Research
/Security News
Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages
Miasma Mini Shai-Hulud hits @immobiliarelabs Backstage plugins, targeting GitLab and LDAP auth packages on npm.
By Socket Research Team - Jun 26, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
devflow-kit
Advanced tools
devflow-kit
Agentic Development Toolkit for Claude Code - Enhance AI-assisted development with intelligent commands and workflows
DevFlow - Agentic Development Toolkit
A comprehensive collection of Claude Code commands and configurations designed to enhance developer workflows when working with AI coding assistants.
Installation
# Run with npx (recommended - no global install needed)
npx devflow-kit init
That's it! DevFlow is now installed and ready to use in Claude Code.
What's Included
📊 Slash Commands
| Command | Purpose | When to Use |
|---|---|---|
/catch-up | Smart summaries for starting new sessions with status validation | Starting a session |
/research [topic] | Comprehensive pre-implementation research and planning | Before implementing features |
/devlog | Development log for comprehensive session documentation | Ending a session |
/plan-next-steps | Extract actionable next steps from current discussion | After planning discussion |
/debug [issue] | Systematic debugging with issue-specific investigation | When troubleshooting |
/pre-commit | Review uncommitted changes using specialized sub-agents | Before committing |
/commit | Intelligent atomic commit creation with safety checks | When ready to commit |
/pre-pr | Comprehensive branch review for PR readiness | Before creating PR |
/release | Automated release workflow with version management and publishing | Creating a new release |
🤖 Sub-Agents
| Sub-Agent | Specialty | Purpose |
|---|---|---|
audit-security | Security Analysis | Expert vulnerability detection and security code review |
audit-performance | Performance | Optimization and bottleneck detection |
audit-architecture | Architecture | Design pattern analysis and code structure review |
audit-tests | Testing | Test quality, coverage, and effectiveness analysis (surgical execution) |
audit-complexity | Complexity | Code complexity and maintainability assessment |
audit-dependencies | Dependencies | Dependency management and security analysis |
audit-database | Database | Database design and optimization review |
audit-documentation | Documentation | Docs-code alignment, API accuracy, comment quality |
catch-up | Context Restoration | Project status and context restoration with validation |
commit | Git Operations | Intelligent commit creation with safety checks |
research | Implementation Planning | Pre-implementation research, approach analysis, and planning |
release | Release Automation | Project-agnostic release workflow with version management |
How Sub-Agents Work:
- Specialized AI assistants with deep expertise in specific domains
- Separate context windows for focused analysis
- Can be invoked explicitly or automatically by orchestrator commands
- Restricted tool access appropriate to their domain
Invoking Sub-Agents:
# Explicit invocation
"Use the audit-security sub-agent to analyze this authentication code"
# Automatic delegation (Claude Code decides which sub-agent to use)
"Review this code for security issues"
📊 Smart Statusline
Real-time project context display showing:
- Current model and session duration
- Git branch and uncommitted changes indicator
- Session cost tracking
- Project context
- Zero configuration - works immediately after installation
🔒 Security & Token Optimization
DevFlow automatically creates a comprehensive .claudeignore file at your git repository root to:
Protect Sensitive Data:
- Environment files (
.env,.env.*,.envrc) - Credentials & keys (
*.key,*.pem, SSH keys) - Cloud configs (
.aws/,.gcp/,.azure/) - Package tokens (
.npmrc,.pypirc) - Database files (
*.sql,*.db)
Optimize Token Usage:
- Dependencies (
node_modules/,vendor/,venv/) - Build artifacts (
dist/,build/,.next/) - IDE files (
.vscode/,.idea/) - Lock files (
package-lock.json,yarn.lock) - Media and binaries
Covers patterns for all major languages and operating systems.
