Spec-driven engineering for Claude Code — enforced, and audited
Project description
Wrought
AI Engineering Skills Toolkit by FluxForge AI
Wrought gives your AI coding assistant a structured engineering process. Instead of ad-hoc debugging and scattered notes, every incident, investigation, finding, and design decision follows a repeatable workflow — and produces documentation that builds your project's institutional memory over time.
Think of it as an engineering runbook that your AI assistant actually follows.
Table of Contents
- Quick Start
- How Wrought Thinks
- Complete Skills Reference
- Real-World Scenarios
- The Findings Tracker
- Environment Profiling
- Session Management
- Autonomous Implementation Loop
- Workflow Enforcement
- Artifact Index
- CLI Reference
- Under the Hood
- Project Conventions
- License
Quick Start
Spec-driven / agentic engineering for Claude Code — with enforcement + audit. Most frameworks tell your agent the process; WROUGHT™ makes it follow the pipeline (PreToolUse / Stop hooks) and proves it followed (cross-session Findings Trackers).
Install — Claude Code plugin (recommended, no Python)
In Claude Code:
/plugin marketplace add fluxforgeai/wrought-plugin
/plugin install wrought@wrought-plugin
That installs the full WROUGHT™ pipeline — skills, commands, hooks, agents — into your project.
Prerequisites
- Python 3.10 or later
- uv package manager
- An AI coding assistant that supports skills/commands (Claude Code, Cursor, Cline)
Installation
# Install the CLI from PyPI
uv tool install wrought # or: pipx install wrought
Initialize in Any Project
cd ~/your-project
wrought init
This runs a 5-step setup:
Wrought v1.0.0 — Initializing...
[1/5] Copying skills and commands
Copied .claude/skills/
Copied .claude/commands/
[2/5] Scaffolding docs structure
Created docs/ (14 directories)
[3/5] Project context
Created CLAUDE.md (auto-detected: project=my-app, user=Johan, tz=SAST)
[4/5] Version control
Detected: Git repository with GitHub remote (myorg/my-app)
Created .gitignore with Wrought entries
[5/5] Wrought marker
Written .wrought (17 fields)
Wrought initialized in /Users/you/my-app
Next: Open Claude Code and run /session-start
Use -n for non-interactive mode (skips VCS prompts, ideal for scripting):
wrought init -n
Verify It Works
wrought status
You should see your version, install path, installation status, and safeguard profile. Then try one of these in your AI assistant:
/analyze health # Get a health assessment of your codebase
/incident API returning 500s # Document an incident when something breaks
/safeguard detect # Profile your deployment environment
Installing in Multiple Projects
Wrought copies skills into each project, so one installation serves every project:
cd ~/Projects/project-a && wrought init -n
cd ~/Projects/project-b && wrought init -n
cd ~/Projects/project-c && wrought init -n
All three projects share the same skills. Update once, apply everywhere.
How Wrought Thinks
"Good intentions don't work. Mechanisms do." — long an Amazon operating doctrine, and the cleanest one-line summary of why Wrought exists. Most frameworks suggest a process; Wrought builds the mechanism that makes it followed.
Wrought organizes engineering work into three pipelines. Each one starts with a trigger ("something happened" or "I want to build something") and ends with a documented plan ready for implementation.
You don't need to memorize the pipelines. Each skill tells you what to run next. But understanding the flow helps you get the most out of the toolkit.
Alongside the Findings Tracker, Wrought keeps a small Active Constraints surface in CLAUDE.md — a required-read list of in-force cross-session decisions ("don't re-propose X", "freeze module Y until Z"), each carrying a clearing predicate (EXPIRES/CLEARS-WHEN/SUPERSEDED-ONLY) so it decays by default instead of evaporating post-compaction or lingering as a stale rule. Inspect it with wrought constraints list. See CONVENTIONS.md.
The Reactive Pipeline — "Something broke"
When production goes sideways, the reactive pipeline walks you through a structured response:
/watchdog --> /incident --> /investigate --> /rca-bugfix --> /wrought-rca-fix --> /forge-review
(detect) (document) (dig in) (fix + learn) (implement loop) (code review)
Each step reads the output of the previous step and builds on it. By the end, you have a documented incident, a root cause analysis, and a fix prompt ready for implementation. Three months from now, when someone asks "what happened to the API that night?", the answer is in docs/incidents/.
The Proactive Pipeline — "Building something new"
When you're adding a feature, migrating a system, or making an architectural change:
/research --> /design --> [/ux-design] --> /blueprint --> /wrought-implement --> /forge-review
(learn) (decide) (design UI) (spec it) (implement loop) (code review)
(optional)
Research gathers context. Design evaluates trade-offs (should you use WebSockets or SSE? Redis or Memcached?). For frontend work, /ux-design generates a Design Brief with application-type-aware design tokens, typography, color, and anti-patterns — eliminating the generic "AI slop" aesthetic. Blueprint turns the chosen design (and Design Brief, if present) into an implementation spec. Plan mode turns it into code.
The Audit Pipeline — "Found something that needs attention"
Sometimes you discover issues proactively — through code review, analysis, or just reading logs carefully. The audit pipeline handles these:
/analyze --> /finding --> (routes to Fix or Design branch)
The /finding skill classifies what you found and tells you where to go next:
- Defect or Vulnerability? Route to Fix:
/investigatethen/rca-bugfix - Technical debt, gap, or drift? Route to Design:
/designthen/blueprint
Each downstream skill automatically updates the Findings Tracker with its stage transition:
Fix route: /finding → /investigate → /rca-bugfix → /wrought-rca-fix → /forge-review
Open Investigating RCA Complete Implementing Verified
Design route: /finding → /design → [/ux-design] → /blueprint → /wrought-implement → /forge-review
Open Designing (optional) Blueprint Ready Implementing Verified
Onboarding — "How mature is this project's deployment?"
Before any of the pipelines above, Wrought can assess your project's deployment maturity:
/safeguard detect --> (profile artifact)
↓ read by all pipelines
The safeguard skill scans your codebase for 12 deployment indicators — Docker, CI/CD, SIGTERM handling, environment count, process managers, health endpoints, and more — then classifies your project on a four-tier maturity scale. Every downstream skill can optionally read this profile to tailor its recommendations.
Complete Skills Reference
Wrought ships with 12 skills, 3 implementation loop commands, and 3 session management commands organized across four categories. Every skill is invoked as a slash command and produces timestamped documentation in your project's docs/ directory.
Reactive Skills
These skills handle the "something broke" pipeline — from detection through root cause analysis.
/watchdog — Autonomous Log Monitoring
/watchdog {what to monitor}
A fully autonomous bash script that monitors logs after a fix is implemented. Once started, it runs independently — no AI session required, no user presence needed. When it spots trouble, it creates a structured JSON incident and fans out alerts via your configured backends (default: local-file + ntfy push to your phone; optional: Telegram, Slack, webhook, email).
Examples:
/watchdog Monitor extraction after retry logic fix - watch for timeout errors
/watchdog Watch backend after GCS upload fix - look for upload failures
/watchdog Monitor batch job API after endpoint fix
What it does:
- Polls any log source every 60 seconds (Docker, Kubernetes, file tail, CI output — configurable via
WATCHDOG_MONITOR_CMD) - Creates incident JSON files in
/tmp/watchdog_{id}_incidents/ - Fans out distinct alerts via every configured backend for system errors vs fix-related errors
- De-duplicates similar errors (won't alert you 50 times for the same issue)
- Writes status every 60 seconds to a status file
- Runs until you stop it — survives Claude session endings
Typical workflow:
1. You deploy a fix at 11pm and start watchdog
2. You go to sleep
3. Watchdog detects an error at 3am
4. You get a push alert on your phone (via the first push-capable backend)
5. You wake up, start Claude, run: /incident {error summary}
6. The reactive pipeline picks up from there
Writes to: /tmp/watchdog_{id}_incidents/*.json
Backends & setup: see docs/setup/watchdog.md for per-backend configuration (ntfy, Telegram, Slack, webhook, email) and .env.watchdog.example for a sample config.
/incident — Incident Documentation
/incident {brief description of what happened}
Creates a factual, timestamped record of what happened. Not why — that's for /investigate and /rca-bugfix. Think of it as the police report: just the facts, in chronological order.
