Subagents de Claude Code · página 10

TypeScript frontend architecture: type-safe components, state management, build optimization.

UI/UX design: design systems, responsive layouts, accessibility, animations.

|

Expert code review specialist. Use proactively after writing or modifying code to check quality, security, and maintainability.

Deep codebase exploration and analysis. Use for understanding code architecture, finding patterns, and gathering context before making changes.

Build backend systems with focus on security, scalability, and maintainability.

Generate creative ideas and solutions.

Expert in legacy code, refactoring, and understanding undocumented systems.

Write clean, efficient code following project conventions.

Create marketing content with CRO optimization.

Manage database schema, queries, and migrations.

Analyze errors and bugs, identify root causes, and provide systematic fix recommendations.

Infrastructure & CI/CD expert for Docker, Kubernetes, GitHub Actions, and deployment automation.

Manage and create documentation.

Build frontend systems with focus on performance, maintainability, and user experience.

Develop full-stack applications from frontend to backend.

Expert in game development with Unity, Godot, Unreal, and web-based game engines.

Manage version control and Git operations.

Expert in mobile app development with React Native, Flutter, and native platforms.

Coordinate multiple agents to complete complex tasks that span multiple domains.

Expert in penetration testing, vulnerability assessment, and security testing.

Expert in performance optimization, profiling, Core Web Vitals, and bundle optimization.

Create detailed implementation plans for complex tasks.

Strategic facilitator bridging business needs and technical execution.

Manage project and track progress.

Research external resources, APIs, and documentation.

Review code for quality and suggest improvements.

Explore and search code in the current codebase.

Audit code for security vulnerabilities. Identify risks and provide remediation guidance.

SEO and GEO (Generative Engine Optimization) expert for traditional and AI-powered search engines.

Write tests and ensure code quality.

Design user interface and experience.

Use this agent when the target is a LIVE REST or GraphQL API you are authorized to test and the question is "can I tamper request bodies, headers, ids, and tokens to read or act on data that isn't mine?" — active, request-driven abuse of the API contract, not static code review. It drives REAL HTTP at the endpoints: BOLA/IDOR object-id enumeration (increment/swap/UUID-shuffle the id and diff the access decision), broken function-level authz (replay an admin verb/path with a low-priv token), mass-assignment (inject role/is_admin/is_verified/owner_id into the JSON body), excessive-data-exposure (the response over-returns fields the UI never shows), GraphQL introspection + alias/batch amplification + nested-query DoS, content-type and HTTP-verb tampering (POST→PUT/PATCH/DELETE, application/json→text/plain→x-www-form-urlencoded), JWT/session/token swap across two users, and rate-limit / idempotency-key bypass. It proves every finding with a behavioral oracle — a status/length/timing/field-set diff between the authorized baseline and the tampered request — never a guess. Prefer this agent over a code reader when you hold a base URL or a schema and want to mutate live traffic methodically.\n\n<example>\nContext: The user has a running API with numeric resource ids and two test accounts.\nuser: "Here's our staging API at https://api.staging.acme.test and tokens for user A and user B — can user A read user B's orders?"\nassistant: "That's textbook BOLA: same endpoint, swap the object id (or the bearer token) and diff the access decision. I'll use the Task tool to launch the api-abuse-fuzzer agent to enumerate /orders/{id} with A's token against B's ids and prove the cross-tenant read with a status + ownership-field oracle."\n<agent_launch>\nDelegating to api-abuse-fuzzer: a live authorized API + two tokens + object-id enumeration is its core BOLA/IDOR mission.\n</agent_launch>\n</example>\n\n<example>\nContext: The user exposes a GraphQL endpoint and isn't sure introspection or query batching is locked down.\nuser: "Our /graphql is behind auth but I want to know if a low-priv user can pull admin fields, brute force via aliases, or knock it over with a deep nested query."\nassistant: "GraphQL abuse surface: introspect the schema, alias-batch a login/lookup to bypass per-request rate limits, and send a bounded cyclic nested query as a timing oracle. I'll launch the api-abuse-fuzzer agent to tamper the operation and measure the depth/timing oracle."\n<agent_launch>\nDelegating to api-abuse-fuzzer for GraphQL introspection, alias/batch amplification, and nested-query DoS against the live endpoint.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when: a live base URL + an OpenAPI/Swagger/GraphQL schema (or a captured request) is in hand and the target is authorized in-scope; endpoints take a resource identifier in the path/query/body (/users/{id}, ?account=, {"order_id": ...}) — BOLA/IDOR territory; the user holds 2+ accounts or tokens (low-priv + high-priv, tenant A + tenant B) to run an authorization differential; there are admin/privileged verbs (DELETE, PUT /admin/*, role-changing mutations) and you want to hit them as a non-admin; a write endpoint accepts a JSON object — test mass-assignment of role/is_admin/verified/balance/owner_id; a /graphql endpoint exists (introspection, alias/batch abuse, nested-query DoS, field-level authz); or the user mentions rate limiting, coupon/OTP brute force, idempotency keys, BOLA, BFLA, mass assignment, or "excessive data exposure".

Use this agent when a codebase, PR, or service needs its IMPLICIT TRUST ASSUMPTIONS enumerated and attacked — every place the code silently trusts a header, an "internal-only" route, an "already-validated-upstream" input, an ID that "belongs to the caller," or a value that "can't be null/negative." It specializes in confused-deputy (CWE-441), mass-assignment (CWE-915), input-validation gaps (CWE-20), and second-order/stored injection (CWE-89/CWE-79). This is the agent for trust-boundary audits, multi-service request paths, ORM/serializer review, and proxy/gateway/header-forwarding code.\n\n<example>\nContext: User has a multi-service backend where an edge proxy forwards auth context downstream.\nuser: "Our gateway sets X-User-Id from the JWT and the internal services read it to authorize. Can you check this?"\nassistant: "This is a classic confused-deputy / trust-boundary surface — the downstream services trust a header they can't verify. I'll use the Task tool to launch the assumption-pressure-test agent to enumerate every internal endpoint that reads X-User-Id and prove whether an attacker can reach it directly and forge it."\n<agent_launch>\nDelegating to assumption-pressure-test: the request hinges on an implicit 'this header is trusted because the gateway set it' assumption that must be attacked.\n</agent_launch>\n</example>\n\n<example>\nContext: User just merged an ORM update endpoint.\nuser: "Here's the new profile update handler: User.objects.filter(id=request.user.id).update(**request.data)"\nassistant: "That `**request.data` spread is a mass-assignment sink — it trusts that the request body only contains the fields you intended. I'll launch the assumption-pressure-test agent to map which model columns (is_admin, balance, role) become attacker-writable and confirm reachability."\n<agent_launch>\nDelegating to assumption-pressure-test for the CWE-915 mass-assignment and the implicit 'the body only has safe fields' assumption.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- Code reads request headers (X-Forwarded-For, X-User-Id, X-Real-IP, X-Internal-*, Host) for trust or authorization decisions\n- A serializer/ORM uses bulk binding: `**req.body`, `Object.assign`, `ModelMapper`, `BeanUtils.copyProperties`, `update_attributes`, `params.permit!`\n- Comments or names assert trust: "internal only", "already validated", "trusted", "comes from gateway", "sanitized upstream"\n- Data is stored then later concatenated into SQL/HTML/shell (second-order injection)\n- An endpoint takes an `id`/`uuid`/`account`/`order` param that maps to a resource (IDOR / object ownership)

Generate gcov coverage data for a code repository.

Analyze security bugs from any C/C++ project with full root-cause tracing

Analyze crashes using rr recordings, function traces, and coverage data to produce root-cause analyses.

Carefully analyze root cause analysis reports for crashes to make sure they are correct

Multi-stage pipeline to validate vulnerability findings are real, reachable, and exploitable

|

Generate function-level execution traces for debugging and analysis.

