{"id":"6da1d52c-3593-4b52-a0a0-7c38c0bc2266","shortId":"kFYZYR","kind":"skill","title":"technical-debt","tagline":"Technical debt inventory, prioritization, and audit for PHP/Laravel (MySQL) and Node/TypeScript/React projects. Use when assessing code health, identifying refactoring candidates, planning debt paydown, or auditing a codebase for accumulated debt. Triggers on \"audit technical deb","description":"# Technical Debt\n\nTechnical debt audit and prioritization framework for **PHP/Laravel (MySQL) and Node/TypeScript/React** projects. Contains 42 rules across 10 categories covering code, security, design, dependency, test, performance, data, documentation, infrastructure, and process debt. Produces a ranked ledger (effort × impact) so teams know **what to fix first**, not just what's broken. Supports both **coding reference** and **audit mode** with PASS/FAIL/N/A output.\n\n## Metadata\n\n- **Version:** 1.0.0\n- **Scope:** PHP / Laravel (MySQL) + Node / TypeScript / React\n- **Rule Count:** 42 rules across 10 categories\n- **License:** MIT\n\n## How to Audit\n\nWhen the user asks to \"audit technical debt\", \"find tech debt\", or \"what should we refactor first\" — run the checklist below against their codebase and produce a ranked debt ledger.\n\n### Audit Step 1: Determine Scope\n\n- If arguments provided (`$ARGUMENTS`): audit only those paths or modules\n- If no arguments: audit the entire repository starting from the root\n\n### Audit Step 2: Detect Project Stack\n\nInspect `composer.json` and `package.json` to determine which of the supported stacks (PHP/Laravel, Node/TypeScript/React, or both) is in use. Tooling commands (`composer outdated`, `npm outdated`, `phpstan`, `eslint`, `knip`, etc.) are chosen based on this detection.\n\n### Audit Step 3: Run Debt Checklist\n\nWork through every item below. For each, output:\n- **PASS** — brief confirmation of what was verified\n- **FAIL** — exact `file:line` (or command output), description of the debt, **effort estimate** (S/M/L), and **impact** (LOW/MED/HIGH/CRITICAL)\n- **N/A** — if the check does not apply to this project\n\n#### Code Debt\n- [ ] No duplicated blocks > 30 lines across files\n- [ ] No function exceeds 50 lines or cyclomatic complexity > 10\n- [ ] No class exceeds 300 lines or has > 15 public methods (god class)\n- [ ] No unreachable code, unused exports, or commented-out blocks left in source\n- [ ] No magic numbers or unexplained string literals in business logic\n- [ ] No function exceeds 4 parameters (use a parameter object)\n\n#### Security Debt\n- [ ] No secrets, API keys, or credentials committed to source (or git history)\n- [ ] Every public endpoint validates input via a schema / FormRequest / DTO\n- [ ] Passwords hashed with bcrypt or argon2id; no MD5/SHA-1\n- [ ] Sessions have a bounded lifetime; auth-sensitive endpoints rate-limited\n- [ ] Security headers present (CSP, HSTS, X-Content-Type-Options, Referrer-Policy)\n- [ ] Authorization (not just authentication) enforced on every protected route\n\n#### Design Debt\n- [ ] No circular dependencies between modules/packages\n- [ ] Layers respect direction (UI → service → repository, never reversed)\n- [ ] No \"shotgun surgery\" patterns (one change forcing edits in 5+ files)\n- [ ] Abstractions hide implementation details (no leaking framework types across boundaries)\n\n#### Dependency Debt\n- [ ] No dependencies more than 2 major versions behind\n- [ ] No abandoned/unmaintained packages (no release in > 24 months)\n- [ ] No known CVEs reported by `npm audit` / `composer audit` at HIGH or CRITICAL\n- [ ] No unused dependencies in `package.json` / `composer.json`\n\n#### Test Debt\n- [ ] Critical paths have integration test coverage\n- [ ] No skipped/disabled tests without linked issue or removal date\n- [ ] No known flaky tests left in main branch\n- [ ] Test suite runs in under 10 minutes (or has explicit budget documented)\n\n#### Performance