Skills are the unit of intelligence
A skill is a packaged capability — attrition risk, sprint autopsy, board report, what-if simulation. 49 ship in the box. Each one runs identically across API, MCP, chat, reports, and alerts. Author your own; sandbox them; ship them to your team. A community marketplace lands Q1 2027.
One skill, five surfaces
Most analytics platforms ship dashboards. A dashboard lives in one place — the web UI — and rewrites itself when you want it in Slack, in a PDF, in an AI chat, or in an MCP tool. Four implementations of the same logic, four places it can drift.
Gitrevio ships skills. A skill declares its inputs and outputs as JSON Schema and a prompt template. The same skill is callable from the REST API, from any MCP client, from AI chat, scheduled inside a report, or triggered by an alert rule.
This is structural leverage. Every new skill compounds across all five surfaces for every customer — no per-channel rewrite, no drift.
# skill: attrition_risk
name: attrition_risk
version: 1.4.0
prompt_version: 3
inputs:
- contributor_id: string
- horizon_days: int = 90
outputs:
- score: float [0, 1]
- factors: shapley[]
- recommended_actions: string[]
runs_in:
- api
- mcp
- chat
- reports
- alerts
49 builtin skills
Each ships day-one with golden tests, axiom verification where math applies, and a cost-attributed runtime. Mix and match in chat, schedule in reports, trigger from alerts.
Per-contributor risk score with Shapley factors. Engagement, review bottleneck, peer attrition, tenure plateau.
Sprint commitment vs delivery, drift broken into scope creep, estimation error, blockers, dependencies, PTO.
Six-section retro narrative auto-generated at sprint end. Data-driven root cause analysis.
20 signals composed into one drillable score with trend and per-component decomposition.
Per-PR risk score from file hotspots, author history, review coverage, test impact, change complexity, blast radius.
Lizard complexity + churn + AI-tagged TODO/FIXME + incident attribution. Velocity cost ranking.
File expertise + queue depth + review-quality history + AI-authorship match + timezone.
Time-to-first-PR / first-feature, ramp curves, mentor effectiveness vs org baseline.
Per-engineer ramp tracking with intervention recommendations.
Z-score + EWMA on 8 key metrics with Bayesian smoothing. Slack alerts include attribution.
Entropy of commit patterns per developer. Privacy-gated; opt-in by team.
Coding, reviewing, mentoring, pairing, onboarding, debugging — inferred from work patterns.
Copilot, Cursor, Claude Code adoption + acceptance + ROI per contributor and team.
File × contributor expertise reduced to single-points-of-failure. Cross-train recommendations.
Reachability DAG of who can ship what. Risk-weighted by criticality.
K-means / GMM clustering yields 4–8 behavioral types per org. Data-driven, not titles.
Lognormal MLE per team. p50/p75/p90 completion dates, calibrated, with risk-factor decomposition.
Eight scenarios: departure, hiring, restructuring, reassignment, vacation, AI rollout, framework migration, contractor.
Shapley decomposition with axiom-verified library. Efficiency, symmetry, dummy-player, linearity.
Formal reachability on the import DAG. Affected files, services, teams. Runs locally via LocalGit.
Composed: bus_factor + blast_radius + what_if for a specific contributor.
Composed: org_health + plan_vs_reality + attrition_risk + anomaly_detection. The 'how are we doing?' answer.
Composed: per-team velocity + quality + collaboration + sustainability rolled up.
Composed: review queues + dependency wait + handoff failures across teams.
Composed: org_health + ai_impact + plan_vs_reality + risk_register, narrated for executive audiences.
Composed: forecast + what_if + cost-of-delay analysis. 'Is this worth doing?'
Composed: highlights + risks + recommendations across the org, narrative-driven.
Composed: onboarding_cohort + mentor effectiveness + benchmark vs prior cohorts.
Per-PR narrative: risk score, blast radius, recommended reviewers, AI-authorship signal.
Per-incident: contributing PRs, contributors, services. Pairs with PagerDuty / Opsgenie when those land.
# Author and install a custom skill
$ cat skills/standup_summary.gskill.yaml
name: standup_summary
version: 0.1.0
inputs: [team_id]
outputs: [highlights, blockers, owners]
prompt: prompts/standup.md
cost_cap_usd: 0.05
$ gitrevio skills package skills/standup_summary
→ standup_summary-0.1.0.gskill (4.2 KB)
$ curl -X POST https://api.gitrevio.com/v1/skills/install \
-H "Authorization: Bearer gr_live_..." \
-F "package=@standup_summary-0.1.0.gskill"
→ installed: standup_summary v0.1.0
# Now visible in MCP, chat, reports, alerts
Custom skills via YAML
Write a manifest, validate it against JSON Schema, install it, run it. No arbitrary code execution — skills are sandboxed and the runtime enforces input/output contracts, content rules, and hallucination checks before anything leaves the box.
Manifest format is YAML, validated against a public JSON Schema. Inputs and outputs are typed; prompt files are referenced, not embedded; cost caps are enforced at runtime and tracked per customer per channel.
.gskill packaging is a tarball with a 10 MB cap and
zip-slip protection. Install via web UI, REST, or
gitrevio_skill_install in MCP.
Versioned per-customer. Skill version and prompt version are independent — iterate on prompts without bumping API contracts. Five example skills + an authoring guide ship with the platform.
12-step runtime, ≥85% coverage gate
Every skill execution flows through a hardened middleware pipeline. Identical for builtin and custom skills, identical across all five surfaces.
Authentication
API key validated; persona extracted; tenant role bound.
Input validation
Inputs parsed against JSON Schema; type coercion; defaults applied.
Rate-limit check
Per-key token bucket; per-skill RPM and concurrent-execution caps.
Cost cap
Per-customer monthly cap; per-skill per-call cap; aborts before AI call if budget exceeded.
Data load
Reader-role queries against per-customer Postgres role; no cross-tenant access path.
Prompt assembly
Prompt template + inputs + data; prompt-version tagged in audit log.
AI call (cached)
Anthropic with prompt caching enabled; cost attributed to customer + channel.
Output validation
Output parsed against JSON Schema; types enforced; missing required fields rejected.
Content rules
PII filters, injection-pattern checks, configurable block-lists per customer.
Hallucination check
Cross-validates output references against data actually loaded in step 5.
Audit log
Tool, params (PII-redacted), output hash, cost, duration written to durable sink.
Response
Structured output returned to caller in whatever surface invoked the skill.
Marketplace v1 → v2
v1 (Q4 2026, internal): Browse the builtin catalog, install custom skills your org has authored, activate or deactivate per-team. Lives inside your Gitrevio dashboard.
v2 (Q1 2027, community): Public marketplace. Three curation tiers — builtin, community-verified, community-experimental. Domain-specific skills published by the community: fintech risk, gaming, B2B SaaS, regulated industries.
Skills are durable leverage. Every new domain that gets a skill published benefits every customer who installs it — across all five surfaces, simultaneously.
Why this is a moat
Competitors ship dashboards. Gitrevio ships a platform whose unit of intelligence is portable across channels and authorable by customers.
Adding a new channel (Teams bot, IDE plugin) doesn't require rewriting analytics. Plug in the adapter; every existing skill works in the new channel on day one.
Adding a new domain (incident attribution, calendar correlation) is a YAML file. Author once, publish, every customer who needs it installs it.