npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@saitarrunpitta/devforge-ai

v2.0.4

Published

Agentic workflow for developers. 10 agents, 36 skills, 10 commands, 5 phases — Plan → Build → Verify → Ship → Operate with Ralph Loop self-correction and Linear issue integration.

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

saitarrunpittasaitarrunpitta

Keywords

flowforgeclaude-codeclaude-code-pluginsdlcsdlc-workflowsdlc-orchestrationworkflow-automationai-agentsmulti-agent-systemagent-orchestrationsoftware-developmentsoftware-engineeringdevelopmenttestingsecuritydevopscode-generationarchitecture-designarchitecture-decision-recordsadrthreat-modelingsecurity-auditcode-qualitycode-reviewtesting-frameworktest-automationdeployment-automationci-cdautomation-frameworkai-powereddeveloper-toolsproductivitypluginorchestrationautomationagents

Readme

DevForge AI

npm version License: MIT Node.js SDLC Automation

Agentic SDLC orchestration for Claude Code. DevForge AI turns an idea into a planned, built, verified, shipped, and operated feature using role-specific agents, tracer bullet slices, quality gates, and handoff documents.

This is not a one-shot code generator. DevForge AI is a delivery workflow: product thinking first, thin vertical slices, feedback loops, security and performance checks, deployment assets, and operational follow-through.

Quickstart

  1. Install the package:
sudo npm install -g devforge-ai
  1. Install the DevForge AI agents, skills, commands, and integrations into Claude Code:
devforge-ai install
  1. Restart Claude Code, then run the full pipeline:
/sdlc "build a login page"
  1. Or run one phase at a time:
/sdlc-plan "add OAuth login"
/sdlc-build
/sdlc-verify
/sdlc-ship
/sdlc-operate

Install From Source

git clone https://github.com/saitarrun/devforge-ai
cd devforge-ai
npm install
npm run install-local

Restart Claude Code after installing. See INSTALLATION.md for update, symlink, and uninstall instructions.

Why DevForge AI Exists

DevForge AI is built around the common places AI-assisted engineering breaks down.

1. The Agent Builds The Wrong Thing

The first failure mode is misalignment. A feature request sounds obvious until the agent fills in the wrong blanks.

DevForge AI starts with /sdlc-plan, where the product-manager agent runs a structured interview, writes grill-summary.md, produces scope.json, synthesizes a PRD, and creates implementation issues. The result is a concrete build plan before any code is written.

Use this when:

  • The idea is still fuzzy
  • You need user stories and acceptance criteria
  • You want vertical slices instead of a giant implementation blob
  • You want requirements captured as artifacts, not lost in chat history

2. The Work Is Too Big To Trust

Large agent tasks fail because the feedback loop is too slow. DevForge AI breaks features into tracer bullet slices: thin increments that cut through schema, API, UI, and tests where needed.

Each slice is tracked in scope.json:

{
  "capability_flags": {
    "has_ui": true,
    "has_auth": true
  },
  "slices": [
    {
      "id": "slice-0",
      "name": "Project scaffold + health check",
      "type": "prefactor",
      "layers": ["schema", "api", "tests"]
    },
    {
      "id": "slice-1",
      "name": "User can log in",
      "type": "feature",
      "layers": ["schema", "api", "ui", "tests"]
    }
  ]
}

The first slice establishes the foundation. Every later slice delivers one user-visible increment and appends its result to implementation-log.md.

3. The Code Does Not Work

DevForge AI uses the Ralph Loop during build work:

  • Implement one slice
  • Run the relevant type checks and tests
  • Retry with fresh context when verification fails
  • Stop at a circuit breaker instead of looping silently
  • Run cross-slice QA after feature slices are complete

This gives the agent a disciplined feedback loop instead of relying on confidence.

4. The Process Loses Context

Long SDLC sessions can drown the model in stale conversation history. DevForge AI uses handoff documents at phase gates:

plan-handoff.md   -> /sdlc-build
build-handoff.md  -> /sdlc-verify
verify-handoff.md -> /sdlc-ship
ship-handoff.md   -> /sdlc-operate

Each phase reads the handoff first, then starts with bounded context. Decisions survive, but unnecessary chat history does not.

5. Shipping Is Not The End

DevForge AI includes verification, deployment, and operations phases. The workflow does not stop when code compiles.

The later phases cover:

  • Security review and OWASP checks
  • Performance profiling when required
  • CI/CD, Docker, Kubernetes, and infrastructure artifacts
  • SLOs, monitoring, runbooks, and operational readiness
  • Data pipeline planning when the feature needs it

How The Pipeline Works

| Phase | Command | Primary agents | Output | | --- | --- | --- | --- | | Plan | /sdlc-plan | product-manager | grill-summary.md, scope.json, 01-prd.md, issues | | Build | /sdlc-build | ux-designer, fullstack-engineer, qa-engineer | ux-design.md, code, tests, implementation-log.md | | Verify | /sdlc-verify | security-engineer, performance-engineer | security and performance reports | | Ship | /sdlc-ship | devops-engineer | CI/CD, Docker, Kubernetes, IaC, release notes | | Operate | /sdlc-operate | sre-engineer, data-engineer | SLOs, runbooks, monitoring, data pipeline docs |

Some agents are scope-gated:

  • ux-designer runs when has_ui is true
  • performance-engineer runs when needs_performance_audit is true
  • data-engineer runs when has_data_pipeline is true
  • Security monitoring is added when has_auth is true

Project Artifacts

Every SDLC run writes into a project folder:

./projects/<feature-name>/
  grill-summary.md
  scope.json
  docs/
    01-prd.md
    ux-design.md
    implementation-log.md
    security-report.md
    performance-report.md
    05-pipeline.log
    06-slo.md
  handoffs/
    plan-handoff.md
    build-handoff.md
    verify-handoff.md
    ship-handoff.md

Reference

DevForge AI is split into commands, agents, and skills.

