FEATURES / SKILLS

Skills are the unit of intelligence

A skill is a packaged capability — attrition risk, sprint autopsy, board report, what-if simulation. 30 ship in the box. Each one runs identically across API, MCP, chat, reports, and alerts. Author your own; sandbox them; ship them to your team. A community marketplace lands Q1 2027.

One skill, five surfaces

Most analytics platforms ship dashboards. A dashboard lives in one place — the web UI — and rewrites itself when you want it in Slack, in a PDF, in an AI chat, or in an MCP tool. Four implementations of the same logic, four places it can drift.

Gitrevio ships skills. A skill declares its inputs and outputs as JSON Schema and a prompt template. The same skill is callable from the REST API, from any MCP client, from AI chat, scheduled inside a report, or triggered by an alert rule.

This is structural leverage. Every new skill compounds across all five surfaces for every customer — no per-channel rewrite, no drift.

# skill: attrition_risk

name: attrition_risk

version: 1.4.0

prompt_version: 3

inputs:

- contributor_id: string

- horizon_days: int = 90

outputs:

- score: float [0, 1]

- factors: shapley[]

- recommended_actions: string[]

runs_in:

- api

- mcp

- chat

- reports

- alerts

30 builtin skills

Each ships day-one with golden tests, axiom verification where math applies, and a cost-attributed runtime. Mix and match in chat, schedule in reports, trigger from alerts.

attrition_risk

Per-contributor risk score with Shapley factors. Engagement, review bottleneck, peer attrition, tenure plateau.

plan_vs_reality

Sprint commitment vs delivery, drift broken into scope creep, estimation error, blockers, dependencies, PTO.

sprint_autopsy

Six-section retro narrative auto-generated at sprint end. Data-driven root cause analysis.

org_health_score

20 signals composed into one drillable score with trend and per-component decomposition.

release_risk

Per-PR risk score from file hotspots, author history, review coverage, test impact, change complexity, blast radius.

tech_debt_radar

Lizard complexity + churn + AI-tagged TODO/FIXME + incident attribution. Velocity cost ranking.

optimal_reviewer

File expertise + queue depth + review-quality history + AI-authorship match + timezone.

onboarding_cohort

Time-to-first-PR / first-feature, ramp curves, mentor effectiveness vs org baseline.

onboarding_analysis

Per-engineer ramp tracking with intervention recommendations.

anomaly_detection

Z-score + EWMA on 8 key metrics with Bayesian smoothing. Slack alerts include attribution.

context_switching

Entropy of commit patterns per developer. Privacy-gated; opt-in by team.

activity_classification

Coding, reviewing, mentoring, pairing, onboarding, debugging — inferred from work patterns.

ai_impact_report

Copilot, Cursor, Claude Code adoption + acceptance + ROI per contributor and team.

bus_factor

File × contributor expertise reduced to single-points-of-failure. Cross-train recommendations.

knowledge_graph

Reachability DAG of who can ship what. Risk-weighted by criticality.

typologies

K-means / GMM clustering yields 4–8 behavioral types per org. Data-driven, not titles.

forecast

Lognormal MLE per team. p50/p75/p90 completion dates, calibrated, with risk-factor decomposition.

what_if

Eight scenarios: departure, hiring, restructuring, reassignment, vacation, AI rollout, framework migration, contractor.

causal_attribution

Shapley decomposition with axiom-verified library. Efficiency, symmetry, dummy-player, linearity.

blast_radius

Formal reachability on the import DAG. Affected files, services, teams. Runs locally via LocalGit.

termination_impact

Composed: bus_factor + blast_radius + what_if for a specific contributor.

current_situation

Composed: org_health + plan_vs_reality + attrition_risk + anomaly_detection. The 'how are we doing?' answer.

performance_report

Composed: per-team velocity + quality + collaboration + sustainability rolled up.

bottleneck_audit

Composed: review queues + dependency wait + handoff failures across teams.

board_report

Composed: org_health + ai_impact + plan_vs_reality + risk_register, narrated for executive audiences.

project_forecast

Composed: forecast + what_if + cost-of-delay analysis. 'Is this worth doing?'

weekly_digest

Composed: highlights + risks + recommendations across the org, narrative-driven.

cohort_onboarding_report

Composed: onboarding_cohort + mentor effectiveness + benchmark vs prior cohorts.

pr_review_summary

Per-PR narrative: risk score, blast radius, recommended reviewers, AI-authorship signal.

incident_attribution

Per-incident: contributing PRs, contributors, services. Pairs with PagerDuty / Opsgenie when those land.