Debt\n- [ ] No N+1 query patterns on list endpoints (query count constant per request)\n- [ ] No list endpoint returns an unbounded result set (pagination present)\n- [ ] Frontend initial bundle within budget (~200 KB gzip); route-level code splitting in place\n- [ ] Expensive read paths (aggregations, external APIs, static configs) are cached at a sensible layer\n\n#### Data Debt\n- [ ] Migrations are the only source of schema changes; production matches migration history\n- [ ] All foreign-key and frequently-queried columns are indexed\n- [ ] No orphaned child records; FK constraints enforced\n\n#### Documentation Debt\n- [ ] README reflects current setup and dev workflow\n- [ ] No stale comments contradicting the code they describe\n- [ ] Public APIs / exported modules have docblocks or type hints\n\n#### Infrastructure Debt\n- [ ] Runtime versions (Node, PHP) are on supported (non-EOL) releases\n- [ ] No deprecated framework APIs in use (e.g., Laravel `Route::get()` deprecations)\n- [ ] Build runs cleanly with zero warnings\n- [ ] Secrets stored in a manager (Vault / Doppler / cloud SM); no long-lived shared credentials\n- [ ] Structured logs, error tracking, p95 latency dashboards, and SLO-based alerts in place\n\n#### Process Debt\n- [ ] No `TODO`/`FIXME`/`HACK` comments older than 6 months without owner or ticket\n- [ ] No `@deprecated` markers without a removal date or replacement\n- [ ] Debt is tracked somewhere visible (issue tracker label, debt register, ADR)\n- [ ] Every path has an owner (CODEOWNERS file present and current)\n- [ ] No feature flags at 100% rollout for more than 6 weeks without a removal plan\n\n### Audit Step 4: Build the Debt Ledger\n\nEnd the audit with a prioritized table:\n\n```\n## Technical Debt Ledger\n\n| # | Category | Item | File / Location | Effort | Impact | Priority |\n|---|----------|------|-----------------|--------|--------|----------|\n| 1 | deps | jQuery 1.12 (8y old, 3 CVEs) | package.json:14 | L | CRITICAL | P0 |\n| 2 | code | OrderService god class (820 lines) | app/Services/OrderService.php | M | HIGH | P1 |\n| 3 | test | 12 disabled tests in auth/ | tests/Feature/Auth/* | S | HIGH | P1 |\n...\n\n## Summary\n- **PASS:** X checks\n- **FAIL:** Y checks\n- **N/A:** Z checks\n- **Top 3 to pay down first:** (list highest-priority items with rationale)\n```\n\n**Priority formula:** `P0 = CRITICAL impact`, `P1 = HIGH impact`, `P2 = MED`, `P3 = LOW`. Within a priority, sort by ascending effort (cheap wins first).\n\n**Effort scale:**\n- **S** = under a day\n- **M** = 1–5 days\n- **L** = more than a week (likely needs to be broken down)\n\n---\n\n## When to Apply\n\nReference these guidelines when:\n- Running a tech-debt audit on a codebase\n- Planning a refactoring sprint or debt-paydown initiative\n- Reviewing a PR that introduces shortcuts (and deciding whether to accept them)\n- Building a debt register or backlog category in your issue tracker\n- Justifying engineering investment to non-engineering stakeholders\n- Onboarding to a new codebase and assessing its health\n- Writing an ADR (architecture decision record) for a debt-related decision\n\n## Step 1: Detect Project Stack\n\n**Always detect the stack before running tooling.** This skill targets PHP / Laravel (with MySQL) and Node / TypeScript / React projects; detection commands below assume one or both are present.\n\n| Signal | Stack | Tooling |\n|--------|-------|---------|\n| `composer.json` present | PHP / Laravel | `composer outdated`, `composer audit`, `phpstan`, `phpcs`, `phpmd`, `deptrac` |\n| `package.json` present | Node / JS / TS / React | `npm outdated`, `npm audit`, `eslint`, `tsc --noEmit`, `knip`, `madge` |\n| MySQL connection available | Database | `EXPLAIN`, `sys.schema_tables_with_full_table_scans`, `sys.schema_unused_indexes`, `sys.statement_analysis` |\n| any repo | Secrets scan | `gitleaks git`, `trufflehog` |\n\nIf both stacks are present (e.g., Laravel + Inertia + React), run audits for each.