dev-agents

Use this agent when reviewing pull requests, evaluating code quality, or identifying code smells and technical debt.

Use this agent when designing database schemas, optimizing queries, creating migrations, or troubleshooting EF Core performance.

Use this agent when establishing design systems, creating style guides, defining design tokens, or auditing accessibility. For building UI prototypes, use html-prototyper instead.

Use this agent when working with Docker, docker-compose, nginx, SSL certificates, systemd services, GitHub Actions CI/CD, .NET publish profiles, or VPS deployment workflows. Examples: <example> Context: User needs to containerize their .NET application user: "Create a multi-stage Dockerfile for our Blazor app" assistant: "I'll use the devops-specialist to build an optimized multi-stage Dockerfile with proper layer caching." <commentary> Docker multi-stage builds for .NET are this agent's core capability. </commentary> </example> <example> Context: User needs to set up CI/CD user: "Set up a GitHub Actions workflow to build, test, and deploy to our VPS" assistant: "I'll use the devops-specialist to create the CI/CD pipeline with build, test, and SSH deploy steps." <commentary> GitHub Actions workflows for .NET deployment are within scope. </commentary> </example> <example> Context: User needs reverse proxy configuration user: "Configure nginx as a reverse proxy for our Kestrel app with SSL" assistant: "I'll use the devops-specialist to set up the nginx reverse proxy with Let's Encrypt SSL termination." <commentary> Nginx reverse proxy with SSL is a core deployment capability. </commentary> </example>

Use this agent when creating or updating technical documentation, specifications, or API docs.

Use this agent for quick, small-scope fixes in .NET projects — typos, config tweaks, single-file bug fixes. For multi-file features, use dotnet-specialist instead. <example> Context: User found a small bug in a single method user: "Fix the null reference in OrderService.GetById" assistant: "I'll use the dotnet-fixer for this targeted single-file bug fix." <commentary> Single-method bug fix is a small-scope task ideal for the fixer, not the specialist. </commentary> </example>

Use this agent when implementing .NET features, building service layers, creating Blazor components, or writing backend code spanning multiple files. For single-file fixes, use dotnet-fixer instead. <example> Context: User needs a new feature implemented user: "Implement the order management CRUD operations" assistant: "I'll use the dotnet-specialist to build the service layer, repository, and Blazor components for order management." <commentary> Multi-file .NET implementation requiring services, DTOs, and UI components — too broad for dotnet-fixer. </commentary> </example>

Use this agent when converting implementation plans into GitHub issues, managing GitHub Projects, or organizing development workflows.

Use this agent when creating HTML/CSS/JS prototypes, building interactive UI mockups, or designing page layouts.

Use this agent for lightweight legal compliance review — privacy policies, terms of service, data handling patterns, open source licensing, cookie/session storage, and regulatory gap identification. Read-only and non-advisory. Examples: <example> Context: User needs their privacy policy reviewed user: "Review our privacy policy for GDPR compliance gaps" assistant: "I'll use the legal-reviewer to identify missing sections, stale dates, and GDPR-specific gaps in the privacy policy." <commentary> Privacy policy gap identification is this agent's core capability. </commentary> </example> <example> Context: User wants to check dependency licenses user: "Check if any of our NuGet dependencies have GPL licenses" assistant: "I'll use the legal-reviewer to scan dependency licenses for GPL contamination and attribution requirements." <commentary> Open source license compatibility checking is within scope. </commentary> </example> <example> Context: User is handling personal data user: "Review our user data handling for privacy red flags" assistant: "I'll use the legal-reviewer to check PII storage patterns, consent flows, retention policies, and data residency concerns." <commentary> Data handling review and privacy red flags are a core capability. </commentary> </example>

Use this agent when creating or reviewing public-facing content — READMEs, landing page copy, changelogs, release announcements, feature messaging, or competitive positioning. Enforces brand voice and verifies feature claims against the actual codebase. Examples: <example> Context: User needs a README rewrite user: "Rewrite our README to better sell the product" assistant: "I'll use the marketing agent to craft a compelling README that aligns with brand voice and verifies all feature claims against the codebase." <commentary> README copywriting with accuracy verification is this agent's core capability. </commentary> </example> <example> Context: User is preparing a release user: "Write release notes for v2.3" assistant: "I'll use the marketing agent to draft release notes highlighting key changes with appropriate messaging for the target audience." <commentary> Release announcements and changelogs are within scope. </commentary> </example> <example> Context: User wants to audit existing marketing content user: "Check our landing page copy for stale claims and broken links" assistant: "I'll use the marketing agent to audit the content for accuracy, freshness, and link validity." <commentary> Asset auditing — screenshot freshness, link validation, stale references — is a core capability. </commentary> </example>

Use this agent when profiling performance, optimizing slow queries, tuning .NET runtime behavior, or load testing. Handles Postgres query optimization, .NET profiling, EF Core performance, Blazor render performance, Docker resource constraints, and load testing. Examples: <example> Context: User has a slow database query user: "This query is taking 3 seconds, can you figure out why?" assistant: "I'll use the performance-analyst to run EXPLAIN ANALYZE and identify the bottleneck." <commentary> Query performance diagnosis with EXPLAIN ANALYZE is this agent's core capability. Note: "this query is slow" = performance-analyst, "write the query" = database-specialist. </commentary> </example> <example> Context: User wants to profile their .NET application user: "Our API response times are degrading under load" assistant: "I'll use the performance-analyst to profile with dotnet-counters and identify the bottleneck." <commentary> .NET runtime profiling and diagnostics are within scope. </commentary> </example> <example> Context: User wants to load test before release user: "Set up a load test to simulate 500 concurrent users" assistant: "I'll use the performance-analyst to create a k6 or NBomber load test script targeting the critical endpoints." <commentary> Load testing setup and analysis is a core capability. </commentary> </example>

Use this agent when hardening infrastructure or application security — Docker security, nginx headers, SSH/firewall rules, Postgres access control, .NET API rate limiting, dependency scanning, or secrets management. Examples: <example> Context: User needs to secure their Docker deployment user: "Audit our Docker setup for security issues" assistant: "I'll use the security-hardener to review the Docker configuration for non-root users, secret exposure, and image vulnerabilities." <commentary> Docker security auditing is this agent's core capability. </commentary> </example> <example> Context: User needs to lock down server access user: "Set up ufw and fail2ban on our VPS" assistant: "I'll use the security-hardener to configure firewall rules and brute-force protection." <commentary> SSH and firewall hardening are within scope. </commentary> </example> <example> Context: User needs Postgres security review user: "Review our pg_hba.conf and set up SSL for database connections" assistant: "I'll use the security-hardener to harden Postgres authentication and enable SSL connections." <commentary> Postgres security configuration (pg_hba.conf, SSL, RLS) is a core capability. </commentary> </example>

Use this agent for application-level security review — auth flows, RBAC/authorization design, session management, MFA patterns, audit log completeness, and OWASP Top 10 in application code. Complements security-hardener (infra) and blazor skill (Blazor-specific). Read-only review, does not implement fixes. Examples: <example> Context: User wants auth flow reviewed user: "Review our JWT authentication and refresh token implementation" assistant: "I'll use the security-reviewer to evaluate token lifetime, rotation, storage, and revocation patterns." <commentary> Auth flow review including JWT and refresh token patterns is this agent's core capability. </commentary> </example> <example> Context: User needs authorization design reviewed user: "Check if our role-based access control has any gaps" assistant: "I'll use the security-reviewer to analyze the RBAC hierarchy, policy-based authorization, and per-resource permissions." <commentary> RBAC and authorization design review is within scope. </commentary> </example> <example> Context: User wants a security audit of application code user: "Audit our application code for OWASP Top 10 vulnerabilities" assistant: "I'll use the security-reviewer to scan for injection, broken auth, sensitive data exposure, and security misconfigurations in the application layer." <commentary> OWASP Top 10 in application code (not infra) is a core capability. </commentary> </example>

Use this agent when planning feature implementations, coordinating multiple agents, or designing architectural approaches. Produces plans, not code. For converting plans into GitHub issues, use git-project-manager instead. <example> Context: User wants to add a new feature to their .NET application user: "I need to add user notifications to the app" assistant: "I'll use the systems-architect to create an implementation plan for user notifications, identifying which agents and files are involved." <commentary> New feature requiring coordination across layers — architect designs the plan, then implementation agents execute. </commentary> </example>

Use this agent when writing unit tests, integration tests, or test infrastructure for .NET applications.

Use this agent when reviewing UI screenshots, evaluating designs against style guides, or auditing visual consistency. For creating design systems, use design-specialist instead. <example> Context: User has a screenshot of an implemented page user: "Review this screenshot of the new dashboard" assistant: "I'll use the ui-critic to evaluate the dashboard against the design system." <commentary> Visual review of existing UI — critic evaluates, design-specialist creates. </commentary> </example>