Stats
Actions
Tags
From devflow-enforcer
Capture a lesson learned when closing a finding. MANDATORY skill - cannot close findings without capturing lessons. Use when resolving issues, bugs, or findings to prevent repeated mistakes.
How this skill is triggered — by the user, by Claude, or both
Slash command
/devflow-enforcer:capture-lessonThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This skill captures a lesson learned when closing a finding. It is MANDATORY - you cannot close findings without capturing what was learned.
This skill captures a lesson learned when closing a finding. It is MANDATORY - you cannot close findings without capturing what was learned.
CRITICAL ENFORCEMENT: This skill enforces knowledge retention. Every closed finding MUST have an associated lesson.
Per workflow requirement: "When a finding is closed, the workflow must enforce documenting what was learned."
This prevents:
1. VALIDATE required fields
2. CREATE LessonLearned object
3. SAVE to templates/lessons-learned.md
4. LINK to finding
5. CONFIRM capture complete
| Parameter | Type | Description | Required |
|---|---|---|---|
| findingId | string | ID of the finding being closed | Yes |
| category | enum | Technical, Process, Communication, Tooling | Yes |
| title | string | Brief title of the lesson (max 80 chars) | Yes |
| description | string | What was the issue? | Yes |
| rootCause | string | Why did this happen? | Yes |
| solution | string | How was it resolved? | Yes |
| preventionSteps | string[] | Steps to prevent recurrence | Yes |
| tags | string[] | Tags for categorization | No |
| priority | enum | Critical, High, Medium, Low | No (default: High) |
| Category | Description | Example |
|---|---|---|
| Technical | Code, architecture, infrastructure | "Always validate API responses" |
| Process | Workflow, methodology, procedures | "Review PRs before merging" |
| Communication | Documentation, collaboration | "Document API changes in changelog" |
| Tooling | Build tools, CI/CD, frameworks | "Pin dependency versions" |
## Lesson Captured: [Title]
- **ID:** LESSON-[timestamp]-[random]
- **Finding:** [findingId]
- **Category:** [category]
- **Priority:** [priority]
- **Captured:** [timestamp]
### Problem
[description]
### Root Cause
[rootCause]
### Solution
[solution]
### Prevention Steps
1. [step 1]
2. [step 2]
...
### Tags
[tag1], [tag2], ...
---
*This lesson has been saved to templates/lessons-learned.md*
USER: I fixed the SQL injection vulnerability in the user search feature.
[Agent captures lesson]
SKILL INPUT:
{
"findingId": "FIND-2026-0217-001",
"category": "Technical",
"title": "SQL Injection in User Search",
"description": "User search feature was vulnerable to SQL injection attacks through the name parameter",
"rootCause": "Direct string concatenation in SQL query instead of parameterized queries",
"solution": "Replaced string concatenation with parameterized queries using the ORM",
"preventionSteps": [
"Always use parameterized queries for database operations",
"Never trust user input - always sanitize",
"Run SQL injection scans in CI/CD pipeline"
],
"tags": ["security", "sql", "injection", "database"],
"priority": "Critical"
}
SKILL OUTPUT:
## Lesson Captured: SQL Injection in User Search
- **ID:** LESSON-20260217-a1b2c3d4
- **Finding:** FIND-2026-0217-001
- **Category:** Technical
- **Priority:** Critical
- **Captured:** 2026-02-17T11:30:00Z
### Problem
User search feature was vulnerable to SQL injection attacks through the name parameter
### Root Cause
Direct string concatenation in SQL query instead of parameterized queries
### Solution
Replaced string concatenation with parameterized queries using the ORM
### Prevention Steps
1. Always use parameterized queries for database operations
2. Never trust user input - always sanitize
3. Run SQL injection scans in CI/CD pipeline
### Tags
security, sql, injection, database
---
*This lesson has been saved to templates/lessons-learned.md*
USER: The build failed because we forgot to update the lock file.
SKILL INPUT:
{
"findingId": "FIND-2026-0217-002",
"category": "Process",
"title": "Package Lock File Not Updated",
"description": "Build failed because package-lock.json was not updated after adding new dependency",
"rootCause": "Developer added dependency but did not commit lock file changes",
"solution": "Added pre-commit hook to verify lock file is updated when package.json changes",
"preventionSteps": [
"Always commit lock file when changing package.json",
"Run npm ci instead of npm install in CI",
"Add pre-commit hook to check for lock file sync"
],
"tags": ["build", "npm", "dependencies", "ci"],
"priority": "Medium"
}
templates/lessons-learned.mdcheck-lessons skill before agent workFINDING CREATED → ASSIGNED → RESOLVED → [CAPTURE LESSON] → CLOSED
↑
MANDATORY STEP
| Error | Cause | Resolution |
|---|---|---|
| "Finding ID required" | No findingId provided | Provide the finding ID |
| "Description required" | Empty description | Describe what the issue was |
| "Root cause required" | Empty rootCause | Explain why this happened |
| "Solution required" | Empty solution | Explain how it was fixed |
| "Prevention steps required" | Empty preventionSteps | List steps to prevent recurrence |
| "Invalid category" | Category not in enum | Use: Technical, Process, Communication, Tooling |
templates/lessons-learned.md - Lessons are appended herefindings.md - Finding updated with lesson reference.devflow/context-checkpoint.md - Included in context checkpointsnpx claudepluginhub xarlord/devflow-enforcer --plugin devflow-enforcerCaptures structured lessons learned entries for organizational memory after incidents, completed projects, or significant learnings to preserve knowledge for future teams.
Records reusable lessons from resolved bug fixes, architectural changes, interface updates, or recurring pitfalls into project memory docs, anchored to git commits.
Captures learnings from completed development sessions into reusable knowledge files organized by pattern, pitfall, decision, tool insight, and process improvement.