<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:dc="http://purl.org/dc/elements/1.1/">
  <channel>
    <title>DEV Community: Brandon</title>
    <description>The latest articles on DEV Community by Brandon (@brandon_655b3edb2e389ccb1).</description>
    <link>https://dev.to/brandon_655b3edb2e389ccb1</link>
    <image>
      <url>https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.us-east-2.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3987258%2F6be23da6-2ddb-4fbd-a5c0-50b8103f300c.png</url>
      <title>DEV Community: Brandon</title>
      <link>https://dev.to/brandon_655b3edb2e389ccb1</link>
    </image>
    <atom:link rel="self" type="application/rss+xml" href="https://dev.to/feed/brandon_655b3edb2e389ccb1"/>
    <language>en</language>
    <item>
      <title>I added a Claude Code command that runs an OWASP security audit on any file before I ship it</title>
      <dc:creator>Brandon</dc:creator>
      <pubDate>Tue, 16 Jun 2026 19:17:02 +0000</pubDate>
      <link>https://dev.to/brandon_655b3edb2e389ccb1/i-added-a-claude-code-command-that-runs-an-owasp-security-audit-on-any-file-before-i-ship-it-3j3g</link>
      <guid>https://dev.to/brandon_655b3edb2e389ccb1/i-added-a-claude-code-command-that-runs-an-owasp-security-audit-on-any-file-before-i-ship-it-3j3g</guid>
      <description>&lt;p&gt;Security reviews happen at the end of projects, when it is too late to change anything without pain. This command moves the review to whenever I am writing the code.&lt;/p&gt;

&lt;h2&gt;
  
  
  The command
&lt;/h2&gt;

&lt;p&gt;Create &lt;code&gt;.claude/commands/review-security.md&lt;/code&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the code I point to for security vulnerabilities. Check specifically for: SQL injection, XSS (cross-site scripting), CSRF, insecure direct object references, sensitive data in logs or responses, missing authentication/authorization checks, hardcoded secrets or API keys, dependency vulnerabilities. For each issue found: severity (Critical/High/Medium/Low), the CWE number, a description of the vulnerability, and the exact fix. Do not report false positives — only flag real issues. If something looks suspicious but is probably fine in context, skip it.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The key instruction is "Do not report false positives." Without it, you get a wall of theoretical warnings that train you to ignore the output.&lt;/p&gt;

&lt;h2&gt;
  
  
  Example output
&lt;/h2&gt;

&lt;p&gt;On a recent API route:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;CRITICAL — CWE-89 (SQL Injection)
Line 34: db.query(SELECT * FROM users WHERE id =  + userId)
Fix: db.query(SELECT * FROM users WHERE id = ?, [userId])

HIGH — CWE-312 (Sensitive Data Exposure)
Line 67: Full user object returned including password_hash and salt.
Fix: Explicitly select only: id, email, display_name.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Two real issues. No noise.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to install
&lt;/h2&gt;

&lt;p&gt;Create &lt;code&gt;.claude/commands/review-security.md&lt;/code&gt; with the prompt above. Run &lt;code&gt;/review-security&lt;/code&gt; in Claude Code, then point it at the file you want checked.&lt;/p&gt;




&lt;p&gt;Full kit (75 commands + 10 CLAUDE.md templates + 8 hooks): &lt;a href="https://techsmith62.gumroad.com/l/bkgzav" rel="noopener noreferrer"&gt;Claude Code Power User Kit&lt;/a&gt;&lt;/p&gt;

</description>
      <category>claudecode</category>
      <category>security</category>
      <category>webdev</category>
      <category>productivity</category>
    </item>
    <item>
      <title>Stop asking AI what this error means — ask it to find the root cause instead</title>
      <dc:creator>Brandon</dc:creator>
      <pubDate>Tue, 16 Jun 2026 19:11:13 +0000</pubDate>
      <link>https://dev.to/brandon_655b3edb2e389ccb1/stop-asking-ai-what-this-error-means-ask-it-to-find-the-root-cause-instead-3ilg</link>
      <guid>https://dev.to/brandon_655b3edb2e389ccb1/stop-asking-ai-what-this-error-means-ask-it-to-find-the-root-cause-instead-3ilg</guid>
      <description>&lt;p&gt;When I paste an error into Claude without a slash command, I get an explanation of the error message I already read.&lt;/p&gt;