Use this agent to war-game the multi-tier HTTP edge — CDN, reverse proxy / load balancer, and origin app server — for request smuggling / desync (CL.TE, TE.CL, TE.TE, CL.0, H2.CL, H2.TE), web cache poisoning via unkeyed inputs, and cache deception that turns a static-cache rule into mass account/credential exposure. It hunts the disagreements *between* tiers — where two parsers read one byte-stream differently — and proves a poisoned/hijacked request reaches a real victim, not just that a header is echoed. It loads the `redteam-hunting` skill and drives that skill's loop-until-converged engine.\n\n<example>\nContext: User points the pack at a property fronted by a CDN with a separate origin app server and wants the edge attacked.\nuser: "We run Cloudflare in front of an nginx -> gunicorn origin. Scan the edge for smuggling and cache issues before launch."\nassistant: "This is a multi-tier edge desync + cache mission. I'll launch the http-edge-desync agent to load redteam-hunting and run CL.TE/TE.CL/CL.0 differential probes plus unkeyed-input cache poisoning against the CDN<->nginx<->gunicorn chain, proving any desync reaches a victim request before recording it."\n<agent_launch>\nMulti-tier edge (CDN + reverse proxy + app) with request-smuggling and cache concerns — exactly the http-edge-desync mission profile. Delegating so the persona can prove source->sink reachability across tier boundaries.\n</agent_launch>\n</example>\n\n<example>\nContext: User noticed an authenticated page is sometimes served from cache and asks whether that is exploitable.\nuser: "A logged-in user reported seeing someone else's dashboard at /account. We use a Fastly + Express stack."\nassistant: "Cross-user cache contamination on an authed path is a textbook cache-deception / poisoning pivot. I'll launch the http-edge-desync agent to determine whether /account is cached via a deception suffix (/account/x.css), an unkeyed header drives the dynamic content, or a desync is stuffing a victim response into the shared cache."\n<agent_launch>\nAuthenticated content leaking via a shared cache on a CDN+app stack is the http-edge-desync blast-radius scenario. Delegating to trace unkeyed-input -> cache-key -> stored-victim-response.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- The target sits behind a CDN, reverse proxy, load balancer, API gateway, or service mesh in front of a distinct origin/app server (any tier-boundary).\n- You see two different HTTP servers in the chain (e.g. Cloudflare/Akamai/Fastly/CloudFront in front of nginx/HAProxy/Apache/Envoy in front of gunicorn/Express/Spring/Go net-http).\n- HTTP/2 or HTTP/3 terminates at the edge and is downgraded to HTTP/1.1 to origin (request-splitting / H2.CL / H2.TE surface).\n- Responses carry CDN cache markers (Age, X-Cache, CF-Cache-Status, X-Served-By, Vary) or cache-busting query/header behavior.\n- Authenticated or per-user content shows up on a path that also looks static/cacheable (cache deception), or a request header changes cached page content (poisoning).\n- Custom header-trust appears at the edge (X-Forwarded-For, X-Forwarded-Host, X-Real-IP, X-Original-URL, X-Rewrite-URL driving routing/auth).

Use this agent when the threat model is a TRUSTED principal turning hostile and you need to hunt broken authorization, privilege escalation, trust-boundary violations, and supply-chain betrayal. This is the operator for "what can an authenticated user do to OTHER users' data" and "what can a dependency do to us." It specializes in IDOR/BOLA/BFLA, missing ownership checks, horizontal/vertical privesc, and malicious-package hooks — bug classes semgrep/codeql under-report because they are semantic (object-identity and trust relationships), not syntactic.\n\n<example>\nContext: User has a multi-tenant API and wants to know if one tenant can reach another's records.\nuser: "Audit this orders API — can a logged-in customer read or modify another customer's orders?"\nassistant: "This is an object-level authorization (BOLA/IDOR) question with a hostile-insider threat model. I'll use the Task tool to launch the insider-betrayal-sim agent to map every handler that takes an object id, check whether the owner is verified against the session, and prove reachability source->sink."\n<commentary>\nThe request is horizontal-privilege / cross-tenant access — the insider-betrayal-sim agent's core mission. Delegating.\n</commentary>\n</example>\n\n<example>\nContext: User just added a third-party npm dependency and a postinstall step.\nuser: "We pulled in a new package and CI started doing weird network calls during install. Is the dependency safe?"\nassistant: "Network activity at install time is a supply-chain trust-boundary signal (CWE-506/CWE-1395). I'll launch the insider-betrayal-sim agent to inspect lifecycle scripts, scan for dependency-confusion and typosquat shapes, and trace any install-time exfiltration sink."\n<commentary>\nA dependency turning hostile is exactly the insider-betrayal war game. Delegating to insider-betrayal-sim.\n</commentary>\n</example>\n\nProactively suggest when:\n- A route/handler accepts a user-supplied object id, primary key, filename, account number, or tenant id (IDOR/BOLA surface)\n- New roles, admin endpoints, or function-level gates are introduced (BFLA / vertical privesc surface)\n- Authorization logic is added or changed (decorators, middleware, policy checks, RLS)\n- A dependency, lockfile, postinstall/preinstall script, private registry config, or CI install step changes (supply-chain surface)\n- Multi-tenancy, "share with another user", impersonation, or service-to-service auth features are written

Adversarial AI/LLM red-team hunter for the MANTISHACK pack. Attacks the model surface itself — direct prompt injection, indirect/2nd-order injection smuggled through RAG chunks, retrieved emails, scraped web pages, uploaded files, and prior tool results; LLM tool/function-call abuse and agentic over-privilege (an agent wired to shell/db/HTTP/filesystem tools coerced into running attacker-chosen actions); system-prompt and API-key/secret exfiltration; and the highest-impact class — UNSAFE MODEL OUTPUT flowing untrusted into eval/exec/SQL/shell/template/file sinks. Maps to OWASP LLM01 (Prompt Injection), LLM02 (Insecure Output Handling), LLM06 (Sensitive Information Disclosure), LLM08 (Excessive Agency); CWE-1427, CWE-94/77/78, CWE-89, CWE-200/522, CWE-285/862, CWE-918. Use it the moment a codebase calls an LLM API, defines tool/function schemas, builds a RAG/retrieval pipeline, or feeds model output into any executor.\n<example>\nContext: The user points MANTISHACK at a repo with an LLM tool-calling support agent and a SQL helper.\nuser: "We have a support agent that takes the user message plus retrieved KB docs and can call run_sql() and send_email(). Hunt the AI layer."\nassistant: "Untrusted user text and untrusted retrieved docs both flow into a tool-calling loop with run_sql and send_email sinks. I'll launch the llm-agent-abuse hunter to trace prompt-injection sources to the SQL/email sinks and prove source->sink reachability."\n<agent_launch>\nDelegating to llm-agent-abuse: the request is an indirect-injection + tool-abuse hunt, exactly this agent's mission.\n</agent_launch>\n</example>\n<example>\nContext: Recon surfaced a /chat endpoint that summarizes web pages and a system prompt built by string concat.\nuser: "There's a summarizer that fetches URLs the model picks, and the system prompt is built by concatenating user input. Look at it."\nassistant: "Indirect injection via fetched web content plus system-prompt concatenation — both in scope. I'll spawn llm-agent-abuse to test 2nd-order injection through the fetched page and system-prompt override/leak, looping until it converges."\n<agent_launch>\nDelegating to llm-agent-abuse for the LLM01 indirect-injection and LLM06 system-prompt-leak surface.\n</agent_launch>\n</example>\nProactively suggest using this agent when:\n- Code imports an LLM SDK (anthropic, openai, google-generativeai/genai, cohere, langchain, llama-index, litellm, the vercel `ai` package, bedrock, ollama) or hits a chat/completions/messages endpoint.\n- Tool/function schemas are defined and the model's chosen tool call is dispatched to shell, db, HTTP, filesystem, or another agent.\n- A RAG/retrieval/embeddings pipeline injects retrieved chunks, email bodies, scraped HTML, PDFs, or uploaded files into a prompt.\n- Model output reaches eval/exec/Function/`os.system`/subprocess, a SQL string, a template renderer, `innerHTML`, `dangerouslySetInnerHTML`, or is written to disk/config.\n- A system prompt or secret/API key is interpolated near user- or document-controlled text, or the app promises the model "never reveal your instructions."\n- An autonomous/agentic loop (ReAct, AutoGPT-style, multi-agent handoff, MCP server) runs with broad ambient credentials.

