[ PACK 03 / TRAINING DEPARTMENT ]

Software Development

Architecture to shipped code, reviewed and tested.

TRAINS THEO / KIRA / IDRIS / JASON / ROOT / TORQUE / JERRY / KAYLE / PAUL / ORBIT / SATCHMO / ZACK
$149ONCE, YOURS FOREVER

← ALL PACKS

[ EVERYTHING INSIDE ]

45 playbooks.
No filler, no mystery box.

45 PLAYBOOKS — 6 BLUEPRINTS · 12 FEATURES · 16 TASKS · 6 CHAINS · 5 FOUNDATIONS

BLUEPRINTAn entire product rollout — coordinated agent waves from scaffold to ship.
FEATUREOne complex feature shipped into an existing product, exact toolkit path included.
TASKA bounded single-session job — one agent, one sitting, done.
CHAINA multi-agent workflow sequence with named-agent handoffs.
FOUNDATIONFill-in-the-blank onboarding docs that train the staff on your business.

BLUEPRINTS/ 6

  • BLUEPRINT

    Scaffold, auth, bill, and deploy a SaaS in coordinated waves

    Theo, Idris, Root, Jason, Jerry, and Torque take a product from empty repo to a running, authenticated, billed, deployed, tested, and security-reviewed skeleton, with auth handed to a named specialist and a review step, since auth and billing are exactly where scaffolding agents make the costliest mistakes.

    STAFF THEO / IDRIS / ROOT / JASON / JERRY / TORQUE
    bopen-tools:create-next-projectbopen-tools:software-factorybopen-tools:wave-coordinatorsigma-auth:setup-nextjsbopen-tools:devops-scriptsbopen-tools:wait-for-cibopen-tools:perf-audit
    REQUIRES INSTALLING: bopen-tools · sigma-auth
  • BLUEPRINT

    Stand up a self-iterating build loop with a real verification gate

    Root, Satchmo, Jason, and Kayle wire an unattended build-verify-ship loop scoped to a real blast radius, with a stop condition and cost tracking so it keeps shipping verified work within a budget. Directly answers the 2026 finding that teams wiring up agent loops without a verification gate are the ones that spend without shipping.

    STAFF ROOT / SATCHMO / JASON / KAYLE
    bopen-tools:software-factorybopen-tools:wave-coordinatorbopen-tools:coordinatorbopen-tools:free-roam-testingbopen-tools:cost-tracking
    REQUIRES INSTALLING: bopen-tools
  • BLUEPRINT

    Rescue a legacy codebase: audit, refactor plan, staged migration

    Kayle, Jerry, Jason, and Root build a real map of a brownfield repo with systematic debugging and differential review, then produce a prioritized, staged detangling plan that sequences the risky changes behind the safe ones.

    STAFF KAYLE / JERRY / JASON / ROOT
    audit-context-building:audit-context-buildingdifferential-review:differential-reviewbopen-tools:hunter-skeptic-refereesuperpowers:systematic-debuggingbopen-tools:wait-for-ci
    REQUIRES INSTALLING: audit-context-building* · differential-review* · bopen-tools · superpowers*
  • BLUEPRINT

    Launch web and native builds sharing one backend and test suite

    Theo, Kira, Idris, and Jason build synchronized Next.js and React Native surfaces against one backend and one Playwright suite, so the two clients never drift into separate codebases.

    STAFF THEO / KIRA / IDRIS / JASON
    bopen-tools:create-next-projectvercel-react-native-skillsbopen-tools:generative-uiwebapp-testing
    REQUIRES INSTALLING: bopen-tools · vercel-react-native-skills* · webapp-testing*
  • BLUEPRINT

    Launch a product that is a web app and an MCP server on day one

    Orbit, Theo, Root, and Jason ship a product usable both as a normal web app and as a tool inside Claude Desktop, ChatGPT, Cursor, and VS Code from day one, published and CI-gated so the MCP surface ships and stays tested alongside the web app.

    STAFF ORBIT / THEO / ROOT / JASON
    plugin-dev:mcp-integrationbopen-tools:mcp-appsbopen-tools:create-mcp-appbopen-tools:npm-publishbopen-tools:wait-for-ci
    REQUIRES INSTALLING: plugin-dev* · bopen-tools
  • BLUEPRINT

    Bootstrap a multi-agent dev org: coordinator, worker lanes, advisor gate

    Satchmo, Kayle, Root, and Zack set up a main-seat/worker-lane split with a second-opinion advisor gate, so cheaper and specialized executors each run under an explicit spec while the main seat keeps planning, review, verification, and git.