Examples:
/incident Payment API returning 500 errors since 02:15 UTC, affecting checkout flow
/incident Database connection pool exhausted, all API requests timing out
/incident Background worker crashed with OOM, 15,000 jobs in dead letter queue
/incident Health check returning red for Backend since 09:15 UTC but API responding normally
What it produces: A structured incident report with:
- Timeline of events (exact times in UTC)
- Observed symptoms
- Affected systems and impact scope
- Current status
Rules it follows:
- Factual only — describes what was observed, not what is assumed
- Neutral language — no blame, no speculation
- Chronological — events in the order they occurred
- Specific — exact times, exact error messages, exact numbers
Writes to: docs/incidents/{YYYY-MM-DD_HHMM}_{name}.md
Suggests next: /investigate
/investigate — Deep Investigation
/investigate {incident report, finding report, or description}
Thorough investigation into an incident or finding. Reads past incidents, RCAs, and findings to identify patterns. Researches external documentation for known issues. Produces hypotheses backed by evidence.
Examples:
# Investigate from an incident report
/investigate docs/incidents/2026-02-10_0230_payment_api_500_errors.md
# Investigate from a finding report
/investigate docs/findings/2026-02-10_0800_state_desynchronization.md
# Investigate by finding number (tracker-aware)
/investigate F1
# Investigate from a description
/investigate Rate limiting errors despite batch processing - 429 responses every 2 seconds
Two investigation modes:
| Mode | Triggered By | Depth |
|---|---|---|
| Full Investigation | Incident report or description | Deep dive — external research, hypothesis testing, evidence gathering |
| Confirmation Mode | Finding report (cause often already known) | Abbreviated — confirm scope, validate evidence, assess blast radius |
What it does:
- Researches external documentation for relevant known issues
- Reviews past RCAs and investigations in your project to recognize patterns
- Deeply investigates the issue with hypothesis testing
- Writes a detailed investigation report with evidence and recommended next steps
Writes to: docs/investigations/{YYYY-MM-DD_HHMM}_{name}.md
Updates tracker: Stage -> Investigating
Suggests next: /rca-bugfix
/rca-bugfix — Root Cause Analysis + Fix
/rca-bugfix {issue description, investigation report, or finding reference}
The culmination of the reactive pipeline. Identifies the root cause chain, produces a formal RCA document, and generates a ready-to-use implementation prompt for /plan mode.
Examples:
# From a description
/rca-bugfix Connection pool exhaustion causing payment API timeouts
# From an investigation report
/rca-bugfix docs/investigations/2026-02-10_0300_payment_api_timeout.md
# By finding number (resolves the full chain: tracker -> finding -> investigation)
/rca-bugfix F1
# From a finding when cause is already known (abbreviated RCA)
/rca-bugfix docs/findings/2026-02-10_0800_state_desynchronization.md
What it reads (in priority order):
- Investigation reports in
docs/investigations/— if one exists for this issue, it's the primary input - Finding reports in
docs/findings/— if investigation was skipped, uses the finding directly - User-provided description — if no upstream artifacts exist
What it produces:
- RCA document in
docs/RCAs/— root cause chain, contributing factors, timeline, evidence - Fix prompt in
docs/prompts/— ready for/planmode implementation
Writes to: docs/RCAs/{YYYY-MM-DD_HHMM}_{name}.md and docs/prompts/{YYYY-MM-DD_HHMM}_{name}.md
Updates tracker: Stage -> RCA Complete
Suggests next: /plan mode with the generated prompt
Proactive Skills
These skills handle the "building something new" pipeline — from research through implementation spec.
/research — Topic Research
/research {question or topic}
Researches a technical topic thoroughly, combining official documentation, community knowledge, and codebase analysis. Produces a documented record that prevents the same research from being repeated in future sessions.
Examples:
/research What are httpx timeout best practices for long-running downloads?
/research How does GCS resumable upload handle network interruptions?
/research WebSocket vs SSE vs long-polling for real-time order status updates
/research Why does Iterable batch export return 400 after job expires?
/research Best practices for database connection pooling in Python async applications
/research [paste an error message or documentation excerpt]
What it does:
- Identifies the technologies and APIs involved
- Searches official documentation (using current-year sources)
- Searches Stack Overflow, GitHub issues, and community resources
- Checks existing research in
docs/research/anddocs/RCAs/to avoid duplicating work - Writes a structured research report with findings, comparisons, and recommendations
Writes to: docs/research/{YYYY-MM-DD_HHMM}_{topic}.md
Suggests next: /design (if an architectural decision is needed) or /blueprint (if the path forward is clear)
/design — Architectural Design
/design {mode} {topic}
Research-driven, interactive design analysis for architectural decisions. Combines codebase analysis, documentation review, external research (current-year sources), and impact assessment to provide evidence-based recommendations.
Five modes:
| Mode | Command | When to Use |
|---|---|---|
| tradeoff | /design tradeoff {topic} |
Comparing approaches — the most common mode |
| validate | /design validate {proposal} |
Reviewing a proposed design for completeness and risk |
| migrate | /design migrate {from} {to} |
Planning a migration between approaches |
| impact | /design impact {change} |
Assessing the blast radius of a specific change |
| pattern | /design pattern {name} |
Explaining a pattern and assessing its applicability |
Examples:
# Compare approaches
/design tradeoff real-time communication for order status (WebSocket vs SSE vs polling)
/design tradeoff database migration strategy (Alembic vs raw SQL vs Django migrations)
/design tradeoff caching layer (Redis vs Memcached vs in-memory)
# Review a design
/design validate proposed microservices migration for the authentication layer
/design validate docs/design/2026-02-17_1825_review_deployment_safety_blueprint.md
# Plan a migration
/design migrate session-based auth to JWT
/design migrate monolith to event-driven architecture
# Assess impact
/design impact replacing PostgreSQL with CockroachDB for the billing service
/design impact adding rate limiting to all public API endpoints
# Evaluate a pattern
/design pattern circuit breaker for external API calls
/design pattern saga pattern for distributed transactions
What it does:
- Analyzes the current codebase state (dependencies, interfaces, patterns in use)
- Researches external best practices and current-year documentation
- Evaluates each option with weighted scoring against your project's constraints
- Presents findings at interactive checkpoints for your validation
- Produces a recommendation with clear rationale
Writes to: docs/design/{YYYY-MM-DD_HHMM}_{topic}.md
Updates tracker: Stage -> Designing
Suggests next: /blueprint
/blueprint — Implementation Specification
/blueprint {feature description}
Transforms design and research output into a concrete implementation specification — which files to create, which APIs to define, which tests to write — plus a ready-to-use prompt for /plan mode.
Examples:
/blueprint CSV migration with schema drift detection
/blueprint add real-time WebSocket notifications to the monitoring dashboard
/blueprint migrate authentication from session-based to JWT
/blueprint implement circuit breaker for external API calls
/blueprint add graceful shutdown to the background worker
What it reads: Design documents in docs/design/ and research documents in docs/research/ that are relevant to the feature.
What it produces:
- Blueprint in
docs/blueprints/— file specs, API definitions, test specs, acceptance criteria - Implementation prompt in
docs/prompts/— ready for/planmode
Writes to: docs/blueprints/{YYYY-MM-DD_HHMM}_{name}.md and docs/prompts/{YYYY-MM-DD_HHMM}_{name}.md
Updates tracker: Stage -> Blueprint Ready
Suggests next: /plan mode with the generated prompt
/ux-design — Frontend Design Quality
/ux-design [app-type|auto] [--refresh]
Generates an application-type-aware Design Brief with design tokens, typography, color, motion, layout, anti-patterns, accessibility requirements, and performance budgets. Eliminates "AI slop" — the generic Inter-font-purple-gradient aesthetic that LLMs default to — by providing concrete, opinionated design direction before implementation.