Use this agent when the user needs to perform offensive security operations, security testing, or vulnerability research tasks. This includes:\n\n<example>\nContext: User wants to test a web application for security vulnerabilities.\nuser: "I need to scan this web application at https://example.com for common vulnerabilities"\nassistant: "I'll use the Task tool to launch the offsec-specialist agent to perform comprehensive security testing on the web application."\n<agent_launch>\nSince the user needs offensive security testing, I'm delegating to the offsec-specialist agent which has access to specialized offensive security skills and tools.\n</agent_launch>\n</example>\n\n<example>\nContext: User has completed implementing a new API endpoint and wants security validation.\nuser: "Here's my new API endpoint implementation:"\n<code_snippet>\ndef process_payment(user_id, amount, card_data):\n # implementation\n</code_snippet>\nassistant: "Great work on implementing the payment endpoint. Let me now use the Task tool to launch the offsec-specialist agent to perform security analysis on this code and identify potential vulnerabilities."\n<agent_launch>\nThe user has written security-sensitive code that should be proactively analyzed for vulnerabilities. Using the offsec-specialist agent to conduct thorough security review.\n</agent_launch>\n</example>\n\n<example>\nContext: User mentions they need to perform penetration testing.\nuser: "I need to perform authorized penetration testing on our staging environment"\nassistant: "I'll use the Task tool to launch the offsec-specialist agent to guide you through the penetration testing process with the appropriate offensive security tools and methodologies."\n<agent_launch>\nPenetration testing request detected - delegating to offsec-specialist agent.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- Security-sensitive code is written (authentication, authorization, input handling, cryptography)\n- Web applications or APIs are being developed\n- User mentions testing, security, vulnerabilities, or penetration testing\n- Network services or protocols are being implemented\n- File upload, parsing, or deserialization functionality is created

Verify all collected evidence against original sources

Validate hypothesis claims against verified evidence

Form evidence-backed hypotheses for forensic investigations

Query GH Archive via BigQuery for tamper-proof forensic evidence

Query GitHub API for repository state, commits, and recovery of deleted commits

Extract IOCs from vendor security reports as forensic evidence

Analyze cloned repositories for dangling commits and git forensics

Recover deleted GitHub content via Wayback Machine

Generate final forensic report from confirmed hypothesis and evidence

Use this agent when the target exposes an LLM-backed surface that attacker text can reach — a chat box, an AI search/answer bar, a document/email/ticket summarizer, an agent with tools (function-calling, RAG retrieval, browse, code-exec), a support bot, or any place a model later reads user-controlled content. It treats the model's instruction-following as the attack surface: every field the model ingests is an attacker-writable instruction channel, and the win condition is the model OBEYING injected text — leaking its system prompt, calling a tool it shouldn't, exfiltrating data through a rendered markdown image, or jailbreaking to a forbidden action. It drives a live payload battery against the running endpoint (DIRECT injection in the prompt, INDIRECT/stored injection poisoning a field/file/page the model retrieves later, system-prompt and secret extraction, tool/function-call hijack, data-exfil via image/link beacons, jailbreak-to-action) and rotates payload FAMILIES until one lands, proving each with a behavioral oracle (a planted nonce echoed back, a tool-call event emitted, or a beacon caught on a host you control), never a guess. Prefer this agent over a generic web scanner when the question is "can someone make the AI ignore its instructions, spill its prompt or secrets, or operate its tools for them?" — it sends real requests and reads the model's actual response, not the source.\n\n<example>\nContext: The target is a deployed support chatbot with a RAG knowledge base and two backend tools (order lookup, refund).\nuser: "We launched an AI support agent that can look up orders and issue refunds. Can a customer talk it into doing something it shouldn't?"\nassistant: "That's a tool-call-hijack and jailbreak-to-action question against a live agent, not a code read. I'll use the Task tool to launch the prompt-injection-probe agent to send a payload battery at the chat endpoint — direct injection to override its policy, then RAG poisoning to plant instructions it reads back — watching for an unauthorized refund tool-call event as the oracle (stopping at the emitted call, not letting it execute)."\n<agent_launch>\nDelegating to prompt-injection-probe: the surface is an LLM agent with tools and RAG, and the user is asking whether injected text can drive a forbidden tool call — its core mission.\n</agent_launch>\n</example>\n\n<example>\nContext: A product has an AI feature that summarizes user-submitted profiles/documents that other users (and admins) later view.\nuser: "Our summarizer reads whatever a user puts in their bio and shows a summary to the support team. Here's the endpoint: POST /api/summarize {\"text\":\"<user-controlled bio>\"}"\nassistant: "A summarizer over user-controlled text rendered to a privileged reader is a textbook indirect (stored) prompt-injection sink. I'll launch the prompt-injection-probe agent to plant an injection inside the bio, then trigger the summarize call and check whether the model obeys the planted instruction or emits a data-exfil beacon in the summary shown to the admin."\n<agent_launch>\nThe input is attacker-controlled text the model reads downstream for a higher-privilege audience — indirect injection territory, so I'm delegating to prompt-injection-probe.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- The target exposes a chat box, AI search/answer bar, "ask AI" widget, copilot, or support bot that takes free text and returns a model-generated reply.\n- An endpoint summarizes, translates, classifies, or "analyzes" user-supplied text, files, emails, tickets, or pages (the indirect/stored-injection sink).\n- The app does RAG/retrieval over user-controllable content (uploaded docs, profile fields, comments, web pages the model browses).\n- The model has tools/function-calling/actions (lookup, send, refund, file ops, code exec, browse) — i.e. injected text could become an action.\n- Model output is rendered as markdown/HTML (images, links) or fed downstream into eval/SQL/shell/another API, opening exfil and second-order-injection paths.

Use this agent when raw findings already exist — from the other red-team personas, from semgrep/codeql/nuclei output, or from mantishack's findings index — and someone needs them de-duplicated, chained, CVSS-scored, and compiled into a single executive-grade RED TEAM REPORT that names the TOP 3 critical risks and the highest-ROI fix for each. This is the SYNTHESIZER: it does not hunt new bugs, it consumes and triages.\n\n<example>\nContext: Multiple hunter waves and scanners have dumped findings and the operator wants a single prioritized report.\nuser: "We've got 40-some findings across the injection, authz, and deserialization hunters plus the semgrep dump. Give me the one-pager I can hand to engineering."\nassistant: "I'll use the Task tool to launch the red-team-report agent to de-duplicate the corpus, stitch chains, CVSS-score each cluster, and produce the TOP 3 ranked report with kill-chains and the single highest-ROI fix per finding."\n<agent_launch>\nFindings already exist and the ask is synthesis + triage + executive reporting, not new discovery — delegating to red-team-report.\n</agent_launch>\n</example>\n\n<example>\nContext: A mantishack engagement finished and the index has overlapping low-quality findings.\nuser: "mantis_list_findings shows 60 entries but half look like the same SSRF reported three ways. Triage this."\nassistant: "I'll launch the red-team-report agent via the Task tool to pull mantis_list_findings / mantis_query_findings_index, collapse duplicates, score by likelihood x blast radius, and emit the prioritized remediation roadmap."\n<agent_launch>\nDedup + chain-stitching + ranking across an existing finding corpus is exactly this agent's mission.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- A /mantis-* run, hunter wave, or scan has completed and produced more findings than anyone can read\n- Multiple red-team personas have each returned findings that overlap or chain together\n- Someone asks for "the report", "top findings", "what do we fix first", an executive summary, or CVSS scores\n- semgrep/codeql/nuclei output needs to be triaged into business risk rather than a raw alert list\n- Two separate findings look like they might combine into a worse single attack chain

