backspace-shmackspace

Execute an approved plan using unattended implementation and validation with worktree isolation.

Synchronize CLAUDE.md and README with recent code changes.

Research and create a technical blueprint for a new feature.

Apply targeted fixes for specific findings from code reviews, security reviews, QA reports, or audit scans.

Pre-commit secrets detection with pattern-based scanning for API keys, tokens, passwords, private keys, and connection strings. Self-contained — no external tools required.

Use when planning security-sensitive features — authentication, authorization, data handling, API design, cryptography, or network configuration — requires explicit threat modeling before implementation decisions are made

Search, retrieve, and summarize past journal entries. Use when the user says "what did I", "recall", "look up", "find in journal", "journal search", "last week", "weekly review", "what happened on", "summarize my week", "what have I been working on", "review my journal", or asks about past work, decisions, meetings, or notes.

Write entries to the Obsidian work journal. Creates daily logs, meeting notes, project updates, learnings, and decision records. Use when the user says "journal", "log", "daily entry", "meeting notes", "learning", "decision", "ADR", "capture this", "write down", "record this", or wants to document work for future reference.

Deep security and performance scan with structured reporting.

Validate codebase against code-level compliance signals for regulatory frameworks (FedRAMP, FIPS, OWASP, SOC 2). Scoped to source code analysis only — not a compliance certification.

Use when receiving code review feedback, before implementing suggestions, especially if feedback seems unclear or technically questionable - requires technical rigor and verification, not performative agreement or blind implementation

Mine review artifacts for recurring patterns and write project learnings.

Deep semantic security review of code changes with data flow tracing, taint analysis, and trust boundary validation. Composable building block invoked by /audit when deployed.

Periodic journal review — scans daily entries to surface unlogged decisions, unlogged learnings, untracked action items, and recurring themes. Use when the user says "journal audit", "review my entries for promotion", "extract decisions", "unlogged items", "what should I formalize", "untracked items", or wants to promote daily notes into formal entries. NOT for weekly summaries — use /journal-reca

Supply chain security audit — coordinates real CLI vulnerability scanners (npm audit, pip-audit, govulncheck, cargo audit, etc.) and synthesizes findings with license compliance and risk assessment.

Use when about to claim work is complete, before committing or creating PRs - requires fresh verification evidence before any completion claim. Triggers on phrases like "done", "finished", "ready to commit", "all tests pass", "looks good", "should work", "I think that's it".