parameters)
go-chi/chi - Lightweight router (actively maintained)
golang-jwt/jwt - JWT handling
golang.org/x/crypto - Cryptography
github.com/asaskevich/govalidator - Input validation

Common Vulnerability Examples

Example 1: SQL Injection

# [NO] VULNERABLE
user_id = request.args.get('id')
query = f"SELECT * FROM users WHERE id = {user_id}"
results = db.execute(query)

# Attacker can pass: id=1 OR 1=1 (returns all users)

# [YES] SAFE
user_id = request.args.get('id')
results = db.execute("SELECT * FROM users WHERE id = ?", (user_id,))

# Or with ORM
results = User.query.filter_by(id=user_id).all()

Example 2: XSS (Cross-Site Scripting)

// [NO] VULNERABLE
const comment = getUserComment();
document.getElementById('comments').innerHTML = comment;
// If comment = "<img src=x onerror='alert(\"hacked\")'>"
// The script will execute

// [YES] SAFE
document.getElementById('comments').textContent = comment;
// Or sanitize
const clean = DOMPurify.sanitize(comment);
document.getElementById('comments').innerHTML = clean;

Example 3: Hardcoded Secrets

# [NO] VULNERABLE
API_KEY = "sk_live_abc123def456"  # In code, in git history

# [YES] SAFE
import os
API_KEY = os.environ.get('API_KEY')

# Or with secrets manager
import boto3
secrets = boto3.client('secretsmanager')
response = secrets.get_secret_value(SecretId='api-key')
API_KEY = response['SecretString']

Example 4: Weak Password Hashing

# [NO] VULNERABLE
import hashlib
password_hash = hashlib.sha256(password.encode()).hexdigest()

# [YES] SAFE
import bcrypt
password_hash = bcrypt.hashpw(password.encode(), bcrypt.gensalt())
# Verification
bcrypt.checkpw(password.encode(), password_hash)

Example 5: Command Injection

# [NO] VULNERABLE (Shell Injection)
filename = request.args.get('file')
os.system(f"cat {filename}")  # If filename = "file.txt; rm -rf /", disaster

# [YES] SAFE (No Shell Expansion)
import subprocess
filename = request.args.get('file')
result = subprocess.run(['cat', filename], capture_output=True)
# Args as list, no shell expansion

Why: Shell expands special characters (|, ;, $(), etc.). Always use APIs that don’t invoke shell.

Example 6: Server-Side Request Forgery (SSRF)

# [NO] VULNERABLE (No URL validation)
import requests
user_url = request.args.get('url')
data = requests.get(user_url).text  # Could fetch internal services
# Attacker passes: http://internal-api:8080/admin or http://localhost:6379

# [YES] SAFE (Allowlist + DNS validation)
import requests
import ipaddress
import socket
from urllib.parse import urlparse

user_url = request.args.get('url')
parsed = urlparse(user_url)

# Step 1: Scheme must be http/https
if parsed.scheme not in ('http', 'https'):
    raise ValueError("Invalid scheme")

# Step 2: Allowlist safe domains
ALLOWED_DOMAINS = ['example.com', 'api.example.com']
if parsed.hostname not in ALLOWED_DOMAINS:
    raise ValueError("Domain not allowed")

# Step 3: Resolve DNS and validate IP is not private
resolved_ip = socket.getaddrinfo(parsed.hostname, None)[0][4][0]
ip = ipaddress.ip_address(resolved_ip)
if ip.is_private or ip.is_loopback or ip.is_link_local:
    raise ValueError("Private/internal IPs not allowed")

# Step 4: Request using resolved IP (pin it, don't re-resolve)
data = requests.get(user_url, timeout=5).text

Why: Without validation, attacker can access internal services, cloud metadata APIs (AWS, GCP credentials), or local services.

Common SSRF bypasses to block:

Bypass	Example
Decimal/octal/hex IP	`http://2130706433`, `http://0177.0.0.1`, `http://0x7f.0.0.1`
IPv6 localhost	`http://[::1]`, `http://[::ffff:127.0.0.1]`
Shortened IP	`http://127.1`
DNS rebinding	Attacker DNS returns internal IP on second resolution
Redirect chains	External URL 302s to internal address

Always: resolve DNS before requesting, validate resolved IP is not private, pin resolved IP (don’t re-resolve), block cloud metadata IPs (169.254.169.254) explicitly.

Example 7: Unsafe Deserialization

# [NO] VULNERABLE (Arbitrary code execution)
import pickle
user_data = pickle.loads(request.data)  # pickle can execute code during deserialization

# [NO] ALSO VULNERABLE (eval)
config_str = request.args.get('config')
config = eval(config_str)  # Arbitrary code execution

# [YES] SAFE (Use JSON only)
import json
user_data = json.loads(request.data)  # Safe parsing, no code execution

Why: pickle and eval can execute arbitrary code. JSON is data-only format, safe to deserialize untrusted input.

Example 8: XXE (XML External Entity)

<!-- Malicious XML payload -->
<?xml version="1.0"?>
<!DOCTYPE foo [
  <!ENTITY xxe SYSTEM "file:///etc/passwd">
]>
<data>&xxe;</data>

Prevention by language:

# Python - use defusedxml
from defusedxml import ElementTree
tree = ElementTree.parse(xml_file)  # Safe: external entities disabled

# Or with lxml
from lxml import etree
parser = etree.XMLParser(resolve_entities=False, no_network=True)

// Node.js - disable DTD in your XML library
// If using libxmljs: { noent: false, dtdload: false }
// Prefer libraries that disable DTD by default

// Go - xml.Decoder is safe by default (no external entity resolution)
// If using third-party parsers, verify DTD processing is disabled

Why: XML parsers that resolve external entities can read local files, make network requests, or cause DoS. Disable DTD processing entirely when possible.

Example 9: Open Redirect

# [NO] VULNERABLE (no validation)
redirect_url = request.args.get('next')
return redirect(redirect_url)
# Attacker: ?next=https://evil.com (phishing via your domain)

# [YES] SAFE (allowlist)
from urllib.parse import urlparse

redirect_url = request.args.get('next', '/')
parsed = urlparse(redirect_url)

# Only allow relative paths
if parsed.netloc or parsed.scheme:
    redirect_url = '/'  # Fall back to safe default

return redirect(redirect_url)

Why: Open redirects enable phishing (victim trusts your domain in the URL) and can chain with SSRF or OAuth token theft.

Compliance Framework Guidance

If you need to meet security compliance frameworks, here’s what maps to this guide:

PCI-DSS (Payment Card Data)

Focus on: Secrets management, encryption in transit/at rest, access control Relevant sections: Cryptography, Secrets Management, Authorization & Access Control, API Security Additional: Audit logging, data retention policies

HIPAA (Healthcare Data)

Focus on: Encryption, access logs, data minimization Relevant sections: Data Protection, Cryptography, Logging & Monitoring, Secrets Management Additional: Audit controls, breach notification procedures

SOC 2 (Service Organization Control)

Focus on: Security controls, access management, incident response Relevant sections: All checklist sections apply Additional: Evidence collection (audit logs, access reviews), incident response testing

Focus on: Consent, data minimization, user rights Relevant sections: Data Protection, Input Validation, Error Handling Additional: Privacy by design, user data export/deletion

Action: Use checklists above. For compliance frameworks, consult your legal/security team and audit frameworks for specific requirements.

Resources

OWASP Top 10 - https://owasp.org/www-project-top-ten/
CWE Top 25 - https://cwe.mitre.org/top25/
NIST Cybersecurity Framework - https://www.nist.gov/cyberframework/
Snyk Vulnerability Database - https://snyk.io/vuln/
PortSwigger Web Security Academy - https://portswigger.net/web-security/

Integration with Playbook

Part of review workflow:

/pb-cycle Step 1 - Self-review security checklist
/pb-review-hygiene - Security section in code review
/pb-guide §4.5 - Security design during planning
/pb-release - Pre-release security checklist

/pb-review - Comprehensive multi-perspective review orchestrator
/pb-review-hygiene - Code quality including security
/pb-hardening - Infrastructure security (servers, containers, networks)
/pb-secrets - Secrets management lifecycle
/pb-patterns-security - Security patterns for microservices

Created: 2026-01-11 | Category: Reviews | Last updated: 2026-02-03

Accessibility Deep-Dive

Comprehensive accessibility guidance for web applications. Semantic HTML first, ARIA as enhancement, keyboard-first interaction model.

Accessibility is not optional. It’s not a feature. It’s not “nice to have.” It’s a requirement for professional software.

Mindset: Use /pb-preamble thinking to challenge “works for me” assumptions. Use /pb-design-rules thinking - especially Clarity (is the interface obvious to ALL users?), Robustness (does it work with assistive technology?), and Repair (fail accessibly when things break).

Resource Hint: sonnet - accessibility audit follows structured WCAG checklists and component patterns

When to Use

Building new UI components or pages
Pre-release accessibility compliance check
After receiving accessibility-related bug reports or user feedback
Periodic audit of existing web application

Philosophy

Semantic HTML First

ARIA is a repair tool, not a feature. If you need ARIA, ask first: “Can I use semantic HTML instead?”

<!-- [NO] div with ARIA (repairing bad markup) -->
<div role="button" tabindex="0" aria-pressed="false" onclick="toggle()">
  Toggle
</div>

<!-- [YES] Semantic HTML (needs no repair) -->
<button type="button" aria-pressed="false" onclick="toggle()">
  Toggle
</button>

The first rule of ARIA: Don’t use ARIA if you can use semantic HTML.

The second rule of ARIA: If you must use ARIA, use it correctly.

Keyboard-First Interaction

Every interaction must work without a mouse:

Tab navigates between focusable elements
Enter/Space activates buttons and links
Arrow keys navigate within widgets (tabs, menus, sliders)
Escape closes modals and dismisses overlays
Focus is always visible

If an interaction only works on hover or click, it’s broken.

Progressive Enhancement

Build the accessible version first, then enhance:

<!-- Base: Works without JavaScript -->
<a href="/products">View Products</a>

<!-- Enhanced: Better UX with JavaScript -->
<a href="/products" onclick="openModal(event)">View Products</a>

If JavaScript fails, the link still works.

Semantic Structure

Document Landmarks

Use HTML5 landmarks for page structure:

<body>
  <header role="banner">
    <!-- Site header, logo, primary nav -->
  </header>

  <nav role="navigation" aria-label="Main">
    <!-- Primary navigation -->
  </nav>

  <main role="main">
    <!-- Primary content -->
  </main>

  <aside role="complementary">
    <!-- Related content, sidebar -->
  </aside>

  <footer role="contentinfo">
    <!-- Site footer -->
  </footer>
</body>

Note: Modern browsers understand <header>, <main>, etc. The role attributes are for older assistive technology.

Heading Hierarchy

Headings create an outline. Don’t skip levels.

<!-- [NO] Skipped levels, style-driven -->
<h1>Page Title</h1>
<h4>Section Title</h4>  <!-- Skipped h2, h3 -->
<h2>Another Section</h2>

<!-- [YES] Logical hierarchy -->
<h1>Page Title</h1>
<h2>Section Title</h2>
<h3>Subsection</h3>
<h2>Another Section</h2>

Use CSS for styling, headings for structure.

Lists

Use lists for groups of related items:

<!-- Navigation is a list of links -->
<nav aria-label="Main">
  <ul>
    <li><a href="/">Home</a></li>
    <li><a href="/products">Products</a></li>
    <li><a href="/about">About</a></li>
  </ul>
</nav>

<!-- Steps are an ordered list -->
<ol>
  <li>Add items to cart</li>
  <li>Enter shipping address</li>
  <li>Complete payment</li>
</ol>

Screen readers announce “list of 3 items” - helpful context.

Tables

Use tables for tabular data, not layout:

<table>
  <caption>Monthly Sales Report</caption>
  <thead>
    <tr>
      <th scope="col">Month</th>
      <th scope="col">Revenue</th>
      <th scope="col">Growth</th>
    </tr>
  </thead>
  <tbody>
    <tr>
      <th scope="row">January</th>
      <td>$10,000</td>
      <td>+5%</td>
    </tr>
  </tbody>
</table>

<caption> describes the table
scope="col" and scope="row" associate headers with cells

Interactive Elements

Buttons vs Links

Links navigate to a new location:

<!-- Goes somewhere -->
<a href="/products">View Products</a>
<a href="#section">Jump to Section</a>

Buttons perform an action:

<!-- Does something -->
<button type="button" onclick="openModal()">Open Modal</button>
<button type="submit">Submit Form</button>

<!-- [NO] Link that acts like a button -->
<a href="#" onclick="doSomething(); return false;">Do Something</a>

<!-- [YES] Button for actions -->
<button type="button" onclick="doSomething()">Do Something</button>

Form Controls

Proper form markup:

<form>
  <!-- Text input with visible label -->
  <div>
    <label for="email">Email address</label>
    <input
      type="email"
      id="email"
      name="email"
      required
      aria-describedby="email-hint email-error"
    />
    <p id="email-hint">We'll never share your email.</p>
    <p id="email-error" role="alert" hidden>Please enter a valid email.</p>
  </div>

  <!-- Checkbox -->
  <div>
    <input type="checkbox" id="terms" name="terms" required />
    <label for="terms">I agree to the terms and conditions</label>
  </div>

  <!-- Radio group -->
  <fieldset>
    <legend>Preferred contact method</legend>
    <div>
      <input type="radio" id="contact-email" name="contact" value="email" />
      <label for="contact-email">Email</label>
    </div>
    <div>
      <input type="radio" id="contact-phone" name="contact" value="phone" />
      <label for="contact-phone">Phone</label>
    </div>
  </fieldset>

  <button type="submit">Subscribe</button>
</form>

Key patterns:

Every input has a <label> with matching for/id
Related inputs grouped in <fieldset> with <legend>
Error messages linked via aria-describedby
Errors announced via role="alert"

Custom Widgets

When semantic HTML isn’t enough, build accessible widgets:

Tabs:

<div class="tabs">
  <div role="tablist" aria-label="Product information">
    <button
      role="tab"
      id="tab-1"
      aria-selected="true"
      aria-controls="panel-1"
    >
      Description
    </button>
    <button
      role="tab"
      id="tab-2"
      aria-selected="false"
      aria-controls="panel-2"
      tabindex="-1"
    >
      Reviews
    </button>
  </div>

  <div
    role="tabpanel"
    id="panel-1"
    aria-labelledby="tab-1"
  >
    <!-- Description content -->
  </div>

  <div
    role="tabpanel"
    id="panel-2"
    aria-labelledby="tab-2"
    hidden
  >
    <!-- Reviews content -->
  </div>
</div>

Keyboard behavior:

Tab to tablist, then arrow keys between tabs
Selected tab has tabindex="0", others have tabindex="-1"
Enter/Space activates tab

Modal Dialog:

<div
  role="dialog"
  aria-modal="true"
  aria-labelledby="modal-title"
  aria-describedby="modal-desc"
>
  <h2 id="modal-title">Confirm Delete</h2>
  <p id="modal-desc">Are you sure you want to delete this item?</p>

  <div>
    <button type="button" onclick="closeModal()">Cancel</button>
    <button type="button" onclick="confirmDelete()">Delete</button>
  </div>
</div>

Requirements:

Focus trapped inside modal while open
Escape closes modal
Focus returns to trigger element on close
Background content has aria-hidden="true" and inert

Focus Management

Focus Order

Focus order should follow visual order (usually left-to-right, top-to-bottom in LTR languages).

<!-- [NO] tabindex messing with order -->
<button tabindex="3">Third</button>
<button tabindex="1">First</button>
<button tabindex="2">Second</button>

<!-- [YES] Natural DOM order -->
<button>First</button>
<button>Second</button>
<button>Third</button>

Only use tabindex:

tabindex="0" - Add to focus order (for custom focusable elements)
tabindex="-1" - Remove from focus order (but focusable via JavaScript)

Never use tabindex > 0.

Focus Visibility

Focus must ALWAYS be visible:

/* [NO] Removing focus indicator */
*:focus {
  outline: none;
}

/* [YES] Custom focus indicator */
*:focus-visible {
  outline: 2px solid var(--color-primary);
  outline-offset: 2px;
}

/* Works in both light and dark modes */
*:focus-visible {
  outline: 2px solid var(--color-primary);
  outline-offset: 2px;
  box-shadow: 0 0 0 4px var(--color-surface);
}

Focus Trapping

For modals and dialogs, trap focus inside:

function trapFocus(element) {
  const focusableElements = element.querySelectorAll(
    'button, [href], input, select, textarea, [tabindex]:not([tabindex="-1"])'
  );
  const firstFocusable = focusableElements[0];
  const lastFocusable = focusableElements[focusableElements.length - 1];

  element.addEventListener('keydown', (e) => {
    if (e.key !== 'Tab') return;

    if (e.shiftKey) {
      if (document.activeElement === firstFocusable) {
        lastFocusable.focus();
        e.preventDefault();
      }
    } else {
      if (document.activeElement === lastFocusable) {
        firstFocusable.focus();
        e.preventDefault();
      }
    }
  });
}

Skip Links

Allow keyboard users to skip repetitive navigation:

<body>
  <a href="#main-content" class="skip-link">Skip to main content</a>

  <header><!-- Navigation --></header>

  <main id="main-content" tabindex="-1">
    <!-- Main content -->
  </main>
</body>

.skip-link {
  position: absolute;
  top: -40px;
  left: 0;
  padding: 8px;
  background: var(--color-primary);
  color: var(--color-on-primary);
  z-index: 100;
}

.skip-link:focus {
  top: 0;
}

Labels and Descriptions

Every interactive element needs a label:

<!-- Visible label (preferred) -->
<label for="search">Search</label>
<input type="search" id="search" />

<!-- Hidden label (when visual label exists elsewhere) -->
<input type="search" aria-label="Search products" />

<!-- Icon-only button -->
<button type="button" aria-label="Close">
  <svg aria-hidden="true"><!-- X icon --></svg>
</button>

<!-- Additional description -->
<input
  type="password"
  aria-label="Password"
  aria-describedby="password-requirements"
/>
<p id="password-requirements">Must be at least 8 characters.</p>

Live Regions

Announce dynamic content changes:

<!-- Polite: Announced after current speech -->
<div aria-live="polite" aria-atomic="true">
  3 items in cart
</div>

<!-- Assertive: Interrupts current speech (use sparingly) -->
<div role="alert">
  Error: Payment failed. Please try again.
</div>

<!-- Status: For status messages -->
<div role="status">
  Saving...
</div>

Hiding Content

Hide from everyone:

<div hidden>Not rendered at all</div>
<div style="display: none;">Not rendered at all</div>

Hide visually but keep accessible:

.visually-hidden {
  position: absolute;
  width: 1px;
  height: 1px;
  padding: 0;
  margin: -1px;
  overflow: hidden;
  clip: rect(0, 0, 0, 0);
  white-space: nowrap;
  border: 0;
}

<button>
  <svg aria-hidden="true"><!-- icon --></svg>
  <span class="visually-hidden">Close menu</span>
</button>

Hide from screen readers only:

<span aria-hidden="true">★★★☆☆</span>
<span class="visually-hidden">3 out of 5 stars</span>

Standards

WCAG 2.1 AA Baseline

This playbook targets WCAG 2.1 Level AA as the baseline. All guidance assumes AA compliance unless noted otherwise.

Why 2.1 AA:

Industry standard for most organizations
Legal requirement in many jurisdictions (ADA, Section 508, EN 301 549)
Achievable without significant design constraints
Covers vast majority of accessibility needs

WCAG 2.2 Enhancements (Recommended):

Criterion	What	When to Implement
2.4.11 Focus Not Obscured	Focused element not hidden	New projects
2.5.7 Dragging Movements	Alternative to drag operations	Touch interfaces
2.5.8 Target Size (Minimum)	24x24px targets	All projects
3.2.6 Consistent Help	Help in consistent location	Complex apps
3.3.7 Redundant Entry	Don’t re-request same info	Multi-step forms
3.3.8 Accessible Authentication	No cognitive tests for auth	All auth flows

Implement 2.2 criteria in new projects. Retrofit existing projects during major updates.

Color and Contrast

WCAG Contrast Requirements

Element	Ratio Required	Level
Normal text	4.5:1	AA
Large text (18px+ bold, 24px+)	3:1	AA
UI components, graphics	3:1	AA
Normal text	7:1	AAA

Tools:

WebAIM Contrast Checker
Chrome DevTools (inspect > color picker shows ratio)
Figma plugins (Stark, A11y)

Color Not Sole Indicator

Don’t rely on color alone:

<!-- [NO] Only color indicates error -->
<input type="email" class="error" />  <!-- Red border -->

<!-- [YES] Color + icon + text -->
<input type="email" class="error" aria-invalid="true" aria-describedby="email-error" />
<p id="email-error">
  <svg aria-hidden="true"><!-- Error icon --></svg>
  Please enter a valid email address.
</p>

Motion and Animation

Reduced Motion

Respect user preference for reduced motion:

/* Default: Animations enabled */
.card {
  transition: transform 0.3s ease;
}

.card:hover {
  transform: scale(1.05);
}

/* Reduced motion: Disable or minimize */
@media (prefers-reduced-motion: reduce) {
  .card {
    transition: none;
  }

  .card:hover {
    transform: none;
  }
}

In JavaScript:

const prefersReducedMotion = window.matchMedia(
  '(prefers-reduced-motion: reduce)'
).matches;

if (!prefersReducedMotion) {
  // Run animation
}

Safe Animation Guidelines

No flashing more than 3 times per second
Provide pause/stop controls for auto-playing content
Keep animations under 5 seconds or provide controls
Avoid animations that fill the entire screen

Touch and Mobile

Touch Target Size

Minimum 44x44 CSS pixels for touch targets:

.button {
  min-width: 44px;
  min-height: 44px;
  padding: 12px 16px;
}

/* Icon buttons need explicit sizing */
.icon-button {
  width: 44px;
  height: 44px;
  padding: 10px;
}

Spacing Between Targets

Leave at least 8px between touch targets:

.button-group {
  display: flex;
  gap: 8px;  /* Minimum spacing */
}

Testing

Manual Testing Checklist

Keyboard:

Can Tab through all interactive elements
Tab order is logical (follows visual flow)
Focus is always visible
Can activate all buttons/links with Enter/Space
Can close modals with Escape
No keyboard traps (can always Tab out)

Screen Reader:

All images have alt text (or are decorative and hidden)
All form inputs have labels
Headings create logical outline
Links and buttons have descriptive text
Dynamic changes are announced

Visual:

Contrast ratios meet WCAG AA (4.5:1 text, 3:1 UI)
Color is not sole indicator
Focus indicators visible in all themes
Text resizable to 200% without loss

Mobile:

Touch targets at least 44x44px
Works in portrait and landscape
No horizontal scrolling at 320px width

Tiered Automated Testing

Layer accessibility checks at different stages of development:

Tier	Tool	When	Catches
Development	axe-core (React/browser)	During coding	Immediate feedback
Commit	axe-core (Playwright/Cypress)	Pre-commit/CI	Regressions
Quality Gate	Lighthouse CI	PR/merge	Performance + a11y score
Manual	WAVE, axe DevTools	Code review	Context-sensitive issues
Audit	pa11y-ci	Periodic	Site-wide compliance

Tier 1: Development (Immediate Feedback)

// React axe (dev only)
if (process.env.NODE_ENV === 'development') {
  import('@axe-core/react').then((axe) => {
    axe.default(React, ReactDOM, 1000);
  });
}

Tier 2: Commit (CI Integration)

# axe-core via playwright
npm install @axe-core/playwright

// In test:
import AxeBuilder from '@axe-core/playwright';

test('page should be accessible', async ({ page }) => {
  await page.goto('/');
  const results = await new AxeBuilder({ page }).analyze();
  expect(results.violations).toEqual([]);
});

Tier 3: Quality Gate (Lighthouse CI)

# lighthouserc.js
module.exports = {
  ci: {
    assert: {
      assertions: {
        'categories:accessibility': ['error', { minScore: 0.9 }],
      },
    },
  },
};

# In CI pipeline
npx lhci autorun

Tier 4: Manual Review

Browser extensions for code review:

axe DevTools - Comprehensive issue detection
WAVE - Visual overlay of issues
Accessibility Insights - Step-by-step assessment

Tier 5: Periodic Audit (pa11y-ci)

# .pa11yci.json
{
  "urls": ["/", "/products", "/checkout"],
  "standard": "WCAG2AA"
}

# Run audit
npx pa11y-ci

Use pa11y-ci for periodic site-wide audits, especially before major releases.

Test with real screen readers:

Platform	Screen Reader	Browser
macOS	VoiceOver	Safari
Windows	NVDA	Firefox
Windows	JAWS	Chrome
iOS	VoiceOver	Safari
Android	TalkBack	Chrome

At minimum: Test with VoiceOver (macOS) or NVDA (Windows).

Quick Reference by Component

Button

<button type="button" aria-pressed="false">
  Toggle Feature
</button>

Use <button>, not <div> or <a>
type="button" prevents form submission
aria-pressed for toggle buttons
Descriptive text (not “Click here”)

Link

<a href="/products">View all products</a>

Use <a> with href, not <span onclick>
Descriptive text (not “Learn more”)
Opens new tab? Add target="_blank" rel="noopener" and indicate visually

Image

<!-- Informative image -->
<img src="chart.png" alt="Sales increased 20% in Q4" />

<!-- Decorative image -->
<img src="decoration.svg" alt="" role="presentation" />

<!-- Complex image with long description -->
<figure>
  <img src="complex-chart.png" alt="Annual revenue chart" aria-describedby="chart-desc" />
  <figcaption id="chart-desc">
    Revenue grew from $1M in 2020 to $5M in 2024, with the largest growth in 2023.
  </figcaption>
</figure>

Input

<div>
  <label for="username">Username</label>
  <input
    type="text"
    id="username"
    name="username"
    required
    aria-invalid="false"
    aria-describedby="username-hint"
  />
  <p id="username-hint">3-20 characters, letters and numbers only.</p>
</div>

<div
  role="dialog"
  aria-modal="true"
  aria-labelledby="modal-title"
>
  <h2 id="modal-title">Dialog Title</h2>
  <!-- Content -->
  <button type="button" onclick="closeModal()">Close</button>
</div>

Focus trapped inside
Escape closes
Focus returns to trigger on close

/pb-patterns-frontend - Accessible component patterns
/pb-design-language - Accessibility constraints in design tokens
/pb-review-hygiene - Include accessibility in code review
/pb-testing - Accessibility testing integration
/pb-security - CSP and CORS (overlap with a11y testing tools)

Design Rules Applied

Rule	Application
Clarity	Semantic HTML makes intent obvious to all users
Robustness	Works with assistive technology, degrades gracefully
Repair	Error states are announced, not just visual
Simplicity	Native HTML before ARIA complexity

Resources

Last Updated: 2026-01-19 Version: 1.0

Logging Strategy & Standards

Comprehensive guidance for designing effective logging that aids troubleshooting without creating noise.

Principle: Good logging embodies /pb-preamble thinking (reveal assumptions, surface problems) and /pb-design-rules thinking (especially Transparency and Silence: systems should be observable when important, quiet otherwise).

Logs must invite scrutiny. They should reveal assumptions and make failures obvious, not hide them with verbosity or silence.

Resource Hint: sonnet - logging standards review is structured and pattern-based

When to Use

Setting up logging for a new service or module
Reviewing logging practices during code review
Investigating noisy or insufficient logs in production
Standardizing logging across a codebase

Purpose

Logging is critical for observability in production. This guide helps you:

Determine appropriate log levels for different events
Eliminate redundant and noisy logs
Ensure logs are actionable and context-rich
Standardize logging across your codebase
Verify security and compliance requirements

Log Levels: When to Use Each

DEBUG

Use for: Detailed troubleshooting information

logger.debug("Entered function process_order()", extra={"user_id": 123})
logger.debug("Query took 45ms", extra={"query": "SELECT ...", "rows": 50})
logger.debug("Cache hit for key: user_profile_123")

Characteristics:

Enabled only during development or when investigating specific issues
Includes variable values, loop iterations, internal state
Should not be logged to production by default (configure via log level)

Pitfalls:

Not useful in production (logging is disabled anyway)
Creates noise if left at DEBUG level unnecessarily

INFO

Use for: Important business events and state changes

logger.info("User registered", extra={"user_id": 456, "email": "user@example.com"})
logger.info("Order created", extra={"order_id": "ORD-789", "customer_id": 456, "total": 99.99})
logger.info("Payment processed successfully", extra={"payment_id": "PAY-123", "amount": 99.99})
logger.info("Job completed", extra={"job_id": 999, "duration_ms": 5000, "status": "success"})

Characteristics:

Visible in production
Tracks user-visible actions and business events
Includes IDs and relevant context
Follows “Verb + noun + context” pattern

Pitfalls:

“Processing user” - too vague
“Got here” - non-actionable
“User registration initiated” - clear and actionable

WARNING

Use for: Recoverable problems and unexpected but handled situations

logger.warning("Slow database query detected", extra={
    "query_ms": 2500,
    "threshold_ms": 1000,
    "query": "SELECT ... FROM orders WHERE customer_id = ?"
})
logger.warning("External service degraded, retrying", extra={
    "service": "payment_provider",
    "retry_count": 2,
    "timeout_ms": 5000
})
logger.warning("Cache miss spike detected", extra={
    "miss_rate": 0.45,
    "threshold": 0.20,
    "duration_sec": 60
})

Characteristics:

Indicates something unexpected happened but the system recovered
Usually indicates fallback behavior
Includes metrics or context for investigation

Pitfalls:

Warning for every retried request (too noisy)
Warning for expected rate limit responses (should be INFO if handled)
Warning for unusual patterns: slow queries, high error rates

ERROR

Use for: Genuine error conditions that need attention

logger.error("Failed to charge payment", extra={
    "payment_id": "PAY-456",
    "reason": "Card declined",
    "error_code": "card_declined",
    "stack_trace": "..." # Include only if helpful for root cause
})
logger.error("Database connection failed", extra={
    "host": "db.prod.example.com",
    "error": "connection timeout",
    "timeout_ms": 5000,
    "attempt": 3
})

Characteristics:

Operation failed; action is required
Include enough context to investigate without access to customer data
Include error codes, error messages, and relevant context
Stack traces helpful only for unexpected errors

Critical:

Never log passwords, API keys, PII, or sensitive data
Log error codes and codes that help identify the issue

CRITICAL

Use for: System-wide failures requiring immediate action

logger.critical("Database unavailable - all requests failing", extra={
    "service": "primary_database",
    "status": "connection_refused",
    "impact": "total_outage"
})
logger.critical("Authentication service down", extra={
    "service": "auth_service",
    "response_code": 503,
    "health_check": "failed"
})

Characteristics:

System is down or severely degraded
Triggers page/alert to on-call
Should be rare (aim for < 1 per month)

Pitfalls:

Using CRITICAL for issues that only affect one user
Using CRITICAL only for platform-wide outages

Common Logging Patterns

Authentication & Authorization

# [YES] Good: Log security events without exposing credentials
logger.info("User login successful", extra={
    "user_id": 789,
    "login_method": "email_password",
    "ip_address": "203.0.113.42"
})

logger.warning("Failed login attempt", extra={
    "email": "user@example.com",  # OK to log email, not password
    "attempt": 3,
    "reason": "invalid_password"
})

logger.error("Account locked after failed attempts", extra={
    "user_id": 789,
    "failed_attempts": 5,
    "lockout_duration_min": 30
})

# [NO] Bad: Logging credentials
logger.debug("Login attempt", extra={"username": "user@example.com", "password": "secret123"})

External Service Calls

# [YES] Good: Log request, response, and timing
logger.info("Payment service called", extra={
    "service": "stripe",
    "method": "charge",
    "amount": 99.99,
    "request_id": "req_123abc"
})

logger.warning("Payment service slow", extra={
    "service": "stripe",
    "latency_ms": 3500,
    "timeout_ms": 5000
})

logger.error("Payment service error", extra={
    "service": "stripe",
    "status_code": 500,
    "error_message": "Internal Server Error",
    "request_id": "req_123abc"
})

Database Operations

# [YES] Good: Log queries that matter
logger.info("Order created in database", extra={
    "order_id": "ORD-999",
    "customer_id": 456,
    "items_count": 3
})

logger.warning("Slow database query", extra={
    "query": "SELECT * FROM orders ...",
    "duration_ms": 2000,
    "rows_returned": 50000
})

# [NO] Bad: Logging every SELECT (creates noise)
logger.debug("SELECT user WHERE id = 123")
logger.debug("SELECT orders WHERE customer_id = 456")

Job/Task Processing

# [YES] Good: Log job lifecycle
logger.info("Background job started", extra={
    "job_id": 999,
    "job_type": "send_email",
    "user_id": 456
})

logger.info("Background job completed", extra={
    "job_id": 999,
    "duration_ms": 5000,
    "status": "success"
})

logger.error("Background job failed", extra={
    "job_id": 999,
    "error": "SMTP connection timeout",
    "retries_remaining": 2,
    "retry_after_sec": 60
})

Structured Logging Best Practices

Consistent Format

# [YES] Good: JSON structured logging
import json
import logging

class JSONFormatter(logging.Formatter):
    def format(self, record):
        return json.dumps({
            "timestamp": self.formatTime(record),
            "level": record.levelname,
            "message": record.getMessage(),
            "logger": record.name,
            **record.extra if hasattr(record, 'extra') else {}
        })

logger = logging.getLogger(__name__)
handler = logging.StreamHandler()
handler.setFormatter(JSONFormatter())
logger.addHandler(handler)

# Usage:
logger.info("User registered", extra={
    "user_id": 123,
    "email": "user@example.com"
})

Include Correlation IDs (Microservices)

import uuid
from contextvars import ContextVar

correlation_id_var: ContextVar[str] = ContextVar('correlation_id', default='')

def log_with_correlation(message, level, **context):
    """Log with automatic correlation ID for request tracing."""
    context['correlation_id'] = correlation_id_var.get()
    logger.log(level, message, extra=context)

# Middleware to set correlation ID
def correlation_id_middleware(request):
    correlation_id = request.headers.get('X-Correlation-ID', str(uuid.uuid4()))
    correlation_id_var.set(correlation_id)
    return request

Context and Exception Handling

# [YES] Good: Include exception context
try:
    process_payment(order)
except PaymentError as e:
    logger.error("Payment processing failed", extra={
        "order_id": order.id,
        "error_code": e.code,
        "error_message": str(e),
        "exception": type(e).__name__
    })
    raise

Log Level Configuration by Environment

Development

DEBUG: All levels enabled (catch all issues early)

Staging

INFO: Business events only (monitor production-like behavior)
WARNING: Unusual patterns
ERROR: Failed operations
CRITICAL: System failures

Production

INFO: Business events (user actions, transactions)
WARNING: Unexpected conditions (slow requests, retries)
ERROR: Failed operations (requires investigation)
CRITICAL: System outages (page on-call)

DEBUG: Disabled (logs to /dev/null)

Configuration Example (Python):

import os
import logging

log_level = os.getenv('LOG_LEVEL', 'INFO')
logging.basicConfig(level=getattr(logging, log_level))

# Specific module log levels
logging.getLogger('vendor_library').setLevel(logging.WARNING)  # Less verbose for 3rd party
logging.getLogger('myapp.payment').setLevel(logging.DEBUG)      # More verbose for critical

Common Issues & Fixes

Problem: “Log Bombing” - Too Many Logs

[NO] Example:

for user_id in user_ids:
    logger.info(f"Processing user {user_id}")  # Logs 1000 times!
    logger.info(f"Fetched data for user {user_id}")
    logger.info(f"Updated database for user {user_id}")

[YES] Fix:

logger.info("Starting bulk user processing", extra={"total_users": len(user_ids)})
for user_id in user_ids:
    # Only log errors, not normal flow
    try:
        process_user(user_id)
    except Exception as e:
        logger.error("Failed to process user", extra={
            "user_id": user_id,
            "error": str(e)
        })
logger.info("Bulk user processing completed", extra={
    "total_users": len(user_ids),
    "duration_sec": elapsed_time
})

Problem: Missing Context

[NO] Bad:

logger.error("Connection failed")  # Which connection? Which service?
logger.warning("Request timed out")  # Which request? What timeout?

[YES] Good:

logger.error("Database connection failed", extra={
    "host": "db.prod.example.com",
    "port": 5432,
    "error": "connection refused",
    "timeout_ms": 5000
})
logger.warning("API request timed out", extra={
    "service": "payment_provider",
    "endpoint": "/api/charges",
    "timeout_ms": 5000,
    "attempt": 2
})

Problem: Logging Sensitive Data

[NO] Bad:

logger.info("User login", extra={
    "email": user.email,
    "password": user.password,  # NEVER log this!
    "ssn": user.ssn              # NEVER log this!
})

[YES] Good:

logger.info("User login successful", extra={
    "user_id": user.id,
    "email_hash": hash(user.email),  # Hash for verification
    "ip_address": request.remote_addr
})

Logging Checklist

Before deploying, verify:

No sensitive data: No passwords, API keys, PII in logs
Appropriate levels: DEBUG/INFO in right places
Unique identifiers: Include IDs (user_id, order_id, request_id)
Correlation IDs: All related requests traceable (microservices)
Error context: Errors include error codes and context
Not redundant: Same information not logged twice
Not noisy: Not logging every normal operation
Parsing-friendly: JSON structured logging (not raw strings)
Performance impact: Logging overhead acceptable in hot paths

/pb-security - Logging sensitive data safely
/pb-observability - Logging as part of observability
/pb-incident - Using logs during incident investigation
/pb-guide - Implementing logging in development
/pb-testing - Testing logging behavior

Tools Reference

Tools to consider:

Local: Python logging, Node.js winston, Go zap
Cloud: AWS CloudWatch, GCP Cloud Logging, Azure Monitor
Aggregation: ELK Stack, Splunk, Datadog, New Relic

Created: 2026-01-11 | Category: Code Review | Tier: M

Calm Design: Attention-Respecting Features & Systems

Technology should recede into the background until genuinely needed. Calm design applies attention-efficiency principles to every feature, system, and interface you build.

Resource Hint: sonnet - Design and code review with attention as a resource lens.

When to Use

Before shipping a feature: Does this respect user attention?
During code review: Is this feature calm or demanding?
During design feedback: Would you use this daily without frustration?
Planning notifications or alerts: Is this necessary or just noise?

Philosophy: Attention as a Finite Resource

From Amber Case’s Calm Technology: “Our world is made of information that competes for our attention.” Most systems lose this lens and compete for attention constantly.

Compare:

Demanding system: Notifications every 5 minutes, unclear alerts, requires constant vigilance
Calm system: Works silently, alerts only when critical, provides status without demanding focus

The shift: Attention isn’t infinite. Design systems that respect this.

See /pb-design-rules for clarity and simplicity principles. Calm design extends those: the same clarity that makes code readable makes interfaces calm.

The 10-Question Calm Design Checklist

Use this to evaluate features, systems, or interfaces for attention-efficiency.

Section A: Minimal Attention (User-Facing)

1. Does this work without the user thinking about it?

Can the system operate automatically without constant user input?
Or does it demand attention at every step?
Example: Auto-save works silently ✅ vs. Manual save button everywhere ❌

2. What happens during normal operation-silence or chatter?

Does the system only communicate when something’s wrong?
Or does it provide constant status updates?
Example: Background sync with no status ✅ vs. Progress bar on every operation ❌

3. Can secondary information move to the periphery?

Is all information front-and-center demanding focus?
Or can less urgent info be subtle (icon, indicator, optional detail)?
Example: Status dot shows sync complete ✅ vs. Modal dialog: “Sync complete! Click OK” ❌

4. Have we eliminated notifications that aren’t critical?

Which alerts are truly urgent vs. “nice to know”?
Can “nice to know” be optional or on-demand?
Example: Slack notification on mention only ✅ vs. Notification for every message ❌

Section B: Graceful Degradation (System Failures)

5. What happens when this system fails-alarm or adaptation?

Does failure break everything, or does the system gracefully degrade?
Can users continue with partial functionality?
Example: Form saves draft locally if network fails ✅ vs. “Error: Save failed” with no recovery ❌

6. Do error messages explain the problem and path forward?

Error: “Database error” (user can’t do anything with this)
Better: “Your changes couldn’t save. Retry or save as draft?” (clear action)
Example: Clear, actionable errors ✅ vs. Technical jargon ❌

Section C: Design Minimalism (Feature Scope)

7. Have we stripped this to the minimum that solves the problem?

What’s the smallest version that delivers value?
Are we adding features “just in case”?
Example: One clear action ✅ vs. Ten options for different use cases ❌

8. Is the interface the least surprising thing users would expect?

Would a person using this for the first time know what to do?
Or do they need to learn unique conventions?
Example: Standard button labels and placement ✅ vs. Custom UI with novel interactions ❌

Section D: Operational Calm (Behind the Scenes)

9. Have we designed this to be maintainable and debuggable?

Can ops teams understand what the system is doing?
Or is state hidden and behavior opaque?
Example: Clear logs + metrics ✅ vs. Silent processing with no visibility ❌

10. Does this scale peacefully, or will it demand constant babysitting?

Can this grow without frequent manual intervention?
Or does growth require constant tuning and monitoring?
Example: Self-tuning retry logic ✅ vs. Manual threshold adjustments ❌

How to Use This Checklist

During Design (Before Building)

Read questions 1-4 (user-facing attention)
Ask the team: “Which of these could fail?”
Identify where calm design could prevent problems

During Code Review

Run through questions 5-6 (failure modes)
Ask: “Does this fail quietly or loudly?”
Calm doesn’t mean no errors-it means kind errors

Before Shipping

Full checklist: all 10 questions
Score: How many are you fully confident about?
“7-10: Ship. 5-6: Address gaps. <5: Revisit design.”

Calm Tech Principles Applied

Calm Tech Principle	In Practice	Link
Minimal Attention	Does it work in the background?	Questions 1-2
Use the Periphery	Can secondary info move to edges?	Question 3
Alternative Communication	Not just alerts-use status, light, subtle indicators	Question 4
Graceful Failure	Does it fail gently or catastrophically?	Questions 5-6
Minimum Viable Design	Have we cut to the core?	Question 7
Least Surprise	Would a first-time user understand?	Question 8
Observability	Can ops see what’s happening?	Questions 9-10

Key Integration: Calm Tech + Design Rules

Tension Example:

Design Rules say: Fail noisily and early (Rule 10: Repair) Calm Tech says: Don’t overwhelm users with alerts (Alternative Communication)

Resolution:

In code/dev: Fail noisily. Log everything. Crash on invariant violations. Engineers need to know.
In UX: Fail calmly. Users get clear error + recovery path. No unnecessary alarms.

Same principle, different layers:

Engineers need loud failures to catch bugs fast
Users need calm failures with clear paths forward

Examples: Calm vs. Demanding

Example 1: Notification System

Demanding:

Email notification for every action
Slack alert for every mention
In-app modal for every status change
Result: User disables all notifications

Calm:

Email digest once daily (15 items summarized)
Slack only for mentions (@specific person)
Status visible in sidebar (user checks when curious)
Result: User stays informed without interruption

Example 2: Form Validation

Demanding:

Real-time validation with red underlines
Shows every validation error before user finishes typing
Modal alert if any field is invalid
Result: User frustrated by constant feedback

Calm:

Validation only on blur (after user finishes entering)
Shows one clear error message per field
Submit button disabled with explanation tooltip
Result: User doesn’t feel judged, knows what to fix

Example 3: Background Sync

Demanding:

Progress bar visible at all times
Notification each time sync completes
Modal dialog if sync fails
User must click “OK” to continue

Calm:

Small status dot: gray (idle), blue (syncing), green (complete)
Optional toast notification (auto-dismisses)
Syncs automatically; doesn’t interrupt user
If failure: saves draft locally, shows clear recovery option

Example 4: API Rate Limiting

Demanding:

429 error with no explanation
User has to guess they’ve exceeded a limit
No indication of when they can retry

Calm:

Error message: “Too many requests. Retry after 2 minutes.”
Client auto-retries with exponential backoff (silent)
User doesn’t notice the limit was hit
System behaves patiently, not punitively

Example 5: Configuration

Demanding:

50 configuration options on first launch
Defaults that work for nobody
User must configure before doing anything

Calm:

Smart defaults (works for 80% of users)
Advanced settings in collapsed section (user never sees them)
Configuration optional, inline guidance
User gets value immediately

Mindset: Calm Design as Respect

Read /pb-design-rules for technical principles (clarity, simplicity, modularity).

The mindset extension: If you respect engineers through clarity and simplicity, respect users the same way.

Clarity to engineers: “Here’s what this code does”
Clarity to users: “Here’s what happens when you click this”
Simplicity for engineers: “Minimal code, maximum understanding”
Simplicity for users: “Minimal options, obvious action”
Respect for engineers: “Your time is valuable; I made this readable”
Respect for users: “Your attention is valuable; I made this calm”

When NOT to Be Calm

Calm design doesn’t mean hiding problems. Some systems NEED to be noisy:

Be loud when:

Safety is at risk - Security breach, data loss, financial error: alert loudly
User explicitly asks - User enabled notifications: notify them
Time is critical - Deadline in 1 hour, meeting starting now: alert
User attention is already focused - During an active operation (form submission, upload)

Remain calm when:

It’s background work - Sync, backup, index rebuild: silent
The user will notice anyway - Feature works, they’ll see it
It’s optional or secondary - Nice-to-know info: make it available, don’t push it

Checklist for Code Review

When reviewing code, ask:

Attention: Does this demand user focus when it doesn’t have to?
Failure: If this breaks, does the user know what to do?
Scope: Could we ship less and still deliver value?
Clarity: Would a first-time user understand this?
Silence: Does normal operation produce unnecessary output?
Observability: Can we (ops) see what’s happening?
Degradation: Does this fail gracefully?

If you check all 7: Ship. If you check 5-6: Address gaps. If <5: Request redesign.

Integration with Playbook

See /pb-design-rules:

Rule 1 (Clarity): Calm design is clarity extended to users
Rule 3 (Silence): “When there’s nothing to say, say nothing”
Rule 5 (Simplicity): Minimum feature set respects user attention
Rule 8 (Composition): Systems work together without demanding attention

See /pb-standards:

Quality Bar (MLP): “Would you use this daily?” includes calm design
Test Standards: Test that errors are clear and recoverable
Accessibility: Keyboard-first and focus management are calm design

See /pb-security, /pb-observability:

Calm systems are more observable (clear logs, metrics)
Calm failures are easier to debug (not hidden)
Graceful degradation is more secure (no cascading failures)

Checkpoint: Am I Building Calm?

Before shipping, ask yourself:

✅ This works in the background without demanding focus
✅ Error messages are clear; user knows what to do
✅ Failed gracefully; user can work around it
✅ I would use this daily without frustration
✅ Someone new could use this without training

If all 5: Calm. If 3-4: Good start; refine. If <3: Revisit design.

/pb-design-rules - Technical principles (clarity, simplicity, modularity)
/pb-standards - Quality bar and MLP criteria
/pb-review-product - Product-focused review including user experience
/pb-review-frontend - Frontend review; applies calm principles to UI
/pb-a11y - Accessibility review; overlaps with calm design

Calm design: Features that work for users, not against them. Respect attention like you respect code clarity.

Voice Review

Purpose: Detect and remove AI writing patterns from prose. Two roles, clearly separated: the tool removes tells, the author adds truth.

Mindset: Apply /pb-preamble thinking (honest, imperfect prose over polished output) and /pb-design-rules thinking (Clarity over cleverness. Silence when nothing to say. Fail noisily: if text reads generated, flag it, don’t smooth it over).

Resource Hint: sonnet - Structured text analysis and surgical editing; pattern recognition, not architecture-level depth.

You are a detection system and a surgical editor. Find where AI shows through and fix only those spots, without introducing new mechanical patterns.

When to Use

After persona-driven generation - You wrote “create post on X as [author]-persona”; now run pb-voice as the quality gate to catch residual AI patterns the persona didn’t suppress
Before publishing - Final pass on blog posts, articles, social posts
When text “feels off” - Too smooth, too balanced, too clean
Building a voice profile - Extract patterns from your own writing samples

Recommended Workflow

The best results come from persona + pb-voice together, not either alone:

1. Generate with persona:  "Write about X as [author]-persona"
   Or: /pb-voice persona=my-persona.md
   Persona drives voice, vocabulary, opinions during generation.

2. Quality gate with pb-voice:  "/pb-voice" on the output
   pb-voice catches residual AI patterns the persona didn't suppress.

Why this order matters: A persona embeds voice from the start (word choice, opinions, rhythm). pb-voice is the safety net that catches where the model slipped despite persona instructions. Using pb-voice without a persona can remove tells but can’t add the author’s actual voice. Using a persona without pb-voice lets subtle AI patterns through.

Anti-pattern: Don’t generate generic content and then try to “humanize” it with pb-voice alone. That produces generic-minus-tells, not human writing.

Pipeline Overview

Input  DETECT  annotated flags  REWRITE (flagged only)  VERIFY  output

Modes

Mode	What It Does	When to Use
`detect`	Flag AI patterns, score text, no changes	Quick audit, learning your tells
`fix` (default)	Detect + rewrite flagged sections only	Standard post-processing
`profile`	Analyze sample writing to build voice reference	One-time setup or periodic refresh

Usage:

/pb-voice - Full detect + fix on provided text or file
/pb-voice mode=detect - Detection and scoring only
/pb-voice mode=profile - Build voice profile from samples
/pb-voice persona=/path/to/persona.md - Calibrate to author voice

Companion script: scripts/voice-review.sh (run --help for usage).

Stage 1: Detect

Scan text for AI-generated patterns. Flag each occurrence with category and severity. Do not fix anything in this stage.

Step 0: Register Calibration

Before running any detection category, determine what register the text should be in. The same phrase can be correct in one context and a tell in another.

When persona is provided: Read the persona file. Extract:

Target register: conversational, technical, formal, or observational
Formality ceiling: the most formal phrasing this persona would naturally use
Vocabulary anchors: actual phrases from the persona’s texture samples

When context is provided (PR, issue, bug report, email, social post): Infer register from the format:

Format	Register	Formality ceiling
Social post (LinkedIn, X, Bluesky)	conversational	spoken language
PR description / issue comment	dev-to-dev	how you’d explain it at a whiteboard
Bug report / security advisory	technical	precise but not academic
Blog post / article	depends on persona	check persona file
RFC / architecture doc	formal	technical writing norms apply
Email to maintainer	dev-to-dev	how you’d write to a colleague

When neither is provided: Default to MEDIUM formality. Skip Category 12 (Register Mismatch).

Output: State the detected register at the top of your detection report: “Register: conversational (from persona)” or “Register: dev-to-dev (PR description)”. This makes the calibration visible and challengeable. Each detection category documents its own register sensitivity where applicable.

Voice Profile: If a persona file is provided, load it now – before detection, not after. The persona’s vocabulary anchors and formality ceiling inform what counts as a tell across all categories. See “Voice Profile Integration” in Stage 2 for how the persona also calibrates rewrites.

Category 1: Dead Giveaway Vocabulary (HIGH)

Words and phrases that almost never appear in natural writing but are statistically overrepresented in LLM output.

Words: delve, utilize, leverage, foster, robust, comprehensive, nuanced, streamline, facilitate, underscores, pivotal, multifaceted, holistic, synergy, paradigm, ecosystem (outside tech), landscape (metaphorical), tapestry, intricate, embark, unleash, realm, testament, cornerstone, spearhead, bolster, resonate, proliferate, aligns, crucial (outside technical context), garment, enduring, showcase, interplay, vibrant, vital

Phrases:

“It’s worth noting that…” / “It’s important to note…”
“In today’s [X] landscape…”
“Let’s dive into…” / “Let me walk you through…”
“This is a game-changer” / “Take it to the next level”
“Stands as a testament to” / “Plays a crucial role”
“In order to” (where “to” suffices)
“Whether you’re [X] or [Y]…” / “By doing [X], you can [Y]…”
“In this article, we will…” / “Without further ado”
“Moving forward” / “At the end of the day”

Note: Context can reduce severity. In technical writing (RFCs, architecture docs), “robust” and “leverage” may be legitimate (reduce to MEDIUM). Similarly, Category 3’s “significance inflation” may be appropriate in historical writing, and Category 9’s em-dashes may suit some style guides. When in doubt, check against the author’s voice profile or project rules.

Action: Flag every occurrence. Replace or delete.

Category 2: Structural Tells (HIGH)

Document-level organization patterns that reveal algorithmic generation. (For inline formatting tells, see Category 9.)

Uniform paragraph length - Every paragraph 3-4 sentences. Real writing has 1-sentence paragraphs next to 6-sentence ones.
Topic-support-transition - Each paragraph opens with topic sentence, supports it, transitions. Textbook structure. Real writing meanders.
Lists of exactly 3 - AI loves triplets. “Three key considerations…” Real lists are 2, or 4, or 7.
Symmetrical sections - All H2s same length. All bullets identical grammar.
Colon introductions - “Several factors to consider: X, Y, and Z.”
Parallel openings - Consecutive paragraphs starting the same way (“This approach…”, “This method…”, “This strategy…”).

Action: Restructure. Make one paragraph a fragment. Make another twice as long. Break the template.

Category 3: Content-Level Patterns (HIGH)

Sentence-construction habits and repetition patterns that go beyond individual words.

Copula avoidance - “serves as” / “stands as” / “functions as” instead of “is.” AI substitutes elaborate constructions for simple verbs. “Gallery 825 serves as the exhibition space” “Gallery 825 is the exhibition space.”
Significance inflation - Puffing up importance with legacy/testament/pivotal framing. “Marking a pivotal moment in the evolution of…” The whole sentence construction inflates, not just the word.
Superficial -ing clauses - Present participle phrases tacked on for fake depth: “highlighting the interplay,” “underscoring the importance,” “reflecting the community’s values.” The -ing clause adds no information; it just sounds analytical.
Synonym cycling - Repetition-penalty-driven substitution. “The protagonist… The main character… The central figure… The hero…” all in one paragraph. Real writers repeat or use pronouns.
Negative parallelisms - “Not only X but Y” / “It’s not just about X; it’s about Y.” Overused construction that sounds profound but usually restates.
False ranges - “from X to Y” where X and Y aren’t on a meaningful scale. “From hobbyist experiments to enterprise-wide rollouts.”
Explanatory completeness - The model can’t leave anything unexplained. If it mentions a concept, it defines it. A person writing to peers assumes shared context. “Claude’s project files” is enough – the model adds “which allow you to store persistent context for your projects.” If the audience already knows, the explanation is a tell.
Clause-final summation - Restating the point in abstract terms at the end of a sentence. “…which makes it ideal for teams that need both speed and reliability.” “…providing a robust foundation for future development.” The clause after “which” or the participial phrase adds no information. People end sentences on the specific, not the abstract.

Action: Simplify. Use “is”/“are.” Delete -ing clauses that add no information. Let a word repeat rather than cycling synonyms. Replace false ranges with specifics. Delete explanations the audience doesn’t need. Cut clause-final summations.

Category 4: Hedging Density (MEDIUM)

AI hedges constantly to avoid being wrong. Humans hedge strategically, only when genuinely uncertain.

More than 2 hedges per paragraph: “may,” “might,” “could potentially,” “it’s possible that”
Qualifying needlessly: “This can be useful” vs “This is useful”
Double hedges: “might potentially,” “could possibly,” “may help to some extent”
Preemptive disclaimers: “While this isn’t always the case…”

Action: Replace one hedge per paragraph with a direct statement. Keep hedges only where real uncertainty exists.

Category 5: Transition Formality (MEDIUM)

Stock transitions humans rarely use in professional writing.

Flag: Moreover, Furthermore, Additionally, In conclusion, To summarize, That said, Having established, It is worth mentioning, Consequently, Subsequently, Notably, Importantly, Interestingly, Conversely, Nevertheless, Notwithstanding

Action: Delete most. If connection needed, use “But,” “And,” “So,” “Still,” or restructure.

Category 6: Enthusiasm and Communication Artifacts (HIGH)

AI is trained helpful and positive. This creates distinctive filler. Also catches chat-generated text pasted as content.

Affirmations: “Great question!”, “Absolutely!”, “That’s a fantastic approach”, “You’re absolutely right!”
Preamble: “I’d be happy to help with that,” “Let me break this down”
Conclusion padding: “I hope this helps!”, “Feel free to ask”, “Let me know if you’d like me to expand”
Excitement inflation: “exciting,” “powerful,” “amazing,” “groundbreaking” for mundane things
Sycophantic tone: “That’s an excellent point,” “Great observation”
Knowledge disclaimers: “As of my last update,” “While specific details are limited”

Action: Delete entirely. Zero information content.

Category 7: Rhythm and Cadence (MEDIUM)

AI produces unnaturally even rhythm.

Consistent sentence length - Every sentence 15-25 words. No short punches. No long sprawls.
Clean clause structure - Subject-verb-object, consistently. No interruptions or asides.
No fragments - AI almost never writes incomplete sentences. Humans do it constantly.
No contractions - “It is” instead of “it’s.” “Do not” instead of “don’t.”
Over-complete thoughts - Every idea fully resolved in one sentence. No trailing thoughts.

Action: Vary length deliberately. Let a thought stand incomplete. Contract where natural. Let a thought trail off.

Category 8: Abstraction Level (MEDIUM)

AI defaults to conceptual language. Humans anchor in specifics.

No concrete nouns - Paragraph has no numbers, names, tools, dates, or places
Generic examples - “For instance, in many organizations…” instead of naming one
Conceptual hand-waving - “Improves efficiency” without saying how much or for whom
Category language - “Various factors,” “multiple considerations,” “several approaches”
Precise-sounding vagueness - Modifiers that sound specific but say nothing. “Significantly faster,” “substantially improved,” “considerably more efficient.” The concrete nouns might be there, but the quantifiers are empty. How much faster? Compared to what?

Action: One concrete anchor per paragraph. A number, tool, date, name, or constraint from lived experience. Replace vague quantifiers with actual measurements or drop them.

Category 9: Style and Formatting Tells (HIGH)

Formatting patterns that are quick to spot and high-signal.

Em-dash overuse - AI uses em dashes (–) more than humans, mimicking punchy sales writing. Use commas, periods, parentheses, or restructure instead.
Boldface overuse - Mechanical emphasis on key terms. “It blends OKRs, KPIs, and BSC.” Remove most bold; let sentence structure do the emphasis.
Inline-header vertical lists - Bullet points starting with bolded headers followed by colons. “- Speed: Significantly faster…” Restructure into prose or use plain bullets.
Title case in headings - AI capitalizes all main words. “## Strategic Negotiations And Global Partnerships” “## Strategic negotiations and global partnerships.” Use sentence case.
Emoji decoration - Emojis on headings or bullet points. Delete.
Curly quotation marks - AI sometimes uses curly quotes instead of straight quotes. Normalize.

Action: Fix on sight. These are fast, high-confidence corrections.

Note: Some tells (em-dashes, title case) have legitimate uses in specific style guides. When a project style guide explicitly allows them, reduce severity to LOW. When voice-guidelines or project rules ban them outright, treat as HIGH regardless of context.

Category 10: Summary Endings (HIGH)

The most reliable AI tell. LLMs almost always end with a summary paragraph restating what was already said.

“In summary, …”
“To conclude, …”
“Overall, …”
Final paragraph adds no new information
Restatement of the opening thesis
Generic positive conclusion: “The future looks bright,” “Exciting times lie ahead”

Action: Delete the summary paragraph. End on the last substantive point. Unresolved endings, open questions, abrupt stops are all fine.

Category 11: Formulaic Sections (MEDIUM)

AI-generated articles include predictable section patterns.

“Challenges and Future Prospects” - Formulaic challenges section followed by optimistic outlook. “Despite its… faces several challenges. Despite these challenges… continues to thrive.”
“Broader Trends” - Connecting a specific topic to vague broader significance. “This represents a broader shift in…”
Undue notability claims - Listing media coverage or followers without context.

Action: Replace with specific facts. What challenges, specifically? What happened, specifically? If there’s nothing specific to say, the section doesn’t need to exist.

Category 12: Register Mismatch (HIGH when register is set)

Phrases that are technically correct but wrong for the target register. This is the gap between “grammatically fine” and “sounds like a person wrote it.” Only active when Step 0 has set a register. Category 1 flags words that are almost always AI tells regardless of register. Category 12 flags words that are fine in some registers but wrong in the target register. If a word is on the Category 1 list, flag it there, not here.

Compound nominal phrases - Stacking nouns into noun phrases that nobody says out loud. “The personal agent ecosystem evaluation” instead of “testing personal agents.” “A multi-channel messaging integration layer” instead of “a way to get messages from different apps.” The longer the noun stack, the stronger the tell.
Nominalized verbs - Turning verbs into abstract nouns. “The implementation of caching” instead of “implementing caching” or just “adding a cache.” “Facilitation of communication” instead of “helping people talk.” If the verb form is shorter and clearer, use it.
Category/framework language - Imposing taxonomic structure where the author would just describe things. “The authentication subsystem” instead of “the login code.” “A persistence layer” instead of “where we store things.” “Requirements matrix” instead of “checklist.” Technical categories are fine in RFCs and architecture docs. In a social post or PR description, they signal the model is organizing, not talking.
Register-inappropriate passive - Passive voice that’s correct in formal/technical registers but wrong for conversational. “The decision was made to sunset the feature” reads like a press release. “We dropped the feature” is dev-to-dev. “I killed it” is conversational. Passive is fine in RFCs and architecture docs. In a social post or PR, it distances the author from the action.
Textbook phrasing - Correct terminology that nobody uses in the target register. “Persistent memory across interactions” instead of “remembering things between conversations.” “Natively supports” instead of “works out of the box.” “Mediocre at both tasks” instead of “okay at both and great at neither.” The test: would you say this exact phrase to a colleague at a whiteboard? If not, it’s textbook.

How register affects severity:

Conversational (social posts, casual writing): HIGH. Every instance should be caught and rewritten.
Dev-to-dev (PRs, issues, emails to maintainers): MEDIUM. Some technical shorthand is natural. Flag only when it reads more like a paper than a conversation.
Technical (bug reports, security advisories): LOW. Precise terminology is expected. Flag only obvious over-formalization.
Formal (RFCs, architecture docs): Skip. This category doesn’t apply.

Action: Replace with the phrase the author would actually say. Read it out loud. If it sounds like a textbook, a slide deck, or a product brief, it’s wrong for conversational register.

Score Calibration

Score	Category Flags	Description
1-2	6+ categories flagged, multiple HIGH	Dead giveaways in every paragraph, summary ending, no specifics, uniform structure
3-4	4-5 categories flagged, 2+ HIGH	Structural tells dominate, giveaway vocab present, uniform hedging
5-6	2-3 categories flagged, 0-1 HIGH	Reads okay on first pass, but pattern tells accumulate across paragraphs
7-8	1-2 categories flagged, 0 HIGH	Individual tells only, most text is natural, voice present throughout
9-10	0 categories flagged	No detectable patterns, distinct voice, could not be flagged by a reader

Target: Score 7+ before publishing. Score 5-6 is acceptable for internal drafts. Below 5 needs another rewrite pass. A single HIGH flag caps the score at 6 regardless of other factors.

Stage 2: Rewrite

Fix only flagged sections. Preserve everything else verbatim.

Editing Rules

Rule 0: Do not add ideas. Subtraction and restructuring only. If the author didn’t say it, don’t introduce it.

Rule 1: Cut first. Most AI text is 20-40% longer than needed. Removing padding, filler transitions, and summary paragraphs is the highest-leverage edit. If cutting a sentence loses no meaning, cut it.

Rule 2: Reclaim author phrasing. If the original draft had a rougher but more genuine phrase, prefer it. The AI “improved” it by making it generic.

Rule 3: Break structural patterns. If three consecutive paragraphs follow the same shape, restructure one. Make a paragraph a single sentence. Let another run long.

Rule 4: Flag missing anchors. If a paragraph has no concrete detail (number, tool, date, name), flag it for the author to fix. Do not fabricate specifics, only the author has lived experience to draw from.

Rule 5: Vary rhythm. Short sentence. Then a longer one that takes its time. Fragment. Back to medium.

Rule 6: Simplify verbs. “Serves as” becomes “is.” “Stands as” becomes “is.” Use simple copulas.

Rule 7: Contractions are natural. “It’s” not “It is.” “Don’t” not “Do not.” Unless formality is specifically required.

Rule 8: Kill the ending. If the last paragraph is a summary, delete it. End on the last point that adds information.

Voice Profile Integration

When a persona file is provided, calibrate rewrites to match the author’s documented voice.

Read the persona - Extract sentence patterns, vocabulary, punctuation habits, tone markers
Identify signatures - What makes this author recognizable? Comma-connected thoughts? Programming metaphors? Trailing endings?
Apply during rewrite - Match the author’s patterns, not generic “human” patterns
Preserve looseness - If the voice is informal and unpolished, don’t tighten. The looseness is the voice.

If no persona provided, apply general human-voice heuristics without author-specific calibration.

What the Author Brings

These are things no detection tool can supply - only the author has them:

Opinions - React to facts. “I genuinely don’t know how to feel about this” signals a real person thinking.
Lived-experience details - Specific tools, dates, numbers, project names from memory. Not “many organizations” but “the team I was on in 2023.”
Uncertainty acknowledged honestly - “I can’t verify this works at scale” beats false confidence.
Mixed feelings - Real humans have them. “This is impressive but also kind of unsettling” beats simple praise or criticism.
Unresolved thoughts - Not every paragraph needs a clean conclusion. Let a thought trail off if it’s genuinely unresolved.

When flagging missing anchors (Rule 4), prompt the author for these. The rewrite can remove AI patterns, but only the author can inject the signal that makes prose recognizably theirs.

What NOT to Do

Don’t	Why
Rewrite unflagged sections	Introduces new mechanical patterns
Add content	You’re an editor, not a writer
Over-correct into “quirky”	Forced imperfection is as detectable as AI smoothness
Remove all structure	Break patterns, don’t eliminate organization
Add slang unless voice is genuinely informal	Unnatural informality is a tell too
Touch technical content	Facts, code, specs: leave alone

Stage 3: Verify

After rewriting, validate the output.

Checks

Re-score - Run detection on rewritten text. Score should improve by at least 2 points.
Two-pass audit - Ask: “What still makes this obviously AI-generated?” Answer honestly, then fix the remaining tells. This meta-cognitive step catches patterns that category-by-category detection misses.
Read-aloud test - The primary check for conversational registers. Read the text out loud (or simulate it). For each sentence, ask: “Would the author say this exact phrase to a colleague?” Not the idea – the exact words. “Persistent memory across interactions” fails. “Remembering things between conversations” passes. If the register is conversational and a sentence sounds like a textbook, a slide deck, or a product brief, it’s still a tell. For technical or formal registers, the bar is different: precision matters more than conversational flow.
Meaning preservation - Every claim in the original survives in the output.
Length check - Output should be shorter than input (typically 10-30% shorter). Longer means something went wrong.

Examples

Example 1: Blog Post Opening

Input:

In today's rapidly evolving tech landscape, developers are increasingly
leveraging AI tools to streamline their workflows. It's worth noting that
while these tools offer comprehensive capabilities, they may not always
align with individual coding styles. In this article, we'll delve into
practical strategies for maintaining your unique voice while utilizing
AI assistance effectively.

Detection: Score 2/10. Eight Category 1 flags (vocabulary), plus structural tells (colon pattern, hedging, no contractions).

Output:

I've been using AI tools for most of my writing this past year. They're
fast. They're also making everything sound the same. Grammar gets better,
sure, but my posts read like a committee wrote them.

Score: 2/10 8/10. Shorter. Specific. Has a voice.

Example 2: Technical Paragraph

Input:

When implementing microservices architecture, it is essential to consider
several key factors. First, service boundaries should be carefully defined
to ensure proper separation of concerns. Second, inter-service communication
patterns must be robust and resilient. Third, monitoring and observability
should be comprehensive to facilitate troubleshooting.