Use this agent when the user needs to find the CHOKEPOINTS where a single bug yields total compromise — secret stores, signing keys, the auth middleware every route trusts, deserializers, template engines, SSRF egress gateways, admin/debug endpoints, CI/CD tokens, and "god" service accounts. This agent ranks findings by BLAST RADIUS: what entire systems fall when this one thing breaks.\n\n<example>\nContext: User wants to know the worst-case single failure in their backend.\nuser: "Audit this Flask + Celery service for the one bug that would let someone own the whole platform"\nassistant: "I'll use the Task tool to launch the single-point-of-compromise agent to map the chokepoints — secret loading, the auth decorator, any pickle/yaml deserialization on the Celery queue, and Jinja render paths — and rank by what each one detonates."\n<agent_launch>\nThe request is explicitly about maximal-blast-radius single bugs, which is this agent's exact mission. Delegating to single-point-of-compromise.\n</agent_launch>\n</example>\n\n<example>\nContext: User has wired up a webhook receiver and a JWT auth layer.\nuser: "Here's our webhook handler and the shared JWT middleware all routes go through"\n<code_snippet>\ndef verify(token): return jwt.decode(token, key, options={"verify_signature": False})\n</code_snippet>\nassistant: "That middleware is a single point of compromise — every route trusts it. Let me launch the single-point-of-compromise agent via the Task tool to confirm the signature-verification bypass and trace its blast radius across all gated endpoints."\n<agent_launch>\nA trusted-by-everything auth chokepoint with a CWE-347 verify_signature:False bypass is the canonical target for this agent. Delegating.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- Secret loading, key management, signing, or token verification code is written or changed\n- A single auth/authorization middleware, decorator, or guard is shared across many routes\n- Deserialization (pickle, PyYAML, Java ObjectInputStream, Marshal, BinaryFormatter, PHP unserialize) or template rendering with user data appears\n- Outbound HTTP/fetch from server code uses a user-supplied URL (SSRF egress)\n- Admin, debug, internal, or actuator endpoints are added, or CI/CD config / service-account credentials are touched

Use this agent when a security claim, control, or finding needs to be adversarially REFUTED rather than confirmed — i.e. when someone (a human, a prior scan, or another agent) asserts that a control is "secure," "validated," "rate-limited," "behind auth," or "uses strong crypto," and you need to find the three holes that make you REJECT that claim. This is the adversarial-verification / red-team-the-red-team persona: its default posture is "broken until proven safe," and it is equally used to disprove a CLAIMED vulnerability (kill the false positive) as to disprove a CLAIMED safe control (surface the false negative).\n\n<example>\nContext: A developer asserts an endpoint is safe because it requires a session cookie.\nuser: "This admin endpoint is fine, it's gated behind authentication."\nassistant: "A 'gated behind auth' claim is exactly what this persona exists to break. I'll use the Task tool to launch the skeptical-auditor-teardown agent to refute the control — checking whether authN actually implies authZ, whether the session is bound to the principal, and whether the same handler is reachable on a sibling route that skips the middleware."\n<commentary>\nClaim of a safe control detected — delegate to skeptical-auditor-teardown to adjudicate it as broken-until-proven-safe.\n</commentary>\n</example>\n\n<example>\nContext: A prior semgrep/offsec pass reported a "Critical hardcoded-crypto-key RCE" and the team wants it triaged before disclosure.\nuser: "The scanner flagged CWE-327 here as Critical. Confirm it before we file the report."\nassistant: "Before we publish a Critical, it must survive a refutation pass. I'll use the Task tool to launch the skeptical-auditor-teardown agent to try to DISPROVE the finding — checking reachability, real key material versus a test fixture, and whether the exploit preconditions are satisfiable."\n<commentary>\nClaimed vulnerability needs false-positive adjudication — delegate to skeptical-auditor-teardown.\n</commentary>\n</example>\n\nProactively suggest using this agent when:\n- Anyone asserts a control is "secure", "validated", "sanitized", "rate-limited", "encrypted", or "behind auth" without an evidence chain you can read\n- A scanner (semgrep/codeql/nuclei) emits a finding about to be reported as Critical/High that has not been independently reachability-proven\n- Two agents disagree on whether something is exploitable, or a finding needs a tie-break adjudication\n- AuthN, authZ, crypto, rate-limiting, or session/cookie code is touched and the diff claims to "fix" a security issue

Use this agent when the target's BUILD and DEPLOY pipeline — not its app logic — is the attack surface: CI/CD workflows, runners, package manifests, and container/IaC definitions that an outside contributor, a malicious dependency, or a hijacked name can reach. It treats GitHub Actions, GitLab CI, CircleCI, Jenkins, Buildkite, Dockerfiles, Helm/K8s, and Terraform as code an attacker controls via a pull request, a `postinstall` hook, or an unclaimed package name. It hunts Poisoned Pipeline Execution (PPE), command injection from untrusted `${{ github.event.* }}` interpolated into `run:`, secret exfiltration from runners, dependency/namespace confusion and typosquatting, and container-escape / over-privileged IaC sinks. Prefer this agent over a generic scanner when the question is "can a fork PR or a malicious package own our CI and steal our secrets or production credentials?" — it proves attacker-input -> dangerous-sink reachability, not pattern presence.\n\n<example>\nContext: A repo has GitHub Actions workflows triggered by pull_request_target and uses npm/pip with internal package names.\nuser: "Audit our CI for ways a forked PR could run code on our runners or leak the deploy token."\nassistant: "This is poisoned-pipeline and runner-secret-exfil territory. I'll use the Task tool to launch the supply-chain-saboteur agent to trace untrusted PR inputs into run: blocks and map which jobs hold secrets while executing checked-out PR code."\n<agent_launch>\nDelegating to supply-chain-saboteur: the question is whether an externally-triggerable SCM event reaches a secret-bearing run: sink — its core mission.\n</agent_launch>\n</example>\n\n<example>\nContext: A monorepo installs internal-named packages (@acme/*, acme-internal-utils) without pinning a private registry.\nuser: "Are we exposed to dependency confusion or a typosquat on our build?"\nassistant: "Classic namespace-confusion surface. I'll launch the supply-chain-saboteur agent to enumerate internal package names, check registry pinning and scope config, and find install-time code-exec hooks that would fire if the public name resolves first."\n<agent_launch>\nDelegating to supply-chain-saboteur for the CWE-1395 dependency/namespace-confusion audit and install-time exec sinks.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- The repo contains `.github/workflows/`, `.gitlab-ci.yml`, `Jenkinsfile`, `.circleci/`, or other CI definitions — especially with `pull_request_target`, `workflow_run`, `issue_comment`, `issues`, `discussion`, or `schedule` triggers.\n- Manifests reference internal/scoped package names without an enforced private registry or a hash-pinned lockfile.\n- Dockerfiles, `docker-compose`, Helm charts, K8s manifests, or Terraform/CloudFormation are present (privileged containers, hostPath/docker.sock mounts, wildcard IAM).\n- A workflow uses cloud OIDC (`configure-aws-credentials`, `role-to-assume`, `google-github-actions/auth`) or holds long-lived deploy secrets.\n- Someone asks "can a PR / a dependency / a runner compromise our secrets, our registry, or our prod environment?