\n\n## Rule Categories by Priority\n\n| Priority | Category | Impact | Prefix |\n|----------|----------|--------|--------|\n| 1 | Code Debt | CRITICAL | `code-` |\n| 2 | Security Debt | CRITICAL | `security-` |\n| 3 | Design Debt | HIGH | `design-` |\n| 4 | Dependency Debt | HIGH | `deps-` |\n| 5 | Test Debt | HIGH | `test-` |\n| 6 | Performance Debt | HIGH | `perf-` |\n| 7 | Data Debt | HIGH | `data-` |\n| 8 | Documentation Debt | MEDIUM | `docs-` |\n| 9 | Infrastructure Debt | MEDIUM | `infra-` |\n| 10 | Process Debt | MEDIUM | `process-` |\n\n## Quick Reference\n\n### 1. Code Debt (CRITICAL)\n\n- `code-duplication` — Detect and consolidate duplicated logic\n- `code-complexity` — Cyclomatic and cognitive complexity thresholds\n- `code-long-functions` — Function and method length limits\n- `code-god-classes` — Class size and responsibility limits\n- `code-dead-code` — Unused code, unreachable branches, commented blocks\n- `code-magic-numbers` — Hardcoded literals in business logic\n- `code-long-parameter-lists` — Functions with too many positional params\n\n### 2. Security Debt (CRITICAL)\n\n- `security-secrets-in-code` — API keys, passwords, tokens in source / history\n- `security-input-validation` — Endpoints accepting untrusted input without schemas\n- `security-auth-hardening` — Outdated auth, missing MFA, missing security headers\n\n### 3. Design Debt (HIGH)\n\n- `design-tight-coupling` — Excessive direct dependencies between modules\n- `design-circular-deps` — Cyclic imports / requires\n- `design-leaky-abstractions` — Framework types crossing layer boundaries\n- `design-shotgun-surgery` — Changes that touch many files at once\n\n### 4. Dependency Debt (HIGH)\n\n- `deps-outdated-versions` — Major versions behind on dependencies\n- `deps-abandoned-packages` — Unmaintained / abandoned libraries\n- `deps-security-advisories` — Known CVEs in installed dependencies\n- `deps-unused-deps` — Declared but unused packages\n\n### 5. Test Debt (HIGH)\n\n- `test-coverage-gaps` — Critical paths without tests\n- `test-flaky-tests` — Tests with non-deterministic outcomes\n- `test-disabled-tests` — Skipped tests left in the suite\n- `test-slow-tests` — Tests blocking fast feedback\n\n### 6. Performance Debt (HIGH)\n\n- `perf-n-plus-one` — Linear request → quadratic database load\n- `perf-missing-pagination` — Unbounded result sets\n- `perf-bundle-bloat` — Heavy / unsplit frontend bundles\n- `perf-no-caching` — Missing cache layers on read-heavy paths\n\n### 7. Data Debt (HIGH)\n\n- `data-schema-drift` — Production schema diverges from migrations\n- `data-missing-indexes` — Hot queries doing sequential scans\n- `data-orphaned-records` — Referential integrity gaps\n\n### 8. Documentation Debt (MEDIUM)\n\n- `docs-stale-comments` — Comments contradicting current behavior\n- `docs-outdated-architecture` — README/architecture docs out of date\n- `docs-undocumented-api` — Public APIs without docblocks or types\n\n### 9. Infrastructure Debt (MEDIUM)\n\n- `infra-runtime-versions` — EOL or near-EOL language/runtime versions\n- `infra-deprecated-apis` — Framework deprecations still in use\n- `infra-build-warnings` — Build/compile warnings ignored\n- `infra-secrets-management` — Long-lived credentials, plain env files, leaked logs\n- `infra-monitoring-gaps` — Missing logs, metrics, traces, alerts, or SLOs\n\n### 10. Process Debt (MEDIUM)\n\n- `process-todo-fixme-aging` — Aging TODO/FIXME/HACK comments\n- `process-deprecated-markers` — `@deprecated` without removal plan\n- `process-debt-tracking` — Debt visible in a register / backlog\n- `process-ownership-gaps` — Code without an owning team (CODEOWNERS)\n- `process-feature-flags-lingering` — Stale feature flags polluting code paths\n\n## Essential Patterns\n\n### Debt Ledger Output Format\n\n```\n| # | Category | Item                          | Location              | Effort | Impact   | Priority |\n|---|----------|-------------------------------|-----------------------|--------|----------|----------|\n| 1 | deps     | guzzle 6.x (5y behind)        | composer.json:18      | M      | HIGH     | P1       |\n| 2 | code     | InvoiceService dup logic      | app/Services/Invoice* | S      | MEDIUM   | P2       |\n| 3 | test     | 8 skipped tests in checkout/  | tests/Feature/Checkout| S      | HIGH     | P1       |\n```\n\n### Effort × Impact Prioritization\n\n```\n              LOW       MEDIUM    HIGH      CRITICAL\nS (<1d)   →   P3        P2        P1        P0\nM (1-5d)  →   P3        P2        P1        P0\nL (>1w)   →   P3        P3        P2        P1   (break down)\n```\n\nCheap + high-impact items go first. Expensive items always get broken down before scheduling.\n\n### Tooling Cheatsheet\n\n```bash\n# PHP / Laravel\ncomposer outdated --direct          # list outdated direct deps\ncomposer audit                      # known CVEs\nvendor/bin/phpstan analyse          # static analysis\nvendor/bin/phpmd app text cleancode # mess detector\n\n# Node / TS\nnpm outdated                        # list outdated deps\nnpm audit                           # known CVEs\nnpx depcheck                        # unused deps\nnpx tsc --noEmit                    # type errors\nnpx eslint . --max-warnings 0       # lint warnings\n\n# Cross-language\ngit log --since=\"6 months ago\" --diff-filter=A -p | grep -E \"TODO|FIXME|HACK\"\ncloc .                              # lines of code per language\n```\n\n## How to Use\n\nRead individual rule files for detailed explanations and code examples:\n\n```\nrules/code-duplication.md\nrules/design-circular-deps.md\nrules/deps-outdated-versions.md\nrules/test-flaky-tests.md\nrules/process-todo-fixme-aging.md\n```\n\nEach rule file contains:\n- YAML frontmatter with metadata (title, impact, tags)\n- Brief explanation of why it matters\n- How to detect (commands / patterns)\n- Incorrect example with explanation\n- Correct example or remediation strategy\n\n## References\n\n- [Martin Fowler — Technical Debt Quadrant](https://martinfowler.com/bliki/TechnicalDebtQuadrant.html)\n- [Ward Cunningham — The Debt Metaphor](https://www.youtube.com/watch?v=pqeJFYwnkjE)\n- [SonarQube — Technical Debt Model](https://docs.sonarsource.com/sonarqube/latest/user-guide/metric-definitions/)\n- [OWASP Dependency-Check](https://owasp.org/www-project-dependency-check/)\n- [Snyk Open Source Vulnerability Database](https://security.snyk.io/)\n\n## Full Compiled Document\n\nFor the complete guide with all rules expanded: `AGENTS.md`","tags":["technical","debt","agent","skills","asyrafhussin","agent-rules","agent-skills","ai-agents","ai-slop","claude-code","code-quality","code-review"],"capabilities":["skill","source-asyrafhussin","skill-technical-debt","topic-agent-rules","topic-agent-skills","topic-ai-agents","topic-ai-slop","topic-claude-code","topic-code-quality","topic-code-review","topic-codex","topic-cursor","topic-laravel","topic-nodejs","topic-react"],"categories":["agent-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/AsyrafHussin/agent-skills/technical-debt","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add AsyrafHussin/agent-skills","source_repo":"https://github.com/AsyrafHussin/agent-skills","install_from":"skills.sh"}},"qualityScore":"0.469","qualityRationale":"deterministic score 0.47 from registry signals: · indexed on github topic:agent-skills · 39 github stars · SKILL.md body (13,685 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T18:58:25.571Z","embedding":null,"createdAt":"2026-05-16T18:57:15.212Z","updatedAt":"2026-05-18T18:58:25.571Z","lastSeenAt":"2026-05-18T18:58:25.571Z","tsv":"'+1':508 '-5':1582 '/)':1777 '/bliki/technicaldebtquadrant.html)':1747 '/sonarqube/latest/user-guide/metric-definitions/)':1762 '/watch?v=pqejfywnkje)':1755 '/www-project-dependency-check/)':1769 '0':1662 '1':154,759,845,937,1043,1095,1536,1581 '1.0.0':102 '1.12':762 '10':57,115,283,497,1088,1473 '100':724 '12':784 '15':291 '1d':1575 '1w':1589 '2':180,436,771,1048,1163,1547 '200':534 '24':446 '3':220,765,782,804,1053,1200,1556 '30':271 '300':287 '4':322,737,1058,1240 '42':54,112 '5':418,846,1063,1277 '50':278 '5y':1541 '6':684,729,1068,1317,1539,1671 '7':1073,1358 '8':1078,1387,1558 '820':776 '8y':763 '9':1083,1418 'abandon':1255,1258 'abandoned/unmaintained':441 'abstract':420,1223 'accept':894,1184 'accumul':32 'across':56,114,273,428 'adr':709,926 'advisori':1263 'age':1481,1482 'agents.md':1789 'aggreg':547 'ago':1673 'alert':672,1470 'alway':941,1605 'analys':1628 'analysi':1014,1630 'api':332,549,608,632,1172,1411,1413,1436 'app':1632 'app/services/invoice':1552 'app/services/orderservice.php':778 'appli':262,861 'architectur':927,1402 'argon2id':357 'argument':158,160,169 'ascend':833 'ask':125 'assess':18,921 'assum':963 'audit':9,28,36,43,95,121,127,152,161,170,178,218,454,456,735,744,871,979,993,1032,1624,1645 'auth':366,788,1191,1194 'auth-sensit':365 'authent':388 'author':385 'avail':1001 'backlog':901,1502 'base':214,671 'bash':1613 'bcrypt':355 'behavior':1398 'behind':439,1250,1542 'bloat':1341 'block':270,305,1142,1314 'bound':363 'boundari':429,1228 'branch':491,1140 'break':1594 'brief':233,1719 'broken':89,857,1607 'budget':502,533 'build':640,738,896,1444 'build/compile':1446 'bundl':531,1340,1345 'busi':317,1150 'cach':553,1349,1351 'candid':23 'categori':58,116,752,902,1036,1040,1530 'chang':414,567,1233 'cheap':835,1596 'cheatsheet':1612 'check':259,796,799,802,1766 'checklist':141,223 'checkout':1562 'child':585 'chosen':213 'circular':397,1215 'class':285,295,775,1127,1128 'clean':642 'cleancod':1634 'cloc':1684 'cloud':653 'code':19,60,92,266,298,540,604,772,1044,1047,1096,1100,1108,1116,1125,1134,1136,1138,1144,1153,1171,1507,1522,1548,1687,1701 'code-complex':1107 'code-dead-cod':1133 'code-dupl':1099 'code-god-class':1124 'code-long-funct':1115 'code-long-parameter-list':1152 'code-magic-numb':1143 'codebas':30,145,874,919 'codeown':715,1512 'cognit':1112 'column':580 'command':203,244,961,1728 'comment':303,601,681,1141,1394,1395,1484 'commented-out':302 'commit':336 'compil':1779 'complet':1783 'complex':282,1109,1113 'compos':204,455,976,978,1616,1623 'composer.json':185,466,972 'composer.json:18':1543 'config':551 'confirm':234 'connect':1000 'consolid':1104 'constant':516 'constraint':588 'contain':53,1711 'content':379 'contradict':602,1396 'correct':1734 'count':111,515 'coupl':1207 'cover':59 'coverag':474,1283 'credenti':335,660,1456 'critic':460,469,769,819,1046,1051,1098,1166,1285,1573 'cross':1226,1666 'cross-languag':1665 'csp':375 'cunningham':1749 'current':594,719,1397 'cves':450,766,1265,1626,1647 'cyclic':1217 'cyclomat':281,1110 'd':1583 'dashboard':667 'data':66,558,1074,1077,1359,1363,1372,1381 'data-missing-index':1371 'data-orphaned-record':1380 'data-schema-drift':1362 'databas':1002,1329,1774 'date':483,696,1407 'day':843,847 'dead':1135 'deb':38 'debt':3,5,25,33,40,42,71,129,132,150,222,249,267,329,395,431,468,505,559,591,617,676,699,707,740,750,870,881,898,933,1045,1050,1055,1060,1065,1070,1075,1080,1085,1090,1097,1165,1202,1242,1279,1319,1360,1389,1420,1475,1495,1497,1526,1743,1751,1758 'debt-paydown':880 'debt-rel':932 'decid':891 'decis':928,935 'declar':1273 'dep':760,1062,1216,1245,1254,1261,1270,1272,1537,1622,1643,1651 'depcheck':1649 'depend':63,398,430,433,463,1059,1210,1241,1252,1268,1765 'dependency-check':1764 'deprec':630,639,691,1435,1438,1487,1489 'deps-abandoned-packag':1253 'deps-outdated-vers':1244 'deps-security-advisori':1260 'deps-unused-dep':1269 'deptrac':983 'describ':606 'descript':246 'design':62,394,1054,1057,1201,1205,1214,1221,1230 'design-circular-dep':1213 'design-leaky-abstract':1220 'design-shotgun-surgeri':1229 'design-tight-coupl':1204 'detail':423,1698 'detect':181,217,938,942,960,1102,1727 'detector':1636 'determin':155,189 