cc-praxis is a curated collection of Claude Code skills for professional software development. Where Claude Code gives you a capable generalist, cc-praxis gives you a disciplined collaborator that knows your conventions, enforces your quality standards, and chains the right actions together automatically — every session, every project, without repeating yourself.
Skills are a system. After Java code review, java-git-commit syncs DESIGN.md automatically. After TypeScript review, ts-security-audit is offered for auth code. The right workflow runs without you directing it.
One line in CLAUDE.md declares your project type. Every skill reads it — commits route to the right specialist, health checks pick the right categories, docs sync to the right document.
42 skills contribute ~1,200 words of descriptions to your context window — less than a single well-written prompt. Each full skill loads only when triggered. The rest costs nothing.
git commit -m "fix stuff" — meaningless history, archaeology by Tuesday~/.claude/skills/ — one command sets up your whole environment."commit" in a Java projecttype: java → routes to java-git-commitfeat(rest): add user export endpoint — conventional, Java-scoped, release-readyEach skill contributes ~30 words of trigger description. The full skill body loads only when that skill activates.
Skills guide AI behaviour across every session. A three-tier validation framework catches problems before they reach you.
One marketplace command. Pick your bundle. Open a new Claude Code session and say "commit" — you'll notice the difference immediately.
/plugin marketplace add github.com/mdproctor/cc-praxis
Entry point for all commit workflows. Reads the project type from CLAUDE.md and routes to the appropriate specialised commit skill — java-git-commit for Java, blog-git-commit for blogs, custom-git-commit for custom projects. Handles interactive setup if no project type is declared.
Keeps CLAUDE.md in sync with workflow and convention changes after every commit. Analyses the staged diff for changes to build commands, testing patterns, naming conventions, and repository structure, then proposes targeted updates.
Creates and manages Architecture Decision Records in MADR format. Assigns sequential numbers, tracks lifecycle (Proposed → Accepted → Deprecated → Superseded), and stores records in docs/adr/. Offered automatically by maven-dependency-update on major version upgrades.
Universal project health checker — answers "is the project correct, complete, and consistent?" Runs 12 check categories across 4 tiers of depth. At tier 3+, automatically chains to the type-specific health skill for your project.
Companion to project-health for improvement opportunities — bloat, duplication, consolidation, and structural improvements. Never blocks work; findings are always opportunities not failures. Run after health is green.
Universal code review checklist covering safety (resource leaks, deadlocks), concurrency, performance, testing philosophy, and review workflow. Language-agnostic — extended by java-code-review and ts-code-review which add language-specific examples and tooling.
Universal OWASP Top 10 security audit checklist for server-side applications. Covers injection, broken auth, access control, cryptographic failures, misconfiguration, vulnerable components, and SSRF. Extended by language-specific audits with code examples.
Universal dependency management workflow — BOM alignment, compatibility checking, version drift prevention, and when to create ADRs for dependency decisions. Package-manager-agnostic foundation extended by maven-dependency-update and npm-dependency-update.
Universal observability guidance — the three pillars (logs, traces, metrics), MDC/correlation ID patterns, HTTP header propagation, and OpenTelemetry concepts. Technology-agnostic foundation extended by framework-specific skills like quarkus-observability.
Expert Java development for Quarkus server-side applications. Safety-first approach — resource leaks, deadlocks, classloader issues, Vert.x event loop correctness. Includes Quick Reference table, Rule Priority flowchart (Safety › Concurrency › Performance › Code Quality), and 12 real production incident examples.
Pre-commit code review for Java/Quarkus — resource leaks, event loop blocking, concurrency violations, reproducibility, performance in hot paths, and testing coverage. Extends code-review-principles with Quarkus/Vert.x specific checks and ❌/✅ code examples.
OWASP Top 10 security audit for Java/Quarkus — SQL/JPQL injection, broken auth, access control, cryptographic failures, Vault/OIDC integration patterns, and Quarkus security extension recommendations. Builds on security-audit-principles with Quarkus-specific examples.
Java-specific commit workflow extending git-commit. Requires docs/DESIGN.md — blocks commits if missing. Automatically syncs DESIGN.md via java-update-design before proposing the commit. Provides Java/Quarkus-specific commit scopes (rest, repository, service, BOM).
Maven BOM dependency management for Java/Quarkus — Quarkus platform alignment, BOM vs explicit version detection, compatibility checking, and safe upgrade proposals. Offers ADR creation for major version changes. Extends dependency-management-principles.
Keeps DESIGN.md in sync with code changes — maps Java annotations to architectural signals (@RestController → API change, @Entity → data model change). Proposes targeted DESIGN.md updates and nudges when the doc grows too large to modularise.
Quarkus Flow (CNCF Serverless Workflow) development — FuncDSL task composition (function/agent/http/emit/listen), human-in-the-loop patterns, LangChain4j AI service integration, and YAML workflow definitions. Full API reference in funcDSL-reference.md.
Testing patterns for Quarkus Flow workflows — @QuarkusTest for Flow classes, YAML workflow testing with @Identifier, REST integration tests with REST Assured, RFC 7807 error mapping, and AI service mocking with @InjectMock and @QuarkusTestProfile.
Production-grade observability for Quarkus — structured JSON logging with MDC, quarkus-flow workflow tracing, OpenTelemetry distributed tracing, Micrometer/Prometheus metrics, and log aggregator integration (Kibana, Loki, Datadog). Extends observability-principles.
Java-specific health checks extending project-health. Adds three categories: java-architecture (layer separation, circular imports, domain isolation), java-dependencies (BOM alignment, no duplicate versions, correct test scoping), java-code-quality (duplication, hardcoded values, callback patterns).
Expert TypeScript development for Node.js and browser applications. Enforces strict mode, guides async/await correctness, error handling with discriminated unions, and testing with Jest or Vitest. Includes a Quick Reference table and "These Thoughts Mean STOP" rationalization guide.
Pre-commit code review for TypeScript — type safety (no any, no unsafe assertions), async correctness (unawaited promises, missing error handling), and test quality. Severity-graded CRITICAL/WARNING/NOTE with a Mermaid decision flow. Extends code-review-principles.
OWASP Top 10 security audit for TypeScript/Node.js. Covers SQL/NoSQL/command injection, broken auth (JWT, bcrypt, rate limiting), IDOR, prototype pollution, SSRF, cryptographic failures, and security misconfiguration. Includes a Node.js Security Features reference table.
npm/yarn/pnpm dependency management with a BOM-first philosophy. Covers semver strategy (^, ~, exact), npm audit triage, breaking change detection, devDependencies separation, and ADR integration for major upgrades. Works with all three lock file formats.
TypeScript-specific health checks extending project-health. Adds five categories: ts-types (strict mode, @ts-ignore, any usage), ts-async (floating promises, sequential awaits), ts-build (tsc --noEmit, ESLint, circular imports), ts-dependencies (npm audit, lock file), ts-testing (coverage, skipped tests).
Expert Python development — type hints, mutable default argument safety, asyncio patterns, @dataclass, pytest. Includes Common Pitfalls table with 12 rationalizations.
Python code review — type safety (missing hints, bare Any), bare except clauses, unawaited coroutines, blocking event loop. Severity-graded CRITICAL/WARNING/NOTE.
OWASP Top 10 for Python — SQL/command injection, pickle deserialization (RCE risk), yaml.load vs safe_load, secrets vs random, path traversal, SSRF.
pip/poetry/pipenv dependency management — semver strategy (== vs ~=), pip audit triage, virtual env discipline, ADR for major upgrades.
Health checks for Python projects — python-types (mypy), python-deps (pip audit), python-quality (flake8/ruff), python-testing (pytest), python-build.
GitHub issue tracking with cross-cutting detection. Setup mode configures Work Tracking in CLAUDE.md and creates standard labels. Task intake detects when a request spans multiple concerns. Pre-commit analysis guides through git add -p splitting. Release management via gh release create --generate-notes.