Use this agent when the target is a LIVE, authorized host/URL/API and the job is to TAMPER with the whole running surface — every open port/service, every crawled page, every form and parameter, every API route and header — by sending real (rate-limited, non-destructive) HTTP/network requests and watching a behavioral oracle fire. This is the BREADTH operator: it enumerates the entire attack surface (scope-gated port/service sweep, full crawl, form/param/route extraction) and then runs every input through the complete mutation matrix — injection, type-juggling, boundary, method/verb swap, HTTP parameter pollution, header/cookie tamper, IDOR id-sweep, path traversal, SSRF callback — until a differential response, timing delta, reflected canary, error leak, out-of-band callback, or auth-state flip proves a bug. It drives the repo's own tooling (`python3 mantishack.py web --url`, the crawler/ffuf/fuzzer in `packages/web/`, the recon inventory in `packages/recon/`) plus raw `curl`/`httpie`/short `python3 -c` requests. Prefer this agent over a static code reader when the question is "what does the running app actually do when I bend every input on every endpoint?" — it proves findings with observed responses, never with a guess.\n\n<example>\nContext: User has an authorized staging URL and a set of API routes and wants the live surface bent end-to-end, not a source-code audit.\nuser: "Here's our staging API at https://staging.acme.test — we own it, in scope is *.staging.acme.test only. Crawl it and tamper every endpoint to see what breaks."\nassistant: "This is live breadth-tampering against an authorized host. I'll use the Task tool to launch the surface-tamper-operator agent to enumerate the whole surface (ports, pages, forms, params, routes) and run each input through the mutation matrix until an oracle fires — staying inside *.staging.acme.test and non-destructive."\n<agent_launch>\nDelegating to surface-tamper-operator: the user authorized a live host and wants every enumerated input bent through the full mutation matrix with a response-based oracle — its exact mission.\n</agent_launch>\n</example>\n\n<example>\nContext: User just shipped a new authenticated endpoint that takes an object id and wants to know if IDOR/SSRF/injection are reachable against the running service.\nuser: "GET /api/v2/invoices/{id} is live on our test box (test.acme.internal, authorized). Can someone read other tenants' invoices or make it fetch internal URLs?"\nassistant: "An id-bearing live route is prime tamper surface — IDOR id-sweep plus an SSRF callback probe on any url-shaped param. I'll launch the surface-tamper-operator agent to sweep the id space across two auth states and watch the status/length oracle, and to plant a defanged OOB canary on fetch params."\n<agent_launch>\nThe target is a live authorized endpoint with an id and likely server-side fetch — surface-tamper-operator drives the IDOR id-sweep and SSRF callback oracles against it.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- The target is a reachable URL/host/API the user states they own or are authorized to test (staging/test box, bug-bounty scope, internal asset) — not just a repo on disk.\n- The user says "crawl and test", "fuzz the endpoints", "hit every route", "tamper the params", "id-sweep for IDOR", "check for SSRF/injection live", or "what breaks when you bend the inputs".\n- A crawl/recon already produced a list of pages, forms, parameters, ports, or API routes that nobody has actively mutated yet.\n- New forms, query/body params, headers/cookies, file-upload fields, object-id routes, or server-side fetchers (link preview, webhook, avatar-from-URL) are exposed on a live endpoint.\n- The user wants breadth assurance — "nothing on the surface goes untested" — and a residual list of any input left untouched.

Use this agent when the user wants the target assessed not as a list of isolated bugs but as a single end-to-end intrusion — "if a real attacker wanted the crown jewels, what is the CHEAPEST path and what is the specific bug at each hop?" This agent adopts ONE concrete threat-actor profile (financially-motivated ransomware crew, nation-state APT, opportunistic bug-bounty hunter, or malicious insider) and builds the full kill chain: recon -> initial access -> privilege escalation -> lateral movement -> impact/exfil.\n\n<example>\nContext: User has a multi-service repo and wants to know the realistic worst-case intrusion, not a bug list.\nuser: "We passed our semgrep gate. But if a ransomware crew got in, how far could they actually get to our customer DB?"\nassistant: "This is a kill-chain question, not a single-bug scan. I'll use the Task tool to launch the threat-actor-wargame agent to adopt a ransomware-crew profile and trace the cheapest source->crown-jewel path hop by hop."\n<agent_launch>\nThe user is asking for an end-to-end attacker path against a defined crown jewel, which is exactly this agent's mission.\n</agent_launch>\n</example>\n\n<example>\nContext: User just wired an internal admin service to an SSRF-prone fetcher and wants the chained impact.\nuser: "Here's our new link-preview endpoint that fetches user-supplied URLs and we run it on the same box as the metadata service."\n<code_snippet>\ndef preview(url):\n return requests.get(url, timeout=5).text\n</code_snippet>\nassistant: "An SSRF that lands next to a cloud metadata service is a classic first hop, not an isolated finding. I'll launch the threat-actor-wargame agent to model how an attacker pivots from this SSRF to credential theft and lateral movement."\n<agent_launch>\nThe code introduces a kill-chain pivot point (SSRF -> IMDS -> creds -> lateral), so I'm delegating to threat-actor-wargame to build the full chain.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- The user asks "how would a real attacker get in / get to X" or names a crown jewel (customer DB, signing keys, prod creds)\n- A baseline scanner (semgrep/codeql) produced findings but no one has chained them into an attack path\n- New auth, SSRF-capable fetchers, deserialization, or credential-handling code is added\n- The user mentions ransomware, APT, insider threat, blast radius, or "worst case"\n- Multiple services share a trust boundary, secret, or network and the lateral-movement risk is unclear

Use this agent when the user needs forward-looking, anticipatory threat modeling — projecting the attack techniques of the next 12-18 months against a target's CURRENT defenses, rather than re-confirming today's known bugs. It asks "what new attacker capability lands soon, and what here breaks the day it does?" Focus areas are emerging deserialization/gadget chains (CWE-502), HTTP/2/HTTP/3 parser-differential & request-smuggling desync (CWE-444, CWE-436), dependency-confusion & build-system/CI supply-chain attacks (CWE-829, CWE-1357), and the LLM/prompt-injection + tool-abuse surface (CWE-1427, CWE-94) — the last especially relevant when the target is itself an AI application.\n\n<example>\nContext: User maintains a Node/Go service behind a CDN and wants to know what's coming, not just what's broken today.\nuser: "Semgrep and CodeQL are clean on our gateway. What emerging attacks would actually break us in the next year?"\nassistant: "I'll use the Task tool to launch the threat-landscape-shift agent to project next-wave techniques — HTTP/2-to-HTTP/1.1 downgrade desync, dependency-confusion in the build, and any LLM tool-call surface — against your current config and prove which of them are reachable in this code."\n<agent_launch>\nThe user explicitly wants anticipatory threat projection over a known-clean baseline. Delegating to threat-landscape-shift.\n</agent_launch>\n</example>\n\n<example>\nContext: User is shipping an AI agent product that calls internal tools and renders model output in a webview.\nuser: "We built an LLM agent that can browse, summarize tickets, and call our internal admin API. Is this design going to age badly?"\nassistant: "Let me launch the threat-landscape-shift agent via the Task tool. It hand-builds the taint chain from untrusted content (page, ticket, RAG doc) into the model and out to a privileged tool call, then proves whether that path is reachable here — the CWE-1427/CWE-829 surface SAST structurally cannot see."\n<agent_launch>\nAI-agent product with tool access and untrusted-content ingestion is the exact prompt-injection-to-tool-abuse surface this agent specializes in. Delegating.\n</agent_launch>\n</example>\n\nProactively suggest using this agent when:\n- A baseline semgrep/codeql/SCA pass came back clean but the user wants to know what's NEXT\n- The target ingests untrusted content into an LLM, or an LLM's output reaches a tool/shell/SQL/HTTP/file sink (AI agents, RAG, copilots)\n- The service sits behind a CDN/reverse-proxy/load-balancer chain (HTTP/2, HTTP/3, multiple parsers in series)\n- A new lockfile, private-registry config, CI/CD pipeline, or postinstall/prepare script is added or changed\n- The app deserializes data (Jackson polymorphic, SnakeYAML, ObjectInputStream, Python pickle/PyYAML, .NET BinaryFormatter/TypeNameHandling, Ruby Marshal, Node node-serialize)\n- The app renders responses in iframes/webviews or relies on X-Frame-Options / frame-ancestors for safety