'determinist':1297 'dev':597 'diff':1675 'diff-filt':1674 'direct':403,1209,1618,1621 'disabl':785,1301 'diverg':1368 'doc':1082,1392,1400,1404,1409 'docblock':612,1415 'docs-outdated-architectur':1399 'docs-stale-com':1391 'docs-undocumented-api':1408 'docs.sonarsource.com':1761 'docs.sonarsource.com/sonarqube/latest/user-guide/metric-definitions/)':1760 'document':67,503,590,1079,1388,1780 'doppler':652 'drift':1365 'dto':351 'dup':1550 'duplic':269,1101,1105 'e':1680 'e.g':635,1027 'edit':416 'effort':76,250,756,834,838,1533,1567 'end':742 'endpoint':344,368,513,521,1183 'enforc':389,589 'engin':908,913 'entir':172 'env':1458 'eol':627,1426,1430 'error':663,1656 'eslint':209,994,1658 'essenti':1524 'estim':251 'etc':211 'everi':226,342,391,710 'exact':240 'exampl':1702,1731,1735 'exceed':277,286,321 'excess':1208 'expand':1788 'expens':544,1603 'explain':1003 'explan':1699,1720,1733 'explicit':501 'export':300,609 'extern':548 'fail':239,797 'fast':1315 'featur':721,1515,1519 'feedback':1316 'file':241,274,419,716,754,1237,1459,1696,1710 'filter':1676 'find':130 'first':84,138,808,837,1602 'fix':83 'fixm':679,1480,1682 'fk':587 'flag':722,1516,1520 'flaki':486,1291 'forc':415 'foreign':574 'foreign-key':573 'format':1529 'formrequest':350 'formula':817 'fowler':1741 'framework':46,426,631,1224,1437 'frequent':578 'frequently-queri':577 'frontend':529,1344 'frontmatt':1713 'full':1007,1778 'function':276,320,1118,1119,1157 'gap':1284,1386,1465,1506 'get':638,1606 'git':340,1020,1668 'gitleak':1019 'go':1601 'god':294,774,1126 'grep':1679 'guid':1784 'guidelin':864 'guzzl':1538 'gzip':536 'hack':680,1683 'hardcod':1147 'harden':1192 'hash':353 'header':373,1199 'health':20,923 'heavi':1342,1356 'hide':421 'high':458,780,791,822,1056,1061,1066,1071,1076,1203,1243,1280,1320,1361,1545,1565,1572,1598 'high-impact':1597 'highest':811 'highest-prior':810 'hint':615 'histori':341,571,1178 'hot':1375 'hsts':376 'identifi':21 'ignor':1448 'impact':77,254,757,820,823,1041,1534,1568,1599,1717 'implement':422 'import':1218 'incorrect':1730 'index':582,1012,1374 'individu':1694 'inertia':1029 'infra':1087,1423,1434,1443,1450,1463 'infra-build-warn':1442 'infra-deprecated-api':1433 'infra-monitoring-gap':1462 'infra-runtime-vers':1422 'infra-secrets-manag':1449 'infrastructur':68,616,1084,1419 'initi':530,883 'input':346,1181,1186 'inspect':184 'instal':1267 'integr':472,1385 'introduc':888 'inventori':6 'invest':909 'invoiceservic':1549 'issu':480,704,905 'item':227,753,813,1531,1600,1604 'jqueri':761 'js':987 'justifi':907 'kb':535 'key':333,575,1173 'knip':210,997 'know':80 'known':449,485,1264,1625,1646 'l':768,848,1588 'label':706 'languag':1667,1689 'language/runtime':1431 'laravel':105,636,952,975,1028,1615 'latenc':666 'layer':401,557,1227,1352 'leak':425,1460 'leaki':1222 'ledger':75,151,741,751,1527 'left':306,488,1305 'length':1122 'level':539 'librari':1259 'licens':117 'lifetim':364 'like':853 'limit':371,1123,1132 'line':242,272,279,288,777,1685 'linear':1326 'linger':1517 'link':479 'lint':1663 'list':512,520,809,1156,1619,1641 'liter':315,1148 'live':658,1455 'load':1330 'locat':755,1532 'log':662,1461,1467,1669 'logic':318,1106,1151,1551 'long':657,1117,1154,1454 'long-liv':656,1453 'low':827,1570 'low/med/high/critical':255 'm':779,844,1544,1580 'madg':998 'magic':310,1145 'main':490 'major':437,1248 'manag':650,1452 'mani':1160,1236 'marker':692,1488 'martin':1740 'martinfowler.com':1746 'martinfowler.com/bliki/technicaldebtquadrant.html)':1745 'match':569 'matter':1724 'max':1660 'max-warn':1659 'md5/sha-1':359 'med':825 'medium':1081,1086,1091,1390,1421,1476,1554,1571 'mess':1635 'metadata':100,1715 'metaphor':1752 'method':293,1121 'metric':1468 'mfa':1196 'migrat':560,570,1370 'minut':498 'miss':1195,1197,1333,1350,1373,1466 'mit':118 'mode':96 'model':1759 'modul':166,610,1212 'modules/packages':400 'monitor':1464 'month':447,685,1672 'mysql':12,49,106,954,999 'n':507,1323 