Application Types (auto-detected or specified):
| Type | Character | Key Signal |
|---|---|---|
saas-dashboard |
Data-dense, professional, dark mode | React + charting library |
landing-page |
Hero-driven, bold, conversion-focused | Next.js/Astro, < 10 routes |
ecommerce |
Product-focused, trust signals, fast | Stripe/Shopify in dependencies |
mobile-app |
Touch-first, native-feel, spring physics | React Native/Flutter/Expo |
admin-panel |
Dense, functional, keyboard-navigable | react-admin, /admin routes |
blog-content |
Readable, editorial, serif-forward | MDX/contentlayer, /blog routes |
developer-tool |
Monospace-heavy, dark-first, terminal | CLI frameworks, /bin directory |
How it works:
- Detects application type from
package.json, route patterns, and component structure (or accepts explicit type) - Loads the matching design profile with typography, color, motion, and layout conventions
- Scans for existing design system (CSS variables, Tailwind config, design tokens) — augments rather than replaces
- Generates a Design Brief with concrete CSS custom properties, font choices, spacing scales, and anti-patterns
- If
--refresh: re-evaluates an existing brief against current recommendations
What the Design Brief contains:
- Aesthetic Direction — the visual personality (not generic, not safe)
- Design Tokens — CSS custom properties for colors, typography, spacing, borders
- Typography Rules — Google Font pairings, scale, weights (never Inter, never Roboto)
- Color System — palette with contrast ratios, semantic colors, dark/light variants
- Motion Guidelines — transitions, easing, reduced-motion support
- Layout Conventions — grid, spacing, breakpoints, key patterns
- Anti-Patterns — what NOT to do (purple gradients, emoji icons, missing focus states, etc.)
- Accessibility — WCAG 2.1 AA, contrast, focus, semantic HTML
- Performance Budgets — font count, CSS size, LCP/CLS targets
Works with existing design systems: If your project already has Tailwind, CSS variables, or design tokens, /ux-design reads them and aligns the brief with your existing choices. It flags conflicts ("Your Tailwind config uses Inter — consider alternatives") without overwriting anything.
Examples:
/ux-design auto # Auto-detect app type, generate brief
/ux-design saas-dashboard # Use SaaS Dashboard profile directly
/ux-design landing-page # Use Landing Page profile
/ux-design --refresh # Re-evaluate existing brief
Writes to: docs/design-briefs/{YYYY-MM-DD_HHMM}_{project}.md
Suggests next: /wrought-implement (design context loaded automatically in a future phase)
Strategic Skills
These skills handle system-level analysis and proactive discovery. They feed findings into both the reactive and proactive pipelines.
/analyze — Systems Analysis
/analyze {mode} [scope]
Strategic-level system analysis that goes beyond reactive incident response. Discovers what exists in your codebase, assesses it against engineering standards, and surfaces issues proactively.
Six modes:
| Mode | Command | What It Produces |
|---|---|---|
| health | /analyze health |
Full system health assessment — reliability, performance, maintainability, observability scores |
| risk | /analyze risk [scope] |
Risk assessment with scoring matrix and prioritized mitigations |
| patterns | /analyze patterns [time-period] |
Pattern recognition across incidents, code, and logs (default: last 7 days) |
| component | /analyze component [scope] |
Deep dive into a specific component's health and architecture |
| architecture | /analyze architecture |
Full architectural review with documentation sync |
| discover | /analyze discover |
Build or refresh the System Map only (no assessment) |
Examples:
# Assess overall health
/analyze health
# Evaluate risk in a specific area
/analyze risk payment processing
/analyze risk authentication layer
# Find recurring patterns
/analyze patterns last-30-days
/analyze patterns
# Deep dive into one component
/analyze component extraction pipeline
/analyze component API gateway
# Full architectural review
/analyze architecture
# Just build the system map
/analyze discover
The System Map: Before any analysis, /analyze checks for (or creates) a System Map at docs/analysis/system-map.md. This persistent artifact maps your codebase — components, dependencies, entry points, error handling patterns — and is refreshed when stale (>24 hours old). The map is reused across analysis runs, so subsequent analyses are faster and more consistent.
When it finds something: The analysis modes surface issues and offer to route them:
- Defect or vulnerability found? Suggests
/findingto log it, then/investigate+/rca-bugfix - Gap or debt discovered? Suggests
/findingto log it, then/design+/blueprint
Writes to: docs/analysis/{YYYY-MM-DD_HHMM}_{name}.md and docs/analysis/system-map.md
Suggests next: /finding (for issues), /design (for design escalation), or nothing (if healthy)
/finding — Proactive Discovery Logging
/finding {description of what was found}
Logs a proactive discovery — something found through analysis, review, or inspection that needs attention. Creates a factual record of WHAT was found and routes it to the appropriate pipeline. Does NOT fix anything — that's for downstream skills.
Examples:
# From your own observation
/finding Missing companyId filter in invoice WHERE clauses -- authorization gap
/finding Deprecated bcrypt v2.1 in auth service -- known CVE
/finding Config drift: staging has debug logging enabled in production
# From an analysis report (batch processing)
/finding docs/analysis/2026-02-02_1530_extraction_systems_analysis.md
Classification taxonomy:
| Type | Description | Routes To |
|---|---|---|
| Defect | Known bug found proactively (not via incident) | /investigate then /rca-bugfix |
| Vulnerability | Security issue with known exposure | /investigate then /rca-bugfix |
| Debt | Technical debt requiring remediation | /design then /blueprint |
| Gap | Missing expected capability or coverage | /design then /blueprint |
| Drift | Configuration or code divergence from intent | Either branch, depending on scope |
Severity levels: Critical > High > Medium > Low
What it produces:
- Individual finding reports in
docs/findings/ - A Findings Tracker (auto-created or auto-updated)
- Auto-generated resolution tasks based on finding type
Writes to: docs/findings/{YYYY-MM-DD_HHMM}_{name}.md and docs/findings/{datetime}_{scope}_FINDINGS_TRACKER.md
Suggests next: /investigate (for defects/vulnerabilities) or /design (for debt/gaps/drift)
Onboarding Skills
These skills run at project setup time to establish baseline context for all other pipelines.
/safeguard — Environment Profile Classification
/safeguard {mode}
Classifies a project's deployment environment maturity and paradigm. Scans the codebase for 12 deployment indicators — Docker, CI/CD, SIGTERM handling, environment count, process managers, health endpoints, rollback mechanisms, and approval workflows — then produces a profile document consumed by all downstream skills.
Three modes:
| Mode | Command | What It Does | Requires Existing Profile |
|---|---|---|---|
| detect | /safeguard detect |
Full environment profiling from scratch | No |
| check | /safeguard check |
Re-validate existing profile against current state | Yes |
| recommend | /safeguard recommend |
Generate prioritized improvement guidance | Yes |
Profile levels (cumulative — each includes all requirements of the level below):
| Profile | Name | What It Means |
|---|---|---|
| Zero | DEV-Only | Single environment, no deployment pipeline, development-stage project |
| A | Minimal SDLC | DEV + PROD, Docker or process manager for deployment, limited CI/CD |
| B | Typical SDLC | DEV + TEST + PROD, CI/CD pipeline, deployment scripts with safety gates |
| C | Strong SDLC | Full CI/CD with required checks, branch protection, audit trails, automated rollback |
Deployment paradigms:
| Paradigm | What It Means |
|---|---|
| Docker | Application itself runs in containers (not just dependencies) |
| Non-Docker | Application runs via process manager, systemd, or direct execution |
| Hybrid | Some components containerized, some run directly |
What detect mode does:
- Scans 12 indicators (Docker presence, environment count, CI/CD, pre-commit hooks, SIGTERM handling, grace periods, process managers, deployment scripts, long-lived work, health endpoints, rollback mechanisms, approval workflows)
- Presents scan results and asks you to clarify ambiguities (e.g., "Is Docker for the app or just dependencies?")
- Classifies profile and paradigm with justification
- Asks you to confirm the classification
- Writes a profile document with classification summary, gap analysis, and recommendations
- Updates
.wroughtmarker with safeguard fields - Optionally routes gaps to
/findingfor formal tracking
What check mode does: Re-scans the same 12 indicators and compares against the recorded profile. Reports drift — new indicators detected, indicators removed, or changes that may warrant reclassification.
What recommend mode does: Generates prioritized improvement recommendations based on the current profile and its gap analysis.
Writes to: docs/analysis/{YYYY-MM-DD_HHMM}_environment_profile.md and docs/analysis/{YYYY-MM-DD_HHMM}_safeguard_recommendations.md
See Environment Profiling for a detailed walkthrough.
Code Quality Skills
/forge-review
Trigger: /forge-review [--scope=diff|full] [file or directory]
Deep multi-agent code review that orchestrates 4 specialized subagents in parallel. Each subagent analyzes a different dimension of code quality:
- Complexity Analyst — Algorithmic time/space complexity (Big O), hot paths, cross-function complexity chains
- DS&A Reviewer — Data structure selection vs access patterns, algorithm choice for the problem domain
- Paradigm Enforcer — FP/OOP paradigm consistency within files and modules
- Efficiency Sentinel — Performance anti-patterns: unnecessary iterations, missed concurrency, memory waste, N+1 queries
Results are aggregated into a tiered report (Critical/Warning/Suggestion) with deduplication across agents.