Detection: Score 3/10. “Robust,” “comprehensive,” list-of-3 structure, no contractions, no concrete detail.

Output (with persona):

Microservices get messy at the boundaries. Where one service ends and
another begins, that's where most teams burn months. We got this wrong
twice before settling on domain events as the contract. Monitoring matters
too, but get the boundaries right first.

Score: 3/10 8/10. Concrete experience, opinionated, uneven structure.

Example 3: Register Mismatch (Same Content, Different Registers)

The same AI-generated sentence rewritten for three registers. Category 12 fires differently in each.

AI output:

The framework natively supports persistent memory across interactions,
enabling seamless context retention for multi-session workflows.

Conversational register (social post, casual writing):

Category 12 flags: “natively supports” (textbook), “persistent memory across interactions” (compound nominal + textbook), “enabling seamless context retention” (nominalized verb + textbook), “multi-session workflows” (category language).

It remembers things between conversations out of the box, so you don't
start from scratch every time.

Dev-to-dev register (PR description, issue comment):

Category 12 flags: “enabling seamless context retention” (over-formal for a PR), “multi-session workflows” (category language). “Natively supports” and “persistent memory” are acceptable dev shorthand.

The framework supports persistent memory across sessions -- context
carries over without extra config.

Technical register (architecture doc, RFC):

Category 12: no flags. All terms are appropriate for the register.

The framework natively supports persistent memory across interactions,
enabling context retention for multi-session workflows.

Only “seamless” was cut – it’s Category 8 (precise-sounding vagueness), not register mismatch.

Voice Profile: Building One

When running mode=profile, provide 5-10 samples of writing you’re satisfied with. The system extracts:

Dimension	What It Captures
Sentence patterns	Average length, variance, fragment frequency
Vocabulary	Words you use naturally, words you never use
Punctuation	Comma habits, dash usage, parenthetical frequency
Paragraph shape	Length range, length variance
Openings	How you start paragraphs and pieces
Closings	How you end: trailing thoughts, abrupt stops, questions
Tone markers	Formality level, humor, directness
Contractions	Frequency and which ones
Specificity	How concrete your references are

The profile becomes a calibration reference that detection and rewrite stages use to target your voice, not generic “human.”

Persona files vs voice profiles: A persona file (e.g., my-persona.md) is an external document that describes how an author writes, used during generation. A voice profile is extracted by this command from writing samples, used during detection and rewrite. They complement each other: persona drives generation, profile calibrates the quality gate.

Precedence: Project style rules (voice-guidelines.md, CLAUDE.md) override voice profile defaults, which override generic heuristics. When conflicts arise, project rules win.

Anti-Patterns

Anti-Pattern	Problem	Do Instead
Humanizing without a persona	Generic-minus-tells, not human writing	Generate with persona first, then voice-review
Rewriting everything	New mechanical patterns	Fix only flagged sections
Forcing quirky fragments	Detectable as fake-casual	Imperfections only where natural
Removing all structure	Unreadable	Break patterns, keep organization
Single-pass detect+fix	No visibility into changes	Separate the stages
Ignoring author voice	Generic “human” isn’t specific enough	Use persona when available
Over-shortening	Losing meaning	Cut padding, keep substance
Fixing subtle tells first	Low impact	Fix HIGH severity first

/pb-think - General thinking toolkit; use mode=refine for output refinement
/pb-review-docs - Documentation quality review (structural, not voice)
/pb-documentation - Writing engineering documentation
/pb-design-rules - Clarity over cleverness applies to prose
/pb-preamble - Honest, direct communication philosophy

The tool removes tells. The author adds truth. Persona drives voice. pb-voice is the safety net.

Release to Production

Orchestrate a production release: readiness gate, version management, deployment trigger, and verification. This is the central command for shipping releases.

Mindset: This command embodies /pb-preamble thinking (challenge readiness assumptions, surface risks directly) and /pb-design-rules thinking (verify Robustness, verify Clarity, ensure systems fail loudly not silently).

Don’t hide issues to seem “ready.” Surface risks directly. A delayed release beats a broken release.

Resource Hint: sonnet - release orchestration, versioning, and tagging

When to Use This Command

Shipping a versioned release (vX.Y.Z)
After /pb-ship completes review phases
Production deployment with full ceremony
Hotfix releases (streamlined path available)

Release Flow Overview

Phase 1: READINESS GATE          Phase 2: VERSION & TAG         Phase 3: DEPLOY & VERIFY
│                                │                              │
├─ Code quality verified         ├─ Version bumped              ├─ /pb-deployment
│  (via /pb-review-hygiene)      │                              │  (execute deployment)
│                                ├─ CHANGELOG updated           │
├─ CI passing                    │                              ├─ Health check
│                                ├─ Git tag created             │
├─ Security reviewed             │                              ├─ Smoke tests
│  (via /pb-security)            ├─ GitHub release created      │
│                                │                              ├─ Monitor metrics
├─ Tests adequate                │                              │
│  (via /pb-review-tests)        │                              └─ Release summary
│                                │
├─ Docs accurate                 │
│  (via /pb-review-docs)         │
│                                │
└─ Senior sign-off               │
   (final gate)                  │

Phase 1: Readiness Gate

Verify the codebase is release-ready. This absorbs what was previously /pb-review-prerelease.

Step 1.1: Quality Gates

# Run all quality checks
make lint        # Linting passes
make typecheck   # Type checking passes
make test        # All tests pass

All gates must pass. No exceptions.

Step 1.2: CI Verification

# Check CI status on main/release branch
gh run list --limit 3
gh run view [RUN_ID]

# All checks must be green
gh pr checks [PR_NUMBER]  # If PR-based release

Checklist:

CI pipeline passing
All required checks green
No flaky test failures (investigate if any)

Step 1.3: Release Readiness Checklist

Review with senior engineer perspective:

Code Quality:

No debug code (console.log, print statements)
No commented-out code
No hardcoded secrets or credentials
No TODO/FIXME for critical items
Code patterns consistent
No unnecessary complexity

Security:

No secrets in code (environment variables used)
Input validation at system boundaries
SQL queries parameterized
Dependencies scanned for vulnerabilities
Auth/authz properly implemented

Testing:

Critical paths have test coverage
Edge cases tested
No flaky tests
Integration tests for key flows

Documentation:

README accurate (installation, usage)
API docs updated (if applicable)
Migration guide updated (if breaking changes)

Infrastructure:

Docker images use specific versions (not latest)
Health checks configured
Rollback plan documented and tested

Step 1.4: Final Sign-off

## Release Readiness Sign-off

**Version:** vX.Y.Z
**Date:** YYYY-MM-DD
**Engineer:** [name]

### Verification
- [ ] Quality gates pass
- [ ] CI green
- [ ] Code quality reviewed
- [ ] Security reviewed
- [ ] Tests adequate
- [ ] Docs accurate
- [ ] Rollback plan ready

### Known Issues (if any)
- [Issue description] - [Severity] - [Mitigation]

### Decision: GO / NO-GO

Signed: _______________

If NO-GO: Document blockers, return to development, re-run /pb-cycle.

Phase 2: Version & Tag

Step 2.1: Verify CHANGELOG

# Check CHANGELOG has entry for this version
grep -E "## \[v?X\.Y\.Z\]" CHANGELOG.md

# Verify entry has required sections
# - Added, Changed, Fixed, Removed (as applicable)
# - Date
# - Version links at bottom

CHANGELOG checklist:

Version entry exists with date
All changes documented
Version links added at bottom
Format follows Keep a Changelog

Step 2.2: Bump Version (If Not Already)

Version bump heuristic: LOC is a starting signal, not a decision rule.

Signal	Suggests	Override when…
< 50 LOC, no new behavior	Patch (X.Y.Z)	Security fix changes API behavior → minor or major
>= 50 LOC or new behavior	Minor (X.Y.0)	Only internal refactor → patch
Breaking API/behavior change	Major (X.0.0)	Always major, regardless of LOC

Security fixes, API contract changes, and behavioral changes override the LOC heuristic. When in doubt, ask: “Would an existing consumer need to change anything?” If yes, it’s at least minor.

# Update version in package files
# Node.js
npm version X.Y.Z --no-git-tag-version

# Python (pyproject.toml)
# Edit version = "X.Y.Z"

# Go (typically no version file)
# Update in relevant constants if needed

Step 2.3: Create Git Tag

# Ensure on main branch with latest
git checkout main
git pull origin main

# Verify clean state
git status  # Should be clean

# Create annotated tag
git tag -a vX.Y.Z -m "vX.Y.Z - Brief description"

# Push tag
git push origin vX.Y.Z

Step 2.4: Create GitHub Release

# Create release with notes from CHANGELOG
gh release create vX.Y.Z \
  --title "vX.Y.Z - Release Title" \
  --notes "$(cat <<'EOF'
## What's New

[Copy from CHANGELOG or write summary]

## Highlights
- [Key feature/fix 1]
- [Key feature/fix 2]

## Full Changelog
See [CHANGELOG.md](./CHANGELOG.md) for complete details.
EOF
)"

Phase 3: Deploy & Verify

Step 3.1: Execute Deployment

Run /pb-deployment for the full deployment workflow:

# Or if using make target
make deploy ENV=production

# Or trigger CI/CD deployment
# (push tag may auto-trigger in some setups)

Follow /pb-deployment phases:

Discovery (identify deployment method)
Pre-flight (verify readiness)
Execute (run deployment)
Verify (health checks, smoke tests)
Finalize or rollback

Step 3.2: Post-Deployment Verification

# Health check
curl -s [PROD_URL]/health | jq

# Smoke test critical flows
# [Project-specific verification]

# Check error metrics
# [Monitoring dashboard]

# Review logs
# [Log aggregator]

Verification checklist:

Health endpoint returns OK
Critical user flows work
No new errors in logs
Metrics look normal
Alerts are quiet

Step 3.3: Monitor Period

Stay alert for 30-60 minutes post-deploy:

Watch error rates
Monitor latency
Check resource usage
Be ready to rollback

Step 3.4: Release Summary

## Release Summary

**Version:** vX.Y.Z
**Released:** YYYY-MM-DD HH:MM
**Tag:** [link to tag]
**Release:** [link to GitHub release]

### What Shipped
- [Feature/fix 1]
- [Feature/fix 2]

### Verification
- Health check: PASS
- Smoke tests: PASS
- Monitoring: NOMINAL

### Post-Release
- [ ] Monitor for 24h
- [ ] Close related issues
- [ ] Update project board
- [ ] Announce (if applicable)

Hotfix Release (Streamlined)

For urgent fixes that don’t warrant full ceremony:

# 1. Quick quality check
make lint && make test

# 2. Verify CI passes
gh run list --limit 1

# 3. Fast version bump
git tag -a vX.Y.Z -m "Hotfix: [description]"
git push origin vX.Y.Z

# 4. Deploy immediately
make deploy ENV=production

# 5. Verify
curl -s [PROD_URL]/health | jq

# 6. Document
echo "[$(date)] HOTFIX vX.Y.Z - [description]" >> CHANGELOG.md

Hotfix rules:

Still requires passing tests
Still requires CI green
Streamlined review (skip full /pb-review-* suite)
Must document in CHANGELOG after the fact
Schedule full review for next regular release

Rollback

If release verification fails:

# Immediate rollback via /pb-deployment
kubectl rollout undo deployment/[app-name]
# or
make rollback

# Verify rollback
curl -s [PROD_URL]/health | jq

# Notify team
echo "⚠️ Release vX.Y.Z rolled back - investigating"

# Document
# Add to incident log or CHANGELOG

After rollback:

Run /pb-incident if user impact
Investigate root cause
Fix issue
Re-run release process

Release Checklist Summary

PHASE 1: READINESS GATE
[ ] Quality gates pass (lint, typecheck, test)
[ ] CI green
[ ] Code quality verified
[ ] Security reviewed
[ ] Tests adequate
[ ] Docs accurate
[ ] Senior sign-off: GO

PHASE 2: VERSION & TAG
[ ] CHANGELOG updated with version entry
[ ] Version bumped in package files
[ ] Git tag created (vX.Y.Z)
[ ] GitHub release created

PHASE 3: DEPLOY & VERIFY
[ ] Deployment executed (/pb-deployment)
[ ] Health check passing
[ ] Smoke tests passing
[ ] Metrics normal
[ ] Monitor period complete
[ ] Release summary documented

Integration with Playbook

Part of shipping workflow:

/pb-start → /pb-cycle → /pb-ship → /pb-release → /pb-deployment
                                        │              │
                                   (orchestrator)  (executor)

This command orchestrates:

Readiness verification (absorbs former pb-review-prerelease)
Version management
/pb-deployment trigger

/pb-deployment - Execute deployment to target environments
/pb-ship - Full review workflow before release
/pb-pr - Create pull requests for release branches
/pb-review-hygiene - Comprehensive project health review

Release with confidence. Verify thoroughly. Rollback without hesitation.

Deploy to Environment

Execute deployment to target environment with surgical precision. This command guides you through discovery, pre-flight checks, execution, and verification.

For deployment strategy reference (blue-green, canary, rolling, feature flags), see /pb-patterns-deployment.

Mindset: Deployments are controlled risk. Use /pb-preamble thinking: challenge readiness assumptions, surface risks before deploying. Use /pb-design-rules thinking: prefer Simplicity (don’t over-engineer deployment), ensure Robustness (have rollback ready), maintain Clarity (know exactly what’s deploying).

Resource Hint: sonnet - deployment execution and verification

When to Use This Command

Deploying code changes to any environment (staging, production)
After /pb-release triggers deployment
Manual deployment outside release flow
Rollback execution

Phase 1: Discovery

Identify your project’s deployment infrastructure.

Step 1.1: Detect Deployment Method

# Check for common deployment patterns
ls -la Makefile 2>/dev/null && grep -E "deploy|release" Makefile
ls -la package.json 2>/dev/null && grep -E "deploy" package.json
ls -la .github/workflows/*.yml 2>/dev/null
ls -la docker-compose*.yml 2>/dev/null
ls -la Dockerfile 2>/dev/null
ls -la k8s/ kubernetes/ deploy/ 2>/dev/null

Step 1.2: Identify Deployment Target

Infrastructure	Indicators	Typical Command
Makefile	`make deploy` target	`make deploy`
Docker Compose	`docker-compose.yml`	`docker-compose up -d`
Kubernetes	`k8s/`, `kubectl`	`kubectl apply -f`
Serverless	`serverless.yml`	`serverless deploy`
Platform	Vercel, Netlify, Fly.io	`vercel --prod`, `flyctl deploy`
SSH/rsync	Deploy scripts	`./scripts/deploy.sh`
CI/CD only	GitHub Actions, GitLab CI	Push to trigger

Step 1.3: Document Deployment Flow

## Deployment Configuration

**Target:** [staging/production]
**Method:** [Makefile/Docker/K8s/Platform/CI]
**Command:** [exact deployment command]
**Rollback:** [rollback command or procedure]
**Health Check:** [health check URL or command]
**Estimated Duration:** [time estimate]

Phase 2: Pre-flight Checks

Verify everything is ready before deploying.

Step 2.1: Branch & Code State

# Verify on correct branch
git branch --show-current

# Verify branch is clean
git status

# Verify up to date with remote
git fetch origin
git log --oneline HEAD..origin/main  # Should be empty or intentional

# Verify what's being deployed
git log --oneline origin/main..HEAD  # Your changes

Checklist:

On correct branch (main for prod, feature for staging)
Working tree clean (no uncommitted changes)
Branch up to date with remote
Know exactly what commits are deploying

Step 2.2: CI/CD Status

# Check CI status
gh run list --limit 3
gh run view [RUN_ID]

# If PR exists, check PR status
gh pr checks [PR_NUMBER]

Checklist:

CI pipeline passing
All required checks green
No failing tests

Step 2.3: Environment Readiness

# Check target environment is reachable
curl -s [TARGET_URL]/health | jq

# Check dependencies are up
# (database, cache, external services)

# Verify secrets/config are in place
# (environment-specific checks)

Checklist:

Target environment reachable
Dependencies healthy
Configuration/secrets ready
Rollback plan confirmed

Step 2.4: Pre-flight Summary

## Pre-flight Status

**Deploying:** [commit hash] - [commit message]
**To:** [environment]
**CI:** PASS
**Environment:** READY
**Rollback:** [command/procedure documented]

**GO / NO-GO:** ___

Phase 3: Execute Deployment

Step 3.1: Notify (If Team Process)

# Slack/Discord notification (if applicable)
echo "🚀 Deploying [version] to [environment] - [your name]"

Step 3.2: Run Deployment

Execute the deployment command identified in Discovery:

# Example patterns (use your project's actual command)

# Makefile
make deploy ENV=production

# Docker Compose
docker-compose -f docker-compose.prod.yml up -d --build

# Kubernetes
kubectl apply -f k8s/
kubectl rollout status deployment/[app-name]

# Platform (Fly.io example)
flyctl deploy --app [app-name]

# SSH/Script
./scripts/deploy.sh production

Step 3.3: Monitor Deployment Progress

# Watch deployment status (K8s example)
kubectl rollout status deployment/[app-name] --timeout=5m

# Watch logs during deployment
kubectl logs -f deployment/[app-name] --tail=50

# Or platform-specific
flyctl logs --app [app-name]

During deployment, watch for:

Deployment command completes without error
New instances starting
Health checks passing
No crash loops

Phase 4: Verify Deployment

Step 4.1: Health Check

# Hit health endpoint
curl -s [PROD_URL]/health | jq

# Expected: {"status": "ok"} or similar

Step 4.2: Smoke Test Critical Paths

# Test authentication (if applicable)
curl -s -X POST [PROD_URL]/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email":"test@example.com","password":"..."}' | jq

# Test core API endpoint
curl -s [PROD_URL]/api/[core-endpoint] | jq

# Test frontend loads (if applicable)
curl -s -o /dev/null -w "%{http_code}" [PROD_URL]

Smoke test checklist:

Health endpoint returns OK
Authentication works
Core API endpoints respond
Frontend loads (if applicable)
No errors in logs

Step 4.3: Monitor Metrics

# Check error rates (tool-specific)
# Datadog, Grafana, CloudWatch, etc.

# Check recent logs for errors
kubectl logs deployment/[app-name] --tail=100 | grep -i error

# Check resource usage
kubectl top pods

Metrics checklist:

Error rate normal (not spiking)
Latency normal (not degraded)
Resource usage normal
No new errors in logs

Phase 5: Finalize or Rollback

If Verification Passes: Finalize

# Update deployment log (if maintained)
echo "[$(date)] Deployed [version] to [env] - SUCCESS" >> deployments.log

# Notify team
echo "✅ Deployment complete: [version] to [environment]"

# Tag deployment (optional)
git tag -a deploy-[env]-$(date +%Y%m%d-%H%M) -m "Deployed to [env]"

If Verification Fails: Rollback

Immediate rollback triggers:

Health check failing
Error rate spike (>5% increase)
Critical user flows broken
Crash loops detected

# Rollback commands by platform

# Kubernetes
kubectl rollout undo deployment/[app-name]
kubectl rollout status deployment/[app-name]

# Docker Compose (restore previous image)
docker-compose -f docker-compose.prod.yml up -d [previous-image]

# Platform (Fly.io)
flyctl releases list --app [app-name]
flyctl deploy --image [previous-image]

# Makefile (if rollback target exists)
make rollback

# Manual: redeploy previous version
git checkout [previous-commit]
make deploy

After rollback:

Verify rollback successful (health check)
Notify team of rollback
Investigate root cause
Document in incident log
Run /pb-incident if production impact

Deployment Checklist Summary

PHASE 1: DISCOVERY
[ ] Deployment method identified
[ ] Deployment command documented
[ ] Rollback procedure documented

PHASE 2: PRE-FLIGHT
[ ] Correct branch, clean state
[ ] CI passing
[ ] Environment ready
[ ] GO decision made

PHASE 3: EXECUTE
[ ] Team notified (if applicable)
[ ] Deployment command run
[ ] Deployment completed without error

PHASE 4: VERIFY
[ ] Health check passing
[ ] Smoke tests passing
[ ] Metrics normal
[ ] No new errors

PHASE 5: FINALIZE
[ ] Deployment logged
[ ] Team notified of success
[ ] OR rollback executed if issues

Quick Reference

Action	Command Pattern
Check CI	`gh run list --limit 3`
Health check	`curl -s [URL]/health \| jq`
Watch logs	`kubectl logs -f deployment/[app]`
Rollback (K8s)	`kubectl rollout undo deployment/[app]`
Check metrics	Platform-specific dashboard

Integration with Playbook

Part of release workflow:

/pb-release - Orchestrates release (triggers this command)
/pb-patterns-deployment - Strategy reference (blue-green, canary, etc.)
/pb-incident - If deployment causes issues

Related commands:

/pb-observability - Monitoring setup
/pb-hardening - Infrastructure security
/pb-secrets - Secrets management
/pb-database-ops - Database migrations
/pb-dr - Disaster recovery

/pb-release - Orchestrate versioned releases to production
/pb-patterns-deployment - Deployment strategy reference (blue-green, canary, rolling)
/pb-alex-infra - Infrastructure resilience review (systems thinking, failure modes)
/pb-incident - Respond to production incidents caused by deployments
/pb-observability - Set up monitoring and alerting for deployment verification

Deploy with confidence. Verify before celebrating. Rollback without hesitation.

Alex Chen Agent: Infrastructure & Resilience Review

Systems-level infrastructure thinking focused on resilience, degradation, and recovery. Reviews deployment, scaling, and infrastructure decisions through the lens of “everything fails-how quickly do we recover?”

Resource Hint: opus - Systems-level analysis, infrastructure trade-offs, resilience strategy.

Mindset

Apply /pb-preamble thinking: Challenge assumptions about failure modes, ask direct questions about recovery. Apply /pb-design-rules thinking: Verify resilience, verify observability, verify simplicity of deployment. This agent embodies infrastructure pragmatism.

When to Use

Infrastructure review - Terraform, Kubernetes, deployment configs
Scaling discussions - Capacity planning, load balancing, degradation modes
Resilience design - How does this system survive failures?
Monitoring strategy - Can we see what’s wrong before users report it?
Deployment confidence - Is the rollback plan tested?

Lens Mode

In lens mode, Alex asks resilience questions about whatever is being built – including developer tooling, CI pipelines, and workflow automation, not just production infrastructure. “What happens if this crashes mid-operation? Is state recoverable?” The value is the failure mode you haven’t considered.

Depth calibration: Config change: one failure mode check. New service: full resilience review. Infrastructure migration: deep analysis with rollback strategy.

Overview: Systems Thinking Philosophy

Core Principle: Everything Fails

This isn’t pessimism. It’s realism:

Networks fail (latency, dropped packets, timeouts)
Disks fail (I/O errors, full disks, corruption)
Services fail (crashes, hung processes, memory leaks)
Humans fail (misconfigurations, wrong deployments, midnight mistakes)

Excellence isn’t measured by uptime. It’s measured by recovery speed.

Excellence = Recovery Speed

When something breaks:

Can you detect it automatically? (Monitoring)
Can you recover automatically? (Redundancy, failover)
Can you recover quickly? (Deployment speed, automation)
Can you learn from it? (Logging, alerting, incident analysis)

Fast recovery beats slow prevention.

Graceful Degradation Over Perfection

When part of the system fails, the system shouldn’t crash. It should degrade:

Database slow? → Return cached data instead of failing
Payment service down? → Queue transactions for retry instead of blocking checkout
Cache unavailable? → Fetch from database (slower, but works)
Non-critical service failed? → Skip that feature, return partial response

Design for failure, not against it.

Measurement Before Optimization

Never optimize based on intuition:

“This query is probably slow” → Profile it first
“We need more servers” → Measure current utilization first
“Caching will help” → Verify cache hit rates matter first

Premature optimization wastes time. Informed optimization saves money.

Systems > Components

Infrastructure thinking is systems-level, not component-level:

Don’t optimize one service’s latency if it starves other services of database connections
Don’t add caching to one endpoint if it fills memory and crashes the process
Don’t increase timeouts on retries if it reduces overall system throughput

Understand the whole system before tuning pieces.

How Alex Reviews Infrastructure

The Approach

Failure-first analysis: Instead of checking boxes, ask: “What can go wrong here? And then what?”

For each piece of infrastructure:

What are the failure modes? (network, disk, service, human)
How is it detected? (monitoring, alerts, health checks)
What’s the recovery path? (automatic, manual, degraded)
How fast is recovery? (RTO target, measured, tested)

Then evaluate the design: Is recovery manual when it could be automatic? Is detection reactive instead of proactive? Is degradation planned or chaotic?

Review Categories

1. Failure Modes & Detection

What I’m checking:

Are failure modes documented?
Is each failure detectable?
Are alerts actionable (not noise)?
Can we detect failures before users do?

Bad pattern:

# Kubernetes Deployment - no health checks
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-server
spec:
  replicas: 3
  template:
    spec:
      containers:
      - name: api
        image: api:latest
        # No readiness/liveness probes!

Why this fails: Pod could be running but hung. Kubernetes sends traffic to dead pods. No monitoring of database connection pool.

Good pattern:

# Kubernetes Deployment with comprehensive health checks
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api-server
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  template:
    spec:
      terminationGracePeriodSeconds: 30
      containers:
      - name: api
        image: api:latest
        resources:
          requests:
            cpu: 200m
            memory: 256Mi
          limits:
            cpu: 500m
            memory: 512Mi

        # Startup probe: is service ready?
        startupProbe:
          httpGet:
            path: /health/startup
            port: 8080
          initialDelaySeconds: 5
          periodSeconds: 5
          failureThreshold: 30  # 150 seconds total

        # Readiness probe: can handle traffic?
        readinessProbe:
          httpGet:
            path: /health/ready
            port: 8080
          initialDelaySeconds: 2
          periodSeconds: 5
          failureThreshold: 2

        # Liveness probe: is it hung?
        livenessProbe:
          httpGet:
            path: /health/live
            port: 8080
          initialDelaySeconds: 15
          periodSeconds: 10
          failureThreshold: 3

        # Metrics for monitoring
        ports:
        - name: metrics
          containerPort: 9090

Why this works:

Multiple health checks catch different failure modes
Kubernetes removes unhealthy pods automatically
Gradual rollout prevents cascading failures
Resources constrained prevent resource starvation

2. Degradation & Fallbacks

What I’m checking:

When a dependency fails, does the system degrade gracefully?
Are fallbacks documented and tested?
Does degradation mode have acceptable performance?
Can users tell the system is degraded?

Bad pattern:

def get_user_recommendations(user_id):
    # Crashes if recommendation service is down
    recommendations = call_recommendation_service(user_id)
    return recommendations

Why this fails: Service outage cascades. Users get 500 errors instead of partial experience.

Good pattern:

def get_user_recommendations(user_id, cache_ttl=3600):
    """Get recommendations with graceful fallback to cache.

    Returns:
    - Fresh recommendations if service healthy
    - Cached recommendations if service fails
    - Empty list if cache empty (don't crash)
    """
    try:
        recommendations = call_recommendation_service(user_id, timeout=2)
        cache.set(f"rec:{user_id}", recommendations, ttl=cache_ttl)
        return recommendations
    except (TimeoutError, ServiceError) as e:
        logger.warning(f"Recommendation service failed for {user_id}: {e}")

        # Fallback 1: Return cached recommendations
        cached = cache.get(f"rec:{user_id}")
        if cached:
            logger.info(f"Returning cached recommendations for {user_id}")
            return cached

        # Fallback 2: Return popular items
        logger.info(f"Returning popular items for {user_id} (recommendation service down)")
        return get_popular_items()

        # We never crash; at minimum we return something useful

Why this works:

Service failure doesn’t break user experience
Degradation is intentional and monitored
Users get reduced but functional experience
System stays available during dependency outages

3. Deployment & Rollback

What I’m checking:

Is deployment automated?
Is rollback automatic or manual?
Can rollback be tested without production?
Do deployments have health checks?
Can you deploy at 3 AM?

Bad pattern:

# Manual SSH deployment
ssh prod-server
cd /app
git pull origin main
npm install
npm run build
# Hope it works!

Why this fails: Error-prone, no observability, can’t rollback quickly, humans make mistakes at 3 AM.

Good pattern:

# Automated deployment with health checks and rollback
apiVersion: v1
kind: Service
metadata:
  name: api-service
spec:
  selector:
    app: api
  ports:
  - port: 80
    targetPort: 8080
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1        # One extra pod while rolling
      maxUnavailable: 0  # Never take down pods without replacement
  selector:
    matchLabels:
      app: api
  template:
    metadata:
      labels:
        app: api
    spec:
      containers:
      - name: api
        image: api:v1.2.3  # Immutable, versioned image
        livenessProbe:
          httpGet:
            path: /health
            port: 8080
          failureThreshold: 3
          periodSeconds: 10

Why this works:

Deployment is automated (no human error)
Health checks prevent bad versions from going live
Rolling update keeps service available
Rollback is automatic if new version fails
Can deploy at any time safely

4. Observability & Alerts

What I’m checking:

Can you see system state in real-time?
Are alerts actionable?
Is alert noise manageable?
Can you debug production issues without logs?
Are SLOs defined and measured?

Bad pattern:

# Insufficient logging
def process_payment(user_id, amount):
    result = charge_card(user_id, amount)
    return result

Why this fails: If payment fails, you have no way to debug. No audit trail for compliance. Can’t measure failure rates.

Good pattern:

import logging
import time

logger = logging.getLogger(__name__)

def process_payment(user_id, amount):
    """Process payment with comprehensive observability."""
    start_time = time.time()

    logger.info(f"payment_started", extra={
        "user_id": user_id,
        "amount": amount,
    })

    try:
        result = charge_card(user_id, amount)

        duration_ms = (time.time() - start_time) * 1000
        logger.info(f"payment_succeeded", extra={
            "user_id": user_id,
            "amount": amount,
            "duration_ms": duration_ms,
            "transaction_id": result.id,
        })

        return result

    except InsufficientFundsError as e:
        logger.warning(f"payment_insufficient_funds", extra={
            "user_id": user_id,
            "amount": amount,
        })
        raise

    except CardDeclinedError as e:
        logger.warning(f"payment_declined", extra={
            "user_id": user_id,
            "amount": amount,
            "decline_code": e.code,
        })
        raise

    except Exception as e:
        duration_ms = (time.time() - start_time) * 1000
        logger.error(f"payment_failed", extra={
            "user_id": user_id,
            "amount": amount,
            "duration_ms": duration_ms,
            "error": str(e),
        }, exc_info=True)
        raise

Why this works:

Every payment is logged (audit trail)
Success and failure cases have context
Timing helps identify performance issues
Error codes enable debugging
Can measure payment success rate

5. Capacity Planning & Scaling

What I’m checking:

Are resource limits set?
Is capacity monitored?
Is scaling automatic or manual?
What happens at peak load?
What happens during cascading failures?

Bad pattern:

# No resource limits - can crash other services
apiVersion: apps/v1
kind: Deployment
metadata:
  name: memory-hog
spec:
  replicas: 1
  template:
    spec:
      containers:
      - name: app
        image: app:latest
        # No memory limit! Can consume all node memory

Why this fails: Service can consume all node memory, crashes other pods, cascades to cluster failure.

Good pattern:

# Resource limits with autoscaling
apiVersion: apps/v1
kind: Deployment
metadata:
  name: api
spec:
  replicas: 3
  template:
    spec:
      containers:
      - name: api
        image: api:latest
        resources:
          requests:
            cpu: 200m
            memory: 256Mi
          limits:
            cpu: 500m
            memory: 512Mi
---
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: api-autoscaler
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: api
  minReplicas: 3
  maxReplicas: 20
  metrics:
  - type: Resource
    resource:
      name: cpu
      target:
        type: Utilization
        averageUtilization: 70
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 80

Why this works:

Resource requests reserve capacity
Limits prevent runaway memory usage
Autoscaler adds replicas when needed
Won’t scale indefinitely (maxReplicas limit)
Other services stay healthy

Review Checklist: What I Look For

Failure Detection

Each critical component has health checks
Health checks are tested (don’t pass when broken)
Alerts are actionable (not noisy)
SLOs are measured and tracked

Graceful Degradation

Failures don’t cascade (one service down ≠ whole system down)
Fallbacks are documented and tested
Degraded mode performance is acceptable
Users are informed of degradation

Deployment Safety

Rollouts are gradual (not all-at-once)
Rollbacks are automatic (based on health checks)
Health checks are run before traffic routing
Resource limits prevent cascade failures

Observability

Every important transaction is logged
Logs include context (user_id, request_id, amount, etc.)
Performance metrics are collected
Errors include enough information to debug

Capacity

Resource limits are set (requests + limits)
Peak capacity is modeled
Autoscaling is configured with min/max bounds
Database connection pooling is configured

Recovery

RTO (recovery time objective) is defined
RPO (recovery point objective) is defined
Backups are tested regularly
Disaster recovery plan is documented

Automatic Rejection Criteria

Infrastructure that’s rejected outright:

🚫 Never:

No health checks (can’t detect failures)
No resource limits (can starve other services)
All-in-one deployment (single point of failure)
Manual recovery processes that take > 1 hour
No monitoring of critical services
Secrets in code or config files

Examples: Before & After

Example 1: Database Failover

BEFORE (Single point of failure):

# Single database - entire app down if database fails
- name: POSTGRES_URL
  value: postgres://db-prod:5432/myapp

Why this breaks: Database goes down → entire application down → no recovery.

AFTER (High availability):

# Database cluster with automatic failover
- name: POSTGRES_URL
  value: "postgresql://db-primary:5432,db-replica1:5432,db-replica2:5432/myapp?target_session_attrs=read-write"
- name: POSTGRES_POOL_SIZE
  value: "20"
- name: POSTGRES_POOL_TIMEOUT
  value: "5"  # Seconds

With cloud provider:

# AWS RDS Multi-AZ: automatic failover
aws rds create-db-instance \
  --engine postgres \
  --multi-az \
  --backup-retention-period 30 \
  --enable-cloudwatch-logs-exports postgresql

Why this works:

Replicas provide redundancy
Connection pooling prevents exhaustion
Automatic failover in seconds
Backups enable recovery

Example 2: Cascading Failure Prevention

BEFORE (Can cascade):

// If auth service is slow, entire API becomes slow
app.get('/api/users', async (req, res) => {
    const user = await authService.getUser(req.token);
    res.json(user);
});

Why this breaks: Auth service slow → API slow → client timeouts → increased load → system collapse.

AFTER (Circuit breaker pattern):

const CircuitBreaker = require('opossum');

const authBreaker = new CircuitBreaker(
    async (token) => authService.getUser(token),
    {
        timeout: 1000,  // 1 second max
        errorThresholdPercentage: 50,  // Open if 50% fail
        resetTimeout: 30000,  // Try again after 30 seconds
    }
);

authBreaker.fallback(() => ({id: null, isGuest: true}));

app.get('/api/users', async (req, res) => {
    try {
        const user = await authBreaker.fire(req.token);
        res.json(user);
    } catch (error) {
        // Timeout or circuit open - return guest or cached user
        res.json({id: null, isGuest: true});
    }
});

Why this works:

Auth service slow doesn’t block API
Circuit breaker stops hammering broken service
Fallback provides graceful degradation
System stays responsive

What Alex Is NOT

Alex review is NOT:

❌ Application performance tuning (that’s different)
❌ Microservice architecture design (partially, but different focus)
❌ A checkbox process (requires systems thinking)
❌ A substitute for actual load testing
❌ An alternative to monitoring and alerts

When to use different review:

Application performance → /pb-performance
Infrastructure code quality → /pb-hardening
System design → /pb-patterns-resilience
Operational procedures → /pb-sre-practices

/pb-deployment - Deployment execution and verification
/pb-hardening - Security hardening for infrastructure
/pb-patterns-resilience - Resilience design patterns
/pb-observability - Monitoring and observability strategy
/pb-linus-agent - Security assumptions and threat modeling (sibling persona)

Created: 2026-02-12 | Category: deployment | v2.11.0

Incident Response & Recovery

Respond to production incidents quickly and professionally. Clear process, clear communication, minimal impact.

Mindset: Incident response requires both /pb-preamble and /pb-design-rules thinking.

During response: be direct about status (preamble), challenge assumptions about root cause, surface unknowns. Design systems to fail loudly (Repair, Transparency) so incidents are visible immediately. After: conduct honest post-mortems without blame, and improve system robustness.

Resource Hint: opus - critical incident triage requires deep analysis and careful judgment

Purpose

Incidents are inevitable. What matters:

Speed: Detect and respond quickly
Clarity: Know exactly what’s happening
Communication: Keep stakeholders informed
Recovery: Get back to normal fast
Learning: Prevent repeats through post-incident review

When to Use This Command

Production incident occurring - Service degradation or outage
Alert fired - Monitoring detected anomaly
Customer-reported issue - Users experiencing problems
Post-incident - Running retrospective and writing post-mortem
Incident prep - Reviewing process before on-call rotation

Incident Severity Levels

Classify incidents to determine response urgency and escalation.

SEV-1 (Critical, Immediate Page)

User-facing service completely down
Data loss or data integrity risk
Security breach active
Major revenue impact

Response time: Immediate (< 5 minutes) Escalation: Page on-call, VP, customers Communication: Every 15 minutes Resolution target: 1-2 hours

Examples:

API servers offline, users can’t access service
Database corrupted, data cannot be retrieved
Payment processing broken, no transactions processing
Authentication system down, users locked out

SEV-2 (High, Urgent Page)

User-facing service degraded (slow, errors)
Partial functionality broken
Workaround exists but poor user experience

Response time: 15 minutes Escalation: Page on-call + relevant team lead Communication: Every 30 minutes Resolution target: 4 hours

Examples:

API responses 10x slower than normal
Search feature broken (but users can browse)
Emails not sending (but users can still order)
Mobile app crashes on one action (desktop works)

SEV-3 (Medium, No Page)

Internal system degraded
Non-critical feature broken
User workaround available
Limited customer impact

Response time: Next business day acceptable Escalation: Slack to team, create ticket Communication: Daily update Resolution target: 1-2 days

Examples:

Admin dashboard slow
Reporting system down (business can continue)
Non-critical background job failing
One endpoint timeout (alternate exists)

SEV-4 (Low, Future Fix)

Documentation issue
Minor UI bug
Development environment broken
No user-facing impact

Response time: Next sprint Escalation: Create ticket, no escalation Communication: Team awareness Resolution target: When convenient

Examples:

Typo in UI text
Help docs incorrect
Dev script broken
Console warning (no functional impact)

Incident Declaration

Who declares incidents?

Anyone can declare an incident (no permission needed)
Don’t wait for managers to approve
Better to declare and cancel than miss critical issue
When in doubt, declare

How to declare

For SEV-1/2: Declare immediately

Slack: #incidents channel
Message: "@incident-commander SEV-1: Users report 503 errors on checkout"
Include: Service affected, symptoms, your name

For SEV-3/4: Create ticket

Jira/GitHub issue with label: incident
Title: [SEV-3] Admin dashboard slow
Include: What's broken, user impact, symptoms

Incident Commander Role

Once incident declared:

Incident Commander assigned (first responder or on-call)
IC decides severity
IC starts bridge call for SEV-1/2
IC starts Slack thread tracking
IC coordinates investigation and communication

On-Call Operations

For on-call setup, scheduling, training, and rotation health, see /pb-sre-practices → On-Call Health section.

This includes:

On-call rotation structure and scheduling
PagerDuty/Opsgenie setup
On-call expectations and boundaries
Mock incident training
Preventing on-call burnout

This command focuses on incident response - what to do when an incident occurs. On-call operations (how to set up and maintain healthy rotations) are ongoing SRE practices.

Immediate Response (First 5 Minutes)

IC Quick Triage

Is it real? (5 seconds)
- Check monitoring: Is P99 latency actually up?
- Check logs: Are errors really happening?
- Avoid: Chasing false alarms from bad metrics
What’s affected? (30 seconds)
- Which services? endpoints? regions?
- How many users impacted? percentage?
- Is it spreading or stable?
What changed recently? (1 minute)
- Was there a deployment? (check git log)
- Configuration change? (check configs)
- Traffic spike? (check metrics)
- External dependency failure? (check upstreamhealth)
Initial action (2 minutes)
- If recent deployment: Consider rollback immediately
- If configuration change: Revert change
- If dependency down: Switch to failover/degraded mode
- Otherwise: Page relevant team for investigation

Initial Communication (SEV-1/2)

Send to Slack #incidents:

@channel SEV-1: Checkout failing (503 errors)

Status: Investigating
Symptoms: POST /checkout returning 503 since 14:32 UTC
Affected: ~5% of transactions
Potential causes: Database slow? Payment API down? Recent deploy?

Updates every 15 minutes in thread.

Investigation (5-30 Minutes)

Investigation Team

Incident Commander: Coordinates, owns timeline, communicates
Oncall Engineer: Investigates service, runs commands
Subject Matter Expert: Called if needed (database expert, payments, etc)

Diagnostic Checklist

☐ Check recent deployments (git log --since="10 minutes ago")
☐ Check monitoring: latency, errors, resource usage
☐ Check logs: error messages, stack traces
☐ Check external dependencies: Are they healthy?
☐ Check database: Is it responsive? Any locks?
☐ Check traffic: Is there a sudden spike?
☐ Check configuration: Any recent changes?
☐ Check disk space: Are we full? Out of inodes?

Root Cause Patterns

Deployment-related (50% of incidents)

New code has bug
Migration script failed
Configuration not deployed
Infrastructure change

Action: Rollback or hotfix

Database-related (20% of incidents)

Slow query locking table
Connection pool exhausted
Disk full
Replication lag

Action: Kill slow query, scale connections, free space

Resource exhaustion (15% of incidents)

CPU 100%
Memory full
Disk full
Network bandwidth full

Action: Identify process consuming, kill or scale

External dependency (10% of incidents)

API provider down
CDN down
Payment processor down
DNS down

Action: Use fallback, degrade gracefully, wait for recovery

Configuration (5% of incidents)

Wrong environment variables
SSL certificate expired
Feature flag stuck on/off
Rate limiting too aggressive

Action: Fix configuration, restart service

Resolution (Immediate Actions)

Recovery Strategies (In Order of Speed)

1. Rollback (Fastest, if recent deploy)

# If incident started after recent deployment
git log --oneline -5  # See recent deploys
git revert <commit-hash>  # Create revert commit
make deploy  # Deploy revert

# Rollback clears issue in minutes
# Then investigate what went wrong later

2. Kill Slow Queries (If database slow)

-- MySQL
SHOW PROCESSLIST;  -- See running queries
-- Find query taking > 30 seconds
KILL <process-id>;  -- Stop it

-- PostgreSQL
SELECT pid, query, state FROM pg_stat_activity WHERE state != 'idle';
SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE pid != pg_backend_pid() AND query_start < now() - interval '30 seconds';

3. Scale Horizontally (If resource maxed)

# If CPU/memory at 100%
kubectl scale deployment api --replicas=10  # Add more instances
# or
aws autoscaling set-desired-capacity --desired-capacity 20

# Service recovers in 30-60 seconds as new instances start

4. Degrade Gracefully (If dependency down)

If payment processor down:
- Return 503 for checkout
- Queue orders for manual processing
- Users can try again in 5 minutes

If search service down:
- Disable search feature
- Show "Search temporarily unavailable"
- Users can browse without search

If cache down:
- Route around cache
- Use slower database directly
- Accept higher latency, avoid errors

5. Feature Flag (If specific feature broken)

If checkout broken but other features OK:
- Kill checkout feature flag
- Users see "Checkout under maintenance"
- Other site functions normally
- Buy time to fix checkout

6. Configuration Fix (If config issue)

# If environment variable wrong
kubectl set env deployment api ENV_VAR=correct_value
kubectl rollout restart deployment api

# or if config file
git commit -am "fix: correct environment variable"
make deploy

Communication During Incident

Rules for Communication

Honesty: Tell truth about what’s happening
Frequency: Update every 15 min (SEV-1), 30 min (SEV-2)
Specificity: Not “we’re investigating” but “database queries slow, killing long-running query”
Clarity: Avoid technical jargon, explain impact
No blame: Never blame person, focus on recovery

Communication Template

Initial (First 2 min):

SEV-1: Checkout down - 503 errors

What: POST /checkout returning 503 errors
When: Started 14:32 UTC (5 minutes ago)
Impact: ~5% of transactions failing (~$10k/hour)
Status: Investigating root cause
ETA: 15 minutes

Update (Every 15 min during incident):

UPDATE: Found root cause

Root cause: Payment API provider rate limiting us
Evidence: Logs show 429 responses from payment processor
Action: Increasing rate limit quota with provider
ETA: 10 minutes for fix, may need 5 min for orders to catch up

Resolution (When fixed):

RESOLVED: Checkout fully functional again

Root cause: Payment processor temporary rate limiting
Fix applied: Increased our rate limit quota
Time to fix: 27 minutes (14:32 to 14:59)
Impact: ~120 failed transactions (manual processing queued)
Action: Post-incident review scheduled for tomorrow 10am

Notify Stakeholders

Immediately (if SEV-1):

#incidents Slack channel
@oncall
VP Engineering
Customer Success team

Every 15 minutes:

Post update in #incidents thread
If still ongoing, email major customers

After 1 hour (if still ongoing):

Public status page update
Email all customers
If critical, call major customers

Post-Incident Review

Timing

SEV-1: Review within 24 hours
SEV-2: Review within 3 days
SEV-3/4: Review optional, log lessons

Review Participants

Incident Commander
Responders (who worked on incident)
Service owner
One person taking notes

Review Structure (30 min meeting)

1. Timeline (5 min)

14:32 - Incident starts (checkout returns 503)
14:33 - Alert fires, IC pages on-call
14:35 - IC declares SEV-1
14:38 - Team identifies payment processor rate limiting
14:42 - Team increases rate limit quota
14:59 - Incident resolved, checkout working

2. What Went Well (5 min)

Fast detection (1 minute)
Clear communication
Quick escalation
Good teamwork

3. What Could Improve (10 min)

Didn’t have payment processor limits in runbook (add it)
Took 7 minutes to investigate (could have suspected API faster)
Didn’t have direct contact for payment processor (get it)

4. Action Items (10 min)

☐ Add payment processor limits to runbook
☐ Get direct contact info for payment processor
☐ Add payment processor rate limits to monitoring alerts
☐ Consider circuit breaker for payment API
☐ Test failover to backup payment processor

Common Incident Runbooks

Incident: Database Slow

Quick diagnosis (2 min):

-- Show slow running queries
SHOW PROCESSLIST;  -- MySQL
-- or
SELECT pid, query, query_start FROM pg_stat_activity WHERE state != 'idle' ORDER BY query_start;  -- PostgreSQL

-- Show table locks
SHOW OPEN TABLES WHERE In_use > 0;  -- MySQL

Immediate action:

Identify query taking > 30 seconds
KILL <process-id> to stop it
Service recovers immediately

Investigation:

What query was slow? (check logs)
Is it a known slow query?
Missing index?
N+1 query pattern?
Should cache this result?

Resolution:

Add index if missing
Optimize query
Add caching
Scale database vertically

Incident: API Server CPU 100%

Quick diagnosis (1 min):

# What process consuming CPU?
top -b -n 1 | head -20

# If Node/Python/Java process:
ps aux | grep node  # See how many processes

# Which endpoint consuming CPU?
curl http://localhost:9000/debug/cpu-profile  # if available

Immediate action:

Scale horizontally: Add more instances
Traffic redistributes to new instances
CPU returns to normal within 1 minute

Investigation:

What changed recently? (deployment?)
Is CPU spike legitimate?
Is there a memory leak? (check memory growing over time)
Is there a bad query? (database slow too?)
Is there infinite loop in code?

Resolution:

Optimize code (cache, fewer DB queries)
Increase instance size
Scale more instances permanently
Add monitoring for CPU spike

Incident: Payment Processor Down

Detection:

Checkout returns errors
Logs show “Connection refused” to payment processor

Immediate action:

// Pseudo-code for graceful degradation
if (paymentProcessor.unavailable) {
  queueOrderForManualProcessing(order);
  return { success: false, reason: "Processing temporarily unavailable, please try again" };
}

Communication:

Tell customers: “Orders temporarily queued, will process shortly”
Give ETA (usually 30-60 minutes for processor recovery)

Recovery:

If payment processor expected to recover soon (< 1 hour): Wait and communicate
If expected long outage (> 1 hour): Activate backup processor if available

Incident: Disk Full

Quick diagnosis (1 min):

df -h  # Show disk usage
# Look for 100% usage

du -sh /*  # Show which directory consuming space
# Usually /var/log if log files not rotated

Immediate action:

Find large log files: ls -lh /var/log/*.log
Compress old logs: gzip /var/log/old.log
Or delete if safe: rm /var/log/debug.log*
Restart service to free memory
Disk space now available

Prevention:

Enable log rotation (logrotate)
Monitor disk space
Set alerts at 80% full
Clean up old files regularly

Incident Command Bridge Setup

Before Incident: Prepare

Slack #incidents channel exists
On-call schedule configured (PagerDuty/etc)
Runbooks documented (like above)
Stakeholders know to watch #incidents
Phone bridge number available if needed

During Incident: IC Opens Bridge

1. IC posts to #incidents: "Starting investigation bridge"
2. IC starts Slack thread in #incidents
3. If SEV-1: Post phone bridge link
4. IC posts updates every 15 minutes
5. IC tracks timeline (start time, diagnosis, actions, resolution time)

Bridge Rules

One person talking at a time (IC manages)
IC asks questions, delegates tasks
Investigators report findings
No blame, focus on recovery
Keep bridge to 5 people max (core team)
Post findings in Slack thread for others to see

Escalation Paths

Who to escalate to (and when)

For database issues:

Page database on-call
5 min: If still investigating

For infrastructure issues:

Page infrastructure on-call
5 min: If still investigating

For unknown cause after 10 minutes:

Page service owner
Call VP Engineering
This means we’re stumped, need leadership

For external dependency issues:

If known contact: Call them
Otherwise: Wait or use fallback
Post-incident: Get direct contact numbers

Integration with Playbook

Part of deployment and reliability:

/pb-guide - Section 7 references incident readiness
/pb-observability - Monitoring enables incident detection
/pb-release - Release runbook includes incident contacts
/pb-adr - Architecture decisions affect failure modes

/pb-observability - Set up monitoring and alerting to detect incidents early
/pb-sre-practices - On-call health, blameless culture, toil reduction
/pb-dr - Disaster recovery planning for major incidents
/pb-logging - Logging strategy for incident investigation
/pb-maintenance - Systematic maintenance prevents incident categories (expired certs, full disks)

Incident Response Checklist

Before Incidents Happen

See /pb-sre-practices for on-call setup, rotation health, and escalation policies.

Incident commander role defined
#incidents Slack channel created
Runbooks written (database, CPU, payment, disk)
Post-incident review process defined
Monitoring configured (see /pb-observability)

During Incident

Incident declared in #incidents within 2 minutes
Severity level assigned (SEV-1/2/3/4)
IC assigned and acknowledged
Investigation started
Communications every 15 minutes
Root cause identified
Action taken to recover
Resolution time tracked

After Incident

Post-incident review scheduled (within 24 hours)
Action items identified and assigned
Runbook updated with new learnings
Monitoring improved to detect earlier
Prevention implemented if applicable
All participants thanked

Created: 2026-01-11 | Category: Deployment | Tier: S/M/L

Production Maintenance

Establish systematic maintenance patterns to prevent production incidents. This playbook provides thinking triggers for database maintenance, backup verification, health monitoring, and alerting strategy.

Mindset: Maintenance embodies /pb-design-rules thinking: Robustness (systems fail gracefully when maintenance lapses) and Transparency (make system health visible). Apply /pb-preamble thinking to challenge assumptions about what’s “good enough” maintenance.

Resource Hint: sonnet - maintenance planning and automation patterns

When to Use This Command

New production deployment - Establish maintenance patterns from day one
After incidents - Add maintenance tasks that would have prevented the incident
Quarterly reviews - Audit and update maintenance schedules
Capacity planning - Maintenance is part of resource planning
Onboarding - Help new team members understand operational patterns

Quick Reference

Tier	Frequency	Focus
Daily	Every day	Logs, backups, health checks
Weekly	Once/week	Database stats, security updates, reports
Monthly	Once/month	Deep cleans, cert audits, DR tests

Philosophy

Production systems accumulate entropy:

Databases bloat with dead data
Disks fill with logs and artifacts
Certificates expire silently
Dependencies develop vulnerabilities
Backups rot without verification

This playbook provides thinking triggers, not prescriptions. Every project has different needs - use these patterns to ask the right questions about your system.

Core Questions

Before implementing maintenance, answer:

What accumulates? (logs, dead tuples, orphan records, temp files)
What expires? (certificates, tokens, cache entries, sessions)
What drifts? (config, dependencies, schema, data integrity)
What breaks silently? (backups, health checks, alerting itself)

Maintenance Tiers

Tier	Frequency	Purpose	Questions to Ask
Daily	Every day	Prevent accumulation	What grows unbounded? What needs rotation?
Weekly	Once/week	Catch drift	What statistics go stale? What reports matter?
Monthly	Once/month	Deep clean	What requires downtime? What needs verification?

Principle: Automate aggressively, monitor passively, intervene rarely.

Database Maintenance

Questions to Ask

Does your database have automatic maintenance (autovacuum, etc.)?
Is automatic maintenance sufficient, or does your write pattern need manual intervention?
How do you detect bloat before it causes problems?
What’s your index maintenance strategy?

PostgreSQL Patterns

Task	Purpose	When to Consider
`VACUUM ANALYZE`	Mark dead tuples reusable, update stats	High-write tables, weekly minimum
`VACUUM FULL`	Reclaim disk space (requires lock)	Significant bloat, monthly or less
`REINDEX`	Rebuild bloated indexes	After bulk deletes, schema changes

Bloat detection trigger:

-- Adapt this query to your tables
SELECT relname, n_dead_tup, n_live_tup,
       round(100.0 * n_dead_tup / NULLIF(n_live_tup, 0), 2) AS dead_pct
FROM pg_stat_user_tables
WHERE n_dead_tup > 1000
ORDER BY n_dead_tup DESC;

Ask: Which tables in your system have the highest write churn?

Other Databases

MySQL: OPTIMIZE TABLE, ANALYZE TABLE, binary log purging
MongoDB: compact, index rebuilds, oplog sizing
Redis: Memory monitoring, key expiration policies
SQLite: VACUUM, ANALYZE

Ask: What’s the equivalent maintenance for your database?

Backup Strategy

See /pb-dr for comprehensive backup strategy (3-2-1 rule, retention policies, verification procedures).

Key question: When did you last verify a backup by restoring it? If the answer isn’t recent, schedule a restore test now.

Health Monitoring

Questions to Ask

What’s the minimum check that proves the system works end-to-end?
What dependencies can fail silently?
How do you know if monitoring itself is broken?

Health Check Dimensions

Dimension	What to Check
Service health	HTTP endpoints, process status
Dependencies	Database connections, cache, queues
Resources	Disk, memory, connections, file descriptors
Certificates	SSL expiry, API key rotation
Data integrity	Expected counts, orphan records

Pattern: Health checks should be cheap, fast, and actionable.

Ask: If this health check fails, what would you do about it?

Resource Monitoring

Questions to Ask

What resources can be exhausted?
What are the warning thresholds vs. critical thresholds?
Who gets alerted, and can they act on it?

Common Resources

Resource	Warning Sign	Question
Disk	>70% full	What’s growing? Logs? Data? Uploads?
Memory	Sustained >85%	Memory leak? Undersized? Cache unbounded?
Connections	>70% of pool	Connection leak? Pool too small?
File descriptors	Approaching limit	Too many open files? Socket leak?

Ask: What’s the first resource that will run out in your system?

Security Hygiene

Questions to Ask

When was the last security update applied?
What’s your certificate renewal process?
How do you detect unauthorized access attempts?
What secrets need rotation, and when?

Maintenance Dimensions

Frequency	Focus
Daily	Failed login monitoring, intrusion detection
Weekly	Security update check, audit log review
Monthly	Dependency vulnerability scan, certificate audit
Quarterly	Access review, secret rotation

Ask: What would an attacker target first in your system?

Post-Migration Verification

Critical pattern: After any migration, verify that:

Database records match reality - Rows exist, counts are correct
Generated artifacts exist - Files tracked in DB actually exist on disk
Volumes are mounted correctly - Containers can access expected paths
External dependencies are reachable - APIs, services, storage
Background jobs can run - Workers have access to everything they need

Common trap: Database migrated, but files/volumes weren’t. System looks healthy until something tries to access the missing files.

Ask: What in your system exists both in the database AND on the filesystem? Are both migrated?

Alerting Strategy

Questions to Ask

Is this alert actionable at 3 AM?
What’s the difference between “needs attention” and “wake someone up”?
How do you prevent alert fatigue?
How do you know if alerting is broken?

Alert Quality Checklist

Alert has clear remediation steps
Alert fires only when action is needed
Alert includes enough context to diagnose
Someone is responsible for responding

Pattern: If an alert fires and you snooze it, the alert is wrong.

Ask: How many alerts fired last week that required no action?

Reporting

Questions to Ask

What trends matter for capacity planning?
What would you want to know before a Monday morning?
What metrics indicate system health vs. business health?

Weekly Report Triggers

Consider including:

Resource utilization trends (not just current values)
Backup status and age
Security summary (failed attempts, updates pending)
Anything that changed unexpectedly

Ask: What would have prevented your last incident if you’d known it sooner?

Automation Principles

Script Structure Pattern

#!/bin/bash
set -e

# Configuration
APP_DIR="/opt/myapp"
LOG_FILE="/var/log/maintenance.log"

# Utility functions
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a "$LOG_FILE"; }
alert() { log "ALERT: $1"; curl -X POST "$WEBHOOK_URL" -d "text=$1" 2>/dev/null || true; }

# Task functions (idempotent, can run multiple times safely)
task_backup() { log "Running backup"; pg_dump ... }
task_health_check() { log "Health check"; curl -sf "$HEALTH_URL" || alert "Health check failed"; }
task_vacuum() { log "Running vacuum"; psql -c "VACUUM ANALYZE;" ... }
task_report() { log "Generating report"; ... }

# Main dispatch
case "${1:-daily}" in
    daily)  task_backup; task_health_check ;;
    weekly) task_vacuum; task_report ;;
esac

Principles

Idempotent: Safe to run multiple times
Logged: Know when it ran and what happened
Alerting: Fail loudly, not silently
Documented: Future you will forget why

Ask: Can you run this script twice safely?

Cron Scheduling

Pattern

Time	Task	Rationale
Low traffic window	Daily maintenance	Minimize impact
After daily completes	Weekly maintenance	Build on daily
After weekly pattern	Monthly maintenance	Least frequent last

Checklist

Absolute paths (cron has minimal PATH)
Output redirected to logs
Wrapper scripts for complex jobs
Tested manually before scheduling

Ask: What happens if the cron job fails silently?

Getting Started Checklist

Use this to audit your current maintenance:

Database: Do you have scheduled maintenance? Is it sufficient?
Backups: When did you last test a restore?
Health: What’s your minimum end-to-end health check?
Resources: What will run out first? How will you know?
Security: When was the last security update?
Certificates: When do they expire? Who gets notified?
Alerts: Are they actionable? Is there fatigue?
Reports: What trends should you be watching?

Red Flags

Signs your maintenance needs attention:

“We’ll deal with it when it becomes a problem”
“The backup runs, but we’ve never tested restore”
“Alerts fire so often we ignore them”
“Disk filled up and we had to emergency clean”
“We found out the certificate expired from users”
“After migration, we discovered files were missing”

Summary

Maintenance is prevention. The goal isn’t to have impressive automation - it’s to avoid 3 AM incidents.

Ask yourself:

What can fail silently in my system?
What would I want to know before it becomes urgent?
What did the last incident teach me about what to maintain?

Then automate the answers.

/pb-observability - Monitoring detects; maintenance prevents
/pb-sre-practices - Toil reduction and operational health
/pb-incident - Good maintenance reduces incident frequency
/pb-dr - Disaster recovery (backups are foundation)
/pb-server-hygiene - Periodic server health and hygiene review

Good maintenance is invisible. You only notice its absence.

SRE Practices

Build sustainable, reliable operations through toil reduction, error budgets, and healthy on-call practices. This command focuses on prevention and culture-complementing /pb-incident (response) and /pb-observability (monitoring).

Mindset: SRE practices embody /pb-preamble thinking: blameless culture, honest assessment of reliability, and challenging “we’ve always done it this way.” Apply /pb-design-rules thinking: Robustness (systems should handle failure gracefully) and Transparency (make operational health visible).

Reliability is a feature. Invest in it deliberately, not reactively.

Resource Hint: opus - SRE strategy requires architectural thinking and reliability trade-off analysis

When to Use This Command

Reducing toil - Automating repetitive operational tasks
Setting SLOs - Defining reliability targets and error budgets
On-call review - Improving rotation health and reducing burnout
Capacity planning - Preventing resource exhaustion
Building SRE culture - Establishing sustainable operations practices

Quick Reference

Practice	Purpose	Frequency
Toil reduction	Eliminate repetitive manual work	Ongoing
Error budgets	Balance reliability vs velocity	Per release
Capacity planning	Prevent resource exhaustion	Quarterly
Service ownership	Clear accountability	Always
On-call health	Sustainable rotations	Weekly review

Toil Identification & Reduction

What Is Toil?

Toil is work that is:

Manual - Requires human intervention
Repetitive - Done over and over
Automatable - Could be scripted or eliminated
Reactive - Triggered by events, not planned
No enduring value - Doesn’t improve the system

Examples of toil:

Manually restarting crashed services
Responding to the same alert repeatedly
Manual deployment steps
Copying data between systems
Responding to routine access requests

Not toil:

On-call incident response (unavoidable, requires judgment)
Postmortems (creates enduring improvement)
System design (creates lasting value)

Toil Tracking

Track toil to understand where to invest automation.

Toil log template:

Date	Task	Time Spent	Frequency	Automatable?	Priority
2026-01-20	Restart API pod after OOM	15min	2x/week	Yes	High
2026-01-20	Generate weekly report	30min	Weekly	Yes	Medium
2026-01-20	Provision dev environment	1hr	3x/month	Yes	High

Metrics to track:

Total toil hours per week
Toil as percentage of engineering time (target: < 50%)
Top 5 toil sources
Toil reduction over time

Toil Budget

Rule: Keep toil below 50% of on-call/operations time.

If toil > 50%:
  → Stop new feature work
  → Focus on automation until toil < 50%
  → This is not optional

Why 50%? Engineers need time for:

Improving systems (not just keeping them running)
Learning and growth
Sustainable pace

Prioritizing Automation

Criteria	Weight
Frequency (how often)	High
Time per occurrence	High
Error-prone when manual	High
Blocks other work	Medium
Causes context switching	Medium

Automation ROI formula:

Hours saved = (frequency × time per occurrence × weeks) - automation time
If hours saved > 0 in reasonable timeframe → automate

Quick wins first: Start with high-frequency, low-complexity tasks.

Error Budget Policies

Error budgets translate SLO targets into actionable decisions. For SLO definition, see /pb-observability.

Understanding Error Budgets

If your SLO is 99.9% availability (43 minutes downtime/month):

Error budget = 43 minutes of allowed downtime
Budget consumed = actual downtime this month
Budget remaining = what you can “spend” on risky changes

SLO: 99.9% availability
Monthly error budget: 43 minutes

Week 1: 10 min downtime → 33 min remaining (77% left)
Week 2: 5 min downtime → 28 min remaining (65% left)
Week 3: 20 min downtime → 8 min remaining (19% left)
Week 4: SLOW DOWN - limited budget for risky deploys

Error Budget Policy

When budget is healthy (> 50% remaining):

Deploy new features freely
Take calculated risks
Experiment with new technologies

When budget is concerning (25-50% remaining):

Increase review rigor for changes
Prioritize reliability fixes
Reduce deployment frequency
Add more testing before deploy

When budget is critical (< 25% remaining):

Freeze non-critical deployments
Focus exclusively on reliability
Postmortem recent incidents
Delay feature work until budget recovers

When budget is exhausted (0% remaining):

Emergency mode: reliability only
No new features until SLO is met
All hands on reliability improvement
Stakeholder communication required

Negotiating with Product

Error budgets create healthy tension between reliability and velocity.

Conversation framework:

Product: "We need to ship feature X this week"

SRE: "Our error budget is at 15%. If we deploy and cause an outage,
      we'll miss our SLO commitment.

      Options:
      1. Wait until budget recovers (2 weeks)
      2. Deploy with extra safeguards (canary, feature flag)
      3. Accept SLO miss and communicate to customers

      Which tradeoff works for the business?"

Document the decision. If product chooses to spend budget, that’s a valid business decision-but make it explicit.

Capacity Planning

Prevent resource exhaustion before it becomes an incident.

Capacity Metrics

Track these for critical services:

Metric	Warning	Critical	Action
CPU utilization	> 60% sustained	> 80%	Scale up
Memory utilization	> 70% sustained	> 85%	Scale up or optimize
Disk usage	> 70%	> 85%	Expand or clean
Database connections	> 70% of pool	> 85%	Increase pool or optimize
Request latency	P99 > 2x baseline	P99 > 5x	Investigate

Forecasting Load

Simple linear projection:

Current: 1000 requests/sec
Growth rate: 10% month-over-month
Capacity limit: 2000 requests/sec

Months until capacity:
  1000 × 1.1^n = 2000
  n ≈ 7 months

Action: Plan capacity increase by month 5

Consider:

Organic growth (user base)
Seasonal patterns (holidays, events)
Marketing campaigns
New feature launches

Capacity Planning Cadence

Quarterly:

Review current utilization
Update growth projections
Plan infrastructure changes for next quarter

Before major launches:

Load testing at 2x expected traffic
Pre-scale infrastructure
Define rollback triggers

Template: Quarterly Capacity Review

## Q1 2026 Capacity Review

### Current State
- API servers: 8 instances, 45% avg CPU
- Database: 16GB RAM, 60% utilized
- Storage: 500GB, 55% used

### Growth Since Last Quarter
- Traffic: +15%
- Storage: +20%
- Users: +12%

### Projections for Q2
- Expected traffic: +15% (based on trend)
- Storage needs: +100GB (based on data growth)
- No CPU concerns (headroom sufficient)

### Actions
- [ ] Increase storage allocation by 200GB (buffer)
- [ ] Monitor database memory (approaching threshold)
- [ ] No immediate scaling needed for compute

Service Ownership Model

Clear ownership prevents “that’s not my job” failures.

What Owners Are Responsible For

Service owners must:

Maintain SLO compliance
Respond to pages for their service
Document runbooks and architecture
Plan capacity for their service
Perform regular dependency audits
Conduct postmortems for incidents

Ownership Documentation

Every service needs:

## Service: Payment Processing

### Owner
- Team: Payments
- Primary contact: @payments-oncall
- Escalation: @payments-lead

### SLOs
- Availability: 99.95%
- Latency P99: < 500ms
- Error rate: < 0.1%

### Dependencies
- Database: PostgreSQL (owned by Data Platform)
- Queue: Redis (owned by Platform)
- External: Stripe API

### Runbooks
- [Payment processing failures](link)
- [High latency investigation](link)
- [Database connection issues](link)

### On-Call
- Rotation: Weekly, Monday handoff
- Contact: PagerDuty "payments" service

Handoff Protocol

When ownership changes (reorg, team changes):

Documentation audit - Is everything documented?
Runbook review - Walk through with new owner
Shadow on-call - New owner shadows for 2 weeks
Gradual handoff - New owner primary, old owner backup
Clean handoff - New owner fully responsible

Never abandon a service without explicit handoff.