'n/a':256,800 'near':1429 'near-eol':1428 'need':854 'never':407 'new':918 'node':107,620,956,986,1637 'node/typescript/react':14,51,196 'noemit':996,1654 'non':626,912,1296 'non-determinist':1295 'non-engin':911 'non-eol':625 'npm':206,453,990,992,1639,1644 'npx':1648,1652,1657 'number':311,1146 'object':327 'old':764 'older':682 'onboard':915 'one':413,964,1325 'open':1771 'option':381 'orderservic':773 'orphan':584,1382 'outcom':1298 'outdat':205,207,977,991,1193,1246,1401,1617,1620,1640,1642 'output':99,231,245,1528 'owasp':1763 'owasp.org':1768 'owasp.org/www-project-dependency-check/)':1767 'own':1510 'owner':687,714 'ownership':1505 'p':1678 'p0':770,818,1579,1587 'p1':781,792,821,1546,1566,1578,1586,1593 'p2':824,1555,1577,1585,1592 'p3':826,1576,1584,1590,1591 'p95':665 'packag':442,1256,1276 'package.json':187,465,984 'package.json:14':767 'pagin':527,1334 'param':1162 'paramet':323,326,1155 'pass':232,794 'pass/fail/n/a':98 'password':352,1174 'path':164,470,546,711,1286,1357,1523 'pattern':412,510,1525,1729 'pay':806 'paydown':26,882 'per':517,1688 'perf':1072,1322,1332,1339,1347 'perf-bundle-bloat':1338 'perf-missing-pagin':1331 'perf-n-plus-on':1321 'perf-no-cach':1346 'perform':65,504,1069,1318 'php':104,621,951,974,1614 'php/laravel':11,48,195 'phpcs':981 'phpmd':982 'phpstan':208,980 'place':543,674 'plain':1457 'plan':24,734,875,1492 'plus':1324 'polici':384 'pollut':1521 'posit':1161 'pr':886 'prefix':1042 'present':374,528,717,968,973,985,1026 'priorit':7,45,747,1569 'prioriti':758,812,816,830,1038,1039,1535 'process':70,675,1089,1092,1474,1478,1486,1494,1504,1514 'process-debt-track':1493 'process-deprecated-mark':1485 'process-feature-flags-ling':1513 'process-ownership-gap':1503 'process-todo-fixme-ag':1477 'produc':72,147 'product':568,1366 'project':15,52,182,265,939,959 'protect':392 'provid':159 'public':292,343,607,1412 'quadrant':1744 'quadrat':1328 'queri':509,514,579,1376 'quick':1093 'rank':74,149 'rate':370 'rate-limit':369 'rational':815 'react':109,958,989,1030 'read':545,1355,1693 'read-heavi':1354 'readm':592 'readme/architecture':1403 'record':586,929,1383 'refactor':22,137,877 'refer':93,862,1094,1739 'referenti':1384 'referr':383 'referrer-polici':382 'reflect':593 'regist':708,899,1501 'relat':934 'releas':444,628 'remedi':1737 'remov':482,695,733,1491 'replac':698 'repo':1016 'report':451 'repositori':173,406 'request':518,1327 'requir':1219 'respect':402 'respons':1131 'result':525,1336 'return':522 'revers':408 'review':884 'rollout':725 'root':177 'rout':393,538,637 'route-level':537 'rule':55,110,113,1035,1695,1709,1787 'rules/code-duplication.md':1703 'rules/deps-outdated-versions.md':1705 'rules/design-circular-deps.md':1704 'rules/process-todo-fixme-aging.md':1707 'rules/test-flaky-tests.md':1706 'run':139,221,494,641,866,946,1031 'runtim':618,1424 's/m/l':252 'scale':839 'scan':1009,1018,1379 'schedul':1610 'schema':349,566,1188,1364,1367 'scope':103,156 'secret':331,646,1017,1169,1451 'secur':61,328,372,1049,1052,1164,1168,1180,1190,1198,1262 'security-auth-harden':1189 'security-input-valid':1179 'security-secrets-in-cod':1167 'security.snyk.io':1776 'security.snyk.io/)':1775 'sensibl':556 'sensit':367 'sequenti':1378 'servic':405 'session':360 'set':526,1337 'setup':595 'share':659 'shortcut':889 'shotgun':410,1231 'signal':969 'sinc':1670 'size':1129 'skill':949 'skill-technical-debt' 'skip':1303,1559 'skipped/disabled':476 'slo':670 'slo-bas':669 'slos':1472 'slow':1311 'sm':654 'snyk':1770 'somewher':702 'sonarqub':1756 'sort':831 'sourc':308,338,564,1177,1772 'source-asyrafhussin' 'split':541 'sprint':878 'stack':183,194,940,944,970,1024 'stakehold':914 'stale':600,1393,1518 'start':174 'static':550,1629 'step':153,179,219,736,936 'still':1439 'store':647 'strategi':1738 'string':314 'structur':661 'suit':493,1308 'summari':793 'support':90,193,624 'surgeri':411,1232 'sys.schema':1004,1010 'sys.statement':1013 