Flags:
--scope=diff(default) — Review only changed files--scope=full— Review all project source files
Examples:
/forge-review # Review changed files
/forge-review --scope=full # Review entire codebase
/forge-review --scope=full src/wrought/ # Review all files in src/wrought/
/forge-review src/wrought/cli/main.py # Review specific changed file
Writes to: docs/reviews/{YYYY-MM-DD_HHMM}_{scope}.md
Lifecycle integration: When invoked after /wrought-implement or /wrought-rca-fix, automatically updates the Findings Tracker (stage → Reviewed → Resolved) and clears the review_pending flag.
Suggests: /finding (for critical/warning findings), /simplify (for auto-fixable suggestions)
Greenfield Onboarding
/genesis
Trigger: /genesis [--brownfield] <project description>
Structured 3-phase project bootstrapping wizard that takes you from "I have an idea" to complete project documentation. Supports two modes:
- Greenfield (default): Interactive 5-question discovery interview
- Brownfield (
--brownfield): Analyzes your existing codebase instead of interviewing
Phases:
| Phase | What It Does | Artifact Produced |
|---|---|---|
| 1. Discovery | Captures problem domain, users, scope, tech preferences, deployment, timeline (greenfield) or analyzes existing codebase (brownfield) | docs/genesis/{project}_discovery.md |
| 2. Business Analysis | Synthesizes discovery into personas, user stories with ACs, MoSCoW prioritization, NFRs | PRD.md |
| 3. Systems Analysis | Designs tech stack, component architecture, data model, deployment, security | ARCHITECTURE.md |
Cross-session resumption: A state file (docs/genesis/{project}_progress.json) tracks phase completion. If you stop mid-way, running /genesis again resumes from where you left off.
Examples:
/genesis Acme Banking API — REST API for banking data aggregation
/genesis --brownfield existing-saas-app
Writes to: docs/genesis/{project}_discovery.md, PRD.md, ARCHITECTURE.md
Suggests: /safeguard detect (profile your deployment environment, then start building with the Wrought pipeline)
Real-World Scenarios
Scenario 1: Your API starts throwing errors at 2am
You wake up to alerts. Something's wrong with the payment service.
Step 1 — Document what you see:
/incident Payment API returning 500 errors since 02:15 UTC, affecting checkout flow
Wrought creates docs/incidents/2026-02-10_0230_payment_api_500_errors.md with a structured incident report. No guessing the format — it's standardized.
Step 2 — Dig into the cause:
/investigate docs/incidents/2026-02-10_0230_payment_api_500_errors.md
The investigation skill reads your incident report, examines the codebase, checks related past incidents, and produces a detailed investigation with hypotheses and evidence.
Step 3 — Fix it:
/rca-bugfix Connection pool exhaustion causing payment API timeouts
Root cause analysis plus a fix prompt. The RCA goes into docs/RCAs/ (your project's permanent knowledge base), and a ready-to-implement prompt goes into docs/prompts/.
Step 4 — Implement:
Enter /plan mode with the generated prompt. Code the fix with full context.
What you end up with: An incident record, investigation, RCA, and fix — all linked, all searchable, all available for the next engineer (or AI session) that encounters a similar problem.
Scenario 2: Adding WebSocket support to your application
You need real-time updates. Time to evaluate your options.
Step 1 — Research the landscape:
/research WebSocket vs SSE vs long-polling for real-time order status updates
Wrought produces a research document covering each approach, with trade-offs specific to your codebase.
Step 2 — Make the architectural decision:
/design tradeoff real-time communication for order status
The design skill reads your research, evaluates each option against your project's constraints, and produces a recommendation with clear rationale.
Step 3 — Spec the implementation:
/blueprint WebSocket integration for order status updates
Turns the chosen design into a concrete implementation spec: which files to create, which APIs to define, which tests to write. Also generates a prompt for plan mode.
Step 4 — Build it:
Enter /plan mode. The blueprint gives your AI assistant everything it needs to implement the feature correctly.
Scenario 3: Your analysis reveals a hidden problem
You run a system health check and something looks off.
Step 1 — Analyze the system:
/analyze health
The analysis runs across your codebase and operational history, scoring reliability, performance, maintainability, and observability.
Step 2 — The analysis flags a concern. Log it as a finding:
/finding Stale detection reads DB but extraction writes to filesystem — state desynchronization
Wrought classifies it (Defect, High severity), writes a finding report, and automatically creates a Findings Tracker to track resolution across sessions.
Step 3 — The finding skill tells you what to do next:
This is a corrective fix candidate. Recommended next steps:
1. /investigate stale detection state desynchronization
2. /rca-bugfix stale detection state desynchronization
Step 4 — Investigate. You can invoke the next skill two ways:
# Option A: Pass the artifact path (explicit — the skill reads it directly)
/investigate docs/findings/2026-02-10_0800_state_desynchronization.md
# Option B: Reference the finding number (tracker-aware — the skill looks up F1 in the tracker)
/investigate F1
Both work. Option A is explicit: the skill reads the file you point it to. Option B uses the lifecycle tracking protocol: the skill searches docs/findings/*_FINDINGS_TRACKER.md for F1, finds the linked finding report and any prior artifacts, and uses all of them as context.
The investigation produces a report in docs/investigations/. The tracker is automatically updated: F1 Stage -> Investigating.
Step 5 — Fix it. Same pattern — pass the investigation report or reference the finding:
# Option A: Pass the investigation report
/rca-bugfix docs/investigations/2026-02-10_0830_state_desynchronization.md
# Option B: Reference the finding (skill finds the tracker, finding report, AND investigation)
/rca-bugfix F1
The RCA skill reads upstream artifacts in order: investigations first, then findings. When you pass F1, it resolves the full chain — tracker -> finding report -> investigation — and uses all of them as context for the root cause analysis.
Step 6 — Plan and implement:
Enter /plan mode with the generated prompt. The tracker is updated at each step: RCA Complete -> Planned -> Resolved -> Verified.
Scenario 4: Multiple findings from a single analysis
Your /analyze run on the extraction pipeline reveals four related issues — a critical defect, two high-severity gaps, and a medium-severity architectural concern.
/finding docs/analysis/2026-02-02_1530_extraction_systems_analysis.md
Wrought processes the analysis and produces:
- 4 individual finding reports in
docs/findings/ - 1 named Findings Tracker:
docs/findings/2026-02-02_1600_extraction_pipeline_FINDINGS_TRACKER.md
The tracker lists all four findings sorted by severity, with auto-generated resolution tasks for each one:
| # | Finding | Type | Severity | Status | Stage |
|---|----------------------------|--------|--------------|--------|-------|
| F1 | State desynchronization | Defect | **Critical** | Open | Open |
| F3 | Download stall blind spot | Gap | **High** | Open | Open |
| F2 | No external termination | Gap | **High** | Open | Open |
| F4 | Serial queue blocking | Gap | **Medium** | Open | Open |
Over the next few sessions, you work through the findings. Every downstream skill automatically updates the tracker as it processes a finding. You invoke each skill with the F-number — the skill resolves the full artifact chain (tracker -> finding report -> investigation -> RCA) from that single identifier:
Session 1: /finding discovers F1, F2, F3, F4 → tracker created (all Stage: Open)
Session 2: /investigate F1
→ tracker: F1 Stage → Investigating, lifecycle row added
/rca-bugfix F1
→ tracker: F1 Stage → RCA Complete, lifecycle row added
Session 3: /plan (with F1 prompt)
→ tracker: F1 Stage → Planned, lifecycle row added
Implement fix
→ tracker: F1 Stage → Resolved
Session 4: Verify fix in production
→ tracker: F1 Stage → Verified
Each /session-end reconciles the tracker with reality — if an artifact exists but the tracker wasn't updated (e.g., the skill ran before lifecycle tracking was added), session-end backfills the missing stages.
Scenario 5: Onboarding a new project with environment profiling
You just initialized Wrought in a new project and want to understand its deployment maturity before doing any engineering work.