Adversarial business-logic abuse hunter for the MANTISHACK pack. Attacks the MONEY-AND-STATE arithmetic a codebase forgot to constrain, not memory-safety or injection — negative/overflow quantities and prices, coupon/referral/loyalty/gift-card stacking, client-trusted cart/price tampering, free-trial and signup re-abuse, refund double-dips, skip-payment-step and out-of-order checkout/KYC transitions, and quota/rate-limit evasion. These are the highest-value, lowest-false-positive bugs a semgrep/CodeQL pass structurally cannot find: the flaw is a missing economic invariant spread across several handlers, not a tainted character reaching a sink. Maps to the MANTISHACK 'Pricing Pressure Test' war-game and runs on the `redteam-hunting` loop-until-converged engine. Primary CWEs: CWE-840 (business logic errors), CWE-841 (improper enforcement of behavioral workflow / bad sequencing), CWE-770 (allocation of resources without limits / quota), CWE-639 (authorization bypass through user-controlled key — ownership / IDOR), CWE-20 (improper input validation). Use this agent the moment a flow reads price/amount/quantity/coupon/points from a request and moves it toward a charge, ledger, refund, fulfillment, or quota grant.\n<example>\nContext: An e-commerce checkout takes a cart payload and trusts the unit_price the SPA sends.\nuser: "Our checkout takes a cart with line items and we trust the unit_price the frontend sends so the page stays fast. Is that ok?"\nassistant: "Client-sent price with no server-side re-derivation is the canonical cart-tampering bug, and it pairs with negative-quantity to mint money — both invisible to semgrep. Launching the workflow-abuse-economist to prove the server never re-prices the cart from its own catalog and that a negative or overflowing quantity drives the order total below zero into a refund/credit."\n<agent_launch>Task(subagent_type="workflow-abuse-economist", description="Cart tamper + negative-qty money-out", prompt="Red-team the checkout: prove whether unit_price/currency/tier are taken from the request instead of re-derived server-side from the catalog by product_id, and whether quantity/price/total lack a >0 / >=0 / floor-at-0 guard on the path to the charge or refund ledger. Trace each abuse source->missing-invariant->payout sink. Output findings in the standard format.")</agent_launch>\n</example>\n<example>\nContext: The user just shipped a promo-code endpoint and a referral bonus.\nuser: "Here's apply_coupon: order.total -= coupon.amount; order.save() — and new users get a $20 referral credit."\nassistant: "Subtracting a coupon with no floor, no single-use lock, and no stacking guard lets the same code apply N times or stack with the referral credit until total goes negative — a self-funding payout. Launching workflow-abuse-economist to enumerate every discount that mutates the same total, prove idempotency/atomicity is missing, and check whether stacked credits drive total below zero."\n<agent_launch>Task(subagent_type="workflow-abuse-economist", description="Coupon stacking + referral re-abuse", prompt="Red-team apply_coupon and the referral grant: find every site mutating the same total/balance via a code or credit; prove the absence of a single-use lock (DB unique / atomically-set redeemed flag), per-account cap, mutual-exclusivity, and a max(0,total) floor; test concurrent double-redemption (TOCTOU) and referral self-loop via email alias. Trace each to a payable-to-attacker balance. Output findings in the standard format.")</agent_launch>\n</example>\nProactively suggest using this agent when:\n- Any handler reads `price`, `amount`, `quantity`, `qty`, `total`, `discount`, `points`, or `balance` from the request body and writes it toward a charge, ledger, refund, or fulfillment.\n- Coupon / promo / gift-card / referral / loyalty / store-credit logic exists, especially anything that SUBTRACTS from a total or ADDS a credit.\n- A checkout / subscription / KYC / onboarding flow has multiple ordered steps (cart -> pay -> fulfill, or verify -> approve -> payout) and a later step is reachable without the earlier one.\n- Refund, cancellation, chargeback, or "revert" paths touch money or inventory; a payment webhook mutates order state.\n- Free trials, signup bonuses, "first order" pricing, or per-account quotas exist (re-abuse via fresh, deleted-then-recreated, or email-alias accounts).\n- The user mentions race conditions on balance, "double spend", rate limits, idempotency keys, or webhook-driven order state.

Designs feature architectures by analyzing existing codebase patterns and conventions, then providing comprehensive implementation blueprints with specific files to create/modify, component designs, data flows, and build sequences

Deeply analyzes existing codebase features by tracing execution paths, mapping architecture layers, understanding patterns and abstractions, and documenting dependencies to inform new development

Code review a pull request

Simplifies and refines code for clarity, consistency, and maintainability while preserving all functionality. Focuses on recently modified code unless instructed otherwise.

Use this agent when you need to perform manual quality assurance testing through browser interactions. This agent uses MCP Playwright tools to navigate websites, interact with UI elements, verify functionality, and validate user flows as a human tester would. Perfect for testing new features, regression testing, validating bug fixes, or exploring application behavior. Examples:\n\n<example>\nContext: The user has just implemented a new login feature and wants to test it.\nuser: "I've added a new login form, can you test if it works correctly?"\nassistant: "I'll use the qa-manual-tester agent to test the login functionality through the browser."\n<commentary>\nSince the user needs manual testing of a new feature, use the Task tool to launch the qa-manual-tester agent to interact with the browser and verify the login flow.\n</commentary>\n</example>\n\n<example>\nContext: The user wants to verify that a bug fix is working properly.\nuser: "I fixed the issue where the submit button wasn't working on mobile view. Can you verify?"\nassistant: "Let me launch the qa-manual-tester agent to verify the submit button works correctly in mobile view."\n<commentary>\nThe user needs manual verification of a bug fix, so use the qa-manual-tester agent to test the specific functionality through browser interaction.\n</commentary>\n</example>\n\n<example>\nContext: The user wants to perform regression testing after code changes.\nuser: "I've refactored the checkout flow. Please test that everything still works."\nassistant: "I'll use the qa-manual-tester agent to perform comprehensive testing of the checkout flow."\n<commentary>\nSince the user needs regression testing after refactoring, use the qa-manual-tester agent to manually test the entire checkout flow.\n</commentary>\n</example>

|

|

|

|

|

|

|

>-

>-

Use this agent when you need comprehensive code review and quality assessment. This includes: after implementing new features or refactoring existing code, before merging pull requests or deploying to production, when investigating code quality issues or technical debt, when you need security vulnerability assessment, or when optimizing performance bottlenecks. Examples:\n\n<example>\nContext: The user has just implemented a new API endpoint and wants to ensure code quality.\nuser: "I've finished implementing the user authentication endpoint"\nassistant: "I'll review the authentication endpoint implementation for code quality and security."\n<commentary>\nSince new code has been written, use the Task tool to launch the code-reviewer agent to perform comprehensive quality assessment.\n</commentary>\nassistant: "Let me use the code-reviewer agent to analyze the recent changes"\n</example>\n\n<example>\nContext: The user wants to check recent code changes for potential issues.\nuser: "Can you review the changes I just made to the database service?"\nassistant: "I'll launch the code-reviewer agent to analyze the database service changes."\n<commentary>\nThe user explicitly asks for code review, so use the code-reviewer agent to assess the recent modifications.\n</commentary>\n</example>\n\n<example>\nContext: After refactoring, proactive code review is needed.\nuser: "I've refactored the WebSocket handler to improve performance"\nassistant: "Good work on the refactoring. Let me review it for quality and performance."\n<commentary>\nAfter refactoring work, proactively use the code-reviewer agent to ensure quality standards are met.\n</commentary>\nassistant: "I'll use the code-reviewer agent to validate the refactored WebSocket handler"\n</example>

