[ PACK LIBRARY / PACK 03 ]

Software Development

Architecture to shipped code, reviewed and tested.

45 PLAYBOOKS — 3 OPEN AS FREE SAMPLES

The sample playbooks below are open in full. Unlock the pack once and every playbook here becomes readable, updates included.

← YOUR PACKS

BLUEPRINTS/ 6

  • BLUEPRINTLOCKED

    Scaffold, auth, bill, and deploy a SaaS in coordinated waves

    Theo, Idris, Root, Jason, Jerry, and Torque take a product from empty repo to a running, authenticated, billed, deployed, tested, and security-reviewed skeleton, with auth handed to a named specialist and a review step, since auth and billing are exactly where scaffolding agents make the costliest mistakes.

  • BLUEPRINTLOCKED

    Stand up a self-iterating build loop with a real verification gate

    Root, Satchmo, Jason, and Kayle wire an unattended build-verify-ship loop scoped to a real blast radius, with a stop condition and cost tracking so it keeps shipping verified work within a budget. Directly answers the 2026 finding that teams wiring up agent loops without a verification gate are the ones that spend without shipping.

  • BLUEPRINTLOCKED

    Rescue a legacy codebase: audit, refactor plan, staged migration

    Kayle, Jerry, Jason, and Root build a real map of a brownfield repo with systematic debugging and differential review, then produce a prioritized, staged detangling plan that sequences the risky changes behind the safe ones.

  • BLUEPRINTLOCKED

    Launch web and native builds sharing one backend and test suite

    Theo, Kira, Idris, and Jason build synchronized Next.js and React Native surfaces against one backend and one Playwright suite, so the two clients never drift into separate codebases.

  • BLUEPRINTLOCKED

    Launch a product that is a web app and an MCP server on day one

    Orbit, Theo, Root, and Jason ship a product usable both as a normal web app and as a tool inside Claude Desktop, ChatGPT, Cursor, and VS Code from day one, published and CI-gated so the MCP surface ships and stays tested alongside the web app.

  • BLUEPRINTLOCKED

    Bootstrap a multi-agent dev org: coordinator, worker lanes, advisor gate

    Satchmo, Kayle, Root, and Zack set up a main-seat/worker-lane split with a second-opinion advisor gate, so cheaper and specialized executors each run under an explicit spec while the main seat keeps planning, review, verification, and git.

FEATURES/ 12

  • FEATURELOCKED

    Add passkey + Bitcoin wallet auth to an existing Next.js app

    Theo and Jerry add modern auth without hand-rolling session or token handling, security-reviewed before merge. Siggy's Sigma Identity patterns give wallet-native sign-in alongside passkeys.

  • FEATURELOCKED

    Add 2FA / passkey step-up to existing auth

    Jerry and Theo close an account-takeover gap with tested step-up auth and a device-authorization flow for CLI and desktop, security-reviewed before it ships so the new factor doesn't open a fresh hole of its own.

  • FEATURELOCKED

    Expose an existing app's core actions as an MCP server

    Orbit makes the product callable by any MCP host — Claude Desktop, ChatGPT, Cursor, VS Code — without a second integration effort, with the tool contract designed to be safe and discoverable.

  • FEATURELOCKED

    Add an AI-rendered dashboard or form surface, safely

    Theo and Orbit build a generative-UI surface that renders from model output via json-render without raw HTML injection, so users get dashboards and forms that recompose around whatever data the model returns.

  • FEATURELOCKED

    Add an e2e suite and a merge-blocking coverage gate

    Jason and Root add Playwright end-to-end coverage and wire it as a CI gate that blocks merges, replacing we-will-add-tests-later with an enforced bar.

  • FEATURELOCKED

    Migrate a feature to Next.js 16 async APIs without breaking it

    Theo runs a codemod-driven migration to Turbopack and async APIs, with a react-doctor pass to catch re-render and hook regressions, so a feature keeps working across the platform major.

  • FEATURELOCKED

    Add Stripe billing and signature-verified webhooks to an app

    Theo builds subscription billing with idempotent, signature-verified webhook handling, Jason covers the event matrix with test cards, and Jerry security-reviews it, so retries and out-of-order events resolve to exactly one fulfillment.

  • FEATURELOCKED

    Add realtime sync: live updates, presence, collaborative state

    Idris and Theo add live-updating UI with presence and shared state on Convex, without hand-rolling WebSocket plumbing.

  • FEATURELOCKED

    Add a validated, optimized file upload and storage pipeline

    Idris, Theo, and Torque add size-limited, validated file handling on Convex storage with images optimized on the way in, so uploads stay bounded and every stored image is already compressed for delivery.