Step 1 — Profile the environment:
/safeguard detect
Wrought scans the codebase for Docker files, CI/CD configs, SIGTERM handlers, environment-specific configs, deployment scripts, process managers, health endpoints, and more. It presents its findings and asks you to clarify anything ambiguous:
"Based on the codebase scan, here's what I found:
Docker: docker-compose.yml with app + postgres + redis containers
Environments: .env.dev, .env.prod, .env.staging (3 environments)
CI/CD: GitHub Actions with lint, test, and deploy-to-staging steps
Before classifying, I need to clarify:
Is Docker used for the application itself, or just for dependencies?"
After your answers, it proposes a classification:
Profile: B (Typical SDLC)
Paradigm: Docker
Justification: 3 environments, Docker for the application, CI/CD with deployment steps
Step 2 — The profile document is written with a full gap analysis:
| Requirement | Required By | Current State | Gap? |
|--------------------------|-------------|------------------------|------|
| SIGTERM handling | All | Not present | YES |
| Grace period config | Profile A+ | stop_grace_period: 10s | No |
| Health endpoints | Profile A+ | /health exists | No |
| Rollback mechanisms | Profile B+ | Not detected | YES |
Step 3 — Wrought asks if you want to route the gaps:
"I found 2 gaps against Profile B requirements. The most significant:
No SIGTERM handling — application will terminate immediately on shutdown.
Should I route these to /finding to formally log them?"
If you say yes, the gaps become tracked findings with auto-generated resolution tasks, and the full audit pipeline takes over.
Scenario 6: Deploying a fix overnight with watchdog monitoring
You've fixed a critical bug and want to monitor it overnight without staying awake.
Step 1 — Deploy the fix and start watchdog:
/watchdog Monitor extraction after retry logic fix - watch for timeout errors and connection resets
Wrought generates a bash script that:
- Tails your application logs every 60 seconds
- Matches against patterns relevant to your fix
- Creates JSON incident files when errors are detected
- Sends Telegram alerts to your phone
Step 2 — Go to sleep. The watchdog runs autonomously.
Step 3 — Morning. Two scenarios:
If all clear:
Watchdog has been running for 8 hours. No errors detected.
Status: MONITORING | Last check: 07:02 UTC | Errors: 0
If something went wrong:
You have 2 Telegram alerts from 03:14 UTC.
Incident files created in /tmp/watchdog_abc123_incidents/
Step 4 — Review and document:
/incident Extraction timeout errors at 03:14 UTC after retry logic deploy
The reactive pipeline picks up from there.
Scenario 7: Migrating from monolith to microservices
A large architectural change that needs careful planning.
Step 1 — Research the landscape:
/research microservices migration patterns for Python monoliths 2026
Step 2 — Evaluate the migration approach:
/design migrate monolith to microservices for the billing domain
The design skill analyzes your current monolith structure, identifies service boundaries, evaluates migration strategies (strangler fig, branch by abstraction, parallel run), and recommends an approach with risk assessment.
Step 3 — Spec the first phase:
/blueprint extract billing service from monolith — phase 1 API gateway
Step 4 — Assess the impact:
/design impact extracting billing service from the shared database
What's the blast radius? Which other services depend on the billing tables? What queries need to be updated? The impact analysis answers these before you write a single line of code.
Step 5 — Implement phase 1:
Enter /plan mode with the blueprint prompt. Each subsequent phase repeats steps 3-5.
The Findings Tracker
When you log findings with /finding, Wrought automatically creates a Findings Tracker — a living document that tracks resolution progress across sessions.
How It Works
- You run
/finding(directly, or as part of/analyze) - Wrought writes individual finding reports to
docs/findings/ - Wrought creates (or updates) a named tracker:
docs/findings/{datetime}_{name}_FINDINGS_TRACKER.md
Each tracker is scoped to a group of related findings. If you analyze your authentication system and find three issues, those go into one tracker. If you later analyze your payment system and find two more, those get their own separate tracker. Multiple trackers coexist — one per problem domain.
What's Inside a Tracker
- Overview table — All findings sorted by severity (Critical first), with status
- Dependency map — How findings relate to each other
- Per-finding sections — Summary, root cause, resolution tasks (auto-generated), status tracking
- Changelog — Every update logged with session number and date
Resolution Tasks
Wrought auto-generates resolution tasks based on the finding type:
For defects and vulnerabilities (something's broken):
- [ ] F1.1: Confirm root cause and scope
- [ ] F1.2: Implement corrective fix
- [ ] F1.3: Verify fix
For debt, gaps, and drift (something needs designing):
- [ ] F1.1: Design approach (evaluate options)
- [ ] F1.2: Implement chosen approach
- [ ] F1.3: Verify implementation
When your finding reports contain specific code locations and root causes, the tasks are customized with those details.
Lifecycle Tracking
Every finding is tracked from discovery through resolution. The tracker maintains two levels of granularity:
- Status (coarse, 4 values):
Open->In Progress->Resolved->Verified - Stage (fine-grained, 7 values): tracks exactly where in the pipeline a finding sits
There are two stage progressions depending on the finding type:
Corrective Route (Defect / Vulnerability — something's broken):
Open → Investigating → RCA Complete → Planned → Implementing → Resolved → Verified
/investigate /rca-bugfix /plan (code work) session-end session-end
Design Route (Debt / Gap / Drift — something needs designing):
Open → Designing → Blueprint Ready → Planned → Implementing → Resolved → Verified
/design /blueprint /plan (code work) session-end session-end
Every downstream skill that processes a finding automatically updates the tracker — setting the Stage, appending a lifecycle row, checking the resolution task, and adding a changelog entry. You don't need to update the tracker manually.
Each finding's detail section includes a Lifecycle table that grows as the finding progresses:
| Stage | Timestamp | Session | Artifact |
|----------------|-----------------------|---------|---------------------------------------|
| Open | 2026-02-02 16:00 UTC | 119 | [Finding Report](docs/findings/...) |
| Investigating | 2026-02-03 09:00 UTC | 120 | [Investigation](docs/investigations/) |
| RCA Complete | 2026-02-03 11:00 UTC | 120 | [RCA](docs/RCAs/) + [Prompt](docs/prompts/) |
| Planned | 2026-02-03 14:00 UTC | 120 | [Plan](docs/plans/...) |
| Resolved | 2026-02-04 10:00 UTC | 121 | Commit abc123 |
| Verified | 2026-02-04 15:00 UTC | 121 | Production validation |
Cross-Session Persistence
The tracker integrates with Wrought's session management:
/session-endchecks all active trackers and updates any that had work done during the session — checking off completed tasks, updating statuses and stages, backfilling any missed lifecycle rows, and adding changelog entries.
Naming Convention
Trackers are named by their scope:
docs/findings/2026-02-02_1639_iterable_extraction_pipeline_FINDINGS_TRACKER.md
docs/findings/2026-03-15_0900_auth_authorization_gaps_FINDINGS_TRACKER.md
docs/findings/2026-04-01_1400_api_rate_limiting_FINDINGS_TRACKER.md
Environment Profiling
The /safeguard skill provides deployment environment classification — a one-time onboarding assessment that establishes baseline context for all Wrought skills.
Why It Matters
Different projects need different recommendations. A development-stage CLI toolkit doesn't need rollback mechanisms. A production API serving millions of requests needs SIGTERM handling, health endpoints, and graceful shutdown. Wrought's environment profile captures these differences so downstream skills can tailor their output.
The Detection Matrix
Wrought scans 12 indicators to classify your project:
| # | Indicator | What It Tells Wrought |
|---|---|---|
| 1 | Docker presence | Docker vs Non-Docker paradigm |
| 2 | Environment count | How many environments exist (DEV, TEST, STAGING, PROD) |
| 3 | CI/CD presence | Continuous integration and deployment maturity |
| 4 | Pre-commit hooks | Local quality gates before code reaches CI |
| 5 | SIGTERM handling | Whether the application shuts down gracefully |
| 6 | Grace period config | Time allowed for graceful shutdown |
| 7 | Process manager | How the application is supervised in production |
| 8 | Deployment scripts | Existing deployment automation |
| 9 | Long-lived work | Background tasks that need graceful shutdown (Celery, APScheduler, etc.) |
| 10 | Health endpoints | Application health monitoring infrastructure |
| 11 | Rollback mechanisms | Ability to revert a bad deployment |
| 12 | Approval workflows | Code review and deployment gate processes |
Profile Levels
Profiles are cumulative — each level includes all requirements of the level below:
Profile Zero (DEV-Only): Single environment, no deployment pipeline. A project in development. Quality gates (pre-commit, CI) may exist but no deployment infrastructure.