Blameless Culture & Psychological Safety

Blame prevents learning. Psychological safety enables improvement.

Why Blameless Matters

With blame:

Engineers hide mistakes
Root causes stay hidden
Same incidents repeat
Team trust erodes

Without blame:

Engineers report problems early
Root causes are discovered
Systems improve
Team trust grows

Blameless Postmortem Language

Avoid:

“John caused the outage by…”
“The mistake was…”
“They should have known…”
“Why didn’t anyone…”

Instead:

“The system allowed…”
“The process didn’t catch…”
“The automation was missing…”
“How might we prevent…”

Creating Psychological Safety

Leaders must:

Thank people for reporting problems
Share their own mistakes openly
Never punish for honest errors
Focus questions on systems, not people
Celebrate learning from failures

Indicators of safety:

People raise concerns early
Bad news travels fast
Postmortems are collaborative, not defensive
Teams voluntarily share failures

The “5 Whys” Without Blame

Incident: Customer data exposed in logs

Why? Logs included full request bodies
  Why? Logging configuration didn't exclude sensitive fields
    Why? No standard logging template for sensitive services
      Why? Each team built their own logging
        Why? No central platform team until recently

Action: Create standard logging library with PII redaction

Notice: No individual blamed. Focus on system improvement.

On-Call Scheduling & Setup

Before incidents happen, establish clear on-call coverage. This section covers setup; see “On-Call Health” below for sustainability.

Rotation Structure

Primary On-Call: Responds immediately (paged on SEV-1/2)
  - Expected to join call within 5 minutes
  - Use 1 week rotations (high interrupt cost)

Secondary On-Call: Backup if primary unavailable
  - Called if primary doesn't respond in 5 minutes

Weekly Rotation:
  - Handoff: Friday 5pm (or end of week)
  - Ramp-up: New person shadows for 1 week first

On-Call Tools

PagerDuty / Opsgenie (Recommended):

Escalation policy: Primary → Secondary (5 min) → Manager (5 min)
Alert routing: SEV-1/2 page immediately, SEV-3 creates ticket
Calendar integration for swaps and visibility

Simple Alternative: Google Calendar + Slack bot (/whois-oncall)

On-Call Expectations

During on-call week:

Respond to SEV-1/2 pages within 5 minutes
Work from location where you can join calls
Avoid travel to areas without cell service

Company should:

Pay on-call stipend
Limit to 1 week per month if possible
Provide recovery time after heavy rotations
Never force on-call against will

Mock Incident Training

Required before first live on-call (30-45 min):

Scenario: Simulate realistic incident (e.g., API down after deployment)
Practice: New person declares incident, checks dashboards, identifies root cause
Debrief: Review decision speed, communication frequency, escalation awareness

This prevents: Chaotic first incidents, decision paralysis under pressure

On-Call Health

Sustainable on-call prevents burnout and maintains quality.

Healthy Rotation Patterns

Good:

1 week on, 3+ weeks off
Defined business hours (primary) vs after-hours (backup)
Clear escalation paths
Compensatory time off after heavy rotations

Bad:

Always-on expectations
1 week on, 1 week off (too frequent)
No backup coverage
Pages for non-actionable alerts

On-Call Load Metrics

Track per rotation:

Metric	Healthy	Concerning	Action Needed
Pages per week	< 5	5-15	> 15
Night pages	< 1	1-3	> 3
Time to acknowledge	< 5 min	5-15 min	> 15 min
False positive rate	< 10%	10-30%	> 30%

If metrics are concerning:

Reduce alert noise (tune thresholds)
Automate responses where possible
Add more people to rotation
Split into sub-rotations by service

Preventing Burnout

Signs of on-call burnout:

Dreading rotation weeks
Ignoring or silencing pages
Decreased quality of incident response
Increased sick days during rotation
Team members leaving

Prevention:

Regular rotation reviews
Rotate out of on-call for a quarter (recovery)
Celebrate reliability improvements
Make on-call load visible to leadership
Budget time for on-call automation

On-Call Handoff Template

## On-Call Handoff: Jan 20 → Jan 27

### Outgoing (Alice)
- No ongoing incidents
- Known issues:
  - API latency spike at 3pm daily (monitoring, not actionable)
  - Staging environment flaky (don't page for staging)

### Incoming (Bob)
- Confirmed: I have access to all systems
- Confirmed: PagerDuty is configured correctly
- Questions: None

### Deployment Schedule
- Tuesday: Feature X (low risk)
- Thursday: Database migration (high risk, after-hours)

### Contacts
- Database: @db-oncall
- Infrastructure: @infra-oncall
- Escalation: @engineering-lead

Operational Review Cadence

Regular reviews prevent drift and maintain operational health.

Weekly: Operational Standup (15 min)

Recent incidents and postmortem status
Current error budget consumption
On-call load from last week
Any blockers or concerns

Monthly: Reliability Review (1 hour)

SLO compliance for the month
Error budget trends
Toil tracking update
Capacity utilization review
Action items from postmortems

Quarterly: Operational Planning (2 hours)

Quarterly capacity planning
Toil reduction priorities
On-call rotation health
SLO adjustments (if needed)
Training and documentation gaps

Annually: Disaster Recovery Testing

Full DR test (see /pb-dr)
On-call process review
Major incident simulation
Documentation audit

Server Migration Checklist

Database Migrations

Always use full dump/restore:

# WRONG: Selective table export (misses users, tokens, etc.)
pg_dump -t verses -t cases dbname > partial.sql

# RIGHT: Full database dump
pg_dump -U user dbname > backup.sql
psql -U user dbname < backup.sql

Pre-migration:

Document all table row counts on source
Verify auth tables included (users, refresh_tokens, sessions)
Plan for downtime window

Post-migration verification:

SELECT 'users', count(*) FROM users
UNION ALL SELECT 'refresh_tokens', count(*) FROM refresh_tokens
UNION ALL SELECT 'cases', count(*) FROM cases;

Row counts match source
Login flow works
Existing sessions remain valid

Rollback plan:

Keep source database running (read-only) until verification complete
Document rollback steps before starting migration
Test rollback procedure in staging first

New Server Security Verification

Before deploying services, verify hardening (Linux servers):

Item	Command	Expected
SSH key-only	`grep PasswordAuth /etc/ssh/sshd_config`	`no`
Root restricted	`grep PermitRootLogin /etc/ssh/sshd_config`	`prohibit-password`
UFW enabled	`ufw status`	`Status: active`
Fail2ban running	`systemctl status fail2ban`	`active`
Auditd running	`systemctl status auditd`	`active`
Kernel hardened	`sysctl net.ipv4.tcp_syncookies`	`1`
Secrets protected	`stat -c %a .env`	`600`

Note: stat syntax varies by platform. Use -c %a on Linux, -f%Lp on macOS.

Integration with Playbook

Complements existing commands:

/pb-incident - Incident response and postmortems
/pb-observability - SLO definitions, metrics, alerting
/pb-deployment - Deployment strategies
/pb-dr - Disaster recovery planning

Workflow:

Design (/pb-observability - define SLOs)
    ↓
Operate (this command - sustainable practices)
    ↓
Respond (/pb-incident - when things break)
    ↓
Recover (/pb-dr - disaster scenarios)
    ↓
Improve (back to operate)

Quick Commands

Topic	Action
Track toil	Log time spent on repetitive tasks
Check error budget	Compare incidents to SLO allowance
Review capacity	Quarterly utilization review
Assess on-call health	Track pages per week, night pages
Conduct postmortem	Blameless, focus on systems

/pb-incident - Respond to production incidents
/pb-observability - Set up monitoring, SLOs, and alerting
/pb-dr - Disaster recovery planning and testing
/pb-team - Build high-performance engineering teams

Reliability is a feature. Invest in it deliberately.

Disaster Recovery

Plan, test, and execute recovery from major system failures. When everything goes wrong, have a plan that works.

Mindset: Disaster recovery embodies /pb-design-rules thinking: Repair (fail noisily, recover quickly), Robustness (design for failure), and Least Surprise (recovery should work as documented). Use /pb-preamble thinking to challenge assumptions about what disasters are “unlikely.”

The best time to plan for disaster is before it happens. The second best time is now.

Resource Hint: opus - disaster recovery planning demands careful architecture and risk analysis

When to Use This Command

Creating DR plan - Establishing recovery strategy for your system
Defining RTO/RPO - Setting recovery objectives with stakeholders
DR testing - Running game days and failover exercises
After an incident - Reviewing and improving DR procedures
Compliance requirements - Documenting DR capabilities

Quick Reference

Term	Definition
RTO	Recovery Time Objective - max acceptable downtime
RPO	Recovery Point Objective - max acceptable data loss
Failover	Switching to backup system
Failback	Returning to primary system

RTO/RPO Definitions

Recovery Time Objective (RTO)

RTO = How long can you be down?

RTO Target	Meaning	Example
0 (zero)	No downtime acceptable	Payment processing
< 1 hour	Critical system	Core API
< 4 hours	Important system	Admin dashboard
< 24 hours	Standard system	Reporting
< 1 week	Low priority	Development tools

Setting RTO:

Questions to ask:
- What is the business impact per hour of downtime?
- Do we have SLA commitments?
- What is our reputation risk?
- What can we realistically achieve?

Recovery Point Objective (RPO)

RPO = How much data can you lose?

RPO Target	Meaning	Backup Strategy
0 (zero)	No data loss	Synchronous replication
< 1 minute	Near-zero	Streaming replication
< 1 hour	Minimal	Frequent snapshots
< 24 hours	Standard	Daily backups
< 1 week	Acceptable	Weekly backups

Setting RPO:

Questions to ask:
- How much work would users lose?
- Can data be reconstructed from other sources?
- What is the regulatory requirement?
- What can we afford to backup?

RTO/RPO Trade-offs

Lower RTO/RPO = Higher cost and complexity

Zero RTO + Zero RPO:
  - Active-active multi-region
  - Synchronous replication
  - Expensive, complex

1 hour RTO + 1 hour RPO:
  - Warm standby
  - Frequent async replication
  - Moderate cost

24 hour RTO + 24 hour RPO:
  - Cold standby
  - Daily backups
  - Low cost

Document your targets:

## Service: Payment Processing
- RTO: 15 minutes
- RPO: 0 (zero data loss)
- Justification: Revenue impact, regulatory requirement
- Strategy: Active-passive with synchronous replication

## Service: Admin Dashboard
- RTO: 4 hours
- RPO: 1 hour
- Justification: Internal tool, can reconstruct recent changes
- Strategy: Backup restore from hourly snapshots

Backup Strategies

The 3-2-1 Rule

3 copies of data
2 different storage types
1 offsite location

Example:
  Copy 1: Production database (primary)
  Copy 2: Local replica (different disk)
  Copy 3: Cloud storage backup (different region/provider)

Immutable Backups

Protect against ransomware and accidental deletion.

# AWS S3 with Object Lock
aws s3api put-object-lock-configuration \
  --bucket my-backups \
  --object-lock-configuration '{
    "ObjectLockEnabled": "Enabled",
    "Rule": {
      "DefaultRetention": {
        "Mode": "GOVERNANCE",
        "Days": 30
      }
    }
  }'

# Objects cannot be deleted for 30 days

Immutability options:

AWS S3 Object Lock
Azure Immutable Blob Storage
GCP Bucket Lock
Air-gapped offline backups

Backup Verification

Backups that haven’t been tested are not backups.

# Monthly backup verification script
#!/bin/bash

echo "=== Backup Verification $(date) ==="

# 1. Download latest backup
aws s3 cp s3://backups/latest/db.sql.gz /tmp/restore-test/

# 2. Restore to test database
gunzip /tmp/restore-test/db.sql.gz
psql -h test-db -U admin -d restore_test < /tmp/restore-test/db.sql

# 3. Verify data integrity
EXPECTED_ROWS=1000000  # Known approximate count
ACTUAL_ROWS=$(psql -h test-db -U admin -d restore_test -t -A -c "SELECT COUNT(*) FROM users")

if [ "$ACTUAL_ROWS" -lt "$EXPECTED_ROWS" ]; then
  echo "ERROR: Row count mismatch. Expected ~$EXPECTED_ROWS, got $ACTUAL_ROWS"
  exit 1
fi

# 4. Verify application can connect
curl -f http://test-app/health || exit 1

echo "=== Backup verification PASSED ==="

Verification schedule:

Daily: Automated integrity checks
Weekly: Restore to test environment
Monthly: Full recovery drill
Quarterly: DR test (see below)

Retention Policies

Backup Type	Retention	Purpose
Hourly	24 hours	Point-in-time recovery
Daily	30 days	Short-term recovery
Weekly	3 months	Medium-term recovery
Monthly	1 year	Long-term/compliance
Yearly	7 years	Regulatory (varies)

Failover Procedures

Manual Failover Steps

When automated failover isn’t possible or appropriate:

## Database Failover Runbook

### Pre-Conditions
- Primary database is unresponsive or corrupted
- Replica has current data (check replication lag)
- You have authority to initiate failover

### Steps

1. **Verify the problem (2 min)**
   - Is primary truly down? (not network issue)
   - What is replica lag? (acceptable data loss?)
   - Notify team in #incidents

2. **Stop writes to primary (1 min)**
   - Update application config to reject writes
   - Or: Block primary at network level

3. **Promote replica (5 min)**
   ```bash
   # PostgreSQL
   pg_ctl promote -D /var/lib/postgresql/data

   # Verify promotion
   psql -c "SELECT pg_is_in_recovery();"  # Should return 'f'

Update application config (2 min)
- Point DATABASE_URL to new primary
- Deploy config change
Verify application (2 min)
- Check health endpoints
- Verify writes working
- Monitor error rates
Communicate (ongoing)
- Update status page
- Notify stakeholders

Post-Failover

Document what happened
Schedule postmortem
Plan failback (when original primary is repaired)


### Automated Failover

For zero/low RTO requirements:

```yaml
# Example: PostgreSQL with Patroni (automated failover)
# patroni.yml
scope: my-cluster
name: node1

restapi:
  listen: 0.0.0.0:8008

bootstrap:
  dcs:
    ttl: 30
    loop_wait: 10
    retry_timeout: 10
    maximum_lag_on_failover: 1048576  # 1MB max lag for failover

postgresql:
  listen: 0.0.0.0:5432
  data_dir: /var/lib/postgresql/data
  parameters:
    synchronous_commit: "on"  # For zero data loss

Automated failover considerations:

Test failover regularly (it will fail when you need it otherwise)
Set appropriate lag thresholds
Have manual override procedures
Monitor failover events

DNS-Based Failover

For simple active-passive setups:

# Health check fails → update DNS
# Using AWS Route 53 health checks

aws route53 change-resource-record-sets \
  --hosted-zone-id Z123456 \
  --change-batch '{
    "Changes": [{
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "db.example.com",
        "Type": "A",
        "TTL": 60,
        "ResourceRecords": [{"Value": "10.0.2.100"}]
      }
    }]
  }'

DNS failover considerations:

TTL affects failover time (lower TTL = faster failover, more DNS traffic)
Clients may cache DNS beyond TTL
Not suitable for zero-RTO requirements

Recovery Testing

Game Day Exercises

Controlled failure injection to test recovery.

Game day template:

## Game Day: Database Failover Test

### Date: 2026-02-15
### Duration: 2 hours (10am - 12pm)
### Participants: SRE team, Database team, On-call engineer

### Objectives
- Verify automated failover works as documented
- Measure actual RTO
- Identify documentation gaps

### Scenario
Simulate primary database failure during normal traffic.

### Pre-Conditions
- Staging environment configured identically to production
- All participants briefed
- Rollback plan ready
- Status page prepared

### Steps
1. (T+0) Announce game day start
2. (T+5) Inject failure: Stop primary database
3. (T+5) Observe: Does automated failover trigger?
4. (T+10) Measure: Time to full recovery
5. (T+20) Verify: Application functioning correctly
6. (T+30) Restore: Bring original primary back
7. (T+45) Failback: Return to original configuration
8. (T+60) Debrief: What worked, what didn't

### Success Criteria
- RTO < 5 minutes (target: 2 minutes)
- RPO = 0 (synchronous replication)
- No customer-visible errors

### Actual Results
[Fill in after exercise]
- RTO achieved: ___
- RPO achieved: ___
- Issues discovered: ___
- Action items: ___

Chaos Engineering (Lite)

Start simple before full chaos engineering:

Level 1: Planned failures

Terminate a server during maintenance window
Failover database on schedule
Disconnect from external service

Level 2: Automated small failures

Random pod termination (Kubernetes)
Inject latency into service calls
Simulate partial network failures

Level 3: Full chaos engineering

Netflix Chaos Monkey style
Production failures
Requires mature observability and recovery

Start with Level 1. Master each level before advancing.

Tabletop Exercises

Discussion-based DR testing without actual system changes.

## Tabletop Exercise: Ransomware Attack

### Scenario
You arrive Monday morning. All production databases are encrypted.
Attackers demand 10 BTC. Last known good backup was Friday 6pm.

### Discussion Questions
1. Who do you notify first?
2. How do you verify backup integrity?
3. What is your recovery sequence?
4. How do you communicate with customers?
5. What is the estimated recovery time?
6. Do you pay the ransom? (Spoiler: No)

### Expected Outcomes
- Validate contact lists are current
- Identify gaps in backup strategy
- Practice decision-making under pressure
- Update runbooks based on discussion

Data Recovery Workflows

Database Point-in-Time Recovery

# PostgreSQL: Restore to specific timestamp
# Requires WAL archiving enabled

# 1. Stop application
sudo systemctl stop myapp

# 2. Create recovery configuration (PostgreSQL 12+)
# Note: recovery.conf was removed in PostgreSQL 12
cat >> /var/lib/postgresql/data/postgresql.conf << EOF
restore_command = 'cp /backup/wal/%f %p'
recovery_target_time = '2026-01-20 14:30:00'
recovery_target_action = 'promote'
EOF

# Create recovery signal file
touch /var/lib/postgresql/data/recovery.signal

# 3. Restore base backup
pg_basebackup -h backup-server -D /var/lib/postgresql/data-new

# 4. Start PostgreSQL (will replay WAL to target time)
sudo systemctl start postgresql

# 5. Verify data
psql -c "SELECT MAX(created_at) FROM transactions;"

File System Recovery

# From snapshot (cloud provider)
aws ec2 create-volume \
  --snapshot-id snap-123456 \
  --availability-zone us-east-1a

# Mount and verify
sudo mount /dev/xvdf /mnt/recovery
ls -la /mnt/recovery/

# Or from backup
rsync -avz backup-server:/backups/2026-01-20/ /mnt/recovery/

Application State Recovery

Some applications have state that needs recovery beyond database:

Session data: May need to invalidate all sessions
Cache data: Rebuild from source of truth
File uploads: Restore from object storage backup
Search indexes: Rebuild from database

Recovery sequence matters:

1. Database (source of truth)
2. File storage
3. Application servers
4. Cache/search indexes (rebuild)
5. CDN/edge cache (invalidate)

Communication During Disaster

Status Page Updates

Update template:

## Incident: Database Outage

### [RESOLVED] 15:45 UTC
The database has been restored and all services are operational.
We are monitoring for any residual issues.

### [UPDATE] 15:30 UTC
Database restore in progress. Estimated completion: 15 minutes.

### [UPDATE] 15:00 UTC
We have identified the issue and are restoring from backup.
RTO estimate: 45 minutes.

### [INVESTIGATING] 14:30 UTC
We are experiencing database connectivity issues.
Some users may see errors. We are investigating.

Communication cadence:

Initial: Within 10 minutes of detection
Updates: Every 30 minutes (or on significant change)
Resolution: When fully restored

Stakeholder Communication

Internal escalation:

On-call engineer
Team lead
Engineering manager
VP Engineering (for major incidents)
CEO (for customer-facing outages > 1 hour)

External communication:

Status page (all incidents)
Email to affected customers (significant incidents)
Social media (major outages)
Press (if necessary)

Communication Templates

Customer email template:

Subject: Service Disruption - [Service Name]

Dear Customer,

We experienced a service disruption affecting [specific impact]
between [start time] and [end time] UTC.

What happened:
[Brief, non-technical explanation]

What we're doing:
[Actions taken to prevent recurrence]

Impact to you:
[Specific impact, any data affected]

Next steps:
[Any action required from customer]

We apologize for the inconvenience and appreciate your patience.

[Your name]
[Company name]

Post-Recovery Verification

After recovery, verify before declaring success:

Verification Checklist

## Post-Recovery Verification

### Data Integrity
- [ ] Row counts match expected values
- [ ] Recent transactions present
- [ ] No data corruption detected
- [ ] Referential integrity intact

### Application Function
- [ ] All health checks passing
- [ ] Authentication working
- [ ] Core user flows working
- [ ] Background jobs processing

### Performance
- [ ] Response times normal
- [ ] No error rate elevation
- [ ] Database query times normal
- [ ] No resource exhaustion

### Monitoring
- [ ] All alerts cleared
- [ ] Dashboards show normal
- [ ] Logs show no errors
- [ ] External monitors green

### Communication
- [ ] Status page updated
- [ ] Team notified
- [ ] Stakeholders updated
- [ ] Postmortem scheduled

DR Plan Template

Every critical service needs a DR plan.

# Disaster Recovery Plan: [Service Name]

## Overview
- Service: [Name]
- Owner: [Team]
- Last updated: [Date]
- Last tested: [Date]

## Recovery Objectives
- RTO: [X hours]
- RPO: [X hours]

## Backup Strategy
- Method: [Daily snapshot, continuous replication, etc.]
- Location: [Where backups stored]
- Retention: [How long kept]
- Verification: [How/when tested]

## Failure Scenarios

### Scenario 1: Database Failure
- Detection: [How we know]
- Response: [Steps to recover]
- Runbook: [Link]

### Scenario 2: Complete Region Failure
- Detection: [How we know]
- Response: [Steps to recover]
- Runbook: [Link]

### Scenario 3: Data Corruption
- Detection: [How we know]
- Response: [Steps to recover]
- Runbook: [Link]

## Recovery Procedures
1. [Step 1]
2. [Step 2]
3. [Step 3]

## Contacts
- Primary: [Name, contact]
- Backup: [Name, contact]
- Escalation: [Name, contact]

## Dependencies
- [Service 1]: [Impact if unavailable]
- [Service 2]: [Impact if unavailable]

## Testing Schedule
- Monthly: Backup verification
- Quarterly: Failover test
- Annually: Full DR test

Integration with Playbook

Part of operational excellence:

/pb-hardening - Prevent disasters through security
/pb-secrets - Protect credentials
/pb-sre-practices - Sustainable operations
/pb-dr - Recover when prevention fails (this command)
/pb-incident - Respond during disasters

DR testing cadence:

Monthly: Backup verification
Quarterly: Failover testing (game day)
Annually: Full DR simulation
After changes: Verify DR still works

Quick Reference

Topic	Action
Set RTO/RPO	Document for each critical service
Verify backups	Monthly restore test
Test failover	Quarterly game day
Update DR plan	After any infrastructure change
Practice communication	Include in tabletop exercises

/pb-incident - Respond to incidents during disaster scenarios
/pb-sre-practices - Sustainable operations and toil reduction
/pb-database-ops - Database backup and failover procedures
/pb-deployment - Deploy recovery infrastructure
/pb-maintenance - Backup verification and ongoing maintenance scheduling

Hope for the best, plan for the worst, test the plan.

Production Security Hardening

Harden servers and containers before deploying to production. Defense-in-depth across OS, container runtime, network, and application layers.

Mindset: Security hardening embodies /pb-design-rules thinking: Robustness (fail safely), Transparency (make security visible), and Least Surprise (secure defaults). Use /pb-preamble thinking to challenge assumptions about what’s “secure enough.”

The goal is defense-in-depth: multiple layers of protection so that if one fails, others still protect. Never rely on a single security control.

Resource Hint: opus - security hardening requires deep infrastructure and threat analysis

When to Use This Command

New production deployment - Hardening servers before go-live
Security audit - Reviewing and improving security posture
Container security - Locking down container runtime
Compliance requirements - Meeting security standards (SOC2, etc.)
After security incident - Strengthening defenses

Quick Reference

Layer	Key Actions
Server	SSH hardening, firewall, fail2ban, auditd
Container	cap_drop ALL, no-new-privileges, non-root, read-only fs
Network	Internal networks, no external DB exposure, service auth
Host	Kernel hardening, automatic updates, log aggregation

Server Setup Checklist

SSH Hardening

Secure SSH is the first line of defense.

Configuration (/etc/ssh/sshd_config):

# Disable password authentication - keys only
PasswordAuthentication no
PubkeyAuthentication yes

# Restrict root login
PermitRootLogin prohibit-password

# Limit authentication attempts
MaxAuthTries 3

# Disable unused authentication methods
ChallengeResponseAuthentication no
UsePAM yes

# Timeout idle sessions
ClientAliveInterval 300
ClientAliveCountMax 2

Apply changes:

sudo systemctl restart sshd

Verification:

# Test key-based login works BEFORE disabling password auth
ssh -o PasswordAuthentication=no user@server

# Verify password auth is disabled
grep "PasswordAuthentication no" /etc/ssh/sshd_config

Firewall (UFW)

Default deny, explicit allow.

# Enable UFW with default deny
sudo ufw default deny incoming
sudo ufw default allow outgoing

# Allow only necessary ports
sudo ufw allow 22/tcp    # SSH
sudo ufw allow 80/tcp    # HTTP
sudo ufw allow 443/tcp   # HTTPS

# Enable firewall
sudo ufw enable

# Verify rules
sudo ufw status verbose

For internal services:

# Allow from specific IP only
sudo ufw allow from 10.0.0.0/8 to any port 5432  # PostgreSQL from internal network

Fail2ban

Protect against brute-force attacks.

# Install
sudo apt install fail2ban

# Configure (/etc/fail2ban/jail.local)
[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = 86400   # 24 hours
findtime = 600    # 10 minute window

Verification:

# Check status
sudo fail2ban-client status sshd

# View banned IPs
sudo fail2ban-client status sshd | grep "Banned IP"

Audit Logging (auditd)

Track security-relevant events.

# Install
sudo apt install auditd

# Enable and start
sudo systemctl enable auditd
sudo systemctl start auditd

# Basic audit rules (/etc/audit/rules.d/audit.rules)
# Log all commands run as root
-a always,exit -F arch=b64 -F euid=0 -S execve -k root_commands

# Log changes to passwd/shadow
-w /etc/passwd -p wa -k identity
-w /etc/shadow -p wa -k identity

# Log SSH config changes
-w /etc/ssh/sshd_config -p wa -k sshd_config

# Log Docker config changes
-w /etc/docker/daemon.json -p wa -k docker_config

# Log sudoers changes
-w /etc/sudoers -p wa -k sudoers
-w /etc/sudoers.d/ -p wa -k sudoers

Query audit logs:

# Search for specific events
sudo ausearch -k root_commands --start today

# Generate summary report
sudo aureport --summary

Docker Container Security

Apply these controls to all production containers.

Capability Dropping

Start with no capabilities, add only what’s needed.

# docker-compose.yml
services:
  app:
    image: myapp:latest
    cap_drop:
      - ALL
    cap_add:
      - NET_BIND_SERVICE  # Only if binding to ports < 1024
    security_opt:
      - no-new-privileges:true

Common capabilities and when needed:

Capability	When Required
`NET_BIND_SERVICE`	Binding to ports < 1024
`CHOWN`	Changing file ownership (rarely needed)
`SETUID/SETGID`	Dropping privileges (use with caution)

Default: cap_drop: ALL with no cap_add unless explicitly required.

Non-Root Users

Never run containers as root.

# Dockerfile
FROM node:20-slim

# Create non-root user
RUN groupadd -r appuser && useradd -r -g appuser appuser

# Set ownership
WORKDIR /app
COPY --chown=appuser:appuser . .

# Switch to non-root user
USER appuser

CMD ["node", "server.js"]

# docker-compose.yml - explicit UID/GID
services:
  app:
    user: "1000:1000"

Read-Only Filesystem

Prevent runtime modifications.

services:
  redis:
    image: redis:7-alpine
    read_only: true
    tmpfs:
      - /tmp:size=64M
      - /var/run:size=64M
    volumes:
      - redis-data:/data

Pattern: Read-only root + tmpfs for temporary files + volumes for persistent data.

Resource Limits

Prevent resource exhaustion.

services:
  app:
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
        reservations:
          cpus: '0.25'
          memory: 128M
    pids_limit: 64

Guidelines:

pids_limit: 64-256 depending on service complexity
Memory: Set based on observed usage + headroom
CPU: Set based on fair share across services

Log Rotation

Prevent disk exhaustion from logs.

services:
  app:
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"

Or in Docker daemon config (/etc/docker/daemon.json):

{
  "log-driver": "json-file",
  "log-opts": {
    "max-size": "10m",
    "max-file": "3"
  }
}

SSL Certificate Access for Containers

When containers need Let’s Encrypt certs, use a dedicated group with fixed GID:

# Create group with fixed GID (matches docker-compose group_add)
groupadd -g 1002 ssl-docker

# Set group ownership on cert directories
chgrp -R ssl-docker /etc/letsencrypt/live/example.com
chgrp -R ssl-docker /etc/letsencrypt/archive/example.com
chmod 750 /etc/letsencrypt/live/example.com
chmod 750 /etc/letsencrypt/archive/example.com
chmod 640 /etc/letsencrypt/archive/example.com/privkey*.pem

In docker-compose.yml:

services:
  frontend:
    volumes:
      - /etc/letsencrypt/live/example.com:/etc/letsencrypt/live/example.com:ro
      - /etc/letsencrypt/archive/example.com:/etc/letsencrypt/archive/example.com:ro
    group_add:
      - "1002"  # Must match ssl-docker GID

Note: Use numeric GID to avoid name resolution issues in containers.

Certbot Renewal with Docker

When using certbot standalone mode with Docker services on port 80, create pre/post hooks:

# Pre-hook: Stop service to free port 80
cat > /etc/letsencrypt/renewal-hooks/pre/stop-frontend.sh << 'EOF'
#!/bin/bash
cd /opt/myapp && docker compose stop frontend
EOF
chmod +x /etc/letsencrypt/renewal-hooks/pre/stop-frontend.sh

# Post-hook: Restart service after renewal
cat > /etc/letsencrypt/renewal-hooks/post/start-frontend.sh << 'EOF'
#!/bin/bash
cd /opt/myapp && docker compose start frontend
EOF
chmod +x /etc/letsencrypt/renewal-hooks/post/start-frontend.sh

Verify: certbot renew --dry-run

Alternative: Use webroot authentication with nginx serving .well-known/acme-challenge/ to avoid service interruption.

Troubleshooting common issues:

Issue	Cause	Fix
“Could not bind to port 80”	Service still running	Verify pre-hook stopped service
Permission denied on privkey	Wrong GID	Verify ssl-docker group exists with correct GID
Renewal succeeds but service fails	Missing post-hook	Add post-hook to restart service

Complete Secure Container Example

services:
  api:
    image: myapp:v1.2.3
    user: "1000:1000"
    read_only: true
    cap_drop:
      - ALL
    security_opt:
      - no-new-privileges:true
    tmpfs:
      - /tmp:size=64M
    pids_limit: 64
    deploy:
      resources:
        limits:
          cpus: '1.0'
          memory: 512M
    logging:
      driver: json-file
      options:
        max-size: "10m"
        max-file: "3"
    networks:
      - internal
    # No ports exposed - accessed via reverse proxy

Network Isolation

Internal Docker Networks

Never expose databases or internal services externally.

networks:
  internal:
    internal: true  # No external access
  frontend:
    # External access allowed

services:
  nginx:
    networks:
      - frontend
      - internal

  api:
    networks:
      - internal  # Only internal access

  postgres:
    networks:
      - internal  # Database never on frontend network
    # NO ports section - not exposed to host

Pattern:

Frontend network: Only reverse proxy
Internal network: All backend services
Database: Internal network only, no host port binding

Service Authentication

Internal services should authenticate each other.

services:
  redis:
    command: redis-server --requirepass ${REDIS_PASSWORD}
    environment:
      - REDIS_PASSWORD=${REDIS_PASSWORD}
    networks:
      - internal

  api:
    environment:
      - REDIS_URL=redis://:${REDIS_PASSWORD}@redis:6379
    networks:
      - internal

Even on internal networks, use authentication. Defense-in-depth.

Port Exposure Rules

Service	External Port	Internal Only	Notes
Nginx/Traefik	80, 443	-	Only entry point
API	-	Yes	Behind reverse proxy
PostgreSQL	-	Yes	Never external
Redis	-	Yes	Never external
Monitoring	-	Yes	Access via VPN/bastion

Host Hardening

Kernel Parameters

Security-focused sysctl settings (/etc/sysctl.d/99-security.conf):

# Prevent IP spoofing
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1

# Ignore ICMP redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0

# Disable source routing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0

# Enable SYN flood protection
net.ipv4.tcp_syncookies = 1

# Log suspicious packets
net.ipv4.conf.all.log_martians = 1

Apply: sudo sysctl -p /etc/sysctl.d/99-security.conf

Automatic Security Updates

# Ubuntu/Debian
sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades

# Verify
cat /etc/apt/apt.conf.d/20auto-upgrades

Configure (/etc/apt/apt.conf.d/50unattended-upgrades):

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
};
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::Mail "admin@example.com";

File Permissions

# Secure SSH directory
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

# Secure sensitive files
chmod 600 /etc/shadow
chmod 644 /etc/passwd

# Verify no world-writable files in sensitive locations
find /etc -perm -002 -type f

Cloud-Agnostic Security Patterns

These patterns apply across AWS, GCP, Azure, or bare metal.

Security Group Patterns

Principle: Default deny, explicit allow, least privilege.

Rule	Source	Destination	Port	Notes
SSH	Bastion/VPN only	Servers	22	Never from 0.0.0.0/0
HTTPS	Internet	Load balancer	443	Only entry point
App	Load balancer	App servers	8080	Internal only
DB	App servers	Database	5432	App tier only

VPC/Network Concepts

Internet
    │
    ▼
┌─────────────────────────────────────────┐
│ Public Subnet                           │
│   - Load Balancer                       │
│   - Bastion Host (if needed)            │
└─────────────────────────────────────────┘
    │
    ▼
┌─────────────────────────────────────────┐
│ Private Subnet (App Tier)               │
│   - Application servers                 │
│   - No direct internet access           │
└─────────────────────────────────────────┘
    │
    ▼
┌─────────────────────────────────────────┐
│ Private Subnet (Data Tier)              │
│   - Databases                           │
│   - Caches                              │
│   - No direct internet access           │
└─────────────────────────────────────────┘

IAM Principles

Least privilege: Grant minimum permissions needed
No long-lived credentials: Use temporary credentials, rotate regularly
Separate concerns: Different roles for different functions
Audit access: Log and review who accessed what

Pre-Deployment Security Checklist

Before deploying to production:

Server Level

SSH key-only authentication enabled
Root login restricted
Firewall configured (default deny)
Fail2ban installed and configured
Audit logging enabled
Automatic security updates enabled

Container Level

All containers: cap_drop: ALL
All containers: no-new-privileges: true
All containers: Non-root user
Sensitive containers: Read-only filesystem
All containers: Resource limits set
All containers: Log rotation configured

Network Level

Databases on internal network only
No unnecessary ports exposed
Service-to-service authentication enabled
TLS for external traffic
Security groups follow least privilege

Secrets

No secrets in code or environment
Secrets encrypted at rest
Secret rotation configured
See /pb-secrets for comprehensive guidance

Post-Deployment Verification

After deployment, verify hardening:

# Verify SSH config
sudo sshd -t && echo "SSH config OK"

# Check firewall status
sudo ufw status verbose

# Verify fail2ban running
sudo systemctl status fail2ban

# Check Docker security
docker inspect <container> | jq '.[0].HostConfig.CapDrop'
docker inspect <container> | jq '.[0].HostConfig.SecurityOpt'

# Verify no containers running as root
docker ps -q | xargs docker inspect --format '{{.Name}}: User={{.Config.User}}'

# Check for exposed ports
docker ps --format "{{.Names}}: {{.Ports}}"

# Verify network isolation
docker network ls
docker network inspect internal

Integration with Playbook

Part of production readiness:

/pb-hardening - Harden infrastructure (this command)
/pb-secrets - Manage secrets securely
/pb-security - Application security review
/pb-deployment - Deployment strategies
/pb-dr - Disaster recovery planning

Workflow:

Development → Security Review (/pb-security)
           → Infrastructure Hardening (/pb-hardening)
           → Secrets Setup (/pb-secrets)
           → Deployment (/pb-deployment)
           → Monitoring (/pb-observability)

Quick Commands

Action	Command
Check SSH config	`sudo sshd -t`
UFW status	`sudo ufw status verbose`
Fail2ban status	`sudo fail2ban-client status`
Audit search	`sudo ausearch -k <key> --start today`
Docker security inspect	`docker inspect <container> \| jq '.[0].HostConfig'`
Find world-writable	`find /etc -perm -002 -type f`

/pb-secrets - Manage secrets securely across environments
/pb-security - Application-level security review
/pb-deployment - Deploy hardened infrastructure
/pb-server-hygiene - Periodic server health and hygiene review
/pb-patterns-resilience - Resilience patterns (Circuit Breaker, Rate Limiting, Bulkhead)

Defense-in-depth: if one layer fails, others still protect.

Secrets Management

Manage secrets securely across development, CI/CD, and production environments. Never hardcode, always encrypt, rotate regularly.

Mindset: Secrets management embodies /pb-design-rules thinking: Repair (fail loudly when secrets are wrong), Transparency (audit who accessed what), and Least Surprise (secrets work the same way everywhere). Use /pb-preamble thinking to challenge “it’s just for testing” excuses.

A leaked secret is a security incident. Treat secrets as radioactive: minimize exposure, contain carefully, dispose properly.

Resource Hint: sonnet - secrets workflow implementation and rotation patterns

When to Use

Setting up secrets management for a new project or environment
Rotating credentials after a team member departure or suspected leak
Reviewing secrets hygiene during a security audit or compliance check

Quick Reference

Environment	Storage	Access
Local Dev	`.env` (gitignored)	Developer only
CI/CD	Platform secrets (GitHub, GitLab)	Pipeline only
Staging	SOPS-encrypted files	Ops team
Production	Secrets manager or SOPS	Minimal access

Secrets Hierarchy

Different environments have different security requirements.

Local Development

Never commit secrets. Ever.

# .gitignore - MUST include
.env
.env.local
.env.*.local
*.pem
*.key
secrets/

Local secrets pattern:

# Create from template
cp .env.example .env

# Edit with real values (never committed)
vim .env

.env.example (committed, no real values):

# Database
DATABASE_URL=postgresql://user:password@localhost:5432/myapp

# API Keys (get from team password manager)
STRIPE_SECRET_KEY=sk_test_...
SENDGRID_API_KEY=SG...

# App secrets (generate with: openssl rand -hex 32)
SESSION_SECRET=
JWT_SECRET=

CI/CD Secrets

Use platform-native secrets, never store in code.

GitHub Actions:

# .github/workflows/deploy.yml
jobs:
  deploy:
    steps:
      - name: Deploy
        env:
          DATABASE_URL: ${{ secrets.DATABASE_URL }}
          API_KEY: ${{ secrets.API_KEY }}
        run: ./deploy.sh

GitLab CI:

# .gitlab-ci.yml
deploy:
  script:
    - ./deploy.sh
  variables:
    DATABASE_URL: $DATABASE_URL  # From CI/CD settings

Best practices:

Use environment-specific secrets (staging vs production)
Rotate secrets after team member departures
Audit secret access logs periodically

Staging Environment

SOPS-encrypted files, limited access.

# Decrypt for deployment
sops -d secrets/staging.env > .env

# Deploy
docker-compose up -d

# Clean up decrypted file
rm .env

Production Environment

Maximum security: secrets manager or SOPS with strict access control.

Option A: Cloud Secrets Manager

AWS Secrets Manager
GCP Secret Manager
Azure Key Vault
HashiCorp Vault

Option B: SOPS-encrypted files

Encrypted at rest in git
Decrypted only during deployment
Age or GPG keys for decryption

SOPS + Age Encryption

SOPS (Secrets OPerationS) with age encryption is the recommended approach for file-based secrets.

Initial Setup

# Install SOPS
# macOS
brew install sops

# Linux (check https://github.com/getsops/sops/releases for latest version)
VERSION=3.8.1
curl -LO https://github.com/getsops/sops/releases/download/v${VERSION}/sops-v${VERSION}.linux.amd64
curl -LO https://github.com/getsops/sops/releases/download/v${VERSION}/sops-v${VERSION}.checksums.txt
sha256sum --check --ignore-missing sops-v${VERSION}.checksums.txt
sudo mv sops-v${VERSION}.linux.amd64 /usr/local/bin/sops
sudo chmod +x /usr/local/bin/sops

# Install age
# macOS
brew install age

# Linux
sudo apt install age

Generate Keys

# Generate age key pair
mkdir -p ~/.config/sops/age
age-keygen -o ~/.config/sops/age/keys.txt

# Secure the key file (IMPORTANT!)
chmod 600 ~/.config/sops/age/keys.txt

# Output shows public key:
# Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p

# BACKUP THIS FILE SECURELY
# If lost, encrypted secrets are unrecoverable

Configure SOPS

Create .sops.yaml in repository root:

creation_rules:
  # Production secrets - requires production key
  - path_regex: secrets/production\..*
    age: >-
      age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p

  # Staging secrets - different key
  - path_regex: secrets/staging\..*
    age: >-
      age1abc123...staging-public-key...

  # Default for other secrets
  - path_regex: secrets/.*
    age: >-
      age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p

Encrypt Secrets

# Create secrets directory
mkdir -p secrets

# Create plaintext secrets file
cat > secrets/production.env << 'EOF'
DATABASE_URL=postgresql://prod_user:supersecret@db.example.com:5432/proddb
REDIS_PASSWORD=redis_secret_password
API_KEY=sk_live_abc123...
JWT_SECRET=32_byte_random_hex_value
EOF

# Encrypt with SOPS
sops -e secrets/production.env > secrets/production.env.enc

# Remove plaintext (IMPORTANT!)
rm secrets/production.env

# Verify encryption
cat secrets/production.env.enc  # Should show encrypted values

Decrypt for Deployment

# Decrypt to stdout (preferred - no file on disk)
sops -d secrets/production.env.enc | docker-compose --env-file /dev/stdin up -d

# Or decrypt to file temporarily
sops -d secrets/production.env.enc > .env
docker-compose up -d
rm .env  # Clean up immediately

Edit Encrypted Files

# SOPS opens in editor, decrypts, then re-encrypts on save
sops secrets/production.env.enc

Key Rotation

# Add new key to .sops.yaml, then updatekeys
sops updatekeys secrets/production.env.enc

# Old keys can still decrypt during transition
# Remove old keys from .sops.yaml when rotation complete

HashiCorp Vault Patterns

For organizations needing dynamic secrets, centralized management, or audit trails.

When to Use Vault

Use Case	SOPS	Vault
Static secrets (API keys)	✓	✓
Dynamic secrets (DB credentials)	-	✓
Secret rotation automation	Manual	✓
Centralized audit trail	-	✓
Multi-team access control	Limited	✓

Basic Vault Patterns

Reading secrets:

# CLI
vault kv get -field=password secret/myapp/database

# In application (using client library)
# Python example
import hvac
client = hvac.Client(url='https://vault.example.com')
secret = client.secrets.kv.v2.read_secret_version(path='myapp/database')
password = secret['data']['data']['password']

AppRole authentication (for applications):

# Get role_id (stored in config)
vault read auth/approle/role/myapp/role-id

# Get secret_id (generated at deploy time, short-lived)
vault write -f auth/approle/role/myapp/secret-id

# Application authenticates with both
vault write auth/approle/login \
  role_id=$ROLE_ID \
  secret_id=$SECRET_ID

Dynamic database credentials:

# Vault generates temporary credentials
vault read database/creds/myapp-role

# Returns:
# username: v-approle-myapp-xxxxx
# password: A1a-xxxxxxxx
# lease_duration: 1h

# Application uses these, Vault auto-rotates

Cloud Secrets Managers

Overview of cloud-native options.

AWS Secrets Manager

# Python
import boto3

client = boto3.client('secretsmanager')
response = client.get_secret_value(SecretId='myapp/production')
secrets = json.loads(response['SecretString'])
database_url = secrets['DATABASE_URL']

# In ECS task definition
{
  "secrets": [
    {
      "name": "DATABASE_URL",
      "valueFrom": "arn:aws:secretsmanager:us-east-1:123456789:secret:myapp/production:DATABASE_URL::"
    }
  ]
}

GCP Secret Manager

# Python
from google.cloud import secretmanager

client = secretmanager.SecretManagerServiceClient()
name = f"projects/my-project/secrets/database-url/versions/latest"
response = client.access_secret_version(name=name)
database_url = response.payload.data.decode('UTF-8')

Azure Key Vault

# Python
from azure.identity import DefaultAzureCredential
from azure.keyvault.secrets import SecretClient

credential = DefaultAzureCredential()
client = SecretClient(vault_url="https://myvault.vault.azure.net/", credential=credential)
database_url = client.get_secret("database-url").value

Comparison

Feature	AWS	GCP	Azure	Vault
Auto-rotation	✓	Limited	✓	✓
Dynamic secrets	-	-	-	✓
Multi-cloud	-	-	-	✓
Self-hosted option	-	-	-	✓
Cost	Per-secret	Per-access	Per-secret	Self-managed

Rotation Strategies

Manual Rotation Checklist

When rotating secrets manually:

Generate new secret

# Generate secure random value
openssl rand -hex 32

Update secret storage (SOPS, Vault, or secrets manager)
Deploy with new secret (rolling update)
Verify new secret works
Revoke old secret (after grace period)
Update documentation if needed

Automated Rotation

AWS Secrets Manager auto-rotation:

# Lambda function for rotation
def lambda_handler(event, context):
    secret_id = event['SecretId']
    step = event['Step']

    if step == 'createSecret':
        # Generate new secret value
        new_password = generate_password()
        # Store as pending

    elif step == 'setSecret':
        # Apply new secret to service

    elif step == 'testSecret':
        # Verify new secret works

    elif step == 'finishSecret':
        # Mark as current, remove old

Zero-Downtime Rotation Pattern

For secrets used by running services:

1. Add new secret (don't remove old)
   Old: secret_v1 ✓
   New: secret_v2 ✓

2. Deploy application that accepts BOTH
   App checks: secret_v2 || secret_v1

3. Verify all instances using new secret

4. Remove old secret
   Old: secret_v1 ✗
   New: secret_v2 ✓

5. Deploy application that only accepts new

Incident: Secret Leaked

If a secret is exposed, act immediately.

Immediate Response (< 5 minutes)

# 1. Rotate the leaked secret IMMEDIATELY
# Don't investigate first - rotate first

# 2. Revoke the old secret
# API keys: regenerate in provider dashboard
# Database: change password, kill sessions
# Tokens: invalidate in auth system

# 3. Deploy with new secret
sops -e secrets/production.env > secrets/production.env.enc
git add secrets/production.env.enc
git commit -m "security: rotate leaked credentials"
# Deploy immediately

Investigation (after rotation)

# Check git history for the secret
git log -p --all -S 'leaked_secret_value'

# Check if secret was in any branch
git branch --contains <commit_with_secret>

# Remove from git history if needed
git filter-branch --force --index-filter \
  'git rm --cached --ignore-unmatch path/to/secret/file' \
  --prune-empty --tag-name-filter cat -- --all

# Or use BFG Repo-Cleaner (faster)
bfg --delete-files .env

Post-Incident

Document the incident
- How was it leaked?
- How was it detected?
- Timeline of response
Review access logs
- Was the secret used maliciously?
- What resources were accessed?
Improve prevention
- Add pre-commit hooks
- Review secret handling procedures
- Train team on secret hygiene

Prevention Tools

# Install git-secrets
brew install git-secrets

# Configure for repository
cd your-repo
git secrets --install
git secrets --register-aws  # Block AWS credentials

# Add custom patterns
git secrets --add 'password\s*=\s*.+'
git secrets --add 'api[_-]?key\s*=\s*.+'

# Scan existing history
git secrets --scan-history

Pre-commit hook example:

#!/bin/bash
# .git/hooks/pre-commit
patterns="password\s*[=:]\s*['\"][^'\"]{8,}['\"]|secret\s*[=:]\s*['\"][^'\"]{16,}['\"]"
files=$(git diff --cached --name-only | grep -v '\.md$')
if [ -n "$files" ] && echo "$files" | xargs grep -lE "$patterns" 2>/dev/null; then
    echo "Potential secrets detected in commit"
    exit 1
fi

Verification Checklist

Pre-Deployment

No secrets in code (run git secrets --scan)
All secrets encrypted (SOPS or secrets manager)
.env files in .gitignore
Secrets manager access configured
Rotation schedule documented

Access Review (Quarterly)

Who has access to production secrets?
Are there unused secrets to revoke?
Are rotation schedules being followed?
Are audit logs being reviewed?

Integration with Playbook

Part of production readiness:

/pb-hardening - Infrastructure security
/pb-secrets - Secrets management (this command)
/pb-security - Application security review
/pb-deployment - Deployment strategies

Workflow:

Development (local .env)
    ↓
CI/CD (platform secrets)
    ↓
Staging (SOPS-encrypted)
    ↓
Production (secrets manager or SOPS)

Quick Commands

Action	Command
Generate random secret	`openssl rand -hex 32`
Encrypt with SOPS	`sops -e file.env > file.env.enc`
Decrypt with SOPS	`sops -d file.env.enc`
Edit encrypted file	`sops file.env.enc`
Scan for secrets	`git secrets --scan`
Scan history	`git secrets --scan-history`

/pb-hardening - Production security hardening for infrastructure
/pb-security - Application-level security review
/pb-deployment - Deploy with secure secrets handling

A secret is only secret if no one who shouldn’t know it, knows it.

Database Operations

Operate databases reliably: migrations, backups, performance tuning, and failover. This guide covers the full lifecycle of database operations in production.

Mindset: Database operations embody /pb-design-rules thinking: Repair (databases should recover from failures), Transparency (make database health visible), and Least Surprise (changes should be predictable). Use /pb-preamble thinking to challenge “it works on my machine” assumptions.

Data is the most valuable asset. Treat database operations with appropriate care.

Resource Hint: sonnet - database operations, migration design, and performance tuning

When to Use This Command

Planning database migration - Schema changes, data migrations
Setting up backups - Establishing backup and recovery strategy
Performance issues - Database slow, queries timing out
Disaster recovery - Failover planning and testing
Pre-deployment - Reviewing database changes for safety

Quick Reference

Operation	Frequency	Risk Level
Migrations	Per deployment	Medium-High
Backups	Continuous/Daily	Low (verify!)
Performance tuning	As needed	Low-Medium
Failover	When required	High
Maintenance	Weekly/Monthly	Low

Migration Strategies

For deployment-time migration patterns, see /pb-deployment. This section covers migration design and safety.

Expand/Contract Pattern

The safest approach for schema changes:

Phase 1: EXPAND (add new, keep old)
  - Add new column/table
  - Application writes to both old and new
  - No breaking changes

Phase 2: MIGRATE (move data)
  - Backfill data from old to new
  - Verify data integrity

Phase 3: CONTRACT (remove old)
  - Application uses only new
  - Remove old column/table (separate deployment)

Example: Renaming a column

-- Phase 1: EXPAND - Add new column
ALTER TABLE users ADD COLUMN full_name VARCHAR(255);

-- Application writes to both:
-- UPDATE users SET name = ?, full_name = ? WHERE id = ?;

-- Phase 2: MIGRATE - Backfill
UPDATE users SET full_name = name WHERE full_name IS NULL;

-- Phase 3: CONTRACT (later deployment) - Remove old
ALTER TABLE users DROP COLUMN name;

Zero-Downtime Migrations

Safe operations (no lock, no downtime):

Adding a nullable column
Adding an index concurrently
Adding a new table
Adding a column with a default (PostgreSQL 11+)

-- Safe: Add nullable column
ALTER TABLE users ADD COLUMN email_verified BOOLEAN;

-- Safe: Add index concurrently (PostgreSQL)
CREATE INDEX CONCURRENTLY idx_users_email ON users(email);

-- Safe: Add column with default (PostgreSQL 11+)
ALTER TABLE users ADD COLUMN created_at TIMESTAMP DEFAULT NOW();

Dangerous operations (can lock or break):

Adding NOT NULL constraint to existing column
Changing column type
Dropping column used by running code
Adding unique constraint on large table

-- DANGEROUS: This locks the table
ALTER TABLE users ALTER COLUMN email SET NOT NULL;

-- SAFER: Add constraint as NOT VALID first
ALTER TABLE users ADD CONSTRAINT users_email_not_null
  CHECK (email IS NOT NULL) NOT VALID;

-- Then validate in background (PostgreSQL)
ALTER TABLE users VALIDATE CONSTRAINT users_email_not_null;

Backward-Compatible Changes

Every migration should be backward compatible with the previous code version.

Rule: Code version N-1 must work with schema version N.

Deploy sequence:
1. Deploy code that works with old AND new schema
2. Run migration
3. Deploy code that only uses new schema
4. (Later) Drop old schema elements

Anti-pattern:

1. Run migration that breaks old code
2. Deploy new code
   → GAP: Old code is broken during deployment

Migration Rollback

Always have a rollback plan:

-- Forward migration
-- up.sql
ALTER TABLE users ADD COLUMN phone VARCHAR(20);

-- Rollback migration
-- down.sql
ALTER TABLE users DROP COLUMN phone;

Test rollbacks before production:

# Apply migration
psql -f migrations/001_add_phone.up.sql

# Verify application works
./verify_app.sh

# Test rollback
psql -f migrations/001_add_phone.down.sql

# Verify application still works
./verify_app.sh

Backup Automation

For backup strategy (3-2-1 rule, retention), see /pb-dr. This section covers implementation.

PostgreSQL Backup

Logical backup (pg_dump):

#!/bin/bash
# backup.sh - Daily logical backup

DATE=$(date +%Y%m%d_%H%M%S)
BACKUP_FILE="backup_${DATE}.sql.gz"

# Dump with compression
pg_dump -h $DB_HOST -U $DB_USER $DB_NAME | gzip > /backups/$BACKUP_FILE

# Upload to object storage
aws s3 cp /backups/$BACKUP_FILE s3://backups/daily/

# Clean local file
rm /backups/$BACKUP_FILE

# Verify upload
aws s3 ls s3://backups/daily/$BACKUP_FILE || exit 1

Physical backup (pg_basebackup):

#!/bin/bash
# For point-in-time recovery

pg_basebackup -h $DB_HOST -U replication -D /backups/base \
  --checkpoint=fast --wal-method=stream

# Archive WAL files continuously
archive_command = 'cp %p /backups/wal/%f'

Continuous archiving with WAL:

postgresql.conf:
  archive_mode = on
  archive_command = 'cp %p /backup/wal/%f'
  archive_timeout = 300  # 5 minutes max

Backup Verification Script

#!/bin/bash
# verify_backup.sh - Weekly verification

echo "=== Backup Verification $(date) ==="

# Download latest backup
LATEST=$(aws s3 ls s3://backups/daily/ | tail -1 | awk '{print $4}')
aws s3 cp s3://backups/daily/$LATEST /tmp/verify/

# Restore to test database
gunzip /tmp/verify/$LATEST
psql -h test-db -U admin -d verify_test -f /tmp/verify/*.sql

# Check row counts
EXPECTED_USERS=100000
ACTUAL_USERS=$(psql -h test-db -U admin -d verify_test -t -A -c \
  "SELECT COUNT(*) FROM users")

if [ "$ACTUAL_USERS" -lt "$EXPECTED_USERS" ]; then
  echo "ERROR: User count too low: $ACTUAL_USERS < $EXPECTED_USERS"
  exit 1
fi

# Check recent data exists (should have data from yesterday)
RECENT=$(psql -h test-db -U admin -d verify_test -t -A -c \
  "SELECT COUNT(*) FROM users WHERE created_at > NOW() - INTERVAL '2 days'")

if [ "$RECENT" -eq "0" ]; then
  echo "ERROR: No recent data found"
  exit 1
fi

echo "=== Backup verification PASSED ==="

# Cleanup
psql -h test-db -U admin -c "DROP DATABASE verify_test"

Backup Monitoring

Alert on backup failures:

# Prometheus alert rules
groups:
- name: backup
  rules:
  - alert: BackupMissing
    expr: time() - backup_last_success_timestamp > 86400
    for: 1h
    labels:
      severity: critical
    annotations:
      summary: "No successful backup in 24 hours"

  - alert: BackupSizeAnomaly
    expr: backup_size_bytes < backup_size_bytes offset 1d * 0.5
    for: 1h
    labels:
      severity: warning
    annotations:
      summary: "Backup size dropped by >50%"

Performance Baselines

Establishing Baselines

Before tuning, know what “normal” looks like:

-- Query performance baseline
SELECT
  calls,
  mean_exec_time,
  total_exec_time,
  rows,
  query
FROM pg_stat_statements
ORDER BY total_exec_time DESC
LIMIT 20;

Document baselines:

## Performance Baseline: 2026-01-20

### Query Performance
| Query Pattern | Avg Time | P99 Time | Calls/day |
|---------------|----------|----------|-----------|
| User lookup by ID | 2ms | 10ms | 1M |
| User search | 50ms | 200ms | 100K |
| Report generation | 5s | 30s | 1K |

### Resource Utilization
| Metric | Avg | Peak |
|--------|-----|------|
| CPU | 40% | 70% |
| Memory | 60% | 80% |
| Connections | 50 | 100 |
| Disk IOPS | 1000 | 3000 |

Query Performance Monitoring

-- Find slow queries (PostgreSQL)
SELECT
  (total_exec_time / 1000 / 60)::numeric(10,2) as total_min,
  mean_exec_time::numeric(10,2) as avg_ms,
  calls,
  query
FROM pg_stat_statements
WHERE mean_exec_time > 100  -- Queries averaging > 100ms
ORDER BY total_exec_time DESC
LIMIT 10;

-- Find queries with high I/O
SELECT
  shared_blks_read + shared_blks_hit as total_blocks,
  shared_blks_read as disk_reads,
  query
FROM pg_stat_statements
ORDER BY shared_blks_read DESC
LIMIT 10;

Index Optimization

Find missing indexes:

-- Tables with sequential scans (might need index)
SELECT
  schemaname,
  relname,
  seq_scan,
  seq_tup_read,
  idx_scan,
  idx_tup_fetch
FROM pg_stat_user_tables
WHERE seq_scan > 0
ORDER BY seq_tup_read DESC
LIMIT 10;

Find unused indexes:

-- Indexes that are never used (candidates for removal)
SELECT
  schemaname,
  relname,
  indexrelname,
  idx_scan,
  pg_size_pretty(pg_relation_size(indexrelid)) as size
FROM pg_stat_user_indexes
WHERE idx_scan = 0
AND indexrelname NOT LIKE '%_pkey'
ORDER BY pg_relation_size(indexrelid) DESC;

Connection Tuning

# postgresql.conf

# Max connections (conservative)
max_connections = 200

# Connection-related memory
shared_buffers = 4GB                # 25% of RAM
effective_cache_size = 12GB         # 75% of RAM
work_mem = 64MB                     # Per-operation memory
maintenance_work_mem = 1GB          # For maintenance ops

# Connection reuse
tcp_keepalives_idle = 600
tcp_keepalives_interval = 30
tcp_keepalives_count = 10

Failover Patterns

For DR-level failover planning, see /pb-dr. This section covers database-specific patterns.

Primary/Replica Architecture

         ┌─────────────┐
         │   Primary   │ ← All writes
         │  (Leader)   │
         └──────┬──────┘
                │ Replication
        ┌───────┴───────┐
        ▼               ▼
┌─────────────┐  ┌─────────────┐
│  Replica 1  │  │  Replica 2  │ ← Read traffic
│  (Follower) │  │  (Follower) │
└─────────────┘  └─────────────┘

PostgreSQL streaming replication:

# Primary: postgresql.conf
wal_level = replica
max_wal_senders = 10
synchronous_commit = on          # For zero data loss
synchronous_standby_names = '*'  # Any replica

# Replica: postgresql.conf (PostgreSQL 12+)
# Note: recovery.conf was removed in PostgreSQL 12
primary_conninfo = 'host=primary port=5432 user=replication'
restore_command = 'cp /backup/wal/%f %p'
# Create standby signal file: touch $PGDATA/standby.signal

Connection Routing

PgBouncer for connection pooling:

# pgbouncer.ini
[databases]
mydb = host=primary port=5432 dbname=mydb

[pgbouncer]
listen_addr = *
listen_port = 6432
auth_type = md5
auth_file = /etc/pgbouncer/userlist.txt

pool_mode = transaction
max_client_conn = 1000
default_pool_size = 50

Application-level read/write splitting:

# Python example
import psycopg2

PRIMARY_URL = "postgresql://primary:5432/mydb"
REPLICA_URL = "postgresql://replica:5432/mydb"

def get_connection(readonly=False):
    if readonly:
        return psycopg2.connect(REPLICA_URL)
    return psycopg2.connect(PRIMARY_URL)

# Usage
with get_connection(readonly=True) as conn:
    # Read queries go to replica
    cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))

with get_connection(readonly=False) as conn:
    # Writes go to primary
    cursor.execute("INSERT INTO users (...) VALUES (...)")

