Playbook
Governed, standardized AI development

Build your AI development kit.

Pick your technologies and skills. We recommend the right agents and guardrails, then generate a ready-to-drop config folder for Claude Code, GitHub Copilot, or Cursor — agents, skills, and rules, in your tool's exact format.

What kind of project?

Shapes the starter playbook in your kit and the questions we ask — new build, existing codebase, or legacy modernization.

Choose your tool

Pick the assistant you use. We emit that tool's exact file layout.

Pick your technologies

Your stack drives which agents, rules, and skills we recommend.

Languages

Frontend

Backend

Database

Testing

Cloud

DevOps

AI tooling

Add skills

Reusable skill packs. Recommended ones are pre-selected based on your stack.

Azure DevOps Tickets Skill

Claude Code skill for creating, updating, and querying Azure DevOps work items via the Azure DevOps MCP server.

Brand Guidelines Skill

Apply official brand colors and typography to artifacts and UI — palette, Poppins/Lora font system, and on-brand styling for decks and documents.

Code Coverage Skill

Configure and enforce test coverage with Vitest's v8 provider — 80% thresholds, per-directory overrides, CI reporting, uncovered-code triage, and coverage-driven test prioritization.

Code Reviewer SkillRecommended

Claude Code skill that performs comprehensive code review on PRs and diffs, prioritized by severity with concrete fixes.

Compatibility Layer Generator Skill

Claude Code skill that generates adapters, shims, and proxies for incremental coexistence between legacy and new systems.

Component Library Skill

Claude Code skill that generates accessible React components matching the project's design system, tokens, and naming conventions.

Data Validation Skill

Claude Code skill that compares old and new system outputs for parity — running validation queries on both DBs and reporting drift.

Database Migration Skill

Claude Code skill that generates safe forward and reverse migrations with transaction-wrapping, idempotency, and zero-downtime patterns.

Dependency Audit Skill

Claude Code skill that audits dependencies for vulnerabilities, outdated packages, and license issues — and explains what to actually fix.

Documentation SkillRecommended

Claude Code skill that generates README, API docs, JSDoc, ADRs, and other docs that match the project's existing voice and depth.

Frontend Design Skill

Build distinctive, production-grade frontend interfaces — bold aesthetics, refined typography, motion, and layout that avoid generic AI looks.

Jira Push (Bulk Stories + Test Cases)

Skill for bulk-pushing elaborated stories and their test cases into Jira as Story + sub-task hierarchies. Always dry-runs first; never overwrites silently.

Jira Ticket Manager Skill

Claude Code skill for creating, updating, and querying Jira tickets via the Jira MCP server.

Legacy Code Analyzer Skill

Claude Code skill that reads legacy .NET code (WebForms, VB.NET, classic ASP) and explains what it does — the foundation for any migration.

Migration Planner Skill

Flagship migration skill that walks Claude Code through audit → strategy → slicing → cutover for any legacy system migration.

OWASP Security Review SkillRecommended

Claude Code skill pack that reviews code and PRs against the OWASP Top 10 and ASVS, with severity-ranked findings and concrete fixes.

Performance Profiler Skill

Claude Code skill that diagnoses performance issues — slow queries, slow renders, memory leaks — with measurement-first methodology.

PR Governance Gate Skill

Governance-hook skill that gates pull requests on security, compliance, and enterprise-standard checks before merge.

Secure-Coding Guardrails SkillRecommended

Vibe-coding guardrail skill that keeps citizen and pro developers inside secure-by-default patterns while AI generates code.

Spec-Driven Builder SkillRecommended

Tool-neutral skill that walks developers through PRD → stories → schema → API → tests for any new feature, producing real artifacts at each step. The methodology is identical on every supported tool.

Test Generator Skill

Claude Code skill that picks the right test type (unit/integration/E2E) based on context and applies Evoke's testing patterns automatically.

Agents

Specialist subagents. Security & core agents are recommended for every kit.

Security & governance

security-reviewerRecommended

Reviews code and diffs against the OWASP Top 10 and ASVS, returning severity-ranked, CWE-tagged findings with fixes.

validatorRecommended

Independent validator agent: checks another agent's output against correctness, security, tests, and conventions. Never edits the code it reviews.

pr-governance-gate

Hard governance gate: runs a fixed pre-merge checklist and returns a blocking PASS/BLOCK verdict with an auditable report.

Core development

discoveryRecommended

Bootstrap project discovery: invoked when project-context is missing, stale, or explicitly requested.

plannerRecommended

Read-only discovery & planning agent: explores the codebase, maps dependencies, and produces an implementation plan without editing code.

orchestratorRecommended

Drives a task to completion iteratively: writes a durable plan, executes one step at a time, delegates to specialists, validates, records intermediate outputs, and resumes where it left off.

code-reviewerRecommended

Principal-engineer code review across correctness, security, performance, and maintainability, with prioritized, fix-oriented findings.

test-authorRecommended

Writes focused, meaningful unit/integration tests for changed behavior — happy path, edge cases, and error paths — in the project's framework.

QA & test automation

playwright-test-author

Generates Playwright end-to-end tests from a user flow or page, using role-based locators and resilient assertions.

e2e-runner

Runs the E2E suite, triages failures (product bug vs. flaky vs. stale test), and reports a concise, actionable summary.

Rules

Coding guardrails written into your tool's instruction files.

