Specialists are pre-built convention packs that add domain expertise to the SDD workflow. They install asDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/jorgeferrando/sdd-skills/llms.txt
Use this file to discover all available pages before exploring further.
.md files into openspec/steering/ and are read automatically by /sdd-apply, /sdd-audit, and /sdd-verify. No new agents, no new phases — same workflow, more knowledge.
Available specialists
Each specialist ships with amanifest.yaml that declares its name, scope, and severity. The table below is drawn directly from those manifests.
| Specialist | Severity | What it adds |
|---|---|---|
| accessibility | Important | WCAG-aware accessibility advisor — semantic HTML, ARIA, keyboard navigation, contrast, screen reader support. For projects with user-facing UI. |
| anti-overengineering | Important | Detects premature abstractions, unnecessary patterns, and speculative design. Advises all agents to keep code simple and proportional to the actual problem. |
| async-node | Critical / Important | Node.js async/concurrency advisor — async/await correctness, unhandled rejections, child_process safety, stream handling, and timeout discipline for Node.js backends. |
| clean-arch | Important | Clean architecture advisor — enforces domain/application/infrastructure layer separation, dependency inversion, and port/adapter isolation so business logic never depends on frameworks or external services. |
| llm | Important | LLM integration advisor — prompt construction, response validation, context management, prompt injection prevention, and model selection for projects that call Claude or other LLMs. |
| nodejs-patterns | Important | Node.js performance and functional design advisor — event loop awareness, immutability, pure functions, no shared mutable state, stream backpressure, and worker threads for CPU-bound work. |
| observability | Important | Observability advisor — structured logging, log levels, correlation IDs, what to log and what never to log, and how to trace async operations across pipeline phases. |
| performance | Important | Prevents common performance pitfalls — N+1 queries, unbounded data loading, missing pagination, unnecessary computation. Not premature optimization, just avoiding known traps. |
| readability | Important | Enforces descriptive naming, clear structure, and code that reads like prose. No abbreviations, no clever tricks, no implicit behavior. |
| result-pattern | Important | Result/Either monad advisor — models expected errors as values, reserves try/catch for infrastructure boundaries, and eliminates implicit throws from domain and application code. |
| security | Critical | OWASP-aware security advisor — injection prevention, authentication, secrets management, input validation, and secure defaults. Classifies vulnerabilities as Critical. |
| tdd | Critical | Enforces Test-Driven Development — tests are written BEFORE implementation. Changes task ordering (test first, code second) and prevents code without a failing test. |
| testing | Important | Expert in test design — proper test doubles, no redundant tests, behavior-focused assertions. Advises sdd-apply and sdd-verify to write tests that are maintainable and meaningful. |
Installing specialists
Runinstall-specialist.sh from the root of the sdd-skills repository. The script reads specialists/*/manifest.yaml and copies each specialist’s .md convention files into your project’s openspec/steering/ directory.
openspec/steering/, every subsequent skill invocation picks it up automatically — there is nothing else to configure. To remove a specialist and stop applying its rules, use --remove.
openspec/steering/ must already exist before you run the installer. If it doesn’t, run /sdd-init first to create the full steering scaffold.How specialists integrate
Selective loading
Skills load only the specialist files that are relevant to the current task. For example:conventions-testing.mdis loaded only when the task touches test files.conventions-security.mdis loaded only when the task touches authentication, API handlers, or input-processing code.conventions-simplicity.md(anti-overengineering) applies universally because itsapplies_tofield isall.
RFC 2119 severity levels
Specialists use the sameMUST / MUST NOT / SHOULD / SHOULD NOT / MAY levels as your project’s own conventions.md. Rules marked MUST are enforced as hard requirements; rules marked SHOULD are strong recommendations with room for justified exceptions.
How violations are classified
Critical
Blocks the PR. Applies to security and tdd violations. There is no acceptable level of known security risk, and code without a preceding failing test must be rewritten.
Important
Logged as technical debt. Most specialists operate at this level. The task can complete, but the finding must be addressed before the change is considered production-ready.
Minor
Stylistic or cosmetic. Logged for awareness; does not block progress. Common in readability and anti-overengineering at the MAY level.
Specialist deep-dive: security
The security specialist (conventions-security.md) covers the OWASP Top 10 and classifies all findings as Critical — meaning they block PRs. It is the only specialist that applies equally to every project regardless of language or framework.
A sample of rules from the file:
Injection (OWASP A03)
Injection (OWASP A03)
Secrets management
Secrets management
Input validation (OWASP A03)
Input validation (OWASP A03)
/sdd-audit a concrete checklist: string concatenation in SQL/HTML/shell, hardcoded secrets, missing input validation on HTTP handlers, SELECT * results returned directly to clients, and so on.
Specialist deep-dive: tdd
The tdd specialist (conventions-tdd.md) is the only specialist that changes the structure of the workflow itself — it rewrites how /sdd-tasks orders its output.
Normal task ordering (without tdd):
/sdd-apply directly:
- The test MUST run and fail (Red) before any implementation code is written.
- Only the minimum code to make the test pass is written (Green).
- All tests run after each implementation to verify no regressions.
- New behavior during refactoring requires a new Red test first.