Profile A (Minimal SDLC): DEV + PROD. Docker or a process manager handles deployment. Limited or no CI/CD. The minimum for a project serving real users.
Profile B (Typical SDLC): DEV + TEST + PROD. CI/CD pipeline exists. Deployment scripts include some safety gates. A test environment validates changes before production.
Profile C (Strong SDLC): Full CI/CD with required checks. Branch protection and approval workflows. Multiple environments with promotion gates. Audit trails, signed releases, or automated rollback.
How Downstream Skills Use It
When an environment profile exists, skills across all three pipelines can optionally read it:
/analyzetailors its health scoring to your profile level — a Profile Zero project won't be penalized for missing rollback mechanisms/designfactors your deployment paradigm into architectural recommendations/rca-bugfixincludes profile-aware fix recommendations (e.g., "Add SIGTERM handler" for non-Docker deployments vs "Increasestop_grace_period" for Docker)/findingadjusts gap severity based on what your profile requires
Profile awareness is always additive and optional — every skill works identically without a profile.
Staleness Detection
The wrought status command shows your profile age:
Safeguard: Profile ZERO (non-docker) -- 0 days old
After 90 days, it suggests re-validation:
Safeguard: Profile B (docker) -- 95 days old (consider re-running /safeguard check)
Run /safeguard check to re-scan and confirm your profile is still accurate, or /safeguard detect to reclassify from scratch.
Session Management
Wrought includes three session commands that maintain continuity between AI coding sessions. No more "where were we?" — each session starts with full context and ends with a complete handoff.
/session-start
Reads your project's CLAUDE.md and the latest session handoff document. Orients the AI assistant with:
- Full project context (architecture, conventions, active work)
- What happened in the last session
- Current priorities and next steps
- Active findings trackers and their status
Run this at the beginning of every AI session.
/session-end
Creates all handoff documentation for the next session:
- Saves any active plan files
- Creates a new
NEXT_SESSION_PROMPT_{datetime}.mdwith current status and priorities - Creates a
SESSION_SUMMARY_{datetime}.mddocumenting what was accomplished - Updates
CLAUDE.mdto point to the new handoff - Archives old handoff documents to
docs/archive/sessions/ - Updates any Findings Trackers that had work done during the session
Run this at the end of every AI session to preserve context.
Session Workflow
A typical working day with Wrought:
1. Start a new AI session
2. /session-start # Load context, see priorities
3. (do your engineering work) # Use any Wrought skills as needed
4. /session-end # Create handoff docs
5. Close the session # Context preserved for next time
Autonomous Implementation Loop
Wrought includes an autonomous implementation system (internally called "Ralph Wiggum") that iterates on code changes until tests pass. Instead of manually running tests after each change, the loop runs a verifier command automatically when Claude attempts to stop — and blocks the exit if tests fail, forcing another iteration.
How It Works
- You finish the pipeline (
/finding→/design→/blueprint→ plan) and have an implementation plan or RCA report ready - You invoke
/wrought-implement(for new features) or/wrought-rca-fix(for bug fixes) - The command initializes loop state at
.claude/wrought-loop-state.jsonand begins implementation - When Claude attempts to stop, the Stop hook (
stop-hook.sh) automatically runs the configured verifier command (e.g.,uv run pytest tests/ -q) - If tests fail: Claude is blocked from exiting and receives the error output — it must fix and try again
- If tests pass: the loop completes and Claude exits normally
- Each iteration's verifier output is saved as a capsule artifact at
docs/capsules/{finding_id}/iter_N/run.log
Three Commands
/wrought-implement — Autonomous Implementation Loop
Start a loop for implementing a plan. Reads the most recent plan from docs/plans/ (or a path you provide), initializes loop state, and begins step-by-step implementation with automatic test verification.
/wrought-implement # Uses most recent plan
/wrought-implement docs/plans/2026-03-01_my_plan.md # Specific plan
/wrought-rca-fix — Autonomous Bugfix Loop
Start a loop for applying an RCA fix. Reads the most recent RCA from docs/RCAs/ (or a path you provide), applies the fix, and verifies with automatic test verification.
/wrought-rca-fix # Uses most recent RCA
/wrought-rca-fix docs/RCAs/2026-03-01_my_rca.md # Specific RCA
/cancel-wrought-loop — Cancel Active Loop
Stop the current implementation or RCA loop. Deactivates the loop state and reports iteration history.
/cancel-wrought-loop
Configuration
The loop reads verifier settings from the .wrought marker file:
| Field | Default | Description |
|---|---|---|
verifier_type |
none |
Verifier preset (none prompts for manual config) |
verifier_test_path |
tests/ |
Default test path |
verifier_max_loops |
5 |
Maximum iterations before budget exhaustion |
verifier_timeout |
300 |
Per-run timeout in seconds |
If verifier_type is none, the command will ask you to provide a verifier command (e.g., uv run pytest tests/ -q).
Pipeline Enforcement Guard (PreToolUse Hook)
Wrought includes a runtime enforcement mechanism that mechanically prevents source file edits outside of an active implementation loop. This complements the CLAUDE.md enforcement rules with a hook that runs in the shell — the model cannot bypass it.
How it works: A PreToolUse hook fires before every Edit or Write tool call. It checks:
- Is the target file a pipeline artifact (docs/, .claude/, root-level *.md, .gitignore)? If so, allow — these are created by pipeline skills and don't need loop protection.
- Is there an active loop (
.claude/wrought-loop-state.jsonwithactive: true)? If so, allow — the implementation loop is running as expected. - Otherwise, deny with: "No active implementation loop. Run
/wrought-implementor/wrought-rca-fixfirst."
This means if your AI assistant tries to edit source code directly — skipping the pipeline — the edit is blocked at the tool level. It must invoke /wrought-implement or /wrought-rca-fix to start a loop first.
Two-layer enforcement:
- Layer 1 (prompt): CLAUDE.md rules guide the model's behavior — "follow the pipeline, don't skip steps"
- Layer 2 (runtime): PreToolUse hook mechanically blocks violations — model-agnostic, compaction-resistant, deterministic
The hook is installed automatically via the Wrought plugin or wrought init.
Safety
stop_hook_active: The Stop hook checks this flag to prevent infinite re-blocking — if Claude is already continuing from a previous block, the hook allows exitmax_iterations: Hard budget limit prevents runaway loops; when reached, the loop deactivates and Claude exits- Context alert priority: The context-alert hook runs before the Stop hook. If context usage exceeds 80%, context-alert blocks first — preserving context is more important than test verification
- Pipeline guard allowlist: Pipeline artifacts (docs/, .claude/, CLAUDE.md, root *.md, .gitignore) are always editable without a loop — skills that produce documentation are not blocked
Example Walkthrough
# 1. Pipeline is complete — you have a plan
/wrought-implement
# 2. Command finds the plan, initializes loop state, starts implementing
# ... Claude implements changes ...
# 3. Claude tries to stop → Stop hook runs pytest
# Tests fail → Claude is blocked with error output
# "Verifier failed (iteration 1/5). Fix the failing tests..."
# 4. Claude fixes the failing tests, tries to stop again
# Tests pass → Loop completes
# "Implementation complete after 2 iterations.
# Capsule artifacts at docs/capsules/my_finding/iter_0/ and iter_1/"
Workflow Enforcement
Wrought enforces pipeline discipline through a workflow orchestration system. Skills have prerequisite checks that validate upstream artifacts exist before execution — preventing you from skipping pipeline steps.
Commands
wrought workflow status
Show all active findings across all Findings Trackers, with their current stage and status.
wrought workflow status
Output:
Active findings (3):
F1: State desynchronization
Stage: RCA Complete | Status: In Progress | Severity: Critical
Tracker: docs/findings/2026-02-02_extraction_pipeline_FINDINGS_TRACKER.md
F2: No external termination signal
Stage: Designing | Status: In Progress | Severity: High
Tracker: docs/findings/2026-02-02_extraction_pipeline_FINDINGS_TRACKER.md
F3: Download stall blind spot
Stage: Open | Status: Open | Severity: High
Tracker: docs/findings/2026-02-02_extraction_pipeline_FINDINGS_TRACKER.md
wrought workflow check <skill>
Validate prerequisites before invoking a skill. Exits 0 if prerequisites are met, exits 1 if blocked.
wrought workflow check blueprint
# OK: Prerequisites met: found files matching docs/design/*.md.
wrought workflow check rca-bugfix
# BLOCKED: Run /investigate first to create an investigation report.
Prerequisite Map
| Skill | Requires | Mode |
|---|---|---|
/investigate |
Findings Tracker OR incident report | any |
/rca-bugfix |
Investigation report | all |
/design |
Findings Tracker | all |
/ux-design |
Findings Tracker | all |
/blueprint |
Design document | all |
/plan |
Blueprint AND implementation prompt | all |
Skills not listed here (e.g., /incident, /finding, /analyze, /research, /safeguard, /watchdog, /forge-review) are standalone and have no prerequisites.