&lt;p&gt;When I use this command, I get the reason three stack frames up that caused the problem in the first place.&lt;/p&gt;

&lt;h2&gt;
  
  
  The command
&lt;/h2&gt;

&lt;p&gt;Create &lt;code&gt;.claude/commands/debug-trace.md&lt;/code&gt;:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;I will paste a stack trace. Find the root cause — not the symptom. Trace back through the call stack to the point where something first went wrong, not just where it crashed. Explain: what the error means, why it happened (the real reason, not "null is not an object"), what state the application was in when it occurred, and the one-line fix. If you need to see specific files, ask for them.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;h2&gt;
  
  
  The difference in practice
&lt;/h2&gt;

&lt;p&gt;&lt;strong&gt;Without this command:&lt;/strong&gt; "TypeError: Cannot read properties of undefined — this occurs when you try to access a property on an undefined value."&lt;/p&gt;

&lt;p&gt;Thanks, I can read.&lt;/p&gt;

&lt;p&gt;&lt;strong&gt;With &lt;code&gt;/debug-trace&lt;/code&gt;:&lt;/strong&gt; "The error occurs in &lt;code&gt;UserProfile.tsx&lt;/code&gt; at line 47, but the root cause is in &lt;code&gt;useAuth.ts&lt;/code&gt; line 23 — the token is undefined because &lt;code&gt;getToken()&lt;/code&gt; is called before the auth state has initialized. The fix is to add a loading guard..."&lt;/p&gt;

&lt;p&gt;The instruction "not the symptom" is load-bearing. Without it, you get an explanation of the error message. With it, you get the actual cause.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to set up slash commands
&lt;/h2&gt;

&lt;p&gt;Create &lt;code&gt;.claude/commands/debug-trace.md&lt;/code&gt; with the prompt above as the file content. Run &lt;code&gt;/debug-trace&lt;/code&gt; in a Claude Code session, then paste your stack trace.&lt;/p&gt;

&lt;p&gt;The command has access to your full project — it can read the files involved in the error without you copying them manually.&lt;/p&gt;

&lt;h2&gt;
  
  
  Real stack trace example
&lt;/h2&gt;

&lt;p&gt;Paste any Node.js, React, Python, or Java stack trace after typing &lt;code&gt;/debug-trace&lt;/code&gt;. Claude reads your project files to trace the call chain and finds where state went wrong.&lt;/p&gt;




&lt;p&gt;If you have a specific type of error this does not handle well — async errors, database errors, test failures — drop it in the comments.&lt;/p&gt;

&lt;p&gt;Full kit (75 commands + 10 CLAUDE.md templates + 8 hooks): &lt;a href="https://techsmith62.gumroad.com/l/bkgzav" rel="noopener noreferrer"&gt;Claude Code Power User Kit&lt;/a&gt;&lt;/p&gt;

</description>
      <category>claudecode</category>
      <category>debugging</category>
      <category>productivity</category>
      <category>webdev</category>
    </item>
    <item>
      <title>The Claude Code prompt I use before every single commit</title>
      <dc:creator>Brandon</dc:creator>
      <pubDate>Tue, 16 Jun 2026 19:10:55 +0000</pubDate>
      <link>https://dev.to/brandon_655b3edb2e389ccb1/the-claude-code-prompt-i-use-before-every-single-commit-de6</link>
      <guid>https://dev.to/brandon_655b3edb2e389ccb1/the-claude-code-prompt-i-use-before-every-single-commit-de6</guid>
      <description>&lt;p&gt;I have a rule: I do not write commit messages anymore.&lt;/p&gt;

&lt;p&gt;Not because I am lazy — because Claude Code does it better. Here is the exact command I use.&lt;/p&gt;

&lt;h2&gt;
  
  
  The problem with manual commit messages
&lt;/h2&gt;

&lt;p&gt;Every commit message I write from memory is one of these:&lt;/p&gt;

&lt;ul&gt;
&lt;li&gt;"fix stuff"&lt;/li&gt;
&lt;li&gt;"update"&lt;/li&gt;
&lt;li&gt;"wip"&lt;/li&gt;
&lt;li&gt;"asdfgh" (yes, really)&lt;/li&gt;
&lt;/ul&gt;

&lt;p&gt;This is fine until you need to understand what changed 3 months ago. Then it is useless.&lt;/p&gt;

&lt;h2&gt;
  
  
  The command
&lt;/h2&gt;

