Security News
Frontier AI Is Now Critical Infrastructure
The Fable shutdown shows how quickly model access can become a business continuity risk for AI-dependent engineering teams.
By Sarah Gooding - Jun 24, 2026
🚀 Socket Launch Week Day 5:Introducing Repository Access Permissions and Custom Roles.Learn more →
devflow-kit
Advanced tools
devflow-kit
Agentic Development Toolkit for Claude Code - Enhance AI-assisted development with intelligent commands and workflows
DevFlow
Development workflows for Claude Code — spec, implement, code-review, debug in one command.
Why DevFlow
Claude Code is powerful but workflows are manual — you write ad-hoc prompts, lose context on every restart, and repeat the same review steps across projects.
DevFlow adds structured commands that handle the full lifecycle: specify features, implement with exploration and planning, review with multiple perspectives, and debug with parallel investigation. Session memory persists automatically across restarts and compaction.
Features
- Structured code review — multiple specialized reviewers (security, architecture, performance, and more)
- Full-lifecycle implementation — spec, explore, plan, code, validate, refine in one command
- Automatic session memory — survives restarts,
/clear, and context compaction - Parallel debugging — competing hypotheses investigated simultaneously
- Version notifications — HUD shows
✦ Devflow vX.Y.Z · update: npx devflow-kit initwhen a newer version is available - 35 quality skills — 9 auto-activating core, 8 optional language/ecosystem, plus specialized review, agent, and orchestration skills
Quick Start
npx devflow-kit init
Then in Claude Code:
/code-review
Commands
| Plugin | Command | Description |
|---|---|---|
devflow-specify | /specify | Interactive feature specification with clarification gates |
devflow-implement | /implement | Complete task lifecycle — explore, plan, code, validate, refine |
devflow-code-review | /code-review | Multi-perspective code review with severity classification |
devflow-resolve | /resolve | Process review issues — fix or defer to tech debt |
devflow-debug | /debug | Parallel hypothesis debugging |
devflow-self-review | /self-review | Self-review workflow (Simplifier + Scrutinizer) |
devflow-ambient | (hook) | Ambient mode — intent classification with agent orchestration |
devflow-core-skills | (auto) | Auto-activating quality enforcement skills |
Command Details
/specify
Guides you through defining a feature with three mandatory gates:
- Understanding Gate - Confirm the feature idea is understood
- Scope Gate - Validate priorities and boundaries
- Acceptance Gate - Confirm success criteria
Creates a GitHub issue with well-defined requirements ready for /implement.
/implement
Executes a single task through the complete development lifecycle:
- Exploration — analyze codebase for relevant patterns and dependencies
- Planning — design the implementation approach
- Implementation — write code on a feature branch
- Validation — run build, typecheck, lint, and tests
- Refinement — simplify and review for quality
- Alignment Check — verify implementation matches the original request
Creates a PR when complete.
/code-review
Multi-perspective code review with specialized reviewers:
- Core: Security, Architecture, Performance, Quality
- Conditional (activated when relevant): TypeScript, React, Accessibility, Go, Python, Java, Rust, Database, Dependencies, Documentation
- Findings classified as must-fix, should-fix, or nit with severity and confidence levels
Provides actionable feedback with specific file locations and suggested fixes.
/debug
Investigates bugs using competing hypotheses:
- Hypothesis Generation — identify 3-5 plausible explanations
- Parallel Investigation — each hypothesis investigated independently
- Evidence Evaluation — hypotheses ranked by supporting evidence
- Root Cause — the best-supported explanation with fix recommendation
Produces a root cause analysis report with confidence level.
/resolve
Processes issues from /code-review:
- Validates each issue is real (not false positive)
- Assesses risk of fixing (low vs high)
- Fixes low-risk issues immediately
- Defers high-risk issues to tech debt backlog
Auto-Activating Skills
The devflow-core-skills plugin provides quality enforcement skills that activate automatically:
| Skill | Triggers When |
|---|---|
core-patterns | Implementing business logic, error handling |
docs-framework | Creating documentation artifacts in .docs/ |
git-safety | Rebasing, force-pushing, merge conflicts |
git-workflow | Staging files, creating commits, PRs |
github-patterns | GitHub API operations, PR comments, releases |
test-driven-development | Implementing new features (RED-GREEN-REFACTOR) |
test-patterns | Writing or modifying tests |
input-validation | Creating API endpoints |
search-first | Adding utilities, helpers, or infrastructure code |
Language & Ecosystem Plugins
Optional plugins for language-specific patterns. Install only what you need:
| Plugin | Skill | Triggers When |
|---|---|---|
devflow-typescript | typescript | Working in TypeScript codebases |
devflow-react | react | Working with React components |
devflow-accessibility | accessibility | Creating UI components, forms |
devflow-frontend-design | frontend-design | Working with CSS, styling |
devflow-go | go | Working in Go codebases |
devflow-python | python | Working in Python codebases |
devflow-java | java | Working in Java codebases |
devflow-rust | rust | Working in Rust codebases |
# Install specific language plugins
npx devflow-kit init --plugin=typescript,react
npx devflow-kit init --plugin=go
Requirements
- Claude Code (latest)
- Node.js 18+
Installation
Install All Plugins
npx devflow-kit init
The interactive wizard walks through plugin selection, feature configuration (ambient mode, working memory, HUD, safe-delete), and security settings. In user scope, it discovers all projects Claude has worked on and batch-installs .claudeignore across them.
