TL;DR
- Extensions add new capabilities to GitHub Spec Kit: new commands, templates, integrations, checks, and delivery phases.
- Presets customize existing behavior: spec formats, plan templates, terminology, compliance sections, and team standards.
- The community ecosystem is active. The raw community catalog currently contains 109 extensions, updated on June 9, 2026.
- Treat community extensions like dependencies, not like snippets. Review source code, check maintainership, test in a sandbox repo, and pin versions.
- The safest team pattern is: community catalog for discovery, org catalog for approved extensions, project-local overrides for one-off exceptions.
- To create your own extension, start small: one focused command, a clear
extension.yml, a README, a license, a release zip, and installation tests. - The biggest opportunity is not “more commands.” It is designing extension gates around the places where your Spec Kit process currently leaks: brownfield discovery, product handoff, security review, architecture drift, QA traceability, and post-implementation review.
What You Will Learn Here
- What Spec Kit extensions are and when they are useful
- How extensions differ from presets and local overrides
- How to browse, install, and evaluate community extensions
- How to design a small extension for your own team’s workflow
- What files an extension needs
- How to publish an extension to the community catalog
- Which extension groups fit common engineering and product scenarios
- How I would level up a real team process with curated extensions
- Which gaps still deserve caution before betting your whole workflow on extensions
GitHub Spec Kit started as a practical way to make AI-assisted development less chaotic:
idea -> spec -> plan -> tasks -> implementationThat core loop is still the foundation. But the ecosystem around it is now the interesting part.
On June 10, 2026, I rechecked this article against the current GitHub Spec Kit README, the official Spec Kit docs, the extension reference, the community catalog, and the extension publishing guide. The commands and catalog mechanics below are source-backed. The team operating model is my synthesis for engineers and PMs who want to use extensions without turning their delivery process into a box of random prompts.
The Mental Model: Spec Kit Is Becoming a Workflow Platform
The official Spec Kit docs describe the core flow as:
Spec -> Plan -> Tasks -> ImplementThat gives your AI coding agent structured context instead of a single giant prompt.
Extensions change the question from:
"How do we use the default Spec Kit flow?"to:
"Where does our team need stronger workflow support?"That shift matters for PMs and engineers:
- PMs can add product-specific phases before implementation.
- Engineers can add architecture, security, quality, migration, and integration gates.
- Tech leads can turn repeated review rituals into reusable commands.
- Organizations can curate what is approved instead of letting every project invent its own prompt folder.
The official README now frames Spec Kit customization as a stack:
highest priority
project-local overrides .specify/templates/overrides/
presets .specify/presets/templates/
extensions .specify/extensions/templates/
Spec Kit core .specify/templates/
lowest priorityThat hierarchy is the key. You do not need to fork Spec Kit every time your team wants a different artifact or workflow.
Extensions vs Presets vs Overrides
Use this rule of thumb:
Need a new command or phase? Use an extension.
Need a different artifact format? Use a preset.
Need one project exception? Use a project-local override.Here is the practical split:
| Need | Best Fit | Example |
|---|---|---|
| Add Jira or Linear sync | Extension | /speckit.jira.sync |
| Add architecture drift review | Extension | /speckit.architecture.audit |
| Add a bugfix workflow | Extension | /speckit.bugfix.trace |
| Require compliance sections in every spec | Preset | Regulated spec template |
| Rename sections for your product org | Preset | ”Opportunity”, “Scope”, “Non-goals” |
| Patch one repo’s plan template | Local override | .specify/templates/overrides/plan-template.md |
The trap is using extensions for everything. If you only need a different shape for spec.md, plan.md, or tasks.md, a preset is usually cleaner. If you need a new thing the agent can do, an extension is the right tool.
Spec Kit Extensions vs Agent Skills
Spec Kit extensions can feel similar to AI agent skills because both package reusable instructions, files, and conventions. The difference is where they live and what they are trying to improve.
