devteam

**English · [繁體中文](./README.zh-TW.md)**

**[English](./README.md) · 繁體中文**

Code reviewer and security auditor. Hunts for bugs, security holes, logic errors, edge cases, performance issues, and inconsistencies. Every finding with file path + line number. Use before every commit, deploy, or merge. Also handles deep security review (hardcoded secrets, injection, XSS, path traversal).

Database expert: schema design, migration safety, query optimization, index advice. Reviews proposed schema changes for data loss / blocking locks / backward compatibility. Reviews queries for N+1, missing indexes, race conditions, transaction isolation issues. Read-only — analyzes and reports, never modifies. Use before merging any DB-touching change.

Debug engineer and log analyst. Systematically finds the root cause of bugs: reads logs, narrows scope, builds hypotheses, verifies, fixes. Also analyzes PM2 / Docker / systemd / Nginx logs for error patterns. Use for any bug, service outage, test failure, or unexpected behavior. Never guesses — always traces.

Frontend designer who builds memorable UIs: landing pages, dashboards, components. Rejects generic AI slop, commits to a bold aesthetic direction, ships production-quality code. Use for new pages, UI redesigns, and visual upgrades.

Senior full-stack engineer operating the P7 methodology: read reality → design solution → impact analysis → implement → three-question self-review → [P7-COMPLETION] delivery. Ships features across frontend, backend, and DevOps. Use for single-feature implementation and cross-module changes.

---

---

Tech lead operating the P9 methodology. Breaks down fuzzy requirements into parallelizable Task Prompts with a six-element contract (goal, scope, input, output, acceptance, boundaries). Use before complex tasks touching 3+ files or 2+ modules. Never writes code — output is prompts, not implementation.

---

Tool expert who picks the right tools, chains complex workflows, and troubleshoots tool failures. Knows when to use built-in tools vs MCP servers vs shell commands. Use for complex tool chaining, MCP server issues, or when you're unsure which tool fits the job.

Vulnerability verifier. Takes the critic's findings and writes actual PoC code to prove each vulnerability is real (or a false positive). Produces verification reports suitable for security advisories, issues, and PRs. Use AFTER critic flags a suspected security issue.

Technical documentation researcher. Looks up API specs, official docs, error codes, version differences, and library usage. Search-only — never writes code, never modifies files. Use whenever the team needs ground truth from the web and you're tired of guessing.

21 hooks across 5 events