Development Workflow
Starting a Session
/catch-up- Review what was done previously- Check statusline for current model, git state, duration
- Review recommended next actions
During Development
/research [topic]- Research implementation approaches before coding/pre-commit- Review changes before committing/commit- Create intelligent atomic commits- Invoke audit sub-agents as needed
Ending a Session
/devlog- Document decisions and state/pre-pr- Review branch before creating PR/commit- Final commits with validation
Creating a Release
/pre-pr- Comprehensive branch review/release- Automated release workflow- Detects project type (Node.js, Rust, Python, Go, etc.)
- Analyzes commits and suggests version bump
- Generates changelog from git history
- Builds and tests before publishing
- Creates git tags and platform releases
- Verify package in registry
When Things Go Wrong
- Check git log and recent commits
/debug [issue description]- Structured debugging- Revert changes using git
- Document lessons learned
CLI Commands
| Command | Purpose | Options |
|---|---|---|
devflow init | Initialize DevFlow for Claude Code | --skip-docs - Skip creating .docs/ structure |
devflow uninstall | Remove DevFlow from Claude Code | --keep-docs - Keep .docs/ directory |
What devflow init does:
- Installs commands to
~/.claude/commands/devflow/ - Installs sub-agents to
~/.claude/agents/devflow/ - Installs scripts to
~/.devflow/scripts/ - Updates
~/.claude/settings.json(statusline and model) - Creates
.claudeignoreat git repository root - Creates
.docs/structure for project documentation
First Run:
devflow init
/devlog # Document your current project state
/catch-up # Get oriented with the project
Advanced Usage
Custom Audit Rules
# Extend sub-agents for project-specific patterns
echo "Check for exposed API keys in config files" >> ~/.claude/agents/devflow/audit-security.md
Team Usage
# Share session documentation with team
/devlog
git add .docs/status/
git commit -m "Session status: completed user auth feature"
Integration Examples
/research "add JWT authentication" # Research before implementing
/pre-commit # Review uncommitted changes
/commit # Create atomic commits
/pre-pr # Branch review before PR
/release # Automated release workflow
/debug "TypeError in auth module" # Debug specific issue
Philosophy
Modern development increasingly involves AI agents that can read, write, and modify code autonomously. DevFlow provides:
- Trust but Verify - Tools to catch AI agent mistakes
- Context Preservation - Memory across long-term projects
- Quality Gates - Automated checks for AI changes
- Developer Empowerment - Enhance human judgment, not replace it
Building from Source
# Clone and build
git clone https://github.com/dean0x/devflow.git
cd devflow
npm install
npm run build
# Test locally
node dist/cli.js init
# Watch mode for development
npm run dev
Project Structure:
src/
├── cli/ # CLI source code (TypeScript)
│ ├── commands/ # init.ts, uninstall.ts
│ └── cli.ts # CLI entry point
└── claude/ # Claude Code configuration
├── agents/devflow/ # Sub-agent definitions (.md)
├── commands/devflow/ # Slash command definitions (.md)
├── scripts/ # statusline.sh
└── settings.json # Claude Code settings
Support
- Check installed command documentation
- Review
.docs/status/for recent sessions - Use
/debug [issue]for systematic troubleshooting - Report issues at https://github.com/dean0x/devflow/issues
License
MIT
FAQs
Agentic Development Toolkit for Claude Code - Enhance AI-assisted development with intelligent commands and workflows
The npm package devflow-kit receives a total of 59 weekly downloads. As such, devflow-kit popularity was classified as not popular.
We found that devflow-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 16 Oct 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Rolldown Pulls Rust React Compiler Integration After Binary Size Increase
Rolldown paused Rust React Compiler integration after a 5MB binary size increase raised concerns about shipping React-specific code to all Vite users.
By Sarah Gooding - Jun 26, 2026
Security News
/Research
Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and GitHub Actions, Expands to the Go Ecosystem
Mini Shai-Hulud expands into the Go ecosystem after hitting LeoPlatform npm packages and targeting GitHub Actions workflows.
By Socket Research Team - Jun 25, 2026