&lt;p&gt;Create a file at &lt;code&gt;.claude/commands/git-commit.md&lt;/code&gt; with this content:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Look at the currently staged changes with `git diff --cached`. Write a conventional commit message following this exact format: `type(scope): description`. Types: feat, fix, docs, style, refactor, test, chore. Keep the subject line under 72 characters. If the change is non-obvious, add a body that explains the WHY, not the WHAT. The diff already shows the what. Output only the commit message — no preamble, no explanation.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Now type &lt;code&gt;/git-commit&lt;/code&gt; in any Claude Code session. It reads your actual staged diff and writes a commit message specific to what you changed.&lt;/p&gt;

&lt;h2&gt;
  
  
  Real example
&lt;/h2&gt;

&lt;p&gt;I staged changes to a React component that added keyboard navigation to a dropdown. Claude wrote:&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;feat(dropdown): add keyboard navigation support

Arrow keys now cycle through options. Enter selects. Escape closes.
Maintains focus within the component for accessibility compliance.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;Without the command, I would have written &lt;code&gt;add keyboard nav&lt;/code&gt;. The diff context is what makes it specific.&lt;/p&gt;

&lt;h2&gt;
  
  
  Why this works
&lt;/h2&gt;

&lt;p&gt;Claude Code has access to your actual diff. It is not guessing what you changed — it is reading it. The command is just a constrained prompt that tells it what format to output.&lt;/p&gt;

&lt;h2&gt;
  
  
  How to install any slash command
&lt;/h2&gt;

&lt;ol&gt;
&lt;li&gt;Create &lt;code&gt;.claude/commands/&lt;/code&gt; in your project root (or &lt;code&gt;~/.claude/commands/&lt;/code&gt; for a global command)&lt;/li&gt;
&lt;li&gt;Create a &lt;code&gt;.md&lt;/code&gt; file with your command name (e.g., &lt;code&gt;git-commit.md&lt;/code&gt;)&lt;/li&gt;
&lt;li&gt;Put the prompt as the file content&lt;/li&gt;
&lt;li&gt;Run &lt;code&gt;/git-commit&lt;/code&gt; in a Claude Code session&lt;/li&gt;
&lt;/ol&gt;

&lt;p&gt;That is it. The command has full access to your project context — your files, your git history, your shell.&lt;/p&gt;




&lt;p&gt;I have 74 more of these across git, testing, debugging, refactoring, deployment, and security. If there is a specific workflow you want a command for, drop it in the comments.&lt;/p&gt;

&lt;p&gt;Full kit (75 commands + 10 CLAUDE.md templates + 8 hooks): &lt;a href="https://techsmith62.gumroad.com/l/bkgzav" rel="noopener noreferrer"&gt;Claude Code Power User Kit&lt;/a&gt;&lt;/p&gt;

</description>
      <category>claudecode</category>
      <category>git</category>
      <category>productivity</category>
      <category>webdev</category>
    </item>
    <item>
      <title>75 Claude Code slash commands that replaced half my dev workflow</title>
      <dc:creator>Brandon</dc:creator>
      <pubDate>Tue, 16 Jun 2026 10:58:08 +0000</pubDate>
      <link>https://dev.to/brandon_655b3edb2e389ccb1/75-claude-code-slash-commands-that-replaced-half-my-dev-workflow-4800</link>
      <guid>https://dev.to/brandon_655b3edb2e389ccb1/75-claude-code-slash-commands-that-replaced-half-my-dev-workflow-4800</guid>
      <description>&lt;p&gt;I've been using Claude Code CLI as my daily driver for about six months. At first I was using it like a slightly smarter autocomplete — ask it to write a function, paste in an error. Fine. Useful. But not life-changing.&lt;/p&gt;

&lt;p&gt;The thing that actually changed my workflow was slash commands.&lt;/p&gt;

&lt;p&gt;If you haven't used them, slash commands in Claude Code are custom &lt;code&gt;.md&lt;/code&gt; files that live in &lt;code&gt;.claude/commands/&lt;/code&gt; in your project (or &lt;code&gt;~/.claude/commands/&lt;/code&gt; for global ones). When you type &lt;code&gt;/command-name&lt;/code&gt; in a Claude Code session, it executes the prompt inside that file — with full access to your project context, file system, and shell.&lt;/p&gt;

