Comprehensive code documentation skill — use this any time documentation is requested, after any significant code change, when onboarding a new subsystem, au...
---
name: code-documentation
description: >
Comprehensive code documentation skill — use this any time documentation is requested, after
any significant code change, when onboarding a new subsystem, auditing existing docs for accuracy,
or when asked to "document", "update docs", "write docs", or "clean up comments". Covers three
tightly coupled concerns: (1) inline file/function headers in source code, (2) subsystem-level
.md docs, and (3) global architecture + API reference docs. Always apply this skill — do not
improvise documentation standards. Also triggers for requests like "add comments", "document
this file", "our docs are out of date", "generate API reference", or after a PR or feature branch
is completed.
---
# Code Documentation Skill
## Purpose
This skill governs how code is documented at every level — from individual file headers to
global architecture docs. Apply it consistently across all projects. When in doubt: document
the *why*, not the *what*. The code already says what it does.
---
## Phase 0 — Before You Write Anything
1. **Scan the repo structure.** Understand what exists before touching anything.
2. **Identify subsystems.** Group files by domain (Auth, Billing, API Layer, etc.).
3. **Read existing docs first.** Check `/docs/` in both frontend and backend. Note what's
present, missing, or stale.
4. **Confirm the active branch.** Never document against stale or wrong code.
---
## Phase 1 — Source File Standards
Apply to every file that is ≥ 20 lines OR is imported by other modules.
### 1.1 — Line 1: Full Path Comment
The very first line of every source file must be a comment containing the file's full path
from the project root. Use the comment syntax appropriate to the language.
```js
// src/services/auth/tokenService.js
```
```py
# src/services/auth/token_service.py
```
### 1.2 — File Header Block (lines 2–N)
Immediately after the path comment, add a header block. Use the language's block comment
syntax. This block is mandatory and must be kept accurate.
```
/**
* File: src/services/auth/tokenService.js
*
* Overview:
* Issues, validates, and refreshes JWT tokens for authenticated sessions.
* Exists to centralise all token logic so Auth routes stay thin.
*
* Exports:
* - issueToken(userId, role) → signed JWT string
* - verifyToken(token) → decoded payload or throws
* - refreshToken(oldToken) → new signed JWT string
*
* Imported By:
* - src/routes/auth.js
* - src/middleware/requireAuth.js
*
* Imports:
* - jsonwebtoken — signing/verification
* - config/env — JWT_SECRET, TOKEN_TTL
*
* Notes:
* - Tokens expire in 15 min; refresh window is 7 days.
* - verifyToken throws on expiry — callers must handle.
*/
```
**Rules:**
- Keep it current. If you add an export, update Exports. If a new file imports this, update
Imported By.
- Do not pad with boilerplate. Every line must be accurate and useful.
### 1.3 — Function Headers
Top of every non-trivial function (any function with logic beyond a single expression):
```js
/**
* Signs a new JWT for the given user. Embeds userId and role in payload.
* Throws if JWT_SECRET is not set in env.
*/
function issueToken(userId, role) { ... }
```
**Rules:**
- Max 2 sentences.
- Explain *why* the function exists or what makes it non-obvious, not just what it does.
- No parameter/return type breakdown unless the types are genuinely surprising.
### 1.4 — Inline Comment Rules
**Allowed (rare exceptions only):**
```js
const TIMEOUT = 5000 // 5 seconds
```
**Prohibited — remove on sight:**
| Pattern | Example | Why banned |
|---|---|---|
| Restating the code | `// enable proxy` above `proxy: true` | Zero information |
| Removed/old code notes | `// removed legacy handler` | Use git for history |
| Change log comments | `// changed to use v2 API` | Not a changelog |
| Section dividers | `// ---- helpers ----` | Use modules instead |
| Obvious steps | `// loop through users` above a users.forEach | Noise |
If you encounter these, **delete them**. They are clutter that erodes trust in real comments.