Custom skills via YAML

Write a manifest, validate it against JSON Schema, install it, run it. No arbitrary code execution — skills are sandboxed and the runtime enforces input/output contracts, content rules, and hallucination checks before anything leaves the box.

# Author and install a custom skill

$ cat skills/standup_summary.gskill.yaml

name: standup_summary

version: 0.1.0

inputs: [team_id]

outputs: [highlights, blockers, owners]

prompt: prompts/standup.md

cost_cap_usd: 0.05

$ gitrevio skills package skills/standup_summary

→ standup_summary-0.1.0.gskill (4.2 KB)

$ curl -X POST https://api.gitrevio.com/v1/skills/install \

-H "Authorization: Bearer gr_live_..." \

-F "package=@standup_summary-0.1.0.gskill"

→ installed: standup_summary v0.1.0

$ # Now visible in MCP, chat, reports, alerts

Manifest format is YAML, validated against a public JSON Schema. Inputs and outputs are typed; prompt files are referenced, not embedded; cost caps are enforced at runtime and tracked per customer per channel.

.gskill packaging is a tarball with a 10 MB cap and zip-slip protection. Install via web UI, REST, or gitrevio_skill_install in MCP.

Versioned per-customer. Skill version and prompt version are independent — iterate on prompts without bumping API contracts. Five example skills + an authoring guide ship with the platform.

12-step runtime, 92.88% test coverage

Every skill execution flows through a hardened middleware pipeline. Identical for builtin and custom skills, identical across all five surfaces.

1. Authentication

API key validated; persona extracted; tenant role bound.

2. Input validation

Inputs parsed against JSON Schema; type coercion; defaults applied.

3. Rate-limit check

Per-key token bucket; per-skill RPM and concurrent-execution caps.

4. Cost cap

Per-customer monthly cap; per-skill per-call cap; aborts before AI call if budget exceeded.

5. Data load

Reader-role queries against per-customer Postgres role; no cross-tenant access path.

6. Prompt assembly

Prompt template + inputs + data; prompt-version tagged in audit log.

7. AI call (cached)

Anthropic with prompt caching enabled; cost attributed to customer + channel.

8. Output validation

Output parsed against JSON Schema; types enforced; missing required fields rejected.

9. Content rules

PII filters, injection-pattern checks, configurable block-lists per customer.

10. Hallucination check

Cross-validates output references against data actually loaded in step 5.

11. Audit log

Tool, params (PII-redacted), output hash, cost, duration written to durable sink.

12. Response

Structured output returned to caller in whatever surface invoked the skill.

Marketplace v1 → v2

v1 (Q4 2026, internal): Browse the builtin catalog, install custom skills your org has authored, activate or deactivate per-team. Lives inside your Gitrevio dashboard.

v2 (Q1 2027, community): Public marketplace. Three curation tiers — builtin, community-verified, community-experimental. Domain-specific skills published by the community: fintech risk, gaming, B2B SaaS, regulated industries.

Skills are durable leverage. Every new domain that gets a skill published benefits every customer who installs it — across all five surfaces, simultaneously.

Why this is a moat

Competitors ship dashboards. Gitrevio ships a platform whose unit of intelligence is portable across channels and authorable by customers.

Adding a new channel (Teams bot, IDE plugin) doesn't require rewriting analytics. Plug in the adapter; every existing skill works in the new channel on day one.

Adding a new domain (incident attribution, calendar correlation) is a YAML file. Author once, publish, every customer who needs it installs it.

One skill, five surfaces. Author once, deliver everywhere.

Get started free