&lt;p&gt;This post walks through exactly how to set them up and shares 15 production-ready commands you can start using today. No vague descriptions — every command includes the full &lt;code&gt;.md&lt;/code&gt; file content you can copy directly.&lt;/p&gt;




&lt;h2&gt;
  
  
  How slash commands work
&lt;/h2&gt;

&lt;p&gt;Create a file at &lt;code&gt;.claude/commands/your-command-name.md&lt;/code&gt;. The contents of that file are the prompt Claude runs when you type &lt;code&gt;/your-command-name&lt;/code&gt;.&lt;/p&gt;

&lt;p&gt;That's it. The command has full context of your current project — it can read files, run shell commands, see your git history, check your package.json. Everything Claude Code normally has access to.&lt;/p&gt;

&lt;p&gt;For a global command available in every project, put it in &lt;code&gt;~/.claude/commands/&lt;/code&gt; instead.&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;.claude/
  commands/
    git-commit.md      → /git-commit
    test-write.md      → /test-write
    debug-trace.md     → /debug-trace
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;The power comes from writing prompts that are actually specific and instructional — not "help me write a commit message" but "run &lt;code&gt;git diff --cached&lt;/code&gt;, analyze the staged changes, and output a conventional commit message following this exact format."&lt;/p&gt;

&lt;p&gt;Let's get into the commands.&lt;/p&gt;




&lt;h2&gt;
  
  
  Git commands
&lt;/h2&gt;

&lt;h3&gt;
  
  
  /git-commit
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/git-commit.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Look at the currently staged changes with `git diff --cached`. Write a conventional commit message following the format: `type(scope): description`. Types: feat, fix, docs, style, refactor, test, chore. Keep the subject line under 72 characters. Add a body if the change is non-obvious. Output only the commit message, nothing else.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; You stop writing commit messages. Claude reads your actual staged diff and writes a message that's specific to what you changed. No more "fix stuff" commits.&lt;/p&gt;




&lt;h3&gt;
  
  
  /git-pr
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/git-pr.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Run `git log main..HEAD --oneline` and `git diff main...HEAD --stat`. Write a pull request description with: ## Summary (3 bullet points max), ## Changes (file-level breakdown), ## Test Plan (checklist of what to verify), ## Screenshots (placeholder if UI changed). Be specific — name the actual files and functions changed.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; PR descriptions that actually describe the change. Takes 30 seconds instead of 10 minutes. The diff context makes it specific to your actual code, not a generic template.&lt;/p&gt;




&lt;h3&gt;
  
  
  /git-changelog
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/git-changelog.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Run `git describe --tags --abbrev=0` to find the last tag, then `git log {last_tag}..HEAD --oneline --no-merges`. Group commits into: ### Added, ### Changed, ### Fixed, ### Removed. Format as Keep a Changelog (keepachangelog.com). Use today's date. Output only the changelog entry block.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  /git-blame-why
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/git-blame-why.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;For the file and line number I specify, run `git log -L {line},{line}:{file} --follow -p` to get the full history of that line. Explain: what the line does now, what it used to do, why it changed, and whether the current implementation looks intentional or like a temporary fix. Reference the actual commit messages.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; Every codebase has lines that look wrong. Before you "fix" something, this command tells you if it was changed for a reason — and what that reason was. Saved me from breaking a business rule I didn't know existed.&lt;/p&gt;




&lt;h3&gt;
  
  
  /git-branch-cleanup
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/git-branch-cleanup.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Run `git branch --merged main` to find merged branches, and `git for-each-ref --sort=committerdate refs/heads/ --format='%(refname:short) %(committerdate:relative)'` to find stale ones. List branches safe to delete grouped by: Merged into main, Stale (no commits in 30+ days). Output a single `git branch -d branch1 branch2...` command to delete all of them at once.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Testing commands
&lt;/h2&gt;

&lt;h3&gt;
  
  
  /test-write
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/test-write.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Write tests for the file/function I point you to. Use the testing framework already in the project (check package.json). Cover: happy path, edge cases, error conditions, boundary values. Write tests that would have caught real bugs — not just tests that confirm the obvious. Use descriptive test names that read like sentences. Don't mock things that don't need mocking.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; The key instruction is "tests that would have caught real bugs." Without that, AI-generated tests tend to be tautological — they just verify the happy path you already wrote.&lt;/p&gt;




&lt;h3&gt;
  