An agent skill teaches an AI agent how to perform a kind of work well:
"Agent, learn how to do this kind of task."A Spec Kit extension adds a reusable step to the spec-driven delivery process:
"Spec Kit, add this command or workflow gate to our process."Here is the clean comparison:
| Concept | Spec Kit Extension | Agent Skill |
|---|---|---|
| Lives in | Spec Kit ecosystem | Agent runtime or assistant skill folder |
| Main job | Extend the Spec Kit workflow | Teach the agent a repeatable capability |
| Triggered by | Spec Kit extension commands and CLI behavior | User request, agent routing, or skill selection |
| Typical output | Specs, plans, tasks, audits, sync artifacts, workflow reports | Code, docs, images, spreadsheets, PRs, reviews, research |
| Best audience | Teams standardizing spec-driven delivery | People delegating specialized work to agents |
The overlap:
both are reusable packages for better agentic workThe difference:
Spec Kit extension = workflow plugin for spec-driven delivery
Agent skill = capability package for an AI agentThey can work together. For example, a Codex skill could teach an agent how your company wants to use Spec Kit, while a Spec Kit extension could add the actual /speckit.security.review command every project runs before implementation.
What Community Extensions Add
The community catalog has moved into real workflow territory. The community site currently highlights extensions such as:
- Brownfield Bootstrap
- Superspec
- Jira Integration
- V-Model Extension Pack
- Bugfix Workflow
- Spec2Cloud
- Verify Extension
- Agent Assign
The raw community catalog contained 109 extensions and was updated on June 9, 2026 when I checked it. A quick scan shows categories like:
- brownfield discovery
- architecture review
- API evolution
- bugfix traceability
- agent assignment
- Azure DevOps integration
- governance files
- implementation review
- security and QA gates
That tells us something useful: the ecosystem is not only about “make more code.” It is mostly growing around the missing controls teams need when AI agents start touching real repositories.
Scenario Playbooks: Extension Groups Worth Exploring
Think in scenarios before you think in extensions. A useful extension group should answer one team question:
"What recurring delivery problem are we trying to make visible, repeatable, and reviewable?"These groups are not install-all bundles. They are starting points for evaluation. Pick one scenario, test two or three extensions in a sandbox, and only promote the winners into your team catalog.
| Scenario | Team Problem | Extension Group to Explore |
|---|---|---|
| Brownfield adoption | ”We want Spec Kit, but the repo already exists and nobody trusts a blind rewrite.” | brownfield, brownkit, repoindex, time-machine, arch, architect-preview |
| Product-to-engineering handoff | ”Specs are technically valid, but PM intent, non-goals, and stakeholder language are weak.” | product, product-forge, critique, scope, wireframe, preview |
| Architecture governance | ”AI agents implement quickly, but architecture drift appears later in review.” | architecture-guard, architect-preview, arch, blueprint, ci-guard, plan-review-gate |
| Security and risk review | ”Security review happens too late or only after code is already merged.” | security-review, threatmodel, red-team, v-model, verify, ci-guard |
| QA and traceability | ”We cannot prove requirements map to tests and implementation.” | qa, spectest, v-model, reqnroll-bdd, verify, verify-tasks, docguard |
| Bugfix and maintenance | ”Fixes patch code but leave specs, plans, and operational knowledge behind.” | bugfix, fixit, fix-findings, reconcile, sync, retrospective |
| Multi-agent parallel delivery | ”Multiple agents or engineers need to work safely without stepping on each other.” | worktree, worktrees, agent-assign, team-assign, maqa, orchestrator, schedule, fleet |
| Project management sync | ”Spec Kit artifacts are good locally, but Jira, Linear, GitHub Issues, or Azure DevOps become stale.” | jira, jira-sync, linear, github-issues, issue, azure-devops, maqa-jira, maqa-linear, maqa-azure-devops, maqa-github-projects |
| Release and PR readiness | ”We need better PR descriptions, changelogs, release checks, and pre-flight confidence.” | pr-bridge, changelog, ship, ci-guard, verify, staff-review, review |
| Team memory and context | ”The agent forgets project decisions, and humans cannot tell what context was used.” | memory-loader, memory-md, memorylint, agent-governance, archive, spec-reference-loader, workiq, m365 |
| Cost and context control | ”Spec-driven workflows are useful, but token usage and context size are hard to manage.” | cost, token-analyzer, token-budget, optimize, tinyspec, speckit-utils |
| Extension and catalog development | ”We want to create, validate, and govern our own extensions and presets.” | extensify, presetify, catalog-ci, doctor, speckit-utils |
Here is how I would apply that in practice.