Commit workflow for GitHub Pages / Jekyll blogs. Enforces content-type conventions (post/edit/draft/asset/config), validates post filenames (YYYY-MM-DD-title.md format), uses 72-char subject limit (blog titles are longer than code subjects), and validates via validate_blog_commit.py.
Commit workflow for type: custom projects (working groups, research, documentation). Syncs the user-configured primary document (VISION.md, THESIS.md, etc.) based on Sync Rules declared in CLAUDE.md. Supports four built-in sync strategies plus custom strategies.
Generic table-driven primary document sync for type: custom projects. Reads Sync Rules from CLAUDE.md (file patterns → document sections) and proposes targeted updates. Supports bidirectional-consistency, research-progress, api-spec-sync, and architectural-changes strategies. Proposal-only — never applies changes directly.
Health checks specific to Claude Code skill repositories. Adds 8 skills-specific categories: cross-refs (bidirectional chaining), coverage (marketplace completeness), quality (CSO compliance, flowcharts), naming conventions, infrastructure (validators wired), dependencies, performance (token budget), effectiveness.
Health checks for GitHub Pages / Jekyll blogs. Extends project-health with blog-specific checks: post filename format (YYYY-MM-DD-title.md), front matter validity, Jekyll configuration health, content freshness, and navigation integrity.
Health checks for type: custom projects. Extends project-health with custom checks: primary document sync accuracy, work tracking configuration, Sync Rules validity, and project-specific conventions. Reads configuration from CLAUDE.md to validate project requirements.
One-time bootstrap wizard for new environments. Configures the session-start hook (automatic CLAUDE.md detection), offers bundle or individual skill selection with automatic dependency resolution, and verifies setup on completion. Run once per machine after adding the cc-praxis marketplace.
Guided removal wizard. Lets you remove individual skills, bundles, or everything. Checks reverse dependencies before removing (warns if other installed skills depend on the one being removed). Optionally removes the session-start hook. Requires explicit confirmation before anything is deleted.
Immutable, dated record of design state — where the project is, how it got here, and where it's going. Unlike DESIGN.md (a living document), snapshots never change after they're committed. Links to ADRs rather than duplicating them. Prompts for missing ADRs after writing.
Lightweight living log for undecided possibilities — park ideas worth remembering before they evaporate. Capture, review, promote to ADR or task, or discard. Different from ADRs (decisions made) and design snapshots (state frozen): the idea log holds maybes.
Living project diary — captures decisions, pivots, and discoveries in the moment with honest diary voice. Preserves what was believed at the time, including aspirations that later changed. Not a polished retrospective: if the plan changed, the blog shows both the original and the change.
Visual skill manager — a local web app for browsing, installing, updating, and uninstalling skills. Shows live install state per bundle. Launch with /cc-praxis-ui inside Claude Code, or the cc-praxis command in your terminal.
Cross-project library of hard-won technical gotchas — bugs that silently fail, behaviours that contradict documentation, workarounds that took hours to find. Stored in ~/claude/knowledge-garden/ and shared across all projects on this machine. Dual-indexed by technology and by symptom type.
Generates a concise HANDOVER.md at session end so the next Claude session can resume immediately. Uses lazy references — pointers to design snapshots, project blog, and knowledge garden rather than loading their content. Stays under 500 tokens by design.
One-time workspace setup — creates ~/claude/private/<project>/ with routing CLAUDE.md, gitignored project symlink via .git/info/exclude, and full directory structure for snapshots, ADRs, blog, and specs.
On-demand retrospective mapping of git history to GitHub epics and issues — analyses git log, ADRs, blog entries, and design docs; proposes structure in docs/retro-issues.md for review before creating anything on GitHub.
Full epic lifecycle — detects current epic state and routes to start or close workflow. Start: creates branches, scaffolds design/JOURNAL.md with SHA baseline, links or creates a GitHub issue. Close: routes artifacts, merges JOURNAL.md into DESIGN.md, posts specs to GitHub issue, handles branch cleanup.