---
## Phase 2 — Subsystem Documentation
See `references/subsystem-doc.md` for the full template and field-by-field instructions.
**One `.md` file per subsystem, located at:**
- `/backend/docs/<subsystem>.md`
- `/frontend/docs/<subsystem>.md`
**Subsystem identification heuristics:**
- A cohesive domain handled by a directory or cluster of files
- Examples: `auth`, `billing`, `search`, `notifications`, `api-layer`, `data-layer`,
`file-upload`, `websockets`, `admin`, `onboarding`
**Discovery checklist — identify a subsystem when you find:**
- [ ] A directory with 3+ related files
- [ ] A shared service/utility used by 3+ other files
- [ ] A distinct API surface (routes/controllers grouped by concern)
- [ ] A background job or scheduled process
- [ ] A third-party integration (Stripe, S3, Twilio, etc.)
**If a subsystem doc already exists:**
- Compare it against current code
- Remove anything describing code that no longer exists
- Add anything the doc misses
- Update all file maps, function names, and flow diagrams
---
## Phase 3 — Global Architecture Document
Location: `/docs/architecture.md` (or `/backend/docs/architecture.md` depending on repo layout)
See `references/architecture-doc.md` for the full template.
Required sections:
1. System Overview — what this product does in 2–3 sentences
2. Subsystems — bulleted list, one-liner per subsystem, link to its `.md`
3. High-Level Diagram — ASCII or Mermaid, showing subsystem relationships
4. Tech Stack — language, framework, DB, cache, queue, infra
5. Cross-Cutting Concerns — how auth, error handling, validation, config, logging, and
testing work *across* the system (not per-subsystem)
---
## Phase 4 — API Reference
**Required if a backend exists.** Location: `/backend/docs/api.md`
For large backends: one file per subsystem, e.g. `/backend/docs/api-auth.md`,
`/backend/docs/api-billing.md`, then an index in `/backend/docs/api.md`.
See `references/api-reference.md` for the full endpoint template.
Every endpoint must document:
- Method + path
- Description (1 sentence — what this does for the caller)
- Request: path params, query params, body schema
- Response: success schema + status codes + error codes
- Source mapping: which controller file and service methods handle it
---
## Phase 5 — Validation Pass
After writing or updating docs, audit them:
```
## Documentation Audit
### Missing
- List any subsystem without a doc
### Outdated
- List any doc that references removed files, functions, or endpoints
### Incorrect
- List any wrong dependency, wrong export name, wrong flow description
### Recommendations
- Specific fixes with file locations
```
Do not skip this pass. Stale documentation is worse than none — it actively misleads.
---
## Enforcement Rules
These apply any time you touch code:
1. **Changed a function's logic?** → Update its header.
2. **Added or removed an export?** → Update the file header's Exports section.
3. **Added a new file that others import?** → Add the file header; update importers'
"Imported By" lists if practical.
4. **Added or changed an API endpoint?** → Update `api.md`.
5. **Structural change to a subsystem?** → Update that subsystem's `.md`.
6. **Added a new subsystem?** → Create its `.md` from the template in
`references/subsystem-doc.md`.
7. **Removed a file or feature?** → Find every doc that mentions it and remove those
references.
**Never leave documentation in a state that describes code that doesn't exist.**
---
## Quick Reference: What Goes Where
| Concern | Location |
|---|---|
| File path + module summary | Top of every source file |
| Function purpose | Top of every non-trivial function |
| Subsystem deep-dive | `/[frontend\|backend]/docs/<name>.md` |
| System-wide architecture | `/docs/architecture.md` |
| API contracts | `/backend/docs/api.md` (or per-subsystem) |
---
## Reference Files
- `references/subsystem-doc.md` — Full subsystem doc template + instructions
- `references/architecture-doc.md` — Full architecture.md template
- `references/api-reference.md` — Full API endpoint documentation template
don't have the plugin yet? install it then click "run inline in claude" again.