Engineering baseline

Engineering baselineRecommended

Core working agreement for AI-assisted development: scope discipline, no dead code, match existing conventions.

Orchestration & delegationRecommended

Main-agent protocol: decompose the goal, delegate focused work to specialist subagents via the Task tool, and verify each result before proceeding.

Iterative execution loopRecommended

Run multi-step work as a resumable loop backed by a durable plan file: plan once, execute one task at a time, record intermediate outputs, check it off, and continue until done.

Exception handlingRecommended

Org standard for errors: no swallowed exceptions, wrap-with-context, typed error taxonomy, a single client-facing error envelope, never leak stack traces.

Structured loggingRecommended

Org standard for logs: structured JSON, correct level semantics, correlation/trace IDs, and mandatory secret/PII redaction.

SOLID design principlesRecommended

Apply SOLID as actionable do/don'ts while writing or refactoring: single responsibility, open/closed, Liskov, interface segregation, dependency inversion.

Governance & guardrails

Secure-coding guardrailsRecommended

Secure-by-default rules applied while generating code: parameterized queries, authz checks, no secrets, safe file/URL handling.

Responsible-AI guardrailsRecommended

Accountability and provenance rules for AI-generated changes: human ownership, disclosure, no fabricated APIs.

Stack rules

TypeScript

Strict typing, no any, discriminated unions, explicit error handling.

Next.js (App Router)

Server Components by default, client only when interactive, data fetching in RSC.

React

Composable components, correct hooks usage, accessible markup.

Angular

Standalone components, typed reactive forms, RxJS hygiene, OnPush.

Python

Type hints, explicit errors, no bare excepts, idiomatic standard library.

.NET / ASP.NET

Nullable reference types, async/await, DI, EF Core safety.

Java / Spring Boot

Constructor injection, immutability, layered architecture, no field injection.

Java / Spring Security

Spring Security secure defaults: explicit method authorization, CSRF, safe deserialization, parameterized JPA, secrets from config, no stack-trace leaks.

API design guidelines

REST conventions: resource naming, versioning, pagination, idempotency, status-code map, and the standard error envelope.

React branding & design system

Use brand design tokens, not hardcoded values; theme via the design system; dark-mode and accessibility by default.

SQL & database

Parameterized queries, indexed access paths, safe migrations.

Node.js / Express

Async error handling, input validation, no blocking the event loop.

Playwright testing

Role-based locators, web-first assertions, no fixed sleeps, isolated tests.

JUnit testing (Java)

JUnit 5 conventions: descriptive @DisplayName, AAA structure, Mockito at the boundary, parameterized tests, Spring slice tests, no Thread.sleep, behavior over implementation.

Commands

Reusable slash commands (e.g. /pr-generation, /commit-message). Recommended ones are pre-selected.

/pr-generationRecommended

Generate a pull request title and description from the current branch's changes, with a summary, change list, test notes, and risk callouts.

/commit-messageRecommended

Write a Conventional Commits message from the staged changes — a focused subject plus an explanatory body.

/continueRecommended

Resume the iterative execution loop: read the durable plan, pick up from the first unchecked task, and keep going until the plan is done.

MCP Servers

Connect external tools via Model Context Protocol. Auto-recommended based on your tech stack.

Azure DevOps MCP for Evoke

Pre-configured Azure DevOps MCP server for Claude Code — work items, repos, PRs, and pipelines from chat.

Confluence MCP for EvokeRecommended

Pre-configured Atlassian Confluence MCP server for Claude Code — search, read, and write internal documentation pages from chat.

CONFLUENCE_HOSTCONFLUENCE_EMAILCONFLUENCE_API_TOKENCONFLUENCE_DEFAULT_SPACE
Figma MCP for Evoke

Pre-configured Figma MCP server for Claude Code — read design files and convert frames to component specs for design-to-code workflows.

Filesystem MCP for EvokeRecommended

Pre-configured filesystem MCP server for Claude Code — safe, scoped read/write access to project files.

GitHub MCP for Evoke

Pre-configured GitHub MCP server for Claude Code — issues, PRs, code search, and Actions from chat.

Jira MCP for EvokeRecommended

Pre-configured Jira MCP server for Claude Code with Evoke's standard project setup.

JIRA_HOSTJIRA_EMAILJIRA_API_TOKEN
Playwright MCP — Browser Automation

Set up Microsoft's official Playwright MCP server so Claude Code can drive a real browser — navigate, click, fill forms, run the test cases you generated.

Postgres MCP for Evoke

Pre-configured Postgres MCP server for Claude Code — schema inspection and read-only queries to make database work safer and faster.

Guardrail hooks

Hard blocks enforced before a tool runs — destructive deletes, dropping tables, force-push. On by default.

Block destructive folder deletesRecommended

Refuses recursive force deletes (rm -rf / rm -fr) from the agent. The single most common way an agent wipes a working tree.

Block dropping / truncating tablesRecommended

Refuses DROP TABLE/DATABASE/SCHEMA and TRUNCATE in shell commands (psql, mysql, sqlcmd, migration runners). Stops irreversible data loss.

Block force-push to shared historyRecommended

Refuses 'git push --force' / '-f' (allows --force-with-lease). Prevents the agent from overwriting teammates' commits on a shared branch.

Step 1 of 3
Your kit26 files
Drop these into your repo root. Click a file to preview & copy.

Command Palette

Search for a command to run...