  
  /test-gaps
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/test-gaps.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the test files in this project. For each tested module, identify: untested functions, untested branches (if/else paths not covered), missing error case tests, missing edge cases. Output a prioritized list — most critical gaps first. For the top 3 gaps, write the actual missing test.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  /test-mock
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/test-mock.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Look at the types, interfaces, and data shapes in the file I specify. Generate factory functions that create realistic test data for each type. Use faker-style realistic values (real-looking names, emails, IDs) not placeholder strings like "test" or "foo". Export each factory. Make them composable — partial overrides should work.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; Most test factories are garbage — &lt;code&gt;name: "test"&lt;/code&gt;, &lt;code&gt;email: "test@test.com"&lt;/code&gt;. This one explicitly instructs realistic values and composable overrides, which is how you build test data you can actually trust.&lt;/p&gt;




&lt;h3&gt;
  
  
  /test-mutation
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/test-mutation.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Analyze the function and its tests. Mentally apply these mutations and check if the tests would catch them: flip a comparison operator (&amp;gt; to &amp;gt;=), return null instead of the expected value, skip a conditional branch, change an off-by-one. List each mutation that the current tests would miss. This tells us exactly where the test suite has blind spots.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; Coverage metrics lie. 90% coverage can still miss the mutation that flips &lt;code&gt;&amp;gt;&lt;/code&gt; to &lt;code&gt;&amp;gt;=&lt;/code&gt; in your billing logic. This command tells you where your tests have blind spots without needing a mutation testing tool installed.&lt;/p&gt;




&lt;h2&gt;
  
  
  Debugging commands
&lt;/h2&gt;

&lt;h3&gt;
  
  
  /debug-trace
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/debug-trace.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;I'll paste a stack trace. Find the root cause — not the symptom. Trace back through the call stack to the point where something first went wrong, not just where it crashed. Explain: what the error means, why it happened (the real reason, not "null is not an object"), what state the application was in when it occurred, and the one-line fix. If you need to see specific files, ask for them.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; The instruction "not the symptom" is load-bearing. Without it, you get an explanation of the error message you already read. With it, you get the reason three stack frames up that caused the null in the first place.&lt;/p&gt;




&lt;h3&gt;
  
  
  /debug-memory
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/debug-memory.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the code I point to for memory leaks. Common patterns to find: event listeners not removed on unmount, intervals/timeouts not cleared, large objects held in closures, React state that grows unbounded, subscriptions not unsubscribed. For each leak found: show where memory is allocated, show where it should be freed but isn't, write the fix.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  /debug-race
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/debug-race.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the async code I point to for race conditions. Find: multiple async operations that assume sequential execution, shared state modified by concurrent operations, missing await keywords that cause out-of-order execution, fetch requests that could return in wrong order. For each race condition: describe the scenario where it causes a bug, write the fix (AbortController, mutex, state machines, etc.).
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  Code review commands
&lt;/h2&gt;

&lt;h3&gt;
  
  
  /review-security
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/review-security.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the code I point to for security vulnerabilities. Check for: SQL injection, XSS (cross-site scripting), CSRF, insecure direct object references, sensitive data in logs or responses, missing authentication/authorization checks, hardcoded secrets or API keys, dependency vulnerabilities (check package.json versions). For each issue found: severity (Critical/High/Medium/Low), description, and the exact fix. Don't report false positives — only flag real issues.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;



&lt;p&gt;&lt;strong&gt;Why this matters:&lt;/strong&gt; "Don't report false positives" is intentional. Most security audit prompts without that instruction produce a wall of low-confidence warnings that train you to ignore the output. This one asks Claude to be conservative and specific.&lt;/p&gt;




&lt;h3&gt;
  
  
  /review-performance
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/review-performance.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the code I point to for performance issues. Find: O(n²) or worse algorithms that could be O(n), unnecessary re-computation inside loops, missing memoization, database queries in loops (N+1), large payloads being transferred when smaller ones would work, synchronous operations blocking the event loop. For each issue: current complexity, better approach, estimated improvement.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h3&gt;
  
  
  /review-accessibility
&lt;/h3&gt;

&lt;p&gt;&lt;strong&gt;File:&lt;/strong&gt; &lt;code&gt;.claude/commands/review-accessibility.md&lt;/code&gt;&lt;br&gt;
&lt;/p&gt;