Install Specific Plugins
# List available plugins
npx devflow-kit list
# Install specific plugin(s)
npx devflow-kit init --plugin=implement
npx devflow-kit init --plugin=implement,code-review
Scopes
--scope user(default) - Install for all projects (~/.claude/)--scope local- Install for current project only (.claude/)
Working Memory
DevFlow automatically preserves session context across restarts, /clear, and context compaction — zero ceremony required.
Three shell hooks run behind the scenes:
| Hook | When | What |
|---|---|---|
| Stop | After each response | Updates .memory/WORKING-MEMORY.md with current focus, decisions, and progress. Throttled — skips if updated <2 min ago. |
| SessionStart | On startup, /clear, resume, compaction | Injects previous working memory + fresh git state as system context. Warns if memory is >1h stale. |
| PreCompact | Before context compaction | Backs up git state to JSON. Bootstraps a minimal working memory from git if none exists yet. |
Working memory is per-project — scoped to each repo's .memory/ directory. Multiple sessions across different repos don't interfere.
Documentation Structure
DevFlow creates project documentation in .docs/ and working memory in .memory/:
.docs/
├── reviews/{branch}/ # Review reports per branch
└── design/ # Implementation plans
.memory/
├── WORKING-MEMORY.md # Auto-maintained by Stop hook
├── backup.json # Pre-compact git state snapshot
└── knowledge/
├── decisions.md # Architectural decisions (ADR-NNN, append-only)
└── pitfalls.md # Known pitfalls (area-specific gotchas)
Workflow Examples
Implementing a Feature
/specify # Define the feature with clarification gates
/implement # Execute the full lifecycle
Debugging an Issue
/debug "login fails after session timeout"
/debug #42 # Investigate from GitHub issue
Before Creating a PR
/code-review # Multi-perspective code review
/resolve # Fix low-risk issues, defer high-risk to backlog
Session Continuity
Session context is saved and restored automatically via Working Memory hooks — no manual steps needed.
CLI Reference
| Command | Description |
|---|---|
npx devflow-kit init | Install all plugins |
npx devflow-kit init --plugin=<names> | Install specific plugin(s) |
npx devflow-kit list | List available plugins |
npx devflow-kit ambient --enable | Enable always-on ambient mode |
npx devflow-kit ambient --disable | Disable ambient mode |
npx devflow-kit uninstall | Remove DevFlow |
Init Options
| Option | Description |
|---|---|
--plugin <names> | Comma-separated plugin names (e.g., implement,code-review) |
--scope <user|local> | Installation scope (default: user) |
--teams / --no-teams | Enable/disable Agent Teams (experimental, default: off) |
--ambient / --no-ambient | Enable/disable ambient mode (default: on) |
--memory / --no-memory | Enable/disable working memory (default: on) |
--hud / --no-hud | Enable/disable HUD status line (default: on) |
--hud-only | Install only the HUD (no plugins, hooks, or extras) |
--verbose | Show detailed output |
HUD Options
| Command | Description |
|---|---|
npx devflow-kit hud --status | Show current HUD config |
npx devflow-kit hud --enable | Enable HUD |
npx devflow-kit hud --disable | Disable HUD (version notifications still appear) |
npx devflow-kit hud --detail | Show tool/agent descriptions |
npx devflow-kit hud --no-detail | Hide tool/agent descriptions |
Skill Shadowing
Override any DevFlow skill with your own version. Shadowed skills survive devflow init — they won't be overwritten on reinstall or upgrade.
# Create a personal override (copies current version as reference)
npx devflow-kit skills shadow core-patterns
# Edit your override
vim ~/.claude/skills/core-patterns/SKILL.md
# List all overrides
npx devflow-kit skills list-shadowed
# Remove override (next init restores DevFlow's version)
npx devflow-kit skills unshadow core-patterns
Uninstall Options
| Option | Description |
|---|---|
--scope <user|local> | Uninstall scope (default: user) |
--plugin <names> | Comma-separated plugin names to uninstall selectively |
--keep-docs | Preserve .docs/ directory |
--dry-run | Show what would be removed without deleting anything |
--verbose | Show detailed uninstall output |
Building from Source
git clone https://github.com/dean0x/devflow.git
cd devflow
npm install
npm run build
node dist/cli.js init
License
MIT
FAQs
Agentic Development Toolkit for Claude Code - Enhance AI-assisted development with intelligent commands and workflows
The npm package devflow-kit receives a total of 35 weekly downloads. As such, devflow-kit popularity was classified as not popular.
We found that devflow-kit demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 22 Mar 2026
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Code You Didn't Write Is Still Yours to Defend
AI agents are pulling packages into environments no scanner is watching, creating exposure before security teams can see it.
By Brad Arkin - Jun 23, 2026
Security News
GitHub Actions Checkout Now Blocks Risky pull_request_target Checkouts
GitHub Actions checkout now blocks risky pull_request_target checkouts by default to help prevent pwn request supply chain attacks.
By Sarah Gooding - Jun 20, 2026