From pipecrew
Applies small, well-specified changes (audit-finding fixes, codemods, convention enforcement, mechanical migrations) using reusable fix recipes. Use when the WHAT is already known and the blast radius is small.
How this skill is triggered — by the user, by Claude, or both
Slash command
/pipecrew:patchThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
`/patch` is the **low-altitude gear** for PipeCrew. `/deliver` decides *what to build*;
/patch is the low-altitude gear for PipeCrew. /deliver decides what to build;
/patch applies what's already decided. Where /deliver re-derives design and review
criteria every run via expensive agents, /patch reads them from memory — a library of
fix recipes (each a fix template AND a detector), ADRs, and per-repo verify checklists.
That makes a known class of change near-free to repeat, and it gets cheaper the more you use it.
Use it for: audit-finding remediation, recipe sweeps (codemods), applying a reviewer/PR
comment, enforcing a remembered convention, mechanical migrations, or /troubleshoot fixups.
Do NOT use it for new features, anything needing requirements/UX discovery, or a real
cross-repo contract (spec/schema) change — those are /deliver. The skill self-detects this
and bounces (see "Escalation boundary").
/patch [work-selector] [flags]
| Selector | Meaning |
|---|---|
| (none) | Interactive — list the workspace's context/audit-findings.md backlog and prompt for scope |
--findings=F1,F2,… | Specific audit-finding IDs from context/audit-findings.md |
"free-form text" | A described small change ("stop the bare except in abvi_email_sender.py") |
--recipe=<name> --sweep | Codemod mode — run a recipe's match pattern across all repos, fix every hit. No findings doc needed. |
--from-troubleshoot=<report-path> | Consume a /troubleshoot report's root-cause file:line as the work item |
--from-review=<report-path> | Apply a /review or /deliver Phase 5.5 report's findings as a fix round |
| Flag | Default | Effect |
|---|---|---|
--workspace=<slug> | auto-detect | Workspace config. Auto-detects if only one exists. |
--no-worktrees | worktrees ON | Work in-place on each repo's current branch (good for tiny edits). |
--review | OFF | Add a real read-only reviewer dispatch on top of the completeness pass (for non-trivial patches). |
--commit | OFF | Commit each touched repo after the gate (descriptive message per repo). |
--no-learn | OFF | Skip writing new/updated recipes + gotchas back to memory at the end. |
--branch=<name> | patch/<slug> | Feature/worktree branch name. |
--dry-run | OFF | Match + plan + show the intended diff, then stop. No edits. |
/patch --findings=F1,F2,F3,F4 # remediate specific audit findings
/patch "externalize the hardcoded API key in auth application.properties"
/patch --recipe=deliteralize-aws-account-id --sweep # codemod across all repos
/patch --from-troubleshoot=runs/troubleshoot/2026-06-12-…/report.md --commit
/patch --findings=F3 --review --no-worktrees
/patch pauses for the user exactly once (Step 4, plan + diff). No
requirements/architecture/spec/plan/review gates. (--review adds a reviewer dispatch, not
a second user gate, unless it surfaces a blocker.)verify rules. This is the safety fix for the reviewer-reverting-work failure mode:
the default verifier cannot mutate the worktree. If --review dispatches a reviewer agent,
that agent MUST be read-only (it produces findings only; it never edits or runs mutating git)./deliver.Agent dispatch — never claude -p. Implementer subagent_type is resolved
per repo type via the TYPE_TO_AGENT table (same as /deliver, see phases/dispatch-rules.md).rules/transient-failures.md), checkpoint
events (rules/observability.md), and gate open/close (scripts/gate.js) work exactly as in
/deliver. Emit run_start / phase_* / agent_end / run_end events to checkpoints.jsonl.{workspace_root} via node {plugin_dir}/scripts/workspace-root.js --get.--workspace=<slug> → {workspace_root}/{slug}/config.json; else scan
{workspace_root}/*/config.json (one → use it; many → ask). Validate with
node {plugin_dir}/scripts/validate-config.js <path>. Stop on failure.{workspace_root}/{slug}/runs/patch/{run_id}/ where
run_id = {YYYY-MM-DD-HHMMSS}-{slug-of-selector}. Subdirs: outputs/, tasks/. Emit
run_start to {run_dir}/checkpoints.jsonl (skill: "patch").Read, in order, only what's relevant:
{workspace_root}/{slug}/context/recipes/*.yml. The plugin ships
NO recipes; a recipe library is grown per workspace (by /patch and /learn). On a brand-new
workspace this is empty — every item starts as an unmatched-triage in Step 3 and seeds the first
recipes. If the directory is missing, create it on first write.{workspace_root}/{slug}/context/adrs/INDEX.md{workspace_root}/{slug}/context/audit-findings.mdMEMORY.md store, for operational gotchas (e.g. untracked
CLAUDE.md in worktrees, stale base branches) and user prefs. Honor them.CLAUDE.md is read lazily by the implementer, only for repos actually touched.Resolve the work selector to a concrete list of {repo, target file:line, intended change}:
--findings → pull each finding's text from audit-findings.md; verify it against current
code (line numbers drift — grep the cited symbol/literal, don't trust the stored line).--recipe … --sweep → run the recipe's match pattern across all repos (grep/glob); every
hit becomes a work item. No findings doc required — the recipe is the detector.--from-troubleshoot / --from-review → parse the report's file:line + problem.Group items by repo. Items in the same repo are applied sequentially (one worktree); different repos run in parallel.
For each item:
match pattern + tags. On a hit, attach the recipe's fix,
verify, and follow_up to the item. No design work — the recipe is the design./patch may escalate. Either:
solution-architect micro-call for that item only, or/deliver (see
Escalation boundary) and drop the item from this run with a note.
Capture the resolution as a new recipe (written in Step 7) so the next instance is free.Write one lean task file per item to {run_dir}/tasks/{slug}.md (target, recipe, fix, verify).
Present the plan: per item — repo, target, the recipe being applied (or "triaged: "),
and the intended change. If --dry-run, also render the would-be diff and STOP here.
Open the gate: node {plugin_dir}/scripts/gate.js open --run-dir={run_dir} --phase=apply --gate=approval --question="Apply these N patches?". On the user's answer, close the gate.
no → stop. yes → proceed.
git -C {repo} worktree add ../{repo}-{slug} -b {branch}.
With --no-worktrees, work in-place on the current branch. (Honor the memory gotcha: if a
repo's CLAUDE.md / agent-context is untracked, the implementer reads it from the MAIN checkout,
not the worktree.)type). The prompt points at the
repo's task file(s) + worktree path and carries the recipe's fix directive. Same-repo items
go to one implementer, applied sequentially. Different repos dispatch in parallel (one message).status: todo → done and report files+lines changed.For each item, run its recipe's verify rules directly from the orchestrator (Bash):
grep "<literal>" == 0 hits, mvn -q -DskipTests compile, cdk synth, py_compile.--review was passed, ALSO dispatch the matching read-only reviewer (TYPE_TO_AGENT reviewer
column) for a craft pass. A reviewer that attempts a mutating command is a defect — flag it; never
let a reviewer's edit/revert stand.Any failed verify → record against the item, attempt one fix re-dispatch (per
rules/transient-failures.md cadence), then surface remaining failures at Step 7 (don't swallow).
{run_dir}/report.md: items, per-repo files changed, verify results, and the
follow-ups aggregated from each applied recipe's follow_up (e.g. "inject ENV_VAR / rotate
secret"). Emit run_end.context/audit-findings.md marking the fixed items.--no-learn:
context/recipes/ for any newly-triaged class, and bump each
applied recipe's seen_in: list./patch — that is /learn's job, human-gated.)--commit: commit each touched repo (git add -u to skip build artifacts) with a message
citing the recipe/finding IDs and ending with the standard Co-Authored-By line. /patch never
pushes or opens PRs — hand to the user or /deliver --with-pr for that.A recipe is both a fix template and a detector. Schema + authoring rules: skills/patch/recipe-schema.md.
Recipes are workspace-scoped — they live ONLY at {workspace_root}/{slug}/context/recipes/*.yml.
The plugin ships no recipes: a recipe encodes a team's convention (and often cites a workspace ADR),
so it belongs to the workspace, where it stays reusable across that workspace's repos and survives
plugin upgrades. /patch reads and writes this directory; /learn may also write to it. A fresh
workspace starts empty and grows its library as /patch triages new classes.
Refuse and hand off the moment the what is unknown. Concrete trip-wires:
When bouncing: print This needs design — run: /deliver "<restated change>" [flags] and stop the
affected item. A one-line config/code edit is a patch; "publishers can choose contract type" is not.
--review); never a mutating reviewer./deliver).--commit is the furthest it goes.)npx claudepluginhub pipecrew-ai/pipecrew --plugin pipecrewProvides structured workflow packs for 7 common Claude Code tasks: codebase exploration, bug fixing, safe refactoring, TDD, repo review before merge, CLAUDE.md generation, and migration planning.
Lightweight plan→implement→optional PR workflow for trivial fixes, config tweaks, single-file changes, or exploratory work that doesn't warrant subagent dispatch or two-stage review.