# Add to your Claude Code skills
git clone https://github.com/codeaholicguy/ai-devkitLast scanned: 4/30/2026
{
"issues": [
{
"type": "npm-audit",
"message": "@swc/cli: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@typescript-eslint/eslint-plugin: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@typescript-eslint/parser: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@typescript-eslint/type-utils: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@typescript-eslint/typescript-estree: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@typescript-eslint/utils: Vulnerability found",
"severity": "high"
},
{
"type": "npm-audit",
"message": "@xhmikosr/archive-type: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/bin-wrapper: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/decompress: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/decompress-tar: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/decompress-tarbz2: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/decompress-targz: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/decompress-unzip: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "@xhmikosr/downloader: Vulnerability found",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "file-type: file-type affected by infinite loop in ASF parser on malformed input with zero-size sub-header",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "follow-redirects: follow-redirects leaks Custom Authentication Headers to Cross-Domain Redirect Targets",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "hono: hono Improperly Handles JSX Attribute Names Allows HTML Injection in hono/jsx SSR",
"severity": "medium"
},
{
"type": "npm-audit",
"message": "minimatch: minimatch has a ReDoS via repeated wildcards with non-matching literal in pattern",
"severity": "high"
},
{
"type": "npm-audit",
"message": "uuid: uuid: Missing buffer bounds check in v3/v5/v6 when buf is provided",
"severity": "medium"
}
],
"status": "WARNING",
"scannedAt": "2026-04-30T06:29:14.739Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}ai-devkit is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by codeaholicguy. The control plane for AI coding agents. It has 1,551 GitHub stars.
ai-devkit returned warnings in SkillsLLM's automated security scan. It has no critical vulnerabilities, but review the flagged issues in the Security Report section before adding it to your workflow.
Clone the repository with "git clone https://github.com/codeaholicguy/ai-devkit" and add it to your Claude Code skills directory (see the Installation section above).
ai-devkit is primarily written in TypeScript. It is open-source under codeaholicguy on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh ai-devkit against similar tools.
No comments yet. Be the first to share your thoughts!
Requires a passing catalog security scan. Resolve the flagged issues and resubmit to enable featuring.
English | 中文
The control plane for AI coding agents.

AI DevKit gives Claude Code, Codex CLI, Gemini CLI, opencode, Pi, Cursor, GitHub Copilot, Devin, and other coding agents one local-first operating layer: one config, one console, local memory retrieval, cross-agent communication, and composable engineering skills led by dev-lifecycle.
.ai-devkit.json reconciles setup across the coding tools your team usesagent console is a live TUI dashboard for supervising local agents across providersagent send lets you route prompts, logs, and test output to running agents@ai-devkit/memory stores decisions, conventions, and fixes in local SQLite so agents search when needed instead of carrying everything in every promptdev-lifecycle, verify, tdd, review, debugging, security, docs, and simplification skills combine into reliable workflowsThe future is many AI coding agents. AI DevKit is the layer that makes them manageable.
Run npx ai-devkit@latest init and your project gets:
| What you need | What AI DevKit installs |
|---|---|
| One setup source | .ai-devkit.json for the agents and workflow you choose |
| Running-agent visibility | agent list, agent detail, and agent console |
| Addressable agents | agent send, --stdin, --wait, and agent groups where supported |
| Retrieval-based memory | Local SQLite memory exposed through MCP and CLI, searched only when useful |
| Composable senior-engineer workflow | dev-lifecycle plus verification, TDD, debugging, review, security, docs, and simplification skills |
Developers whose AI coding setup has grown from one assistant into a small, messy team of agents:
CLAUDE.md / .cursor/rules / AGENTS.md / MCP setup per toolBefore AI DevKit, your agents are powerful but scattered. After AI DevKit, they have shared setup, a control surface, searchable memory, communication paths, and reusable skills that travel with your repo without bloating every prompt.
| Without AI DevKit | With AI DevKit |
|---|---|
| You manage agents as isolated terminal tabs | You supervise them from ai-devkit agent console |
| You hand-maintain every agent setup | One config reconciles agent files, skills, and MCP setup |
| You copy logs and context between sessions | agent send routes prompts and stdin to running agents |
| You repeat project rules in every chat | Agents retrieve relevant memory and docs only when useful |
| The agent jumps from prompt to code | dev-lifecycle guides requirements, design, planning, implementation, testing, and review |
| "Done" means the agent stopped editing | "Done" requires fresh verification output |
npx ai-devkit@latest init
One wizard. Pick your agents, install the control-plane pieces you need, and give every tool the same operating model. It writes project-local files you can review and commit. Re-run it whenever your agent list or workflow changes.