    STAFF SATCHMO / KAYLE / ROOT / ZACK
    bopen-tools:coordinatorbopen-tools:wave-coordinatorbopen-tools:advisorplugin-dev:agent-development
    REQUIRES INSTALLING: bopen-tools · plugin-dev*

FEATURES/ 12

  • FEATURE

    Add passkey + Bitcoin wallet auth to an existing Next.js app

    Theo and Jerry add modern auth without hand-rolling session or token handling, security-reviewed before merge. Siggy's Sigma Identity patterns give wallet-native sign-in alongside passkeys.

    STAFF THEO / JERRY / SIGGY
    sigma-auth:setup-nextjsbetter-auth-security-best-practicestwo-factor-authentication-best-practices
    REQUIRES INSTALLING: sigma-auth · better-auth-security-best-practices* · two-factor-authentication-best-practices*
  • FEATURE

    Add 2FA / passkey step-up to existing auth

    Jerry and Theo close an account-takeover gap with tested step-up auth and a device-authorization flow for CLI and desktop, security-reviewed before it ships so the new factor doesn't open a fresh hole of its own.

    STAFF JERRY / THEO / SIGGY
    two-factor-authentication-best-practicesemail-and-password-best-practicessigma-auth:device-authorization
    REQUIRES INSTALLING: two-factor-authentication-best-practices* · email-and-password-best-practices* · sigma-auth
  • FEATURE

    Expose an existing app's core actions as an MCP server

    Orbit makes the product callable by any MCP host — Claude Desktop, ChatGPT, Cursor, VS Code — without a second integration effort, with the tool contract designed to be safe and discoverable.

    STAFF ORBIT
    plugin-dev:mcp-integrationbopen-tools:mcp-apps
    REQUIRES INSTALLING: plugin-dev* · bopen-tools
  • FEATURE

    Add an AI-rendered dashboard or form surface, safely

    Theo and Orbit build a generative-UI surface that renders from model output via json-render without raw HTML injection, so users get dashboards and forms that recompose around whatever data the model returns.

    STAFF THEO / ORBIT
    bopen-tools:generative-uibopen-tools:json-render-corebopen-tools:json-render-react
    REQUIRES INSTALLING: bopen-tools
  • FEATURE

    Add an e2e suite and a merge-blocking coverage gate

    Jason and Root add Playwright end-to-end coverage and wire it as a CI gate that blocks merges, replacing we-will-add-tests-later with an enforced bar.

    STAFF JASON / ROOT
    webapp-testingbopen-tools:wait-for-ci
    REQUIRES INSTALLING: webapp-testing* · bopen-tools
  • FEATURE

    Migrate a feature to Next.js 16 async APIs without breaking it

    Theo runs a codemod-driven migration to Turbopack and async APIs, with a react-doctor pass to catch re-render and hook regressions, so a feature keeps working across the platform major.

    STAFF THEO
    bopen-tools:nextjs-upgradereact-doctor
    REQUIRES INSTALLING: bopen-tools · react-doctor*
  • FEATURE

    Add Stripe billing and signature-verified webhooks to an app

    Theo builds subscription billing with idempotent, signature-verified webhook handling, Jason covers the event matrix with test cards, and Jerry security-reviews it, so retries and out-of-order events resolve to exactly one fulfillment.

    STAFF THEO / JASON / JERRY
    stripe:stripe-best-practicesstripe:test-cardsstatic-analysis:semgrep
    REQUIRES INSTALLING: stripe* · static-analysis*
  • FEATURE

    Add realtime sync: live updates, presence, collaborative state

    Idris and Theo add live-updating UI with presence and shared state on Convex, without hand-rolling WebSocket plumbing.

    STAFF IDRIS / THEO
    convex-realtimeconvex-functions
    REQUIRES INSTALLING: convex-realtime* · convex-functions*
  • FEATURE

    Add a validated, optimized file upload and storage pipeline

    Idris, Theo, and Torque add size-limited, validated file handling on Convex storage with images optimized on the way in, so uploads stay bounded and every stored image is already compressed for delivery.