Artifact Index
Wrought maintains a searchable index of all artifacts in your docs/ directory. The index enables quick lookup across incidents, findings, investigations, RCAs, designs, blueprints, research, and analysis reports.
Commands
wrought index build
Rebuild the artifact index from all files in docs/. The index is stored at docs/.artifact-index.json.
wrought index build
# Index built: 235 artifacts indexed.
wrought index search <query>
Search across all indexed artifacts by keyword.
wrought index search "connection pool"
Output:
Results for "connection pool" (3 matches):
investigation 2026-02-10 Payment API timeout investigation
docs/investigations/2026-02-10_0300_payment_api_timeout.md
rca 2026-02-10 Connection pool exhaustion RCA
docs/RCAs/2026-02-10_0400_connection_pool_exhaustion.md
finding 2026-02-10 Connection pool sizing gap
docs/findings/2026-02-10_0800_connection_pool_sizing.md
CLI Reference
The wrought CLI manages installation, updates, and development workflow. Zero external dependencies — stdlib only.
Commands
wrought init
Initialize Wrought in the current project. Creates .claude/ directory, copies skills and commands, writes .wrought marker with safeguard fields, and creates a .wrought-manifest to track installed files.
cd ~/Projects/my-app
wrought init
Output:
[1/5] Copying skills and commands
Copied .claude/skills/
Copied .claude/commands/
Wrought initialized in /Users/you/Projects/my-app
Next: Open Claude Code and run /session-start
wrought update
Pull the latest skills from GitHub.
wrought update
wrought upgrade
Pull the latest and check for new capabilities. If the /safeguard skill hasn't been run yet, it will suggest running it. If a profile exists, it shows the current classification.
wrought upgrade
Output (no profile):
Already up to date.
NEW: /safeguard skill available
Optional: Run /safeguard detect to classify your deployment environment
Output (with profile):
Already up to date.
Safeguard profile: Profile B (docker)
Consider running /safeguard check to re-validate your profile
--refresh-stale
Overwrite divergent agents/, commands/, and hooks/ files with current source. User-asserted authority for legacy installs predating manifest-pin tracking (Wrought ≤ 0.1.x). Does not affect skills, statusline.py, or hook scripts.
# Preview candidates first
wrought doctor
# Then heal
wrought upgrade --refresh-stale
Scope is locked to agents/, commands/, hooks/ because these content types accept byte-identity adoption (F2). Skills carry a deploy-time transformation (disable-model-invocation: true → false) that makes byte-identity to source impossible; the statusline and hook scripts are handled by independent migration paths.
Once an install has pins recorded (i.e. ran any wrought upgrade from Wrought 0.2+ once), drift detection runs automatically on every subsequent upgrade — the flag is only needed once per legacy install. See finding F4 in docs/findings/2026-04-16_0719_upgrade_missing_agent_deployment_FINDINGS_TRACKER.md for the design rationale.
wrought status
Show version, repository status, installation health, and safeguard profile.
wrought status
Output:
Wrought v1.0.0
Install: ~/.local/share/uv/tools/wrought
Clean (no uncommitted changes)
Current project: /Users/you/Projects/my-app
Skills: YES
Commands: YES
Safeguard: Profile B (docker) -- 12 days old
wrought diff
Show uncommitted changes in the Wrought repo. Useful when you've improved a skill while working in a project.
wrought diff
wrought commit -m "message"
Stage and commit all changes in the Wrought repo.
wrought commit -m "Improve /finding skill with batch support"
wrought push
Push Wrought changes to GitHub. Every project using Wrought immediately picks up the change.
wrought push
wrought uninstall
Remove Wrought files and marker from the current project. Uses the .wrought-manifest to identify wrought-owned files. Does not affect the Wrought repo, other projects, or user-created files.
wrought uninstall
wrought workflow status
Show all active findings with their current stage and status. See Workflow Enforcement for details.
wrought workflow status
wrought workflow check <skill>
Validate prerequisites before invoking a skill. Exits 0 if OK, 1 if blocked.
wrought workflow check design
wrought index build
Rebuild the artifact index from docs/. See Artifact Index for details.
wrought index build
wrought index search <query>
Search across all indexed artifacts by keyword.
wrought index search "timeout"
wrought doctor
Inspect Wrought install health. Per-repo (default) or cross-repo (--all-repos). Surfaces incomplete installs (BROKEN), content drift (WARNING), and opt-in opportunities (INFO).
# Per-repo (current directory)
wrought doctor
# Cross-repo (scan ~/Projects/ by default)
wrought doctor --all-repos
# Cross-repo with explicit base paths
wrought doctor --all-repos ~/Work ~/SideProjects
# JSON output for CI integration
wrought doctor --format=json
# Auto-fix BROKEN repos (re-runs `wrought upgrade` per repo)
wrought doctor --all-repos --fix-incomplete
Exit codes: 0 if all OK/INFO, 1 if any WARNING (content drift), 2 if any BROKEN (incomplete install).
Contributing Changes Back
To contribute skill improvements back to the Wrought repo, edit the skills in the Wrought source directory and then push:
wrought diff # See what changed in the wrought repo
wrought commit -m "Improve /finding skill with batch support"
wrought push # Share with the team
Then run wrought upgrade in each project to refresh the copies.
Under the Hood
How Installation Works
Wrought installs via file copies. When you run wrought init, it creates:
your-project/.claude/
├── settings.json <- Your project's config (untouched)
├── .wrought-manifest <- Tracks wrought-owned files
├── skills/ <- Copied from wrought/skills/
│ ├── analyze/
│ ├── blueprint/
│ ├── design/
│ ├── finding/
│ ├── incident/
│ ├── investigate/
│ ├── rca-bugfix/
│ ├── research/
│ ├── safeguard/
│ └── watchdog/
└── commands/ <- Copied from wrought/commands/
├── session-start.md
├── session-end.md
├── finding.md
├── analyze.md
├── wrought-implement.md
├── wrought-rca-fix.md
├── cancel-wrought-loop.md
└── ... (10 skill stubs)
Files are independent copies — edits in a project stay local and don't affect the Wrought source. Use wrought upgrade to refresh copies from the latest source.
The .wrought Marker
Each initialized project gets a .wrought marker file:
format_version=1
version=1.0.0
install_path=~/.local/share/uv/tools/wrought
safeguard_version=1
safeguard_profile=B
safeguard_paradigm=docker
safeguard_last_run=2026-02-19T18:38:41Z
safeguard_created=2026-02-19T18:38:41Z
safeguard_override=none
github_owner=myorg
github_repo=my-app
github_project_number=none
github_project_id=none
verifier_type=none
verifier_test_path=tests/
verifier_max_loops=5
verifier_timeout=300
The CLI reads this marker for wrought status, wrought upgrade, and profile display. The safeguard_* fields track deployment environment classification. The github_* fields are auto-detected from Git remotes during wrought init. The verifier_* fields configure the autonomous implementation loop — test command, iteration budget, and timeout. The safeguard_override field allows manual classification overrides when the automated detection doesn't match reality.
Institutional Memory
Every skill writes to docs/. Over time, your project accumulates:
docs/
├── incidents/ # What broke and when
├── findings/ # What was discovered proactively (+ Findings Trackers)
├── investigations/ # Deep dives into problems
├── RCAs/ # Root cause analyses
├── research/ # Technology evaluations
├── design/ # Architectural decisions
├── blueprints/ # Implementation specs
├── analysis/ # System health assessments + environment profiles
├── prompts/ # Ready-to-use implementation prompts
├── plans/ # Implementation plans
├── reviews/ # Code review reports from /forge-review
├── capsules/ # Ralph Wiggum loop iteration artifacts
└── archive/
└── sessions/ # Past session handoffs
This is your project's engineering logbook. Each document is written by one skill and read by downstream skills, creating a feedback loop. The more you use Wrought, the better it understands your project's history and patterns.