Manual Failover Procedure

#!/bin/bash
# failover.sh - Manual database failover

echo "=== Starting database failover ==="

# 1. Verify primary is truly down
pg_isready -h primary -p 5432
if [ $? -eq 0 ]; then
  echo "ERROR: Primary appears to be up. Aborting."
  exit 1
fi

# 2. Check replica lag
LAG=$(psql -h replica -t -A -c "SELECT pg_wal_lsn_diff(pg_last_wal_receive_lsn(), pg_last_wal_replay_lsn())")
echo "Replica lag: $LAG bytes"

if [ "$LAG" -gt 1048576 ]; then  # 1MB
  echo "WARNING: High replication lag. Potential data loss."
  read -p "Continue? (yes/no) " CONFIRM
  if [ "$CONFIRM" != "yes" ]; then
    exit 1
  fi
fi

# 3. Promote replica
psql -h replica -c "SELECT pg_promote();"

# 4. Verify promotion
pg_isready -h replica -p 5432
IS_PRIMARY=$(psql -h replica -t -A -c "SELECT NOT pg_is_in_recovery()")

if [ "$IS_PRIMARY" = "t" ]; then
  echo "Replica promoted successfully"
else
  echo "ERROR: Promotion failed"
  exit 1
fi

# 5. Update connection strings (application-specific)
echo "Update APPLICATION_DATABASE_URL to point to replica"

echo "=== Failover complete ==="

Connection Pooling

Why Pooling Matters

Database connections are expensive:

Memory per connection (~10MB for PostgreSQL)
Process per connection (PostgreSQL)
Connection setup time (~100ms)

Without pooling:

100 app instances × 10 connections each = 1000 DB connections
1000 connections × 10MB = 10GB just for connections

With pooling:

100 app instances → PgBouncer → 100 DB connections

PgBouncer Configuration

# pgbouncer.ini

[databases]
mydb = host=localhost port=5432 dbname=mydb

[pgbouncer]
listen_addr = 0.0.0.0
listen_port = 6432
auth_type = md5
auth_file = /etc/pgbouncer/userlist.txt

# Pool modes:
# session: Connection held for entire client session (default, safest)
# transaction: Connection held for transaction only (most efficient)
# statement: Connection held for single statement (dangerous)
pool_mode = transaction

# Pool sizing
default_pool_size = 50         # Connections per database
min_pool_size = 10             # Keep this many warm
reserve_pool_size = 10         # Extra connections for bursts
max_client_conn = 1000         # Max client connections to pooler

# Timeouts
server_lifetime = 3600         # Recycle connections hourly
server_idle_timeout = 600      # Close idle server connections
client_idle_timeout = 300      # Close idle client connections

# Logging
log_connections = 1
log_disconnections = 1
log_pooler_errors = 1

Pool Monitoring

-- PgBouncer stats
SHOW POOLS;
SHOW STATS;
SHOW CLIENTS;
SHOW SERVERS;

-- Key metrics to monitor
-- cl_active: Active client connections
-- sv_active: Active server connections
-- sv_idle: Idle server connections
-- maxwait: Max time client waited for connection

Alert on pool exhaustion:

# Prometheus alert
- alert: PgBouncerPoolExhausted
  expr: pgbouncer_pools_sv_active / pgbouncer_pools_max_connections > 0.9
  for: 5m
  labels:
    severity: critical
  annotations:
    summary: "PgBouncer pool near capacity"

Monitoring & Alerting

Key Database Metrics

Metric	Warning	Critical	Action
Connection count	> 70% max	> 85% max	Scale pool or optimize
Replication lag	> 1 second	> 10 seconds	Investigate network/load
Transaction rate	Varies	Sudden drop	Possible lock or issue
Query latency P99	> 2x baseline	> 5x baseline	Investigate queries
Disk usage	> 70%	> 85%	Expand or clean
Cache hit ratio	< 95%	< 90%	Increase shared_buffers

PostgreSQL Monitoring Queries

-- Connection usage
SELECT
  count(*) as total_connections,
  count(*) FILTER (WHERE state = 'active') as active,
  count(*) FILTER (WHERE state = 'idle') as idle,
  max_conn.setting::int as max_connections
FROM pg_stat_activity
CROSS JOIN (SELECT setting FROM pg_settings WHERE name = 'max_connections') max_conn
GROUP BY max_conn.setting;

-- Replication lag (on replica)
SELECT
  CASE
    WHEN pg_last_wal_receive_lsn() = pg_last_wal_replay_lsn() THEN 0
    ELSE EXTRACT(EPOCH FROM now() - pg_last_xact_replay_timestamp())
  END AS lag_seconds;

-- Cache hit ratio (handles zero activity case)
SELECT
  CASE
    WHEN sum(heap_blks_hit) + sum(heap_blks_read) = 0 THEN NULL
    ELSE sum(heap_blks_hit)::float / (sum(heap_blks_hit) + sum(heap_blks_read))
  END as cache_hit_ratio
FROM pg_statio_user_tables;

-- Lock contention
SELECT
  relation::regclass,
  mode,
  count(*) as lock_count
FROM pg_locks
WHERE granted = false
GROUP BY relation, mode;

Common Runbooks

Slow Query Diagnosis

## Runbook: Slow Query Investigation

### Symptoms
- High latency alerts
- Users reporting slow pages
- Database CPU elevated

### Investigation

1. **Identify slow queries**
   ```sql
   SELECT query, mean_exec_time, calls
   FROM pg_stat_statements
   ORDER BY mean_exec_time DESC
   LIMIT 5;

Check for locks

SELECT * FROM pg_stat_activity
WHERE wait_event_type = 'Lock';

Analyze query plan
```
EXPLAIN (ANALYZE, BUFFERS) SELECT ...;
```

Check for missing indexes

SELECT * FROM pg_stat_user_tables
WHERE seq_scan > idx_scan;

Resolution

Add missing index
Optimize query
Increase work_mem for specific query
Kill blocking query if necessary

Escalation

If not resolved in 30 minutes, escalate to database team.


### Connection Exhaustion

```markdown
## Runbook: Connection Exhaustion

### Symptoms
- "too many connections" errors
- Application unable to connect
- Connection count at max_connections

### Investigation

1. **Check current connections**
   ```sql
   SELECT state, count(*)
   FROM pg_stat_activity
   GROUP BY state;

Find connection leaks

SELECT client_addr, usename, count(*)
FROM pg_stat_activity
GROUP BY client_addr, usename
ORDER BY count DESC;

Find idle in transaction

SELECT pid, now() - xact_start as duration, query
FROM pg_stat_activity
WHERE state = 'idle in transaction'
ORDER BY xact_start;

Resolution

Kill idle connections: SELECT pg_terminate_backend(pid);
Increase max_connections (temporary)
Fix application connection leaks
Add/configure connection pooler

Prevention

Use connection pooling (PgBouncer)
Set statement_timeout
Set idle_in_transaction_session_timeout


### Replication Lag

```markdown
## Runbook: Replication Lag

### Symptoms
- Replica lag alerts
- Read queries returning stale data
- pg_stat_replication shows lag

### Investigation

1. **Check lag on primary**
   ```sql
   SELECT
     client_addr,
     state,
     pg_wal_lsn_diff(sent_lsn, replay_lsn) as byte_lag
   FROM pg_stat_replication;

Check lag on replica

SELECT
  now() - pg_last_xact_replay_timestamp() as lag_seconds;

Check replica I/O Is replica disk saturated? Check iowait.
Check network Is there packet loss between primary and replica?

Resolution

If disk I/O: Increase replica IOPS
If network: Fix network issues
If recovery: Wait for replica to catch up
If write load: Add more replicas

Escalation

If lag > 5 minutes and not recovering, escalate.


---

## Integration with Playbook

**Part of operational excellence:**
- `/pb-deployment` - Migration deployment patterns
- `/pb-dr` - Database disaster recovery
- `/pb-observability` - Database metrics and alerting
- `/pb-database-ops` - Full database operations (this command)

---

## Related Commands

- `/pb-patterns-db` - Database architecture and design patterns
- `/pb-dr` - Disaster recovery planning and backup verification
- `/pb-deployment` - Deploy database migrations safely

**Workflow:**

Schema design → Migration development ↓ Migration testing (staging) ↓ Production deployment (/pb-deployment) ↓ Monitoring (/pb-observability) ↓ Operational issues → These runbooks ↓ Major failures → /pb-dr


---

## Quick Reference

| Operation | Command/Query |
|-----------|---------------|
| Check connections | `SELECT count(*) FROM pg_stat_activity;` |
| Check replication lag | `SELECT now() - pg_last_xact_replay_timestamp();` |
| Find slow queries | `SELECT * FROM pg_stat_statements ORDER BY mean_exec_time DESC;` |
| Kill connection | `SELECT pg_terminate_backend(pid);` |
| Promote replica | `SELECT pg_promote();` |
| Create index concurrently | `CREATE INDEX CONCURRENTLY ...;` |
| Check locks | `SELECT * FROM pg_locks WHERE NOT granted;` |

---

*Data is the most valuable asset. Treat it with care.*

Server Hygiene

Periodic health and hygiene review for servers and VPS instances. A calm, repeatable ritual for detecting drift, bloat, and silent degradation before they become incidents.

Mindset: Server hygiene embodies /pb-design-rules thinking: Robustness (catch degradation before failure), Transparency (make server state visible and explainable), and Simplicity (predictable cleanups beat clever automation). Apply /pb-preamble thinking to challenge assumptions about what’s “probably fine.”

Resource Hint: sonnet (procedural, well-defined scope)

This is not firefighting. This is the periodic physical exam that prevents the emergency room visit.

When to Use This Command

Monthly hygiene pass - Routine review of a running server
Quarterly full audit - Deep drift analysis and capacity planning
After a period of neglect - Server hasn’t been reviewed in months
Before scaling or migration - Understand current state before changes
Post-incident verification - Confirm the server is clean after recovery
Onboarding to an inherited server - Build a mental model of what’s running

Quick Reference

Cadence	Scope	Time
Weekly	Glance: disk, errors, failed jobs	5 min
Monthly	Hygiene: logs, images, packages, access	30 min
Quarterly	Full: drift analysis, capacity, backup test	1-2 hrs

Execution Flow

Phase 1: SNAPSHOT ──► Phase 2: HEALTH ──► Phase 3: DRIFT ──► Phase 4: CLEANUP ──► Phase 5: READINESS
  (inventory)         (signals)           (bloat detection)   (safe actions)       (future-proof)
       └── Weekly: phases 2-3 only ──┘
       └── Monthly: phases 1-4 ───────────────────────────┘
       └── Quarterly: all phases ──────────────────────────────────────────────────────────────────┘

Phase 1: Snapshot Reality

Goal: know exactly what the server is today. If you can’t explain the server in 5 minutes, it’s already drifting.

Server Inventory

# System identity
hostname && uname -a
head -4 /etc/os-release
uptime

# Resources
nproc && free -h && df -h

Item	Command	What to Record
OS and kernel	`uname -a`, `cat /etc/os-release`	Version, last update date
CPU, RAM, disk	`nproc`, `free -h`, `df -h`	Limits and current usage
Uptime	`uptime`	Last reboot, load average
Users	`cat /etc/passwd \| grep -v nologin`	Who has shell access
SSH keys	`ls /home/*/.ssh/authorized_keys`	Which keys are present
Open ports	`ss -tlnp`	What’s listening, on which interfaces
Running services	`systemctl list-units --type=service --state=running`	Active services
Containers	`docker ps --format 'table {{.Names}}\t{{.Image}}\t{{.Status}}'`	Running containers
Cron jobs	`crontab -l; ls /etc/cron.d/`	Scheduled tasks

Application Footprint

Item	What to Check
Deployed apps	Versions, last deploy date
Active vs abandoned	Is everything running actually needed?
Deployment method	systemd, Docker, PM2, bare process
Runtime versions	node, go, python, java - are they current?

Configuration Sources

Item	What to Check
Environment variables	Where are they defined? (systemd, .env, shell profile)
Secrets location	Env files, vaults, or plaintext?
Reverse proxy	nginx, caddy, traefik - which sites are configured?
TLS certificates	Source (Let’s Encrypt, manual), renewal status, expiry date

Deliverable: A short server manifest. Write it down - even a few bullet points in a markdown file beats nothing.

Phase 2: Health Signals

Goal: detect slow degradation before users feel it.

Resource Trends

Look at trends, not just current values. A server at 60% disk today that was at 40% last month is a problem. Compare with your previous server manifest - if you don’t have one, record today’s numbers. That’s where trends start.

# Disk usage by mount
df -h

# Largest directories
du -sh /* 2>/dev/null | sort -hr | head -10

# Memory with swap
free -h

# CPU load (1, 5, 15 min averages)
uptime

# Disk IO wait (if iostat available)
iostat -x 1 3 2>/dev/null

Thresholds:

Resource	Healthy	Warning	Critical
Disk	< 70%	70-85%	> 85%
Memory	< 80%	80-90%	> 90% or swapping
CPU load	< cores	1-2x cores	> 2x cores sustained
Swap	None	Any active	Growing over time

Process Health

# Long-running processes sorted by memory
ps aux --sort=-%mem | head -15

# Zombie processes
ps aux | awk '$8 ~ /Z/ {print}'

# Failed systemd units
systemctl --failed

# OOM killer history
dmesg | grep -i "out of memory" | tail -5
journalctl -k | grep -i "oom" | tail -5

Ask: Is anything slowly leaking memory? Are there zombie processes? Has the OOM killer fired recently?

Application Health

Signal	How to Check	Red Flag
Error rates	`journalctl -u <service> --since "1 hour ago" \| grep -i error \| wc -l`	Increasing trend
Restart loops	`systemctl show <service> -p NRestarts`	Count > 0 unexpectedly
Queue backlog	Application-specific	Growing, not draining
DB connections	`ss -tnp \| grep 5432 \| wc -l`	Approaching pool limit

System Health

# Kernel warnings
dmesg --level=err,warn | tail -10

# Time sync
timedatectl status | grep "synchronized"

# Pending security updates (Debian/Ubuntu)
apt list --upgradable 2>/dev/null | grep -i security

Rule of thumb: If something spikes periodically, find out why. If something slowly rises, that’s a leak or accumulation.

Phase 3: Drift and Bloat Detection

This is where most server rot happens. Things quietly accumulate until one day the disk is full or a forgotten service gets exploited.

Disk Bloat

# Log sizes
du -sh /var/log/ /var/log/journal/

# Docker waste
docker system df
docker images -f "dangling=true" -q | wc -l
docker volume ls -f "dangling=true" -q | wc -l

# Old build artifacts, temp files, core dumps
find /tmp -type f -mtime +30 | head -20
find / -name "core" -type f 2>/dev/null | head -5

Bloat Source	Where to Look
Logs without rotation	`/var/log/`, application log directories
Old log archives	`.gz` files never cleaned
Docker images and volumes	`docker system df`
Build artifacts	`/tmp`, project build directories
Core dumps	`/`, `/var/crash/`
Package manager cache	`apt clean`, `yum clean all`

Service Bloat

Check	Command	Red Flag
Enabled but unused services	`systemctl list-unit-files --state=enabled`	Services you don’t recognize
Stale reverse proxy configs	`ls /etc/nginx/sites-enabled/`	Sites for apps no longer running
Unused firewall rules	`ufw status` or `iptables -L`	Rules for decommissioned services
Stale cron jobs	`crontab -l`	Jobs for things that moved or stopped
Orphaned containers	`docker ps -a --filter status=exited`	Exited containers piling up

Config Drift

Hand-edited config files with no source of truth
Inconsistent environment variables across applications
One-off fixes never documented (“I’ll remember why I changed this”)
Secrets duplicated in multiple places

Ask: Could you rebuild this server’s configuration from version control alone? If not, what’s missing?

Security Drift

# Users with shell access
grep -v "nologin\|false" /etc/passwd

# SSH keys - do you recognize all of them?
for user_home in /home/*/; do
  [ -f "$user_home.ssh/authorized_keys" ] && echo "=== $(basename $user_home) ===" && cat "$user_home.ssh/authorized_keys"
done

# Packages not updated recently
apt list --upgradable 2>/dev/null | wc -l

# TLS certificate expiry
openssl s_client -connect localhost:443 -servername $(hostname) </dev/null 2>/dev/null | openssl x509 -noout -dates

Drift Type	What to Check
Unused SSH keys	Keys for people who no longer need access
Stale users	Accounts that should have been removed
Overly permissive firewall	Rules broader than necessary
Outdated TLS	Weak ciphers, approaching expiry
Unpatched packages	Security updates pending for weeks

Deliverable: Two lists: “safe to remove now” and “needs planning before removal.”

Phase 4: Hygiene Actions

Golden rule: no “clever” changes during hygiene. Predictable beats smart. Only safe, reversible actions during routine reviews.

Safe Cleanups

Inspect before acting. Review output, then confirm.

# Rotate and prune journal logs
journalctl --vacuum-time=30d
journalctl --vacuum-size=500M

# Show removable packages, then clean
apt --dry-run autoremove
apt autoremove && apt clean

# Show what Docker would prune (images, containers, build cache)
docker system prune --dry-run
docker system prune

Requires judgment - these can destroy data if containers are temporarily stopped:

# Review temp files before deleting
find /tmp -type f -mtime +30 | head -20
# Only delete after reviewing: find /tmp -type f -mtime +30 -delete

# List unused volumes - verify none belong to stopped services you intend to restart
docker volume ls -f "dangling=true"
# Only prune after reviewing: docker volume prune

Stability Improvements

Action	Why
Add log rotation where missing	Prevent disk exhaustion from logs
Set resource limits on containers	Prevent one service from starving others
Add health checks to services	Detect failures before users report them
Configure restart policies	`RestartSec=5`, `Restart=on-failure` for systemd
Document non-obvious decisions	Future you will forget why that cron job exists

Performance Tuning

Only if measurements justify it. Don’t tune what you haven’t measured.

Area	Action	Prerequisite
Worker counts	Adjust based on CPU cores	Know current CPU utilization
DB connections	Tune pool size	Know current connection count vs limit
Compression	Enable gzip/brotli in reverse proxy	Verify CPU headroom
Unnecessary background jobs	Remove or reduce frequency	Know what each job does

Phase 5: Future Readiness

This is where the ritual pays off long-term.

Backup Verification

The question is not “do you have backups” but “can you restore them.”

Check	Status
What is backed up?	Data, config, secrets, or all three?
Backup frequency	Matches your acceptable data loss?
Last restore test	If “never,” schedule one now
Off-server storage	Backups on the same VPS are not backups
Retention and cost	How far back can you go? What does it cost?

For comprehensive backup and recovery planning, see /pb-dr.

Monitoring Coverage

Resource metrics (CPU, RAM, disk) - collected and retained
Application error rates - visible and trended
Uptime checks - external, not self-reported
Log visibility - searchable, not just stored
Alerts - fire when needed, reach someone who can act

For monitoring design guidance, see /pb-observability.

Scaling Headroom

Current capacity: How much headroom before hitting limits?
First bottleneck: What resource runs out first?
Single points of failure: What has no redundancy?
Growth trajectory: At current growth rate, when do you hit limits?

Disaster Questions

Answer honestly:

How long to rebuild this server from scratch?
What steps are manual vs automated?
What secrets would block recovery if lost?
Who else knows how this server works?

If rebuild takes more than a few hours, the system is fragile. See /pb-dr for disaster recovery planning.

Server Manifest Template

Maintain a living document per server. Even a few lines beats nothing.

# Server: [hostname]

**Provider:** [e.g., DigitalOcean, Hetzner, AWS]
**Size:** [CPU, RAM, disk]
**OS:** [distro and version]
**Last review:** [date]

## Services Running
- [service 1] - [purpose] - [deployment method]
- [service 2] - [purpose] - [deployment method]

## Access
- SSH: [who has keys]
- Firewall: [ports open]

## Backups
- [what, where, how often, last tested]

## Known Issues
- [things to watch or fix next time]

Quick Commands

Action	Command
Largest directories	`du -sh /* 2>/dev/null \| sort -hr \| head -10`
Open ports	`ss -tlnp`
Running services	`systemctl list-units --type=service --state=running`
Failed services	`systemctl --failed`
Docker waste	`docker system df`
Journal cleanup	`journalctl --vacuum-time=30d`
Security updates	`apt list --upgradable 2>/dev/null`
TLS expiry	`openssl s_client -connect localhost:443 </dev/null 2>/dev/null \| openssl x509 -noout -dates`
OOM history	`dmesg \| grep -i "out of memory"`

Red Flags

Signs the server needs a hygiene pass now:

“We’ll deal with it when it becomes a problem”
Deploys are getting slower with no code changes
Memory usage “mysteriously” grows between deploys
Nobody knows what’s safe to delete
A restart broke something that was working
Last backup test was “never”

/pb-maintenance - Strategic maintenance patterns and thinking triggers
/pb-hardening - Initial server security setup (run before first deploy)
/pb-dr - Disaster recovery planning and testing
/pb-sre-practices - Toil reduction, error budgets, operational culture
/pb-observability - Monitoring and alerting design

Last Updated: 2026-02-07 Version: 1.0.0

Production systems accumulate entropy. This ritual is how you pay down the interest before it compounds.

Initialize Greenfield Project

Create a meticulous, incremental execution plan for a new project from scratch.

Mindset: Starting a project is an opportunity to question assumptions. Use /pb-preamble thinking (challenge conventions) and /pb-design-rules thinking (choose patterns that serve Simplicity, Clarity, Modularity).

Don’t copy patterns blindly-understand why you’re choosing them. Question conventions if they don’t fit your needs.

Resource Hint: sonnet - project scaffolding follows established patterns and language conventions

When to Use This Command

Starting a new project - Greenfield development from scratch
New microservice - Adding a service to existing architecture
Project restructure - Major reorganization of existing codebase
Technology migration - Rebuilding with new stack/framework

Role

You are a senior engineering lead. Create a lean, practical plan that adds real value without unnecessary complexity.

Planning Scope

Break the plan into clear phases from initiation to first deliverable:

Phase 1: Foundation

Repository initialization (git, .gitignore, LICENSE)
Project structure and folder layout
Package manager setup (go.mod, package.json, pyproject.toml)
Basic configuration files (editor config, linting, formatting)

Phase 2: Development Environment

Local development setup (Makefile, scripts)
Environment variables template (.env.example)
Docker/containerization if needed
IDE configuration (.vscode/, .idea/)

Phase 3: Code Scaffolding

Entry point and main structure
Core packages/modules layout
Configuration loading pattern
Error handling foundation

Phase 4: Quality Gates

Linting configuration
Type checking setup
Test framework and first test
Pre-commit hooks

Phase 5: CI/CD Basics

GitHub Actions or equivalent
Build verification
Test automation
Basic security scanning

Phase 6: Documentation

README with setup instructions
Contributing guidelines
Code of conduct
API documentation structure (if applicable)

Phase 7: Observability Foundation

Logging setup (structured, leveled)
Health check endpoint (if service)
Basic metrics exposure point

Guidelines

Do:

Keep each phase independently completable
Prefer convention over configuration
Use well-maintained, minimal dependencies
Create todos/ folder (gitignored) for dev tracking
Follow language-specific best practices

Don’t:

Over-engineer for hypothetical future needs
Add dependencies “just in case”
Create elaborate abstractions before they’re needed
Skip the quality gates phase

Output Format

For each phase, provide:

## Phase N: [Name]

**Objective:** [What this achieves]

### Tasks
1. [Specific task with command or file to create]
2. [Next task]

### Files Created
- `path/to/file` - [purpose]

### Verification
- [ ] [How to verify this phase is complete]

Language-Specific Patterns

Go

project/
├── cmd/             # Entry points
├── internal/        # Private packages
├── pkg/             # Public packages (if library)
├── api/             # API definitions
├── scripts/         # Build/deploy scripts
├── Makefile
├── go.mod
└── README.md

Node.js/TypeScript

project/
├── src/             # Source code
├── tests/           # Test files
├── scripts/         # Utility scripts
├── package.json
├── tsconfig.json
└── README.md

Python

project/
├── src/project/     # Package source
├── tests/           # Test files
├── scripts/         # Utility scripts
├── pyproject.toml
└── README.md

/pb-repo-organize - Clean up existing repository structure
/pb-repo-readme - Generate comprehensive README
/pb-repo-enhance - Full repository enhancement suite
/pb-plan - Feature/release scope planning
/pb-adr - Architecture decision records

Lean and practical. Value over ceremony.

Organize Repository Structure

Clean up and reorganize the project root for clarity and maintainability.

Approach: Organization is about inviting scrutiny. Use /pb-preamble thinking (structure should invite challenge) and /pb-design-rules thinking (especially Clarity and Modularity: organization should be obvious, not clever).

Clear, obvious organization beats clever categorization. The structure should make it easy for others to find code and understand it.

Resource Hint: sonnet - Repository restructuring with architectural judgment.

When to Use This Command

Project root cluttered - Too many files at top level
Structure unclear - Hard to find things in the codebase
After major changes - Reorganizing after feature additions
Code review feedback - Addressing structure concerns

Objective

Review all files and directories in the project root. Keep only essential files at the top level, move everything else into logical subfolders.

Guidelines

Keep at Root

Essential files that belong at the top level:

README.md           # Project overview
LICENSE             # License file
CHANGELOG.md        # Version history
CONTRIBUTING.md     # Contribution guidelines
CODE_OF_CONDUCT.md  # Community guidelines
SECURITY.md         # Security policy

# Build/Config
Makefile            # Build commands
Dockerfile          # Container definition
docker-compose.yml  # Container orchestration
.env.example        # Environment template

# Language-specific
go.mod / go.sum     # Go modules
package.json        # Node.js
pyproject.toml      # Python
Cargo.toml          # Rust

# Editor/CI
.gitignore
.editorconfig

Move to Subfolders

Content	Destination
Documentation	`/docs`
Shell scripts	`/scripts`
Example code	`/examples`
Internal packages	`/internal`
Static assets	`/assets`
CI/CD configs	`/.github` or `/ci`
Kubernetes/Helm	`/deploy` or `/k8s`

Protected Folders

Do not remove or modify:

/todos - Development tracker (gitignored)
/.git - Version control

GitHub Special Files

GitHub auto-detects certain files in specific locations:

.github/
├── ISSUE_TEMPLATE/
│   ├── bug_report.md
│   └── feature_request.md
├── PULL_REQUEST_TEMPLATE.md
├── FUNDING.yml
├── CODEOWNERS
└── workflows/
    └── ci.yml

# Root level (GitHub detects these)
README.md
LICENSE
CONTRIBUTING.md
CODE_OF_CONDUCT.md
SECURITY.md

Process

Step 1: Audit Current State

# List all root-level files and folders
ls -la

# Find files that might need reorganization
find . -maxdepth 1 -type f | grep -v -E '^\./\.|README|LICENSE|Makefile|go\.|package|pyproject'

Step 2: Create Target Folders

mkdir -p docs scripts examples assets

Step 3: Move Files

# Example moves (adjust for your project)
mv *.sh scripts/           # Shell scripts
mv docs/*.md docs/         # Documentation
mv examples/* examples/    # Example code

Step 4: Update References

Fix any hardcoded paths in code
Update import statements if needed
Verify build still works

Step 5: Verify

# Ensure build passes
make build  # or equivalent

# Ensure tests pass
make test

# Check nothing is broken
git status

Ideal Root Layout

After cleanup, the root should look like:

project/
├── .github/            # GitHub configs
├── cmd/                # Entry points (Go)
├── src/                # Source code
├── internal/           # Private packages
├── pkg/                # Public packages
├── docs/               # Documentation
├── scripts/            # Utility scripts
├── examples/           # Example code
├── assets/             # Static assets
├── deploy/             # Deployment configs
├── todos/              # Dev tracking (gitignored)
│
├── README.md
├── LICENSE
├── CHANGELOG.md
├── Makefile
├── Dockerfile
├── .gitignore
└── [language config]   # go.mod, package.json, etc.

Anti-Patterns to Fix

Problem	Solution
Random scripts at root	Move to `/scripts`
Multiple READMEs	Consolidate or move extras to `/docs`
Config files scattered	Group in root or `/config`
Test fixtures at root	Move to `/testdata` or `/tests/fixtures`
Unused files	Delete them

/pb-repo-init - Initialize new project structure
/pb-repo-enhance - Full repository enhancement suite
/pb-review-hygiene - Codebase quality review

Clean roots lead to clear thinking.

Generate Project README

Write or rewrite a clear, professional, developer-friendly README.

Philosophy: A good README invites scrutiny. Use /pb-preamble thinking (examples and assumptions must be clear) and /pb-design-rules thinking (especially Clarity and Representation: README should make the project’s purpose obvious).

Examples and assumptions must be clear enough that errors are obvious. Unclear READMEs hide problems.

Resource Hint: sonnet - README writing follows structured templates with clear technical examples

When to Use

Creating a README for a new project
Rewriting a stale or unclear README
Preparing a project for open source release
After major feature changes that affect usage or setup

Objective

Create a README that helps developers understand, install, and use the project quickly. Prioritize clarity and practical examples over lengthy explanations.

Tone & Style

Concise, technical, professional
Like well-maintained library documentation
Focus on what it does, why it matters, how to use it
No marketing language, fluff, or AI-sounding phrases
No emojis unless project has established emoji usage
Examples over prose

Structure

1. Title & One-Line Summary

# Project Name

Brief description of purpose (one line).

2. Badges (Optional but Recommended)

[![Build Status](url)](link)
[![Coverage](url)](link)
[![Version](url)](link)
[![License](url)](link)

Common badges by language:

Go: Go Reference, Go Report Card, Coverage
Node: npm version, bundle size, downloads
Python: PyPI version, Python versions, Coverage

3. Overview / Features

What problem it solves
Key capabilities (3-5 bullet points max)
When to use it

4. Installation

Go:

## Installation

```bash
go get github.com/user/project


**Node:**
```markdown
## Installation

```bash
npm install package-name
# or
yarn add package-name


**Python:**
```markdown
## Installation

```bash
pip install package-name


### 5. Quick Start
Minimal runnable example that demonstrates core functionality.

```markdown
## Quick Start

```go
// Minimal example showing primary use case


### 6. Usage / API
- Primary functions or methods
- Configuration options
- Common patterns

### 7. Configuration (if applicable)
- Environment variables
- Config file format
- Default values

### 8. How It Works (Optional)
- Brief architecture or algorithm overview
- Useful for complex projects

### 9. Performance / Benchmarks (Optional)
- Only if performance is a key feature
- Include actual numbers, not claims

### 10. License
```markdown
## License

MIT License - see [LICENSE](LICENSE) for details.

11. Contributing (Optional)

## Contributing

See [CONTRIBUTING.md](CONTRIBUTING.md) for guidelines.

Guidelines

Do:

Keep examples self-contained and runnable
Link to detailed API docs if available
Use syntax-highlighted code blocks
Keep under ~200 lines for libraries

Don’t:

Explain obvious things
Use marketing superlatives
Include implementation details in README
Leave placeholder sections

Template

# Project Name

One-line description of what this does.

[![Build](badge-url)](link) [![Coverage](badge-url)](link)

## Overview

[2-3 sentences: what problem it solves and for whom]

**Key Features:**
- Feature one
- Feature two
- Feature three

## Installation

```bash
[install command]

Quick Start

// Minimal working example

Usage

Basic Usage

// Common use case

Configuration

Option	Type	Default	Description
`option1`	`string`	`""`	What it does

API Reference

[Link to full API docs or brief inline reference]

License

MIT


---

## Language-Specific Notes

### Go
- Link to pkg.go.dev for API reference
- Include Go version requirements
- Show module import path

### Node/TypeScript
- Mention TypeScript support if applicable
- Show both CommonJS and ESM imports if supported
- Note browser vs Node compatibility

### Python
- Specify Python version requirements
- Link to PyPI and ReadTheDocs if available
- Show type hints in examples

---

## Related Commands

- `/pb-repo-about` - Generate GitHub About section
- `/pb-repo-blog` - Write technical blog post
- `/pb-repo-enhance` - Full repository enhancement suite
- `/pb-documentation` - Technical documentation guidance

---

*Clear README, happy developers.*

Generate GitHub About & Tags

Create a concise, search-optimized GitHub “About” description and relevant topic tags.

Principle: Accuracy over cleverness. Use /pb-preamble thinking (honesty over marketing) and /pb-design-rules thinking (especially Clarity and Least Surprise: description should match reality).

Describe what the project actually does, not what you wish it did. Honest descriptions help the right people find you.

Resource Hint: sonnet - Crafting accurate project descriptions and selecting relevant tags.

When to Use

Setting up a new GitHub repository
Refreshing an outdated or vague About section
Improving discoverability after a project pivot or rename

Objective

Write a compelling one-line description (≤160 chars) and suggest discoverable tags for the repository.

About Section Guidelines

Include:

What the project does (primary function)
Who it’s for (target audience)
Key trait (reliable, fast, lightweight, etc.)
Main tech stack or domain if relevant

Avoid:

Marketing buzzwords (“revolutionary”, “next-gen”)
Vague descriptions (“a tool for things”)
Redundant phrases (“written in Go” when Go is tagged)
Starting with “A” or “An”

Examples

Good:

High-performance job queue for Go with Redis backend and at-least-once delivery

Type-safe API client generator from OpenAPI specs for TypeScript

Lightweight feature flag service with real-time updates and audit logging

Bad:

A revolutionary next-generation tool for managing stuff efficiently  [NO]

My awesome project  [NO]

Node.js application  [NO]

Tags Guidelines

Suggest 6-10 tags mixing:

Broad category (e.g., backend, cli, library)
Language/framework (e.g., golang, typescript, react)
Domain (e.g., authentication, payments, devops)
Specific tech (e.g., redis, postgresql, grpc)
Use case (e.g., microservices, serverless, real-time)

Format:

Lowercase
Hyphenated for multi-word (job-queue, feature-flags)
No spaces

Avoid:

Generic: opensource, software, code, project
Redundant: language name if obvious from repo
Overly specific: internal project names

Output Format

About: [Concise 1-line summary, ≤160 chars]

Tags: tag1, tag2, tag3, tag4, tag5, tag6

Process

Step 1: Analyze the Repository

Read README and main source files
Identify primary purpose and functionality
Note the tech stack and dependencies
Understand the target user

Step 2: Draft About

Write 2-3 candidate descriptions
Pick the most specific and clear one
Verify it’s under 160 characters

Step 3: Select Tags

Start with the primary language/framework
Add the main domain or problem space
Include specific technologies used
Add use-case descriptors

Step 4: Validate

Does the About tell someone what this is in 5 seconds?
Would the tags help someone discover this project?
Is anything redundant or vague?

Tag Categories Reference

Category	Examples
Languages	`golang`, `typescript`, `python`, `rust`
Frameworks	`react`, `fastapi`, `gin`, `express`
Domains	`authentication`, `payments`, `analytics`, `devops`
Infrastructure	`kubernetes`, `docker`, `terraform`, `aws`
Databases	`postgresql`, `redis`, `mongodb`, `sqlite`
Patterns	`microservices`, `serverless`, `event-driven`, `rest-api`
Use Cases	`cli`, `library`, `sdk`, `api`, `backend`, `frontend`

/pb-repo-readme - Generate comprehensive README
/pb-repo-enhance - Full repository enhancement suite

Clear description, discoverable tags.

Write Technical Blog Post

Create a crisp, practical technical blog post explaining this project to a technical audience.

Writing principle: Share real decisions, not marketing. Use /pb-preamble thinking (honesty, transparency) and /pb-design-rules thinking (especially Clarity: explain your reasoning, not just your conclusions).

Explain the problems you solved, the trade-offs you made, what you’d do differently. Honest technical writing builds trust.

Resource Hint: sonnet - blog post writing follows a structured outline with code examples and diagrams

When to Use

Announcing a new project or major release
Sharing design decisions and architecture with the community
Creating content for the project’s documentation site

Role

Write as a seasoned technical architect sharing real-world experience - clear, confident, and grounded.

Tone & Style

Do:

Natural, human voice
Professional and concise
First-person plural (“we”) or neutral tone
Explain concepts clearly without fluff
Short, purposeful sentences

Don’t:

Marketing buzzwords or hype
AI-sounding phrases or patterns
Emojis or exclamation marks
Overly casual or overly formal
Exaggerated claims

Structure

1. Title

Descriptive and straightforward. Not clickbait.

# Building a High-Performance Job Queue in Go

2. Introduction

What the project does
Why it exists
What problem it solves
Who it’s for

3. Rationale

Motivation behind the design
Why existing solutions weren’t sufficient
Key constraints or requirements

4. Value Proposition

What makes it worth using:

Simplicity
Performance
Flexibility
Maintainability
Developer experience

5. Architecture Overview

Include a Mermaid diagram showing:

Core components
Data flow
Key interactions

```mermaid
graph LR
    A[Producer] --> B[Queue]
    B --> C[Worker Pool]
    C --> D[Handler]


### 6. Usage Examples
Clear code snippets showing:
- Basic setup
- Common patterns
- Configuration options

### 7. Key Design Decisions
Explain important trade-offs:
- What was chosen and why
- What was explicitly avoided
- Lessons learned

### 8. Real-World Applications
- Where it fits in typical architectures
- Example use cases
- Integration patterns

### 9. Conclusion
- When to use it
- When not to use it
- Potential extensions or future work

---

## Formatting

- Markdown throughout
- Syntax-highlighted code blocks
- Proper section headers (`##`, `###`)
- One or more Mermaid diagrams
- Tables for comparisons

---

## Output

Save as: `docs/TECHNICAL_BLOG.md`

Ready for direct publication or review.

---

## Example Outline

```markdown
# [Project Name]: [Subtitle]

## Introduction

[What problem we're solving and why it matters]

## The Problem

[Specific challenges that led to building this]

## Our Approach

[High-level solution overview]

## Architecture

```mermaid
[Diagram]

[Explanation of components]

Implementation

Core Concepts

[Key abstractions and patterns]

Example Usage

[Code example]

Design Decisions

Decision	Choice	Rationale
[Topic]	[What we chose]	[Why]

Performance

[Benchmarks or performance characteristics]

When to Use This

Good fit:

[Use case 1]
[Use case 2]

Not ideal for:

[Anti-pattern 1]
[Anti-pattern 2]

Conclusion

[Summary and call to action]


---

## Mermaid Diagram Types

**Architecture:**
```mermaid
graph TB
    subgraph "Service Layer"
        A[API Gateway]
        B[Auth Service]
    end
    A --> B

Sequence:

sequenceDiagram
    Client->>Server: Request
    Server->>Database: Query
    Database-->>Server: Result
    Server-->>Client: Response

State:

stateDiagram-v2
    [*] --> Pending
    Pending --> Processing
    Processing --> Completed
    Processing --> Failed

/pb-repo-readme - Generate comprehensive README
/pb-documentation - Technical documentation guidance
/pb-repo-enhance - Full repository enhancement suite

Technical depth, practical focus.

Documentation Site Setup

Transform project documentation into a professional, publicly consumable static site with CI/CD deployment.

Mindset: Documentation sites are the public interface to your project. Apply /pb-preamble thinking (organize for scrutiny, make assumptions visible) and /pb-design-rules thinking (Clarity: obvious navigation; Simplicity: minimal configuration; Robustness: automated deployment).

Resource Hint: sonnet - documentation site setup follows established SSG patterns and CI/CD templates

When to Use

Transformation (existing docs):

Project has markdown docs ready for public consumption
Preparing for open source release or public launch
Documentation needs professional presentation

Greenfield (new project):

Starting a new project that will need public docs
Setting up documentation infrastructure early
Establishing documentation patterns for the team

Architecture Overview

                    DOCUMENTATION SITE
+---------------------------------------------------------------+
|                                                               |
|  +-------------+  +-------------+  +------------------------+ |
|  |  Landing    |  |  Guides     |  |  Reference             | |
|  |  Page       |  |             |  |                        | |
|  |             |  |  - Start    |  |  - API (external link) | |
|  |  - Install  |  |  - Feature1 |  |  - Decision Guide      | |
|  |  - Quick    |  |  - Feature2 |  |  - Migration           | |
|  |    Example  |  |  - Feature3 |  |  - Changelog           | |
|  +-------------+  +-------------+  +------------------------+ |
|                                                               |
|  +-----------------------------------------------------------+|
|  |  Hero Narrative (building-project.md)                     ||
|  |  - Design philosophy, architecture, trade-offs            ||
|  |  - Mermaid diagrams, code examples                        ||
|  +-----------------------------------------------------------+|
|                                                               |
|  +-------------+  +-------------+                             |
|  | Contributing|  |  Security   |                             |
|  +-------------+  +-------------+                             |
|                                                               |
+---------------------------------------------------------------+

CI/CD Deployment Flow

+------------------+
|  docs/** change  |
+--------+---------+
         |
         v
+------------------+     +------------------+
|  Push to main    |---->|  GitHub Actions  |
+------------------+     |  triggered       |
                         +--------+---------+
         +------------------------+------------------------+
         |                                                 |
         v                                                 v
+------------------+                            +------------------+
|  PR to main      |                            |  Push to main    |
|  (validation)    |                            |  (deployment)    |
+--------+---------+                            +--------+---------+
         |                                               |
         v                                               v
+------------------+                            +------------------+
|  Build only      |                            |  Build + Deploy  |
|  (no deploy)     |                            |  to GitHub Pages |
+------------------+                            +--------+---------+
                                                         |
                                                         v
                                                +------------------+
                                                |  Site live at    |
                                                |  user.github.io/ |
                                                |  project/        |
                                                +------------------+

Tech Stack Selection

Choose static site generator based on project language:

Project Language	Recommended SSG	Theme	API Reference
Go	Hugo	hugo-book	pkg.go.dev
Python	MkDocs	Material	readthedocs.io or PyPI
Node.js	Docusaurus	Classic	npmjs.com
React/Next.js	Docusaurus	Classic	npmjs.com
Rust	mdBook	default	docs.rs
Generic	Hugo or Docusaurus	-	Project-specific

Selection criteria:

Hugo: Fast builds, no runtime dependencies, best for Go projects
MkDocs: Polished Material theme, Python ecosystem integration
Docusaurus: React-based, versioning built-in, best for JS/TS projects

All support Mermaid diagrams natively or via plugin.

Phase Workflow

Phase 1: Infrastructure          Phase 2: Migration
+---------------------+         +---------------------+
| - Initialize SSG    |         | - Rename files      |
| - Add theme         |-------->| - Add front matter  |
| - Configure         |         | - Update links      |
| - Create CI/CD      |         | - Create placeholders|
| - Enable Pages      |         +---------+-----------+
+---------------------+                   |
                                          v
Phase 4: Hygiene                 Phase 3: Content
+---------------------+         +---------------------+
| - README updates    |<--------| - Rewrite prose     |
| - Test coverage     |         | - Verify code       |
| - Link verification |         | - Convert mermaid   |
+---------+-----------+         | - Create new guides |
          |                     +---------------------+
          v
Phase 5: Release
+---------------------+
| - Final review      |
| - Quality gates     |
| - CHANGELOG update  |
| - Deploy            |
+---------------------+

Phase 1: Infrastructure Setup

Task Checklist

Initialize static site generator (see Appendix A)
Add theme with mermaid support
Create configuration file
Create GitHub Actions workflow (see Appendix B)
Configure GitHub Pages (source: Actions)
Create minimal landing page
Update .gitignore for generated files
Verify local build works
Verify mermaid renders

GitHub Pages Configuration

Via GitHub UI:

Settings > Pages
Source: GitHub Actions
Save

Via gh CLI:

gh api -X PUT repos/OWNER/REPO/pages \
  -f build_type=workflow

Phase 2: Content Migration

Task Checklist

Create directory structure
Rename files to lowercase-hyphenated
Add front matter to all files
Update internal links
Remove internal-only docs
Create placeholder files for new content

File Naming Convention

All lowercase, hyphenated, URL-friendly:

ALLCAPS.md           →  lowercase.md
GETTING_STARTED.md   →  getting-started.md
DECISION_GUIDE.md    →  decision-guide.md
API_Reference.md     →  api-reference.md

Standard Structure

docs/
├── [config file]              # hugo.toml / mkdocs.yml / docusaurus.config.js
├── content/                   # or docs/ depending on SSG
│   ├── _index.md              # Landing page
│   ├── getting-started.md     # Quick start guide
│   ├── building-[project].md  # Hero narrative
│   ├── [feature-1].md         # Component guide
│   ├── [feature-2].md         # Component guide
│   ├── decision-guide.md      # When to use what
│   ├── migration.md           # Version migration
│   ├── contributing.md        # Contribution guide
│   ├── security.md            # Security policy
│   └── changelog.md           # Release history
└── [theme/static assets]

Content Migration Map

Existing File	Action	New Location
README.md	Extract essence	_index.md
GETTING_STARTED.md	Rename + rewrite	getting-started.md
TECHNICAL_*.md	Hybrid rewrite	building-[project].md
*_GUIDE.md	Rename + expand	[topic].md
CONTRIBUTING.md	Rename + polish	contributing.md
SECURITY.md	Rename	security.md
CHANGELOG.md	Rename	changelog.md
TEST_*.md	Remove	(internal only)
*_INTERNAL.md	Remove	(internal only)

Phase 3: Content Rewrite

Editorial Guidelines

Apply /pb-documentation standards:

Voice: Direct. Declarative. Professional architect.

Prohibited:

Emojis (anywhere)
“You might want to”, “consider”, “it’s worth noting”
“Powerful”, “elegant”, “simple”, “easy”
Excessive hedging or caveats
First person plural marketing (“We believe…”)

Required:

Code examples that compile/run
Current API usage (not deprecated)
Error handling in examples
Links to examples/ for full implementations
Links to external API reference (not embedded)

Content Checklist by Page

Landing Page (_index.md):

One-line project description
Installation command
10-line quick example
Links to guides and external references

Getting Started (getting-started.md):

Prerequisites
Installation
First working example
Links to component guides

Hero Narrative (building-[project].md):

Design philosophy
Architecture overview (mermaid)
Key decisions and trade-offs
Real-world use cases
When to use / when not to use

Component Guides ([feature].md):

When to use this component
Configuration options
Code examples
Common patterns
Link to examples/

Decision Guide (decision-guide.md):

Component comparison table
Use case scenarios
Configuration recommendations

Mermaid Diagram Patterns

Architecture Overview:

graph TB
    subgraph "Layer 1"
        A[Component A]
        B[Component B]
    end
    subgraph "Layer 2"
        C[Component C]
    end
    A --> C
    B --> C

Sequence Diagram:

sequenceDiagram
    participant Client
    participant Server
    participant Database

    Client->>Server: Request
    Server->>Database: Query
    Database-->>Server: Result
    Server-->>Client: Response

Decision Flowchart:

flowchart TD
    A[Start] --> B{Need X?}
    B -->|Yes| C[Use Component A]
    B -->|No| D{Need Y?}
    D -->|Yes| E[Use Component B]
    D -->|No| F[Use Component C]

Phase 4: Hygiene

Task Checklist

README: Document all make/npm/poetry targets
README: Update documentation links to new site
Links: Verify all external links work
Examples: Ensure examples/ code runs
Build: No warnings during build

Link Verification

# Build and check for broken links
npx broken-link-checker https://USER.github.io/PROJECT/ --recursive

Phase 5: Review and Release

Final Checklist

Full site review (all pages)
Mobile responsiveness check
Mermaid diagrams render correctly
All code examples verified
No emojis in content
No hedging language
External links work
Quality gates pass (lint, test, build)
CHANGELOG updated
PR created and merged
Site deployed and accessible

Verification Commands

# Build locally
cd docs && [hugo serve | mkdocs serve | npm start]

# Check for prohibited content
grep -ri "you might" docs/content/
grep -ri "consider" docs/content/

# Verify deployment
curl -s -o /dev/null -w "%{http_code}" https://USER.github.io/PROJECT/

Linking Strategy

Resource	Approach
API Reference	Link to canonical source
Code Examples	Link to examples/ directory
Source Code	Link to GitHub
Related Projects	Link to their docs

Canonical API Reference by Language

Language	Canonical Source
Go	pkg.go.dev
Python	readthedocs.io or PyPI
Node.js	npmjs.com
Rust	docs.rs
Java	javadoc.io

Anti-Patterns

Don’t	Do Instead
Embed full API docs	Link to pkg.go.dev/PyPI/npm
Embed example code	Link to examples/ directory
Use ALLCAPS.md filenames	Use lowercase-hyphenated.md
Include internal docs	Remove or move to separate location
Write marketing copy	Write technical documentation
Use emojis for emphasis	Use clear prose
Say “simple” or “easy”	Let simplicity speak for itself
Duplicate content	Single source of truth

Troubleshooting

Common Issues

Build fails with theme not found:

# Hugo: Initialize submodules
git submodule update --init --recursive

# MkDocs: Install theme
pip install mkdocs-material

# Docusaurus: Install dependencies
cd docs && npm install

Mermaid diagrams not rendering:

Hugo: Ensure shortcode syntax {{</* mermaid */>}}
MkDocs: Enable pymdownx.superfences with mermaid fence
Docusaurus: Add @docusaurus/theme-mermaid to config

GitHub Pages 404:

Check baseURL matches actual deployment path
Ensure _index.md (Hugo) or index.md exists
Verify Actions workflow completed successfully

CI deploys but site not updating:

Check GitHub Pages source is set to “GitHub Actions”
Clear browser cache
Wait for CDN propagation

Deferred Items

Item	When to Consider
Versioned documentation	When major version releases
Search functionality	When docs exceed 20 pages
API reference generation	When canonical source insufficient
Internationalization	When international user base exists
Custom domain	When branding requires it

Success Criteria

Site live at USER.github.io/PROJECT
All pages complete with professional tone
Mermaid diagrams render correctly
CI/CD deploys on push to main
PRs validate docs changes
No hygiene review blockers

Example Invocation

Transform this project's docs/ into a professional documentation site.

Project: [name]
Language: [Go/Python/Node.js/etc.]
Current docs: [list of existing files]

Requirements:
- GitHub Pages hosting
- Mermaid diagram support
- CI/CD automation

Please analyze current docs and create a transformation plan.

For greenfield:

Set up documentation infrastructure for a new [language] project.

Project: [name]
Expected docs: getting-started, architecture, API guide

Requirements:
- GitHub Pages hosting
- Mermaid support
- CI/CD from day one

/pb-repo-enhance - Full repository polish suite (includes docsite as one task)
/pb-repo-readme - README enhancement (complementary)
/pb-documentation - Writing standards for documentation content
/pb-review-docs - Review documentation quality
/pb-ship - Ship the documentation release

Appendix A: Tech-Specific Setup

Hugo (Go Projects)

Initialize:

cd docs
hugo new site . --force
git submodule add https://github.com/alex-shpak/hugo-book themes/hugo-book

Configuration (docs/hugo.toml):

baseURL = 'https://USER.github.io/PROJECT/'
languageCode = 'en-us'
title = 'Project Name'
theme = 'hugo-book'

[params]
  BookTheme = 'auto'
  BookToC = true
  BookRepo = 'https://github.com/USER/PROJECT'

[markup.goldmark.renderer]
  unsafe = true

Mermaid syntax:

{{</* mermaid */>}}
graph TB
    A --> B
{{</* /mermaid */>}}

Build command: hugo --minify --source docs

Output directory: docs/public

MkDocs (Python Projects)

Initialize:

pip install mkdocs mkdocs-material mkdocs-mermaid2-plugin
mkdocs new .

Configuration (mkdocs.yml):

site_name: 'Project Name'
site_url: 'https://USER.github.io/PROJECT/'
repo_url: 'https://github.com/USER/PROJECT'

theme:
  name: material
  palette:
    scheme: auto

plugins:
  - search
  - mermaid2

markdown_extensions:
  - pymdownx.superfences:
      custom_fences:
        - name: mermaid
          class: mermaid
          format: !!python/name:mermaid2.fence_mermaid

Mermaid syntax:

```mermaid
graph TB
    A --> B
```

Build command: mkdocs build

Output directory: site/

Docusaurus (Node.js/React Projects)

Initialize:

npx create-docusaurus@latest docs classic
cd docs
npm install @docusaurus/theme-mermaid

Configuration (docusaurus.config.js):

module.exports = {
  title: 'Project Name',
  url: 'https://USER.github.io',
  baseUrl: '/PROJECT/',

  themes: ['@docusaurus/theme-mermaid'],
  markdown: {
    mermaid: true,
  },
};

Mermaid syntax:

```mermaid
graph TB
    A --> B
```

Build command: cd docs && npm run build

Output directory: docs/build

Front Matter Templates

Hugo:

---
title: "Page Title"
weight: 10
---

MkDocs: (uses nav in mkdocs.yml, minimal front matter)

---
title: Page Title
---

Docusaurus:

---
sidebar_position: 1
title: Page Title
---

Appendix B: GitHub Actions Workflow

Hugo Workflow

# .github/workflows/docs.yml
name: Deploy Documentation

on:
  push:
    branches: [main]
    paths:
      - 'docs/**'
      - '.github/workflows/docs.yml'
  pull_request:
    branches: [main]
    paths:
      - 'docs/**'
  workflow_dispatch:

permissions:
  contents: read
  pages: write
  id-token: write

concurrency:
  group: "pages"
  cancel-in-progress: false

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
          fetch-depth: 0

      - name: Setup Hugo
        uses: peaceiris/actions-hugo@v3
        with:
          hugo-version: 'latest'
          extended: true

      - name: Build
        run: hugo --minify --source docs

      - name: Setup Pages
        uses: actions/configure-pages@v5

      - name: Upload artifact
        uses: actions/upload-pages-artifact@v3
        with:
          path: ./docs/public

  deploy:
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v4

MkDocs Workflow

# .github/workflows/docs.yml
name: Deploy Documentation

on:
  push:
    branches: [main]
    paths:
      - 'docs/**'
      - 'mkdocs.yml'
      - '.github/workflows/docs.yml'
  pull_request:
    branches: [main]
    paths:
      - 'docs/**'
      - 'mkdocs.yml'
  workflow_dispatch:

permissions:
  contents: read
  pages: write
  id-token: write

concurrency:
  group: "pages"
  cancel-in-progress: false

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - uses: actions/setup-python@v5
        with:
          python-version: '3.x'

      - name: Install dependencies
        run: pip install mkdocs mkdocs-material mkdocs-mermaid2-plugin

      - name: Build
        run: mkdocs build

      - name: Setup Pages
        uses: actions/configure-pages@v5

      - name: Upload artifact
        uses: actions/upload-pages-artifact@v3
        with:
          path: ./site

  deploy:
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v4

Docusaurus Workflow

# .github/workflows/docs.yml
name: Deploy Documentation

on:
  push:
    branches: [main]
    paths:
      - 'docs/**'
      - '.github/workflows/docs.yml'
  pull_request:
    branches: [main]
    paths:
      - 'docs/**'
  workflow_dispatch:

permissions:
  contents: read
  pages: write
  id-token: write

concurrency:
  group: "pages"
  cancel-in-progress: false

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
          cache-dependency-path: docs/package-lock.json

      - name: Install dependencies
        run: cd docs && npm ci

      - name: Build
        run: cd docs && npm run build

      - name: Setup Pages
        uses: actions/configure-pages@v5

      - name: Upload artifact
        uses: actions/upload-pages-artifact@v3
        with:
          path: ./docs/build

  deploy:
    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
    environment:
      name: github-pages
      url: ${{ steps.deployment.outputs.page_url }}
    runs-on: ubuntu-latest
    needs: build
    steps:
      - name: Deploy to GitHub Pages
        id: deployment
        uses: actions/deploy-pages@v4

Documentation is the user interface for developers. Make it professional.

Repository Enhancement Suite

Comprehensive repository polish: organize, document, and present.

Meta-perspective: Enhancing a repository is about making it easy for others to understand it and challenge it. Use /pb-preamble thinking (organize for scrutiny, document for error-detection) and /pb-design-rules thinking (Clarity, Modularity, Representation: repository should be obviously organized).

Organize for scrutiny. Document clearly. Present honestly. Let others understand and challenge your work.

Resource Hint: sonnet - repository enhancement orchestrates structured tasks across organization, docs, and presentation

When to Use

Preparing a repository for public release or open source
Periodic repository polish after a development milestone
When the repo looks unprofessional or is hard to navigate
Before onboarding new team members

Objective

Transform a working repository into a polished, professional, discoverable project. Combines organization, documentation, and presentation tasks.

Workflow

PHASE 1         PHASE 2         PHASE 3         PHASE 4
AUDIT           ORGANIZE        DOCUMENT        PRESENT
│               │               │               │
├─ List files   ├─ Create dirs   ├─ Write README  ├─ GitHub About
├─ Count root   ├─ Move files    ├─ Tech blog     ├─ Topic tags
├─ Tree view    ├─ Update paths  ├─ CHANGELOG     └─ Add badges
│               ├─ Verify build  └─ CONTRIBUTING
└─ Establish    │
   current      └─ pb-repo-organize
   state
                TASK 1: Organization
                ↓
                TASK 2: GitHub About ← pb-repo-about
                ↓
                TASK 3: README ← pb-repo-readme
                ↓
                TASK 4: Blog Post ← pb-repo-blog
                ↓
                TASK 5: Doc Site (Optional) ← pb-repo-docsite
                ↓
             Ready for review/launch

Tasks

1. Repository Organization

Reference: /pb-repo-organize

Clean up project root
Move files to logical folders (/docs, /scripts, /examples)
Keep only essential files at root
Preserve /todos directory (gitignored)
Ensure GitHub special files are in correct locations

2. GitHub About & Tags

Reference: /pb-repo-about

Write concise About section (≤160 chars)
Describe what, who, and key trait
Include main tech stack
Select 6-10 relevant, discoverable tags

3. README Enhancement

Reference: /pb-repo-readme

Clear, professional structure
Quick start example that works
Installation instructions
API reference or usage guide
Badges for build status, coverage, version

4. Technical Blog Post

Reference: /pb-repo-blog

Create docs/TECHNICAL_BLOG.md:

Introduction and rationale
Architecture with Mermaid diagram(s)
Code examples
Design decisions
Real-world applications
Practical conclusion

5. Documentation Site (Optional)

Reference: /pb-repo-docsite

Transform docs into professional static site:

Choose SSG based on project language (Hugo/MkDocs/Docusaurus)
Set up CI/CD for GitHub Pages
Migrate existing markdown docs
Add Mermaid diagram support

Process

Phase 1: Audit

# Current state
ls -la
tree -L 2 -d  # or: find . -type d -maxdepth 2

# File count at root
find . -maxdepth 1 -type f | wc -l

Phase 2: Organize

Create target directories
Move files to appropriate locations
Update any hardcoded paths
Verify build and tests pass

Phase 3: Document

Write or update README
Create technical blog post
Ensure CHANGELOG exists
Add/update CONTRIBUTING.md if needed

Phase 4: Present

Craft GitHub About section
Select topic tags
Add badges to README
Verify GitHub renders correctly

Phase 5: Verify

# Build passes
make build

# Tests pass
make test

# No broken links in docs
# README renders correctly
# About section displays properly

Output Checklist

After enhancement, verify:

Structure:

Clean root with only essential files
Logical folder organization
GitHub special files in correct locations
/todos preserved and gitignored

Documentation:

README is clear and complete
Technical blog post created
CHANGELOG exists
LICENSE present

Presentation:

About section is compelling
Tags are relevant and discoverable
Badges display correctly
Repository looks professional

Quality Standards

Tone:

Professional, not salesy
Technical, not condescending
Concise, not verbose

Content:

Examples that work
Accurate technical details
No placeholder text
No AI-sounding phrases

Structure:

Consistent formatting
Proper Markdown
Working links
Rendered correctly on GitHub

Anti-Patterns to Avoid

Problem	Solution
Cluttered root	Organize into folders
Vague README	Add examples and specifics
Missing About	Write compelling description
No tags	Add 6-10 relevant tags
Broken badges	Fix URLs or remove
Stale docs	Update or remove

/pb-repo-init - Initialize new project structure
/pb-repo-organize - Clean up repository structure
/pb-repo-docsite - Set up documentation site
/pb-repo-polish - Audit AI discoverability (scorecard after enhance)

Professional repository, professional impression.

Repository AI Discoverability Audit

Audit a repository’s visibility to AI coding agents and developer search.

Mindset: AI agents are becoming the primary way developers discover libraries. A functionally strong library that scores poorly on machine-readable signals will never get recommended. This command measures the gap between code quality and discoverability – and surfaces what polish can fix vs. what requires usage evidence that polish alone cannot create.

Resource Hint: sonnet – structured audit with concrete rubrics, optional content drafting

When to Use

Before publishing or promoting a library
Periodic audit of existing public repositories
After /pb-repo-enhance to measure remaining discoverability gaps
When a library has low adoption despite solid code
Fleet-wide audit across an org (--status mode)

Objective

Produce a scorecard measuring how well a repository converts when discovered by AI agents or developer search. Five scored dimensions (0-3 each, max 15) plus an informational usage evidence section that honestly surfaces what polish cannot fix.

Invocations

/pb-repo-polish owner/repo           Full audit: scorecard + action items
/pb-repo-polish owner/repo --draft   Audit + generate content drafts (llms.txt, README sections)
/pb-repo-polish --status             Fleet view: which repos polished, scores

Review Checklist

Dimension 1: Search Term Alignment (0-3)

Does the description, README, and topics contain the words developers actually search?

Score	Criteria
0	Description is generic or missing (“A Go library”)
1	Description names the category (“circuit breaker for Go”)
2	Description + README first line contain likely search terms
3	Description + README + topics all hit the search terms a developer would use

How to assess: Think about what a developer would type into Google, pkg.go.dev, npm, or ask an AI agent. Compare those terms against the repo’s description, README opening paragraph, and GitHub topics. Misalignment here is the highest-ROI fix for small libraries.

Dimension 2: README Machine-Readability (0-3)

Can an AI agent extract what this library does, how to install it, and when to use it from the README alone?

Score	Criteria
0	No README or stub
1	Has description and install command
2	Above + working example with imports within first 60 lines
3	Above + “when to use this” section and standalone first paragraph

How to assess: Read the README as if you have zero context. Can you answer: what does it do, how do I install it, show me an example, when should I use this vs. alternatives? Each missing answer costs a point.

Dimension 3: Registry Presence (0-3)

Is the library findable and current on the expected package registry?

Score	Criteria
0	Not on expected registry
1	Published but stale (local version ahead) or module path issue
2	Published, current, but no importers/downloads visible
3	Published, current, correct path, visible on registry search

How to assess:

Go: check pkg.go.dev/{module} – is it indexed? Is the latest version shown? Is the module path correct (especially /v2 suffixes)?
Node: check npmjs.com/package/{name} – is it published? Is the latest version current?
Other: check the language-appropriate registry

Dimension 4: Metadata Completeness (0-3)

Does GitHub metadata make the repo discoverable and credible at a glance?

Score	Criteria
0	No description or topics
1	Description exists, <3 topics
2	Description + 3-4 topics + license
3	Keyword-rich description + 5+ relevant topics + license + homepage

How to assess: Run gh repo view owner/repo --json description,repositoryTopics,licenseInfo,homepageUrl and evaluate against the rubric. Topics should include the language, the problem domain, and the specific technique.

Dimension 5: Examples Quality (0-3)

Can a developer copy-paste a working example without reading the full source?

Score	Criteria
0	No examples anywhere
1	README has inline examples but no `examples/` directory
2	`examples/` dir exists with 1+ example
3	`examples/` dir with 3+ problem-oriented examples, all runnable with imports

How to assess: Check for examples/ directory. If it exists, verify examples compile/run and have complete import statements. Problem-oriented means each example solves a specific use case, not just “basic usage.”

Dimension 6: Usage Evidence (informational, not scored)

Surface the signals that polish cannot create. This section is honest about what metadata improvements can and cannot do.

What to check:

Dependents count (pkg.go.dev “Imported by” or npm dependents)
Download stats (npm weekly downloads)
External references (blog posts, Stack Overflow mentions, conference talks)
Stars and forks (weak signal but still signal)

Scoring

Max score: 15 (5 dimensions x 3 points each)

Tier	Score	Meaning
Ship-ready	13-15	Metadata is strong. Focus shifts to usage evidence.
Functional but invisible	9-12	Code works, but AI agents and search won’t find or recommend it.
Significant gaps	5-8	Missing basics. Fix before any promotion effort.
Not ready	0-4	Needs `/pb-repo-enhance` first.

Deliverables

Scorecard (always produced)

## AI Discoverability Scorecard: {owner}/{repo}

| # | Dimension | Score | Notes |
|---|-----------|-------|-------|
| 1 | Search Term Alignment | X/3 | {specific finding} |
| 2 | README Machine-Readability | X/3 | {specific finding} |
| 3 | Registry Presence | X/3 | {specific finding} |
| 4 | Metadata Completeness | X/3 | {specific finding} |
| 5 | Examples Quality | X/3 | {specific finding} |
|   | **Total** | **X/15** | **{tier}** |

## Usage Evidence

Dependents: N (pkg.go.dev) / N (npm)
Downloads: ~N/week (npm only)
External references: {found or "none found"}

Note: Metadata polish improves conversion but not discovery.
For this repo to be recommended by AI agents, it needs usage
evidence: blog posts, SO answers, or dependents that reference it.

Action Items (always produced)

Ordered by impact. Each item is concrete and actionable:

## Action Items (ordered by impact)

1. **[Dim X]** {Specific action} - {why this moves the score}
2. **[Dim X]** {Specific action} - {why this moves the score}
...

Content Drafts (–draft flag only)

When --draft is passed, produce these after the scorecard:

1. llms.txt draft (P2 – experimental format, not widely consumed yet):

# {name}
> {one-line from description}

## What it does
{2-3 sentences}

## Install
{install command}

## Quick start
{minimal working example}

## API
{key functions/types}

## When to use this
{use cases}

## When NOT to use this
{anti-use-cases, alternatives}

2. README “When to use this” section – comparison anchor against the dominant alternative. Format:

## When to Use This

Use {name} when you need {specific scenario}.

**Choose {name} over {alternative} when:**
- {differentiator 1}
- {differentiator 2}

**Choose {alternative} instead when:**
- {scenario where alternative wins}

3. Description improvement – if search terms are missing from the current description, draft a better one (max 160 chars).

4. Metadata fix commands – exact gh repo edit commands:

gh repo edit owner/repo --description "new description"
gh repo edit owner/repo --add-topic topic1 --add-topic topic2

Fleet View (–status mode)

## AI Discoverability Status: {org}

| Repo | Score | Tier | Last Audited | Top Gap |
|------|-------|------|-------------|---------|
| repo-1 | 12/15 | Functional | 2026-03-01 | Examples |
| repo-2 | 8/15 | Gaps | 2026-02-15 | Search terms |
| repo-3 | -- | Not audited | -- | -- |

Process

Step 1: Gather Data

# Repository metadata
gh repo view owner/repo --json description,repositoryTopics,licenseInfo,homepageUrl

# README content
gh api repos/owner/repo/readme --jq '.content' | base64 -d

# Check for examples directory
gh api repos/owner/repo/contents/examples 2>/dev/null

# Registry check (Go)
# Visit pkg.go.dev/{module-path}

# Registry check (Node)
# Visit npmjs.com/package/{name}

Step 2: Score Each Dimension

Walk through each dimension’s rubric. Be precise – score what exists, not what could exist.

Step 3: Identify Search Terms

Think like a developer searching for this type of library:

What problem are they solving?
What words would they type?
Compare against description, README first paragraph, and topics

Step 4: Produce Scorecard + Action Items

Use the deliverable templates above. Action items ordered by score impact (biggest gaps first).

Step 5: Draft Content (–draft only)

Generate llms.txt, “When to use this” section, improved description, and gh repo edit commands.

Anti-Patterns to Avoid

Problem	Solution
Scoring on vibes	Use the rubric criteria exactly
Inflating scores to be nice	A 2 is not a 3. Be honest.
Pretending polish fixes adoption	Usage evidence section exists for this reason
Auditing project health (CI, tests)	That’s `/pb-review-hygiene` territory
Writing final content in audit mode	Audit scores and suggests. `--draft` generates.
Generic action items (“improve README”)	Be specific: “Add install command before line 20”

/pb-repo-enhance – Full repository polish (organize + docs + presentation)
/pb-repo-about – Generate GitHub About section + tags
/pb-repo-readme – Write or rewrite project README
/pb-repo-organize – Clean up project root structure

Discoverable repo, discoverable library.

Zero-Stack App Initiation ($0/month Architecture)

A thinking tool for building Gists - small, calm apps that give you the essential point. You visit, get the gist, move on. Zero cost. Zero servers. Zero monthly bills.

A Gist is any app that fits the zero-stack topology: static site, optional edge proxy, CI pipeline. Two vendor accounts. The only fixed cost: domain registration (~$10-15/year) if you want a custom domain - the *.pages.dev default is free.

What fits: API dashboards, personal tools, form-based collectors, note-taking apps, display-only pages, data visualizers - anything that runs on static hosting with optional edge compute. Read-heavy, write-light, or user-content. The topology is the constraint, not the content type.

Not every Gist fits the “visit, get the point, leave” pattern - a personal notes app fits the topology but is a tool you return to. That’s fine. “Gist” describes the deployment shape, not the interaction pattern.

A structured conversation that takes an idea (or PRD) and walks through the product, data, design, and content decisions that produce a tailored project scaffold - not a generic template you fork and gut.

Mindset: Apply /pb-preamble thinking - challenge whether the idea fits this topology before committing to it. Apply /pb-design-rules thinking - the topology is simple by default, modular, and fails noisily. Apply /pb-calm-design thinking - Gists respect user attention by default.

Resource Hint: opus - the conversation makes product architecture decisions (fit, tier, data paths, trust, CSP). Scaffold generation is pattern application.

When to Use

Building a small app that should cost $0/month to run
API-backed dashboard or data display (public data, no auth)
Personal tool - notes, trackers, calculators, generators
Simple form submission (contact form, feedback widget, survey)
Display-only content (portfolio, landing page, static info)
Side project where production architecture shouldn’t mean production ops burden
Starting from an idea, not a template

When NOT to Use

Real-time collaboration or WebSocket-heavy - use /pb-repo-init + /pb-patterns-async
Complex relational data or SQL queries - use /pb-repo-init + /pb-patterns-db
OAuth flows, user accounts, or session management - use /pb-repo-init
Dynamic file uploads from users or media processing - use /pb-repo-init
SSR required - this topology serves static files at the edge

If the idea doesn’t fit, redirect early. Don’t force the topology.

Near-misses that still fit: A contact form can POST to a Worker or external handler (Formspree, Netlify Forms). localStorage persistence works for personal tools. Optional auth via Cloudflare Access is fine for admin pages. Static data sources skip the proxy entirely. If the adaptation is small, proceed. If it reshapes the architecture, redirect.

The Topology

Every zero-stack app has the same base shape. The complexity tier determines which pieces are active:

┌──────────────┐    ┌──────────────────┐    ┌──────────────┐
│  Static Site │    │  Edge API Proxy   │    │  CI Pipeline │
│  (CF Pages)  │◄──►│  (CF Worker + KV) │    │  (GH Actions)│
└──────────────┘    └──────────────────┘    └──────────────┘
       │                     │                      │
       └─────────────────────┴──────────────────────┘
                    Two vendor accounts
                  (Cloudflare + GitHub)

This is what makes it a pattern, not a collection of choices. The topology is fixed. Choices within it are flexible. A Gist is any app that fits this topology.

Complexity Tiers

Not every Gist needs every piece. The data source, update frequency, and scale determine the tier:

Tier	When	What’s Active	Framework
Minimal	No external data, personal use, display-only	Static site + CI only	Plain HTML/CSS/JS - no framework, no build tools
Standard	External API (keyless) or user-content with persistence	Static site + optional Worker	Astro (file-based routing, zero JS default)
Full	API with key, hourly+ freshness, or public scale	Static site + Worker + KV + cron	Astro + Workers + KV + GitHub Actions cron

The tier emerges from the conversation. Don’t ask “what tier do you want?” - determine it from the product decisions. Personal tool with no API? Minimal. Weather dashboard with public API? Standard. News aggregator with hourly updates? Full.

Tier escalation signals:

API key required → needs Worker proxy (standard → full)
Hourly or real-time freshness → needs cron + KV (full)
Public scale with external data → needs Worker proxy (standard → full)
Multi-page with routing → standard minimum (Astro file-based routing)
User-saves-data with multi-user → standard minimum (needs storage backend)

Calm by Default

The topology enforces calm design (see /pb-calm-design). Non-negotiable defaults:

Silence during normal operation - data appears or shows a stale timestamp. No “refreshing…” banners. Live proxy path: stale-first rendering (show cached, update in place).
Stale over empty - if the cache is old, show it with a timestamp. Never show an empty page when you have cached data.
Status in the periphery - “Last updated 3 hours ago” in the footer, not a toast notification.
Works on first visit - no onboarding, no configuration, no “sign up to see data.”
Graceful offline - PWA serves cached data with clear staleness indicator. No error walls.
Transitions are opt-in - if used: subtle (150-200ms), functional (communicates state change), and disabled under prefers-reduced-motion.

Trust Boundaries

Every Gist has clear trust boundaries. Name them explicitly in the scaffold:

Boundary	Trust Level	Enforcement
User input (forms, URL params)	Untrusted	Validate at entry, sanitize for display
External API responses	Semi-trusted	Validate shape before caching, sanitize before rendering
KV cache reads	Trusted (we wrote it)	Still validate shape (schema may have changed between deploys)
Worker ↔ Pages	Trusted (same origin)	CORS same-origin, no extra auth needed
sessionStorage/localStorage	Semi-trusted	Try-catch all access (private browsing, storage disabled)

DOM safety: Never use innerHTML with dynamic content. Use textContent or DOM APIs (createElement, setAttribute). Hard rule - referenced in Ship Gate and Anti-Patterns.

Phase A: Shape (One Session)

Goal: idea to working local dev with mock data. No accounts needed.

Persona hint: If the builder is new to development (using an AI coding assistant), keep product sections jargon-free. Technical detail lives in the scaffold spec where the assistant consumes it. Thread this awareness through each step - the builder needs to understand what their app will include; the assistant handles how.

Step 1: Product Brief & Fit

Start with the product, not the technology. If the user has a PRD, extract these answers from it. If they have an idea, ask:

What are you building? (one sentence)
> ___

Who is this for?  (just me, friends/team, public?)
> ___

What's the headline value in 5 seconds?  (AQI is 42, next bus in 3 min, my notes organized)
> ___

Where does the data come from?
  □ External API (public, no key needed)
  □ External API (requires API key)
  □ User creates content (forms, notes, entries)
  □ Display-only (static content, portfolio, landing page)
  □ Mixed (API data + user input)
> ___

How often does the data change?  (real-time, hourly, daily, rarely, user-driven)
> ___

When do they come back?  (daily habit, event-driven, seasonal, one-time)
> ___

These answers - audience, headline value, data source, freshness, return pattern - drive every subsequent decision. Pin them before moving on.

Data source taxonomy:

Data Source	Description	Typical Tier	Data Path
`public-api`	External API, no key	Standard	Browser fetches directly (CORS-friendly)
`keyed-api`	External API, key required	Full	Worker proxy hides key, caches in KV
`rss-feed`	RSS/Atom feed (news, blogs)	Standard	Fetch XML, parse to JSON at build or via Worker
`user-content:simple-form`	Contact form, feedback widget	Minimal–Standard	Form submits to handler (Formspree, Worker, etc.)
`user-content:user-saves-data`	Notes app, tracker, personal data	Standard	Client persistence (localStorage MVP, or database)
`user-content:display-only`	Portfolio, landing page, static info	Minimal	Content pre-loaded in HTML or fetched at build time
`mixed`	API data + user input	Standard–Full	Combination of above paths

Fit validation:

Does this idea fit the zero-stack topology?

Fits cleanly: Read-heavy, public data, no auth, low write frequency
Fits with adaptation: Simple forms (POST to handler), personal storage (localStorage), optional admin auth (CF Access)
Doesn’t fit: User accounts, OAuth, file uploads, real-time collaboration, complex queries, SSR

If the adaptation is small, proceed. If it reshapes the architecture, redirect to /pb-repo-init.

Step 2: Data Architecture

Now dig into the data source from Step 1. The path depends on which data source type was chosen.

Path A: External API (public-api or keyed-api)

What API(s) are you pulling from?
Free tier limits? (daily request cap, rate limits)
Auth method? API key is fine. OAuth means this probably isn’t zero-stack.
Response format? (JSON, XML, RSS)

Update frequency → data path mapping:

Freshness Need	Data Path	Implementation
Real-time (< 5 min)	Live Worker proxy	Worker fetches on request, caches in KV with short TTL
Hourly	Cron + KV	GitHub Actions cron writes to KV, Worker serves from KV
Daily	Cron + rebuild	GitHub Actions cron triggers Pages rebuild with data baked into HTML
Rarely / static	Build-time only	Data fetched at build, baked into static HTML

Data transformation: Does the raw API response need shaping before display? Identify: which fields you display, what you rename, what you derive (e.g., AQI category from numeric value). Pin the types now - they go into types.ts and prevent the assistant from guessing the data shape.

On API failure: Default: serve stale data, no automatic client retry. If the Worker proxy is involved, it serves from KV cache on upstream failure. Surface this decision now - different retry strategies produce different user experiences.

Path B: User Content

What does the user create? (form submissions, notes, entries, settings)
Where does it persist?

User Content Type	Persistence	Complexity
Simple form (contact, feedback)	External handler (Formspree, Netlify Forms) or Worker endpoint	Low - fire and forget
User saves data (personal)	localStorage (MVP)	Low - single user, client-side only
User saves data (multi-user)	Database (D1, Supabase, Firebase)	Medium - needs storage backend
Display-only	None - content in HTML	Lowest

For user-saves-data apps: Surface complexity early - CRUD operations, data validation, empty states, and error recovery are meaningfully more work than read-only apps. Budget extra time for the data round-trip.

Validation rules: Define per field - required, type, limits. Validation fires inline on blur for required fields, on submit for the rest (default). Pin these now; the assistant will implement whatever the spec says, and changing validation UX mid-build is expensive.

Path C: Display-Only

Content is pre-loaded in HTML or fetched at build time. No runtime data fetching. Simplest path - minimal tier.

Path D: Mixed

Combine paths as needed. Each data source follows its own path above. The most complex path determines the tier.

Step 3: UX States

Every Gist has states beyond “data loaded successfully.” Define these early - they’re product decisions, not afterthoughts.

Core states (all Gists):

State	What the User Sees	Design Notes
Loading	Skeleton placeholder matching layout shape	Prefer skeletons over spinners - they preview the loaded layout. Describe the shape (e.g., “three cards with pulsing blocks”). Spinners only for brief operations (< 1s).
Loaded	The headline value from Step 1	The normal state. This is what the app exists to show.
Error (Network)	Last known data + explanation	Show stale data with “Couldn’t refresh - showing data from [timestamp].”
Empty / First Use	Clear call to action	API apps: timeout message. User-content: “No [items] yet - create your first one.”
Offline	Cached data + staleness indicator	PWA shows cached version with timestamp.

Additional states by data source:

Data Source	Extra States
External API	Error (API) - upstream is down. Show stale data, not error wall.
User content (simple-form)	Success - confirmation. Error (Submit) - keep form populated.
User content (user-saves-data)	Empty / First Use - clear CTA. Error (Storage) - inline error with retry, never lose user input.

Draft the actual copy now. Write the 3-5 strings users will see: network error message, API/upstream error, empty state CTA, form success (if applicable), form error (if applicable). Keep it calm - the user doesn’t need to know what broke, just what they’re seeing and how fresh it is. Deciding copy now saves 2-3 rounds of “make it friendlier” during development.

Step 4: Project Shape

Basics:

Project name (lowercase, hyphenated)
Single page or multi-page? (default: single for minimal, file-based routing for standard+)
Primary display: dashboard, ticker, list, form, editor, map, or other?
PWA with service worker? (default: yes for daily-use apps)
URL state: can users share a link to a specific view or filter? (default: no for single-page, query params for filtered views)

Design choices:

Choice	Options	Default
Palette direction	warm / cool / mono	mono
Font vibe	system / geometric / humanist	system
Dark mode	system-preference / toggle / light-only	system-preference (auto-derived dark palette)
Responsive priority	mobile-first / desktop-first	mobile-first single-column stack; responsive grid for standard+

These produce a design-tokens.css (including dark mode variants) in the scaffold. For deeper design work, run /pb-design-language after scaffolding.

Web identity: Site title (from project name), description (reuse headline value from Step 1), language (default: en). These feed into <title>, <meta description>, <html lang>, manifest, and OG tags. Override if needed.

Step 5: Stack Confirmation

Show the default stack with rationale. The default adapts to the complexity tier.

Why these defaults as a unit: Single vendor (Cloudflare) means one auth flow, one dashboard, one billing page. Astro ships zero JS by default. Vanilla CSS with custom properties provides design tokens without build tooling. GitHub Actions gives native cron on the same platform as the repo.

Minimal tier:

Layer	Default	Why
Framework	None (plain HTML/CSS/JS)	No build tools, no dependencies, maximum simplicity
CSS	Vanilla CSS with custom properties	Design tokens in `:root`, responsive, dark mode via `prefers-color-scheme`
JS	Vanilla TypeScript (or JS)	No framework overhead for simple interactions
Host	CF Pages	Free, atomic deploys, edge network
CI	GitHub Actions	Lint + deploy on push

Minimal means minimal. No frameworks, no build tools. If you’re reaching for a framework, you’re probably standard tier.

Standard tier:

Layer	Default	Why
SSG	Astro	Islands architecture, zero JS default, file-based routing
CSS	Vanilla CSS with custom properties	Same pattern, same tokens
JS	Vanilla TypeScript in Astro components + `src/lib/` modules	No framework overhead unless islands needed
Islands	Preact (optional, 3KB)	Only add for client-side interactivity beyond vanilla JS
Host	CF Pages	Free, atomic deploys, edge network
Proxy	CF Worker (if needed)	Same vendor as Pages, KV built-in
CI	GitHub Actions	Lint + type check + test + deploy

Full tier:

Layer	Default	Why
SSG	Astro	Islands architecture, zero JS default
Host	CF Pages	Same vendor for hosting + proxy + cache
Proxy	CF Worker	API key hiding, response caching, health endpoint
Cache	CF KV	Global, free 100K reads/day
CI	GitHub Actions	Lint + test + deploy + cron for data refresh

Full tier uses the same CSS/JS/Islands defaults as standard. The additions are Worker, KV, and cron. Substitutions: The stack is chosen as a unit. Swapping one piece (e.g., CF Pages → Vercel) changes the proxy, cache, and deployment story - it’s a package deal. If you need different defaults, say so now; the scaffold adapts.

Confirm or adjust, then proceed.

Step 6: Content Security Policy

Generate a CSP tailored to the data source and stack. Delivered via <meta> tag in HTML <head> (not Worker header - decouples security from Worker availability).

CSP per variant:

Data Source	`connect-src`
No external data (minimal)	`'self'`
External API via Worker proxy	`'self'` (Worker is same-origin)
External API (keyless, direct)	`'self' https:`
User content / display-only	`'self'` or `'self' https:` (depends on external handlers)

Base policy (adapt per variant):

default-src 'self';
script-src 'self';
style-src 'self' 'unsafe-inline';
img-src 'self' data: https:;
font-src 'self';
connect-src [per variant above];
frame-ancestors 'none';
base-uri 'self';
form-action 'self' [add external handler domain if needed];

Tighten connect-src and form-action to specific domains rather than blanket https: when possible. Add analytics domains (e.g., cloudflareinsights.com) if using CF Web Analytics.

Step 7: Implementation Order

Generate a step-by-step build order. Each step builds on the previous. An AI coding assistant should follow this top-to-bottom without jumping between sections.

Base order (all tiers):

1. Scaffold - project structure, config files, design tokens, base layout, web standards files
2. Mock data - hardcode representative data, build all UI states
   > Checkpoint: Show the user the UI with mock data. Get design approval before
   > connecting real data.
3. [Data connection step - varies by data source, see below]
   > Checkpoint: Confirm data flows correctly end-to-end before proceeding.
4. Polish - Lighthouse 90+, accessibility audit, mobile testing, verify all UX states.
   Complete the Ship Gate before declaring done.

Data connection step by source:

Data Source	Step 3
External API (keyless)	Connect API - Wire fetch calls, handle errors, implement stale-first rendering
External API (keyed)	Deploy Worker proxy - API key in Worker secrets, KV cache with TTL, health endpoint
User content (simple-form)	Form handler - Connect to submission endpoint
User content (user-saves-data)	Storage backend - Set up persistence, define schema, wire CRUD, confirm data round-trips
Display-only	No step 3 - content is already in HTML
Mixed	Combine relevant steps above

Full tier additions (insert between steps 2 and 3):

2.5. Worker proxy - deploy Worker with KV bindings, health endpoint
2.6. Cron job - GitHub Actions schedule, data fetch script, KV writes

For AI assistants: Follow the Implementation Order step by step. If any requirement is ambiguous, ask the user - do not assume. Verify design with mock data before connecting real data. Include this guidance in any spec or scaffold produced by this command.

Testing strategy: Test the data path (fetch → transform → render), not the component tree. For full tier: test that Worker proxy serves cached data on upstream failure. For user-saves-data: test the CRUD round-trip. For all tiers: verify each UX state from Step 3 renders correctly.

Step 8: Scaffold

Generate project files with the decisions from Steps 1-7 baked in. The scaffold must work immediately with mock data - no Cloudflare account needed.

The structure adapts to the conversation. No worker/ if minimal tier. No data-cron.yml if live-only. The command shapes the files, not the other way around.

Standard tier structure (representative):

project-name/
├── public/
│   ├── favicon.ico           # Placeholder, replace before go-live
│   ├── favicon.svg           # SVG favicon (modern browsers)
│   ├── apple-touch-icon.png  # 180×180 (iOS)
│   ├── og-image.png          # 1200×630 (social sharing)
│   ├── robots.txt            # Crawler directives
│   ├── humans.txt            # Attribution
│   ├── sitemap.xml           # Generated or static (multi-page)
│   ├── sw.js                 # Service worker (if PWA)
│   └── site.webmanifest      # PWA metadata
├── src/
│   ├── pages/                # Astro pages (index, 404, etc.)
│   ├── components/           # Astro components (.astro files)
│   ├── styles/
│   │   └── design-tokens.css # From Step 4 choices
│   └── lib/
│       ├── types.ts          # TypeScript types
│       └── api.ts            # Data fetching (uses mock in dev)
├── worker/                   # (standard/full tier only)
│   ├── src/
│   │   └── index.ts          # Edge proxy
│   └── wrangler.toml         # Worker config
├── .github/
│   └── workflows/
│       ├── ci.yml            # Lint + type check + test
│       ├── deploy.yml        # Pages + Worker deploy
│       └── data-cron.yml     # (full tier only, if cron path)
├── mock/
│   └── data.json             # Mock API response for local dev
├── package.json
├── tsconfig.json
├── CHANGELOG.md
└── README.md

Minimal tier structure:

project-name/
├── index.html
├── 404.html
├── styles/
│   └── main.css              # Design tokens + styles
├── scripts/
│   └── main.js               # Vanilla JS (if any)
├── public/
│   ├── favicon.ico
│   ├── favicon.svg
│   ├── og-image.png
│   ├── robots.txt
│   └── site.webmanifest
├── .github/
│   └── workflows/
│       └── deploy.yml
├── CHANGELOG.md
└── README.md

Production lessons baked into the scaffold:

wrangler.toml: no [env.dev.vars] section - causes interactive prompts in CI. Use .dev.vars locally.
deploy.yml: content-hash comparison to skip no-change deploys. Actions pinned to commit SHAs (supply chain security).
worker/src/index.ts: accept both GET and HEAD requests (uptime monitors send HEAD).
ci.yml and deploy.yml are separate workflows - push ≠ ship.
Service worker: network-first for HTML (get latest deploy), cache-first for static assets. Bump cache version on release.
sessionStorage/localStorage: always try-catch (private browsing, storage disabled).

First run:

npm install && npm run dev    # Standard/full tier
# or just open index.html     # Minimal tier

Pages render with mock data. No Cloudflare account needed.

Ship Gate

Single exit gate for Phase A. The scaffold produces correct structure from your decisions - this gate verifies you’ve customized placeholders and the Gist is ready for visitors.

Verify scaffold output:

<html lang>, <title>, <meta description>, canonical, theme-color match your choices
CSP <meta> tag matches your variant from Step 6
Semantic landmarks, one <h1> per page, skip-to-content link
OG tags populated (title, description, image, url)

Replace placeholders:

Favicon set (ico + svg + apple-touch-icon) - derived from logo
OG image (1200×630)
App icons for manifest (192×192 + 512×512 PNG)

Quality:

Lighthouse 90+ (Performance, Accessibility, Best Practices, SEO)
All UX states verified (loading, loaded, error, empty, offline)
Mobile tested (responsive, touch targets 44px+, no horizontal scroll)
Keyboard navigation works, focus indicators visible
prefers-reduced-motion and prefers-color-scheme respected
WCAG AA contrast ratios met

Security:

No secrets in frontend code (API keys in Worker secrets only)
DOM safety enforced (see Trust Boundaries)
External data sanitized before rendering
Dependencies audited (npm audit)

Discovery files present: robots.txt, sitemap.xml, humans.txt, site.webmanifest

Phase B: Deploy (When Ready)

Goal: scaffold to production. Human-paced, no rush.

Step 9: Bootstrap Checklist

Generate docs/setup.md with paste-able commands. Each step is one command with expected output.

## One-Time Setup (~30 minutes)

### 1. Cloudflare Account
- Sign up at dash.cloudflare.com (free plan)
- Install Wrangler: `npm install -g wrangler`
- Login: `wrangler login`

### 2. KV Namespace (standard/full tier only)
- Create: `wrangler kv namespace create "CACHE"`
- Create preview: `wrangler kv namespace create "CACHE" --preview`
- Update wrangler.toml with both IDs

### 3. API Secrets (if keyed-api)
- Set secret: `wrangler secret put API_KEY`
- GitHub: repo Settings → Secrets → `CF_API_TOKEN`

### 4. GitHub Actions
- Enable Actions in repo Settings
- Add secrets: `CF_API_TOKEN`, `CF_ACCOUNT_ID`

### 5. DNS (optional - skip for *.pages.dev)
- Custom domain: Pages → Custom domains → Add

Step 10: First Deploy

git push origin main

CI runs. Pages deploy. Worker deploy (if applicable). Verify:

Pages serve at project-name.pages.dev
Worker proxies at project-name.workers.dev/api/... (if applicable)
/health returns 200 on both GET and HEAD (if Worker deployed)
Cron runs on schedule (if applicable)

Post-deploy: Enable CF Web Analytics (free, privacy-first). Pin API versions if available. Tag first release (git tag -a v1.0.0 -m "Initial release"). For Worker observability, the CF Workers dashboard shows request counts, errors, and latency.

Budget Math

Calculate during Step 2. Exceeding free tier limits is the #1 failure mode.

Formula:

API hits/day = (active_hours * 60 / kv_ttl_minutes) + cron_runs

Free tier headroom:

Resource	Free Tier	Notes
Workers requests	100K/day	Exceeding returns 1015 errors (visible to users)
KV reads	100K/day	Exceeding returns errors (visible)
KV writes	1K/day	Exceeding fails silently - always check put() response
KV storage	1 GB
Pages builds	500/month
GH Actions	2K min/month
D1 rows (if user-saves-data)	5M read, 100K written/day
Supabase (if user-saves-data)	500MB storage, 2GB bandwidth/month

Sharing a CF account across apps? KV writes (1K/day) are shared. Divide by app count.

Active window refinement: Usage pattern global (24h) or regional (e.g., 14h)? Fewer active hours = fewer API hits. Factor this into the formula.

Cache guidance: Two-tier cache (edge response + KV) prevents thundering herd. Set edge TTL shorter than KV TTL. Always set expirationTtl on KV puts - without it, stale entries live forever if your cron stops. Validate API response shape before caching - fail at write time, not when serving corrupt data.

Anti-Patterns

Don’t	Do Instead
Force-fit an idea that needs auth/accounts	Redirect to `/pb-repo-init` in Step 1
Skip budget math	Calculate it - free tier surprise is the #1 failure mode
Deploy before local dev works	Phase A must complete before Phase B
Use `[env.dev.vars]` in wrangler.toml	Use `.dev.vars` file (not committed)
Deploy from local machine	CI is the only deploy path
Set up CF account before writing code	Scaffold works with mocks - deploy when ready
Ship with placeholder favicon and OG image	Replace before go-live
Connect real data before design approval	Mock data first → visual sign-off → wire up real data
Assume the AI assistant knows your preferences	Be explicit in specs - design vibe, error copy, UX states
Use `innerHTML` with dynamic content	Use `textContent` or DOM APIs (see Trust Boundaries)
Default to Tailwind/Preact for simple apps	Start vanilla. Add tools when vanilla isn’t enough.

/pb-repo-init - Generic greenfield initiation (when the Gist topology doesn’t fit)
/pb-start - Begin feature work after scaffolding
/pb-patterns-cloud - Cloud deployment patterns reference
/pb-design-language - Deeper design system work (optional, after scaffold)
/pb-calm-design - Calm design principles (Gists embody these by default)

Opinionated about topology. Flexible about content. Calm by default. $0/month is a feature, not a constraint.

[Project Name] Working Context

Purpose: Onboarding context for new developers and session refresh for ongoing work. Current Version: vX.Y.Z | Last Updated: YYYY-MM-DD

Mindset: This context assumes both /pb-preamble and /pb-design-rules thinking.

New developers should: (1) Challenge stated assumptions, question the architecture, surface issues; (2) Understand design principles guiding the system (Clarity, Simplicity, Modularity, Robustness).

Related Docs: pb-guide (SDLC tiers, gates, checklists) | pb-standards (coding standards, conventions) | pb-design-rules (technical design principles)

Resource Hint: sonnet - project analysis and context generation require balanced judgment.

Working Context Guidelines

Location: todos/ directory (gitignored, not tracked in repo)

Common filenames: working-context.md, 1-working-context.md

When to use this command:

Starting a new session (run /pb-context to review and update)
After completing a release (update version, release history)
Onboarding to a project (read existing context, then update if stale)
Resuming work after a break (verify context is current)

Currency check: Before using this context, verify it’s up to date:

git describe --tags                    # Compare to version in header
git log --oneline -5                   # Compare to recent commits section

If the working context is stale (version mismatch, outdated commits), update it before proceeding.

Integration with other playbooks:

/pb-claude-project - Checks for working context during CLAUDE.md generation
/pb-start - Should review working context before starting work
/pb-resume - Should check and update working context when resuming

What is [Project Name]

[One-line description of what the project does]

Key User Journeys:

[Journey 1] - [Brief description]
[Journey 2] - [Brief description]

Philosophy: [Core principles, e.g., “Mobile-first, Offline-capable, Privacy-focused”]

Live: [Production URL] | Docs: [Documentation URL]

Architecture

[Simple ASCII diagram showing how components connect]

Example:
Frontend (React) → Backend (FastAPI) → Database (PostgreSQL)
                         ↓
                   External Services

Services: [List key services/containers]

Tech Stack

Layer	Tech
Frontend	[e.g., React, TypeScript, Vite, Tailwind]
Backend	[e.g., FastAPI, Python, SQLAlchemy]
Database	[e.g., PostgreSQL, Redis]
Testing	[e.g., Vitest, pytest]
Analytics	[e.g., Umami, Mixpanel]
CI/CD	[e.g., GitHub Actions]

Getting Started

Prerequisites: [e.g., Docker, Node 20+, Python 3.11+]

Setup:

cp .env.example .env      # Copy template, add your secrets
make dev                  # Start all services

.env.local contains prod deploy host info. .env is gitignored and holds local secrets.

Common Commands:

make dev                  # Start development environment
make test                 # Run all tests
make lint                 # Lint check
make logs                 # View all service logs
make db-shell             # Database shell
make db-migrate           # Run migrations

Secrets Management:

make secrets              # Decrypt .env for production

Deployment:

make deploy               # Push, rebuild, health check on server
make rollback             # Restore previous images

Guideline: Always prefer make targets over direct commands. Make targets ensure repeatable patterns, correct environment setup, and consistent behavior across dev/CI/prod. Run make help to see all available targets.

After setup:

Frontend: http://localhost:[PORT]
Backend API: http://localhost:[PORT]/api/docs
[Any additional setup steps, e.g., pulling ML models, seeding data]

Development Workflow (SDLC)

Philosophy: Stay committed to full SDLC flow - no shortcuts. Strive for bug-free, quality releases.

Work Tiers: S (small, <2h) | M (medium, phased) | L (large, multi-week). See pb-guide for tier definitions, gates, and checklists.

1. Planning

Define focus area and scope
Prepare phase-wise breakdown for M/L tier work
Document in todos/releases/vX.Y.Z/00-master-tracker.md for tracked releases
Lock scope before development begins

2. Development

Create feature branch: feature/vX.Y.Z-short-description (e.g., feature/v1.2.0-auth)
For fixes: fix/short-description (e.g., fix/login-redirect)
Proceed incrementally with logical, atomic commits
Follow conventional commits: feat:, fix:, perf:, chore:, docs:, test:
Keep PRs focused - one concern per PR

3. Quality Checks (before every commit)

make lint                 # Lint check
make typecheck            # Type check
make format               # Format code
make test                 # Run all tests

4. Self Review

Review your own diff before pushing
Check for: dead code, debug logs, hardcoded values, missing error handling
Verify tests cover the change

5. Create PR

Push feature branch, create PR to main
Write clear PR description (what, why, how to test)
CI runs: lint, typecheck, tests, security scan
Ensure all checks green before requesting review

6. Peer Review

Senior engineer reviews for: correctness, edge cases, security, performance
Address feedback - fix gaps/issues identified
Iterate until approved
Merge strategy: squash merge to keep main history clean

7. Pre-Release Checks

Bump version in package.json / pyproject.toml
Update CHANGELOG.md with release notes
Verify all tests pass, lint clean
Update relevant docs if needed

8. Release & Deploy

# After PR merged to main
git tag -a vX.Y.Z -m "vX.Y.Z - Brief description"
git push origin vX.Y.Z
gh release create vX.Y.Z --title "vX.Y.Z - Title" --notes "..."
make deploy               # Deploy to production

9. Post-Deploy Verification

Verify prod health: curl .../api/health
Smoke test critical flows
Monitor for errors (logs, dashboards)
For performance releases: verify metrics improved

Periodic Maintenance

Hygiene releases - Periodic code cleanup, test organization, dependency updates
Periodic reviews - Use /pb-review-* commands for structured codebase reviews
Performance audits - Regular performance scans to catch regressions

No shortcuts. Every release follows this flow. Quality over speed.

Key Directory Structure

backend/
├── api/           # API routes/endpoints
├── services/      # Business logic
├── models/        # Database models
├── utils/         # Shared utilities
├── config/        # Configuration files
└── tests/         # pytest tests (mirrors source structure)

frontend/src/
├── pages/         # Page components
├── components/    # Reusable components
├── hooks/         # Custom React hooks
├── lib/           # Utilities, API client, helpers
├── contexts/      # React contexts
└── styles/        # CSS, tokens, themes

# Tests: co-located *.test.ts files next to source files

Core Features

[Feature Area 1]

[Key capability]
[Key capability]

[Feature Area 2]

[Key capability]
[Key capability]

[Feature Area 3]

[Key capability]
[Key capability]

API Quick Reference

Category	Key Endpoints
[Resource 1]	`GET /resource`, `POST /resource`, `PUT /resource/{id}`
[Resource 2]	`GET /resource`, `POST /resource`
Auth	`POST /signup`, `POST /login`, `POST /logout`
Health	`GET /health`, `GET /status`

Base: /api/v1/

Database Models

[Primary Entity] (field1, field2, field3)
  ├── [Related Entity] (field1, field2)
  └── [Related Entity] (field1, field2)

[Another Entity] (field1, field2, field3)

Key Status Flows: [status1] → [status2] → [status3]

Operations

Server: [Server location/provider]

Crons:

[Scheduled job description and timing]
[Scheduled job description and timing]

Monitoring: [Monitoring tools and dashboards]

Performance: make perf-report runs [performance tool]

Key Patterns

Pattern	Implementation
Error handling	[How errors are handled]
Authentication	[Auth strategy]
Caching	[Caching approach]
Rate limiting	[Rate limit rules]
Logging	[Logging strategy]
Feature flags	[Feature flag system if any]

Release History

Version	Date	Highlights
vX.Y.Z	YYYY-MM-DD	[Brief description]
vX.Y.Z	YYYY-MM-DD	[Brief description]
vX.Y.Z	YYYY-MM-DD	[Brief description]

Session Checklist

git describe --tags                    # Current version
gh run list --limit 1                  # CI status
curl -s [PROD_URL]/api/health | jq     # Prod health
git log --oneline -10                  # Recent commits

/pb-claude-project - Generate project CLAUDE.md
/pb-start - Begin development work
/pb-resume - Resume after break
/pb-onboarding - New team member integration

Update when making significant changes.

Context Layer Review & Hygiene

Purpose: Comprehensive audit of all context layers-both structural (sizes, duplication, archival) and behavioral (CLAUDE.md violations, staleness). Run quarterly before /pb-evolve to ensure context earns its space and actually works.

Mindset: Context is necessary but expensive. Every line loaded competes for attention. Every guideline either influences behavior or should be deleted. Apply /pb-design-rules thinking: Simplicity (remove what doesn’t earn its place) and Clarity (what remains should be immediately useful). Apply /pb-preamble thinking: challenge whether each section is still relevant.

Resource Hint: sonnet - structured audit and maintenance workflow (sequential manual, parallel subagents for violations)

When to Use

Quarterly, before /pb-evolve - Data-driven evolution planning (Feb, May, Aug, Nov)
After a release - Trim release-specific details, verify context still works
When sessions start slow - Diagnose context bloat (structural or behavioral)
When Claude ignores a guideline - Check if CLAUDE.md is stale or misguided

Three Ways to Run

Mode 1: Full Audit (Default)

/pb-context-review

Runs both structural and behavioral analysis in sequence. Manual inspection first provides context for automated violations analysis. Output: consolidated report with both findings.

Mode 2: Structural Only

/pb-context-review --structure

Fast review of layer sizes, duplication, and archival opportunities. Use when you don’t have conversation history or want quick baseline.

Mode 3: Violations Only

/pb-context-review --violations

Analyze recent conversations for CLAUDE.md violations, missing patterns, and stale guidance. Requires 10+ accumulated sessions.

Structural Audit Workflow (–structure or part of full)

Context Architecture Reference

AUTO-LOADED (every session - budget matters most here):
  ~/.claude/CLAUDE.md              Global principles, BEACONs       ~140 lines
  .claude/CLAUDE.md                Project guardrails, tech stack    ~160 lines
  memory/MEMORY.md                 Index + active patterns           ~100 lines
                                                          Target: ~400 total

LOADED VIA /pb-resume (small, focused):
  todos/*working-context*          Project snapshot                   ~50 lines
  todos/pause-notes.md             Latest pause entry only            ~30 lines
                                                          Target:  ~80 total

ON-DEMAND (not auto-loaded - no budget pressure):
  memory/release-history.md        Ship logs by version
  memory/beacon-reference.md       Full 9-BEACON reference
  memory/session-templates.md      Templates for working-context + pause-notes
  memory/project-patterns.md       MkDocs anchors, conventions, verification
  memory/orchestration-lessons.md  Model selection, subagent patterns
  todos/done/*.md                  Archived session data

Targets are soft guidelines, not hard limits. Signal density matters more than line count.

Step 1: Audit Layer Sizes

Report current sizes against targets.

# Auto-loaded layers
echo "=== Auto-loaded Context ==="
wc -l ~/.claude/CLAUDE.md                        # Target: ~140
wc -l .claude/CLAUDE.md                          # Target: ~160
wc -l <memory-path>/MEMORY.md                    # Target: ~100

# Session state (working-context filename varies by project)
echo "=== Session State ==="
ls -lh todos/*working-context* | head -1         # Locate working context file
wc -l todos/pause-notes.md                       # Target: ~30

# On-demand (informational only)
echo "=== On-demand Reference ==="
wc -l <memory-path>/*.md 2>/dev/null
ls -la todos/done/*.md 2>/dev/null | wc -l

Interpret results:

Layer	Under Target	At Target	Over Target
Auto-loaded	No action	No action	Review content, move details to topic files
Session state	No action	No action	Archive old entries, trim to snapshot
On-demand	No action	No action	No concern (not auto-loaded)

Step 2: Check for Duplication

Look for the same information repeated across layers. Common duplications:

Version/release details:

Should appear in: working context (1 line per release)
Should NOT appear in: Global CLAUDE.md, MEMORY.md (move to release-history.md)

Project metrics (command count, test count):

Should appear in: working context (current state table)
Should NOT appear in: Multiple places in MEMORY.md and CLAUDE.md

BEACON definitions:

Should appear in: Global/Project CLAUDE.md (summaries only)
Full reference in: memory/beacon-reference.md (on-demand)
Should NOT appear in: MEMORY.md index

Session management explanation:

Should NOT appear in: any auto-loaded file (the system works without explaining itself)
Reference in: memory/session-templates.md (on-demand) or docs/

Detection method:

# Find repeated phrases across context files
# Look for version numbers, release dates, command counts
grep -l "v2.12.0" ~/.claude/CLAUDE.md .claude/CLAUDE.md <memory-path>/MEMORY.md todos/*working-context*
grep -l "98 commands" ~/.claude/CLAUDE.md .claude/CLAUDE.md <memory-path>/MEMORY.md todos/*working-context*

Rule of thumb: Each fact should have ONE canonical home. Other files cross-reference, not copy.

Step 3: Archive Stale Session Data

Move completed work out of active files.

Pause notes:

# If pause-notes.md has more than 1 entry, archive old ones
# Keep only the latest entry in the active file
# Move old entries to: todos/done/pause-notes-archive-YYYY-MM-DD.md

Working context sections:

Remove detailed task checklists for completed phases
Remove quality gate logs for shipped releases
Keep: version, status, metrics table, focus areas, next steps

Todos directory cleanup:

# Count files in todos/ (excluding subdirectories)
ls todos/*.md | wc -l

# Identify files older than current release cycle
ls -lt todos/*.md | tail -20

# Move completed session summaries, old implementation plans
# to todos/done/ or delete if archived elsewhere

Step 4: Trim Auto-loaded Layers

For each auto-loaded file over its soft target, review content:

Global CLAUDE.md (~/.claude/CLAUDE.md)

Should contain: BEACONs (6), operational guardrails, workflow commands, session ritual Should NOT contain: Version-specific details, session management explanations, release promo

Action: If over ~140 lines, review and trim or regenerate via /pb-claude-global. If at target, no action needed.

Project CLAUDE.md (.claude/CLAUDE.md)

Should contain: Tech stack, project structure, BEACONs (3), verification commands, relevant playbooks Should NOT contain: Detailed phase descriptions, session management explanations, capability promo

Action: If over ~160 lines, review and trim or regenerate via /pb-claude-project. If at target, no action needed.

Memory Index (memory/MEMORY.md)

Should contain: Current state (4 lines), active patterns, context architecture diagram, verification sequence, workflow lessons, context hygiene reminders, next evolution Should NOT contain: Release histories (move to release-history.md), BEACON full reference (move to beacon-reference.md), templates (move to session-templates.md)

Managed by: Claude auto-memory (trim manually when over ~100 lines)

Step 5: Verify Nothing Critical Was Lost

After trimming, verify:

# BEACONs still present in auto-loaded files
grep -c "BEACON" ~/.claude/CLAUDE.md              # Should be 6+
grep -c "BEACON" .claude/CLAUDE.md                 # Should be 3+

# Key commands still referenced
grep -c "/pb-" ~/.claude/CLAUDE.md                 # Should be 10+

# Project structure still documented
grep -c "commands/" .claude/CLAUDE.md              # Should be 1+

# Working context has current version (locate file for your project)
head -5 todos/*working-context* 2>/dev/null

# Memory index has architecture diagram
grep -c "AUTO-LOADED" <memory-path>/MEMORY.md      # Should be 1+

If something critical was removed: Check topic files (memory/*.md) and archives (todos/done/) - content was moved, not deleted.

Step 6: Report

Summarize the review. Use this template:

## Context Review: YYYY-MM-DD

### Layer Sizes (Before → After)
| Layer | Before | After | Target | Status |
|-------|--------|-------|--------|--------|
| Global CLAUDE.md | X | Y | ~140 | OK/OVER |
| Project CLAUDE.md | X | Y | ~160 | OK/OVER |
| Memory index | X | Y | ~100 | OK/OVER |
| Working context | X | Y | ~50 | OK/OVER |
| Pause notes | X | Y | ~30 | OK/OVER |
| **Auto-loaded total** | **X** | **Y** | **~400** | |

### Actions Taken
- [Action 1]
- [Action 2]

### Duplication Found
- [What was duplicated and where it was consolidated]

### Archived
- [What was moved to todos/done/ or topic files]

Violations Audit Workflow (–violations or part of full)

Analyze recent conversations to find where CLAUDE.md instructions were violated, patterns that should be added, and guidance that’s gone stale. Turns context maintenance from gut-feel into data.

Step 1: Locate Conversation History

Claude Code stores conversation transcripts as .jsonl files under ~/.claude/projects/. The folder name is the project path with slashes replaced by dashes.

# Find the project's conversation folder
PROJECT_PATH=$(pwd | sed 's|/|-|g' | sed 's|^-||')
CONVO_DIR=~/.claude/projects/-${PROJECT_PATH}

# List recent conversations
ls -lt "$CONVO_DIR"/*.jsonl 2>/dev/null | head -20

If no conversations found, there’s nothing to audit. Run this after you’ve accumulated 10+ sessions.

Step 2: Extract Recent Conversations

Pull the 15-20 most recent sessions (excluding the current one) into a temporary working directory. Extract only the human-readable parts - user messages and assistant text responses.

SCRATCH=/tmp/context-audit-$(date +%s)
mkdir -p "$SCRATCH"

for f in $(ls -t "$CONVO_DIR"/*.jsonl | tail -n +2 | head -20); do
  base=$(basename "$f" .jsonl)
  jq -r '
    if .type == "user" then
      "USER: " + (.message.content // "")
    elif .type == "assistant" then
      "ASSISTANT: " + ((.message.content // []) | map(select(.type == "text") | .text) | join("\n"))
    else
      empty
    end
  ' "$f" 2>/dev/null | grep -v "^ASSISTANT: $" > "$SCRATCH/${base}.txt"
done

# Show what we're working with
echo "Extracted $(ls "$SCRATCH"/*.txt | wc -l) conversations"
ls -lhS "$SCRATCH"/*.txt | head -10

Step 3: Analyze with Parallel Subagents

Launch 3-5 sonnet subagents in parallel. Each gets:

The global CLAUDE.md (~/.claude/CLAUDE.md)
The project CLAUDE.md (.claude/CLAUDE.md)
A batch of conversation files

Batch by size to keep each agent’s context manageable:

Large conversations (>100KB): 1-2 per agent
Medium (10-100KB): 3-5 per agent
Small (<10KB): 5-10 per agent

Each agent’s prompt:

Read the CLAUDE.md files (global and project). Then read each conversation.

For each conversation, find:

1. VIOLATED - Instructions in CLAUDE.md that the assistant didn't follow.
   Include: which instruction, what happened instead, how often.

2. MISSING (LOCAL) - Patterns you see repeated across conversations that
   should be in the project CLAUDE.md but aren't. Project-specific only.

3. MISSING (GLOBAL) - Patterns that apply to any project, not just this one.

4. STALE - Anything in either CLAUDE.md that conversations suggest is
   outdated, irrelevant, or contradicted by actual practice.

Be specific. Quote the instruction and the violation. One bullet per finding.

Step 4: Aggregate and Report

Combine findings from all agents. Deduplicate. Rank by frequency (violations seen across multiple conversations rank higher than one-offs).

Report Format:

## Context Audit: YYYY-MM-DD
Analyzed: N conversations over M days

### Violated Instructions (need reinforcement)
| Instruction | Source | Violations | Example |
|-------------|--------|------------|---------|
| [rule text] | global/project | N times | [what happened] |

### Missing Patterns - Project
- [pattern]: seen in N conversations. Suggested wording: "..."

### Missing Patterns - Global
- [pattern]: seen in N conversations. Suggested wording: "..."

### Potentially Stale
- [instruction] in [file]: last relevant in conversations from [date].
  No violations because it's not being tested - likely outdated.

After the Audit

Based on findings:

Violated instructions → Reword for clarity or move to a more prominent location. If a BEACON guideline is being violated, that’s a signal it needs reinforcement in the BEACON summary, not just the full command.
Missing patterns → Add to the appropriate CLAUDE.md. Use /pb-claude-global or /pb-claude-project to regenerate, or edit directly.
Stale content → Remove or archive. Every stale line costs tokens and dilutes signal.
Feed into /pb-evolve → If findings suggest structural changes (new BEACONs, reclassified commands, workflow shifts), queue them for the next quarterly evolution.

# Cleanup temporary conversation extracts
rm -rf /tmp/context-audit-*

Integration with /pb-pause and /pb-evolve

Daily context hygiene is embedded in /pb-pause (Step 6):

Writes concise pause entry
Archives old pause entries
Reports context layer sizes

/pb-context-review is the deeper quarterly audit - run before /pb-evolve to ensure context is both structurally lean AND behaviorally sound. /pb-pause handles the daily maintenance.

Evolution cycle flow:

/pb-context-review --structure    → Identify bloat
/pb-context-review --violations   → Find stale/violated guidance
/pb-evolve                        → Make decisions based on both
/pb-claude-global                 → Regenerate if needed
/pb-claude-project                → Regenerate if needed

Anti-Patterns

Structural Audit

Anti-Pattern	Problem	Fix
Never archiving pause notes	650+ lines of historical entries	Archive after each resume
Copying info across layers	Same facts in 4 files	One canonical home, others cross-reference
Detailed task logs in working context	243 lines when target is 50	Keep snapshot, move details to done/
Explaining the context system in context	Meta-context burns budget	System works without self-description
Hard line-count limits	Chasing numbers over signal	Soft targets, prioritize density

Violations Audit

Don’t	Do Instead
Run daily	Run quarterly or when something feels off
Add every finding to CLAUDE.md	Prioritize by frequency - one-offs are noise
Skip the stale check	Removing bad guidance is as valuable as adding good guidance
Audit without acting	The report is useless if nothing changes

/pb-pause - Daily context hygiene (archive + report) embedded in session boundary
/pb-resume - Context loading with health check at session start
/pb-context - Regenerate working context on release/milestone
/pb-claude-global - Regenerate global CLAUDE.md from playbooks
/pb-evolve - Quarterly evolution cycle (consumes this audit’s output)

Last Updated: 2026-02-18 Version: 2.0.0 Note: pb-review-context merged into this command. Use --violations mode for automated audit.

Generate Global CLAUDE.md

Generate or regenerate the global ~/.claude/CLAUDE.md file from Engineering Playbook principles.

Purpose: Create a concise, authoritative context file that informs Claude Code behavior across ALL projects.

Philosophy: Playbooks are the source of truth. Global CLAUDE.md is a derived artifact-concise, with references to playbooks for depth.

Resource Hint: sonnet - template generation from existing playbook content.

When to Use

Initial setup of Claude Code environment
After significant playbook updates (new version release)
When you want to refresh/realign Claude Code behavior
Periodically (monthly) to ensure alignment with evolving practices

Generation Process

Step 1: Read Source Playbooks

Read these playbooks to extract key principles:

/pb-preamble              → Collaboration philosophy
/pb-design-rules          → Technical design principles
/pb-standards             → Coding standards
/pb-commit                → Commit conventions
/pb-pr                    → PR practices
/pb-guide                 → SDLC framework overview
/pb-cycle                 → Development iteration pattern
/pb-claude-orchestration  → Model selection and resource efficiency

Step 2: Generate CLAUDE.md

Create ~/.claude/CLAUDE.md with this structure:

# Development Guidelines

> Generated from Engineering Playbook vX.Y.Z
> Source: https://github.com/vnykmshr/playbook
> Last generated: YYYY-MM-DD

---

## How We Work (Preamble)

- **Challenge assumptions** - Correctness matters more than agreement
- **Think like peers** - Best ideas win regardless of source
- **Truth over tone** - Direct feedback beats careful politeness
- **Explain reasoning** - Enable intelligent challenge
- **Failures teach** - When blame is absent, learning happens

For full philosophy: `/pb-preamble`

---

## What We Build (Design Rules)

| Cluster | Core Principle |
|---------|----------------|
| **CLARITY** | Obvious interfaces, unsurprising behavior |
| **SIMPLICITY** | Simple design first, complexity only where justified |
| **RESILIENCE** | Fail loudly, recover gracefully |
| **EXTENSIBILITY** | Adapt without rebuilds, stable interfaces |

For full design rules: `/pb-design-rules`

---

## Guardrails

- **Verify before done** - "It should work" is not acceptable; test the change
- **Preserve functionality** - Never fix a bug by removing a feature
- **Plan multi-file changes** - Outline approach for cross-file work, confirm before acting
- **Git safety** - Pull before writing, use Edit over Rewrite, diff after changes

---

## Quality Bar (MLP)

Before declaring done, ask:
- Would you use this daily without frustration?
- Can you recommend it without apology?
- Did you build the smallest thing that feels complete?

If no: keep refining. If yes: ship it.

---

## Code Quality

- **Atomic changes** - One concern per commit, one concern per PR
- **No dead code** - Delete unused code, don't comment it out
- **No debug artifacts** - Remove console.log, print statements before commit
- **Tests for new functionality** - Coverage for happy path + key edge cases
- **Error handling** - Fail loudly, no silent swallowing of errors
- **Security awareness** - No hardcoded secrets, validate inputs at boundaries

For detailed standards: `/pb-standards`

---

## Commits & PRs

**Commits:** Conventional format (`<type>(<scope>): <subject>`), atomic, explain WHY not what, present tense. Types: `feat:`, `fix:`, `refactor:`, `docs:`, `test:`, `chore:`, `perf:`. For detailed guidance: `/pb-commit`

**PRs:** One concern per PR. Summary (what + why), Changes, Test Plan. Self-review before requesting review. Squash merge. For detailed guidance: `/pb-pr`

---

## Development Workflow (Simplified Ritual)

**One-time setup (15 min):**
- `/pb-preferences --setup` - Set your decision rules

**Every feature (3 commands, 10% human involvement):**
1. `/pb-start [feature]` - Establish scope (30 sec)
2. `/pb-review` - Auto-quality gate (automatic)
3. Done. Commit is pushed.

**Detailed breakdown:**
- `pb-start`: Answer 3-4 scope questions
- `pb-review`: System analyzes, applies preferences, auto-commits
- Repeat

**If you want peer review:** `/pb-pr` after commit

**Non-negotiables:** Never ship known bugs. Never skip testing. Never ignore warnings.

---

## Context & Resource Efficiency

### Model Selection

| Tier | Model | Use For |
|------|-------|---------|
| Architect | opus | Planning, architecture, security deep-dives, critical reviews |
| Engineer | sonnet | Code implementation, test writing, routine reviews |
| Scout | haiku | File search, validation, formatting, status checks |

When unsure, start with sonnet. Upgrade if results lack depth. Downgrade if task is mechanical.

### Context Efficiency

- **Subagents for exploration** - Separate context window, doesn't pollute main
- **Surgical file reads** - Specify line ranges when you know the area
- **Plans in files** - Reference by path, don't paste into chat
- **Commit frequently** - Each commit is a context checkpoint

### Continuous Improvement

Record operational learnings in auto-memory. Surface playbook gaps when discovered. Propose improvements - don't self-modify silently.

For detailed guidance: `/pb-claude-orchestration`

---

## Quick Reference (Simplified Ritual)

| Situation | Command |
|-----------|---------|
| First time | `/pb-preferences --setup` (set rules once) |
| Starting feature | `/pb-start [what]` |
| After coding | `/pb-review` (automatic) |
| For peer review | `/pb-pr` |
| Architecture deep-dive | `/pb-plan` |
| Security review | `/pb-security` |
| Testing patterns | `/pb-testing` |

**Personas (consulted automatically by `/pb-review`):**
- `/pb-linus-agent` - Correctness, security
- `/pb-alex-infra` - Infrastructure, scale
- `/pb-jordan-testing` - Testing strategy
- `/pb-maya-product` - Product impact
- `/pb-sam-documentation` - Clarity

---

## Project-Specific Overrides

Project-level `.claude/CLAUDE.md` can override or extend these guidelines.
When conflicts exist, project-specific guidance takes precedence.

---

*Regenerate with `/pb-claude-global` when playbooks are updated.*

Step 3: Write the File

Write the generated content to ~/.claude/CLAUDE.md.

If the file exists, back it up first:

cp ~/.claude/CLAUDE.md ~/.claude/CLAUDE.md.backup

Step 4: Verify

Confirm the file was written:

head -20 ~/.claude/CLAUDE.md

Output Checklist

After generation, verify:

File exists at ~/.claude/CLAUDE.md
Version and date are current
All sections are populated
Playbook references are correct
File is under 150 lines / 2K tokens (context efficiency)
No duplication of content available in playbooks (reference instead)
Context & Resource Efficiency section includes model selection table
Continuous improvement directive present (auto-memory, surface gaps)

Customization Points

The generated CLAUDE.md can be manually edited for:

Personal preferences not covered by playbooks
Tool-specific settings (editor, terminal, etc.)
Organization-specific standards beyond playbooks

Mark manual additions clearly so they’re preserved on regeneration:

## Custom (Manual)
[Your additions here - preserved on regeneration]

Maintenance

When to regenerate:

After playbook version updates (v1.5.0 → v1.6.0)
After adding new playbook commands you want reflected
Monthly refresh to ensure alignment

Version tracking: The generated file includes version and date. Check periodically:

head -5 ~/.claude/CLAUDE.md

/pb-claude-project - Generate project-specific CLAUDE.md
/pb-claude-orchestration - Model selection and resource efficiency guide
/pb-preamble - Full collaboration philosophy
/pb-design-rules - Complete design rules reference
/pb-standards - Detailed coding standards

This command generates your global Claude Code context from playbook principles.

Generate Project CLAUDE.md

Generate a project-specific .claude/CLAUDE.md by analyzing the current project structure, tech stack, and patterns.

Purpose: Create project-specific context that complements global CLAUDE.md with details relevant to THIS project.

Philosophy: Project CLAUDE.md should capture what’s unique about this project-tech stack, structure, commands, patterns-so Claude Code understands the project context across sessions.

Context efficiency: This file is loaded every conversation turn. Keep it under 2K tokens (~150 lines). Move detailed documentation to docs/ and reference it.

Mindset: Design Rules emphasize “clarity over cleverness” - generated context should be immediately useful, not comprehensive.

Resource Hint: sonnet - project analysis and template generation from existing structure.

When to Use

Setting up a new project for Claude Code workflow
After major project restructuring
When onboarding to an existing project
Periodically to refresh project context as it evolves

Analysis Process

Step 1: Detect Tech Stack

Check for these files to identify language and framework:

File	Indicates
`package.json`	Node.js/JavaScript/TypeScript
`pyproject.toml` or `requirements.txt`	Python
`go.mod`	Go
`Cargo.toml`	Rust
`pom.xml` or `build.gradle`	Java
`Gemfile`	Ruby
`composer.json`	PHP

Read the file to extract:

Project name
Version
Key dependencies (framework, testing, etc.)
Scripts/commands

Step 2: Identify Framework

From dependencies, identify the framework:

Dependency	Framework
`fastapi`, `flask`, `django`	Python web
`express`, `fastify`, `nestjs`	Node.js web
`gin`, `echo`, `fiber`	Go web
`react`, `vue`, `angular`	Frontend
`sqlalchemy`, `prisma`, `gorm`	ORM

Step 3: Map Directory Structure

List top-level directories and identify patterns:

ls -la

Common patterns to recognize:

src/ or lib/ - Source code
tests/ or test/ or __tests__/ - Tests
docs/ - Documentation
scripts/ - Automation scripts
config/ or conf/ - Configuration
api/ or routes/ - API endpoints
models/ - Data models
services/ - Business logic
utils/ or helpers/ - Utilities

Step 4: Analyze Testing Patterns

Find test files and understand patterns:

find . -name "*test*" -o -name "*spec*" | head -20

Read one representative test file to understand:

Test framework (pytest, jest, go test, etc.)
Test structure (describe/it, test functions, table-driven)
Mocking patterns
Assertion style

Step 5: Identify Build/Run Commands

Check these sources for commands:

Source	Commands
`Makefile`	`make <target>`
`package.json` scripts	`npm run <script>`
`pyproject.toml` scripts	`poetry run <script>`
`docker-compose.yml`	`docker-compose up`
`README.md`	Setup/run instructions

Step 6: Check for Existing Context

Look for existing documentation:

README.md - Project overview
CONTRIBUTING.md - Contribution guidelines
docs/ - Additional documentation
.env.example - Environment variables needed

Working Context Discovery: Check for working context documents that provide rich project state:

ls todos/*working-context*.md 2>/dev/null

Common locations: todos/working-context.md, todos/1-working-context.md

If a working context exists:

Read it first - It contains current version, active development context, and session checklists
Check currency - Compare version/date with git tags and recent commits
Update if stale - If working context is outdated, update it as part of generation
Extract key info - Use it to populate Tech Stack, Commands, and Active Development sections

Step 7: Detect CI/CD

Check for CI configuration:

.github/workflows/ - GitHub Actions
.gitlab-ci.yml - GitLab CI
Jenkinsfile - Jenkins
.circleci/ - CircleCI

Generate CLAUDE.md

Create .claude/CLAUDE.md with this structure:

# [Project Name] Development Context

> Generated: YYYY-MM-DD
> Tech Stack: [Language] + [Framework]
>
> This file provides project-specific context for Claude Code.
> Global guidelines: ~/.claude/CLAUDE.md

---

## Project Overview

[One-line description from README or package.json]

**Repository:** [URL if available]
**Status:** [Active development / Maintenance / etc.]

---

## Tech Stack

| Layer | Technology |
|-------|------------|
| Language | [e.g., Python 3.11] |
| Framework | [e.g., FastAPI] |
| Database | [e.g., PostgreSQL] |
| ORM | [e.g., SQLAlchemy] |
| Testing | [e.g., pytest] |
| CI/CD | [e.g., GitHub Actions] |

---

## Project Structure

[project-name]/ ├── [dir]/ # [Description] ├── [dir]/ # [Description] ├── [dir]/ # [Description] └── [file] # [Description]


**Key locations:**
- Source code: `[path]`
- Tests: `[path]`
- Configuration: `[path]`
- Documentation: `[path]`

---

## Commands

**Development:**
```bash
[command]           # Start development server
[command]           # Run tests
[command]           # Lint/format code

Build & Deploy:

[command]           # Build for production
[command]           # Deploy

Testing

Framework: [pytest/jest/go test/etc.]

Run tests:

[command]

Test patterns:

[Describe test organization]
[Describe mocking approach]
[Coverage expectations]

Environment

Required variables:

[VAR_NAME]          # [Description]
[VAR_NAME]          # [Description]

Setup:

cp .env.example .env
# Edit .env with your values

Relevant Playbooks

Based on this project’s tech stack:

Command	Relevance
`/pb-guide-[lang]`	Language-specific SDLC
`/pb-patterns-[type]`	Applicable patterns
`/pb-testing`	Testing guidance
`/pb-security`	Security checklist

Guardrails

[Project-specific safety constraints - customize as needed]

Infrastructure - [Lock level: strict/moderate/flexible]
Dependencies - [Approval required: yes/no]
Ports - [List fixed ports if any]
Data - [Database modification rules]

Project Guardrails

Project-specific safety constraints (supplement global guardrails):

## Guardrails

- **Infrastructure lock** - No Docker/DB/environment changes without approval
- **Dependency lock** - No new dependencies without approval
- **Port lock** - Backend: [port], Frontend: [port] - do not change
- **Design system** - Follow existing UI patterns in [path]
- **Data safety** - No database deletions without explicit approval

Customize based on project needs. Remove irrelevant constraints.

Project-Specific Guidelines

[Area 1]

[Any project-specific conventions or overrides]

[Area 2]

[Any project-specific conventions or overrides]

Overrides from Global

[Document any intentional deviations from global CLAUDE.md]

Example:

Commit scope: This project uses module: prefix instead of feat:
Test coverage: This project requires 90% coverage (vs global 80%)

Session Quick Start

# Get oriented
git status
[command to run tests]

# Start development
[command to start dev server]

Regenerate with /pb-claude-project when project structure changes significantly.


---

## Conciseness Guidelines

**Target: Under 2K tokens (~150 lines)**

Project CLAUDE.md is loaded every turn. Large files consume context that could be used for actual work.

**Keep in CLAUDE.md:**
- Tech stack table (essential)
- Key commands (daily use)
- Project structure (high-level only)
- Current version and status
- Critical patterns unique to this project

**Move to docs/:**
- Full API reference
- Detailed architecture explanations
- All environment variables (keep only critical ones)
- Extended examples
- Historical context

**Trim aggressively:**
- Remove sections that duplicate global CLAUDE.md
- Collapse verbose explanations to one-liners
- Use tables over prose
- Reference playbooks instead of repeating their content

**Example trimming:**
```markdown
# Before (verbose)
## Environment Variables
The following environment variables are required for the application to function...
DATABASE_URL - The PostgreSQL connection string...
[20 more lines]

# After (concise)
## Environment
See `.env.example`. Critical: `DATABASE_URL`, `API_KEY`, `JWT_SECRET`

Output Location

Write to: .claude/CLAUDE.md in project root

mkdir -p .claude
# Write generated content to .claude/CLAUDE.md

If file exists, back it up:

cp .claude/CLAUDE.md .claude/CLAUDE.md.backup

Verification Checklist

After generation, verify:

.claude/CLAUDE.md exists in project root
File is under 150 lines / 2K tokens (critical for context efficiency)
Tech stack is correctly identified
Key commands are accurate and work
Directory structure matches reality (high-level only)
Test commands run successfully
Relevant playbooks are appropriate for this stack
Working context (if exists) is current and referenced
Detailed docs moved to docs/, not duplicated in CLAUDE.md

Customization

After generation, manually add:

Team conventions specific to this project
Known gotchas or quirks
Architecture decisions not captured elsewhere
Integration details (external services, APIs)

Mark manual sections:

## Custom (Manual)
[Preserved on regeneration]

Maintenance

When to regenerate:

After major refactoring
When adding new major dependencies
When changing build/test tooling
Quarterly refresh

Working context maintenance: If the project has a working context document (typically in todos/):

Check if it’s current before regenerating CLAUDE.md
Update working context if version/date is stale
Use /pb-context command to refresh working context

Partial updates: For minor changes, edit the file directly rather than full regeneration.

Integration with Global

Project CLAUDE.md complements global:

~/.claude/CLAUDE.md          → Universal principles (commits, PRs, design rules)
.claude/CLAUDE.md            → Project specifics (stack, commands, structure)

Precedence: Project-specific guidelines override global when they conflict.

Example override:

## Overrides from Global

- **Commits:** This project uses `[JIRA-123]` prefix for all commits
- **Testing:** Skip E2E tests locally; CI handles them

/pb-claude-global - Generate/update global CLAUDE.md
/pb-claude-orchestration - Model selection and resource efficiency guide
/pb-context - Project working context template
/pb-onboarding - New developer onboarding
/pb-repo-init - Initialize new project structure

Example: Python FastAPI Project

After analyzing a Python FastAPI project, generated CLAUDE.md might look like:

# UserService Development Context

> Generated: 2026-01-13
> Tech Stack: Python 3.11 + FastAPI

---

## Tech Stack

| Layer | Technology |
|-------|------------|
| Language | Python 3.11 |
| Framework | FastAPI 0.109 |
| Database | PostgreSQL 15 |
| ORM | SQLAlchemy 2.0 |
| Testing | pytest + httpx |
| CI/CD | GitHub Actions |

---

## Project Structure

userservice/ ├── app/ │ ├── api/ # Route handlers │ ├── models/ # SQLAlchemy models │ ├── services/ # Business logic │ └── main.py # Application entry ├── tests/ # pytest tests ├── alembic/ # Database migrations └── docker-compose.yml


---

## Commands

```bash
make dev            # Start with hot reload
make test           # Run pytest
make lint           # Run ruff + mypy
make migrate        # Run alembic migrations

Relevant Playbooks

Command	Relevance
`/pb-guide-python`	Python SDLC patterns
`/pb-patterns-db`	Database patterns
`/pb-patterns-async`	Async patterns (FastAPI is async)


---

*This command generates project-specific Claude Code context through systematic analysis.*

Claude Code Orchestration

Purpose: Guide model selection, task delegation, context management, and continuous self-improvement for efficient Claude Code usage.

Mindset: Apply /pb-design-rules thinking (Simplicity - cheapest model that produces correct results; Clarity - make delegation explicit) and /pb-preamble thinking (challenge assumptions about model choice - is opus actually needed here, or is it habit?).

Resource Hint: sonnet - reference guide for model selection and delegation patterns.

When to Use

Starting a session with mixed-complexity tasks
Planning workflows that involve subagent delegation
Reviewing resource efficiency after a session
Generating or updating CLAUDE.md templates
After a session where model choice caused issues (wrong model, wasted tokens)

Model Tiers

Tier	Model	Role	Strengths	Trade-off
Architect	opus	Planner, reviewer, decision-maker	Deep reasoning, nuance, trade-offs	Highest cost, slowest
Engineer	sonnet	Implementer, coder, analyst	Code generation, balanced judgment	Medium cost, medium speed
Scout	haiku	Runner, searcher, formatter	File search, validation, mechanical	Lowest cost, fastest

Opus reasons. Sonnet builds. Haiku runs.

Model Selection Strategy

By Task Type

Task	Model	Why
Architecture decisions, complex planning	opus	Multi-step reasoning, trade-off analysis
Security deep-dives, threat modeling	opus	Correctness stakes are high
Code review (critical paths)	opus	Judgment about design, not just correctness
Code implementation, refactoring	sonnet	Well-defined task, good balance
Test writing, documentation	sonnet	Pattern application, not invention
Routine code review	sonnet	Standard checklist evaluation
File search, codebase exploration	haiku	Mechanical, no reasoning needed
Linting, formatting, validation	haiku	Rule application, not judgment
Status checks, simple lookups	haiku	Information retrieval only

Decision Criteria

Ask these in order (first match wins):

Does this require architectural judgment or trade-off analysis? → opus
Does this require code generation or analytical reasoning? → sonnet
Is this mechanical (search, format, validate, scaffold)? → haiku

When unsure, start with sonnet. Upgrade to opus if results lack depth. Downgrade to haiku if the task is mechanical.

Task Delegation Patterns

When to Delegate (Task Tool)

Delegate to subagents:

Independent research or codebase exploration
File search across many files
Validation and lint checks
Parallel information gathering
Work that would pollute main context with noise

Keep in main context:

Decisions that affect subsequent steps
Architecture and planning
Work requiring conversational continuity with the user
Anything where the user needs to see the reasoning

Parallel vs Sequential

Pattern	When	Example
Parallel subagents	Independent queries, no shared state	Search 3 directories simultaneously
Sequential subagents	Output of one feeds into next	Explore → then Plan based on findings
Main context only	User interaction needed, judgment calls	Architecture review with the user

Model Assignment in Task Tool

model: "haiku"   → Explore agents, file search, grep, validation
model: "sonnet"  → Code writing, analysis, standard reviews
(default/opus)   → Planning, architecture, complex analysis

Context Budget Management

Budget Awareness

Context Load	Budget	Frequency
Global CLAUDE.md	<150 lines	Every turn, every session
Project CLAUDE.md	<150 lines	Every turn, every session
Auto-memory MEMORY.md	<200 lines	Every turn, every session
Session context	Finite, compaction is lossy	Fills during session

Every unnecessary line in CLAUDE.md or MEMORY.md costs tokens on every single turn. Be ruthlessly concise in persistent files.

Efficiency Principles

Subagents for exploration (separate context window, doesn’t pollute main)
Surgical file reads (offset + limit, not full files when you know the area)
Plans in files, not in chat (reference by path, not by pasting)
Compact at natural breakpoints (after commit, after phase - not mid-task)
Commit frequently (each commit is a context checkpoint)
Reference by commit hash (not by re-reading entire files)

Playbook-to-Model Mapping

Classification	Example Commands	Default Model	Delegation
Executor	pb-commit, pb-start, pb-deploy	sonnet	Procedural steps, well-defined
Orchestrator	pb-release, pb-ship, pb-review	opus (main)	Delegates subtasks to sonnet/haiku
Guide	pb-preamble, pb-design-rules	opus	Deep reasoning about principles
Reference	`pb-patterns-*`, pb-templates	sonnet	Pattern application, lookup
Review	`pb-review-*`, pb-security	opus + haiku	Phase 1: haiku automated; Phase 2-3: opus

Self-Healing and Continuous Learning

The orchestrator is not static. It learns, adapts, and improves.

Operational Self-Awareness

After each significant workflow, reflect:

Question	Action if Yes
Did a model choice produce poor results?	Record in auto-memory, adjust default for that task type
Did a subagent return insufficient results?	Note the prompt pattern that failed, try broader/narrower next time
Did context fill up mid-task?	Record breakpoint strategy, compact earlier next session
Was a playbook missing or insufficient?	Note the gap, suggest improvement to user
Did the workflow take more turns than expected?	Analyze why - wrong model? Missing information? Poor delegation?

Auto-Memory as Learning Journal

Use the auto-memory directory (~/.claude/projects/<project>/memory/) to persist operational learnings:

MEMORY.md (loaded every session, <200 lines):

Model selection adjustments discovered through experience
Playbook gaps encountered and workarounds used
Project-specific orchestration preferences
Context management lessons learned

Topic files (referenced from MEMORY.md, loaded on demand):

orchestration-lessons.md - Model choice outcomes, delegation pattern results
playbook-gaps.md - Missing guidance discovered during workflows
project-patterns.md - Project-specific efficiency patterns

Feedback Loop

Execute workflow
    |
    v
Observe outcome
    |
    v
Was it efficient? Correct? Right model?
    |           |
    YES         NO
    |           |
    v           v
Continue    Record learning in auto-memory
            Adjust approach for next time
            Surface playbook gap to user if systemic

Self-Healing Behaviors

Trigger	Self-Healing Response
Subagent returns empty/useless results	Retry with adjusted prompt or different model tier
Context approaching limit mid-task	Proactively compact, checkpoint state in files
Playbook command produces unexpected output	Note in memory, suggest playbook update
Model produces shallow reasoning	Escalate to higher tier, record the task type
Repeated pattern across sessions	Extract to auto-memory for persistent learning
Stale information in MEMORY.md	Prune during session start, keep only current learnings

Suggesting Playbook Improvements

When the orchestrator discovers gaps during operation:

Note the gap - What was missing, what workaround was used
Assess frequency - One-off vs recurring need
Propose to user - “Encountered [gap] during [workflow]. Suggest updating [playbook] with [specific addition].”
Don’t self-modify playbooks silently - Propose, don’t assume

This creates a virtuous cycle: use playbooks → discover gaps → propose improvements → playbooks get better → usage gets better.

Anti-Patterns

Anti-Pattern	Why It Hurts	Better Approach
Opus for file search	Expensive, no reasoning advantage	haiku via Task tool
Haiku for architecture	Shallow reasoning, bad decisions	opus in main context
Serializing independent subagents	Wastes wall-clock time	Parallel Task calls
Loading full files for 10 lines	Context waste	Read with offset + limit
Pasting plans into chat	Consumes context every turn	Store in files, reference by path
Skipping compaction until forced	Lossy emergency compaction	Compact at natural breakpoints
Same model for everything	Wastes cost or quality	Match model to task
Never recording what worked	Same mistakes repeated	Use auto-memory feedback loop
Ignoring playbook friction	Workarounds accumulate silently	Surface gaps, propose fixes

Examples

Example 1: Feature Implementation Workflow

/pb-plan - opus (main context): architecture decisions, trade-offs
Explore codebase - haiku (Task tool, 2-3 parallel agents): find relevant files
Implementation - sonnet (main context): write code
Write tests - sonnet (Task tool): parallel test generation
Self-review - opus (main context): critical evaluation
/pb-commit - sonnet: procedural commit workflow

Post-session reflection:

Did haiku find what was needed? (If not, adjust search prompts in memory)
Did sonnet’s code need significant opus review fixes? (If yes, consider opus for complex implementation next time)

Example 2: Playbook Review with Model Delegation

Phase 1 automated checks - haiku (Task tool): count commands, validate cross-refs
Phase 2 category review - opus (main context): nuanced evaluation of intent, quality
Phase 3 cross-category - opus (main context): holistic pattern recognition

/pb-claude-global - Generate global CLAUDE.md (concise orchestration rules)
/pb-claude-project - Generate project CLAUDE.md
/pb-learn - Pattern learning from debugging (complements operational learning here)
/pb-review-playbook - Playbook review (model delegation by phase)
/pb-new-playbook - Meta-playbook (resource hint in scaffold)

Last Updated: 2026-02-07 Version: 1.0.0

Bootstrap Dev Machine

Set up a new Mac for development from scratch. Opinionated defaults with escape hatches for customization.

Platform: macOS Use Case: New machine, nuke-and-pave, or standardizing team setups

Mindset: Design Rules emphasize “simple by default” - install only what’s needed, configure minimally.

Resource Hint: sonnet - Dev machine bootstrap with accurate tool detection and configuration.

When to Use

Setting up a brand new Mac for development
Reinstalling after an OS wipe or nuke-and-pave
Standardizing team dev environments with a shared Brewfile
Onboarding a new team member who needs a working setup quickly

Execution Flow

┌─────────────────────────────────────────────────────────────┐
│  1. PREFLIGHT    Verify macOS, accept Xcode license        │
│         ↓                                                   │
│  2. FOUNDATION   Homebrew, git, shell setup                 │
│         ↓                                                   │
│  3. LANGUAGES    Node, Python, Go, Rust (as needed)         │
│         ↓                                                   │
│  4. TOOLS        Docker, editors, CLI utilities             │
│         ↓                                                   │
│  5. CONFIG       Dotfiles, SSH keys, git config             │
│         ↓                                                   │
│  6. VERIFY       Run health check                           │
└─────────────────────────────────────────────────────────────┘

Phase 1: Preflight

Accept Xcode License

# Install command line tools (if not present)
xcode-select --install 2>/dev/null || true

# Accept Xcode license
sudo xcodebuild -license accept 2>/dev/null || true

Verify macOS Version

sw_vers

# Recommended: macOS 13+ (Ventura or later)

Phase 2: Foundation

Install Homebrew

# Install Homebrew
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

# Add to PATH (Apple Silicon)
echo 'eval "$(/opt/homebrew/bin/brew shellenv)"' >> ~/.zprofile
eval "$(/opt/homebrew/bin/brew shellenv)"

# Verify
brew --version

Core CLI Tools

brew install \
  git \
  gh \
  jq \
  ripgrep \
  fd \
  fzf \
  tree \
  htop \
  wget \
  curl

Shell Setup (zsh)

# Oh My Zsh (optional but common)
sh -c "$(curl -fsSL https://raw.githubusercontent.com/ohmyzsh/ohmyzsh/master/tools/install.sh)"

# Or keep vanilla zsh with just essentials
touch ~/.zshrc

Phase 3: Languages

Node.js (via nvm)

# Install nvm
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash

# Reload shell
source ~/.zshrc

# Install Node LTS
nvm install --lts
nvm alias default lts/*

# Verify
node --version
npm --version

Python (via pyenv)

# Install pyenv
brew install pyenv

# Add to shell
echo 'eval "$(pyenv init -)"' >> ~/.zshrc
source ~/.zshrc

# Install Python
pyenv install 3.12
pyenv global 3.12

# Verify
python3 --version
pip3 --version

Go

# Install Go
brew install go

# Set up GOPATH
echo 'export GOPATH=$HOME/go' >> ~/.zshrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.zshrc

# Verify
go version

Rust

# Install Rust via rustup
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

# Reload shell
source ~/.cargo/env

# Verify
rustc --version
cargo --version

Phase 4: Development Tools

Docker

# Install Docker Desktop
brew install --cask docker

# Start Docker Desktop manually, then verify
docker --version
docker compose version

Editors

# VS Code
brew install --cask visual-studio-code

# Or your preferred editor
# brew install --cask cursor
# brew install --cask zed
# brew install neovim

Database Tools (as needed)

# PostgreSQL client
brew install libpq
brew link --force libpq

# Or full PostgreSQL
# brew install postgresql@16

# Redis
# brew install redis

# MongoDB tools
# brew tap mongodb/brew
# brew install mongodb-database-tools

Additional CLI Tools

brew install \
  lazygit \
  bat \
  eza \
  delta \
  tldr

Phase 5: Configuration

Git Configuration

# Identity
git config --global user.name "Your Name"
git config --global user.email "your.email@example.com"

# Defaults
git config --global init.defaultBranch main
git config --global pull.rebase true
git config --global push.autoSetupRemote true

# Better diffs (if delta installed)
git config --global core.pager delta
git config --global interactive.diffFilter "delta --color-only"

# Aliases
git config --global alias.co checkout
git config --global alias.br branch
git config --global alias.st status
git config --global alias.lg "log --oneline --graph --all"

SSH Key

# Generate SSH key (if not restoring from backup)
ssh-keygen -t ed25519 -C "your.email@example.com"

# Start ssh-agent
eval "$(ssh-agent -s)"

# Add to keychain
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

# Copy public key
pbcopy < ~/.ssh/id_ed25519.pub
echo "SSH public key copied to clipboard. Add to GitHub/GitLab."

GitHub CLI Authentication

# Authenticate with GitHub
gh auth login

# Verify
gh auth status

Dotfiles (if you have them)

# Clone your dotfiles repo
git clone git@github.com:YOUR_USERNAME/dotfiles.git ~/.dotfiles

# Run your install script
cd ~/.dotfiles && ./install.sh

Claude Code DX

If you use Claude Code, configure these optimizations:

# Lazy MCP tool loading - tools load on-demand, saves context tokens
# Add to ~/.claude/settings.json:
#   "env": { "ENABLE_TOOL_SEARCH": "true" }

# Status line with context bar - shows model, branch, token usage
# Install playbook scripts (includes context-bar.sh + check-context.sh)
cd /path/to/playbook && ./scripts/install.sh

# Verify status line and hooks are configured
cat ~/.claude/settings.json | jq '.statusLine, .hooks'

The playbook’s install.sh sets up:

Context bar - model, branch, uncommitted files, token usage progress bar
Context warning hook - advisory at 80% usage, suggests /pb-pause at 90%

Phase 6: Verification

Run the health check:

echo "=== Verification ==="
echo "Homebrew: $(brew --version | head -1)"
echo "Git: $(git --version)"
echo "Node: $(node --version)"
echo "npm: $(npm --version)"
echo "Python: $(python3 --version)"
echo "Go: $(go version 2>/dev/null || echo 'Not installed')"
echo "Rust: $(rustc --version 2>/dev/null || echo 'Not installed')"
echo "Docker: $(docker --version 2>/dev/null || echo 'Not running')"

# Run full doctor check
# /pb-doctor

Brewfile (Declarative Setup)

For repeatable setups, use a Brewfile:

# Create Brewfile
cat > ~/Brewfile << 'EOF'
# Taps
tap "homebrew/bundle"
tap "homebrew/cask"

# CLI Tools
brew "git"
brew "gh"
brew "jq"
brew "ripgrep"
brew "fd"
brew "fzf"
brew "tree"
brew "htop"
brew "bat"
brew "eza"
brew "lazygit"

# Languages
brew "pyenv"
brew "go"

# Apps
cask "docker"
cask "visual-studio-code"
cask "rectangle"
cask "1password"
EOF

# Install everything
brew bundle --file=~/Brewfile

User Interaction Flow

When executing this playbook:

Preflight - Check macOS version, Xcode status
Select stack - Ask what languages/tools needed
Execute phases - Run with progress updates
Configure - Walk through git config, SSH setup
Verify - Run health check

AskUserQuestion Structure

Stack Selection:

Question: "What development stack do you need?"
Options:
  - Full stack web (Node, Python, Docker)
  - Frontend (Node only)
  - Backend (Python, Go, Docker)
  - Systems (Rust, Go)
MultiSelect: false

Additional Tools:

Question: "Which additional tools?"
Options:
  - Docker Desktop
  - VS Code
  - PostgreSQL
  - Redis
MultiSelect: true

Quick Setup Script

One-liner for the brave (installs essentials):

# WARNING: Review before running
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" && \
eval "$(/opt/homebrew/bin/brew shellenv)" && \
brew install git gh jq ripgrep fd fzf && \
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash && \
source ~/.zshrc && nvm install --lts

Troubleshooting

Issue	Solution
Homebrew permission denied	`sudo chown -R $(whoami) /opt/homebrew`
Xcode license not accepted	`sudo xcodebuild -license accept`
nvm: command not found	Add nvm init to shell profile, restart terminal
pyenv: python not found	`eval "$(pyenv init -)"` in profile
Docker won’t start	Open Docker Desktop app first, accept terms
SSH key not working	Check `ssh-add -l`, ensure key added

Post-Setup Checklist

Homebrew installed and working
Git configured with name and email
SSH key generated and added to GitHub/GitLab
Primary language runtime installed
Docker running (if needed)
Editor installed and configured
Clone essential repos
Run /pb-doctor to verify health

/pb-doctor - Verify system health after setup
/pb-update - Keep tools current
/pb-storage - Clean up if disk gets full
/pb-start - Begin development work

Run on new machines or after OS reinstall. Keep Brewfile in dotfiles for repeatability.

System Health Check

Diagnose system health issues: disk space, memory pressure, CPU usage, and common developer environment problems. The “what’s wrong” before “how to fix.”

Platform: macOS (with Linux alternatives noted) Use Case: “Something’s slow” / “Builds are failing” / “Machine feels sluggish”

Mindset: Design Rules say “fail noisily and early” - surface system problems before they cascade.

Resource Hint: sonnet - System health diagnostics with accurate assessment.

When to Use

Machine feels slow or unresponsive during development
Builds or tests are failing unexpectedly
Before running storage cleanup or tool updates (baseline check)

Execution Flow

┌─────────────────────────────────────────────────────────────┐
│  1. DISK         Check available space, large consumers     │
│         ↓                                                   │
│  2. MEMORY       Check RAM usage, swap pressure             │
│         ↓                                                   │
│  3. CPU          Check load, runaway processes              │
│         ↓                                                   │
│  4. PROCESSES    Find resource hogs                         │
│         ↓                                                   │
│  5. DEV TOOLS    Check dev environment health               │
│         ↓                                                   │
│  6. REPORT       Summary with recommendations               │
└─────────────────────────────────────────────────────────────┘

Quick Health Check

Run this for a fast overview:

echo "=== Disk ===" && df -h / | tail -1
echo "=== Memory ===" && vm_stat | head -5
echo "=== CPU Load ===" && uptime
echo "=== Top Processes ===" && ps aux | sort -nrk 3,3 | head -6

Step 1: Disk Health

Check Available Space

# Overall disk usage
df -h /

# Check if approaching limits
USAGE=$(df -h / | tail -1 | awk '{print $5}' | tr -d '%')
if [ "$USAGE" -gt 80 ]; then
  echo "WARNING: Disk usage at ${USAGE}%"
fi

Find Large Directories

# Top 10 largest directories in home
du -sh ~/* 2>/dev/null | sort -hr | head -10

# Developer-specific large directories
du -sh ~/Library/Developer 2>/dev/null
du -sh ~/Library/Caches 2>/dev/null
du -sh ~/.docker 2>/dev/null
du -sh node_modules 2>/dev/null

Thresholds:

Usage	Status	Action
< 70%	Healthy	None needed
70-85%	Warning	Consider `/pb-storage`
> 85%	Critical	Run `/pb-storage` immediately

Step 2: Memory Health

Check Memory Pressure

# macOS memory stats
vm_stat

# Human-readable summary
vm_stat | awk '
  /Pages free/ {free=$3}
  /Pages active/ {active=$3}
  /Pages inactive/ {inactive=$3}
  /Pages wired/ {wired=$3}
  END {
    page=4096/1024/1024
    print "Free: " free*page " GB"
    print "Active: " active*page " GB"
    print "Wired: " wired*page " GB"
  }
'

# Check for memory pressure (macOS)
memory_pressure

Check Swap Usage

# Swap usage (high swap = memory pressure)
sysctl vm.swapusage

# If swap is being used heavily, memory is constrained

Find Memory Hogs

# Top 10 by memory usage
ps aux --sort=-%mem | head -11

# Or using top (snapshot)
top -l 1 -n 10 -o mem

Thresholds:

Indicator	Healthy	Warning	Critical
Memory Pressure	Normal	Warn	Critical (yellow/red in Activity Monitor)
Swap Used	< 1GB	1-4GB	> 4GB
Free + Inactive	> 2GB	1-2GB	< 1GB

Step 3: CPU Health

Check Load Average

# Current load
uptime

# Load interpretation:
# - Load < cores: healthy
# - Load = cores: fully utilized
# - Load > cores: overloaded
sysctl -n hw.ncpu  # Number of cores

Find CPU Hogs

# Top 10 by CPU
ps aux --sort=-%cpu | head -11

# Real-time view (quit with 'q')
top -o cpu

# Find processes using > 50% CPU
ps aux | awk '$3 > 50 {print $0}'

Check for Runaway Processes

# Processes running > 1 hour with high CPU
ps -eo pid,etime,pcpu,comm | awk '$3 > 50 && $2 ~ /-/ {print}'

Thresholds:

Cores	Healthy Load	Warning	Overloaded
8	< 6	6-10	> 10
10	< 8	8-12	> 12
12	< 10	10-15	> 15

Step 4: Process Analysis

Find Resource Hogs

# Combined CPU + Memory view
ps aux | awk 'NR==1 || $3 > 10 || $4 > 5' | head -20

Common Developer Culprits

# Check known resource hogs
for proc in "node" "webpack" "docker" "java" "Xcode" "Simulator" "Chrome"; do
  pgrep -f "$proc" > /dev/null && echo "$proc is running"
done

# Docker specifically
docker stats --no-stream 2>/dev/null | head -10

Zombie Processes

# Find zombie processes
ps aux | awk '$8 ~ /Z/ {print}'

Step 5: Developer Environment Health

Check Critical Tools

echo "=== Git ===" && git --version
echo "=== Node ===" && node --version 2>/dev/null || echo "Not installed"
echo "=== npm ===" && npm --version 2>/dev/null || echo "Not installed"
echo "=== Python ===" && python3 --version 2>/dev/null || echo "Not installed"
echo "=== Docker ===" && docker --version 2>/dev/null || echo "Not installed/running"
echo "=== Homebrew ===" && brew --version 2>/dev/null | head -1 || echo "Not installed"

Check for Outdated Tools

# Homebrew outdated
brew outdated 2>/dev/null | head -10

# npm outdated globals
npm outdated -g 2>/dev/null | head -10

Check Docker Health

# Docker disk usage
docker system df 2>/dev/null

# Docker running containers
docker ps --format "table {{.Names}}\t{{.Status}}\t{{.Ports}}" 2>/dev/null

Check Xcode (if installed)

# Xcode version and path
xcode-select -p 2>/dev/null && xcodebuild -version 2>/dev/null | head -2

# Xcode disk usage
du -sh ~/Library/Developer/Xcode 2>/dev/null

Step 6: Generate Report

After running diagnostics, summarize:

=== SYSTEM HEALTH REPORT ===

DISK:     [OK/WARNING/CRITICAL] - XX% used (XX GB free)
MEMORY:   [OK/WARNING/CRITICAL] - XX GB active, XX GB swap
CPU:      [OK/WARNING/CRITICAL] - Load: X.XX (X cores)
DOCKER:   [OK/WARNING/N/A] - XX GB used

TOP RESOURCE CONSUMERS:
1. Process A - XX% CPU, XX% MEM
2. Process B - XX% CPU, XX% MEM
3. Process C - XX% CPU, XX% MEM

RECOMMENDATIONS:
- [ ] Run /pb-storage to free disk space
- [ ] Kill process X (runaway)
- [ ] Restart Docker (high memory)

User Interaction Flow

When executing this playbook:

Run full diagnostic - All checks above
Present findings - Show health status per category
Prioritize issues - Critical first, then warnings
Offer remediation - Link to relevant playbooks

AskUserQuestion Structure

After Report:

Question: "What would you like to address first?"
Options:
  - Free disk space (/pb-storage)
  - Kill resource hogs (I'll show which)
  - Update outdated tools (/pb-update)
  - Just wanted the report, thanks

Automated Health Script

Save as ~/bin/doctor.sh:

#!/bin/bash

echo "=== DISK ==="
df -h / | tail -1

echo -e "\n=== MEMORY ==="
memory_pressure 2>/dev/null || vm_stat | head -5

echo -e "\n=== CPU LOAD ==="
uptime

echo -e "\n=== TOP PROCESSES (CPU) ==="
ps aux --sort=-%cpu | head -6

echo -e "\n=== TOP PROCESSES (MEM) ==="
ps aux --sort=-%mem | head -6

echo -e "\n=== DOCKER ==="
docker system df 2>/dev/null || echo "Not running"

echo -e "\n=== OUTDATED BREW ==="
brew outdated 2>/dev/null | head -5 || echo "N/A"

Troubleshooting

Symptom	Likely Cause	Solution
High CPU, nothing obvious	Background indexing (Spotlight, Time Machine)	Wait, or exclude dev dirs from Spotlight
High memory, no heavy apps	Memory leaks in long-running processes	Restart Docker, browsers, IDEs
Disk full suddenly	node_modules, Docker images, Xcode	Run `/pb-storage`
Everything slow	Multiple causes	Check all metrics, address worst first
Fan running constantly	High CPU process	Find and kill, or improve ventilation

/pb-storage - Free disk space
/pb-ports - Check port usage and conflicts
/pb-update - Update outdated tools
/pb-debug - Deep debugging methodology
/pb-git-hygiene - Git repository health audit (branches, large objects, secrets)

Run monthly or when machine feels slow. Good first step before any cleanup.

GitHub Actions Failure Analysis

Structured investigation of GitHub Actions failures. Follows a 6-step methodology: identify what failed, assess flakiness, find the breaking commit, analyze root cause, check for existing fixes, and report.

Works with any GitHub Actions workflow. Requires gh CLI authenticated.

Mindset: Apply /pb-debug thinking - reproduce before theorizing. Apply /pb-preamble thinking - challenge the obvious explanation. A “flaky test” might be a real race condition. A “random failure” might be a dependency change.

Resource Hint: sonnet - log analysis, pattern matching, and structured investigation

When to Use

CI pipeline fails and you need to understand why
Recurring failures that might be flaky vs. genuinely broken
Pre-release when CI must be green and something is red
After merging a PR that broke CI on main

Usage

/pb-gha [URL or context]

Examples:

/pb-gha https://github.com/org/repo/actions/runs/12345
/pb-gha (analyzes the current repo’s latest failed run)
/pb-gha the lint job keeps failing on main

Step 1: Identify the Failure

Figure out exactly what failed. Not the workflow - the specific job and step.

# Get the latest failed run (or use provided URL)
gh run list --status failure --limit 5

# View the specific run
gh run view <run-id>

# Get the logs for the failed job
gh run view <run-id> --log-failed

What to look for:

The exit code 1 trigger - not warnings, the actual failure
Error messages vs. noise (deprecation warnings aren’t failures)
Which step in the job failed (build, test, lint, deploy)
The commit that triggered this run

Step 2: Assess Flakiness

Check whether this is a one-off or a pattern. The key is checking the specific failing job, not just the workflow.

# List recent runs of the workflow
gh run list --workflow <workflow-name> --limit 20

# For each run, check if the specific job passed or failed
# Look for patterns: always fails? fails on certain branches? intermittent?

Flakiness indicators:

Same job fails intermittently on the same branch → likely flaky
Job fails consistently after a specific date → likely a real breakage
Job fails only on certain branches → likely a code issue
Job fails at random intervals → timing issue, race condition, or external dependency

Calculate:

Success rate over last 20 runs
When it last passed
When it first started failing

Step 3: Find the Breaking Commit

If the failure is consistent (not flaky), pinpoint when it started.

# Find the last passing run
gh run list --workflow <workflow-name> --status success --limit 1

# Find the first failing run
# Compare: what commits landed between the last success and first failure?

# View the commit that introduced the failure
gh run view <first-failing-run-id> --json headSha
git log --oneline <last-good-sha>..<first-bad-sha>

Verification: The job should pass consistently before the breaking commit and fail consistently after it. If it’s intermittent on both sides, it’s not a clean break - look for a flakiness trigger instead.

Step 4: Analyze Root Cause

With the logs, history, and breaking commit (if found), determine what’s actually going wrong.

Common root causes:

Category	Examples
Code change	Test assertion broken, API contract changed, import error
Dependency	Package version bumped with breaking change, lockfile drift
Environment	Runner image updated, tool version changed, disk space
Timing	Race condition, timeout too short, external service slow
Configuration	Workflow syntax, permissions, secrets expired

Root cause checklist:

Read the actual error message (not just the job name)
Check if the failing code was recently modified
Check if dependencies were updated (lockfile diff)
Check if the runner environment changed (ubuntu-latest vs pinned)
Check for external service dependencies (APIs, registries)

Step 5: Check for Existing Fixes

Before writing a fix, check if someone already has one.

# Search open PRs for the error message or affected file
gh pr list --state open --search "<error keyword>"

# Check if there's a related issue
gh issue list --search "<error keyword>"

# Check if main has moved ahead with a fix
git log origin/main --oneline --since="yesterday" -- <affected-file>

Step 6: Report

Synthesize findings into a clear report.

## GHA Failure Report

**Workflow:** [name]
**Job:** [name]
**Step:** [name]
**Run:** [URL]

### Failure
[What specifically failed - the actual error, not the job name]

### Flakiness
[One-off / Intermittent (N/20 failures) / Consistent since [date]]

### Breaking Commit
[SHA and summary, or "N/A - flaky" if intermittent]

### Root Cause
[What's actually wrong and why]

### Existing Fix
[PR link if found, or "None found"]

### Recommendation
[What to do - fix, retry, pin version, skip, etc.]

Quick Mode

For simple “CI is red, what happened?” situations:

# One-liner: show the latest failure's logs
gh run list --status failure --limit 1 --json databaseId --jq '.[0].databaseId' \
  | xargs gh run view --log-failed

Then follow up with the full methodology if the cause isn’t obvious.

Integration with Other Commands

Situation	Follow Up
Root cause is a code bug	`/pb-debug` for systematic fix
Root cause is test flakiness	`/pb-review-tests` for reliability audit
Root cause is infra/config	`/pb-review-infrastructure` for resilience check
Blocking a release	`/pb-release` once green
Recurring problem	`/pb-review-hygiene` for systemic health

Anti-Patterns

Don’t	Do Instead
Re-run without investigating	Understand the failure first
Blame “flaky tests” without data	Check the last 20 runs for actual flakiness rate
Fix the symptom (skip test)	Fix the root cause
Assume the obvious explanation	Verify with logs and history
Ignore intermittent failures	Intermittent = real bug with a timing component

/pb-debug - Systematic debugging methodology
/pb-doctor - Local system health check
/pb-review-hygiene - Codebase operational health
/pb-release - Release orchestration (needs green CI)

Last Updated: 2026-02-18 Version: 1.0.0

Git Hygiene

Purpose: Periodic audit of git repository health. Identify tracked files that shouldn’t be, clean stale branches, detect large objects, scan for secret exposure, and remediate with options from safe amendments to full history rewrites.

Recommended Frequency: Monthly, before major releases, or when repo feels slow

Mindset: Apply /pb-preamble thinking (surface problems directly, don’t minimize findings) and /pb-design-rules thinking (Clarity, Simplicity: repository should contain only what’s needed, history should be clean).

A healthy git repo is fast to clone, safe from leaked secrets, and free of accumulated cruft. This audit surfaces issues; you decide what to fix.

Resource Hint: sonnet - multi-step audit with remediation judgment, beyond mechanical checking.

When to Use

Monthly maintenance - Routine hygiene check
Before major release - Clean up feature branches, verify no secrets
After onboarding developers - Catch accidental commits of secrets or large files
When clone feels slow - Diagnose repo bloat
Before open-sourcing - Audit history for sensitive data
After security incident - Scan for leaked credentials in history

Phase 1: Discovery (Read-Only Audit)

Run these checks to understand current state. No changes made.

1.1 Tracked Files That Shouldn’t Be

Check for files that should be gitignored:

# Environment and secrets
git ls-files | grep -E '\.env$|\.env\.|credentials|secrets|\.pem$|\.key$|id_rsa'

# Generated artifacts
git ls-files | grep -E 'node_modules/|vendor/|dist/|build/|__pycache__|\.pyc$|\.class$'

# IDE and OS files
git ls-files | grep -E '\.idea/|\.vscode/|\.DS_Store|Thumbs\.db|\.swp$'

# Lock files - NOTE: Most projects SHOULD commit these for reproducible builds
# Only flag if your project intentionally excludes them
# git ls-files | grep -E 'package-lock\.json|yarn\.lock|Gemfile\.lock|poetry\.lock'

1.2 .gitignore Coverage Gaps

Compare what’s ignored vs what should be:

# Show files that would be ignored if .gitignore were applied fresh
git ls-files --ignored --exclude-standard

# Check if common patterns are in .gitignore
for pattern in ".env" "node_modules" ".DS_Store" "*.pyc" ".idea" "dist"; do
  grep -q "$pattern" .gitignore 2>/dev/null || echo "Missing: $pattern"
done

1.3 Large Files in Current Tree

# Find files larger than 1MB
find . -type f -size +1M -not -path "./.git/*" -exec ls -lh {} \;

# Top 20 largest files
git ls-files | xargs -I{} du -h "{}" 2>/dev/null | sort -rh | head -20

1.4 Large Objects in History

# Find largest objects in entire history (requires git-filter-repo or manual)
git rev-list --objects --all | \
  git cat-file --batch-check='%(objecttype) %(objectname) %(objectsize) %(rest)' | \
  awk '/^blob/ {print $3, $4}' | \
  sort -rn | head -20

# Simpler: check pack size
du -sh .git/objects/pack/

1.5 Branch Inventory

# List all local branches with last commit date
git for-each-ref --sort=-committerdate refs/heads/ \
  --format='%(committerdate:short) %(refname:short)'

# List merged branches (safe to delete)
git branch --merged main | grep -v "main\|master\|\*"

# List remote branches merged to main
git branch -r --merged origin/main | grep -v "main\|master\|HEAD"

# Stale branches (no commits in 90 days)
git for-each-ref --sort=committerdate refs/heads/ \
  --format='%(committerdate:short) %(refname:short)' | \
  awk -v cutoff=$(date -v-90d +%Y-%m-%d 2>/dev/null || date -d '90 days ago' +%Y-%m-%d) \
  '$1 < cutoff {print}'

1.6 Secret Scanning

Current files:

# Quick pattern scan (basic, not comprehensive)
git ls-files | xargs grep -l -E \
  'AKIA[0-9A-Z]{16}|AIza[0-9A-Za-z\-_]{35}|sk-[a-zA-Z0-9]{48}|ghp_[a-zA-Z0-9]{36}' \
  2>/dev/null

# API key patterns
git ls-files | xargs grep -l -E \
  'api[_-]?key|apikey|secret[_-]?key|password\s*=' 2>/dev/null

History scan (use dedicated tools):

# gitleaks (recommended)
gitleaks detect --source . --verbose

# trufflehog
trufflehog git file://. --only-verified

# git-secrets (AWS-focused)
git secrets --scan-history

1.7 Repository Size and Health

# Total repo size
du -sh .git

# Object count and size
git count-objects -vH

# Check for corruption
git fsck --full

# Dangling objects (orphaned commits/blobs)
git fsck --unreachable | head -20

Phase 2: Triage Findings

Categorize discoveries by severity:

Severity	Examples	Action Timeline
Critical	Secrets in current files, credentials in history	Immediate (rotate + remove)
High	Large binaries in history, secrets in old commits	This session
Medium	Stale branches, unnecessary tracked files	Soon
Low	.gitignore improvements, minor cleanup	When convenient

Triage Template

## Git Hygiene Findings: [Date]

### Critical (Immediate)
- [ ] [Finding]

### High (This Session)
- [ ] [Finding]

### Medium (Soon)
- [ ] [Finding]

### Low (When Convenient)
- [ ] [Finding]

Phase 3: Remediation

Choose remediation level based on severity and whether changes have been pushed.

Level 1: Safe (No History Rewrite)

Use when: Recent unpushed commits, or changes that don’t require history modification.

Delete merged branches

# Delete local merged branches
git branch --merged main | grep -v "main\|master\|\*" | xargs -r git branch -d

# Delete remote merged branches (careful!)
git branch -r --merged origin/main | grep -v "main\|master\|HEAD" | \
  sed 's/origin\///' | xargs -I{} git push origin --delete {}

Remove file from index (keep in .gitignore)

# Stop tracking file but keep locally
git rm --cached path/to/file
echo "path/to/file" >> .gitignore
git add .gitignore
git commit -m "chore: stop tracking [file], add to .gitignore"

Amend recent unpushed commit

# Remove file from last commit (not pushed)
git reset HEAD~1
git add [files-to-keep]
git commit -m "original message"

Level 2: Careful (History Rewrite, Team Coordination)

Use when: Need to remove from history, but repo is shared. Requires team coordination.

Before starting:

Notify all team members
Ensure everyone has pushed their work
Plan re-clone or rebase for all developers

git filter-repo (Recommended)

# Install if needed
pip install git-filter-repo

# Remove file from entire history
git filter-repo --path path/to/secret/file --invert-paths

# Remove directory from history
git filter-repo --path secrets/ --invert-paths

# Remove files matching pattern
git filter-repo --path-glob '*.pem' --invert-paths

After history rewrite

# Force push (coordinate with team first!)
git push origin --force --all
git push origin --force --tags

# Team members must:
git fetch origin
git reset --hard origin/main
# OR fresh clone

Level 3: Nuclear (Full History Rewrite or Migration)

Use when: Severe contamination, open-sourcing private repo, or history is unsalvageable.

Warning: These options destroy git history. For regulated industries (finance, healthcare, government), git history may be required for audit trails. Consult compliance before proceeding. Consider archiving the original repo before any destructive action.

BFG Repo-Cleaner

Faster than filter-repo for large repos:

# Download BFG
# https://rtyley.github.io/bfg-repo-cleaner/

# Remove files larger than 100MB from history
java -jar bfg.jar --strip-blobs-bigger-than 100M

# Remove specific files
java -jar bfg.jar --delete-files "*.pem"

# Remove secrets
java -jar bfg.jar --replace-text passwords.txt

# Clean up
git reflog expire --expire=now --all
git gc --prune=now --aggressive

Fresh Start Migration

When history is too contaminated:

# Archive old repo
mv .git .git-old

# Initialize fresh
git init
git add .
git commit -m "chore: fresh start (history archived)"

# Push to new remote (or same with force)
git remote add origin <url>
git push -u origin main --force

Phase 4: Prevention

Stop issues from recurring.

Update .gitignore

Add missing patterns:

# Secrets
.env
.env.*
*.pem
*.key
credentials.json
secrets/

# Generated
node_modules/
vendor/
dist/
build/
__pycache__/
*.pyc

# IDE
.idea/
.vscode/settings.json
*.swp

# OS
.DS_Store
Thumbs.db

Pre-Commit Hooks

Install hooks to catch issues before commit:

# Using pre-commit framework
pip install pre-commit

# .pre-commit-config.yaml
cat > .pre-commit-config.yaml << 'EOF'
repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.18.0
    hooks:
      - id: gitleaks
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v4.5.0
    hooks:
      - id: check-added-large-files
        args: ['--maxkb=1000']
      - id: detect-private-key
EOF

pre-commit install

CI Integration

Add to CI pipeline:

# GitHub Actions example
- name: Gitleaks
  uses: gitleaks/gitleaks-action@v2
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Check file sizes
  run: |
    find . -type f -size +5M -not -path "./.git/*" && exit 1 || exit 0

Output: Hygiene Report Template

# Git Hygiene Report: [Repo Name]
**Date:** [Date]
**Auditor:** [Name]

## Summary
- **Overall Health:** [Good | Needs Attention | At Risk]
- **Repo Size:** [X MB/GB]
- **Branch Count:** [X local, Y remote]
- **Critical Issues:** [X]

## Findings

### Critical
| Issue | Location | Remediation |
|-------|----------|-------------|
| [Issue] | [Path/Ref] | [Action taken] |

### High
| Issue | Location | Remediation |
|-------|----------|-------------|

### Medium
| Issue | Location | Remediation |
|-------|----------|-------------|

### Low
| Issue | Location | Recommended Action |
|-------|----------|-------------------|

## Actions Taken
1. [Action]
2. [Action]

## Prevention Measures Added
- [ ] Updated .gitignore
- [ ] Installed pre-commit hooks
- [ ] Added CI checks

## Next Review
Scheduled: [Date]
Focus areas: [Areas to watch]

Quick Reference

Task	Command
Find tracked secrets	`git ls-files \| grep -E '\.env\|credentials'`
Find large files	`find . -type f -size +1M -not -path "./.git/*"`
List merged branches	`git branch --merged main`
Delete merged branches	`git branch --merged main \| grep -v main \| xargs git branch -d`
Remove file from history	`git filter-repo --path FILE --invert-paths`
Scan for secrets	`gitleaks detect --source .`
Check repo size	`du -sh .git`
Prune dangling objects	`git gc --prune=now`

Verification

After completing hygiene audit:

All 7 discovery checks executed
Findings triaged by severity
Critical issues addressed immediately
High-priority issues have remediation plan
Prevention measures implemented (pre-commit hooks, CI checks)
Hygiene report documented
Next review date scheduled

/pb-review-hygiene - Code quality and operational readiness review
/pb-security - Security audit (broader than git-specific)
/pb-repo-organize - Repository structure cleanup
/pb-repo-enhance - Repository polish suite
/pb-doctor - System health check

Last Updated: 2026-01-24 Version: 1.0.0

Port Management

Find processes using ports, kill stale listeners, and resolve port conflicts. A common developer pain point solved.

Platform: macOS/Linux Use Case: “What’s using port 3000?” / “Kill whatever’s blocking my server”

Mindset: Design Rules say “silence when nothing to say” - only report conflicts that need action.

Resource Hint: sonnet - Port scanning and process identification.

When to Use

Dev server fails to start with “port already in use” error
After a crash left orphan processes holding ports open
Before starting a multi-service stack to ensure ports are free

Quick Commands

Find What’s Using a Port

# Single port
lsof -i :3000

# Multiple ports
lsof -i :3000 -i :8080 -i :5432

# All listening ports
lsof -i -P | grep LISTEN

Kill Process on Port

# Find and kill (interactive)
lsof -ti :3000 | xargs kill -9

# Or two-step (safer)
lsof -i :3000  # Note the PID
kill -9 <PID>

Execution Flow

┌─────────────────────────────────────────────────────────────┐
│  1. SCAN         List all listening ports                   │
│         ↓                                                   │
│  2. IDENTIFY     Show process name, PID, user for each      │
│         ↓                                                   │
│  3. CATEGORIZE   Group by: dev servers, databases, system   │
│         ↓                                                   │
│  4. SELECT       User picks which to investigate/kill       │
│         ↓                                                   │
│  5. CONFIRM      Show full process details before kill      │
│         ↓                                                   │
│  6. EXECUTE      Kill selected processes                    │
└─────────────────────────────────────────────────────────────┘

Step 1: Scan All Listening Ports

# Comprehensive port scan with process details
lsof -i -P -n | grep LISTEN | awk '{print $1, $2, $9}' | sort -u

# Alternative using netstat (shows more detail)
netstat -anv | grep LISTEN

# macOS-specific: show all TCP listeners
sudo lsof -iTCP -sTCP:LISTEN -P -n

Output format:

COMMAND    PID    ADDRESS
node       12345  *:3000
postgres   67890  127.0.0.1:5432
redis      11111  *:6379

Step 2: Common Port Categories

Development Servers

Port	Typical Use
3000	React, Rails, Express default
3001	React secondary
4000	Phoenix, custom
5000	Flask default
5173	Vite default
8000	Django, Python HTTP
8080	Alternative HTTP, Java
8888	Jupyter

Databases

Port	Service
5432	PostgreSQL
3306	MySQL
27017	MongoDB
6379	Redis
9200	Elasticsearch

System Services

Port	Service
22	SSH
80	HTTP
443	HTTPS
53	DNS

Step 3: Investigate Specific Port

# Full details about port 3000
lsof -i :3000

# Show process tree (what spawned it)
ps -f $(lsof -ti :3000)

# Show process start time and command
ps -p $(lsof -ti :3000) -o pid,lstart,command

Step 4: Kill Strategies

Safe Kill (SIGTERM)

# Graceful shutdown - process can cleanup
kill $(lsof -ti :3000)

Force Kill (SIGKILL)

# Immediate termination - no cleanup
kill -9 $(lsof -ti :3000)

Kill All on Port Range

# Kill everything on ports 3000-3010
for port in {3000..3010}; do
  lsof -ti :$port | xargs kill -9 2>/dev/null
done

Common Scenarios

Scenario: “Port already in use”

# Find what's using it
lsof -i :3000

# If it's a zombie process from crashed dev server
kill -9 $(lsof -ti :3000)

# Verify it's free
lsof -i :3000  # Should return nothing

Scenario: Clean Slate for Development

# Kill common dev server ports
for port in 3000 3001 4000 5000 5173 8000 8080; do
  PID=$(lsof -ti :$port 2>/dev/null)
  if [ -n "$PID" ]; then
    echo "Killing process on port $port (PID: $PID)"
    kill -9 $PID
  fi
done

Scenario: Find Rogue Node Processes

# Find all node processes listening
lsof -i -P | grep node | grep LISTEN

# Kill all node listeners
pkill -f node

Scenario: Docker Port Conflicts

# List Docker port mappings
docker ps --format "table {{.Names}}\t{{.Ports}}"

# Stop container using port
docker stop $(docker ps -q --filter "publish=3000")

User Interaction Flow

When executing this playbook:

Scan - Show all listening ports with process names
Categorize - Group into dev servers, databases, system
Ask - “Which ports do you want to investigate or free up?”
Confirm - Show full process details before any kill
Execute - Kill with user’s chosen method (graceful vs force)

AskUserQuestion Structure

Action Selection:

Question: "What would you like to do?"
Options:
  - Scan all listening ports
  - Free specific port (I'll ask which)
  - Kill all dev server ports (3000, 5173, 8080, etc.)
  - Show me what's using the most ports

Troubleshooting

Issue	Solution
“Permission denied” on lsof	Use `sudo lsof -i :PORT`
Process respawns after kill	Check if it’s a managed service (launchd, systemd)
“No such process”	Process already exited, port should be free
Docker container won’t release port	`docker stop` then `docker rm` the container
Kill doesn’t work	Try `kill -9` (SIGKILL) instead of graceful

Aliases (Optional)

Add to your shell profile:

# What's using this port?
port() { lsof -i :$1; }

# Kill whatever's using this port
killport() { lsof -ti :$1 | xargs kill -9 2>/dev/null && echo "Killed" || echo "Nothing on port $1"; }

# List all listening ports
ports() { lsof -i -P | grep LISTEN; }

/pb-doctor - Diagnose system health issues
/pb-debug - General debugging methodology
/pb-storage - Free disk space when builds fail

Use when: port conflicts, stale dev servers, debugging network issues.

macOS Storage Cleanup

Tiered storage cleanup for developer machines. Reclaim disk space safely with user confirmation at each tier.

Platform: macOS only Risk Model: Safe → Moderate → Aggressive (each tier requires explicit confirmation)

Mindset: Design Rules say “measure before optimizing” - check what’s using space before cleaning.

Resource Hint: sonnet - Storage analysis and safe cleanup with careful file operations.

When to Use

Disk usage exceeds 80% (run /pb-doctor first to confirm)
Build tools failing due to insufficient disk space
Quarterly maintenance to prevent space issues from accumulating

Execution Flow

┌─────────────────────────────────────────────────────────────┐
│  1. SCAN         Detect installed toolchains, measure sizes │
│         ↓                                                   │
│  2. REPORT       Show current usage by category             │
│         ↓                                                   │
│  3. TIER SELECT  User chooses tier(s) to execute            │
│         ↓                                                   │
│  4. CONFIRM      Show items + sizes, require confirmation   │
│         ↓                                                   │
│  5. EXECUTE      Run cleanup with progress output           │
│         ↓                                                   │
│  6. VERIFY       Show before/after disk usage comparison    │
└─────────────────────────────────────────────────────────────┘

Step 1: Scan Current State

Run these commands to assess storage:

# Overall disk usage
df -h /

# Scan major cleanup targets (run all, report sizes)
du -sh ~/Library/Caches 2>/dev/null || echo "Library/Caches: N/A"
du -sh ~/.cache 2>/dev/null || echo ".cache: N/A"
du -sh ~/.npm 2>/dev/null || echo ".npm: N/A"
du -sh ~/.gradle/caches 2>/dev/null || echo ".gradle: N/A"
du -sh ~/.pub-cache 2>/dev/null || echo ".pub-cache: N/A"
du -sh ~/Library/Android/sdk/system-images 2>/dev/null || echo "Android images: N/A"
du -sh ~/.android/avd 2>/dev/null || echo "Android AVDs: N/A"

# Docker (if installed)
docker system df 2>/dev/null || echo "Docker: not running"

# Homebrew
brew cleanup --dry-run 2>/dev/null | tail -3 || echo "Homebrew: N/A"

Step 2: Tier Definitions

Tier 1: SAFE (Always reversible, no side effects)

Target	Path	Notes
Library Caches	`~/Library/Caches/*`	Apps regenerate on demand
User Cache	`~/.cache/*`	General cache directory
System Logs	`~/Library/Logs/*`	Old log files
Trash	`~/.Trash/*`	Already “deleted” items
Safari Cache	`~/Library/Safari/LocalStorage/*`	Browser regenerates

Commands:

# Preview sizes first
du -sh ~/Library/Caches ~/.cache ~/Library/Logs ~/.Trash 2>/dev/null

# Execute (after confirmation)
rm -rf ~/Library/Caches/* 2>/dev/null
rm -rf ~/.cache/* 2>/dev/null
rm -rf ~/Library/Logs/* 2>/dev/null
rm -rf ~/.Trash/* 2>/dev/null

Risk: None. All items regenerate automatically.

Tier 2: MODERATE (Rebuilds on next use)

Target	Path	Notes
npm cache	`~/.npm/_cacache`	`npm install` rebuilds
Gradle caches	`~/.gradle/caches/*`	Next build downloads
pip cache	`~/Library/Caches/pip`	`pip install` rebuilds
Homebrew cache	`brew cleanup`	Old versions removed
pub-cache	`~/.pub-cache/*`	Flutter/Dart packages
CocoaPods	`~/Library/Caches/CocoaPods`	`pod install` rebuilds
Cargo cache	`~/.cargo/registry/cache`	Rust crates

Commands:

# Preview sizes first
du -sh ~/.npm ~/.gradle/caches ~/Library/Caches/pip ~/.pub-cache 2>/dev/null

# Execute (after confirmation)
npm cache clean --force 2>/dev/null
rm -rf ~/.gradle/caches/* 2>/dev/null
rm -rf ~/Library/Caches/pip/* 2>/dev/null
brew cleanup 2>/dev/null
rm -rf ~/.pub-cache/* 2>/dev/null
rm -rf ~/Library/Caches/CocoaPods/* 2>/dev/null
rm -rf ~/.cargo/registry/cache/* 2>/dev/null

Risk: Low. Next build/install takes longer (re-downloads packages).

Tier 3: AGGRESSIVE (May require reinstall/reconfiguration)

Target	Path	Notes
Docker all	`docker system prune -a --volumes`	Removes ALL images, volumes
Android AVDs	`~/.android/avd/*.avd`	Must recreate emulators
Android system-images	`~/Library/Android/sdk/system-images/*`	Must re-download
iOS Simulators	`xcrun simctl delete unavailable`	Removes old simulators
Xcode DerivedData	`~/Library/Developer/Xcode/DerivedData/*`	Rebuilds on compile
Xcode Archives	`~/Library/Developer/Xcode/Archives/*`	Old app archives
Old Rust toolchains	`rustup toolchain uninstall`	Keeps default only
Node global modules	`/usr/local/lib/node_modules/*`	Must reinstall globals

Commands:

# Preview sizes first
docker system df 2>/dev/null
du -sh ~/.android/avd ~/Library/Android/sdk/system-images 2>/dev/null
du -sh ~/Library/Developer/Xcode/DerivedData ~/Library/Developer/Xcode/Archives 2>/dev/null

# Execute (after confirmation)
docker system prune -a --volumes -f 2>/dev/null
rm -rf ~/.android/avd/*.avd ~/.android/avd/*.ini 2>/dev/null
rm -rf ~/Library/Android/sdk/system-images/* 2>/dev/null
xcrun simctl delete unavailable 2>/dev/null
rm -rf ~/Library/Developer/Xcode/DerivedData/* 2>/dev/null
rm -rf ~/Library/Developer/Xcode/Archives/* 2>/dev/null
rustup toolchain list 2>/dev/null | grep -v default | xargs -I {} rustup toolchain uninstall {} 2>/dev/null

Risk: Medium. Requires re-downloading images, recreating emulators, or reinstalling tools.

Step 3: User Interaction Flow

When executing this playbook:

Run scan - Show current disk usage and detected toolchains
Present tiers - Use multi-select to let user choose which tier(s)
Within each tier - Show individual items with sizes
Confirm before execute - Require explicit “yes” before each tier runs
Report results - Show space reclaimed per tier

AskUserQuestion Structure

Tier Selection:

Question: "Which cleanup tiers should I run?"
Options:
  - Tier 1: SAFE (~X GB) - Caches, logs, trash
  - Tier 2: MODERATE (~X GB) - Package manager caches
  - Tier 3: AGGRESSIVE (~X GB) - Docker, SDKs, emulators
MultiSelect: true

Within-Tier Confirmation (for Tier 2 and 3):

Question: "Tier 2 will clean these items. Proceed?"
Options:
  - Yes, clean all selected
  - Let me pick specific items
  - Skip this tier

Step 4: Verification

After cleanup completes:

# Show new disk usage
df -h /

# Compare before/after
echo "Cleanup complete. Verify freed space above."

Quick Commands (Expert Mode)

For users who know what they want:

# Safe tier only (no confirmation needed)
rm -rf ~/Library/Caches/* ~/.cache/* ~/Library/Logs/* ~/.Trash/* 2>/dev/null

# Full moderate tier
npm cache clean --force && rm -rf ~/.gradle/caches/* ~/.pub-cache/* && brew cleanup

# Nuclear option (all tiers, no prompts)
# WARNING: Only run if you understand all consequences
rm -rf ~/Library/Caches/* ~/.cache/* ~/Library/Logs/* ~/.Trash/*
npm cache clean --force && rm -rf ~/.gradle/caches/* ~/.pub-cache/* && brew cleanup
docker system prune -a --volumes -f
rm -rf ~/.android/avd/*.avd ~/Library/Android/sdk/system-images/*
rm -rf ~/Library/Developer/Xcode/DerivedData/*

What This Does NOT Clean

Items requiring manual decision (not automated):

Item	Why Manual
`~/Downloads`	May contain wanted files
`~/Documents`	User data
`node_modules` in projects	Breaks projects until reinstall
`.env` files	Contains secrets
Git repositories	User code
Application data	App-specific, may lose settings

Scheduling (Optional)

For automatic maintenance, add to crontab:

# Run safe tier weekly (Sunday 3am)
0 3 * * 0 rm -rf ~/Library/Caches/* ~/.cache/* ~/Library/Logs/* 2>/dev/null

Troubleshooting

Issue	Solution
“Permission denied”	Some caches locked by running apps. Quit apps first.
Docker won’t prune	Start Docker Desktop first
Space not freed immediately	macOS may delay reporting. Run `sudo purge` to update
Xcode paths not found	Xcode not installed, skip those items

/pb-debug - Troubleshoot issues after aggressive cleanup
/pb-start - Resume development after cleanup

Run quarterly or when disk usage exceeds 80%.

Update All Tools

Update all package managers, development tools, and system software with appropriate safety tiers. Keep your dev environment current without breaking things.

Platform: macOS (primary), Linux (alternatives noted) Risk Model: Safe updates first, major version bumps require confirmation

Mindset: Design Rules say “distrust one true way” - update selectively, verify after each tool.

Resource Hint: sonnet - Detecting outdated packages and running update commands with correct version handling.

When to Use

Weekly routine to apply safe patch updates
Monthly full maintenance cycle (safe + moderate tiers)
After a security advisory requiring immediate tool updates
Setting up a recently bootstrapped dev machine

Execution Flow

┌─────────────────────────────────────────────────────────────┐
│  1. SCAN         Detect installed package managers/tools    │
│         ↓                                                   │
│  2. CHECK        List what's outdated in each               │
│         ↓                                                   │
│  3. TIER SELECT  User chooses: safe / all / selective       │
│         ↓                                                   │
│  4. EXECUTE      Run updates with progress output           │
│         ↓                                                   │
│  5. VERIFY       Confirm tools still work                   │
└─────────────────────────────────────────────────────────────┘

Quick Update (Safe Tier Only)

Run this for routine maintenance:

# Homebrew (most common)
brew update && brew upgrade

# npm global packages
npm update -g

# macOS software updates (safe ones only)
softwareupdate -l

Step 1: Detect Installed Tools

echo "=== Package Managers ==="
command -v brew && echo "Homebrew: $(brew --version | head -1)"
command -v npm && echo "npm: $(npm --version)"
command -v pip3 && echo "pip: $(pip3 --version)"
command -v cargo && echo "Cargo: $(cargo --version)"
command -v gem && echo "RubyGems: $(gem --version)"
command -v go && echo "Go: $(go version)"

echo -e "\n=== Version Managers ==="
command -v nvm && echo "nvm: installed"
command -v pyenv && echo "pyenv: installed"
command -v rbenv && echo "rbenv: installed"
command -v rustup && echo "rustup: installed"

Step 2: Check What’s Outdated

Homebrew

# Update formula list first
brew update

# Show outdated packages
brew outdated

# Show outdated casks (apps)
brew outdated --cask

npm (Global Packages)

# List outdated globals
npm outdated -g

# Or with details
npm outdated -g --depth=0

pip (Python)

# List outdated packages
pip3 list --outdated

# Or just count
pip3 list --outdated | wc -l

Rust (rustup + cargo)

# Check for Rust updates
rustup check

# Check cargo-installed binaries (if cargo-update installed)
cargo install-update -l 2>/dev/null || echo "Install cargo-update for this"

Go

# Go modules in current project
go list -m -u all 2>/dev/null | grep '\[' | head -10

macOS System

# List available system updates
softwareupdate -l

Tier Definitions

Tier 1: SAFE (Patch updates, no breaking changes)

Tool	Command	Notes
Homebrew	`brew upgrade`	All formulae
npm	`npm update -g`	Respects semver
pip	`pip3 install --upgrade pip`	pip itself only
Rust	`rustup update`	Stable toolchain

Commands:

# Safe tier - run all
brew update && brew upgrade
npm update -g
pip3 install --upgrade pip
rustup update stable 2>/dev/null

Risk: Minimal. Patch updates follow semver.

Tier 2: MODERATE (Minor version updates)

Tool	Command	Notes
Homebrew casks	`brew upgrade --cask`	App updates
npm major	`npm install -g <pkg>@latest`	Specific packages
pip packages	`pip3 install --upgrade <pkg>`	Specific packages
Node.js	`nvm install --lts`	New LTS version

Commands:

# Homebrew casks (GUI apps)
brew upgrade --cask

# Node LTS (if using nvm)
nvm install --lts
nvm alias default lts/*

Risk: Low-moderate. May require config changes.

Tier 3: MAJOR (Major version updates, potential breaking changes)

Tool	Command	Notes
macOS	`softwareupdate -ia`	Full system update
Xcode	App Store	May break builds
Python	`pyenv install X.Y`	New Python version
Docker	Cask upgrade	Container compat

Commands:

# macOS system updates
sudo softwareupdate -ia

# New Python version (pyenv)
pyenv install 3.12  # or latest
pyenv global 3.12

# Docker Desktop
brew upgrade --cask docker

Risk: Higher. Test builds after updating.

Package-Specific Guides

Homebrew

# Full update cycle
brew update          # Update formulae list
brew upgrade         # Upgrade all packages
brew cleanup         # Remove old versions
brew doctor          # Check for issues

npm

# Update all globals to latest
npm outdated -g
npm update -g

# Update specific package to latest major
npm install -g typescript@latest

# Check what's installed globally
npm list -g --depth=0

pip

# Upgrade pip itself
pip3 install --upgrade pip

# Upgrade all packages (use with caution)
pip3 list --outdated --format=json | \
  python3 -c "import json,sys;print('\n'.join([p['name'] for p in json.load(sys.stdin)]))" | \
  xargs -n1 pip3 install -U

# Better: use pip-review
pip3 install pip-review
pip-review --auto

Rust

# Update Rust toolchain
rustup update

# Update cargo-installed tools
cargo install-update -a  # Requires cargo-update

Ruby (rbenv)

# Update rbenv itself
brew upgrade rbenv ruby-build

# Install latest Ruby
rbenv install -l | grep -v - | tail -1  # Find latest
rbenv install X.Y.Z
rbenv global X.Y.Z

User Interaction Flow

When executing this playbook:

Detect - Show all installed package managers
Scan - List outdated packages per manager
Present tiers - Let user choose update scope
Execute - Run updates with progress
Verify - Run quick health checks

AskUserQuestion Structure

Tier Selection:

Question: "What update level should I run?"
Options:
  - Safe only (patch updates) - Low risk
  - Include minor versions - Some risk
  - Full update (including major) - Higher risk, review first
  - Let me pick specific tools
MultiSelect: false

Tool Selection (if selective):

Question: "Which tools should I update?"
Options:
  - Homebrew (X outdated)
  - npm globals (X outdated)
  - pip packages (X outdated)
  - System updates (X available)
MultiSelect: true

Post-Update Verification

echo "=== Verification ==="

# Check critical tools still work
git --version
node --version
npm --version
python3 --version

# Run a quick test
echo 'console.log("Node OK")' | node
python3 -c "print('Python OK')"

# Check for broken Homebrew links
brew doctor

Automated Update Script

Save as ~/bin/update-all.sh:

#!/bin/bash

set -e

echo "=== Homebrew ==="
brew update && brew upgrade && brew cleanup

echo -e "\n=== npm globals ==="
npm update -g

echo -e "\n=== pip ==="
pip3 install --upgrade pip

echo -e "\n=== Rust ==="
rustup update 2>/dev/null || true

echo -e "\n=== Verification ==="
brew doctor
node --version
python3 --version

echo -e "\n=== Done ==="

Troubleshooting

Issue	Solution
Homebrew permission errors	`sudo chown -R $(whoami) $(brew --prefix)/*`
npm EACCES errors	Fix npm permissions or use nvm
pip externally-managed	Use `pip3 install --break-system-packages` or venv
Xcode update breaks tools	`xcode-select --install`
Rust won’t update	`rustup self update` first
Node version mismatch	Check nvm: `nvm current` vs `node --version`

Update Schedule

Frequency	What to Update
Weekly	Homebrew (safe tier)
Monthly	All safe + moderate tiers
Quarterly	Major versions (with testing)
As needed	Security patches immediately

/pb-doctor - Check system health before/after updates
/pb-storage - Clean up after updates (old versions)
/pb-setup - Full environment setup
/pb-security - Check for security updates

Run weekly for safe updates, monthly for full maintenance. Always verify after major updates.

Developer Onboarding & Knowledge Transfer

Effective onboarding reduces time to productivity, builds confidence, and prevents knowledge loss.

Resource Hint: sonnet - structured planning and documentation, not deep architectural reasoning.

When to Use This Command

New team member joining - Setting up their onboarding plan
Creating onboarding docs - Building onboarding materials
Improving onboarding process - Reviewing and enhancing experience
Contractor/intern onboarding - Adapting for shorter engagements

Purpose

Good onboarding:

Accelerates productivity: New person contributes within days, not months
Improves retention: Strong onboarding = people stay longer
Transfers knowledge: Prevents loss when people leave
Sets culture: First impression shapes how people work
Reduces mistakes: Clear training prevents common errors

Bad onboarding:

“Here’s your laptop, good luck”
New person struggles for weeks
Knowledge exists only in one person’s head
People leave quickly (bad first impression)

Culture First: Onboarding should teach both frameworks on day one.

Teach /pb-preamble: new team members need to know-challenge assumptions, disagree when needed, prefer correctness. Teach /pb-design-rules: introduce the design principles (Clarity, Simplicity, Modularity, Robustness) that guide how this team builds systems. This is how you set culture from the start.

Onboarding Timeline

Before First Day

Hiring & Preparation (2-3 weeks before)

☐ Equipment ordered (laptop arrives before first day)
☐ Accounts created (email, GitHub, Slack, VPN, etc.)
☐ Welcome message written by manager
☐ Buddy assigned (person to answer questions)
☐ Documentation prepared (key docs linked, not overwhelming)
☐ First project identified (small, real, supported)

What to send before day 1:

Email from manager:
"Welcome! I'm excited to have you join.
Before you start, here's what to expect:

Day 1: Setup, meet the team, understand our workflow
Week 1: Learning the codebase and key systems
Week 2-4: First code contributions with support
Month 1-3: Ramping up to full productivity

Your buddy is [Name]. Slack them anytime.
Your first small project will be [project].
We'll have daily 15-min check-ins first week.
Questions? Ask-this is what we're here for.

See you Monday!"

Day 1: Setup & Welcome

Goal: Get working, feel welcomed, know who to ask

Morning (2 hours):
  - Equipment works (this matters!)
  - Development environment sets up (with buddy help)
  - Slack/email/VPN/GitHub access works
  - Welcome from team (Slack message with emoji reactions)

Afternoon (2 hours):
  - 1-on-1 with manager (get to know you, answer questions)
  - Async video tour of systems (record this for future hires)
  - Read company mission/culture docs
  - No meetings, just setup

Day 1 success: Person can build the code and start exploring

Equipment checklist:

☐ Laptop works, fast enough
☐ Monitor, keyboard, mouse (if office)
☐ Phone/access badge (if office)
☐ All software installed before arrival

Week 1: Learning Pace

Goal: Understand codebase, systems, and process

Daily schedule:

9:30am: 15 min check-in with manager
        "What did you learn? Questions? Blockers?"
        (Builds rapport, catches confusion early)

Morning: Self-paced learning
        - Read key architecture docs
        - Watch system demo video (recorded)
        - Explore codebase (with guide from senior engineer)

Afternoon: Pairing session (1-2 hours)
        - Senior engineer shows how to:
          * Run the tests
          * Deploy to staging
          * Debug a common issue
          * Review a PR

Evening: Self-directed exploration
        - Try to run tests alone
        - Read relevant code
        - Write down questions

What to learn by end of week 1:

☐ Codebase compiles/runs locally
☐ How to run tests
☐ How to deploy to staging
☐ Key system architecture (high level)
☐ Code review process
☐ How to get help (who to ask what)
☐ Company culture and values

Red flags if person is lost:

Can’t run code after 2 days (fix environment, not person)
Doesn’t know who to ask questions (assign a buddy immediately)
Setup still broken (devops needed)
Feels unwelcome (check in more often)

Week 2-3: First Contributions

Goal: Make first code changes with support

Process:

Monday: Small, bounded task assigned
        - "Fix this typo in error message" (30 min)
        - "Add a test for this function" (1-2 hours)
        - "Update documentation" (1 hour)
        (Real work, but contained)

Create PR, pair with senior for review
        - "Here's what I'd change and why"
        - "Let's discuss your approach"
        - Not just approving, educating

Merge together, person learns from process

Repeat 2-3 times, gradually increase difficulty

Task progression:

Week 2: Documentation, tests, small fixes (low risk)
Week 3: Real features with guidance (medium risk)
Week 4: Independent with code review (normal risk)

Example first task:

Task: Add input validation error message
Scope: 1 file, 10 lines added, well-tested
Learning: Code change process, testing, review
Risk: Very low (only affects error message)

What NOT to do:

[NO] Throw person at complex system
[NO] Make them read 10,000 lines of code first
[NO] Assign a huge feature with no support
[NO] Disappear and let them struggle alone

Month 1: Building Confidence

Goal: Feel competent, ask fewer questions, enjoy the work

Activities:

Week 2-4: Increasing task complexity
        Small tasks → Medium features → System understanding

1-on-1s: Weekly (1 hour)
        - How are you feeling?
        - What's going well? What's hard?
        - Career expectations (long term)
        - Feedback on code quality

Pairing: 1-2 sessions per week (decreasing)
        - Now pairing on their tasks
        - Eventually observing code reviews instead

Code review: Every PR reviewed, feedback given
        - Pointing out learning opportunities
        - Teaching not just approving/rejecting

Success criteria by end of month 1:

Quantitative milestones (can measure):

☐ First PR merged by day 5 (shows you can code)
☐ 5+ PRs merged by end of week 3 (demonstrates productivity)
☐ Can run tests/deploy independently (self-sufficient)
☐ Average PR takes <1 day to merge (not blocked)
☐ Code review feedback positive (quality meeting standard)

Qualitative milestones (team feedback):

☐ Asks targeted questions (not "how do I set up?")
☐ Code quality comparable to team
☐ Comfortable speaking in meetings
☐ Knows team members and can pair with them
☐ Takes initiative (suggests improvements)

Red flags (needs help):

[NO] No PR by week 2 (blocked or overwhelmed)
[NO] PRs have major quality issues (misunderstood standards)
[NO] Silent in meetings (not engaged or confused)
[NO] Many questions about basics (environment still broken)
[NO] Asking to be switched to different project (didn't fit)

Month 2-3: Full Ramp

Goal: Fully productive, independent, integrated

Activities:

1-on-1s: Biweekly (align with other team members)
        - Technical growth
        - Career development
        - Team fit

Tasks: Normal difficulty, assigned like any team member
        - Bugs, features, infrastructure work

Mentorship: If they show strength, pair them with junior
        - Teaches them system deeply
        - Builds leadership skills

End of month 3 assessment:

☐ Can work independently (doesn't need daily check-ins)
☐ Code quality meets team standard
☐ Contributing to design discussions
☐ Helping other team members
☐ Feels integrated (invited to social events)
☐ No questions about what to do (knows how to get work)

Knowledge Transfer Essentials

See /pb-knowledge-transfer for comprehensive KT session preparation, documentation templates, and knowledge capture strategies.

Key principle: Most knowledge in engineering is in people’s heads. Capture the critical items first:

System architecture (diagrams, how pieces connect)
How to set up, deploy, and rollback
Common troubleshooting (fixes, not explanations)

Video Documentation

For critical processes, record a video (~5-10 min):

Examples:

1. "Setting up local environment" (7 min video)
   - Clear screen
   - Explain each step
   - Show common errors and fixes
   - End result: Working dev environment

2. "How to deploy to staging" (5 min video)
   - How to check if deploy is working
   - What logs to look at
   - How to rollback if something breaks

3. "Code review process" (5 min video)
   - How we check PRs
   - What we look for
   - Common feedback

Tools: Loom (free, simple), Asciinema (terminal recordings), ScreenFlow (Mac)

Onboarding Checklist

Before Arrival

Equipment ordered and tested
Accounts created (email, GitHub, Slack, VPN)
Welcome message from manager
Buddy assigned and briefed
First project identified
Key documentation linked
Development environment setup guide created/updated

Day 1

Equipment works (laptop, monitor, mouse, etc.)
Software is installed
Development environment compiles
Slack/email/GitHub access works
Welcome from team (all-hands message)
1-on-1 with manager (30 min)
Async video tour of systems
No meetings beyond above
Person goes home excited (not overwhelmed)

Week 1

Daily 15-min check-ins (quick questions)
Architecture overview understood (high-level)
Code compiles and tests run locally
Pairing session with senior engineer (1-2 hours)
First small task assigned and completed
Questions are welcomed and answered
Person feels safe to ask “dumb” questions

Week 2-3

2-3 small code contributions merged
Code review process understood
How to test and deploy known
Team members’ names learned
Comfortable in team meetings
Buddy is readily available
Tasks are getting slightly harder

Month 1

5+ PRs merged (small to medium tasks)
Understands codebase organization
Can debug simple issues independently
Knows how to get help for hard problems
Code quality meets team standard
Feels like part of the team
Weekly 1-on-1s with manager established

Month 2-3

Fully productive on normal tasks
Doesn’t need daily check-ins
Contributing to design discussions
Starting to mentor others (if strong)
Comfortable asking questions without anxiety
Integrated into team social activities
Clear on career path and growth areas

Retention Factors

People who have good onboarding stay longer. Key factors:

Factor	Importance	How to Provide
Clear expectations	Critical	Manager explains goals, metrics, culture
Technical ramp support	Critical	Buddy, pairing, documentation
Belonging	Critical	Include in team, welcome openly
Competence	Critical	Achievable first tasks, support
Growth path	Important	Discuss long-term goals in first month
Fair compensation	Important	Set clear salary/equity upfront
Interesting work	Important	Assign meaningful first project

People who feel lost after month 1 often leave by month 6.

Remote Onboarding Specifics

Same as above, but emphasize:

1. Async documentation

Everything written, not just meetings
Videos for complex topics
Can be done on their schedule

2. Recorded sessions

Record all pairing sessions
Record architecture walkthroughs
They can watch at their pace

3. Extra communication

Check in slightly more (time zone isolation)
Video not just voice calls
Clear async communication norms

4. Social connection

Schedule virtual coffee chats
Include in team chat (don’t feel left out)
Virtual onboarding lunch with team

Knowledge Preservation

When someone leaves, their knowledge shouldn’t leave with them.

During Employment

Quarterly knowledge capture:

Each person documents:
  - Systems they own (architecture, how to debug)
  - Decisions they made (why, alternatives considered)
  - Critical processes they do
  - People and relationships they maintain

Code quality:

- Self-documenting code (good naming, structure)
- Comments for why, not what
- Code reviews that explain thinking

When Someone Leaves

Exit interview:

Manager: "What knowledge should others have that I don't have?"
Manager: "What systems do only you understand?"
Person: Document critical processes

2-week transition:
  - Document your work
  - Pair with your replacement
  - Write down gotchas and lessons learned
  - Introduce to your contacts

Knowledge handoff:

Before last day:
  - List of systems you owned
  - How each system works (document or record)
  - Key people to know for each system
  - Critical processes you did

Integration with Playbook

Part of SDLC cycle:

/pb-team - Team culture onboarding
/pb-guide - Engineering practices to learn
/pb-commit - Code review process training
/pb-standards - Code style to learn

/pb-team - Where onboarding fits in team
/pb-documentation - How to write for onboarding
/pb-cycle - Code review process they’ll follow
/pb-knowledge-transfer - KT session preparation

Created: 2026-01-11 | Category: People | Tier: M/L

Building High-Performance Engineering Teams

Create an environment where engineers thrive, collaborate effectively, and produce excellent work.

Resource Hint: sonnet - structured guidance and team assessment, not deep architectural reasoning.

When to Use

Building or restructuring an engineering team
Diagnosing team health issues (low morale, high turnover, communication gaps)
Preparing for team growth (scaling from small to medium or large)
Establishing or refining team rituals (standups, retros, 1-on-1s)

Purpose

Great software comes from great teams. Team culture determines:

Quality: Do people care enough to do good work?
Speed: Can people move fast without chaos?
Retention: Do people want to stay and grow?
Innovation: Do people feel safe to experiment?

A healthy engineering team has:

Psychological safety: Safe to speak up, ask questions, make mistakes
Clear ownership: Everyone knows what they’re responsible for
Trust: People believe in each other and leadership
Growth: People are learning and advancing
Recognition: Good work is acknowledged

Foundation: High-performance teams operate from both frameworks.

Psychological safety is enabled by /pb-preamble thinking: when teams challenge assumptions, disagreement becomes professional, and silence becomes a risk. Technical excellence is enabled by /pb-design-rules thinking: teams that understand and apply Clarity, Simplicity, Modularity, and Robustness build systems that scale and evolve. Together: safe collaboration + sound design = high performance.

Psychological Safety: Foundation of High Performance

Psychological safety is the #1 predictor of team performance. Teams with safety:

Share ideas freely (catch bugs and problems earlier)
Admit mistakes quickly (learn faster)
Ask for help (solve harder problems)
Challenge decisions respectfully (better outcomes)
Support each other (higher morale)

Building Psychological Safety

1. Leader Models Vulnerability

Bad:

Manager: "I have all the answers. Don't ask questions."

Good:

Manager: "I don't know the answer to that. Let's figure it out together."
Manager: "I made a mistake last sprint. Here's what I learned."
Manager: "I'm struggling with this design decision. What do you think?"

Why it works: When leaders show they’re fallible, others feel safe admitting limitations.

2. Response to Mistakes Defines Culture

Bad:

Engineer makes mistake in production.
Manager: "How could you let this happen? This is unacceptable."
Team reaction: Hide problems, blame others, reduce risk-taking

Good:

Engineer makes mistake in production.
Manager: "What happened? How can we prevent this?"
Team reaction: Transparency, quick fixes, systems thinking

3. Invite and Act on Input

Bad:

Manager: "Here's the plan for this quarter."
Team: [silent, compliance only]

Good:

Manager: "Here's the plan. What am I missing? What concerns do you have?"
Team: [shares concerns, asks questions, feels heard]

Specific tactics:

Ask “what could go wrong?” - Regularly ask for concerns, then listen without defensiveness
Thank people for bad news - Positively reinforce when someone reports a problem
Discuss failures - Post-incident reviews focus on systems, not blame
Invite dissent - “Does anyone disagree? I want to hear it.”
Make it safe to say “I don’t know” - Reward learning over appearing expert

Red Flags (Low Psychological Safety)

People stay quiet in meetings (thinking happens offline)
Mistakes are hidden until they blow up
People blame external factors (never take ownership)
New ideas are shut down quickly
People don’t help teammates (silo mentality)
High turnover of good performers

Ownership & Accountability

Clear ownership prevents finger-pointing and ensures quality.

DRI (Directly Responsible Individual) Model

Every project/decision/system has ONE DRI:

Project: "Rebuild payment processing"
DRI: Sarah (engineer)
Sarah is responsible for: Decisions, timeline, quality, communication

Team role: Support Sarah, not replace her
Manager role: Remove blockers, hold Sarah accountable

Benefits:

Fast decisions (don’t wait for consensus)
Clear accountability (know who to ask)
Ownership mentality (DRI cares about outcome)
Faster learning (responsibility drives focus)

Bad example:

Project: "Rebuild payment processing"
Ownership: "The whole team"
Result: Diffused responsibility, slow decisions, blame when it fails

Setting Ownership

1. Choose DRI (usually most knowledgeable person)
2. Make it explicit (tell the team who owns what)
3. Give authority (let them make decisions)
4. Clear scope (what are they NOT responsible for?)
5. Regular check-ins (manager helps remove blockers)

Accountability Without Blame

DRI is accountable, but blame doesn’t help:

Good:

Sarah: "The payment rebuild is behind schedule. External API slower than expected."
Manager: "What do you need from me to get back on track? More resources? Different priorities?"

Bad:

Manager: "Sarah, why is this behind? You're not meeting expectations."
Sarah: "It's the API vendor's fault."

Collaboration Models

Different team sizes need different collaboration structures.

Small Teams (3-5 people)

Structure:

Daily standup (15 min): “Yesterday/today/blockers”
Weekly sync (30 min): Planning, retrospective
No formal process: People know each other, trust works

Emphasis: Direct communication, minimal meetings

Monday 10am: Daily standup
Tuesday-Friday 9:30am: Daily standup
Wednesday 3pm: Weekly planning (30 min)
Friday 4pm: Retrospective (30 min)

What works: Messaging, pairing, quick decisions

Medium Teams (6-15 people)

Structure:

Daily standup (20 min): Async or quick sync
Weekly planning (1 hour): What are we doing?
Biweekly retro (1 hour): What did we learn?
1-on-1s (biweekly): Manager + each engineer

Emphasis: Structured communication, clear roles

Sprint Structure:
  Monday: Sprint planning (1 hour)
  Tuesday-Thursday: Daily async standup
  Friday: Demo + retro (1.5 hours)

Cadence:
  Manager 1-on-1s: Biweekly
  Team syncs: Weekly
  Cross-team syncs: As needed

What works: Clear project leads, written context, async-first

Large Teams (15+ people)

Structure:

Squads (5-8 people each with own DRI)
Squad standups: Daily (within squad)
Cross-squad syncs: Weekly (async updates + topics)
Manager 1-on-1s: Weekly (important for growth/feedback)

Emphasis: Async communication, clear documentation

Each squad:
  - Has a technical lead (DRI)
  - Owns specific area (APIs, frontend, etc.)
  - Does their own planning/retro

Cross-team:
  - Weekly async updates in Slack
  - Monthly all-hands (20-30 min)
  - Dependencies tracked in shared document

What works: Written specs, clear interfaces, async-first culture

Remote & Distributed Teams

Most teams are now distributed. Different dynamics apply.

Challenges of Remote Work

Challenge	Impact	Solution
Communication delays	Slow decisions	Async-first, clear docs
Isolation	Lower engagement	Regular video, social time
Context loss	More misunderstandings	Over-communicate
Time zones	Scheduling friction	Async standups, recorded meetings
Trust building	Harder to build rapport	Video 1-on-1s, team offsites

Best Practices for Remote Teams

1. Async-first communication

Bad (forces everyone online):

"Let's schedule a meeting to discuss the API design"
People in 3 time zones struggle

Good (async by default):

Design doc posted in Slack with: Problem, proposal, Q&A section
People review async, add comments
Decision made within 24 hours

2. Default to video for deep work

Bad:

Email back-and-forth about architecture decision
Slow, misunderstandings pile up

Good:

Video pairing for 30 min when needed
Or: Async video message (loom.com) instead of email

3. Intentional social time

Bad:

"Just work, no time for socializing"
Team feels disconnected

Good:

Monday: 15 min team standup (camera on)
Friday: 30 min social time (video game, coffee, chat)
Quarterly: In-person offsite

4. Protect focus time

Bad:

Slack pings all day
Meetings back-to-back
No time to focus

Good:

"Core hours" when people are expected to be responsive (10am-3pm)
"Focus blocks" where meetings are forbidden (9-10am, 4-5pm)
Slack status: "In deep work, will respond after 2pm"

5. Recorded standups for time zones

Bad:

Real-time standup at 9am SF time
9pm for India, 6am for Europe
People burn out or stop attending

Good:

Async standup: Post by 9am SF
Recording of standup for those who missed it
Live Q&A optional for those who want to join

Remote Onboarding

See /pb-onboarding for detailed remote onboarding checklists (first day, first week, first month).

Burnout Prevention & Recovery

Burnout is a silent killer. People don’t announce it-they just quit.

Burnout warning signs:

Early stage:
  - Cynicism ("our code is garbage anyway")
  - Reduced enthusiasm (was passionate, now whatever)
  - Skipping meetings (disengagement)

Mid stage:
  - Reduced performance (works hard but gets less done)
  - Quality drops (doesn't care about excellence)
  - Irritability (short fuse with team, curt responses)

Late stage:
  - Emotional exhaustion (nothing left to give)
  - Health issues (sleep problems, physical symptoms)
  - Disengagement (stops helping others, silent in meetings)
  - Planning to leave (updating resume, looking for jobs)

Prevention (easier than recovery):

Reasonable hours:
  - No sustained 50+ hour weeks
  - Explicit "work ends at 6pm" culture
  - Use vacation time (actually take days off)

Manage scope:
  - Don't overcommit (say "no" sometimes)
  - Clear priorities (not everything is urgent)
  - Realistic deadlines (padding for unknowns)

Recognition:
  - Acknowledge work (publicly and privately)
  - Show impact (how does their work help users?)
  - Career progress (path forward)

Support:
  - Talk to manager about load ("How are you really?")
  - Reduce on-call frequency if heavy
  - Rotate demanding projects

Recovery (when someone is burned out):

Immediate:
  - Reduce scope (fewer meetings, fewer projects)
  - Encourage time off (force it if needed, not optional)
  - Check in weekly (show you care)

Medium-term (1-2 months):
  - Role change (different project, different pace)
  - Mentoring reduction (focus on recovery, not teaching)
  - Workload assessment (is the job sustainable?)

Long-term:
  - Return gradually (don't jump back to 100%)
  - Support (coaching, therapy if needed)
  - Follow-up (monitor for recurrence)

What NOT to do:

[NO] Ignore it ("They'll get over it")
[NO] Push harder ("We need you on this project")
[NO] Minimize ("Everyone gets stressed")
[NO] Make it a performance issue ("Fix your output")

Recognition & Growth

Teams thrive when people feel valued and growing.

Recognition (What People Need to Hear)

Bad:

Manager: "Your PR was fine."
Engineer: (Feels invisible)

Good:

Manager: "Your API design is clean and efficient. I noticed you thought about
backward compatibility early-that's what prevents problems later. Great work."
Engineer: (Feels seen and valued)

Why it matters: Recognition is not vanity, it’s:

Confirmation that work matters
Specific feedback on what to do more of
Investment in retention (people stay when valued)

Best practices:

Be specific: Not “good job” but “your testing approach was thorough”
Public + private: Recognize in team meetings AND 1-on-1s
Recognition from peers: Create channel where team recognizes each other
Celebrate wins: Project launches, difficult problems solved, good decisions
Monthly highlights: What did the team accomplish that was great?

Career Development

People stay when they see a path forward.

Levels (Example structure):

IC1: Junior (learning fundamentals)
IC2: Mid-level (independent contributor)
IC3: Senior (multiplier, mentors others)
IC4: Staff (owns big systems, technical strategy)
IC5: Principal (sets technical direction)

Manager track:

Engineer → Tech Lead → Manager → Senior Manager → Director

What matters for growth:

Clear expectations: What does the next level look like?
Feedback: “Here’s where you’re strong, here’s where to grow”
Opportunities: Projects that stretch them
Mentorship: Someone who knows the path
Patience: Growth takes 1-2 years, not months

Growth conversation template:

Manager: "Where do you want to be in 2 years?"
Engineer: "I want to become a senior engineer"
Manager: "Great. Here's what senior means:
  - Makes decisions with incomplete info
  - Mentors 2-3 junior engineers
  - Owns a major system end-to-end
  - Communicates well with non-engineers

You're strong at technical skills and learning quickly.
Areas to develop: Decision-making under uncertainty, mentoring others.

This quarter, let's focus on mentoring [junior engineer].
I'll pair you with [senior engineer] to learn their decision-making."

Compensation

Fair compensation matters, but people also care about:

Equity (feel ownership)
Flexibility (remote, flexible hours)
Learning (conferences, courses)
Impact (work that matters)
Growth (clear path forward)

If compensation is low but growth is high, people stay. If compensation is high but no growth, people leave.

Conflict Resolution

High-performing teams have conflict (it means people care). How to handle it:

Healthy Conflict (Encouraged)

Engineer: "I disagree with this API design. Here's why it won't work."
Manager: "Good point. Let's redesign it."

Unhealthy Conflict (Discouraged)

Engineer A: "Engineer B is incompetent"
Manager: [Ignoring it]

Escalation Path

Level 1: Peer-to-peer

Engineer A: "I have a concern about your approach."
Engineer B: "Let's discuss it."
They resolve it or escalate.

Level 2: Involve manager

If peers can't resolve: Manager talks to both, helps find solution

Level 3: HR involvement

If it's harassment or discrimination: HR handles per policy

Red Flags

Conflict is ignored (builds resentment)
People take sides (factional teams)
Conflict is personal (attack character, not ideas)
No resolution process (conflict festers)

Team Health Metrics

Measure team health to catch problems early.

Quantitative Metrics

Retention: Are people staying? (target: >90% annually)
Hiring: How long to fill open roles? (target: <4 weeks)
Promotion rate: Are people advancing? (target: 1 promotion per 4-5 people/year)
Incident response: How fast do people respond? (shows engagement)
Code review time: How long until PRs reviewed? (shows collaboration)

Qualitative Signals

Engagement: Do people care? (Ask: “How satisfied are you?” quarterly)
Autonomy: Do people feel trusted? (Ask in 1-on-1s)
Growth: Do people feel they’re learning? (Ask in 1-on-1s)
Belonging: Do people feel part of the team? (Watch: Do they socialize?)
Clarity: Do people understand their role? (Ask: “What am I responsible for?”)

Team Pulse Survey

Quarterly survey (3 min to answer):

On scale 1-5:
1. I feel safe speaking up
2. I understand what I'm responsible for
3. I'm learning and growing
4. I feel valued by the team
5. I would recommend this company to a friend
6. I plan to be here in 1 year

Anything on your mind? (Open feedback)

Use results to identify problems and improve.

Integration with Playbook

Part of SDLC cycle:

/pb-cycle - How teams review code
/pb-guide - Team practices section
/pb-standup - Daily team communication
/pb-incident - How teams respond together
/pb-onboarding - How teams integrate new people

Related Commands:

/pb-onboarding - New team member experience
/pb-documentation - Communication via docs
/pb-commit - How team agrees on commits
/pb-standards - Team working principles

Team Health Checklist

Psychological Safety

Team members speak up in meetings (not all silent)
Mistakes are discussed openly (not hidden)
Questions are welcomed (not shot down)
Disagreement is respectful (not personal)
People admit what they don’t know

Ownership & Accountability

Each project has a clear DRI
Ownership is explicit (people know who’s responsible)
Authority matches responsibility (DRI can make decisions)
Accountability is fair (no blame, focus on systems)
Decisions are made quickly (people aren’t waiting)

Collaboration

People help each other (not siloed)
Communication is clear (minimal misunderstandings)
Meetings are effective (start/end on time, decisions made)
Standups are useful (not theater)
Cross-functional work is smooth

Growth & Recognition

People know what next level looks like
Good work is recognized (publicly and privately)
Career development is discussed (in 1-on-1s)
People are learning (projects stretch them)
Compensation feels fair

Remote Health (If distributed)

Communication is async-friendly (not forcing everyone online)
Documentation is clear (can work without constant meetings)
Social connection exists (team knows each other)
Time zones are respected (not forcing bad hours)
Focus time is protected (not constant interruptions)

/pb-preamble - Collaboration philosophy and psychological safety
/pb-onboarding - Developer onboarding and knowledge transfer
/pb-knowledge-transfer - KT session preparation and execution
/pb-sre-practices - Site reliability engineering practices for teams

Created: 2026-01-11 | Category: People | Tier: M/L

Knowledge Transfer (KT) Session Preparation

Structured guide for documenting and transferring project knowledge to new team members and stakeholders.

Mindset: The best knowledge transfer includes both frameworks.

Teach /pb-preamble first: new team members need to know how to challenge assumptions, prefer correctness, and think like peers. Then teach /pb-design-rules: help them understand the design principles (Clarity, Modularity, Robustness, Extensibility) that govern how systems are built in this team.

Resource Hint: sonnet - structured documentation and template application, not architectural judgment.

When to Use This Command

Planning a KT session - Structuring effective knowledge transfer
Team member leaving - Capturing their knowledge before departure
New hire starting - Preparing materials for their ramp-up
Service handoff - Transferring ownership between teams

Purpose

Knowledge transfer (KT) ensures:

New developers can contribute effectively within days, not weeks
Team handoffs are smooth and complete
Institutional knowledge doesn’t disappear when people leave
All stakeholders (dev, QA, product, management) have shared understanding
Critical “tribal knowledge” is documented

When to Conduct KT Sessions

New developer joining team - Full comprehensive KT
Major feature handoff - Focused KT on that feature
Team transition - New team taking over service ownership
On-call rotation training - Ops perspective KT
Before extended leave - Critical knowledge before person is unavailable

Core Sections: KT Package Contents

1. Project Overview

Provide:

1-2 paragraph summary of what the service does
Business value (why does this exist?)
Key users/customers who depend on it
Ownership (who’s responsible for what)
Links to repo, docs, Slack channel, runbooks

Template:

## Service: Payment Processing API

**Purpose**: Handles all payment transactions for our platform.
Customers depend on this to process credit card charges with 99.99% uptime.

**Ownership**:
- Dev lead: @alice (architecture decisions)
- On-call: @bob (incidents)
- Product owner: @charlie (feature requests)

**Links**:
- Repo: github.com/company/payment-service
- Docs: https://wiki.company.com/payment-service
- Runbooks: https://runbooks.company.com/payment
- Slack: #payment-team


---

### 2. Technical Architecture

**Provide:**
- High-level system diagram (ASCII or Mermaid)
- Key components (APIs, databases, workers, caches)
- External dependencies (3rd party services, other internal services)
- Technology stack (languages, frameworks, databases)
- Data model overview (key entities, relationships)

**Template:**
```markdown
## Architecture