    STAFF IDRIS / THEO / TORQUE
    convex-file-storagegemskills:optimize-images
    REQUIRES INSTALLING: convex-file-storage* · gemskills
  • FEATURE

    Add a monitored background job / cron pipeline

    Idris and Root add scheduled, monitored work with real observability on Convex cron, replacing fire-and-forget setTimeout calls that silently fail.

    STAFF IDRIS / ROOT
    convex-cron-jobsbopen-tools:devops-scripts
    REQUIRES INSTALLING: convex-cron-jobs* · bopen-tools
  • FEATURE

    Add cost/token tracking and budget guardrails to an agentic feature

    Satchmo and Root instrument an agent workflow with per-request cost tracking and a budget ceiling, so monthly bills stop swinging 2-3x quarter over quarter. Cost volatility is the top 2026 pain point for teams running agentic workflows.

    STAFF SATCHMO / ROOT
    bopen-tools:cost-tracking
    REQUIRES INSTALLING: bopen-tools
  • FEATURE

    Wire up repo guardrails with Claude Code hooks

    Zack and Root add enforced pre-commit checks — lint, secret scans, format, type-check — that run automatically on every commit, so the repo's rules hold even when someone's rushing a fix under deadline.

    STAFF ZACK / ROOT
    plugin-dev:hook-developmentbopen-tools:hook-manager
    REQUIRES INSTALLING: plugin-dev* · bopen-tools

TASKS/ 16

  • TASK

    Run a dependency + secrets audit before a release

    Paul produces a go/no-go release gate with known CVEs and leaked secrets caught before ship, so a release doesn't carry a supply-chain or credential-exposure surprise into production.

    STAFF PAUL
    static-analysis:semgrepstatic-analysis:codeqlbopen-tools:code-audit-scripts
    REQUIRES INSTALLING: static-analysis* · bopen-tools
  • TASKFREE SAMPLE

    Run a full performance audit: Lighthouse, bundle, images

    Torque returns a scored, prioritized fix list covering blocking scripts, oversized bundles, unoptimized images, and render-blocking CSS, ranked so you can act on the biggest wins the same day.

    STAFF TORQUE
    bopen-tools:perf-auditbopen-tools:frontend-performance
    REQUIRES INSTALLING: bopen-tools
    READ THE FULL PLAYBOOK FREE →
  • TASK

    Security-scan a single PR before merge

    Jerry runs a severity-rated Semgrep and CodeQL scan of one diff, catching injection, auth, and data-flow issues before they merge. Routing pattern-detectable issues to an agent reserves human attention for the critical logic.

    STAFF JERRY
    static-analysis:semgrepstatic-analysis:codeqlstatic-analysis:sarif-parsing
    REQUIRES INSTALLING: static-analysis*
  • TASK

    Differential review of a risky diff before merge

    Kayle runs a structured before/after risk read on a change too big to eyeball, so the review doesn't degrade into generic feedback the way a single big prompt does past 200 lines.

    STAFF KAYLE
    differential-review:differential-review
    REQUIRES INSTALLING: differential-review*
  • TASK

    Run a three-phase adversarial bug hunt

    Jerry, Kayle, and Jason run a Hunter-Skeptic-Referee pass that produces high-fidelity bug reports without single-model sycophancy — the multi-agent review pattern that outperforms one-prompt review on anything non-trivial.

    STAFF JERRY / KAYLE / JASON
    bopen-tools:hunter-skeptic-referee
    REQUIRES INSTALLING: bopen-tools
  • TASK

    Backfill unit and integration coverage for an untested module

    Jason puts a safety net around code nobody dares touch, using property-based testing to cover the happy path, the edge cases, the error conditions, and the invariants that must always hold, so the module can finally be refactored safely.

    STAFF JASON
    webapp-testingproperty-based-testing
    REQUIRES INSTALLING: webapp-testing* · property-based-testing*
  • TASK

    Run a free-roam exploratory bug-discovery session on staging

    Jason explores staging like a real user and surfaces the bugs a scripted suite never thinks to try, returning a reproducible list before those defects reach production.

    STAFF JASON
    bopen-tools:free-roam-testing
    REQUIRES INSTALLING: bopen-tools
  • TASK

    Verify CI is green before proceeding

    Root turns CI status into a blocking gate that holds every downstream step until the pipeline is green, so nothing builds on a broken commit.

    STAFF ROOT
    bopen-tools:wait-for-ci
    REQUIRES INSTALLING: bopen-tools
  • TASK

    Publish an npm package: version bump, changelog, release

    Root and Orbit run a clean, reproducible release with the version bumped, changelog written, and tag pushed in one pass, so the published package matches exactly what's in the repo.

