feat: add antigravity workflows playbooks and orchestration skill

Introduce the first Antigravity Workflows foundation with machine-readable workflow metadata, a dedicated orchestration skill, and onboarding docs that explain when to use bundles versus workflows. This reduces multi-skill friction for common goals like SaaS MVP delivery, security audits, AI agent builds, and browser QA.

Co-authored-by: Cursor <cursoragent@cursor.com>

docs/FAQ.md

@@ -11,12 +11,23 @@
 Skills are specialized instruction files that teach AI assistants how to handle specific tasks. Think of them as expert knowledge modules that your AI can load on-demand.
 **Simple analogy:** Just like you might consult different experts (a lawyer, a doctor, a mechanic), these skills let your AI become an expert in different areas when you need them.
 
-### Do I need to install all 626+ skills?
+### Do I need to install all 700+ skills?
 
 **No!** When you clone the repository, all skills are available, but your AI only loads them when you explicitly invoke them with `@skill-name`.
 It's like having a library - all books are there, but you only read the ones you need.
 **Pro Tip:** Use [Starter Packs](BUNDLES.md) to install only what matches your role.
 
+### What is the difference between Bundles and Workflows?
+
+- **Bundles** are curated recommendations grouped by role or domain.
+- **Workflows** are ordered execution playbooks for concrete outcomes.
+
+Use bundles when you are deciding *which skills* to include. Use workflows when you need *step-by-step execution*.
+
+Start from:
+- [BUNDLES.md](BUNDLES.md)
+- [WORKFLOWS.md](WORKFLOWS.md)
+
 ### Which AI tools work with these skills?
 
 - ✅ **Claude Code** (Anthropic CLI)

docs/GETTING_STARTED.md

@@ -15,7 +15,7 @@ AI Agents (like **Claude Code**, **Gemini**, **Cursor**) are smart, but they lac
 
 ## ⚡️ Quick Start: The "Starter Packs"
 
-Don't panic about the 626+ skills. You don't need them all at once.
+Don't panic about the 700+ skills. You don't need them all at once.
 We have curated **Starter Packs** to get you running immediately.
 
 You **install the full repo once** (npx or clone); Starter Packs are curated lists to help you **pick which skills to use** by role (e.g. Web Wizard, Hacker Pack)—they are not a different way to install.
@@ -52,6 +52,21 @@ Find the bundle that matches your role (see [BUNDLES.md](BUNDLES.md)):
 
 ---
 
+## 🧭 Bundles vs Workflows
+
+Bundles and workflows solve different problems:
+
+- **Bundles** = curated sets by role (what to pick).
+- **Workflows** = step-by-step playbooks (how to execute).
+
+Start with bundles in [BUNDLES.md](BUNDLES.md), then run a workflow from [WORKFLOWS.md](WORKFLOWS.md) when you need guided execution.
+
+Example:
+
+> "Use **@antigravity-workflows** and run `ship-saas-mvp` for my project idea."
+
+---
+
 ## 🚀 How to Use a Skill
 
 Once installed, just talk to your AI naturally.
@@ -103,7 +118,7 @@ _Check the [Skill Catalog](../CATALOG.md) for the full list._
 
 ## ❓ FAQ
 
-**Q: Do I need to install all 626 skills?**
+**Q: Do I need to install all 700+ skills?**
 A: You clone the whole repo once; your AI only _reads_ the skills you invoke (or that are relevant), so it stays lightweight. **Starter Packs** in [BUNDLES.md](BUNDLES.md) are curated lists to help you discover the right skills for your role—they don't change how you install.
 