Here's what lands in your repo:
your-project/
├── .ai-devkit.json # single source of truth (re-run init anytime)
├── .claude/ # or .cursor/, .codex/, etc. per agent you picked
│ ├── skills/ # dev-lifecycle, verify, memory, tdd, ...
│ └── settings.json # MCP servers wired up (incl. @ai-devkit/memory)
└── docs/ai/
├── requirements/ # phase 1 — what to build, why
├── design/ # phase 2 — how it'll be built
├── planning/ # phase 3 — task-by-task plan
├── implementation/ # phase 4 — execution notes
└── testing/ # phase 5 — coverage strategy
AI DevKit ships a agent control plane for everyday multi-agent work:
# List running sessions across providers
ai-devkit agent list
# Open the live terminal UI
ai-devkit agent console
# Send a prompt to a running session and wait for the response
ai-devkit agent send "run the tests and report back" --id <agent-name> --wait
# Pipe multi-line output into a running session
npm test 2>&1 | ai-devkit agent send --id <agent-name> --stdin
# Send a prompt to a saved group of agents
ai-devkit agent send "review this branch for release risk" --group reviewers
# Pipe a session through Telegram — operate your agent from your phone
ai-devkit channel start telegram --agent <agent-name> --daemon
Use this when work spans long-running agents, multiple providers, scheduled checks, review loops, or remote control from another channel.
AI DevKit memory is local SQLite knowledge for project decisions, coding conventions, and reusable fixes. Agents retrieve it when a task needs context instead of carrying every fact in every prompt.
# Store a reusable project convention
ai-devkit memory store \
--title "API handlers return DTOs" \
--content "REST handlers should return response DTOs instead of domain entities." \
--tags "api,backend" \
--scope "repo:codeaholicguy/ai-devkit"
# Search before related work
ai-devkit memory search --query "API response convention"
The control plane is useful on its own. For larger or riskier changes, AI DevKit also installs composable skills that make agents behave more like an engineering team.
dev-lifecycle is the anchor skill. It guides the agent through requirements, design, planning, implementation, testing, and review. Other skills plug into that flow:
memory retrieves relevant project knowledge without stuffing all context into the sessionverify blocks completion claims without fresh test or build evidencetdd pushes test-first implementation when behavior changesstructured-debug keeps debugging reproducible instead of guess-and-patchsecurity-review, document-code, and simplify-implementation add focused review passes when the task needs themSave templates/senior-engineer.yaml locally and run:
ai-devkit init --template ./senior-engineer.yaml
Bundles the built-in skills with curated additions from Anthropic, Vercel, and others: TDD, frontend design, webapp testing, doc co-authoring, React best practices, security review, and more.
You: Use the dev-lifecycle skill to start requirements for OAuth login with Google
Agent: Searches memory for prior auth conventions. Asks clarifying
questions about scope, users, success criteria. Drafts
docs/ai/{requirements,design,planning}/feature-oauth-login.md
in a feature worktree. Stops before coding.
You: Ask for a design review of feature-oauth-login
Agent: Audits the design doc against the requirements. Flags gaps,
proposes fixes — before any code gets written.
You: Ask it to execute the implementation plan
Agent: Works the planning doc task-by-task. Updates progress after
each task. The `verify` skill blocks a task from being
marked done without fresh test/build output.
You: Ask for a code review
Agent: Audits the diff against the design doc — scope creep,
missing tests, edge cases the requirements named —
before you push.
The flow above is powered by nine built-in skills, each addressing a failure mode developers see in real AI coding sessions:
| Failure mode | AI DevKit behavior |
|---|---|
| Agent starts coding too early | dev-lifecycle forces requirements, design, planning, implementation, tests, and review |
| Agent says "done" without proof | verify blocks completion claims without fresh test/build evidence |
| Agent commits unrelated local changes | dev-commit checks diffs, stages explicit paths, validates, and reports the SHA/status |
| Agent forgets project decisions | memory gives it a local, searchable knowledge base across sessions and projects |
| New behavior ships without tests | tdd pushes test-first implementation |
| Debugging becomes guess-and-patch | structured-debug makes it reproduce, hypothesize, fix, and verify |
| Existing code is opaque | document-code maps entry points, dependencies, and behavior |
| Implementation gets bloated | simplify-implementation reduces complexity before code ships |
| Documentation is hard to follow | technical-writer audits docs for novice-user clarity |
Need more? ai-devkit skill add <registry> <skill> pulls from 30+ publishers — Anthropic, Vercel, Supabase, Microsoft, Google.
One .ai-devkit.json configures all of them. Add a new agent to your team without rewriting your rules.
| Agent | Setup | Remote control |
|---|---|---|
| Claude Code |