&lt;div class="highlight js-code-highlight"&gt;
&lt;pre class="highlight plaintext"&gt;&lt;code&gt;Review the component/HTML I point to for accessibility issues. Check: missing alt text on images, form inputs without labels, buttons without accessible text, color contrast (flag anything that might fail), keyboard navigation (can you tab through everything?), missing ARIA attributes where needed, focus management, screen reader experience. Output a prioritized list with WCAG criterion references. Include the fix for each.
&lt;/code&gt;&lt;/pre&gt;

&lt;/div&gt;






&lt;h2&gt;
  
  
  How I organize these in my projects
&lt;/h2&gt;

&lt;p&gt;I keep a global set in &lt;code&gt;~/.claude/commands/&lt;/code&gt; — the git, debugging, and review commands that apply to any project. Then each project has its own &lt;code&gt;.claude/commands/&lt;/code&gt; with project-specific things: a &lt;code&gt;/seed-db&lt;/code&gt; command that knows the specific schema, a &lt;code&gt;/deploy-staging&lt;/code&gt; command with the actual deployment steps for that project.&lt;/p&gt;

&lt;p&gt;The separation matters. Global commands should be generic enough to work anywhere. Project commands can be as specific as you want — reference actual file paths, actual test commands, actual service names.&lt;/p&gt;




&lt;h2&gt;
  
  
  What to do when a command gives mediocre output
&lt;/h2&gt;

&lt;p&gt;Slash commands are prompts. If the output isn't what you want, edit the &lt;code&gt;.md&lt;/code&gt; file. The most common improvement: add more specificity about the output format, or add a constraint that prevents the common failure mode.&lt;/p&gt;

&lt;p&gt;For &lt;code&gt;/test-write&lt;/code&gt;, I added "Write tests that would have caught real bugs" after getting several tests that just verified the function returns something. For &lt;code&gt;/review-security&lt;/code&gt;, I added "Don't report false positives" after getting a wall of theoretical warnings.&lt;/p&gt;

&lt;p&gt;Treat the commands as living documents. The first version is a starting point.&lt;/p&gt;




&lt;h2&gt;
  
  
  The full set
&lt;/h2&gt;

&lt;p&gt;This article covers 15 commands across git, testing, debugging, and review. If you want all 75 across those categories plus refactoring, documentation, database, deployment, security, and performance — along with 10 CLAUDE.md templates and 8 hooks configurations — I packaged everything into the &lt;a href="https://techsmith62.gumroad.com/l/bkgzav" rel="noopener noreferrer"&gt;Claude Code Power User Kit&lt;/a&gt; ($29). Drop-in files, organized by category, ready to use the same day.&lt;/p&gt;

&lt;p&gt;But honestly, the 15 commands above will already change how you use Claude Code. Start there.&lt;/p&gt;




&lt;h2&gt;
  
  
  Quick reference
&lt;/h2&gt;

&lt;div class="table-wrapper-paragraph"&gt;&lt;table&gt;
&lt;thead&gt;
&lt;tr&gt;
&lt;th&gt;Command&lt;/th&gt;
&lt;th&gt;When to use it&lt;/th&gt;
&lt;/tr&gt;
&lt;/thead&gt;
&lt;tbody&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/git-commit&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Before every commit — let Claude read the diff&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/git-pr&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Branch is ready for review&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/git-blame-why&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Before "fixing" code that looks wrong&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/test-write&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;New function with no tests&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/test-gaps&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Pre-release audit&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/test-mutation&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Want to know where tests are weak&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/debug-trace&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Have a stack trace to diagnose&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/debug-memory&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Suspected memory leak&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/debug-race&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Async code with intermittent failures&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/review-security&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Pre-deploy security check&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/review-performance&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Noticing slowness, want a targeted audit&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td&gt;&lt;code&gt;/review-accessibility&lt;/code&gt;&lt;/td&gt;
&lt;td&gt;Before shipping any UI changes&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;
&lt;/table&gt;&lt;/div&gt;

&lt;p&gt;The pattern across all of these: specific instructions produce specific output. The more precisely you tell Claude what to look for and what format to use, the more consistently useful the result.&lt;/p&gt;

&lt;p&gt;If you're already using Claude Code and haven't tried custom slash commands, this is the lever worth pulling.&lt;/p&gt;

</description>
      <category>claudecode</category>
      <category>productivity</category>
      <category>webdev</category>
      <category>tools</category>
    </item>
  </channel>
</rss>