 **Q: Can I make my own skills?**

docs/WORKFLOWS.md

@@ -0,0 +1,174 @@
+# Antigravity Workflows
+
+> Workflow playbooks to orchestrate multiple skills with less friction.
+
+## What Is a Workflow?
+
+A workflow is a guided, step-by-step execution path that combines multiple skills for one concrete outcome.
+
+- **Bundles** tell you which skills are relevant for a role.
+- **Workflows** tell you how to use those skills in sequence to complete a real objective.
+
+If bundles are your toolbox, workflows are your execution playbook.
+
+---
+
+## How to Use Workflows
+
+1. Install the repository once (`npx antigravity-awesome-skills`).
+2. Pick a workflow matching your immediate goal.
+3. Execute steps in order and invoke the listed skills in each step.
+4. Keep output artifacts at each step (plan, decisions, tests, validation evidence).
+
+You can combine workflows with bundles from [BUNDLES.md](BUNDLES.md) when you need broader coverage.
+
+---
+
+## Workflow: Ship a SaaS MVP
+
+Build and ship a minimal but production-minded SaaS product.
+
+**Related bundles:** `Essentials`, `Full-Stack Developer`, `QA & Testing`, `DevOps & Cloud`
+
+### Prerequisites
+
+- Local repository and runtime configured.
+- Clear user problem and MVP scope.
+- Basic deployment target selected.
+
+### Steps
+
+1. **Plan the scope**
+   - **Goal:** Define MVP boundaries and acceptance criteria.
+   - **Skills:** [`@brainstorming`](../skills/brainstorming/), [`@concise-planning`](../skills/concise-planning/), [`@writing-plans`](../skills/writing-plans/)
+   - **Prompt example:** `Usa @concise-planning per definire milestones e criteri di accettazione del mio MVP SaaS.`
+
+2. **Build backend and API**
+   - **Goal:** Implement core entities, APIs, and auth baseline.
+   - **Skills:** [`@backend-dev-guidelines`](../skills/backend-dev-guidelines/), [`@api-patterns`](../skills/api-patterns/), [`@database-design`](../skills/database-design/)
+   - **Prompt example:** `Usa @backend-dev-guidelines per creare API e servizi del dominio billing.`
+
+3. **Build frontend**
+   - **Goal:** Ship core user flow with clear UX states.
+   - **Skills:** [`@frontend-developer`](../skills/frontend-developer/), [`@react-patterns`](../skills/react-patterns/), [`@frontend-design`](../skills/frontend-design/)
+   - **Prompt example:** `Usa @frontend-developer per implementare onboarding, empty state e dashboard iniziale.`
+
+4. **Test and validate**
+   - **Goal:** Cover critical user journeys before release.
+   - **Skills:** [`@test-driven-development`](../skills/test-driven-development/), [`@browser-automation`](../skills/browser-automation/), `@go-playwright` (optional, Go stack)
+   - **Prompt example:** `Usa @browser-automation per creare test E2E sui flussi signup e checkout.`
+   - **Go note:** Se il progetto QA e tooling sono in Go, preferisci `@go-playwright`.
+
+5. **Ship safely**
+   - **Goal:** Release with observability and rollback plan.
+   - **Skills:** [`@deployment-procedures`](../skills/deployment-procedures/), [`@observability-engineer`](../skills/observability-engineer/)
+   - **Prompt example:** `Usa @deployment-procedures per una checklist di rilascio con rollback.`
+
+---
+
+## Workflow: Security Audit for a Web App
+
+Run a focused security review from scope definition to remediation validation.
+
+**Related bundles:** `Security Engineer`, `Security Developer`, `Observability & Monitoring`
+
+### Prerequisites
+
+- Explicit authorization for testing.
+- In-scope targets documented.
+- Logging and environment details available.
+
+### Steps
+
+1. **Define scope and threat model**
+   - **Goal:** Identify assets, trust boundaries, and attack paths.
+   - **Skills:** [`@ethical-hacking-methodology`](../skills/ethical-hacking-methodology/), [`@threat-modeling-expert`](../skills/threat-modeling-expert/), [`@attack-tree-construction`](../skills/attack-tree-construction/)
+   - **Prompt example:** `Usa @threat-modeling-expert per mappare asset critici e trust boundaries della mia web app.`
+
+2. **Review auth and access control**
+   - **Goal:** Detect account takeover and authorization flaws.
+   - **Skills:** [`@broken-authentication`](../skills/broken-authentication/), [`@auth-implementation-patterns`](../skills/auth-implementation-patterns/), [`@idor-testing`](../skills/idor-testing/)
