Skwaq Development Assistant

An AI agent system (Skwaq - from Lushootseed word for Raven) for researching software vulnerabilities. This skill guides implementation following the project's specification documents, maintains status tracking, and enforces strict code quality standards.

What This Skill Does

Implements features step-by-step following `/Specifications/ImplementationPlan.md`

Maintains project status in `/Specifications/status.md`

Records all interactions in `/Specifications/prompt-history.md`

Enforces code quality standards (Black, isort, mypy, pydocstyle)

Ensures all tests pass before milestone progression

Uses Neo4j for data storage and Azure OpenAI for inference

Works with autogen-core (NOT pyautogen or autogen-agentchat)

Instructions

Before Starting Any Work

1. **Check current status**:

- Read `/Specifications/status.md` to understand current milestone

- Read `/Specifications/VulnerabilityAssessmentCopilot.md` for project context

- Read `/Specifications/ImplementationPlan.md` for implementation steps

2. **Update prompt history** (MANDATORY):

- Open `/Specifications/prompt-history.md`

- Add new entry: "## Prompt N (YYYY-MM-DD)"

- Record user's exact request

- After completing work, add 3-7 bullet points summarizing your actions

Code Implementation Guidelines

**Modularity & Design**:

Maintain clear separation of concerns (knowledge ingestion, code ingestion, analysis)

Use composition over inheritance

Follow Strategy pattern for varying behaviors

Follow Factory pattern for object creation

Keep functions under 50 lines, single responsibility

Limit parameters to 5 or fewer

**Code Quality Standards**:

Line length: 100 characters maximum

Use Black + isort for formatting (profile=black)

Google-style docstrings with explicit type hints

snake_case for functions/variables, PascalCase for classes

Mypy strict mode (no implicit types)

Absolute imports only

Catch specific exceptions, log before re-raising

Use dataclasses for configuration objects

**Project Structure**:

Core logic: `skwaq/` with modular components

Tests: `tests/` (mirror package structure)

Shared utilities: `skwaq/shared/`

Database: `skwaq/db/`

Ingestion: `skwaq/ingestion/`

Utils: `skwaq/utils/`

**Error Handling**:

Handle errors explicitly at appropriate levels

Use specific exception types (never bare `except:`)

Document expected exceptions in docstrings

Log errors with context before re-raising

Testing Requirements (CRITICAL)

**Before Moving to Next Milestone**:

1. Run full test suite: `pytest tests/ --cov=skwaq`

2. Ensure ALL tests pass (no failures anywhere in project)

3. If tests fail:

- STOP immediately

- Think carefully about the code being tested

- Consider necessary setup conditions

- Carefully construct/fix the test to validate functionality

- Fix either the code OR the test

- Re-run ALL tests

4. Only proceed when all tests pass

**Test Writing**:

Write unit tests for individual functions/methods

Write integration tests for module interactions (no mocks for components being tested)

When creating shared test resources, place in appropriate test fixtures

Ensure public interfaces are well-tested

Use dependency injection for testability

Maintain coverage during refactoring

Development Workflow

**For Each Implementation Step**:

1. **Read the plan**: Check `/Specifications/ImplementationPlan.md` for current step

2. **Implement**: Write code following guidelines above

3. **Run linters**: `pre-commit run --all-files`

4. **Run tests**: `pytest tests/ --cov=skwaq`

5. **Fix failures**: Do NOT proceed if any test fails

6. **Commit**: Use git commit after each completed step

7. **Update status**: Modify `/Specifications/status.md` with progress

8. **Update prompt history**: Add entry to `/Specifications/prompt-history.md`

**Commands**:

```bash

Run all tests with coverage

pytest tests/ --cov=skwaq

Run single test

pytest tests/path/to/test_file.py::TestClass::test_function

Run linters

pre-commit run --all-files

Format code

black .

Check types

mypy .

Run full CI locally

./scripts/ci/run-local-ci.sh

```

Important Technical Constraints

**Autogen Usage**:

Use `autogen-core` ONLY (not `pyautogen` or `autogen-agentchat`)

Rewrite any modules using pyautogen to use autogen-core

Reference `/autogen-doc.md` and online docs when working with agents

**Azure & GitHub Access**:

Use Azure OpenAI API with tenant: Microsoft

Subscription: adapt-appsci1 (be51a72b-4d76-4627-9a17-7dd26245da7b)

Use `gh` CLI for GitHub credentials

**Database**:

Neo4j for data storage

Reference Neo4j docs for semantic indexes and knowledge graphs

When Blocked or Unclear

1. **Update status**: Record the blocker in `/Specifications/status.md`

2. **Update prompt history**: Document the issue

3. **Ask for clarification**: Do not guess or assume requirements

4. **Do not proceed**: Wait for user guidance before continuing

Mandatory Status Tracking

**Always maintain `/Specifications/status.md`**:

Current milestone

Completed steps

In-progress steps

Blockers or issues

Next steps

**Always maintain `/Specifications/prompt-history.md`**:

Sequential prompt numbers

Exact user requests

3-7 bullet point response summaries

Current date for each entry

Code Reuse & Anti-Patterns

**Do**:

Extract shared code into utility modules

Use composition and delegation

Create reusable abstractions

Utilize `skwaq/shared/` for cross-cutting concerns

Follow established patterns in existing codebase

**Don't**:

Duplicate functionality across modules

Create deeply nested inheritance hierarchies

Ignore errors in existing codebase (fix anti-patterns as you encounter them)

Move forward with failing tests

Skip documentation or type hints

Example Usage

**Starting work**:

1. User: "Implement the knowledge ingestion module"

2. You: Read status.md, check ImplementationPlan.md, update prompt-history.md

3. You: Implement following code guidelines

4. You: Run tests, fix any failures

5. You: Commit, update status.md and prompt-history.md

**Handling test failures**:

1. Test fails

2. STOP immediately (do not continue implementation)

3. Analyze the test and the code being tested

4. Determine root cause

5. Fix code OR fix test

6. Re-run ALL tests

7. Only proceed when all tests pass

Success Criteria

All code follows style guidelines (Black, isort, mypy strict)

All tests pass before milestone completion

Status tracked in `/Specifications/status.md`

All prompts recorded in `/Specifications/prompt-history.md`

No use of pyautogen (only autogen-core)

Commits made after each implementation step

Project builds without errors

Test coverage maintained

Skwaq Development Assistant

Skwaq Development Assistant

What This Skill Does

Instructions

Before Starting Any Work

Code Implementation Guidelines

Testing Requirements (CRITICAL)

Development Workflow

Run all tests with coverage

Run single test

Run linters

Format code

Check types

Run full CI locally

Important Technical Constraints

When Blocked or Unclear

Mandatory Status Tracking

Code Reuse & Anti-Patterns

Example Usage

Success Criteria

Reviews (0)