Use this agent when you need to create high-converting, engagement-driven copy for marketing materials, social media posts, landing pages, email campaigns, product descriptions, or any content that needs to capture attention and drive action. Examples:\n\n<example>\nContext: User is launching a new product feature and needs compelling copy for the landing page hero section.\nuser: "We just added a new AI-powered code review feature. Can you write a hero headline and subheadline for the landing page?"\nassistant: "I'm going to use the Task tool to launch the copywriter agent to create compelling hero copy that stops visitors and drives conversions."\n<commentary>\nThe user needs marketing copy that converts, so delegate to copywriter agent to craft attention-grabbing headlines.\n</commentary>\n</example>\n\n<example>\nContext: User wants to announce a product update on Twitter/X to maximize engagement.\nuser: "We just shipped GitHub auto-invites for ClaudeKit. Need a tweet that'll get people excited."\nassistant: "Let me use the copywriter agent to craft a viral-worthy tweet that captures attention and drives engagement."\n<commentary>\nSocial media announcement requires viral copywriting expertise, so use the copywriter agent.\n</commentary>\n</example>\n\n<example>\nContext: User is reviewing marketing materials and the agent proactively identifies weak copy.\nuser: "Here's our new pricing page draft"\nassistant: "I notice the headline 'Our Pricing Plans' could be more compelling. Let me use the copywriter agent to suggest alternatives that drive conversions."\n<commentary>\nProactively identify opportunities to improve copy and suggest using copywriter agent.\n</commentary>\n</example>\n\n<example>\nContext: User needs email subject lines that increase open rates.\nuser: "Write subject lines for our product launch email campaign"\nassistant: "I'm delegating to the copywriter agent to create high-open-rate subject lines that cut through inbox noise."\n<commentary>\nEmail marketing requires conversion-focused copy, so use copywriter agent.\n</commentary>\n</example>

Use this agent when you need to work with database systems, including querying for data analysis, diagnosing performance bottlenecks, optimizing database structures, managing indexes, implementing backup and restore strategies, setting up replication, configuring monitoring, managing user permissions, or when you need comprehensive database health assessments and optimization recommendations. This agent should be engaged for any database-related tasks that require deep technical expertise in database administration and optimization.\n\nExamples:\n<example>\nContext: The user needs to analyze database performance issues after noticing slow query times.\nuser: "The application is running slowly, I think there might be database issues"\nassistant: "I'll use the database-admin agent to analyze the database performance and identify any bottlenecks."\n<commentary>\nSince the user is experiencing performance issues potentially related to the database, use the Task tool to launch the database-admin agent to diagnose and provide optimization recommendations.\n</commentary>\n</example>\n<example>\nContext: The user needs to set up a backup strategy for their production database.\nuser: "We need to implement a reliable backup strategy for our PostgreSQL database"\nassistant: "Let me engage the database-admin agent to design and implement a comprehensive backup and restore strategy."\n<commentary>\nThe user needs database backup expertise, so use the Task tool to launch the database-admin agent to handle this specialized database administration task.\n</commentary>\n</example>\n<example>\nContext: During code implementation, the developer needs to optimize database queries and table structures.\nuser: "I've implemented the new feature but the queries seem slow"\nassistant: "I'll delegate this to the database-admin agent to analyze the queries and optimize the database structure."\n<commentary>\nQuery optimization requires database expertise, so use the Task tool to launch the database-admin agent to analyze and optimize the database performance.\n</commentary>\n</example>

Use this agent when you need to investigate issues, analyze system behavior, diagnose performance problems, examine database structures, collect and analyze logs from servers or CI/CD pipelines, run tests for debugging purposes, or optimize system performance. This includes troubleshooting errors, identifying bottlenecks, analyzing failed deployments, investigating test failures, and creating diagnostic reports. Examples:\n\n<example>\nContext: The user needs to investigate why an API endpoint is returning 500 errors.\nuser: "The /api/users endpoint is throwing 500 errors"\nassistant: "I'll use the debugger agent to investigate this issue"\n<commentary>\nSince this involves investigating an issue, use the Task tool to launch the debugger agent.\n</commentary>\n</example>\n\n<example>\nContext: The user wants to analyze why the CI/CD pipeline is failing.\nuser: "The GitHub Actions workflow keeps failing on the test step"\nassistant: "Let me use the debugger agent to analyze the CI/CD pipeline logs and identify the issue"\n<commentary>\nThis requires analyzing CI/CD logs and test failures, so use the debugger agent.\n</commentary>\n</example>\n\n<example>\nContext: The user notices performance degradation in the application.\nuser: "The application response times have increased by 300% since yesterday"\nassistant: "I'll launch the debugger agent to analyze system behavior and identify performance bottlenecks"\n<commentary>\nPerformance analysis and bottleneck identification requires the debugger agent.\n</commentary>\n</example>

Use this agent when you need to manage technical documentation, establish implementation standards, analyze and update existing documentation based on code changes, write or update Product Development Requirements (PDRs), organize documentation for developer productivity, or produce documentation summary reports. This includes tasks like reviewing documentation structure, ensuring docs are up-to-date with codebase changes, creating new documentation for features, and maintaining consistency across all technical documentation.\n\nExamples:\n- <example>\n Context: After implementing a new API endpoint, documentation needs to be updated.\n user: "I just added a new authentication endpoint to the API"\n assistant: "I'll use the docs-manager agent to update the documentation for this new endpoint"\n <commentary>\n Since new code has been added, use the docs-manager agent to ensure documentation is updated accordingly.\n </commentary>\n</example>\n- <example>\n Context: Project documentation needs review and organization.\n user: "Can you review our docs folder and make sure everything is properly organized?"\n assistant: "I'll launch the docs-manager agent to analyze and organize the documentation"\n <commentary>\n The user is asking for documentation review and organization, which is the docs-manager agent's specialty.\n </commentary>\n</example>\n- <example>\n Context: Need to establish coding standards documentation.\n user: "We need to document our error handling patterns and codebase structure standards"\n assistant: "Let me use the docs-manager agent to establish and document these implementation standards"\n <commentary>\n Creating implementation standards documentation is a core responsibility of the docs-manager agent.\n </commentary>\n</example>

Use this agent when you need to stage, commit, and push code changes to the current git branch while ensuring security and professional commit standards. Examples: <example>Context: User has finished implementing a new feature and wants to commit their changes. user: 'I've finished implementing the user authentication feature. Can you commit and push these changes?' assistant: 'I'll use the git-manager agent to safely stage, commit, and push your authentication feature changes with a proper conventional commit message.' <commentary>The user wants to commit completed work, so use the git-manager agent to handle the git operations safely.</commentary></example> <example>Context: User has made bug fixes and wants them committed. user: 'Fixed the database connection timeout issue. Please commit this.' assistant: 'Let me use the git-manager agent to commit your database timeout fix with appropriate commit formatting.' <commentary>User has completed a bug fix and needs it committed, so delegate to the git-manager agent.</commentary></example>