Pipeline Data Flow
Skills communicate through shared documents, not APIs. Here's what each skill reads and writes:
| Artifact | Written By | Read By |
|---|---|---|
docs/incidents/*.md |
/incident |
/investigate, /analyze |
docs/findings/*.md |
/finding |
/investigate, /analyze, /rca-bugfix, /research |
docs/findings/*_FINDINGS_TRACKER.md |
/finding |
/investigate, /rca-bugfix, /design, /blueprint, /session-end |
docs/investigations/*.md |
/investigate |
/rca-bugfix, /analyze |
docs/RCAs/*.md |
/rca-bugfix |
/investigate, /analyze |
docs/research/*.md |
/research |
/investigate, /design, /blueprint |
docs/analysis/*.md |
/analyze |
/design, /investigate, /finding |
docs/design/*.md |
/design |
/blueprint |
docs/blueprints/*.md |
/blueprint |
/plan mode |
docs/prompts/*.md |
/rca-bugfix, /blueprint |
/plan mode |
docs/analysis/system-map.md |
/analyze |
/analyze (refreshed each run) |
docs/analysis/*_environment_profile.md |
/safeguard |
All pipeline skills (optional enrichment) |
docs/analysis/*_safeguard_recommendations.md |
/safeguard |
(human consumption) |
docs/reviews/*.md |
/forge-review |
/finding, /simplify |
docs/capsules/{finding_id}/iter_N/run.log |
stop-hook.sh |
/wrought-implement, /wrought-rca-fix |
docs/capsules/{finding_id}/loop_summary.json |
stop-hook.sh |
/session-end, (human consumption) |
.claude/wrought-loop-state.json |
/wrought-implement, /wrought-rca-fix |
stop-hook.sh, /cancel-wrought-loop |
Hooks
Wrought uses Claude Code hooks to enforce safety and enable autonomous loops:
| Hook | Event | What It Does |
|---|---|---|
context-alert.py |
stop |
Monitors context window usage. Warns at 70% (stderr), blocks at 80% (prevents context exhaustion) |
stop-hook.sh |
stop |
Runs the verifier command when an autonomous implementation loop is active. Blocks exit on test failure |
Ordering: Both hooks are registered on the stop event. context-alert.py runs first — if context usage exceeds 80%, it blocks before the Stop hook runs. This ensures context preservation takes priority over test verification.
Finding Classification
The /finding skill classifies discoveries to determine the resolution path:
| Type | What It Means | Where It Goes |
|---|---|---|
| Defect | Code that doesn't work as intended | Fix Branch: /investigate then /rca-bugfix |
| Vulnerability | Security weakness with known exposure | Fix Branch: /investigate then /rca-bugfix |
| Debt | Technical debt that hurts maintainability | Design Branch: /design then /blueprint |
| Gap | A capability that should exist but doesn't | Design Branch: /design then /blueprint |
| Drift | Something diverged from its intended state | Either branch, depending on scope |
Severity levels: Critical > High > Medium > Low
Project Conventions
See CONVENTIONS.md for the full directory structure and file naming conventions that Wrought skills expect.
All Wrought artifacts use this naming format:
{YYYY-MM-DD_HHMM}_{description}.md
Examples:
2026-01-22_1700_stream_download_timeout.md
2026-02-19_1838_environment_profile.md
2026-02-02_1639_iterable_extraction_pipeline_FINDINGS_TRACKER.md
Development
After adding new skills or commands to the source tree, reinstall the editable package so the CLI picks them up:
uv tool install --force -e .
Quick test in a scratch directory:
mkdir /tmp/test-project && cd /tmp/test-project
wrought init -n
Run the test suite:
uv run pytest tests/ -q
Versioning & stability
Wrought's package version is independent SemVer — it tracks the CLI/package on its own clock, not the product-roadmap tier labels ("v1.0" the launch, "V1.x" the roadmap). Three version clocks run in parallel and do not need to match:
| Clock | Current | What it is |
|---|---|---|
Package SemVer (PyPI wrought) |
1.0.0 |
The installed CLI + skills — this section's subject |
Plugin channel (wrought-plugin) |
1.1.x |
The Claude Code plugin marketplace build, on its own clock |
| Marketing tier | "v1.0" | The free single-developer product line |
So 1.0.0 < 1.1.6 is not "the CLI is behind the plugin" — they are separate distribution channels with independent version histories.
Major-on-break. 1.0.0 is a standing SemVer commitment. The next backward-incompatible change to a documented surface ships as a major bump (2.0.0) — never smuggled inside a 1.x minor or patch. Additive, backward-compatible changes stay in 1.x indefinitely.
What the stability promise covers (SemVer applies to these):
- documented CLI subcommands, flags, and exit codes;
- the
.wroughtmarker file format.
What is explicitly not covered (may change in a minor/patch without a major bump):
- experimental or unreleased skills;
- internal hook interfaces and private module layout;
- anything marked unstable in its own docs.
On the number itself — 1.0.0 is the first stable public release: the API is stable enough to depend on, justified by heavy dogfooding (Wrought builds Wrought). It is not a claim of completeness or adoption — the only real user so far is the author. If it breaks for you, that is the most useful thing you can report.
License
MIT — see LICENSE. WROUGHT™ is a trademark of FluxForge AI (filed/pending — CIPC Class 9 + 42); the MIT licence covers the code, not the name. See NOTICE.
V1.0 vs WROUGHT Platform boundary
V1.0 (this repo — the single-developer Claude Code pipeline: skills, CLI, hooks, Findings Trackers) is free and MIT, forever. The planned WROUGHT Platform is a separate paid hosted/team/multi-model product — V1.0 is never feature-gated to sell it. Multi-platform support (Codex, etc.) is a deliberate WROUGHT Platform concern; V1.0 is Claude-Code-native by design.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file wrought-1.0.0.tar.gz.
File metadata
- Download URL: wrought-1.0.0.tar.gz
- Upload date:
- Size: 225.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
e7c82cc107ea5e048f5a02b023df73cbcf309ff5de318900ff8966497b572580
|
|
| MD5 |
48845ad1dd532b950d2b5c2c273c0f67
|
|
| BLAKE2b-256 |
4d545444689428c94cac11ec1b6286ea2aa0b318255a5274a86cad8f24cd1d22
|
Provenance
The following attestation bundles were made for wrought-1.0.0.tar.gz:
Publisher:
release.yml on fluxforgeai/wrought
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wrought-1.0.0.tar.gz -
Subject digest:
e7c82cc107ea5e048f5a02b023df73cbcf309ff5de318900ff8966497b572580 - Sigstore transparency entry: 2064022398
- Sigstore integration time:
-
Permalink:
fluxforgeai/wrought@5f214538a255c293fe157ed05221f38281650dab -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/fluxforgeai
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@5f214538a255c293fe157ed05221f38281650dab -
Trigger Event:
push
-
Statement type:
File details
Details for the file wrought-1.0.0-py3-none-any.whl.
File metadata
- Download URL: wrought-1.0.0-py3-none-any.whl
- Upload date:
- Size: 262.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
89d76f074b90dbe6bf8ca9519d17be08d89e4e4ccd0b469bc580c2cfbfe313a6
|
|
| MD5 |
af4ab6f550b37e7ef099be1bfb9eb9e2
|
|
| BLAKE2b-256 |
3154aee9deedd36b195dad21b711a47f887997593214c0755b853dbc3428737c
|
Provenance
The following attestation bundles were made for wrought-1.0.0-py3-none-any.whl:
Publisher:
release.yml on fluxforgeai/wrought
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
wrought-1.0.0-py3-none-any.whl -
Subject digest:
89d76f074b90dbe6bf8ca9519d17be08d89e4e4ccd0b469bc580c2cfbfe313a6 - Sigstore transparency entry: 2064022460
- Sigstore integration time:
-
Permalink:
fluxforgeai/wrought@5f214538a255c293fe157ed05221f38281650dab -
Branch / Tag:
refs/tags/v1.0.0 - Owner: https://github.com/fluxforgeai
-
Access:
private
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@5f214538a255c293fe157ed05221f38281650dab -
Trigger Event:
push
-
Statement type: