patriotforge

Designs API contracts — Pydantic request/response schemas, endpoint signatures, middleware configuration, pagination, error responses, integration contracts. Use for API design and schema work.

Implements Python backend code — FastAPI routers, SQLAlchemy models, Pydantic schemas, service functions, dependency injection. Use for any backend implementation task.

Reviews code for quality, conventions, and correctness — PR reviews, convention compliance, test coverage analysis, type safety, silent failure detection. Use proactively after code changes.

Designs and implements database changes — SQLAlchemy models, Alembic migrations, schema design, constraints, indexes, cross-dialect compatibility. Use for any database or migration work.

Implements React/TypeScript frontend code — components, pages, API clients, routing, state management, form logic. Use for any frontend implementation task.

Manages git workflow and GitHub operations — branch management, PR creation/review, CI monitoring, issue tracking, merge operations. Use for any git or GitHub task.

Autonomous development orchestrator. Reads plan documents, breaks phases into mini-phases, dispatches specialized agents, manages PRs with automated review, and obtains human approval before merging. NEVER writes implementation code.

Deep analysis and architecture planning agent. Synthesizes scout findings into phased implementation plans with specific files, components, data flows, and build sequences. PatriotForge-aware.

Manages deployment and infrastructure — Dockerfiles, Railway configuration, CI/CD pipelines, database migrations, environment variables, production debugging. Use for any deployment or infrastructure work.

Fast investigative agent for codebase recon, server inspection, Railway status, and web research. Cheap and parallel — use multiple scouts to cover different areas simultaneously.

Reviews code for security vulnerabilities — authentication flaws, injection attacks, secrets exposure, payment security, webhook validation, CSRF/CORS issues. Use proactively after security-sensitive changes.

Writes tests and fixtures — pytest-asyncio tests, test data, conftest helpers, coverage verification. Use for any testing task. Tests first, implementation follows.

Implements UI components and visual design — Tailwind CSS styling, component composition, responsive layouts, status badges, color systems, design tokens. Use for visual implementation and styling work.

Analyzes and improves user experience — user flows, accessibility, interaction patterns, form usability, navigation design, error states, loading states. Use for UX analysis, audits, and improvements.

Use when designing REST endpoints, defining Pydantic request/response schemas, configuring middleware, or planning integration contracts with external services.

Use when writing Python backend code — FastAPI routers, SQLAlchemy models, Pydantic schemas, service functions, dependency injection, or app configuration.

Use when reviewing code changes, pull requests, or auditing existing code for compliance with PatriotForge conventions, security rules, and quality standards.

Use when creating database models, writing migrations, designing schemas, or working with PostgreSQL queries — table naming, data types, constraints, and Alembic workflows.

Use when something is broken in production or behaving unexpectedly. Dispatches scouts to check server logs, container status, database state, Railway health, and recent deploys in parallel.

Use when deploying, configuring CI/CD pipelines, writing Dockerfiles, running database migrations, bumping versions, or managing the release workflow.

Use when writing React/TypeScript frontend code — components, pages, routing, styling, layout patterns, or UI primitives.

Use to investigate and plan a feature, bug fix, or architectural change. Dispatches fast scouts (haiku) for recon, then planners (sonnet) for architecture. Searches codebase, server, Railway, and web.

Use to live-test the PatriotForge app with Playwright MCP. Walks through user flows, catches console errors, network failures, broken UI, and logs bugs found with steps to reproduce.

Use when writing or reviewing security-sensitive code — authentication, payments, webhooks, input validation, secrets management, CORS/CSRF, file uploads, or audit logging.

Use after finishing implementation to commit, run a multi-agent review swarm (security, lint, bandit, trivy, pip-audit, tests, code review), auto-fix all new issues, and merge when clean.

Use when writing tests, setting up test fixtures, mocking dependencies, or following test-driven development — pytest-asyncio, fakeredis, httpx, and test organization patterns.