vekta ← Home
§ The Cheatsheet · Keep It Open

Keep this open.

One-page reference. Size your browser narrow and dock it next to Claude Desktop.

§ 01 · Session Rhythm

One feature. Start to ship.

/sharpen "<rough ask>"
Score ≥ 8/10 unlocks planning
/plan
Approve plan, exit plan mode
supervisor
Anything bigger than a single-file change
/verify-plan
Every plan item must have file:line evidence
GO ↓
/review
Principal-engineer read of the diff
/security-review
If auth · data · LLM · hot paths
/a11y-audit + /validate-visual
If UI
/ship-it
Full pre-deploy checklist
GO ↓
/pr
Opens draft · verification-auditor runs again

Skip steps that don't apply. A typo fix skips /sharpen and supervisor. A two-page feature touches every step.

A realistic flow · four of them together

Scenario: you want to add a CPV sparkline to /agents/[id].

  1. /sharpen "add a CPV sparkline to the account detail page" prompt-auditor scores 3/10, returns 10 questions
  2. You answer the 4 most material questions, re-run score 8/10, unlocks planning
  3. /plan Claude drafts a 6-step plan in plan mode you approve, exit plan mode
  4. "supervisor: implement this plan" spawns test-writer, code-reviewer, accessibility-auditor in parallel each specialist works in its own window synthesizes: "3 of 3 specialists green, here are the changes"
  5. /verify-plan verification-auditor cites file:line for each of the 6 plan items verdict GO
  6. /review code-reviewer flags one nit (variable shadowing) you fix
  7. /ship-it make quality + tests + docs-check + secret scan + visual-validator verdict GO
  8. /pr pr-describer writes the title + body verification-auditor runs again pre-PR (belt and suspenders) PR drafted at github.com/…

Decision count stays low — you approve once after /sharpen, once after /plan, once after supervisor, once at /pr. The rest is the kit running in the background while you review outputs.

Two practical tips

§ 02 · Cadence

Daily. Weekly. Monthly.

Daily

Morning /onboard Catch up on branch, open work, overnight PRs
Task switch /checkpoint Dump state to HANDOFF.md so tomorrow's /onboard starts warm
Ctx > 70% /checkpoint → /clear Context rot makes answers worse, not better
3× wrong /clear Sycophancy or stale context. Restart beats another reroll
End of day /checkpoint Mid-feature — tomorrow-you needs what today-you learned

Weekly

Sun 21:00 sync-kit Routine Researches Claude Code / OWASP / stacks / model releases. Opens PR
Fri 17:00 eval-review Routine LLM projects. Worst 50 traces → regression fixtures PR
Mon AM Review both PRs Accept, reject, comment per change
Any day /deps-update Dependency sweep with slopsquatting defense

Monthly

1st of mo. Re-read CLAUDE.md, .claude/rules/, MODEL_NOTES.md. Add new Known Pitfalls that bit you.
1st of mo. Delete commands/agents you never ran. Kit cruft is worse than sparse kit.
1st of mo. ~/claude-code-kit/setup.sh --force — if the kit repo moved ahead
§ 03 · Commands

The five you'll actually use.

/onboard Reads HANDOFF.md + CLAUDE.md + recent commits. Summarizes.
/plan Plan mode. Drafts steps. Waits for approval. Anything > 10 lines.
/review Senior-engineer review of diff, read-only. Before every PR.
/security-review OWASP Top 10 + LLM Top 10. After auth / data / LLM changes.
/ship-it Pre-deploy: quality, tests, docs, secret scan. Before merging.
§ 04 · Agents

The five that carry the kit.

supervisor Orchestrator. Up to 4 specialists in parallel, synthesizes. Multi-file work.
verification-auditor Fresh context. Reads plan + diff. PASS w/ file:line or FAIL per item.
security-reviewer OWASP + LLM Top 10 on the diff. Opus. Hard-fails on secrets, raw SQL, missing authz.
prompt-auditor Scores a rough ask on 8 dimensions. < 8/10 → answer questions before /plan.
code-reviewer Principal-engineer review. Naming, dead code, missing tests, scope creep.
§ 05 · Hooks

What keeps you safe.

All fire 100% of the time. No bypass short of editing the scripts.

block-secrets Writes to .env*; inline sk-*, AKIA*, ghp_*, private keys
protect-bash rm -rf /, forkbombs, dd if=, mkfs.*, chmod 777 /; push to main; --force; reset --hard; drizzle-kit push; supabase db reset; prisma db push; --accept-data-loss; npm publish; --no-verify; pnpm / yarn
forbid-dangerous-patterns = ANY(...::uuid[]) on JSONB columns; 'use cache' + cookies() / headers() in the same file
format-on-save Non-blocking. Runs prettier on every ts/tsx/json/md/css/yml write.
session-start-banner Non-blocking. Injects house rules at session start.
context-warn Non-blocking. Prompts /checkpoint when system signals context pressure.
§ 06 · Thinking Budget

Escalation keywords.

think~4K tokens
think hard~10K
think harder~24K
ultrathink~32K

Default Sonnet. Escalate with /model opus for planning on load-bearing changes or hard debugging.

§ 07 · Status Line

Read the bar.

<model> ⎇ <branch> ctx <%> · $<cost>

Green
< 50% Keep going.
Yellow
50–70% Consider /checkpoint before the next big step.
Red
> 70% /checkpoint now, then /clear.
§ 08 · When It's Off

Recovery moves.

Hook blocked you Read stderr. Tells you what and why. If wrong, edit .claude/hooks/<name>.sh.
Claude went sideways Esc interrupts without losing context. Esc Esc opens checkpoint menu.
Pushed to main You shouldn't be able to. If you forced past: git revert, not git reset --hard. Tell the team.
Subagent hangs Esc. Then /clear if context got polluted.
§ 09 · Extending the Kit

Add with care.

  1. New command. Drop .claude/commands/<name>.md with YAML frontmatter (description:, optional allowed-tools:, argument-hint:).
  2. New subagent. Drop .claude/agents/<name>.md with name:, description:, tools:, model: in frontmatter.
  3. New hook. Drop .claude/hooks/<name>.sh, chmod +x, wire in .claude/settings.json under the appropriate event.
  4. New rule. Drop .claude/rules/<name>.md, import from CLAUDE.md via @.claude/rules/<name>.md.

Commit each addition separately with feat(kit): ...