Scenario 1: Brownfield Repo Bootstrap
Use this when the team is adopting Spec Kit inside an existing codebase.
brownfield discovery
-> repo index
-> architecture synthesis
-> risk preview
-> first feature specCandidate group:
brownfield + brownkit + repoindex + arch + architect-previewExpected outputs:
- capability map
- architecture overview
- security and QA risk notes
- feature candidates
- first safe modernization slice
This group is good for engineering leads because it makes the current system legible before asking agents to change it.
Scenario 2: PM-to-Engineering Spec Hardening
Use this when ideas arrive as tickets, meeting notes, or loose product intent.
raw idea
-> product framing
-> critique
-> scope estimate
-> optional wireframe or preview
-> technical planCandidate group:
product + critique + scope + wireframe + previewExpected outputs:
- PRFAQ or Lean PRD
- stakeholder summary
- clarified non-goals
- scope and effort notes
- visual sign-off artifact when UI is involved
This group is especially useful for PMs because it raises product ambiguity before implementation starts.
Scenario 3: Secure-by-Design Delivery
Use this when a feature touches authentication, authorization, payments, user data, AI agents, integrations, or regulated workflows.
spec
-> adversarial review
-> threat model
-> security review
-> V-model traceability
-> verification gateCandidate group:
red-team + threatmodel + security-review + v-model + verify + ci-guardExpected outputs:
- adversarial spec review
- OWASP LLM threat notes when agent artifacts are involved
- plan-level security findings
- test and requirement traceability
- merge gate for missing artifacts
This group should be owned by engineering and security together. It is powerful, but it can become heavy if applied to every tiny change.
Scenario 4: Parallel Agent Delivery
Use this when several agents or engineers work on related tasks at the same time.
task breakdown
-> assign work
-> isolate worktrees
-> schedule dependencies
-> orchestrate progress
-> verify completionCandidate group:
worktree + agent-assign + team-assign + orchestrator + schedule + verify-tasksExpected outputs:
- isolated branches or worktrees
- per-agent or per-engineer task boards
- dependency-aware task order
- fewer file conflicts
- proof that checked tasks have real implementation behind them
This group is useful when the process problem is coordination, not specification quality.
Scenario 5: Delivery System Connected to Jira, Linear, or GitHub Issues
Use this when Spec Kit becomes the source of delivery truth, but the company still operates from a planning tool.
spec artifacts
-> issue hierarchy
-> sync/reconcile
-> board status updates
-> PR summaryCandidate groups:
jira + jira-sync + pr-bridge
linear + pr-bridge
github-issues + issue + pr-bridge
azure-devops + pr-bridgeFor multi-agent QA workflows, evaluate the matching MAQA board integration:
maqa + maqa-jira
maqa + maqa-linear
maqa + maqa-github-projects
maqa + maqa-azure-devopsExpected outputs:
- synced epics, stories, issues, or subtasks
- traceability between specs and planning objects
- fewer stale tickets
- PRs that explain the spec context
This group is a PM and engineering manager favorite because it reduces the gap between “the spec says” and “the board says.”
Scenario 6: Post-Implementation Quality Loop
Use this after implementation, before merge, or immediately after a risky AI-generated diff.
implementation
-> verify against spec
-> review code quality
-> detect side effects
-> reconcile drift
-> retrospectiveCandidate group:
verify + review + staff-review + ripple + sync + reconcile + retrospectiveExpected outputs:
- spec adherence report
- code review report
- side-effect analysis
- drift fixes or human-approved spec updates
- lessons for the next feature
This group is one of the strongest ways to level up AI-assisted delivery because it accepts reality: specs change, code drifts, and reviews need structure.