  • FEATURELOCKED

    Add a monitored background job / cron pipeline

    Idris and Root add scheduled, monitored work with real observability on Convex cron, replacing fire-and-forget setTimeout calls that silently fail.

  • FEATURELOCKED

    Add cost/token tracking and budget guardrails to an agentic feature

    Satchmo and Root instrument an agent workflow with per-request cost tracking and a budget ceiling, so monthly bills stop swinging 2-3x quarter over quarter. Cost volatility is the top 2026 pain point for teams running agentic workflows.

  • FEATURELOCKED

    Wire up repo guardrails with Claude Code hooks

    Zack and Root add enforced pre-commit checks — lint, secret scans, format, type-check — that run automatically on every commit, so the repo's rules hold even when someone's rushing a fix under deadline.

TASKS/ 16

  • TASKLOCKED

    Run a dependency + secrets audit before a release

    Paul produces a go/no-go release gate with known CVEs and leaked secrets caught before ship, so a release doesn't carry a supply-chain or credential-exposure surprise into production.

  • TASKFREE SAMPLE

    Run a full performance audit: Lighthouse, bundle, images

    Torque returns a scored, prioritized fix list covering blocking scripts, oversized bundles, unoptimized images, and render-blocking CSS, ranked so you can act on the biggest wins the same day.

  • TASKLOCKED

    Security-scan a single PR before merge

    Jerry runs a severity-rated Semgrep and CodeQL scan of one diff, catching injection, auth, and data-flow issues before they merge. Routing pattern-detectable issues to an agent reserves human attention for the critical logic.

  • TASKLOCKED

    Differential review of a risky diff before merge

    Kayle runs a structured before/after risk read on a change too big to eyeball, so the review doesn't degrade into generic feedback the way a single big prompt does past 200 lines.

  • TASKLOCKED

    Run a three-phase adversarial bug hunt

    Jerry, Kayle, and Jason run a Hunter-Skeptic-Referee pass that produces high-fidelity bug reports without single-model sycophancy — the multi-agent review pattern that outperforms one-prompt review on anything non-trivial.

  • TASKLOCKED

    Backfill unit and integration coverage for an untested module

    Jason puts a safety net around code nobody dares touch, using property-based testing to cover the happy path, the edge cases, the error conditions, and the invariants that must always hold, so the module can finally be refactored safely.

  • TASKLOCKED

    Run a free-roam exploratory bug-discovery session on staging

    Jason explores staging like a real user and surfaces the bugs a scripted suite never thinks to try, returning a reproducible list before those defects reach production.

  • TASKLOCKED

    Verify CI is green before proceeding

    Root turns CI status into a blocking gate that holds every downstream step until the pipeline is green, so nothing builds on a broken commit.

  • TASKLOCKED

    Publish an npm package: version bump, changelog, release

    Root and Orbit run a clean, reproducible release with the version bumped, changelog written, and tag pushed in one pass, so the published package matches exactly what's in the repo.

  • TASKLOCKED

    Publish an MCP server that installs cleanly for other teams

    Orbit runs the MCP publish checklist — npx compatibility, package.json fields, discovery metadata, install docs — so the server installs cleanly on a teammate's machine the first time they run it.

  • TASKLOCKED

    Build a codebase context map before a big audit

    Kayle produces a map of the codebase — module boundaries, data flow, entry points, external dependencies — so the next audit or refactor starts from a shared reference every reviewer can read.

  • TASKLOCKED

    Cut page weight with an image and bundle optimization pass

    Torque compresses images and trims the largest bundle contributors, cutting page weight and JavaScript payload without a redesign or any change to how the product behaves.

  • TASKLOCKED

    Wire Claude Code hooks for a repo's guardrails

    Zack and Root configure repo hooks so lint, secret, and format checks run automatically on every change, turning a convention nobody follows into an enforced guardrail.

  • TASKLOCKED

    Map the attack surface of a new service before a pentest

    Paul enumerates every externally reachable input for a service before a pentest, so the review starts from a complete surface map with each endpoint, header, parameter, and upload path accounted for.

  • TASKLOCKED

    Scaffold a correctly structured internal Claude Code plugin

    Zack scaffolds a plugin with the directory layout that auto-discovery expects for skills, agents, hooks, and commands, so every component registers the first time the plugin loads.

  • TASKLOCKED

    Organize technical-control evidence for a SOC 2 audit

    Paul assembles and structures the technical-control evidence an auditor will ask for, so the audit opens with an organized evidence set mapped to each control in scope.

CHAINS/ 6

FOUNDATIONS/ 5