'tabl':748,1005,1008 'tag':1718 'target':950 'team':79,1511 'tech':131,869 'tech-debt':868 'technic':2,4,37,39,41,128,749,1742,1757 'technical-debt':1 'test':64,467,473,477,487,492,783,786,1064,1067,1278,1282,1288,1290,1292,1293,1300,1302,1304,1310,1312,1313,1557,1560 'test-coverage-gap':1281 'test-disabled-test':1299 'test-flaky-test':1289 'test-slow-test':1309 'tests/feature/auth':789 'tests/feature/checkout':1563 'text':1633 'threshold':1114 'ticket':689 'tight':1206 'titl':1716 'todo':678,1479,1681 'todo/fixme/hack':1483 'token':1175 'tool':202,947,971,1611 'top':803 'topic-agent-rules' 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-slop' 'topic-claude-code' 'topic-code-quality' 'topic-code-review' 'topic-codex' 'topic-cursor' 'topic-laravel' 'topic-nodejs' 'topic-react' 'touch':1235 'trace':1469 'track':664,701,1496 'tracker':705,906 'trigger':34 'trufflehog':1021 'ts':988,1638 'tsc':995,1653 'type':380,427,614,1225,1417,1655 'typescript':108,957 'ui':404 'unbound':524,1335 'undocu':1410 'unexplain':313 'unmaintain':1257 'unreach':297,1139 'unsplit':1343 'untrust':1185 'unus':299,462,1011,1137,1271,1275,1650 'use':16,201,324,634,1441,1692 'user':124 'valid':345,1182 'vault':651 'vendor/bin/phpmd':1631 'vendor/bin/phpstan':1627 'verifi':238 'version':101,438,619,1247,1249,1425,1432 'via':347 'visibl':703,1498 'vulner':1773 'ward':1748 'warn':645,1445,1447,1661,1664 'week':730,852 'whether':892 'win':836 'within':532,828 'without':478,686,693,731,1187,1287,1414,1490,1508 'work':224 'workflow':598 'write':924 'www.youtube.com':1754 'www.youtube.com/watch?v=pqejfywnkje)':1753 'x':378,795,1540 'x-content-type-opt':377 'y':798 'yaml':1712 'z':801 'zero':644","prices":[{"id":"6b1c1fdf-c59e-42f8-a9d0-8a321059cc57","listingId":"6da1d52c-3593-4b52-a0a0-7c38c0bc2266","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"AsyrafHussin","category":"agent-skills","install_from":"skills.sh"},"createdAt":"2026-05-16T18:57:15.212Z"}],"sources":[{"listingId":"6da1d52c-3593-4b52-a0a0-7c38c0bc2266","source":"github","sourceId":"AsyrafHussin/agent-skills/technical-debt","sourceUrl":"https://github.com/AsyrafHussin/agent-skills/tree/main/skills/technical-debt","isPrimary":false,"firstSeenAt":"2026-05-16T18:57:15.212Z","lastSeenAt":"2026-05-18T18:58:25.571Z"}],"details":{"listingId":"6da1d52c-3593-4b52-a0a0-7c38c0bc2266","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"AsyrafHussin","slug":"technical-debt","github":{"repo":"AsyrafHussin/agent-skills","stars":39,"topics":["agent-rules","agent-skills","ai-agents","ai-slop","claude-code","code-quality","code-review","codex","cursor","laravel","nodejs","react","technical-debt","typescript","windsurf"],"license":"mit","html_url":"https://github.com/AsyrafHussin/agent-skills","pushed_at":"2026-05-16T19:24:02Z","description":"Agent skills for AI coding agents (Claude Code, Cursor, Codex, Windsurf) — Laravel, React, TypeScript, MySQL, code quality, technical debt, documentation, and security.","skill_md_sha":"31a9f13f1340b12c2b342c80c544d02dc9136a34","skill_md_path":"skills/technical-debt/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/AsyrafHussin/agent-skills/tree/main/skills/technical-debt"},"layout":"multi","source":"github","category":"agent-skills","frontmatter":{"name":"technical-debt","license":"MIT","description":"Technical debt inventory, prioritization, and audit for PHP/Laravel (MySQL) and Node/TypeScript/React projects. Use when assessing code health, identifying refactoring candidates, planning debt paydown, or auditing a codebase for accumulated debt. Triggers on \"audit technical debt\", \"find tech debt\", \"debt inventory\", \"what should we refactor first\", or tasks involving code health, security debt, performance debt, data debt, observability debt, debt prioritization, or remediation planning."},"skills_sh_url":"https://skills.sh/AsyrafHussin/agent-skills/technical-debt"},"updatedAt":"2026-05-18T18:58:25.571Z"}}