← Skills Library
DevOps & Ops

Onboard Repo

Full repository onboarding: security scan, generate CLAUDE.md, CI workflow, and lessons.md. Establishes quality gates and documents the codebase for agent use.

How It Works

Onboard Repo · Workflow
Security first, then generate the agent context and quality gates.
TriggerNew or existing repo · /onboard-repo <path> or current directory
1
Security scanGATE
Grep secrets · scan git history for committed .env
failSecrets in history → rotate + clean before proceeding
2
Analyze the codebase
Purpose · stack · tests · deploy targets
3
Generate context + gates
CLAUDE.md (≤200 lines) · test.yml CI · lessons.md
4
Verify setupGATE
wc -l CLAUDE.md · gh workflow run test.yml green
failFix until workflow passes
Open onboarding PR · CLAUDE.md + CI + lessons.md · registered in portfolio
  1. New or existing repo: /onboard-repo <path> or current directory
  2. Security scan: Grep secrets · scan git history for committed .env
  3. Analyze the codebase: Purpose · stack · tests · deploy targets
  4. Generate context + gates: CLAUDE.md (≤200 lines) · test.yml CI · lessons.md
  5. Verify setup: wc -l CLAUDE.md · gh workflow run test.yml green
  6. Open onboarding PR: CLAUDE.md + CI + lessons.md · registered in portfolio
ↆ download card

Invocation Triggers

/onboard-reponew repoonboardsetup repobootstrap repo

Use Cases

  • Onboard a new repository with a complete agent constitution
  • Bootstrap a fresh project with CI, CLAUDE.md, and quality gates
  • Standardize an existing repo to match your conventions

The Problem

A new repo lands in your hands with no context and no guardrails. There is no CLAUDE.md, so every agent session relearns the codebase from scratch. There is no CI, so nothing stops a broken PR from merging. Nobody checked whether a .env got committed and deleted two years ago, leaving live secrets in git history. You keep meaning to set it up properly, and meanwhile every session pays the tax of a repo that documents nothing and enforces nothing.

What It Does

  1. 1
    Security-scan before anything else

    Greps the tree for passwords, secrets, API keys, and tokens, then runs git log --all --full-history on .env files. If secrets are found in history, onboarding stops until they are rotated and history is cleaned.

  2. 2
    Analyze the codebase

    Reads the README and entry point to learn what the repo does, identifies the stack from package.json or requirements.txt or go.mod, and assesses the existing test situation and deploy targets.

  3. 3
    Generate CLAUDE.md

    Writes a CLAUDE.md under 200 lines: what it is, the stack, the branch policy, critical invariants, a tiered key-files list, commands, env vars, and the quality gate. Complexity goes into tier-2 files, never into bloat.

  4. 4
    Generate the CI workflow

    Creates .github/workflows/test.yml adapted to the real stack — checkout, runtime setup with caching, install, run tests, and a coverage check. The coverage step ships even at a 0% threshold so the gate exists from day one.

  5. 5
    Create lessons.md and establish the gate

    Writes a lessons.md with the Mistake to Root Cause to Rule template, registers the repo, and sets the quality gate: coverage floor, test framework, and the PR requirements.

  6. 6
    Verify, then open the PR

    Confirms CLAUDE.md is under 200 lines, runs the workflow with gh workflow run and watches it go green, runs the tests, then opens the onboarding PR.

What You Get / What It Doesn't Do

What you get
  • A clean git-history secrets scan, or a hard stop if it is not clean
  • A CLAUDE.md under 200 lines with a tiered key-files list
  • A .github/workflows/test.yml verified green on a real run
  • A lessons.md seeded with the correction-logging template
  • An open onboarding PR with the quality gate established
What it doesn't do
  • Rotate leaked secrets or clean git history for you — it stops and flags
  • Write your test suite — it sets up the gate, you fill it
  • Merge the onboarding PR — you review before it lands
  • Invent invariants — it documents what the code and README actually show

Tips

Let the secrets scan stop you

If git history holds a deleted .env, do not push past it. The working tree is not the risk surface — committed-then-deleted secrets are still live and must be rotated before anything else proceeds.

Ship CI with a 0% floor

An untested repo still gets the coverage step, just at zero. A workflow without the gate is infrastructure that never enforces anything. Raise the floor as tests arrive.

Actually run the workflow

Tests passing locally proves nothing about CI. Local and CI diverge on dependency versions, env vars, and OS constantly. gh workflow run and a green result is the only evidence that counts.

Get the Skill

Elite SkillELITE

Unlock the full Onboard Repo SKILL.md — drop it into ~/.claude/skills/ and trigger it by name.

What you unlock
  • A clean git-history secrets scan, or a hard stop if it is not clean
  • A CLAUDE.md under 200 lines with a tiered key-files list
  • A .github/workflows/test.yml verified green on a real run
  • A lessons.md seeded with the correction-logging template
...
Skills Library

29 more production skills ready to install.

Browse All Skills