added explicit inputs section (repo access, git history, reference templates, language syntax), reorganized original phases into numbered procedure steps with clear in/out, extracted all decision logic into an if-else decision points section covering doc updates on code changes, formalized output contract with exact file locations and format requirements, and added concrete outcome signals for verification.
this skill governs code documentation at every level: from individual file headers to global architecture docs. use it whenever documentation is requested, after any significant code change, when onboarding a new subsystem, auditing existing docs for accuracy, or when asked to "document", "update docs", "write docs", or "clean up comments". the skill covers three tightly coupled concerns: (1) inline file and function headers in source code, (2) subsystem-level .md docs, and (3) global architecture plus API reference docs. always apply this skill instead of improvising documentation standards. document the why, not the what , the code already says what it does.
phase 0: scan and assess
/docs/, /backend/docs/, and /frontend/docs/ for existing documentation. note what's present, missing, or stale.phase 1: source file documentation
// src/services/auth/tokenService.js in js, # src/services/auth/token_service.py in python).// enable proxy above proxy: true), reference removed code (e.g., // removed legacy handler), serve as changelogs (e.g., // changed to use v2 API), use section dividers (e.g., // ---- helpers ----), or describe obvious steps (e.g., // loop through users). these are clutter that erode trust in real comments.const TIMEOUT = 5000 // 5 seconds, or return null // caller handles retries).phase 2: subsystem documentation
/backend/docs/<subsystem>.md or /frontend/docs/<subsystem>.md. use the template in references/subsystem-doc.md as your blueprint.phase 3: global architecture document
/docs/architecture.md (or /backend/docs/architecture.md depending on repo layout). use the template in references/architecture-doc.md.phase 4: API reference documentation
/backend/docs/api.md or, for large backends, create per-subsystem files like /backend/docs/api-auth.md, /backend/docs/api-billing.md, then link them in an index at /backend/docs/api.md.phase 5: validation audit
if the repo already has docs: then compare them against current code (step 12, step 18). remove references to removed code. update file maps and function signatures to match reality. else create new docs from the reference templates (steps 11-15).
if a function's logic changes: then update its header comment immediately (enforcement rule 1). else skip function header updates.
if you add or remove an export: then update the file header's exports section (enforcement rule 2). else do not modify the exports section.
if a new file is created that other files import: then create a file header for it and update the "imported by" sections in any importing files if you have visibility (enforcement rule 3). else skip importer updates.
if an API endpoint is added, changed, or removed:
then update /backend/docs/api.md (enforcement rule 4).
else do not modify api.md.
if a subsystem's internal structure or flow changes significantly:
then update that subsystem's .md doc (enforcement rule 5).
else do not modify subsystem docs.
if a brand new subsystem is created:
then create a new .md from the template in references/subsystem-doc.md (enforcement rule 6).
else do not create new subsystem docs.
if a file or feature is removed: then find every doc that mentions it and remove those references (enforcement rule 7). else do not prune docs.
if the repo has no reference templates: then consult the skill text for minimal inline templates (file header structure in phase 1, subsystem structure in phase 2, architecture structure in phase 3, api structure in phase 4). else use the reference files as your authoritative blueprint.
if documentation audit finds stale references: then fix or remove them before considering the skill complete. else proceed to publish docs.
successful documentation deliverables appear in these locations:
/backend/docs/<name>.md or /frontend/docs/<name>.md with directory structure, file map, exported functions, workflows, dependencies, and error handling documented./docs/architecture.md or /backend/docs/architecture.md exists with system overview, subsystems list (linked), high-level diagram, tech stack, and cross-cutting concerns./backend/docs/api.md exists (or per-subsystem api-*.md files with an index). every endpoint lists method, path, description, request schema, response schema, status codes, and source mapping.data format: markdown (.md) files with standard block comment syntax in source code (js, python, go, ruby, etc.). diagrams may be ascii art or mermaid syntax.
you know this skill worked when:
credits: original skill by encryptshawn (clawhub). enriched to implexa quality standards.