    STAFF ROOT / ORBIT
    bopen-tools:npm-publishbopen-tools:check-version
    REQUIRES INSTALLING: bopen-tools
  • TASK

    Publish an MCP server that installs cleanly for other teams

    Orbit runs the MCP publish checklist — npx compatibility, package.json fields, discovery metadata, install docs — so the server installs cleanly on a teammate's machine the first time they run it.

    STAFF ORBIT
    plugin-dev:mcp-integrationbopen-tools:npm-publish
    REQUIRES INSTALLING: plugin-dev* · bopen-tools
  • TASK

    Build a codebase context map before a big audit

    Kayle produces a map of the codebase — module boundaries, data flow, entry points, external dependencies — so the next audit or refactor starts from a shared reference every reviewer can read.

    STAFF KAYLE
    audit-context-building:audit-context-building
    REQUIRES INSTALLING: audit-context-building*
  • TASK

    Cut page weight with an image and bundle optimization pass

    Torque compresses images and trims the largest bundle contributors, cutting page weight and JavaScript payload without a redesign or any change to how the product behaves.

    STAFF TORQUE
    gemskills:optimize-imagesbopen-tools:perf-audit
    REQUIRES INSTALLING: gemskills · bopen-tools
  • TASK

    Wire Claude Code hooks for a repo's guardrails

    Zack and Root configure repo hooks so lint, secret, and format checks run automatically on every change, turning a convention nobody follows into an enforced guardrail.

    STAFF ZACK / ROOT
    plugin-dev:hook-developmentbopen-tools:hook-manager
    REQUIRES INSTALLING: plugin-dev* · bopen-tools
  • TASK

    Map the attack surface of a new service before a pentest

    Paul enumerates every externally reachable input for a service before a pentest, so the review starts from a complete surface map with each endpoint, header, parameter, and upload path accounted for.

    STAFF PAUL
    entry-point-analyzer:entry-point-analyzer
    REQUIRES INSTALLING: entry-point-analyzer*
  • TASK

    Scaffold a correctly structured internal Claude Code plugin

    Zack scaffolds a plugin with the directory layout that auto-discovery expects for skills, agents, hooks, and commands, so every component registers the first time the plugin loads.

    STAFF ZACK
    plugin-dev:plugin-structureplugin-dev:skill-developmentplugin-dev:agent-development
    REQUIRES INSTALLING: plugin-dev*
  • TASK

    Organize technical-control evidence for a SOC 2 audit

    Paul assembles and structures the technical-control evidence an auditor will ask for, so the audit opens with an organized evidence set mapped to each control in scope.

    STAFF PAUL
    product-skills:soc2-evidence-collection
    REQUIRES INSTALLING: product-skills

CHAINS/ 6

  • CHAINFREE SAMPLE

    Delivery chain: architecture plan to build to test to security audit

    Kayle plans the architecture, Theo builds, Jason tests, and Jerry security-audits — one feature carried end to end through four named specialists with a clean handoff at each stage, the maker-checker pattern that outperforms one big review prompt. The canonical Kayle-to-Theo-to-Jason-to-Jerry chain.

    STAFF KAYLE / THEO / JASON / JERRY
    static-analysis:semgrepstatic-analysis:codeqlwebapp-testingbopen-tools:wait-for-ci
    REQUIRES INSTALLING: static-analysis* · webapp-testing* · bopen-tools
    READ THE FULL PLAYBOOK FREE →
  • CHAIN

    Ship-a-feature-safely chain: build to perf audit to test to deploy

    Theo builds, Torque runs a perf audit, Jason tests, and Root deploys, with each handoff blocking the next, so a feature is measured for speed and covered by tests before it ever reaches a user.

    STAFF THEO / TORQUE / JASON / ROOT
    bopen-tools:create-next-projectbopen-tools:perf-auditwebapp-testingbopen-tools:wait-for-ci
    REQUIRES INSTALLING: bopen-tools · webapp-testing*
  • CHAIN

    Security incident response chain: sweep to audit to risk call to patch

    Paul sweeps for exposure, Jerry audits the affected code, Kayle makes the risk call, and Root ships the patch, so an incident moves through one ordered path with a single owner at each step.