Commands are what you type. Agents are the role-specific workers. Skills are methodology documents that agents load when their task needs that discipline.

Commands

  • /sdlc - Master orchestrator for the full Plan -> Build -> Verify -> Ship -> Operate pipeline.
  • /sdlc-plan - Product planning, interview, PRD, scope, and issues.
  • /sdlc-build - UX design, slice implementation, Ralph Loop retries, and QA.
  • /sdlc-verify - Security and performance verification.
  • /sdlc-ship - CI/CD, cloud infrastructure, containerization, and release.
  • /sdlc-operate - SLOs, runbooks, monitoring, and data pipelines.
  • /sdlc-implement - Standalone issue or free-form implementation with Ralph Loop verification.
  • /sdlc-review - Pull request review using parallel reviewer perspectives.
  • /to-prd - Regenerate a PRD from existing planning artifacts.
  • /to-issues - Create one issue per tracer bullet slice from scope.json.

Agents

  • product-manager - Runs the planning interview, decomposes features, writes scope.json, and drives PRD and issue creation.
  • ux-designer - Produces wireframes, design tokens, component specs, and interaction states when the feature has UI.
  • fullstack-engineer - Implements vertical slices across schema, API, UI, and tests.
  • qa-engineer - Writes and runs cross-slice E2E tests after implementation.
  • security-engineer - Performs SAST, OWASP, dependency scanning, and pentest work when required.
  • performance-engineer - Profiles bottlenecks, validates performance budgets, and recommends optimizations.
  • devops-engineer - Builds CI/CD, Docker, Kubernetes, Terraform, and release procedures.
  • sre-engineer - Defines SLOs, dashboards, alerts, runbooks, and security operations.
  • data-engineer - Designs ETL/ELT pipelines, analytics schemas, schedules, and data quality checks.
  • technical-writer - Produces API docs, guides, tutorials, and developer-facing documentation.

Core Skills

These are the skills most central to the DevForge AI pipeline:

  • grill-me - Structured interrogation before planning.
  • requirements - User stories, acceptance criteria, ambiguity checks, and INVEST-style decomposition.
  • prd-synthesis - Converts context into product requirements.
  • to-prd - Synthesizes PRDs from current context and planning artifacts.
  • to-issues - Converts plans into independently-grabbable issues.
  • plan-breakdown - Breaks work into implementation slices.
  • ralph-loop - Self-correcting build loop with retries and circuit breakers.
  • handoff - Compacts phase context into handoff documents.
  • ux-design - UX design discipline for UI-bearing features.
  • prototype - Throwaway prototypes for UI or state-model exploration.
  • tdd - Red-green-refactor test-driven development.
  • testing - Test strategy and coverage discipline.
  • playwright - Browser automation and E2E testing.

Engineering Skills

  • architecture - System design, ADRs, coupling, service boundaries, and tradeoffs.
  • architecture-refactor - Finds architecture improvement opportunities.
  • api-design - API contracts, OpenAPI, versioning, error design, and compatibility.
  • code-quality - Linting, tests, coverage, security checks, and CI guardrails.
  • code-standards - Naming, structure, maintainability, and implementation conventions.
  • code-review - Review discipline for correctness and maintainability.
  • pr-review - Pull request review patterns.
  • diagnose - Reproduce, minimize, hypothesize, instrument, fix, and regression-test.
  • zoom-out - Higher-level context when the codebase shape is unclear.
  • dependency-management - Version updates, CVEs, licenses, and transitive dependencies.
  • configuration-management - Secrets, environment config, feature flags, and auditability.
  • documentation - Docs-as-code, examples, tutorials, and API docs.
  • write-skill - Guidance for authoring new skills.

Security, Delivery, And Operations Skills

  • security-audit - Security review, OWASP checks, and vulnerability scanning.
  • threat-modeling - STRIDE and attack-surface analysis.
  • performance-optimization - Profiling, benchmarking, and performance budgets.
  • observability - Metrics, logs, traces, dashboards, alerts, and SLOs.
  • cicd - CI/CD pipeline design.
  • cloud-infra - Cloud infrastructure, networking, compute, and managed services.
  • precommit-hooks - Husky, lint-staged, formatting, type checks, and test hooks.
  • git-safety - Git guardrails for destructive commands.
  • ops-sre - SRE practices, runbooks, incidents, and reliability operations.
  • issue-triage - Issue workflow and triage state management.

Development

Validate the plugin structure:

npm run validate

Install locally while developing:

npm run install-local

Uninstall local files:

npm run uninstall

Check the npm package contents:

npm pack --dry-run

Built On

  • Tracer bullet development
  • Red-green-refactor feedback loops
  • Handoff-bounded context windows
  • Product requirements before implementation
  • Security and performance checks before shipping
  • SLO-driven operations after release

License

MIT