crypto-infra-skills

Implement the next task incrementally — build, test, verify, commit

Simplify code for clarity and maintainability — reduce complexity without changing behavior

Break work into small verifiable tasks with acceptance criteria and dependency ordering

Conduct a five-axis code review — correctness, readability, architecture, security, performance

Run the pre-launch checklist via parallel fan-out to specialist personas, then synthesize a go/no-go decision

Senior code reviewer that evaluates changes across five dimensions — correctness, readability, architecture, security, and performance. Use for thorough code review before merge.

Security engineer focused on vulnerability detection, threat modeling, and secure coding practices. Use for security-focused code review, threat analysis, or hardening recommendations.

QA engineer specialized in test strategy, test writing, and coverage analysis. Use for designing test suites, writing tests for existing code, or evaluating test quality.

Use to perform a staff-engineer review of Web3 backend code, architecture, or design docs. Focuses on production concerns specific to crypto products — idempotency, reorg handling, multi-chain edge cases, financial conservation, key management, vendor integrations (Fireblocks/Privy/Fordefi/QuickNode), database schema for wallets/addresses, fallback strategy, on-chain debugging (Tenderly), observability, and operational runbooks. This agent reviews from the perspective of someone who has shipped wallet infrastructure, indexers, and trading systems to production.

Use for security-focused review of wallet infrastructure code or design — key management, signing flows, MPC/multisig, ERC-4337, EIP-7702, paymaster abuse, recovery procedures. This agent reviews from a "what would an attacker do" perspective with deep knowledge of wallet-specific failure modes.

Guides stable API and interface design. Use when designing APIs, module boundaries, or any public interface. Use when creating REST or GraphQL endpoints, defining type contracts between modules, or establishing boundaries between frontend and backend.

Tests in real browsers via Chrome DevTools MCP. Use when building or debugging anything that runs in a browser. Use when you need to inspect the DOM, capture console errors, analyze network requests, profile performance, or verify visual output with real runtime data. Requires the chrome-devtools MCP server to be configured.

Use when designing or reviewing a crypto debit/credit card product. Covers card issuer integration (Marqeta, Stripe Issuing, GPS, Galileo), funding flow (auth → settle), ledger architecture for crypto-to-fiat conversion, KYC/AML compliance, BIN sponsorship, FX and crypto pricing, and chargeback handling. Use whenever the user mentions crypto card, debit card, card issuing, authorization flow, settlement, BIN sponsor, or interchange.

Use when designing or reviewing the internal accounting ledger for a crypto exchange, custodian, wallet product, or any system that holds user funds. Covers double-entry primitives (accounts, journals, transactions, entries), conservation invariants per currency, multi-currency entries without FX inside the ledger, pending/hold semantics, idempotency on inbound events, reversal via compensating entries, append-only storage, derived vs materialized balances, and the split between trade ledger and settlement ledger. Use whenever the user mentions internal ledger, double-entry, balances, user balances, accounting, ledger schema, conservation, idempotent debits/credits, hold accounts, settlement ledger, or "how do we track who owns what".

Use when designing or reviewing a crypto/financial matching engine. Covers order book data structures, matching algorithms (price-time priority, pro-rata), Go-side architecture (hexagonal/clean), single-pair vs multi-pair, in-memory vs persistent, hot-path optimization, and concurrency patterns. Use whenever the user mentions order book, matching engine, exchange backend, CEX architecture, limit order, or order matching.