+   - **Prompt example:** `Usa @idor-testing per verificare accessi non autorizzati su endpoint multitenant.`
+
+3. **Assess API and input security**
+   - **Goal:** Uncover high-impact API and injection vulnerabilities.
+   - **Skills:** [`@api-security-best-practices`](../skills/api-security-best-practices/), [`@api-fuzzing-bug-bounty`](../skills/api-fuzzing-bug-bounty/), [`@top-web-vulnerabilities`](../skills/top-web-vulnerabilities/)
+   - **Prompt example:** `Usa @api-security-best-practices per audit endpoint auth, billing e admin.`
+
+4. **Harden and verify**
+   - **Goal:** Convert findings into fixes and verify evidence of mitigation.
+   - **Skills:** [`@security-auditor`](../skills/security-auditor/), [`@sast-configuration`](../skills/sast-configuration/), [`@verification-before-completion`](../skills/verification-before-completion/)
+   - **Prompt example:** `Usa @verification-before-completion per provare che le mitigazioni sono effettive.`
+
+---
+
+## Workflow: Build an AI Agent System
+
+Design and deliver a production-grade agent with measurable reliability.
+
+**Related bundles:** `Agent Architect`, `LLM Application Developer`, `Data Engineering`
+
+### Prerequisites
+
+- Narrow use case with measurable outcomes.
+- Access to model provider(s) and observability tooling.
+- Initial dataset or knowledge corpus.
+
+### Steps
+
+1. **Define target behavior and KPIs**
+   - **Goal:** Set quality, latency, and failure thresholds.
+   - **Skills:** [`@ai-agents-architect`](../skills/ai-agents-architect/), [`@agent-evaluation`](../skills/agent-evaluation/), [`@product-manager-toolkit`](../skills/product-manager-toolkit/)
+   - **Prompt example:** `Usa @agent-evaluation per definire benchmark e criteri di successo del mio agente.`
+
+2. **Design retrieval and memory**
+   - **Goal:** Build reliable retrieval and context architecture.
+   - **Skills:** [`@llm-app-patterns`](../skills/llm-app-patterns/), [`@rag-implementation`](../skills/rag-implementation/), [`@vector-database-engineer`](../skills/vector-database-engineer/)
+   - **Prompt example:** `Usa @rag-implementation per progettare pipeline di chunking, embedding e retrieval.`
+
+3. **Implement orchestration**
+   - **Goal:** Implement deterministic orchestration and tool boundaries.
+   - **Skills:** [`@langgraph`](../skills/langgraph/), [`@mcp-builder`](../skills/mcp-builder/), [`@workflow-automation`](../skills/workflow-automation/)
+   - **Prompt example:** `Usa @langgraph per implementare il grafo agente con fallback e human-in-the-loop.`
+
+4. **Evaluate and iterate**
+   - **Goal:** Improve weak points with a structured loop.
+   - **Skills:** [`@agent-evaluation`](../skills/agent-evaluation/), [`@langfuse`](../skills/langfuse/), [`@kaizen`](../skills/kaizen/)
+   - **Prompt example:** `Usa @kaizen per prioritizzare le correzioni sulle failure modes rilevate dai test.`
+
+---
+
+## Workflow: QA and Browser Automation
+
+Create resilient browser automation with deterministic execution in CI.
+
+**Related bundles:** `QA & Testing`, `Full-Stack Developer`
+
+### Prerequisites
+
+- Test environments and stable credentials.
+- Critical user journeys identified.
+- CI pipeline available.
+
+### Steps
+
+1. **Prepare test strategy**
+   - **Goal:** Scope journeys, fixtures, and execution environments.
+   - **Skills:** [`@e2e-testing-patterns`](../skills/e2e-testing-patterns/), [`@test-driven-development`](../skills/test-driven-development/)
+   - **Prompt example:** `Usa @e2e-testing-patterns per definire suite E2E minima ma ad alto impatto.`
+
+2. **Implement browser tests**
+   - **Goal:** Build robust test coverage with stable selectors.
+   - **Skills:** [`@browser-automation`](../skills/browser-automation/), `@go-playwright` (optional, Go stack)
+   - **Prompt example:** `Usa @go-playwright per implementare browser automation in un progetto Go.`
+
+3. **Triage and harden**
+   - **Goal:** Remove flaky behavior and enforce repeatability.
+   - **Skills:** [`@systematic-debugging`](../skills/systematic-debugging/), [`@test-fixing`](../skills/test-fixing/), [`@verification-before-completion`](../skills/verification-before-completion/)
+   - **Prompt example:** `Usa @systematic-debugging per classificare e risolvere le flakiness in CI.`
+
+---
+
+## Machine-Readable Workflows
+
+For tooling and automation, workflow metadata is available in [data/workflows.json](../data/workflows.json).