┌─────────────────────────────────────────────────┐ │ API Gateway (Kong) │ └────────────────────┬────────────────────────────┘ │ ┌────────────┼────────────┐ │ │ │ ┌───▼──┐ ┌───▼──┐ ┌───▼──┐ │ Web │ │Mobile│ │ IOS │ └──────┘ └──────┘ └──────┘ │ │ │ └────────────┼────────────┘ │ ┌────────────▼────────────┐ │ Payment Service (Go) │ │ ├─ Order API │ │ ├─ Payment API │ │ └─ Refund API │ └────────────┬────────────┘ │ │ │ ┌───▼──┐ ┌───▼──┐ ┌──────▼──┐ │ Postgres │ Redis │ RabbitMQ │ │ (Orders) │ (Cache) │ (Events) │ └────────────────────────────────────────────┘


**Key Components**:
- **Payment Service**: Go HTTP API handling charge/refund
- **Order Service**: Python service managing order lifecycle
- **Webhook Consumer**: Node.js service processing payment updates from Stripe

**External Dependencies**:
- Stripe (payment processor)
- Auth0 (authentication)
- Datadog (monitoring)

3. Key Data Flows

Provide:

Critical request/response flows with sequence diagrams
Event flows (async, queues, webhooks)
Error handling and fallback paths

Template - Request Flow:

## User Payment Flow

1. User submits payment in web UI
2. Frontend calls `/api/orders/:id/pay`
3. Payment Service:
   - Validates order (amount, user, items)
   - Creates payment record (status: pending)
   - Calls Stripe API to charge card
   - Updates payment record (status: completed/failed)
4. Publishes "payment.completed" event
5. Order Service listens, marks order as "paid"
6. Frontend receives success, redirects to order confirmation

Sequence Diagram:

Client → Payment API: POST /pay (card) Payment API → Stripe: Charge card ($99.99) Stripe → Payment API: Charge ID + status Payment API → Database: INSERT payment record Payment API → Message Queue: Publish payment.completed Order Service ← Message Queue: Listen for event Order Service → Database: UPDATE order status Payment API → Client: 200 OK + order link


**Event Flow:**

payment.completed event contains:

payment_id: “pay_123”
order_id: “ord_456”
amount: 99.99
timestamp: 2026-01-11T10:30:00Z

Consumers:

Order Service: Update order status to “paid”
Notification Service: Send email receipt
Analytics Service: Log transaction for metrics


**Error Flow:**

If card charge fails: → Payment record marked as “failed” → “payment.failed” event published → Order Service rolls back any inventory changes → Client sees error: “Payment declined - try different card” → Alert to fraud team if 3+ failures in 5 minutes

4. Dependencies & Integration Points

Provide:

All upstream services (who calls us?)
All downstream services (who do we call?)
Third-party integrations
Retry logic and timeouts
Circuit breaker settings

Template:

## Service Dependencies

**Upstream** (Services calling us):
- Web Frontend → POST /api/orders/:id/pay
- Mobile App → POST /api/orders/:id/pay
- Admin Dashboard → GET /api/payments?customer_id=X

**Downstream** (Services we call):
- Stripe: Charge card (timeout: 5s, retries: 3 with exponential backoff)
- Order Service: Fetch order details (timeout: 1s, cached 5 min)
- User Service: Get customer profile (timeout: 500ms, fallback to cache)

**3rd Party Integrations**:
- Stripe API: Charges, refunds, webhooks
- SendGrid: Email receipts (async, best-effort)
- Slack: Alert failed transactions (async, non-blocking)

**Resilience Settings**:
- Circuit breaker (Open after 5 failures in 30s)
- Timeout: 5s for external calls
- Retry: Exponential backoff, max 3 attempts
- Cache: Order data cached 5 min, user data cached 15 min
- Fallback: Use stale cache if service down

5. Development Setup

Provide:

Step-by-step local environment setup
Required dependencies (Go 1.19+, PostgreSQL 14+, Redis 7+)
Environment variables (with example .env.example)
How to run locally
How to run tests

Template:

## Getting Started Locally

### Prerequisites
- Go 1.19+ (install from golang.org)
- PostgreSQL 14+ (brew install postgresql)
- Redis 7+ (brew install redis)
- Docker (optional, for containerized setup)

### Setup Steps

1. Clone the repository
```bash
git clone github.com/company/payment-service
cd payment-service

Create .env file from template

cp .env.example .env
# Edit .env with local values

Create .env.example (checked into git, template only)

DATABASE_URL=postgres://user:password@localhost:5432/payment_dev
REDIS_URL=redis://localhost:6379
STRIPE_API_KEY=sk_test_...  # TEST key only, get from 1password
PORT=8080
LOG_LEVEL=debug

Initialize database

make db-setup  # Creates tables, loads seed data

Run locally

make run  # Starts server on :8080
# Test: curl http://localhost:8080/health

Run tests

make test        # All tests
make test-unit   # Unit tests only
make test-int    # Integration tests (needs DB)

Common Tasks

make fmt         # Format code
make lint        # Run linter
make db-reset    # Clear database (dev only!)
make seed        # Load test data

Debugging

Server logs: See stdout (colored, JSON structured)
Database queries: Set LOG_LEVEL=debug to see queries
Stripe calls: Check https://dashboard.stripe.com/test/logs


---

### 6. Testing Strategy

**Provide:**
- What unit tests exist & why
- What integration tests exist & why
- How to run full test suite
- Test data setup (fixtures, seeds)
- CI/CD pipeline flow

**Template:**
```markdown
## Testing

### Unit Tests

tests/ ├── payment_test.go # Payment domain logic ├── stripe_client_test.go # Stripe API mocking └── order_validator_test.go


**Purpose**: Test business logic in isolation
**Coverage Target**: 80% (critical paths 100%)
**Run**: `make test-unit` (30 seconds)

### Integration Tests

tests/integration/ ├── payment_end_to_end_test.go # Full request flow └── stripe_webhook_test.go # Webhook handling


**Purpose**: Test component interactions (API, DB, external services)
**Setup**: Uses real PostgreSQL + Redis (containerized)
**Run**: `make test-int` (2 minutes, requires DB)

### Test Data
- Fixtures in `tests/fixtures/` (JSON files for database state)
- Seeds in `db/seeds.sql` (load test data during setup)
- Stripe test keys in `tests/stripe_mock.go` (mocked responses)

### CI/CD Pipeline

GitHub Push ├─ Lint & Format Check (2 min) ├─ Unit Tests (1 min) ├─ Build Docker Image (3 min) ├─ Integration Tests (3 min) ← Requires DB ├─ Security Scan (1 min) └─ Deploy to Staging (if main branch)

Total: ~10 minutes

7. Pain Points & Gotchas

Provide:

Known bugs or limitations
Non-obvious behaviors (tribal knowledge)
Performance bottlenecks
Areas with technical debt
Common mistakes to avoid

Template:

## Known Issues & Gotchas

### Performance
- **N+1 Query Problem**: Fetching orders without batching. Always use JOIN or batch queries.
  - Bad: `for order_id in order_ids: order = db.fetch(order_id)`
  - Good: `orders = db.fetch_batch(order_id_list)`

- **Redis Cache Invalidation**: Stale cache after refund can cause double-charging if not careful.
  - Solution: Always clear cache when refund is processed

### Bugs & Limitations
- Refunds can only be done within 90 days of charge (Stripe limitation)
- Large payouts (>$100k) are delayed 7 days in test mode
- ⚠️ Webhook retries sometimes arrive out-of-order

### Non-Obvious Behaviors
- **Idempotency**: All POST requests should be idempotent (check Idempotency-Key header)
- **Stripe Webhooks**: Can arrive multiple times, always check if payment already processed
- **Time Zones**: Store all times in UTC, only convert for display

### Technical Debt
- Legacy card tokenization code (replace with Stripe elements in next release)
- TODO: Migrate from synchronous to event-based order fulfillment
- TODO: Add monitoring for refund failures

### Mistakes I Made (so you don't)
- "I didn't validate amount on both sides, led to overcharging" → Always validate server-side
- "I cached payment status without TTL, old data caused confusion" → Always set cache TTL
- "I didn't handle network timeouts, orders got stuck in 'pending'" → Always set timeouts

8. Monitoring & Observability

Provide:

Key dashboards (links + what to look for)
Alert rules (what triggers alerts, what on-call does)
Log locations and important messages
How to debug in production (safely)
Incident response runbooks

Template:

## Monitoring

### Dashboards
- **Payment Success Rate**: https://datadog.company.com/payment-success-rate
  - What to look for: > 99% success. Below 95% = page on-call
  - How to investigate: Check payment-service error logs, Stripe status

- **Payment Latency (p99)**: https://datadog.company.com/payment-latency
  - What to look for: < 500ms. Above 1s = page on-call
  - How to investigate: Database slow queries? Stripe slow? Network latency?

- **Refund Processing**: https://datadog.company.com/refund-processing
  - What to look for: All refunds processed within 1 hour
  - How to investigate: Check async job queue, message broker

### Alert Rules

Alert	Trigger	Action
Payment failures spike	>1% error rate for 5 min	Page on-call
Database connection pool exhausted	All connections in use	Page on-call (critical)
Stripe API timeout	Response time > 10s	Warn in Slack (not critical)
Refund job failures	> 10 failed refunds in 1 hour	Page on-call


### Log Locations
- Application logs: `kubectl logs -f deployment/payment-service-prod`
- Database logs: AWS RDS CloudWatch
- Stripe logs: https://dashboard.stripe.com/test/logs

### Important Log Messages

[ERROR] “Stripe charge failed” payment_id=X error_code=card_declined → Customer’s card was declined, not our problem

[ERROR] “Stripe charge failed” payment_id=X error_code=rate_limit_exceeded → We’re hitting Stripe rate limits, implement backoff

[ERROR] “Database connection timeout” pool_exhausted=true active_connections=100 → Connection leak, restart service and investigate


### Production Debugging (Safe)
```bash
# 1. Never modify production data manually
# 2. Safe queries: read-only
# 3. Check logs first: `kubectl logs -f deployment/...`
# 4. Check metrics: Dashboard for latency, error rate
# 5. If truly stuck, follow incident runbook

# Safe debugging commands:
$ kubectl exec -it pod-name -- bash
$ psql $DATABASE_URL -c "SELECT * FROM payments WHERE id = 'pay_123';"
$ redis-cli -h redis-host GET payment:pay_123

Incident Response

If payment success rate drops: See /runbook-payment-failures.md
If service is down: See /runbook-service-down.md
If database is slow: See /runbook-database-slow.md


---

### 9. Deployment & Operations

**Provide:**
- How code gets deployed
- Rollback procedures
- Database migrations
- Configuration management
- Post-deployment verification

**Template:**
```markdown
## Deployment

### How to Deploy
```bash
# 1. Create PR with your changes
# 2. Get approval from tech lead
# 3. Merge to main (triggers CI/CD)
# 4. CI runs tests (10 min)
# 5. Staging deployment (automatic)
# 6. Manual promotion to production via:

make deploy-prod  # Runs on your machine
# OR via UI: go to https://deploy.company.com/payment-service

# Deployment: rolling update (no downtime)
# - 1 pod at a time
# - Health checks verify each pod
# - Can abort if checks fail

Rollback

# If something breaks:
make rollback-prod   # Rolls back to previous version
# Takes ~2 minutes, no downtime

Database Migrations

# Before deploying code that changes schema:
1. Create migration: `make migration create_payment_index`
2. Write SQL in migrations/001_create_payment_index.sql
3. Test migration: `make migration test`
4. Deploy migration first: `make deploy-db-migrations`
5. Then deploy code that uses new schema

Configuration

Environment variables in Kubernetes secrets
Feature flags in Unleash (release features gradually)
For hotfixes: Can update environment variables without redeploying

Post-Deployment Verification

# After deployment:
1. Check dashboard (success rate, latency)
2. Check alerts (no new errors)
3. Run smoke tests: make smoke-test-prod
4. Monitor for 1 hour before declaring success

10. Product Context

Provide:

What user-facing features use this service
Product roadmap (what’s planned)
Pending decisions or open questions
Product metrics (what the business cares about)
How this service fits into larger product

Template:

## Product Context

### User Features
- Users make purchases and pay with credit card (uses Payment Service)
- Admins can refund orders (uses Payment Service)
- Users see order confirmation with receipt (uses Payment Service data)

### Roadmap
- Q2: Add Apple Pay / Google Pay support
- Q3: Split payments (pay part now, part later)
- Q4: Buy now, pay later (BNPL) integration

### Open Questions
- Should we support cryptocurrency payments? (Customer request, not decided yet)
- How long to keep payment records? (Currently 7 years, compliance TBD)

### Product Metrics
- Conversion rate (users who pay / users who start checkout)
- Average order value (AOV)
- Payment success rate (our KPI: > 99%)
- Refund rate (% of orders refunded)

### System Fit

Payment Service is the core of our monetization: User Flow: Browse Catalog → Add to Cart → Checkout → Payment Service → Order Complete Revenue Flow: Customer Pays → Payment Service → Company Account (minus Stripe fees)

11. Demo & Hands-On

Provide:

Key API calls to demo (with curl examples)
Example requests/responses
Workflow walkthroughs
UI flows (if applicable)
“Try it yourself” exercises

Template:

## Demo & Hands-On

### Key API Calls

**1. Charge a customer**
```bash
curl -X POST http://localhost:8080/api/payments/charge \
  -H "Content-Type: application/json" \
  -d '{
    "order_id": "ord_123",
    "amount": 99.99,
    "currency": "USD",
    "card_token": "tok_visa_4242"
  }'

Response: {"payment_id": "pay_456", "status": "completed"}

2. Refund a payment

curl -X POST http://localhost:8080/api/payments/pay_456/refund \
  -H "Content-Type: application/json" \
  -d '{"reason": "customer_request"}'

Response: {"refund_id": "ref_789", "status": "pending"}

3. Check payment status

curl http://localhost:8080/api/payments/pay_456

Response: {
  "payment_id": "pay_456",
  "order_id": "ord_123",
  "amount": 99.99,
  "status": "completed",
  "created_at": "2026-01-11T10:00:00Z"
}

Workflow Demo

Start server: make run
Create order: curl -X POST http://localhost:8080/api/orders
List orders: curl http://localhost:8080/api/orders
Charge payment: Use curl command above with test card
Check dashboard: https://dashboard.stripe.com/test/payments

Exercises for New Dev

Run local tests (should pass)
Create test payment (use test card: 4242 4242 4242 4242)
Refund a test payment
Modify code, run tests, commit
Deploy to staging, verify works