    STAFF PAUL / JERRY / KAYLE / ROOT
    bopen-tools:code-audit-scriptsstatic-analysis:semgrepstatic-analysis:codeqlaudit-context-building:audit-context-building
    REQUIRES INSTALLING: bopen-tools · static-analysis* · audit-context-building*
  • CHAIN

    Platform upgrade chain: impact assessment to codemod to regression to verify

    Kayle assesses impact, Theo runs the codemod, Jason regression-tests, and Root verifies CI — so a major-version upgrade lands without a surprise outage.

    STAFF KAYLE / THEO / JASON / ROOT
    audit-context-building:audit-context-buildingbopen-tools:nextjs-upgradewebapp-testingbopen-tools:wait-for-ci
    REQUIRES INSTALLING: audit-context-building* · bopen-tools · webapp-testing*
  • CHAIN

    MCP productization chain: build to package to test contract to publish

    Orbit builds the MCP server, Zack shapes the command surface, Jason tests the tool contract, and Root publishes — turning an internal tool into an installable, tested, published MCP server.

    STAFF ORBIT / ZACK / JASON / ROOT
    plugin-dev:mcp-integrationplugin-dev:command-developmentwebapp-testingbopen-tools:npm-publish
    REQUIRES INSTALLING: plugin-dev* · webapp-testing* · bopen-tools
  • CHAIN

    Agent system bootstrap chain: design to author to review to benchmark

    Satchmo architects the agent, Zack authors it, Kayle reviews, and Jason benchmarks — so a new agent is designed, built, reviewed, and measured before it's trusted with real work.

    STAFF SATCHMO / ZACK / KAYLE / JASON
    plugin-dev:agent-developmentplugin-dev:skill-developmentbopen-tools:benchmark-skills
    REQUIRES INSTALLING: plugin-dev* · bopen-tools

FOUNDATIONS/ 5

  • FOUNDATIONFREE SAMPLE

    Tech-stack manifest: languages, frameworks, infra, and who owns what

    A machine-readable manifest of the buyer's real stack so every other playbook in this pack starts from documented facts about the languages, frameworks, infra, and ownership in play — the AGENTS.md-style onboarding doc that agent-compatible codebases now depend on.

    STAFF THEO / KIRA / IDRIS / JASON / ROOT / TORQUE / JERRY / KAYLE / PAUL / ORBIT / SATCHMO / ZACK
    bopen-tools:runtime-context
    REQUIRES INSTALLING: bopen-tools
    READ THE FULL PLAYBOOK FREE →
  • FOUNDATION

    CI/CD baseline doc: provider, required checks, deploy targets, secrets policy

    Root documents the pipeline provider, required checks, deploy targets, and secrets policy, so deploy and CI playbooks plug into the buyer's actual pipeline on their first run.

    STAFF ROOT
    bopen-tools:wait-for-cibopen-tools:devops-scripts
    REQUIRES INSTALLING: bopen-tools
  • FOUNDATION

    Coding conventions and review-bar doc: lint rules, commit style, merge blockers

    A fill-in-the-blank doc capturing lint rules, commit style, PR size limits, and merge blockers, so review and test playbooks enforce the buyer's actual bar on every change they touch.

    STAFF JERRY / JASON / KAYLE
    bopen-tools:code-audit-scripts
    REQUIRES INSTALLING: bopen-tools
  • FOUNDATION

    Security and compliance profile: sensitive-data map, controls, sign-off owner

    Paul maps the sensitive data, applicable controls, sign-off owner, and residual risk via a gap analysis, so security tasks scope to what actually matters for this buyer's risk profile.

    STAFF PAUL
    product-skills:soc2-gap-analysis
    REQUIRES INSTALLING: product-skills
  • FOUNDATION

    Agent operating charter: installed staff, model tier, escalation path

    Satchmo and Root document which staff are installed, their budget and model tier, and the escalation path, so blueprint and chain playbooks know which agents exist in this org and when to escalate to a human.

    STAFF SATCHMO / ROOT
    bopen-tools:cost-trackingbopen-tools:coordinator
    REQUIRES INSTALLING: bopen-tools

* THIRD-PARTY PLUGIN FROM AN EXTERNAL MARKETPLACE — INVOKED HONESTLY AS AN INSTALL, NOT SOLD AS OURS. HOVER ANY PLUGIN NAME FOR ITS INSTALL COMMAND.

Train the software development desk.

$149 ONCE. YOURS FOREVER, UPDATES INCLUDED. 3 SAMPLES FREE.

← BACK TO ALL PACKS