Scenario 7: Org-Level Spec Kit Platform
Use this when Spec Kit is no longer one team’s experiment and needs platform ownership.
catalog governance
-> extension validation
-> memory governance
-> cost visibility
-> project health
-> release automationCandidate group:
extensify + catalog-ci + doctor + memorylint + cost + token-budget + shipExpected outputs:
- validated internal extension catalog
- healthier Spec Kit project structure
- cleaner agent memory boundaries
- budget visibility
- repeatable release checks
This is the group for platform engineering, staff engineers, or developer productivity teams.
The Safer Adoption Flow
Do not install community extensions directly into production repositories just because the command looks useful.
Use this flow:
discover
-> inspect source
-> test in sandbox
-> pin version
-> add to org catalog
-> install in project
-> review first outputs
-> document team usageIn command form:
# Discover available extensions
specify extension search
# Filter by topic when you know what you need
specify extension search architecture
specify extension search --tag testing
# Inspect metadata before installation
specify extension info architecture-guard
# Install from a catalog after review
specify extension add architecture-guard
# List what is installed in the project
specify extension list
# Update intentionally, not accidentally
specify extension update architecture-guardFor experiments, use a disposable repo or worktree first:
git worktree add ../sandbox-spec-kit-extension-test -b test/spec-kit-extension
cd ../sandbox-spec-kit-extension-test
specify extension add architecture-guard
specify extension listThe point is not bureaucracy. The point is that extension commands become part of how your AI agent reads, writes, and reasons about the repository. That deserves the same care you would give to a build plugin, GitHub Action, or code generation tool.
How to Evaluate a Community Extension
Before a team adopts an extension, ask these questions:
| Check | Why It Matters |
|---|---|
| Is the repository public and readable? | You need to inspect what the extension actually does. |
Is there a valid extension.yml? | The manifest is the contract with Spec Kit. |
| Are commands documented? | Engineers and PMs need predictable behavior. |
| Does it declare required tools? | Hidden dependencies break onboarding. |
| Is there a release zip? | Catalog installs should be versioned and repeatable. |
Does it write files outside .specify/, docs, or expected integration folders? | Unexpected write scope is a process risk. |
| Does it call external APIs? | You may need secrets, rate limits, or legal review. |
| Are outputs reviewable Markdown? | Spec Kit works best when humans can review artifacts. |
| Does it fit your process vocabulary? | A great extension with the wrong mental model creates friction. |
For engineers, the key question is:
"Would I be comfortable reviewing a PR created after this command runs?"For PMs, the key question is:
"Does this make intent, scope, risk, or acceptance criteria clearer?"If the answer is no, skip it.
When to Build Your Own Extension
Build your own extension when the same workflow gap appears across multiple features or repositories.
Good extension candidates:
- recurring security review checklist
- architecture impact preview
- product requirement quality review
- migration readiness assessment
- incident-to-bugfix workflow
- release notes generation from Spec Kit artifacts
- QA traceability from acceptance criteria to tests
- API contract evolution review
- design-system compliance review
Weak extension candidates:
- one team’s temporary naming preference
- a single project’s custom template
- a prompt that only one person understands
- anything that cannot produce reviewable output
- commands that hide decisions instead of surfacing them
The best extensions are boring in the right way. They make a repeated team habit easier to run, easier to review, and harder to forget.
Example: A Small “Spec Health” Extension
Imagine your team repeatedly ships specs with the same gaps:
- unclear non-goals
- missing acceptance criteria
- no telemetry notes
- no rollout strategy
- vague PM/engineering ownership
You could create a small extension that reviews the current feature spec and writes a health report before planning starts.
The workflow:
PM writes feature idea
-> /speckit.specify
-> /speckit.spec-health.audit
-> fix gaps in spec
-> /speckit.plan
-> /speckit.tasks
-> /speckit.implementThe extension file layout:
spec-kit-spec-health/
extension.yml
README.md
LICENSE
CHANGELOG.md
commands/
audit.md
docs/
examples.mdThe manifest:
schema_version: "1.0"
extension:
id: "spec-health"
name: "Spec Health"
version: "1.0.0"
description: "Review feature specs for clarity, risk, and delivery readiness."
author: "Your Team"
repository: "https://github.com/your-org/spec-kit-spec-health"
license: "MIT"
homepage: "https://github.com/your-org/spec-kit-spec-health"
requires:
speckit_version: ">=0.8.0"
provides:
commands:
- name: "speckit.spec-health.audit"
file: "commands/audit.md"
description: "Audit the active feature spec before planning."
tags:
- "quality"
- "product"
- "planning"The command file can be simple:
# Spec Health Audit
Audit the active Spec Kit feature before technical planning.