Use this agent when:\n- A test suite fails repeatedly despite multiple fix attempts\n- A critical bug is discovered in production or staging\n- An implementation approach proves fundamentally flawed and requires complete redesign\n- External dependencies (APIs, services, libraries) cause blocking issues\n- Performance bottlenecks are discovered that significantly impact user experience\n- Security vulnerabilities are identified\n- Database migrations fail or cause data integrity issues\n- CI/CD pipelines break unexpectedly\n- Integration conflicts arise between major system components\n- Technical debt reaches a critical threshold requiring immediate attention\n- A feature implementation takes significantly longer than estimated\n- Architectural decisions prove problematic in practice\n\nExamples:\n<example>\nContext: After implementing a new payment webhook handler, tests are failing with intermittent database connection errors.\nuser: "The Sepay webhook tests keep failing with connection timeouts. I've tried increasing the pool size and timeout values but it's still happening randomly."\nassistant: "This sounds like a significant technical difficulty that should be documented. Let me use the journal-writer agent to capture this issue with full context and emotional honesty."\n<uses Task tool to launch journal-writer agent>\n</example>\n\n<example>\nContext: A critical security vulnerability was discovered in the GitHub access management system.\nuser: "We just realized that the GitHub invitation system doesn't properly validate user permissions before granting repository access. This could allow unauthorized users to access private repos."\nassistant: "This is a critical security issue that needs immediate documentation. I'm going to use the journal-writer agent to record this vulnerability, the emotional impact, and the urgency of the situation."\n<uses Task tool to launch journal-writer agent>\n</example>\n\n<example>\nContext: A major refactoring effort failed and needs to be rolled back.\nuser: "The database schema migration we planned completely broke the order processing system. We need to roll back and rethink our approach."\nassistant: "This is a significant setback that should be documented honestly. Let me use the journal-writer agent to capture what went wrong, why it failed, and the emotional toll of this failure."\n<uses Task tool to launch journal-writer agent>\n</example>

Use this agent when you need to research, analyze, and create comprehensive implementation plans for new features, system architectures, or complex technical solutions. This agent should be invoked before starting any significant implementation work, when evaluating technical trade-offs, or when you need to understand the best approach for solving a problem. Examples: <example>Context: User needs to implement a new authentication system. user: 'I need to add OAuth2 authentication to our app' assistant: 'I'll use the planner agent to research OAuth2 implementations and create a detailed plan' <commentary>Since this is a complex feature requiring research and planning, use the Task tool to launch the planner agent.</commentary></example> <example>Context: User wants to refactor the database layer. user: 'We need to migrate from SQLite to PostgreSQL' assistant: 'Let me invoke the planner agent to analyze the migration requirements and create a comprehensive plan' <commentary>Database migration requires careful planning, so use the planner agent to research and plan the approach.</commentary></example> <example>Context: User reports performance issues. user: 'The app is running slowly on older devices' assistant: 'I'll use the planner agent to investigate performance optimization strategies and create an implementation plan' <commentary>Performance optimization needs research and planning, so delegate to the planner agent.</commentary></example>

Use this agent when you need comprehensive project oversight and coordination. Examples: <example>Context: User has completed a major feature implementation and needs to track progress against the implementation plan. user: 'I just finished implementing the WebSocket terminal communication feature. Can you check our progress and update the plan?' assistant: 'I'll use the project-manager agent to analyze the implementation against our plan, track progress, and provide a comprehensive status report.' <commentary>Since the user needs project oversight and progress tracking against implementation plans, use the project-manager agent to analyze completeness and update plans.</commentary></example> <example>Context: Multiple agents have completed various tasks and the user needs a consolidated view of project status. user: 'The backend-developer and tester agents have finished their work. What's our overall project status?' assistant: 'Let me use the project-manager agent to collect all implementation reports, analyze task completeness, and provide a detailed summary of achievements and next steps.' <commentary>Since multiple agents have completed work and comprehensive project analysis is needed, use the project-manager agent to consolidate reports and track progress.</commentary></example>

Use this agent when you need to conduct comprehensive research on software development topics, including investigating new technologies, finding documentation, exploring best practices, or gathering information about plugins, packages, and open source projects. This agent excels at synthesizing information from multiple sources including Google searches, website content, YouTube videos, and technical documentation to produce detailed research reports. <example>Context: The user needs to research a new technology stack for their project. user: "I need to understand the latest developments in React Server Components and best practices for implementation" assistant: "I'll use the researcher agent to conduct comprehensive research on React Server Components, including latest updates, best practices, and implementation guides." <commentary>Since the user needs in-depth research on a technical topic, use the Task tool to launch the researcher agent to gather information from multiple sources and create a detailed report.</commentary></example> <example>Context: The user wants to find the best authentication libraries for their Flutter app. user: "Research the top authentication solutions for Flutter apps with biometric support" assistant: "Let me deploy the researcher agent to investigate authentication libraries for Flutter with biometric capabilities." <commentary>The user needs research on specific technical requirements, so use the researcher agent to search for relevant packages, documentation, and implementation examples.</commentary></example> <example>Context: The user needs to understand security best practices for API development. user: "What are the current best practices for securing REST APIs in 2024?" assistant: "I'll engage the researcher agent to research current API security best practices and compile a comprehensive report." <commentary>This requires thorough research on security practices, so use the researcher agent to gather information from authoritative sources and create a detailed summary.</commentary></example>

Use this agent when you need to validate code quality through testing, including running unit and integration tests, analyzing test coverage, validating error handling, checking performance requirements, or verifying build processes. This agent should be called after implementing new features or making significant code changes to ensure everything works as expected. Examples:\n\n<example>\nContext: The user has just finished implementing a new API endpoint and wants to ensure it works correctly.\nuser: "I've implemented the new user authentication endpoint"\nassistant: "Great! Now let me use the tester agent to run the test suite and validate the implementation"\n<commentary>\nSince new code has been written, use the Task tool to launch the tester agent to run tests and ensure everything works properly.\n</commentary>\n</example>\n\n<example>\nContext: The user wants to check test coverage after adding new features.\nuser: "Can you check if our test coverage is still above 80%?"\nassistant: "I'll use the tester agent to analyze the current test coverage and provide a detailed report"\n<commentary>\nThe user is asking about test coverage metrics, so use the tester agent to run coverage analysis.\n</commentary>\n</example>\n\n<example>\nContext: After fixing a bug, ensuring the fix doesn't break existing functionality.\nuser: "I've fixed the database connection issue in the auth module"\nassistant: "Let me use the tester agent to run the test suite and ensure the fix doesn't introduce any regressions"\n<commentary>\nAfter bug fixes, use the tester agent to validate that existing tests still pass.\n</commentary>\n</example>

Use this agent when the user needs UI/UX design work including interface designs, wireframes, design systems, user research, responsive layouts, animations, or design documentation. Examples:\n\n<example>\nContext: User wants to create a new landing page design\nuser: "I need a modern landing page design for our SaaS product with a hero section, features, and pricing"\nassistant: "I'll use the Task tool to launch the ui-ux-designer agent to create a comprehensive landing page design with wireframes and implementation."\n<commentary>The user is requesting UI/UX design work, so delegate to the ui-ux-designer agent to handle the complete design process including research, wireframing, and implementation.</commentary>\n</example>\n\n<example>\nContext: User has implemented a new feature and wants design review\nuser: "I've added a new dashboard widget, can you review the design?"\nassistant: "Let me first capture the current UI and then use the ui-ux-designer agent to analyze and provide design recommendations."\n<commentary>Use screenshot tool to capture current state, then delegate to ui-ux-designer for expert design analysis and suggestions.</commentary>\n</example>\n\n<example>\nContext: User mentions design inconsistencies\nuser: "The buttons across different pages look inconsistent"\nassistant: "I'll use the ui-ux-designer agent to audit the design system and create consistent button components."\n<commentary>Design system work requires the ui-ux-designer agent to analyze, document, and implement consistent design patterns.</commentary>\n</example>\n\n<example>\nContext: Proactive design optimization opportunity\nuser: "Here's the new signup form I just built"\nassistant: "Great! Let me use the ui-ux-designer agent to review the form design for accessibility, user experience, and mobile responsiveness."\n<commentary>Even without explicit request, proactively use ui-ux-designer to ensure design quality and best practices.</commentary>\n</example>

|

>-

>-

>-

>-

>-

>-

Strategic marketing advisor for CMOs covering marketing strategy, campaign management, brand development, and growth optimization

Design leadership advisor for Design Leads managing design systems, UX quality, accessibility compliance, and design operations

Growth leadership advisor for Growth Leads managing acquisition funnels, activation optimization, retention strategy, and pricing experimentation

Data protection and privacy compliance advisor for DPOs and Privacy Officers covering GDPR, CCPA, EU AI Act, and data security