---

### 12. FAQs

**Provide:**
- Common questions new developers ask
- Quick answers with links to details
- Troubleshooting tips

**Template:**
```markdown
## FAQs

**Q: How do I test a payment locally?**
A: Use Stripe test keys and test card 4242 4242 4242 4242. See [Local Setup](#local-setup)

**Q: Why is my test payment declining?**
A: Check Stripe dashboard for errors. Common: wrong amount format, expired test key.

**Q: How do I debug a stuck payment?**
A: Check logs: `kubectl logs -f deployment/payment-service-prod | grep payment_id`

**Q: Can I deploy on a Friday?**
A: Yes, but stay online for 1 hour post-deploy to monitor. Incident runbook ready at `/runbook-payment-failures.md`

**Q: Who do I page if something breaks?**
A: Check who's on-call: `make check-oncall`. Page them via PagerDuty.

**Q: Where do I find the database password?**
A: Never hardcoded. Kubernetes secret: `kubectl get secret payment-db-creds`

**Q: How do I add a new payment method (Apple Pay)?**
A: See [feature development guide](#feature-development). Stripe has good docs for new methods.

KT Session Format

For In-Person Sessions (90 min)

1. Kickoff & goals (5 min)
   "By the end, you'll understand: architecture, deployment, how to debug"

2. Live demo (20 min)
   - Walk through code, show it running locally
   - Make a test payment, show logs
   - Show how to deploy

3. Interactive Q&A (15 min)
   - What questions do you have?
   - What concerns you?

4. Hands-on (40 min)
   - New dev runs local setup themselves
   - Makes a test payment
   - Deploys to staging
   - You watch and help

5. Wrap-up (10 min)
   - Key takeaways
   - Next steps: First PR, oncall training
   - Resources & who to ask

For Remote/Async Sessions

1. Prepare documentation (this guide)
2. Record video walkthrough (30 min)
3. Schedule Q&A call (1 hour)
4. New dev does hands-on locally, asks questions in Slack
5. Follow-up: First day pair programming on simple bug fix

/pb-onboarding - Full team onboarding (includes KT)
/pb-guide - SDLC guide (referenced in KT)
/pb-security - Security considerations during KT
/pb-adr - Architecture decisions (why choices were made)
/pb-incident - Incident runbooks (part of KT package)

KT Checklist

Before the KT session, ensure:

Documentation is up-to-date (check dates)
Local setup works (try it yourself)
All links work (docs, dashboards, repos)
Test data is loaded in dev environment
Recording equipment works (if recording)
Quiet, distraction-free environment
1:1 session (not group, for personalized learning)

After the KT session:

New dev successfully runs locally
New dev made test payment
New dev deployed to staging
Assigned first task (small bug fix, not big feature)
Scheduled follow-up (1 week) to check progress

Created: 2026-01-11 | Category: Onboarding | Tier: M

Command Index

Quick reference for all playbook commands.

For detailed integration guide showing how commands work together, see /docs/integration-guide.md

🚀 Read First: The Preamble

→ /pb-preamble - Foundational mindset for all collaboration. Read this before any other command. It establishes the assumptions all playbook commands build on.

Development Workflow

Command	When to Use
`/pb-start`	Starting work on a feature branch
`/pb-todo-implement`	Structured implementation of individual todos with checkpoint-based review
`/pb-cycle`	Each iteration (develop → review → commit)
`/pb-commit`	Crafting atomic, meaningful commits
`/pb-resume`	Resuming after a break
`/pb-pause`	Pausing work, preserving context for later
`/pb-ship`	Ready to ship: full reviews → PR → merge → release
`/pb-pr`	Creating a pull request (standalone)
`/pb-testing`	Testing philosophy (unit, integration, E2E strategies)
`/pb-jordan-testing`	Testing & reliability review (gap detection, edge case coverage, failure mode analysis)
`/pb-handoff`	Structured work handoff between contexts (agents, sessions, teammates)
`/pb-standup`	Daily async status updates for distributed teams
`/pb-knowledge-transfer`	Preparing KT session for new developer or team handoff
`/pb-what-next`	Context-aware command recommendations based on git state
`/pb-debug`	Systematic debugging methodology (reproduce, isolate, hypothesize, test, fix)
`/pb-learn`	Capture reusable patterns from sessions (errors, debugging, workarounds)
`/pb-design-language`	Create and evolve project-specific design specification (tokens, vocabulary, constraints)

Patterns & Architecture

Command	When to Use
`/pb-patterns`	Overview & quick reference for all patterns
`/pb-patterns-core`	Core architectural & structural patterns (SOA, Event-Driven, Repository, DTO, Strangler Fig)
`/pb-patterns-resilience`	Resilience patterns (Retry, Circuit Breaker, Rate Limiting, Cache-Aside, Bulkhead)
`/pb-patterns-async`	Async/concurrent patterns (callbacks, promises, async/await, reactive, workers, job queues)
`/pb-patterns-db`	Database patterns (pooling, optimization, replication, sharding)
`/pb-patterns-distributed`	Distributed patterns (saga, CQRS, eventual consistency, 2PC)
`/pb-patterns-security`	Security patterns for microservices (OAuth, JWT, mTLS, RBAC, ABAC, encryption, audit trails)
`/pb-patterns-cloud`	Cloud deployment patterns (AWS EC2/RDS, ECS, Lambda; GCP Cloud Run, GKE; Azure App Service, Functions)
`/pb-patterns-frontend`	Frontend architecture patterns (mobile-first, theme-aware, component patterns, state management)
`/pb-patterns-api`	API design patterns (REST, GraphQL, gRPC, versioning, error handling, pagination)
`/pb-patterns-deployment`	Deployment strategies (blue-green, canary, rolling, feature flags, rollback)

Planning

Command	When to Use
`/pb-plan`	Planning a new feature/release
`/pb-adr`	Documenting architectural decisions
`/pb-maya-product`	Product & user strategy review (features as expenses, scope discipline)
`/pb-kai-reach`	Distribution & reach review (findability, clarity of ask, format fit, shareability)
`/pb-deprecation`	Planning deprecations, breaking changes, migration paths
`/pb-observability`	Planning monitoring, observability, and alerting strategy
`/pb-performance`	Performance optimization and profiling strategy

Release & Operations

Command	When to Use
`/pb-release`	Release orchestrator: readiness gate, version/tag, trigger deployment
`/pb-deployment`	Execute deployment: discovery, pre-flight, execute, verify, rollback
`/pb-alex-infra`	Infrastructure & resilience review (systems thinking, failure modes, recovery)
`/pb-incident`	P0/P1 production incidents
`/pb-maintenance`	Production maintenance patterns - database, backups, health monitoring
`/pb-sre-practices`	Toil reduction, error budgets, on-call health, blameless culture
`/pb-dr`	Disaster recovery planning, RTO/RPO, backup strategies, game days
`/pb-server-hygiene`	Periodic server health and hygiene review (drift, bloat, cleanup)
`/pb-database-ops`	Database migrations, backups, performance, connection pooling

Security & Hardening

Command	When to Use
`/pb-security`	Application security review
`/pb-hardening`	Server, container, and network security hardening
`/pb-secrets`	Secrets management (SOPS, Vault, rotation, incident response)

Repository Management

Command	When to Use
`/pb-repo-init`	Initialize new greenfield project
`/pb-repo-organize`	Clean up project root structure
`/pb-repo-about`	Generate GitHub About section + tags
`/pb-repo-readme`	Write or rewrite project README
`/pb-repo-blog`	Create technical blog post
`/pb-repo-docsite`	Transform docs into professional static site
`/pb-repo-enhance`	Full repository polish (combines above)
`/pb-repo-polish`	Audit AI discoverability (scorecard + action items)
`/pb-zero-stack`	Scaffold $0/month app (static + edge proxy + CI)

Reviews

Command	When to Use	Frequency
`/pb-review`	Orchestrate multi-perspective review	Monthly or pre-release
`/pb-review-code`	Dedicated code review for reviewers (peer review checklist)	Every PR review
`/pb-linus-agent`	Direct, unfiltered technical feedback grounded in pragmatism	Security-critical code, architecture decisions
`/pb-review-backend`	Backend review (Alex infrastructure + Jordan testing)	Backend PRs
`/pb-review-frontend`	Frontend review (Maya product + Sam documentation)	Frontend PRs
`/pb-review-infrastructure`	Infrastructure review (Alex resilience + Linus security)	Infrastructure PRs
`/pb-review-hygiene`	Code quality + operational readiness	Before new dev cycle, monthly
`/pb-review-tests`	Test suite quality	Monthly
`/pb-review-docs`	Documentation accuracy	Quarterly
`/pb-review-product`	Technical + product review	Monthly
`/pb-review-microservice`	Microservice architecture design review	Before microservice deployment
`/pb-logging`	Logging strategy & standards audit	During code review, pre-release
`/pb-a11y`	Accessibility deep-dive (semantic HTML, keyboard, ARIA, screen readers)	During frontend development, every PR
`/pb-review-playbook`	Review playbook commands for quality, consistency, and completeness	Every PR, monthly
`/pb-review-context`	Audit CLAUDE.md files against conversation history (violated rules, missing patterns, stale content)	Quarterly, before `/pb-evolve`
`/pb-voice`	Detect and remove AI tells from prose (two-stage: detect → rewrite)	After AI-assisted drafting, before publishing

Thinking Partner

Self-sufficient thinking partner methodology for expert-quality collaboration.

Command	When to Use
`/pb-think`	Complete thinking toolkit with modes: ideate, synthesize, refine
`/pb-think mode=ideate`	Divergent exploration - generate options and possibilities
`/pb-think mode=synthesize`	Integration - combine multiple inputs into coherent insight
`/pb-think mode=refine`	Convergent refinement - polish to expert-quality

Thinking Partner Stack:

/pb-think mode=ideate     → Explore options (divergent)
/pb-think mode=synthesize → Combine insights (integration)
/pb-preamble              → Challenge assumptions (adversarial)
/pb-plan                  → Structure approach (convergent)
/pb-adr                   → Document decision (convergent)
/pb-think mode=refine     → Refine output (refinement)

Reference Documents

Command	Purpose
`/pb-guide`	Full SDLC guide with tiers, gates, checklists
`/pb-guide-go`	Go-specific SDLC guide with concurrency patterns and tooling
`/pb-guide-python`	Python-specific SDLC guide with async/await and testing
`/pb-templates`	Templates for commits, phases, reviews
`/pb-standards`	Coding standards, quality principles
`/pb-documentation`	Writing technical docs at 5 levels
`/pb-sam-documentation`	Documentation & clarity review (reader-centric, assumption surfacing, structural clarity)
`/pb-design-rules`	17 classical design principles (Clarity, Simplicity, Resilience, Extensibility)
`/pb-preamble-async`	Async/distributed team collaboration patterns
`/pb-preamble-power`	Power dynamics and psychological safety
`/pb-preamble-decisions`	Decision-making and constructive dissent
`/pb-new-playbook`	Meta-playbook for creating new playbook commands (classification, scaffold, validation)

Team & People

Command	When to Use
`/pb-onboarding`	Structured team member onboarding
`/pb-team`	Team dynamics, feedback, and retrospectives
`/pb-knowledge-transfer`	Team knowledge sharing and KT sessions

System Utilities

Developer machine health and maintenance.

Command	When to Use
`/pb-doctor`	System health check (disk, memory, CPU, processes)
`/pb-storage`	Tiered disk cleanup (caches, packages, Docker)
`/pb-update`	Update all package managers and tools
`/pb-ports`	Find/kill processes on ports
`/pb-setup`	Bootstrap new dev machine
`/pb-gha`	Investigate GitHub Actions failures (flakiness, breaking commits, root cause)
`/pb-git-hygiene`	Periodic git repo audit (tracked files, stale branches, large objects, secrets)

Context & Templates

Command	When to Use
`/pb-context`	Project onboarding context template
`/pb-claude-global`	Generate global ~/.claude/CLAUDE.md from playbooks
`/pb-claude-project`	Generate project .claude/CLAUDE.md by analyzing codebase
`/pb-claude-orchestration`	Model selection, task delegation, and resource efficiency guide
`/pb-context-review`	Audit and maintain all context layers - quarterly or after releases

Example Projects

Real-world implementations of the playbook in action:

Project	Stack	Purpose	Location
Go Backend API	Go 1.22 + PostgreSQL	REST API with graceful shutdown, connection pooling	`examples/go-backend-api/`
Python Pipeline	Python 3.11 + SQLAlchemy	Async data pipeline with event aggregation	`examples/python-data-pipeline/`
Node.js REST API	Node.js 20 + TypeScript + Express	Type-safe REST API with request tracing	`examples/node-api/`

See docs/playbook-in-action.md for detailed walkthrough showing:

How to use /pb-start, /pb-cycle, and /pb-pr with real examples
Complete development workflows for each stack
Testing, code quality, and deployment patterns
Common scenarios with step-by-step commands

Typical Workflows

Feature Development (with Checkpoint Review)

/pb-plan              → Lock scope, define phases
/pb-start             → Create branch, set rhythm
/pb-todo-implement    → Implement todos with checkpoint-based approval
/pb-cycle             → Self-review → Peer review iteration
/pb-pause             → End of day: preserve context
/pb-resume            → Next day: recover context
/pb-ship              → Full reviews → PR → merge → release → verify

Feature Development (Traditional)

/pb-plan     → Lock scope, define phases
/pb-start    → Create branch, set rhythm
/pb-cycle    → Develop → Review → Commit (repeat)
/pb-pause    → End of session: preserve context
/pb-resume   → Resume: recover context
/pb-ship     → Full reviews → PR → merge → release → verify

New Project Setup

/pb-repo-init      → Plan project structure (generic)
/pb-zero-stack     → Scaffold $0/month app (static + edge + CI)
/pb-repo-organize  → Clean folder layout
/pb-repo-readme    → Write documentation
/pb-repo-about     → GitHub presentation

Repository Polish

/pb-repo-enhance   → Full suite (organize + docs + presentation)

Documentation Site Setup

/pb-repo-docsite   → Transform existing docs into professional static site
                   → Includes CI/CD, GitHub Pages, Mermaid support

Periodic Maintenance

/pb-review-*       → Various reviews as scheduled
/pb-git-hygiene    → Monthly git repo audit (branches, large files, secrets)

System Maintenance

/pb-doctor         → Diagnose system health
/pb-storage        → Clean up disk space
/pb-update         → Update tools and packages
/pb-ports          → Resolve port conflicts

New Machine Setup

/pb-setup          → Bootstrap dev environment
/pb-doctor         → Verify system health

Browse All Commands

For all commands organized by category, see the command files in /commands/ directory or consult the integration guide for workflow-based command references.

Best Practices Guide

Proven patterns and anti-patterns from the Engineering Playbook in practice.

Development Process Best Practices

DO:Commit Frequently and Logically

Practice: Create commits after each meaningful unit of work (feature, fix, refactor), not at end of day.

# Good: Logical commits
git commit -m "feat: add user authentication"
git commit -m "test: add auth tests"
git commit -m "docs: update README with auth setup"

# Bad: Monolithic commit
git commit -m "add auth and tests and update docs"

Why: Logical commits make git history useful for understanding decisions and debugging. They also make cherry-picking and reverting easier.

DO:Self-Review Before Requesting Peer Review

Practice: Always use /pb-cycle self-review before requesting peer review.

Checklist from self-review:

Code follows team standards
No hardcoded values (everything configurable)
No commented-out code
No debug logs left in
Tests pass and cover new code
No obvious bugs or edge cases missed
Documentation updated alongside code

Why: Self-review catches 80% of issues before peer review. It respects reviewers’ time and speeds up the process.

DO:Keep Pull Requests Small

Practice: Target PR scope: one feature or one fix, 200-500 lines of code.

Good PR: "Add password reset feature" (adds 150 lines)
Bad PR: "Auth system overhaul" (adds 2,000 lines)

Why: Small PRs are reviewed faster, are easier to understand, and reduce merge conflicts.

DO:Write Clear Commit Messages

Practice: Use format from /pb-commit:

type(scope): short subject (50 chars max)

Body explaining what and why (not how).
Link to issues if applicable.

Example:

feat(auth): implement password reset flow

Adds password reset via email token. Tokens expire in 24 hours.
Implements rate limiting (5 resets per hour per user) to prevent abuse.

Fixes #42, relates to #38

Why: Clear commit messages become documentation. Future engineers understand not just what changed, but why.

DON’T:Skip Testing

Anti-Pattern: “I’ll add tests later” or “This doesn’t need tests”

Reality:

Later never comes (tests don’t get written)
Everything needs tests (or shouldn’t be in code)
Bugs in untested code get to production

Solution: Write tests alongside code using /pb-testing. Tests are part of the feature, not optional.

DON’T:Commit Large Files

Anti-Pattern: Committing large binaries, databases, or configuration with secrets

# Bad
git add credentials.json
git commit -m "add config"

# Good
echo "credentials.json" >> .gitignore
git commit -m "chore: add .gitignore"

Why: Large files bloat git history and make cloning slow. Secrets in git are impossible to truly remove.

Code Review Best Practices

DO:Request Review Early and Often

Practice: Don’t wait until code is “perfect” to request review. Review feedback often improves the design.

Good: Request review after implementing core logic
Bad: Request review only after everything is polished

Why: Early feedback prevents wasted effort on wrong approaches.

DO:Provide Constructive Feedback

Practice: When reviewing, explain the “why” behind suggestions:

Good: "This should validate input before processing.
       See [OWASP input validation](url).
       Example: users can inject SQL."

Bad: "This is wrong. Fix it."

Why: Constructive feedback helps reviewees learn and build trust.

DO:Request Changes for Real Issues Only

Practice: Distinguish between “must fix” and “nice to have”:

Category	Action
Security issue	Request changes
Performance problem	Request changes
Bug	Request changes
Code style preference	Suggest, don’t require
Alternative approach	Discuss, let author decide

Why: Requiring changes for everything slows down development and demoralizes authors.

DON’T:Approve Without Reading Code

Anti-Pattern: Approving PRs without thoroughly reviewing

How to detect:

No specific comments
Approved within minutes of creation
Reviewer doesn’t understand the changes

Why: Rubber-stamp reviews don’t catch bugs. Reviews exist to improve code quality.

Quality & Testing Best Practices

DO:Test Edge Cases

Practice: For each feature, test:

Happy path (normal usage)
Error cases (what can go wrong)
Boundary cases (limits and extremes)
Concurrency (if applicable)

# Good test coverage
def test_password_reset_successful():
    """Happy path: valid reset token"""

def test_password_reset_expired_token():
    """Error: token expired"""

def test_password_reset_invalid_email():
    """Error: user not found"""

def test_password_reset_rate_limited():
    """Boundary: too many attempts"""

Why: Edge case testing prevents production bugs. Most bugs hide in error paths.

DO:Use Meaningful Test Names

Practice: Test names should describe what they test:

# Good: reads like a specification
test_user_cannot_reset_password_with_expired_token()
test_rate_limiter_allows_5_resets_per_hour()
test_password_must_contain_uppercase_and_digit()

# Bad: vague or redundant
test_reset()
test_password1()
test_it_works()

Why: Meaningful test names serve as documentation. They help find failing tests quickly.

DON’T:Have Flaky Tests

Anti-Pattern: Tests that sometimes pass and sometimes fail (usually due to timing, randomness, or external dependencies)

# Bad: depends on system time
def test_token_expires():
    token = create_token()
    time.sleep(1)  # Flaky: might take longer
    assert is_expired(token)

# Good: use fixed time
def test_token_expires():
    token = create_token(created_at=now - 25*hours)
    assert is_expired(token)

Why: Flaky tests destroy team trust in the test suite. People stop believing failures.

Architecture Best Practices

DO:Document Architectural Decisions

Practice: Use /pb-adr to record decisions as you make them.

Title: Use async/await for database queries

Status: Decided

Context:
- Database calls block server threads
- Need to handle 1000s of concurrent users

Decision:
- Use async/await pattern for all DB queries
- Switch to connection pooling

Consequences:
- Need async-aware framework
- More complex error handling
- Better scalability

Why: Documented decisions preserve knowledge. Future engineers understand the “why,” not just the “what.”

DO:Reference Relevant Patterns

Practice: Before implementing a feature, check /pb-patterns-* for relevant patterns.

Building a notification system?
→ Check /pb-patterns-async (job queues, workers)
→ Check /pb-patterns-distributed (event-driven)
→ Use established patterns, don't reinvent

Why: Patterns are proven solutions. Using them improves consistency and reduces bugs.

DO:Plan for Observability Early

Practice: As you design, plan what you’ll monitor:

Feature: User signup
Metrics to track:
- Signup attempt rate
- Success rate
- Error rate by error type
- Signup duration (p50, p95, p99)

Alerting:
- Alert if success rate < 95%
- Alert if duration p95 > 2s

Why: Observable systems are easier to debug. Observability planned in design is better than bolted on later.

DON’T:Build Without Measuring

Anti-Pattern: “We can optimize later” without gathering baseline metrics

Reality:

Optimization without data is guessing
You optimize the wrong things
No way to measure improvement

Solution: Use /pb-performance to establish baselines and measure improvements.

Team & Communication Best Practices

DO:Write Async Standups

Practice: Use /pb-standup for daily async status:

## Today's Status

### Completed
- [YES]Implemented password reset feature
- [YES]Added integration tests

### In Progress
- Working on password complexity validation
- PR under review

### Blockers
- None

### Help Needed
- Review on PR #42 would be appreciated

Why: Async standups enable distributed teams and create searchable record of progress.

DO:Discuss Big Changes Before Implementing

Practice: For major changes, discuss approach before spending days on implementation.

Bad: Implement for 3 days, submit PR, get feedback
Good: Discuss approach for 30 min, implement for 1 day, PR, iterate

Why: Discussion prevents wasted effort on wrong approaches.

DON’T:Use Meeting for Information Transfer

Anti-Pattern: Using synchronous meetings to share information

Better: Use documentation, async standups, and discussion threads

When to meet: Decisions, brainstorming, conflict resolution

Why: Async communication scales better and respects people’s time zones and focus time.

Security Best Practices

DO:Validate Input at Boundaries

Practice: Never trust user input. Validate at API boundary:

# Good: validate at boundary
@app.post("/reset-password")
def reset_password(request):
    token = validate_and_sanitize(request.token)  # Validate here
    new_password = validate_password_strength(request.password)
    # ... rest of logic

# Bad: trust input, validate later
@app.post("/reset-password")
def reset_password(request):
    token = request.token  # No validation
    new_password = request.password  # No validation
    # ... logic might fail mysteriously

Why: Input validation prevents injection attacks and data corruption.

DO:Check Authorization for Every Action

Practice: Every operation should verify user is authorized:

# Good: always check auth
@app.delete("/users/{user_id}")
def delete_user(user_id, current_user):
    if not current_user.is_admin:
        raise PermissionError()
    # ... delete

# Bad: forget auth check
@app.delete("/users/{user_id}")
def delete_user(user_id, current_user):
    # ... delete user without checking permission

Why: Authorization checks prevent unauthorized access.

DON’T:Log Sensitive Data

Anti-Pattern: Logging passwords, tokens, credit card numbers

# Bad
logger.info(f"User {email} logging in with password {password}")

# Good
logger.info(f"User {email} logging in")

Why: Logs often end up in monitoring systems. Secrets in logs are a major security risk.

Performance Best Practices

DO:Measure Before Optimizing

Practice: Profile to identify bottlenecks, then optimize:

Bad: "Let's use caching because caching is fast"
Good: "Profile shows DB query is 10s of response time.
       Add caching, re-measure, confirm improvement"

Why: Optimization without data is guessing. You optimize wrong things and waste time.

DO:Monitor Production After Changes

Practice: After optimization, verify it actually helped:

Before: p95 latency = 500ms
After optimization: 250ms
Verified with: tail latency metrics in prod, 1hr monitoring window

Why: Verification ensures optimization actually helped and didn’t break something else.

DON’T:Prematurely Optimize

Anti-Pattern: Optimizing code before it’s proven slow

Bad: Spend 2 days optimizing algorithm for speed
     when database query is the bottleneck

Good: Profile first, optimize bottleneck

Why: Premature optimization wastes time and reduces readability.

Release Best Practices

DO:Use Automated Deployments

Practice: Automate deployment to reduce human error:

Good: git push → CI tests → auto-deploy to staging →
      manual approval → auto-deploy to prod

Bad: Manual deployment steps on shared script

Why: Automation is reliable. Manual steps are error-prone.

DO:Have Rollback Plan

Practice: Before releasing, know how to rollback:

Feature: New payment system
Rollback plan: Revert to previous deployment (5 min),
              or disable feature flag (1 min)

Test rollback procedure before release

Why: Rollback plans mean you can recover fast if something breaks.

DON’T:Release on Friday Afternoon

Anti-Pattern: Pushing code right before weekend

Why: If something breaks, no one is available to fix it for 2 days.

Summary

Do	Don’t
Commit frequently and logically	Skip testing
Self-review before peer review	Commit large binaries or secrets
Keep PRs small	Approve without reading code
Write clear commit messages	Leave flaky tests
Document decisions	Optimize without measuring
Test edge cases	Log sensitive data
Plan observability early	Release on Friday
Validate at boundaries	Skip authorization checks
Measure before optimizing	Optimize prematurely
Have rollback plans	Release without plan

Next Steps

Getting Started - Pick a workflow
Decision Guide - Find a command
FAQ - Get answers
Integration Guide - Deep dive on workflows

Development Checklists & Quality Gates

Single source of truth for all checklists used in the playbook. Reference these from /pb-cycle, /pb-templates, /pb-guide, and other commands.

Self-Review Checklist

Run through this before requesting peer review. Use after development, before /pb-cycle step 2.

Code Quality

No hardcoded values (secrets, URLs, magic numbers)
No commented-out code left behind
No debug print statements (unless structured logging)
Consistent naming conventions followed
No duplicate code - extracted to shared utilities
Error messages are user-friendly and actionable

Security

No secrets in code or config files
Input validation on all external data
SQL queries use parameterized statements
Authentication/authorization checked appropriately
Sensitive data not logged

Testing

Unit tests for new/changed functions
Edge cases covered (empty, null, boundary values)
Error paths tested
Tests pass locally (go test ./..., npm test, pytest, etc.)

Documentation

Complex logic has comments explaining “why”
Public functions have clear names and doc comments
API changes reflected in docs if applicable
README updated if new setup steps needed

Database (if applicable)

Migration is reversible (has DOWN migration)
Indexes added for query patterns
Foreign key constraints appropriate
No breaking changes to existing data

Performance

No N+1 query patterns
Pagination on list endpoints
Appropriate timeouts set
No unbounded loops or recursion

Peer Review Checklist

For the reviewing engineer. Check these after code is submitted for review.

Correctness

Logic solves the stated problem
Edge cases are handled
Error handling is appropriate
No regressions in existing functionality

Quality

Code is readable and maintainable
Naming is clear and consistent
Functions are not too long (single responsibility)
No code duplication
Performance is acceptable

Security

No security vulnerabilities introduced
Secrets are not exposed
Input validation is complete
Authorization checks are correct

Testing

Tests cover new functionality
Tests cover error paths
Test naming is clear

Architecture

Change fits existing patterns
No unnecessary dependencies added
API design is consistent
Database schema changes are appropriate

Code Quality Gates Checklist

Run before committing. All must pass to proceed.

make lint passes (or equivalent linting)
make typecheck passes (or equivalent type checking)
make test passes (or equivalent test suite)
make format passes (or equivalent formatting)
No breaking changes to public APIs (unless documented)

Pre-Release Checklist

Before merging to main and releasing.

All tests passing
All linting passing
Code reviewed and approved
CHANGELOG updated
Version number bumped
Documentation updated
Monitoring/alerting configured (M/L tiers)
Feature flags configured (if applicable)
Rollback plan documented

Pre-Deployment Checklist

Before deploying to production.

Pre-release checklist completed
Health checks configured
Deployment plan reviewed
Rollback tested
On-call engineer notified
Stakeholders informed (if applicable)

Post-Deployment Checklist

After deployment to production.

Monitor error rates (0 duration)
Monitor latency (0 duration)
Monitor resource usage (0 duration)
Check logs for anomalies (0 duration)
Verify SLO adherence (for M/L tiers, 1+ hours)
Smoke test key flows (if applicable)
Notify stakeholders of successful deployment

Documentation Checklist

For updating documentation alongside code changes.

README

Overview/purpose still accurate
Setup instructions still work
Examples still valid
New features documented
Known limitations updated

API/Integration Documentation

New endpoints/methods documented
Request/response examples updated
Error codes documented
Authentication/authorization updated
OpenAPI spec updated (if applicable)

Architecture/Design Documentation

Architecture diagrams updated
Data flow diagrams updated
Component descriptions updated
Decision rationale documented

Troubleshooting/Runbooks

New error scenarios documented
Debugging instructions included
Common issues updated
Runbooks created for operational changes

Security Checklist (Quick Review)

Quick security check for S tier changes. Reference /pb-security for the full list.

No secrets in code
Input validation present
Authentication required where needed
Authorization checks present
Sensitive data not logged
HTTPS used where applicable
No known vulnerabilities in dependencies

Performance Review Checklist

Before shipping performance-sensitive changes.

Load test completed
Stress test completed
Latency targets met
Memory usage acceptable
Database query performance acceptable
Caching strategy effective
No resource leaks
Monitoring configured for metrics

Testing Strategy Checklist

Verify test coverage before considering complete.

Happy path tested
Error paths tested
Edge cases tested (empty, null, boundary)
Concurrency tested (if applicable)
Integration tested (if applicable)
Integration with existing code tested
Backwards compatibility tested
Performance tested (if applicable)

Migration Checklist (Database)

For database schema or data migration changes.

Migration script tested on staging data
Rollback script tested and verified
Data validation queries prepared
Deployment window planned
Communication sent to stakeholders
Monitoring configured for migration
Post-migration verification script prepared
Original data backed up
Migration can be done without downtime
Version that requires new schema is ready

Release Checklist

Final checklist before tagging a release.

Version bumped in package.json / pyproject.toml / etc.
CHANGELOG.md updated with all changes
All commits on main are intentional
All tests passing
All linting passing
Documentation updated for public changes
Backwards compatibility confirmed (or breaking changes documented)
Deployment procedures documented
Monitoring/alerting for new features configured

Incident Response Checklist

During production incident.

Incident declared (who, what, when, where)
On-call engineer paged (if not already)
Communication channel opened
Customer/stakeholder notified (if applicable)
Root cause identified (or incident marked “investigating”)
Mitigation attempted
If mitigation successful: monitor closely, schedule RCA
If mitigation unsuccessful: escalate, attempt rollback
All actions documented with timestamps
Post-incident RCA scheduled within 24 hours

Accessibility (WCAG 2.1 AA) Checklist

For any user-facing changes (web UI, mobile UI).

Keyboard navigation works (Tab, Enter, Escape)
Focus indicators visible in light and dark modes
ARIA labels present on interactive elements
Decorative icons hidden with aria-hidden="true"
Modal/drawer focus trapped and restored
Touch targets minimum 44x44px
Color contrast ratio >= 4.5:1 (normal text), 3:1 (large text)
Images have alt text
Links have descriptive text (not “click here”)
Form labels associated with inputs
Error messages associated with fields
Tested with screen reader (NVDA, JAWS, VoiceOver)
Tested with keyboard only (no mouse)

Cross-Browser Compatibility Checklist

For new frontend features.

Chrome (latest)
Firefox (latest)
Safari (latest)
Edge (latest)
Mobile Chrome
Mobile Safari
No console errors
Layout responsive (mobile, tablet, desktop)
Performance acceptable on all browsers

Deployment Checklist by Environment

Local Development

Service runs locally
Tests pass
Database migrates correctly
Sample data loads

Staging

Service deploys successfully
All tests pass in staging
Smoke tests pass
No errors in logs
Monitoring working

Production

Deployment plan communicated
Rollback plan tested
Health checks passing
No errors in logs
Metrics within expected ranges
On-call engineer monitoring
Stakeholders notified

Checklist Usage in Playbook Commands

Checklist	Used By	Section
Self-Review	`/pb-cycle`, `/pb-templates`	Before peer review
Peer Review	`/pb-cycle`, `/pb-templates`	During review
Code Quality Gates	`/pb-cycle`, `/pb-guide`	Before commit
Pre-Release	`/pb-release`, `/pb-guide`	Before tag
Pre-Deployment	`/pb-release`, `/pb-guide`	Before deploy
Post-Deployment	`/pb-release`, `/pb-guide`	After deploy
Security	`/pb-cycle`, `/pb-security`	Before commit & release
Testing	`/pb-guide`, `/pb-review-tests`	During development

Tips for Effective Checklists

DO:

Use these as starting points, customize for your project
Check items as you verify them
Skip items that don’t apply to your change
Add project-specific items
Review checklists periodically and update

DON’T:

Check items without actually verifying
Use as a replacement for thinking
Add so many items it becomes overwhelming
Forget to actually fix issues found

Frequently Asked Questions

Common questions about the Engineering Playbook.

Getting Started

Q: What is the Engineering Playbook?

A: The Engineering Playbook is a decision framework-a set of commands and guides that codify how to approach development work. It covers planning, development, code review, release, and team operations. It’s not a tool, but a structured process that reduces friction and maintains quality at every step.

Q: Do I have to use all commands?

A: No. Start with the commands that address your current challenges. Most teams begin with /pb-plan, /pb-cycle, and /pb-release. You can adopt others gradually as you need them.

Q: How long does it take to learn the playbook?

A: You can start using key commands (like /pb-start, /pb-cycle, /pb-commit) in a few hours. Mastering the full system takes a few weeks of regular use. The playbook is designed to be adopted incrementally.

Q: Can I use the playbook with my existing tools?

A: Yes. The playbook works with any tech stack, version control system, and CI/CD platform. It’s tool-agnostic by design.

Q: Does the playbook require Claude Code?

A: No. The playbook is designed for Claude Code but works with any agentic development tool. See Using Playbooks with Other Tools for adaptation guides and concrete examples for your tool.

Installation & Setup

Q: How do I install the playbook?

A: Clone the repository and run the install script:

git clone https://github.com/vnykmshr/playbook.git
cd playbook
./scripts/install.sh

This creates symlinks in ~/.claude/commands/ making all commands available in Claude Code.

Q: I ran the install script but commands aren’t showing up. What do I do?

A: Check that ~/.claude/commands/ exists and has the symlinks:

ls -la ~/.claude/commands/ | grep pb-

If the directory doesn’t exist, create it and re-run the install script. If symlinks are broken, check that the source files exist in your cloned playbook repository.

Q: How do I uninstall the playbook?

A: Run the uninstall script:

./scripts/uninstall.sh

This removes all symlinks from ~/.claude/commands/.

Q: Can I install the playbook in multiple locations?

A: Yes. Each playbook installation is independent. You can have different playbook versions in different directories.

Workflows

Q: What’s the difference between `/pb-cycle` and `/pb-pr`?

/pb-cycle is for iterative development and review before committing
/pb-pr is for creating the pull request after your code is approved and committed

Sequence: Develop → /pb-cycle (self-review + peer review) → Approve → /pb-commit → /pb-pr

Q: Do I have to use `/pb-todo-implement`?

A: No. /pb-todo-implement is for structured implementation with checkpoint-based review if you want extra feedback during development. Use /pb-cycle if you prefer simpler iteration without checkpoints.

Q: How often should I commit?

A: Commit after each meaningful unit of work. Guidelines:

New feature → feat: commit
Bug fix → fix: commit
Refactor → refactor: commit
Tests → test: commit
Config/build → chore: commit

Don’t commit every 5 lines; don’t wait until end-of-day. Commit logically.

Q: What if I need to skip a step (like testing)?

A: Don’t. Quality gates exist to catch problems early. If a step feels unnecessary, discuss with your team about removing it, but don’t skip it unilaterally. If you’re in a crisis (incident), use /pb-incident for the emergency workflow.

Q: How do I handle urgent hotfixes?

A: Use /pb-incident which has a streamlined workflow for emergency fixes. It covers fast mitigation (rollback, hotfix, disable feature) without the normal review burden.

Code Review

Q: Who should do code review?

A: A senior engineer perspective is ideal for /pb-cycle peer review. They should understand:

System architecture and patterns
Correctness and edge cases
Maintainability and naming
Security implications
Test quality

Q: What if a reviewer requests changes I disagree with?

A: In the playbook process, you iterate:

Request review
Reviewer identifies issues
You fix or discuss
If unresolved, escalate to tech lead or discuss as a team

The key principle: Fix the issue, don’t argue. If you believe the reviewer is wrong, fix it their way, get approval, then propose a different approach next time.

Q: How long should code review take?

A: Target: 24 hours max. Aim for:

Small PRs reviewed in 2-4 hours
Medium PRs reviewed in 4-8 hours
Large PRs reviewed next business day

If reviews are taking longer, consider smaller, more frequent PRs.

Q: Can I review my own code?

A: You do /pb-cycle self-review before requesting peer review. Self-review catches obvious issues, but a peer review from another engineer is always required before merging.

Testing & Quality

Q: How much test coverage should I aim for?

A: The playbook targets:

Unit tests: Core business logic (aim for 80%+)
Integration tests: Critical workflows
E2E tests: User-facing features
Don’t aim for 100%-aim for meaningful coverage

Use /pb-testing for detailed guidance.

Q: Should I write tests before or after code?

A: Either approach works:

TDD (Test-First): Write tests, then code to pass them
Test-Alongside: Write code and tests together
Test-After: Code first, then thorough tests

The playbook requires tests before /pb-cycle peer review. Choose the approach that works for your team.

Q: How do I handle flaky tests?

A: Flaky tests are technical debt. If you encounter a flaky test:

Fix it before merging your change
Document why it was flaky
Add it to your team’s “flaky tests” tracking

Use /pb-review-tests to identify flaky test patterns across the codebase.

Documentation & Communication

Q: Should I document everything?

A: No. Document:

Why decisions were made (not just the what)
Non-obvious code logic
Public APIs and contracts
Architectural decisions (via /pb-adr)
Operational runbooks for production systems

Skip documentation for self-explanatory code.

Q: How do I stay on top of architecture documentation?

A: Use /pb-adr to record decisions as you make them, not after. This prevents “documentation debt” where decisions are undocumented.

Q: Should I write standups if I’m co-located?

A: Yes. Async standups (via /pb-standup) help:

Maintain clear documentation of progress
Enable async team members
Create a searchable record

Even co-located teams benefit from written standups.

Patterns & Architecture

Q: How do I choose between `/pb-patterns-core`, `/pb-patterns-resilience`, etc.?

A: Use the decision guide:

Start with /pb-patterns-core for architectural patterns (SOA, Event-Driven)
If you need reliability (retry, circuit breaker), check /pb-patterns-resilience
If you need async/concurrent behavior, check /pb-patterns-async
If you need database concerns, check /pb-patterns-db
If you’re building distributed systems, check /pb-patterns-distributed

All patterns can be combined; they’re not mutually exclusive.

Q: Can I use multiple patterns together?

A: Yes. Most real systems use multiple patterns. Example:

Core pattern: Event-Driven (from /pb-patterns-core)
Async pattern: Job Queues (from /pb-patterns-async)
Database pattern: Connection Pooling (from /pb-patterns-db)

Document the combination in your /pb-adr.

Q: What if I don’t like a suggested pattern?

A: The patterns are recommendations, not requirements. If a pattern doesn’t fit your constraints:

Understand why it was suggested
Identify alternative patterns
Document your choice in /pb-adr with rationale

Performance & Optimization

Q: When should I optimize?

A: Follow this sequence:

Build it correctly first (readable, maintainable)
Measure (use /pb-performance profiling)
Optimize bottlenecks (not guesses)
Verify (re-measure after optimization)

Don’t optimize prematurely.

Q: How do I know if my system is performant?

A: Use /pb-performance to:

Define performance targets
Profile your system
Identify bottlenecks
Optimize iteratively
Verify improvements

Incident Response

Q: What’s the difference between P0, P1, P2, P3?

A: Severity levels from /pb-incident:

P0: All users affected, complete service outage
P1: Major user subset affected, significant degradation
P2: Limited users affected, feature broken
P3: Minor impact, cosmetic issues

Severity determines mitigation speed and strategy.

Q: Should I do a post-mortem for every incident?

A: Guidelines:

P0/P1: Post-mortem required (24 hours)
P2: Post-mortem recommended (if recurring)
P3: Post-mortem optional

Use /pb-incident for full analysis.

Q: How do I prevent the same incident twice?

A: Three steps:

Post-mortem via /pb-incident (root cause)
Document via /pb-adr (decision to prevent recurrence)
Implementation (preventative fix in next sprint)

Team & Growth

Q: How do I onboard a new team member quickly?

A: Use /pb-onboarding for structured approach:

Preparation phase (before they start)
First day (orientation)
First week (knowledge transfer, frameworks)
Ramp-up (contribute first feature)
Growth (ongoing development)

Q: What should I do in a retrospective?

A: Use /pb-team for structured retrospective:

What went well? (celebrate)
What could improve? (action items)
How do we implement? (next steps)

Monthly retrospectives maintain team health.

Q: How do I handle conflict on my team?

A: Use /pb-standards to define team working principles:

Clear communication norms
Decision-making process
Conflict resolution approach

Most conflicts stem from unclear expectations; standards clarify them.

Release & Operations

Q: When should I release?

A: Release when:

Feature is complete and tested
Code reviewed and approved
Pre-release checks pass (via /pb-release)
Team agrees on timing

Don’t release on Friday unless it’s critical.

Q: What deployment strategy should I use?

A: Use /pb-deployment to choose:

Blue-Green: Zero downtime, instant rollback (safest)
Canary: Gradual rollout to subset (recommended)
Rolling: Progressive replacement (traditional)
Feature Flag: Dark deploy, enable on command (most control)

Blue-Green and Feature Flag are safest for production.

Q: How do I monitor my system after release?

A: Use /pb-observability to:

Set up key metrics (errors, latency, throughput)
Configure alerting thresholds
Create runbooks for common issues
Establish on-call rotation

Monitor for at least 30 minutes after release.

Integration & Customization

Q: Can I customize the playbook for my team?

A: Yes. The playbook is a framework, not dogma:

Adapt commands to your workflow
Add team-specific checklists
Modify processes based on learnings
Document your customizations

Keep core principles; customize implementation.

Q: How do I integrate with existing tools (CI/CD, GitHub, Slack)?

A: The playbook works with any tools:

Embed commands in CI/CD pipelines
Reference commands in GitHub templates
Post command results to Slack
Use commands in documentation

Examples: Use /pb-testing output in CI, /pb-security checks in PRs, /pb-incident timeline in Slack.

Q: Can I use the playbook with other frameworks?

A: Yes. The playbook complements:

Agile/Scrum (use /pb-plan for sprints)
Kanban (use /pb-cycle for continuous flow)
SAFe (use /pb-adr for enterprise decisions)
Anything (it’s process-agnostic)

Getting Help

Q: Where do I find a specific command?

A: Use the Decision Guide or Command Reference.

Q: I found a bug or have a feature request. What do I do?

A: Open an issue on GitHub.

Q: How do I contribute to the playbook?

A: See CONTRIBUTING.md for guidelines.

Q: I’m still confused about something. Where do I ask?

A: Options:

Check the Getting Started guide
Read the Integration Guide
Check this FAQ
Ask in GitHub Discussions
Open an issue describing your situation

Version & Updates

Q: How often is the playbook updated?

A: The playbook follows semantic versioning:

Patch (v1.2.1): Bug fixes, clarifications
Minor (v1.3.0): New commands, workflow improvements
Major (v2.0.0): Breaking changes to existing commands

See version history in README.

Q: How do I update to a new version?

cd playbook
git pull origin main
./scripts/install.sh    # Reinstall symlinks for new commands

Q: Will updates break my existing workflows?

A: No. The playbook maintains backward compatibility within major versions. If breaking changes are needed, they happen in major version releases with clear migration paths.

Troubleshooting

Q: I cloned the playbook but commands aren’t working. What do I do?

Verify installation: ls ~/.claude/commands/ | grep pb-
Check symlinks exist: ls -la ~/.claude/commands/pb-*
Verify original files exist: ls commands/*/*.md in playbook directory
Re-run install script: ./scripts/install.sh

Q: A command isn’t doing what I expected. How do I fix it?

Re-read the command documentation carefully
Check Decision Guide to ensure it’s the right command
Look at examples in the command
Open an issue on GitHub

Q: My team doesn’t want to use the playbook. What do I do?

Start with a single command that solves your team’s biggest pain point
Show the value (time saved, quality improved)
Gradually introduce more commands as adoption increases
Customize processes to fit your team’s culture

The playbook is a tool to help, not a mandate.

Still Have Questions?

Decision Guide - Find commands by situation
Command Reference - Browse all commands
Getting Started - Quick start guide
Integration Guide - How commands work together
GitHub Issues - Report problems
GitHub Discussions - Ask questions

Glossary

Common terms and abbreviations used in the Engineering Playbook.

Playbook-Specific Terms

Atomic Commit

A single commit that addresses one logical change and is always deployable. See /pb-commit.

Code Review Cycle

The process of developing code, reviewing it (self and peer), and getting approval before committing. See /pb-cycle.

Decision Framework

The Engineering Playbook itself-a set of structured processes for making engineering decisions.

Integration Guide

Documentation showing how all commands work together. See /docs/integration-guide.md.

Quality Gate

A checkpoint that must pass before code moves forward. Examples: linting, testing, security review.

Self-Review

Review by the code author before requesting peer review. Catches obvious issues and respects reviewers’ time.

Peer Review

Review by another engineer (usually senior) checking architecture, correctness, security, and maintainability.

Development Process Terms

Branch

A copy of the codebase where you work on a feature without affecting main code. See /pb-start.

Commit

A logical unit of work saved to git with a message explaining what changed and why. See /pb-commit.

Pull Request (PR)

A formal request to merge your branch into main. Includes code, description, and rationale. See /pb-pr.

Feature

A new capability or user-facing improvement.

Hotfix

An emergency fix for production issues, using expedited process. See /pb-incident.

Refactor

Code change that doesn’t change behavior, just improves structure/readability.

Release

Publishing code to production. Includes pre-release checks and deployment. See /pb-release.

Rollback

Reverting to previous code version if release breaks something.

Architecture & Design Terms

ADR

Architecture Decision Record. Documents major decisions with context, options, and rationale. See /pb-adr.

Pattern

A proven solution to a recurring design problem. See /pb-patterns-*.

Microservice

A small, independent service focused on one business capability.

SOA

Service-Oriented Architecture. Breaking system into independent services.

Event-Driven

Architecture where components communicate via events rather than direct calls.

CQRS

Command Query Responsibility Segregation. Separating read and write models.

Saga

Pattern for distributed transactions across multiple services.

Circuit Breaker

Pattern for preventing cascading failures by stopping requests to failing services.

Retry

Pattern for automatically retrying failed operations with backoff.

Code Quality Terms

Linting

Automatic code style checking. Catches style violations and common mistakes.

Type Checking

Verifying code types match (especially in typed languages like TypeScript, Go).

Test Coverage

Percentage of code executed by tests. Target: 70%+ for critical paths.

Edge Case

Unusual or boundary condition that code must handle correctly.

Flaky Test

Test that sometimes passes and sometimes fails (usually due to timing or randomness).

Technical Debt

Code shortcuts taken for speed that require later rework. Accumulates if not managed.

Security Terms

Authentication

Verifying who the user is (login). See /pb-security.

Authorization

Checking if authenticated user has permission for an action.

Injection Attack

Attack where attacker inserts code through input fields (SQL injection, command injection).

Rate Limiting

Restricting requests from single user/IP to prevent abuse.

Secret

Sensitive data like passwords, tokens, API keys. Must never be in code.

Input Validation

Checking user input is valid before processing.

Operations Terms

CI/CD

Continuous Integration / Continuous Deployment. Automated build, test, and deployment.

Observability

System’s ability to be understood from outside. Includes logging, metrics, tracing.

Monitoring

Continuous observation of system health and performance.

Alerting

Automatic notifications when metrics exceed thresholds.

Runbook

Step-by-step guide for handling operational issues.

SLA

Service Level Agreement. Commitment to availability/performance.

P0/P1/P2/P3

Incident severity levels. P0=all users affected, P1=major impact, P2=limited, P3=minor.

Deployment

Moving code from development to production.

Rollout

Gradual deployment to percentage of users (canary deployment).

Downtime

System is unavailable or significantly degraded.

Team & Process Terms

Standup

Daily status update (synchronous or async). See /pb-standup.

Retrospective

Team reflection on what went well and what could improve.

Onboarding

Process of bringing new team member up to speed. See /pb-onboarding.

Knowledge Transfer

Sharing knowledge between team members or with new joiners. See /pb-knowledge-transfer.

Tech Lead

Senior engineer responsible for technical decisions and code quality.

Code Owner

Engineer responsible for specific code area. Should review changes to that area.

Pair Programming

Two developers working on same code simultaneously.

Code Review Feedback

Comments and suggestions on PR from reviewer.

Abbreviations

Abbreviation	Meaning
ADR	Architecture Decision Record
API	Application Programming Interface
CQRS	Command Query Responsibility Segregation
CI/CD	Continuous Integration / Continuous Deployment
DB/DB	Database
DRY	Don’t Repeat Yourself
E2E	End-to-End
HTTP	HyperText Transfer Protocol
JSON	JavaScript Object Notation
ORM	Object-Relational Mapping
PR	Pull Request
QA	Quality Assurance
REST	Representational State Transfer
SLA	Service Level Agreement
SOA	Service-Oriented Architecture
SQL	Structured Query Language
SSH	Secure Shell
TDD	Test-Driven Development
TTL	Time To Live
UI/UX	User Interface / User Experience
UTC	Coordinated Universal Time
YAML	YAML Ain’t Markup Language

Command Reference

Shorthand for commands used throughout documentation:

Shorthand	Full Command	Purpose
`/pb-adr`	Architecture Decision Record	Document major decisions
`/pb-commit`	Craft Atomic Commits	Create logical, well-formatted commits
`/pb-cycle`	Development Cycle	Self-review and peer review iteration
`/pb-guide`	SDLC Guide	Full development framework
`/pb-incident`	Incident Response	Handle production issues
`/pb-logging`	Logging Standards	Structured logging audit
`/pb-observability`	Observability Setup	Monitor, log, trace systems
`/pb-patterns`	Pattern Overview	Architecture patterns
`/pb-patterns-async`	Async Patterns	Async/concurrent patterns
`/pb-patterns-core`	Core Patterns	SOA, events, repository, DTO
`/pb-patterns-resilience`	Resilience Patterns	Retry, circuit breaker, rate limiting
`/pb-patterns-db`	Database Patterns	Pooling, optimization, sharding
`/pb-patterns-distributed`	Distributed Patterns	Saga, CQRS, eventual consistency
`/pb-performance`	Performance Optimization	Profiling and optimization
`/pb-pr`	Pull Request Creation	Create PR with context
`/pb-release`	Release Checklist	Pre-release verification
`/pb-review`	Comprehensive Review	Multi-perspective code audit
`/pb-security`	Security Checklist	Input validation, auth, secrets
`/pb-start`	Start Feature Branch	Create branch and set rhythm
`/pb-standup`	Daily Standup	Async status update
`/pb-standards`	Team Standards	Coding standards and norms
`/pb-templates`	Reusable Templates	Commit, PR, review templates
`/pb-testing`	Testing Patterns	Unit, integration, E2E tests

Command Voice & Communication Style

How playbook commands talk to you.

Philosophy

Commands are peers, not procedures. We communicate dev-to-dev: direct, authentic, reasoning-forward. You get the why, not a checklist.

This means:

Prose over templates - Explanation embedded in narrative, not bullet-pointed
Specific reasoning - “This N+1 will scale poorly (20ms now → 2s at 100K records)” vs “consider performance”
Context-aware - Small changes get conversational prose; architecture changes get structured reasoning
No artificial formality - We skip the bot-speak (“it is recommended that…”) and talk like peers

What You’ll See

Code Review Feedback (`/pb-review`)

Instead of:

## Issues Found
- Type: Performance
  - Location: queries.py:45
  - Severity: High
  - Recommendation: Add index

You get:

Your query loop hits the database on every iteration. With 100K records, this goes from 20ms to 2 seconds. Add an index or batch the queries-either takes about 15 minutes.

Why? Because you need to know what matters (scale impact) and how hard (effort), not just a structured diagnosis.

Scope Capture (`/pb-start`)

Instead of:

Q1: Feature type? (greenfield/existing)
Q2: Risk level? (low/medium/high)
Q3: Timeline? (flexible/fixed)

You get: A conversation: “Tell me what you’re building-is this greenfield or adding to existing services? What’s the riskiest part?” Questions emerge from what you describe.

Commit Messages

Why: They explain reasoning, not just what changed.

fix(auth): extract oauth service

Tighter boundaries make this reusable in other services and
easier to test. Prep for microservice migration.

Not just: “Extract oauth service.”

When Structure Appears

Small changes (< 50 LOC): Prose, minimal structure.

Medium changes (50–150 LOC): Narrative with light headers where needed.

Large changes (150+ LOC, multiple concerns): Structured, but still authentic voice.

Architecture decisions: Detailed reasoning with explicit tradeoffs.

Multi-stakeholder communication (release notes, migration guides): Scannable structure because clarity requires it.

Why this matters: Structure earns its place. It’s not applied by default.

Anti-Patterns You Won’t See

Don’t	We Don’t Do
Hedging	“It may be helpful to consider…”
Filler	“Let’s dive into…”, “Here’s the thing…”
Passive voice	“Changes should be made to…”
Third-person reporting	“The code exhibits tight coupling”
Vague metrics	“This could be faster”
False politeness	“Thank you for considering…”

We assume you’re sharp and direct. Peer to peer.

Matching Project Conventions

Commands adapt to your project’s style. If your repo uses:

Structured ADRs → We respect that format
Detailed checklists → We follow that convention
Markdown with frontmatter → We honor it

The voice stays authentic; the structure matches context.

Key Principle

Clarity through focus, not format.

One idea per sentence. Specific examples. Concrete thresholds. Active voice. Direct address. The point comes first; the reasoning follows.

Global guidelines: Developers working on the playbook use /pb-voice and internal voice guidelines to maintain consistency
Each command: Documents its own communication style in the command description
Your workflow: Commands adapt this voice to your preferences via /pb-preferences

Preamble Quick Reference Guide

One-page guide to preamble thinking. For detailed guidance, see /pb-preamble and its parts (async, power, decisions).

The Core Anchor

Challenge assumptions. Prefer correctness over agreement. Think like peers, not hierarchies.

Four Principles

Principle	Means	In Practice	Not
Correctness Over Agreement	Get it right, not harmony	“I think this is risky because X. Have you considered Y?”	Flattery or false consensus
Critical, Not Servile	Think as peer, not subordinate	“Before we scope this, let me surface three assumptions”	Deferring just because they’re senior
Truth Over Tone	Direct, clear language	“This is simpler but slower. That’s faster but complex. I’d choose X for us.”	Careful politeness that obscures meaning
Think Holistically	Optimize outcomes, not just code	“This is architecturally clean, but can ops monitor it?”	Siloed thinking that creates problems elsewhere

Quick Decision: When to Challenge vs. Trust

CHALLENGE WHEN:

✓ Assumptions are unstated (“We need X” - why?)
✓ Trade-offs are hidden (“Simple solution” - at what cost?)
✓ Risk is glossed over (“Production-ready” - tested failure modes?)
✓ Scope is unclear (“Add this feature” - what’s done?)
✓ Process is unfamiliar (first time, don’t understand why)
✓ Context has changed (“We always do X” - still true?)
✓ Your expertise applies (you have info they don’t)

TRUST WHEN:

✓ Expert explained reasoning (you understand their thinking)
✓ You lack context (outside your domain, they have info you don’t)
✓ Time cost exceeds benefit (challenging button color wastes time)
✓ Decision is made, executing now (stop re-litigating, align)
✓ Pattern is proven (“20 times this way, it works”)
✓ You’re learning from them (understand their reasoning instead)

The Challenge Framework

How to Challenge Effectively

1. Understand their perspective first
   "I understand you're deciding X because [reason], right?"

2. Name your concern directly
   "I have a concern: [specific issue]"

3. Show your reasoning
   "Why: [evidence, experience, logic]"

4. Ask what you're missing
   "What am I missing about this?"

Challenge Rules

Rule	Do This	Don’t Do This
What to challenge	Ideas, decisions, assumptions	People, character, competence
With what	Evidence and reasoning	Feelings and vibes
Where	Public for ideas, private for character	Never publicly attack someone
How often	2-3 things per month (not meeting)	Challenge everything (become noise)

Async Quick Rules

Situation	What to Do
Writing challenge	Write as if explaining to team. Name concern directly. Show reasoning.
Missing context	Quote relevant context. Explain your frame. State assumptions.
Decision taking too long	Set decision clock: “We’ll decide Friday EOD. I’ll announce Monday.”
Feeling unclear	Ask clarifying questions, don’t assume. Reference specific earlier statements.
Disagreement in PR	Direct but specific: “I see value here. Concern: [specific]. Trade-off: [reason]”

Hierarchy Quick Rules

Situation	What to Do	What NOT to Do
Junior challenging senior	Use evidence. Build credibility first. Ask what you’re missing.	Defer just because they’re senior.
Senior person challenged	Actually listen. Explain your reasoning. Sometimes change your mind.	Dismiss. Defend. Punish disagreement.
Decision you disagree with	Execute well. Document concern if serious. Watch if it fails.	Sabotage. Hope it fails. Go silent.
Escalating disagreement	Only if: safety, ethics, or legality violated. Document it.	Use escalation as disagreement override.

Decision Clocks

When You Need to Decide

Announce before discussion:

Timeline: Now to [DATE EOD] - discuss
Decision: [DATE MORNING] - I decide
Options: [List with trade-offs]
Input needed: [What matters]
Revisit: In [TIMEFRAME] if [CONDITIONS]

After decision:

Explain your reasoning (why you chose this)
Acknowledge concerns (even ones you didn’t address)
Be clear about revisit conditions
Document it (future reference)

Loyalty After Disagreement

Level	Your Stance	Example
1: Alignment	“I disagree but I understand. Let’s execute.”	Normal path for most disagreements
2: Documented	“I want this recorded: I flagged risk X.”	For serious concerns you want noted
3: Escalate	“I can’t execute this. Violates [safety/ethics/law].”	Very rare. Career-affecting.
4: Leave	“This represents fundamental mismatch.”	Extremely rare. Only if core values conflict.

Key: Loyalty ≠ Agreement. You disagree AND execute well.

Failure Modes: Quick Diagnosis

Your team might be in trouble if:

Symptom	What’s Wrong	Fix
Everyone agrees with senior person	Pseudo-safety - challenge is punished subtly	Leaders must visibly change mind when challenged
Meetings never end, decisions keep reopening	Perpetual debate - no decision clock	Set specific decision dates and stick to them
Person who challenged is now quiet	Punishment recognized - challenge got consequences	Check in 1-on-1. Show next challenge is safe.
Half the team stops speaking	Argumentative culture - everything challenged	Distinguish: strategic decisions debate more, tactical decide faster
Senior person asserts without reasoning	Authority over correctness - hierarchy winning	Require: “Here’s why” before decisions. Invite challenge.
People complain in hallways not meetings	Lost faith in process - challenges feel pointless	Make one example where challenge changed outcome

Post-Decision Learning

When something fails:

Wrong Approach	Right Approach
“That decision was stupid. Jane should have known.”	“We assumed X. It turned out false. What does that teach us?”
“Why didn’t we see that coming?”	“With information we had then, this was reasonable. New info changed outcome.”
“Never do that again”	“For next time: test this assumption earlier, have reversal plan”

Good post-mortem:

Acknowledge outcome (not judgment)
Review assumptions (what was wrong)
Understand why (what changed/what we missed)
Extract learning (“For next time…”)
Document it (so history teaches)

Quick Checklist: Am I Using Preamble Thinking?

I challenge decisions I disagree with, not just comply
My challenges include reasoning, not just feelings
I distinguish between when to challenge and when to trust
I execute decisions well even when I disagreed
I ask clarifying questions instead of assuming
I can name concerns directly without being harsh
I see failed decisions as learning, not failure
I change my mind when challenged with good reasoning
I document why I decided, not just what
The best ideas win, not the senior person’s ideas

Yes to most? You’re using preamble thinking. No to many? Read the full guidance: /pb-preamble + relevant parts.

I need guidance on…

Question	Read
Core mindset	`/pb-preamble` - sections I-V
When to challenge	`/pb-preamble` - section II.5
Failure modes	`/pb-preamble` - section VIII
Async communication	`/pb-preamble-async`
Challenging my boss	`/pb-preamble-power` - section VI
Building team safety	`/pb-preamble-power` - section VII
Decision clocks	`/pb-preamble-decisions` - section II
After I lose an argument	`/pb-preamble-decisions` - section III
Learning from failures	`/pb-preamble-decisions` - section VI

The Test

Is your team using preamble thinking?

Look for these signals:

✅ Good signs:

People disagree in meetings without fear
Leaders sometimes change their minds
Problems surface in discussion, not production
New people feel safe asking questions
Senior person’s idea gets challenged
Mistakes become learning opportunities
Execution is strong because alignment happened

❌ Warning signs:

Everyone agrees with the senior person
Meetings get longer, not shorter
People check out mentally after decisions
Hallway complaints instead of meeting challenges
New people quickly learn to stay quiet
Same mistakes happen twice

Remember

Preamble thinking is:

About how you think together
A foundation for all other playbook commands
Progressive (build over time)
Scalable (works small to large)
Hard initially, natural eventually

It’s not:

Being rude
Constant debate
Ignoring hierarchy
Free-for-all disagreement
Never making decisions

The goal: Better thinking wins. Better decisions happen. Better execution follows.

For complete guidance, read /pb-preamble and parts 2-4. This is the quick version.

Design Rules Quick Reference

One-page guide to 17 design rules. For detailed guidance, see /pb-design-rules.

The 4 Clusters

Cluster	Rules	Focus	When It Matters
CLARITY	Clarity, Least Surprise, Silence, Representation	Understandability	APIs, interfaces, code readability
SIMPLICITY	Simplicity, Parsimony, Separation, Composition	Design Discipline	Architecture, scope, features
RESILIENCE	Robustness, Repair, Diversity, Optimization	Reliability & Evolution	Error handling, failures, learning
EXTENSIBILITY	Modularity, Economy, Generation, Extensibility	Long-term Growth	Architecture, future features

All 17 Rules at a Glance

#	Rule	Principle	Anti-Pattern
1	Clarity	Clarity is better than cleverness	Cryptic, clever code that only the author understands
2	Least Surprise	Always do the least surprising thing	APIs that behave unexpectedly
3	Silence	When there’s nothing to say, say nothing	Verbose output that masks real problems
4	Representation	Fold knowledge into data	Complex logic that could be simple with better data structures
5	Simplicity	Design for simplicity; add complexity only where you must	Over-engineered solutions
6	Parsimony	Write big programs only when clearly nothing else will do	Monoliths when smaller services would work
7	Separation	Separate policy from mechanism; separate interfaces from engines	Tangled abstractions; implementation details in interfaces
8	Composition	Design programs to be connected to other programs	Monolithic designs that can’t be reused
9	Robustness	Robustness is the child of transparency and simplicity	Complex error handling without understanding the problem
10	Repair	When you must fail, fail noisily and as soon as possible	Silent failures that compound
11	Diversity	Distrust all claims for “one true way”	Dogmatic adherence to patterns that don’t fit
12	Optimization	Prototype before polishing; get it working before you optimize	Premature optimization
13	Modularity	Write simple parts connected by clean interfaces	Tightly-coupled monoliths
14	Economy	Programmer time is expensive; conserve it	Hand-hacking when a library or tool exists
15	Generation	Avoid hand-hacking; write programs to write programs	Repetitive, error-prone manual code
16	Extensibility	Design for the future, because it will be here sooner than you think	Brittle designs that break with small changes
17	Transparency	Design for visibility to make inspection and debugging easier	Opaque systems that require debuggers to understand

Decision Tree: Which Rule Applies?

Are you designing an interface or API?

✓ Clarity: Is the interface obviously correct?
✓ Least Surprise: Does it behave as expected?
✓ Composition: Will other systems want to use this?

Are you deciding on architecture or scope?

✓ Simplicity: Is this the simplest solution?
✓ Parsimony: Do we need this complexity?
✓ Separation: Are concerns cleanly separated?
✓ Modularity: Are parts independent?

Are you dealing with errors or failures?

✓ Repair: Are failures loud and clear?
✓ Robustness: Is simplicity enabling reliability?
✓ Transparency: Can we see what went wrong?

Are you thinking about the future?

✓ Extensibility: Will changes require rebuilds?
✓ Economy: Are we investing programmer time wisely?
✓ Generation: Are we avoiding hand-hacking?

Are you optimizing performance?

✓ Optimization: Have we measured the bottleneck?
✓ Simplicity: Is complexity adding real value?
✓ Economy: Is the speedup worth the cost?

Rule-by-Rule Quick Guidance

CLARITY Cluster

Clarity: Clarity is better than cleverness

When: Choosing between implementations
Action: Pick the obvious version
Test: Would a new developer understand it in 5 minutes?

Least Surprise: Always do the least surprising thing

When: Designing APIs and interfaces
Action: Use conventions; do what’s expected
Test: Does this match what users expect?

Silence: When there’s nothing to say, say nothing

When: Designing output and logging
Action: Only output when there’s information
Test: Does normal operation produce zero output?

Representation: Fold knowledge into data

When: Designing data structures
Action: Let the data structure encode constraints
Test: Does the code read obviously from the data?

SIMPLICITY Cluster

Simplicity: Design for simplicity; add complexity only where you must

When: Making any design decision
Action: Start simple; justify each addition
Test: Can you remove anything without breaking requirements?

Parsimony: Write big programs only when clearly nothing else will do

When: Choosing scope and scale
Action: Start small; split only if necessary
Test: Can this be three focused programs instead of one big one?

Separation: Separate policy from mechanism

When: Designing layered architectures
Action: Keep “what should happen” separate from “how”
Test: Can you change the implementation without touching the interface?

Composition: Design programs to be connected

When: Deciding on integration points
Action: Design for reusability
Test: Can other systems easily use this?

RESILIENCE Cluster

Robustness: Robustness is the child of transparency and simplicity

When: Building reliable systems
Action: Make systems transparent first
Test: Can you see what’s happening without debugging?

Repair: When you must fail, fail noisily

When: Designing error handling
Action: Errors should be loud and immediate
Test: Do problems surface where they start, not downstream?

Diversity: Distrust all claims for “one true way”

When: Evaluating architectural approaches
Action: Understand trade-offs; don’t follow dogma
Test: Can you explain why this is right for OUR context?

Optimization: Prototype before polishing

When: Considering performance improvements
Action: Measure first; optimize second
Test: Do you have data showing this is the bottleneck?

EXTENSIBILITY Cluster

Modularity: Write simple parts connected by clean interfaces

When: Designing the overall structure
Action: Build small, focused modules
Test: Can you understand each module independently?

Economy: Programmer time is expensive

When: Choosing between building vs. using
Action: Use libraries; generate code; automate repetition
Test: Are we writing code that a library could provide?

Generation: Avoid hand-hacking

When: Doing the same thing repeatedly
Action: Write code to generate the code
Test: Is this pattern repeated more than once?

Extensibility: Design for the future

When: Making structural decisions
Action: Plan for adaptation without rebuilds
Test: Can new requirements be added without changing core code?

Transparency: Design for visibility

When: Building systems to be operated
Action: Systems should be observable
Test: Can you understand the system’s state without a debugger?

Trade-off Matrix: When Rules Conflict

Conflict	Rule A	vs.	Rule B	Decision Framework
Simplicity vs. Robustness	“Keep it simple”	vs.	“Handle all failures”	Use preamble: surface trade-off explicitly. Usually: simple systems with clear failures beat complex error handling
Clarity vs. Economy	“Use one-liners”	vs.	“Use explicit names”	Prefer clarity. Accept more lines. Economy is about not writing unnecessary code, not about brevity
Modularity vs. Performance	“Separate concerns”	vs.	“Merge for speed”	Measure first. Usually modularity isn’t the bottleneck. Only optimize after profiling
Extensibility vs. Simplicity	“Design for futures”	vs.	“Keep it minimal”	Design for modularity (enables extension), not flexibility (adds complexity). Build blocks that adapt, not flexible frameworks
Generation vs. Clarity	“Generate all code”	vs.	“Write clear code”	Generated code is fine if the generator is clear. Humans shouldn’t read generated code

Failure Modes Diagnosis

Your system violates design rules if you see:

Symptom	Broken Rules	Fix
“This code is impossible to understand”	Clarity	Rewrite for explicitness; reject clever
“This API surprises everyone”	Least Surprise	Document expected behavior; change API to match expectations
“Output is too verbose; problems get lost”	Silence	Disable debug output in production; be selectively verbose
“Logic is tangled; data is unclear”	Representation	Redesign data structures to encode constraints
“Every change requires rebuilding everything”	Separation, Modularity	Refactor into independent pieces with clean interfaces
“The system is too complex; even we don’t understand it”	Simplicity, Robustness	Delete features; simplify core; redesign for transparency
“We’re paying high server costs for a problem we can’t solve”	Optimization, Measurement	Measure before optimizing; profile to find the bottleneck
“Errors hide until they’ve caused major damage”	Repair, Transparency	Fail fast; log state changes; make failures loud
“We can’t add features without breaking existing ones”	Extensibility, Modularity	Design for composition; build new features as separate modules
“We hand-write boilerplate over and over”	Generation	Write a generator; use templates; automate the pattern

Quick Checklist: Are You Following Design Rules?

Interfaces and APIs are obvious and unsurprising
Code is readable by someone unfamiliar with it
Data structures encode the problem clearly
You’ve justified every piece of complexity
Architecture separates concerns clearly
Modules are independent and reusable
Errors are loud and immediate
The system is observable without special tools
You’ve measured before optimizing
You’ve designed for future adaptation without adding flexibility now

Yes to most? You’re following design rules. No to several? Read the full guidance: /pb-design-rules

Integration with Preamble

Preamble (HOW teams think together):

Challenge assumptions
Think like peers
Prefer correctness over agreement

Design Rules (WHAT systems are built):

Clarity enables teams to challenge architectural decisions
Simplicity enables teams to question complexity
Transparency enables teams to discuss based on data

Together: A team using preamble thinking with design rules awareness makes better decisions faster. Preamble thinking without design discipline builds wrong things. Design rules without preamble thinking get debated endlessly.

I need guidance on…	Read this
Making APIs obvious	Rules 1-4 (CLARITY)
Deciding on architecture	Rules 5-8 (SIMPLICITY)
Error handling	Rules 9-12 (RESILIENCE)
Long-term design	Rules 13-17 (EXTENSIBILITY)
Choosing between options	Trade-off Matrix (above)
Understanding what went wrong	Failure Modes Diagnosis (above)

The Test: Are You Following Design Rules?

Good signs:

New developers understand the code quickly
Errors point to the real problem
Adding features doesn’t require rewriting core code
The system is obviously correct, not mysteriously working
Performance matches requirements; no premature optimization
Modules can be understood independently

Warning signs:

“Only [person] understands this code”
Errors hide until they cause cascading failures
Every change touches multiple unrelated files
You’re hand-writing the same pattern repeatedly
“It’s fast, but I don’t know why”
Modules depend on each other’s internals

Remember

Design Rules are:

About building systems that work, last, and adapt
Complementary to preamble thinking (team collaboration)
Trade-offs to understand, not laws to obey
Applied in context, not dogmatically
Visible in the patterns and practices throughout the playbook

Design Rules are NOT:

Rigid laws that apply the same everywhere
Reasons to over-engineer
Excuses for missing deadlines
Arguments to win; they’re frameworks to think with

The goal: Build systems that are clear, simple, reliable, and adaptable. Design rules guide that thinking.

Design Rules Quick Reference - For complete guidance, read /pb-design-rules.

Evolution System Operational Guide

For playbook maintainers only. If you’re adopting the playbook, start with Getting Started instead.

This guide covers how the playbook itself evolves through quarterly cycles.

This guide walks through the complete evolution process with all safety mechanisms in place.

Overview: The Evolution Workflow

┌─────────────────────────────────────────────────────────┐
│ PREPARE                                                 │
│ ├─ Ensure clean git state                              │
│ ├─ Create snapshot (enable rollback)                   │
│ └─ Record evolution cycle (structured log)             │
├─────────────────────────────────────────────────────────┤
│ ANALYZE                                                 │
│ ├─ Review capability changes since last cycle          │
│ ├─ Audit playbooks against new capabilities            │
│ └─ Propose changes with rationale                      │
├─────────────────────────────────────────────────────────┤
│ VALIDATE & TEST                                         │
│ ├─ Generate diff (what will change?)                   │
│ ├─ Run execution tests (do evolved playbooks work?)    │
│ └─ Verify metadata consistency                         │
├─────────────────────────────────────────────────────────┤
│ APPROVE                                                 │
│ ├─ Create PR with proposed changes                     │
│ ├─ Request peer review                                 │
│ └─ Merge only after approval                           │
├─────────────────────────────────────────────────────────┤
│ APPLY                                                   │
│ ├─ Update playbooks with approved changes              │
│ ├─ Regenerate indices and documentation                │
│ └─ Final validation                                    │
├─────────────────────────────────────────────────────────┤
│ COMPLETE                                                │
│ ├─ Tag release                                         │
│ ├─ Record cycle completion                             │
│ └─ Document outcomes and metrics                       │
└─────────────────────────────────────────────────────────┘

Part 1: PREPARE Phase

1.1: Ensure Clean Git State

Before starting, verify your working tree is clean:

# Check git status
git status

# Must show:
# On branch main
# nothing to commit, working tree clean

# If dirty, commit or stash changes
git add .
git commit -m "checkpoint: save work before evolution"

1.2: Create Evolution Snapshot

This is critical. A snapshot is your insurance policy.

# Create snapshot with descriptive message
python3 scripts/evolution-snapshot.py \
  --create "Before Q1 2026 evolution: Sonnet 4.6 analysis"

# Output will look like:
# 📸 Creating snapshot: evolution-20260209-143022
#   ✅ Git tag created: evolution-20260209-143022
#   ✅ Metadata saved
# ✅ Snapshot created: evolution-20260209-143022

The snapshot:

Creates a git tag (cloud backup)
Records metadata (creation time, message)
Enables rollback if needed

1.3: Record Evolution Cycle

Log the cycle in the structured audit log:

# Record the cycle
python3 scripts/evolution-log.py \
  --record-cycle "2026-Q1" \
  --trigger quarterly \
  --capability-changes "Sonnet 4.6: +30% speed, same cost. Parallelization now viable."

# Output:
# ✅ Evolution cycle recorded: 2026-Q1

Trigger types:

quarterly - Scheduled quarterly evolution (Feb/May/Aug/Nov)
version_upgrade - New Claude model release
user_feedback - User-reported issue or pattern
manual - Ad-hoc evolution (e.g., testing)

Part 2: ANALYZE Phase

2.1: Document Capability Changes

Understand what’s changed since last evolution:

# Check Claude version
# Use: announcements, release notes, or testing directly

# Document findings
cat > /tmp/capability-changes.md << 'EOF'
# Claude Capability Changes (Since 2025-11-01)

## Model Versions
- Sonnet 4.5 → 4.6: 30% faster at same cost
- Opus 4.5 → 4.6: 15% faster, slightly better reasoning
- Haiku unchanged

## Speed Implications
- Sonnet now competitive with Opus on some reasoning tasks
- Parallelization more efficient (faster total time)
- Model routing can be more aggressive

## Limitations Unchanged
- Context window still 200K (Sonnet, Opus)
- Haiku still 100K
- Cost per token unchanged

## What To Test
1. Can Sonnet handle what Opus used to do?
2. Is parallelization worth the token cost?
3. Do old playbooks need simplification?
EOF

# Review your findings
cat /tmp/capability-changes.md

2.2: Audit Playbooks by Category

Systematically review each playbook category:

DEVELOPMENT playbooks (pb-start, pb-cycle, pb-commit, pb-pr, pb-debug)

Question: Can Sonnet 4.6 handle all development tasks?
Action: Test complex refactoring with Sonnet
Possible change: Move some from Opus → Sonnet

PLANNING playbooks (pb-plan, pb-adr, pb-think, pb-patterns-*)

Question: Do planning decisions still need Opus reasoning?
Action: Test strategy proposals with Sonnet
Possible change: Parallel ideation (fan-out) now viable

REVIEW playbooks (pb-review-code, pb-security, pb-voice)

Question: Can parallel reviews work with faster Sonnet?
Action: Test 3-way review (multiple agents) on same code
Possible change: Parallel review pattern

UTILITIES (pb-doctor, pb-git-hygiene, pb-ports, etc.)

Question: Can more tasks use Haiku instead of Sonnet?
Action: Test each utility with Haiku
Possible change: Expand Haiku-suitable tasks

2.3: Propose Changes

For each opportunity, document:

### Opportunity: Parallel Code Review

**Status quo:**
- Code review runs sequentially: one agent reviews, time=T

**Capability change:**
- Sonnet 4.6 is 30% faster
- Context windows still 200K (sufficient for reviews)

**Proposal:**
- Run 3-way parallel review (code style, logic, security)
- Each agent gets same code + different focus
- Merge results

**Why now:**
- Sonnet fast enough that parallel doesn't double cost
- Users want faster reviews

**Risk:**
- Three agents might have redundant observations
- Could result in longer report

**Test plan:**
- Run parallel review on 3 open PRs
- Compare: time saved vs report size
- If time saves > 30% and quality maintained, implement

**Expected impact:**
- Code review time: 25 min → 15 min (-40%)
- Cost per review: same (3 agents × faster speed ≈ sequential)

Record proposed changes:

# For each significant change, record it
python3 scripts/evolution-log.py \
  --record-change pb-review-code \
  --field execution_pattern \
  --before sequential \
  --after parallel \
  --rationale "Sonnet 4.6 fast enough for concurrent review agents" \
  --cycle "2026-Q1"

Part 3: VALIDATE & TEST Phase

3.1: Generate Diff Preview

See exactly what will change:

# Generate diff report (compares current vs proposed)
python3 scripts/evolution-diff.py \
  --detailed main HEAD

# This shows:
# - Which commands change
# - What fields change
# - Old → new values

Example output:

### pb-review-code

**execution_pattern:**
- Before: `sequential`
- After: `parallel`

**related_commands:**
- Before: `['pb-review-docs', 'pb-security', 'pb-cycle']`
- After: `['pb-review-docs', 'pb-security', 'pb-cycle', 'pb-voice']`

3.2: Run Execution Tests

Validate that evolved playbooks still work:

# Run all evolution tests
pytest tests/test_evolution_execution.py -v

# Key tests:
# ✓ Metadata is consistent (Resource Hint ↔ model_hint)
# ✓ Related commands still exist
# ✓ Model hints make sense
# ✓ No orphaned metadata fields
# ✓ Categories are valid
# ✓ Execution patterns are valid

# If any test fails, fix before proceeding!

3.3: Verify Metadata Consistency

# Check that all metadata is still valid
python3 scripts/evolve.py --validate

# Should output:
# All metadata valid
# N commands parsed successfully

3.4: Run Convention Checks

# Ensure playbooks still follow conventions
python3 scripts/validate-conventions.py

# Should output:
# Passed: 253
# Warnings: 0-10 (pre-existing are OK)
# Errors: 0

Part 4: APPROVE Phase

4.1: Create PR for Review

Don’t apply changes directly. Create a PR and get peer review.

# Create feature branch (don't commit to main yet)
git checkout -b evolution/2026-q1
git add commands/
git commit -m "evolution: propose Q1 2026 changes"

# Generate markdown diff report for reviewers
python3 scripts/evolution-diff.py \
  --report main HEAD

# Create PR
gh pr create \
  --title "evolution(quarterly): Q1 2026 - Sonnet 4.6 analysis" \
  --body "$(cat <<'EOF'
## Summary

Quarterly evolution for Claude Sonnet 4.6 improvements.

## Changes
- Parallel review patterns now viable
- Model routing optimized (Sonnet handles more)
- No breaking changes

See `todos/evolution-diff-report.md` for detailed diff.

## Testing
- ✅ Execution tests: PASS
- ✅ Metadata consistency: PASS
- ✅ Convention validation: PASS
- ✅ All tests: PASS

## Review Checklist
- [ ] Capability changes make sense
- [ ] Proposed changes align with capabilities
- [ ] No unintended side effects
- [ ] Metadata is consistent
- [ ] Tests pass
EOF
)"

# Example output:
# ✓ https://github.com/vnykmshr/playbook/pull/10

4.2: Peer Review Checklist

Reviewer, use this checklist:

Capability alignment - Do proposed changes match new Claude capabilities?
No regressions - Will evolved playbooks still work as intended?
Metadata consistency - Do all field changes make sense together?
Impact scope - Are side effects acceptable?
Test coverage - Do execution tests pass?
Documentation - Is rationale clear?
Risk assessment - Are there gotchas?

If review finds issues:

Return PR for fixes
Don’t approve until all concerns resolved

4.3: Merge After Approval

# Only after approval:
git push origin evolution/2026-q1

# Merge via GitHub or CLI
gh pr merge 10 --squash

# Pull latest main
git checkout main
git pull origin main

Part 5: APPLY Phase

5.1: Apply Approved Changes

Now that changes are approved and merged, make them active:

# Update playbook content
# Example: if you proposed parallel reviews, implement it in pb-review-code

# 1. Edit commands/reviews/pb-review-code.md
#    - Add "Parallel Review Pattern" section
#    - Update execution_pattern in metadata: sequential → parallel
#    - Update examples to show parallel execution

# 2. Regenerate auto-generated files
python3 scripts/evolve.py --generate

# 3. Regenerate CLAUDE.md
/pb-claude-project

# 4. Validate everything still works
python3 scripts/evolve.py --validate
pytest tests/test_evolution_execution.py -v

5.2: Final Validation

# Ensure nothing broke
python3 scripts/validate-conventions.py
mkdocs build --strict
npx markdownlint-cli --config .markdownlint.json 'commands/**/*.md'

# All must pass!

Part 6: COMPLETE Phase

6.1: Commit Changes

# Stage all changes
git add commands/ docs/ scripts/ .claude/ CHANGELOG.md

# Commit with clear message
git commit -m "$(cat <<'EOF'
evolution(q1-2026): apply Sonnet 4.6 optimizations

Implemented parallel review patterns and model routing optimizations
based on Sonnet 4.6 capability improvements.

Changes:
- Parallel code review now standard (execution_pattern: parallel)
- Model routing: Sonnet handles 5 additional task types
- Updated context efficiency in pb-claude-orchestration

Metrics:
- Expected time savings: 15% per review cycle
- Expected cost savings: minimal (parallel increases token use slightly)
- Risk: low (tested on live PRs)

Cycle snapshot: evolution-20260209-143022
EOF
)"

6.2: Tag Release

# Create version tag
git tag -a v2.11.0 -m "v2.11.0: Q1 2026 Evolution (Sonnet 4.6 Optimizations)"

# Push tag
git push origin v2.11.0

6.3: Record Cycle Completion

# Record that cycle is complete
python3 scripts/evolution-log.py \
  --complete "2026-Q1" \
  --pr 10

# Export timeline for metrics
python3 scripts/evolution-log.py --analyze

6.4: Update CHANGELOG

# CHANGELOG.md

## v2.11.0 (2026-05-15) - Q1 2026 Evolution

### Improvements
- **Parallel Review Patterns** - Code reviews now run 3-way parallel (style, logic, security)
- **Model Routing Optimization** - Sonnet 4.6 now handles architecture decisions previously requiring Opus
- **Context Efficiency** - Improved compression techniques; context use -8%

### Metrics
- Review time: -40% (25 min → 15 min)
- Session cost: same (parallelization offsets speed gains)
- User satisfaction: +12% (faster turnaround)

### Testing
- Parallel review patterns tested on 50+ real PRs
- Model routing changes validated on 100+ sessions
- Backward compatible: old playbooks still work

### Upgrade Path
- No breaking changes
- Automatic via system update
- Recommended for all users

Handling Problems: Rollback

If Something Breaks After Release

Scenario: You released evolution changes, but they cause issues in production.

Response:

# 1. List available snapshots
python3 scripts/evolution-snapshot.py --list

# 2. Choose the one from before evolution
#    Example: evolution-20260209-143022

# 3. Rollback (interactive confirmation)
python3 scripts/evolution-snapshot.py --rollback evolution-20260209-143022

# 4. Record the revert
python3 scripts/evolution-log.py \
  --revert "2026-Q1" \
  --reason "Parallel reviews increased false positives; needs refinement"

# 5. Push rollback commit
git push origin main

# 6. Post-mortem: What went wrong?
# - Was the assumption wrong? (Sonnet not ready for this?)
# - Was the implementation wrong? (Bad parallelization strategy?)
# - What would you do differently next time?

Tools Reference

Snapshot Management

# Create snapshot
python3 scripts/evolution-snapshot.py --create "Message"

# List snapshots
python3 scripts/evolution-snapshot.py --list

# Show snapshot details
python3 scripts/evolution-snapshot.py --show evolution-20260209-143022

# Rollback to snapshot
python3 scripts/evolution-snapshot.py --rollback evolution-20260209-143022

# Cleanup old snapshots (keep 5 most recent)
python3 scripts/evolution-snapshot.py --cleanup 5

Evolution Log

# Record new cycle
python3 scripts/evolution-log.py \
  --record-cycle "2026-Q1" \
  --trigger quarterly \
  --capability-changes "Sonnet 4.6: +30% speed"

# Record change within cycle
python3 scripts/evolution-log.py \
  --record-change pb-review-code \
  --field execution_pattern \
  --before sequential \
  --after parallel \
  --rationale "Sonnet 4.6 enables parallelization" \
  --cycle "2026-Q1"

# View history
python3 scripts/evolution-log.py --show

# Analyze patterns
python3 scripts/evolution-log.py --analyze

# Complete cycle
python3 scripts/evolution-log.py --complete "2026-Q1" --pr 10

# Revert cycle
python3 scripts/evolution-log.py --revert "2026-Q1" --reason "Issues found"

Diff and Testing

# Generate diff
python3 scripts/evolution-diff.py --detailed main HEAD

# Generate report
python3 scripts/evolution-diff.py --report main HEAD

# Run execution tests
pytest tests/test_evolution_execution.py -v

# Validate metadata
python3 scripts/evolve.py --validate

# Check conventions
python3 scripts/validate-conventions.py

Troubleshooting

“Working tree is dirty” error

# Stage and commit changes
git add .
git commit -m "checkpoint: save progress"

# Then retry evolution commands

Snapshot creation fails

# Ensure git is configured
git config user.name "Your Name"
git config user.email "your@email.com"

# Retry snapshot
python3 scripts/evolution-snapshot.py --create "Message"

Diff tool shows huge changes

# Normal if metadata changed significantly
# Review carefully in PR

# If concerned, start with smaller change
# Revert proposed changes and try again

Tests fail after evolution

# Run tests locally first
pytest tests/test_evolution_execution.py -v

# Fix issues before creating PR
# Examples:
# - Update Resource Hints if model hints changed
# - Add new related commands if topology changed
# - Verify metadata consistency

# Re-run tests
pytest tests/test_evolution_execution.py -v

# Only create PR after all tests pass

Best Practices

Always snapshot first - This is non-negotiable. You can’t rollback without it.
Test before approving - Run the test suite and generation scripts locally before creating PR.
Diff before applying - Generate and review the diff to see exactly what will change.
Peer review is mandatory - Don’t merge evolution changes without review.
Document your reasoning - Future you will thank present you.
Measure impact - Track before/after metrics for cost, speed, user satisfaction.
Keep cycle log - The structured log enables pattern detection and automation.
Plan rollback early - If something breaks, you want to know your exit route.

FAQ

Q: How often should we evolve? A: Quarterly (Feb/May/Aug/Nov) on schedule, plus ad-hoc when major capabilities land.

Q: Can I evolve multiple things in one cycle? A: Yes, but keep changes related. Multiple unrelated changes = multiple cycles.

Q: What if I’m unsure about a change? A: Test it locally, document uncertainty in PR, let reviewers decide.

Q: Can I rollback part of a cycle? A: Not easily. Rollback goes to full snapshot. Better to fix forward in next cycle.

Q: How long does a full cycle take? A: Plan 2-4 hours (analysis + testing + review + apply).

Q: Who should do evolution cycles? A: Someone familiar with playbooks and Claude capabilities. Usually the playbook maintainer.

commands/core/pb-evolve.md - High-level evolution process
.playbook-metadata-schema.yaml - Metadata field definitions
CHANGELOG.md - Release history

Command Versioning Guide

This guide explains how playbook commands are versioned and how to interpret version numbers.

Versioning Scheme

Commands use semantic versioning: MAJOR.MINOR.PATCH

MAJOR.MINOR.PATCH

Examples:
- 1.0.0 = Baseline (initial stable release)
- 1.1.0 = Enhanced with new sections (non-breaking)
- 1.0.1 = Typo fix (non-breaking)
- 2.0.0 = Breaking change (scope/purpose change)

MAJOR Version (breaking changes)

Bump MAJOR when:

Removed sections - Command has fewer sections than before (requires user adaptation)
Changed scope/purpose - Command does something fundamentally different
Breaking API - Command’s structure or inputs/outputs change significantly
Replaced - Command is replaced by another (migration path required)

Examples triggering major bump:

Remove “Outcome Clarification” from pb-start → 2.0.0
Merge pb-security and pb-hardening into single command → 2.0.0
Change pb-cycle from sequential to parallel-only execution → 2.0.0

MINOR Version (new features, non-breaking)

Bump MINOR when:

Added sections - New section added to command
Enhanced guidance - Existing section rewritten with more depth
New examples - Added concrete examples or code snippets
Related commands updated - New cross-references added
Reorganization - Content reorganized for clarity (same content, different structure)

Examples triggering minor bump:

Add “Philosophy” section to design rules → 1.1.0
Add “Step 0: Outcome Verification” to pb-cycle → 1.1.0
Add new example to pb-testing → 1.1.0

PATCH Version (cosmetic fixes, non-breaking)

Bump PATCH when:

Typo fix - Grammar, spelling, or formatting corrections
Clarification - Rewrote unclear sentence (same meaning, clearer expression)
Date update - Updated reference date or timestamp
Link fix - Fixed broken or outdated link

Examples triggering patch bump:

Fix typo in command description
Clarify confusing example
Update date reference

Understanding Version Metadata

Each command has version metadata in its YAML front-matter:

---
name: "pb-command"
version: "1.1.0"              # Current command version
version_notes: "Initial v2.11.0 (Phase 1-4 enhancements)"
breaking_changes: []           # List of breaking changes (if any)
---

`version`

Current semantic version of this command.

`version_notes`

Human-readable note about what version changed:

First release: “v2.10.0 baseline” or “Initial v2.11.0”
Enhancement: “Phase 3: Added Outcome Clarification”
Fix: “Fixed typo in Step 2”

`breaking_changes`

List of breaking changes (if MAJOR version):

breaking_changes:
  - "Removed 'Legacy Mode' section; use /pb-new-alternative instead"
  - "Changed execution from sequential to parallel"

Empty if MINOR or PATCH version.

How to Check a Command’s Version

In the command itself: Look at the YAML metadata at the top of the file:

---
name: "pb-start"
version: "1.1.0"
---

In the command index: View /docs/command-changelog.md for version history of all commands.

In the help text: When viewing a command’s help, the version is displayed.

Migration Guide for Breaking Changes

When a command has a MAJOR version bump (breaking change):

Step 1: Read the breaking_changes list

Check what changed and how it affects you.

Step 2: Follow the migration path

The command will include a “Migration” section explaining:

What changed
Why it changed
How to adapt your usage
Alternative commands (if any)

Step 3: Update your workflows

Adapt your processes to the new version.

Example: Hypothetical pb-cycle v2.0.0

## Migration Guide

**What changed:** pb-cycle now requires parallel execution pattern (no sequential mode)

**Why:** Testing infrastructure improved; serial execution no longer needed

**How to adapt:**
- Remove `sequential` mode from your workflows
- All cycles now run: code → [parallel-review + parallel-test] → commit
- Review results synthesized before approval

**Alternative:** Use `/pb-cycle-sequential` for legacy serial workflows (deprecated, use sparingly)

Version Stability Guarantees

v1.x.x (1.0.0 - 1.9.9)

Stable API. Features may be added (MINOR), bugs fixed (PATCH), but core structure is stable. Safe to depend on.

v2.x.x (2.0.0+)

Breaking changes possible. Core has changed. Review breaking_changes list before upgrading.

v0.x.x (if ever used)

Unstable. Not yet stable. Breaking changes expected. Use with caution.

When Commands Are Versioned

Commands are versioned:

At creation → v1.0.0 (initial baseline)
When enhanced → v1.1.0 (added sections)
When fixed → v1.0.1 (bug fixes, typos)
When substantially changed → v2.0.0 (breaking changes)

Commands are NOT versioned on every single edit. Only meaningful changes (additions, removals, significant rewrites) warrant version bumps.

Playbook Version vs Command Versions

Playbook version (e.g., v2.11.0): Overall release of the playbook Command version (e.g., 1.1.0): Version of an individual command within that playbook

They are independent:

Playbook releases every quarter (v2.10.0, v2.11.0, v2.12.0…)
Commands can update at any time (v1.0.0 → v1.1.0 can happen mid-quarter)
A command at v1.0.0 in playbook v2.11.0 hasn’t changed since v2.10.0

Command Lifecycle

Creation (v1.0.0)

New command created and released as v1.0.0 (baseline).

Enhancement (v1.1.0, v1.2.0…)

Command gains new sections or improved guidance. Non-breaking, backward compatible.

Stabilization (v1.x.x)

Command reaches maturity. Mostly typo fixes and clarifications. Rare new sections.

Replacement (v2.0.0)

Command significantly changes OR is replaced by a newer command. Users must migrate.

Deprecation (optional)

Command is marked for removal. Still works, but users encouraged to migrate.

Removal (very rare)

Command deleted entirely (only after long deprecation period).

Best Practices

For Users

Check command version when starting a new workflow
Review version_notes to understand what’s changed
When upgrading playbooks, check breaking_changes for any MAJOR version bumps
Bookmark /docs/command-changelog.md for reference

For Maintainers (Playbook Authors)

Bump version ONLY when making changes
Use clear version_notes describing what changed
Document breaking_changes for MAJOR bumps with migration paths
Announce deprecations 1-2 releases before removal
Never bump version without updating version_notes

Semantic Versioning Rules

Start at 1.0.0 (not 0.1.0)
Increment MAJOR for breaking changes
Increment MINOR for backward-compatible features
Increment PATCH for backward-compatible fixes
Never have gaps (jump from 1.0.0 to 1.0.2 skipping 1.0.1 is wrong)

Command Changelog: command-changelog.md - Version history of all commands
Command Index: command-index.md - Full list of commands
Individual Commands: Each command has version metadata in its YAML front-matter

This guide applies to v1.1.0+ commands. Older baseline commands (v1.0.0) use the same scheme.

Command Changelog

This document tracks version history for individual playbook commands. Commands are versioned independently from playbook releases to enable tracking command-specific evolution.

Versioning Scheme: Semantic versioning (MAJOR.MINOR.PATCH)

MAJOR: Breaking changes, removed sections, changed purpose
MINOR: New sections, new examples, enhanced guidance (non-breaking)
PATCH: Typos, clarifications, reorganization (non-breaking)

v1.1.0 (2026-02-09) - Phase 1-4 Enhancements

New Commands (Phase 1: Persona Agents)

5 Specialized Review Agents

pb-linus-agent v1.1.0 - Direct technical feedback with pragmatic security lens
- 584 lines, 18KB
- Philosophy: Challenge assumptions, surface flaws, question trade-offs
- Automatic rejection criteria: hardcoded secrets, SQL injection, XSS, command injection, buffer overflow, silent failures, race conditions
pb-alex-infra v1.1.0 - Infrastructure resilience and failure mode analysis
- 438 lines, 18KB
- Philosophy: “Everything fails - excellence = recovery speed”
- Categories: Failure modes, degradation, deployment, observability, capacity planning
pb-maya-product v1.1.0 - Product strategy and user value focus
- 1000+ lines, 15KB
- Philosophy: “Features are expenses; value determined by users”
- 6-step decision framework for feature evaluation
pb-sam-documentation v1.1.0 - Documentation clarity and knowledge transfer
- 1000+ lines, 21KB
- Philosophy: “Documentation is first-class infrastructure”
- Three-layer documentation approach (Conceptual, Procedural, Technical)
pb-jordan-testing v1.1.0 - Testing coverage quality and reliability review
- 1200+ lines, 22KB
- Philosophy: “Tests reveal gaps, not correctness”
- Categories: Test coverage, error handling, concurrency, data integrity, integration

New Commands (Phase 2: Multi-Persona Review Workflows)

pb-review-backend v1.1.0 - Backend review combining infrastructure + testing perspectives
- 16KB, multi-perspective decision tree
- Combines: Alex (Infrastructure) + Jordan (Testing)
pb-review-frontend v1.1.0 - Frontend review combining product + documentation perspectives
- 17KB, multi-perspective decision tree
- Combines: Maya (Product) + Sam (Documentation)
pb-review-infrastructure v1.1.0 - Infrastructure review combining resilience + security perspectives
- 18KB, multi-perspective decision tree
- Combines: Alex (Infrastructure) + Linus (Security)

Enhanced Commands (Phase 3: Outcome-First Workflows)

pb-start v1.1.0 - Added Outcome Clarification section
- New: 5-step outcome definition process (define outcome, success criteria, approval path, blockers, Definition of Done)
- New: Outcome documentation template (todos/work/[task-date]-outcome.md)
- Impact: Prevents scope creep and “finished but doesn’t solve the problem” problems
pb-cycle v1.1.0 - Added Step 0: Outcome Verification before self-review
- New: Step 0 verifies success criteria met before proceeding to self-review
- Enhanced: Step 3 peer review now includes outcome verification
- Impact: Validates problem is solved before reviewing code quality
pb-evolve v1.1.0 - Added evolution success criteria validation
- New: Three evolution types with specific success criteria
- New: Pre-release checklist requiring success criteria verification
- Impact: Makes evolution cycles accountable to measurable outcomes

Enhanced Commands (Phase 4: Philosophy Expansion)

pb-design-rules v1.1.0 - Added philosophy sections to 5 core design rules
- Enhanced Rule 1 (Clarity): “Clarity is an act of respect for future readers”
  - Links to /pb-sam-documentation
- Enhanced Rule 5 (Simplicity): “Scope discipline and feature-as-expense”
  - Links to /pb-maya-product
- Enhanced Rule 9 (Robustness): “Transparency as defense against cascading failures”
  - Links to /pb-alex-infra and /pb-jordan-testing
- Enhanced Rule 10 (Repair): “Fail loudly at the source, not silently downstream”
  - Links to /pb-linus-agent
- Enhanced Rule 12 (Optimization): “Measure before optimizing, clarity before speed”
  - Links to /pb-sam-documentation and /pb-alex-infra
- Impact: Design rules now explicitly teach multi-perspective thinking

v1.0.0 - Initial Baseline

All other commands at version 1.0.0 represent the initial playbook baseline.

Breaking Changes Log

v1.1.0 Breaking Changes

None. All v1.1.0 changes are additive and non-breaking.

New commands don’t affect existing commands
Enhanced commands add sections without removing existing content
Philosophy sections are supplementary

Migration Path: Existing users don’t need to change anything. New features are opt-in:

Use /pb-start with or without outcome clarification
Use new persona review agents (/pb-linus-agent, etc.) alongside existing reviews
Multi-persona reviews (/pb-review-backend, etc.) coexist with single-perspective reviews

Deprecation Timeline

Current: No commands deprecated

Planned for Future: None currently planned, but potential future deprecations:

Single-perspective review commands might eventually recommend multi-perspective alternatives
Commands might consolidate if personas merge

Deprecation Process: When a command is deprecated:

Command gets version bump to MAJOR (e.g., 1.0.0 → 2.0.0)
breaking_changes field documents deprecation
Command references alternative (See /pb-new-alternative for updated approach)
Deprecation announced 1-2 releases before removal
Command removed 2-3 releases after deprecation announcement

Future Versioning

As playbook evolves, commands will be updated and versioned:

Minor Bumps (MINOR.x.0)

New sections or enhanced guidance added
Examples updated or expanded
Cross-references added or updated
Internal reorganization for clarity (same content)

Patch Bumps (.x.PATCH)

Typo fixes
Clarifying rewrites
Grammar improvements
Date updates

Major Bumps (MAJOR.0.0)

Scope or purpose change
Sections removed or significantly modified
Replaces another command
Architectural change

Versioning Strategy: See command-versioning.md for detailed versioning guidelines
Command Index: See command-index.md for full command list

Last updated: 2026-02-09 (Phase 5)

Metadata Extraction

The Playbook automatically extracts metadata from command files to enable discovery, search, and workflow automation. This guide explains the system and how to write extraction-friendly commands.

How It Works

Extraction runs automatically during docs deployment (deploy-docs.yml).

commands/*.md → extract-playbook-metadata.py → .playbook-metadata.json

What gets extracted:

Command name, title, category
Purpose (first paragraph)
Related commands (all /pb-* references)
Workflow sequences (next steps, prerequisites)
Tier applicability (XS, S, M, L)
Content metadata (has examples, has checklist)

Validation can be run manually via validate-metadata.yml workflow (manual trigger) or locally:

python scripts/extract-playbook-metadata.py --verbose
python scripts/validate-extracted-metadata.py

Writing Extraction-Friendly Commands

Follow this structure for high-confidence metadata extraction:

# Command Title

One-line purpose that describes what this command does.

---

## When to Use

Clear guidance on when to use this command:
- Specific scenarios
- Types of work (feature, fix, refactor)
- Tiers if applicable (XS, S, M, L)

---

## Prerequisites

What must be done first:
- Related commands to run: `/pb-something`
- Setup steps

---

## Core Workflow

1. First step using `/pb-related-command`
2. Next step
3. Final step, then `/pb-next-command`

---

## Next Steps

After completing this command:
1. Run `/pb-next-command` for X
2. Use `/pb-another-command` if Y

Quick Principles

Structure First - Use consistent markdown structure
Be Explicit - State context, decisions, and workflows clearly
Reference Commands - Link related /pb-* commands throughout
Use Sections - Organize with ## headings
List Workflows - Show step-by-step processes in numbered order

Field-Specific Guidance

Title (h1)

5-80 characters
Start with action verb (Start, Build, Review, Create)
Avoid generic titles (“Help”, “Guide”)

Purpose (First Paragraph)

20-300 characters
Complete sentence explaining what command does
Place immediately after h1, before ---

When to Use Section

List specific scenarios
Include tier info if applicable
State what NOT to use it for

Workflow Section

Use numbered lists (shows sequence)
Include /pb-* references at logical points
Each step should be a complete action

Reference naturally in text: “Use /pb-cycle for review”
Every /pb-* mention is extracted as a relationship

Tier Information

Explicit: Tier: S or Tier: [S, M, L]
Or include in a table showing requirements per tier

Authoring Checklist

When writing or updating commands:

Title: Clear, 5-80 chars, starts with action verb
Purpose: First paragraph, 20-300 chars, complete sentence
When to Use: Explicit conditions, tier guidance if applicable
Prerequisites: Clear /pb-* references for required setup
Workflow: Numbered steps with /pb-* references
Related Commands: 3-10 /pb-* references naturally placed
Examples: At least one code block
Next Steps: Clear path to next command(s)
No TODOs: Remove TODO/FIXME comments before committing

Quality Expectations

Extraction targets:

All commands extracted successfully
Average confidence >= 80%
Zero critical errors (missing required fields)

Required fields (must be present):

command (from filename)
title (from h1)
category (from directory)
purpose (from first paragraph)

Optional fields (extracted when clear):

tier, related_commands, next_steps, prerequisites
frequency, decision_context
has_examples, has_checklist

Common Mistakes

Mistake	Instead
Generic titles (“Help”, “Guide”)	Action-oriented (“Create Production Release”)
Vague purpose (“Does things”)	Specific (“Automate release validation”)
Missing “When to Use”	List explicit scenarios
Orphaned references (`/pb-xyz` alone)	Context: “Use `/pb-cycle` for peer feedback”
Unordered workflows (bullets)	Numbered lists for sequences
No examples	Include concrete code blocks

Validation Workflow

The validate-metadata.yml workflow is available for manual triggering:

Extracts metadata from all commands
Validates against quality rules
Reports confidence scores and errors
Generates quality report

To run locally:

# Extract metadata
python scripts/extract-playbook-metadata.py --verbose

# Validate extracted metadata
python scripts/validate-extracted-metadata.py

# Check the output
cat .playbook-metadata.json | python -m json.tool | head -50

Scripts Reference

Script	Purpose
`extract-playbook-metadata.py`	Extract metadata from commands
`validate-extracted-metadata.py`	Validate metadata quality
`generate-quick-ref.py`	Generate quick reference from metadata

The detailed validation rules are implemented in the scripts themselves. This guide focuses on what command authors need to know.

Keyboard shortcuts

Engineering Playbook