lt-dev

Clean up and optimize backend code quality for NestJS / @lenne.tech/nest-server projects

OWASP security audit for dependencies, config, and code

Perform security review of code changes

Generate comprehensive tests for changes

Update @lenne.tech/nest-server with automated migration and validation

Autonomous HTML quality review agent for lenne.tech fullstack projects. Audits accessibility (ARIA labels, roles, keyboard navigation, focus management, color contrast, screen reader support), form autocomplete attributes (email, password, name, tel, address, OTP), semantic HTML (heading hierarchy, landmark elements, interactive elements), SEO essentials (useHead, OG tags, lang attribute, structured headings), and crawlability (SSR content, robots.txt, sitemap). Combines static code analysis with Lighthouse audit via Chrome DevTools MCP. Produces structured report with fulfillment grades per dimension.

Architecture planning agent for lenne.tech fullstack projects with strict stack enforcement. Analyzes codebase, designs features with exact file paths, data models (MongoDB), API contracts (REST), permission hierarchies (@Restricted/@Roles/securityCheck), frontend state (useState/composables), and phased build sequences. Enforces CrudService inheritance, generated SDK types, Valibot forms, Better Auth, programmatic modals, semantic colors, and TDD workflow. Produces actionable blueprints directly executable by frontend-dev and backend-dev agents.

Autonomous backend development agent for NestJS / @lenne.tech/nest-server with strict security enforcement. Creates modules, services, controllers, models, DTOs with mandatory @Restricted/@Roles decorators, securityCheck() on every model, CrudService inheritance, alphabetical properties, and consistent bilingual descriptions. Enforces zero implicit any, options object pattern, least-privilege testing, and OWASP-aligned security. Operates in projects/api/ or packages/api/ monorepo structures.

Autonomous backend code review agent for NestJS / @lenne.tech/nest-server. Analyzes security decorators, CrudService patterns, model rules, controller conventions, input validation, service patterns, type strictness, and test coverage. Produces structured report with fulfillment grades per dimension. Enforces backend-dev agent guidelines as review baseline.

Autonomous agent for rebasing feature branches onto the development branch. Handles conflict resolution, Linear ticket analysis, code optimization, linting (oxfmt/oxlint), testing, and code review.

Orchestrates Test-Driven Development (TDD) workflows for user stories and features. Creates story tests first in tests/stories/, then iteratively implements until all pass. Invoke directly when a developer requests "TDD", "test-driven", "test first", "story test", "write tests before code", or feature implementation with TDD. Coordinates with generating-nest-servers (backend) and developing-lt-frontend (frontend). NOT for direct NestJS coding without TDD (use generating-nest-servers). NOT for standalone test generation (use /test-generate).

Provides auto-detection heuristics, coordination patterns, and worktree isolation guidance for parallel Claude Code operations. Covers Agent Teams (independent sessions with messaging) and parallel subagent spawning (Agent tool with isolation worktree). Activates when user mentions "agent team", "parallel review", "parallel agents", "team debug", "parallel worktrees", "batch rebase", "parallel backend frontend", "implement in parallel", or when commands evaluate team suitability via CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS. Also activates when spawning multiple file-modifying subagents concurrently. NOT for single sequential subagent invocations.

Develops, optimizes, and validates Claude Code plugins, skills (SKILL.md), commands, agents, hooks (hooks.json), and scripts. Ensures consistency with official best practices. Activates when creating, editing, or reviewing files in plugins/ directory, .claude-plugin/, plugin.json, permissions.json, or marketplace.json. Covers YAML frontmatter, element structure, cross-references, naming conventions, and plugin manifest validation. NOT for application development (use domain-specific skills).

Handles ALL Nuxt 4 and Vue frontend development tasks including composables, forms (Valibot), API integration (types.gen.ts, sdk.gen.ts), authentication (Better Auth), SSR, and Playwright E2E testing. Supports monorepos (projects/app/, packages/app/). Activates when working with .vue files, nuxt.config.ts, Nuxt UI, TailwindCSS, or files in app/components/, app/composables/, app/pages/, app/interfaces/, app/layouts/. NOT for NestJS backend (use generating-nest-servers). NOT for security theory (use general-frontend-security).

Framework-agnostic frontend security guide based on OWASP Secure Coding Practices. Covers XSS prevention, CSRF protection, Content Security Policy (CSP), secure cookie configuration, client-side authentication patterns, input validation, secure storage, and security headers. Activates for security audits, vulnerability reviews, XSS, CSRF, CSP, injection, security headers, or browser security questions in any web application. NOT for backend/NestJS security (use generating-nest-servers). NOT for Nuxt-specific implementation (use developing-lt-frontend).

13 hooks across 6 events