## Inputs
- Active feature branch
- Current feature spec under `specs/`
- Project constitution
- Any available product notes in the repository
## Instructions
1. Find the active feature spec.
2. Read the project constitution.
3. Evaluate the spec against this rubric:
- problem clarity
- target users
- explicit non-goals
- acceptance criteria
- edge cases
- telemetry or observability notes
- rollout and rollback notes
- unresolved questions
4. Write a report to `specs/<feature>/spec-health.md`.
5. Do not modify application code.
6. If critical gaps exist, recommend blocking `/speckit.plan` until the spec is updated.
## Output Format
Create a Markdown report with:
- Summary
- Blockers
- Warnings
- Suggested spec edits
- PM questions
- Engineering questionsThat is enough to start. You do not need an elaborate automation layer on day one. A good extension can begin as one well-scoped command that improves a decision point.
Test It Locally Before Publishing
The publishing guide recommends testing both local development installation and release installation.
For local development:
specify extension add --dev /path/to/spec-kit-spec-health
specify extension listFor release-style installation:
specify extension add spec-health \
--from https://github.com/your-org/spec-kit-spec-health/archive/refs/tags/v1.0.0.zipThen test on a real Spec Kit project:
create sample feature
-> run core Spec Kit command
-> run your extension command
-> inspect generated files
-> remove extension
-> reinstall from release zip
-> repeatYour test is not only “does the command appear?” The real test is:
"Does this extension improve the artifact quality enough that humans trust the next phase?"Publishing Your Extension
The official publishing path is:
prepare extension
-> validate extension.yml
-> write README and license
-> create GitHub release
-> test install from release archive
-> submit extension issue
-> maintainer verifies catalog metadata
-> extension becomes searchableThe guide is explicit about a few important requirements:
- include a valid
extension.yml - include a README with installation and usage instructions
- include a license
- use semantic versioning
- create a GitHub release
- test on a real project
- submit through the Extension Submission issue template
- do not directly open a pull request against
catalog.community.json
That last point matters. Maintainers verify catalog metadata, but they do not audit or endorse the extension code itself. Users still need to review source code before installation.
The Team Operating Model I Recommend
For one developer, the flow can be casual. For a team, it needs light governance.
I would run it like this:
Community catalog
-> discovery only
Team review
-> source review
-> sandbox install
-> output review
-> security check if external APIs are used
Org catalog
-> approved extension list
-> pinned versions
-> documented usage
Project install
-> install only approved extensions
-> record why each one exists
-> review generated artifacts in PRsYour internal catalog.json becomes the equivalent of a package allowlist:
{
"schema_version": "1.0",
"extensions": {
"spec-health": {
"name": "Spec Health",
"id": "spec-health",
"description": "Review feature specs for clarity, risk, and delivery readiness.",
"author": "Your Team",
"version": "1.0.0",
"download_url": "https://github.com/your-org/spec-kit-spec-health/archive/refs/tags/v1.0.0.zip",
"repository": "https://github.com/your-org/spec-kit-spec-health",
"license": "MIT",
"requires": {
"speckit_version": ">=0.8.0"
},
"provides": {
"commands": 1,
"hooks": 0
},
"tags": ["quality", "product", "planning"],
"verified": false
}
}
}Then teams install from the curated source instead of browsing the internet from every repo.
The official docs also mention SPECKIT_CATALOG_URL as a way to point the CLI at an organization catalog:
export SPECKIT_CATALOG_URL="https://your-org.com/spec-kit/catalog.json"
specify extension searchThis is the enterprise-friendly path: discover in public, approve internally, install consistently.
Where Extensions Can Level Up Your Process
Here is how I would map common delivery problems to extension ideas:
| Process Gap | Extension Idea | Output |
|---|---|---|
| Specs are too vague | Spec health audit | spec-health.md |
| Existing code is poorly understood | Brownfield discovery | capability map |
| Plans ignore architecture constraints | Architecture impact preview | risk report |
| Security review happens too late | Security gate before tasks | security checklist |
| QA cannot trace tests to requirements | V-model or QA traceability | test mapping |
| PMs lose visibility after tasks | Status/reporting extension | progress report |
| APIs break consumers | API evolution extension | compatibility report |
| Agents pick the wrong specialist | Agent assignment extension | task routing plan |
| Post-implementation review is inconsistent | Review extension | code/spec drift report |
The pattern is consistent:
make the invisible review step visible
make the visible review step repeatable
make the repeatable step installableThat is the real value of extensions.
Practical Rollout Plan
If I were introducing this to a team, I would not begin with five extensions.
I would use a four-week rollout:
Week 1: Baseline
Use only core Spec Kit.
Capture where specs, plans, and tasks break down.
Week 2: One community extension
Pick one pain point.
Test one extension in a sandbox.
Review generated artifacts with engineers and PMs.
Week 3: One internal extension
Create a tiny command for your team's most repeated review.
Keep output Markdown-only.
Avoid external APIs at first.
Week 4: Curate
Create an org catalog.
Pin versions.
Document when each extension should run.The rollout goal is not maximum automation. The goal is a better delivery rhythm.
Gaps and Cautions
The ecosystem is promising, but there are still real gaps.
1. Trust is mostly on the user
The community catalog is useful for discovery, but maintainers do not audit extension code. Teams should treat extensions as third-party dependencies.
2. Output quality varies
Some extensions will be polished. Others will be experiments. Require sample outputs before adopting one.
3. Version drift can get messy
If every repository installs different extension versions, your process will fragment. Use pinned releases and an org catalog.
4. Extensions can encode bad process
An extension makes a workflow easier to repeat. That is dangerous if the workflow is unclear, political, or low quality.
5. PM-facing extensions need better UX
Many extensions are naturally engineering-heavy. There is a big opportunity for product-oriented extensions that help with scope, user value, rollout, and decision records.
6. Internal catalogs need ownership
Someone has to decide what is approved, update versions, and remove stale extensions. Without ownership, the catalog becomes another junk drawer.
Recommended Next Sections for a Future Article
This article is the ecosystem and creation guide. The next useful deep dives would be:
- a hands-on tutorial that builds the
spec-healthextension from scratch - a comparison of the most useful community extensions for brownfield repos
- an org catalog setup guide for private teams
- a PM-oriented guide to product extensions and presets
- a security review checklist for Spec Kit extensions
- a workflow that combines extensions with git worktrees for parallel feature delivery
Final Take
Spec Kit extensions are not just a plugin feature. They are a way to turn your team’s recurring delivery judgment into reusable workflow infrastructure.
The best use is not “install everything.” The best use is:
find the process gap
-> make the review explicit
-> encode it as a small command
-> test it on real work
-> curate it for the teamIf your Spec Kit process currently works for demos but gets fuzzy in production, extensions are probably the next lever to pull. Start with one pain point, one command, and one artifact humans actually want to review.
Source List
- GitHub Spec Kit README: core workflow, supported commands, customization stack, extension vs preset guidance, and community contribution note.
- GitHub Spec Kit docs home: current ecosystem positioning, integration count, extension/preset count, and organization catalog framing.
- Spec Kit Extensions reference:
specify extension search,add,list,info,update, enable/disable, priority, and catalog commands. - Spec Kit extensions README: community catalog purpose, organization catalog pattern, direct URL installation, and submission checklist.
- Spec Kit community extensions site: highlighted and recently updated community extensions.
- Spec Kit community catalog JSON: raw catalog metadata, update date, extension examples, tags, versions, commands, and hooks.
- Extension Development Guide: naming, documentation, versioning, security, compatibility, and example extension guidance.
- Extension Publishing Guide: required structure,
extension.ymlexample, release process, catalog submission flow, maintainer checks, and best practices. - Microsoft Developer Blog: Diving Into Spec-Driven Development With GitHub Spec Kit: helpful background on Spec Kit’s CLI, templates, and “works in your existing environment” design.