pokayokay

Design RESTful APIs with consistent patterns

Review architecture and plan refactoring

Audit feature completeness and identify gaps

Create, debug, or optimize CI/CD pipelines

Design database schemas and migrations

Create or improve documentation

Diagnose and fix a bug with structured workflow

Prepare session handoff for next session or agent

View and manage hook configuration

Urgent production fix with expedited workflow

Integrate with external APIs

Add logging, metrics, or tracing

Analyze the PRD at `$ARGUMENTS` and create a structured implementation plan.

Create and immediately start working on a quick task

Conduct comprehensive research for major decisions

Analyze completed sessions and identify patterns

Revise existing plan through guided conversation or directed changes

Create or extract TypeScript SDK

Conduct security audit of code or configuration

Start a time-boxed technical investigation

Design testing strategy or write tests

Start or continue a development session with configurable human control.

List, create, cleanup, switch, or remove worktrees

- Model: haiku

You are being dispatched by the coordinator to refine an ambiguous task before implementation begins.

You are being dispatched by the coordinator to review the implementation approach for a task BEFORE the implementer begins coding. Your output becomes the implementer's blueprint.

You are being dispatched by the coordinator to implement a specific task. Read the details below carefully and ask questions if anything is unclear before proceeding.

When dispatching multiple implementers in parallel, use a SINGLE message with multiple Task tool calls.

Read and analyze the PRD at: `{PRD_PATH}`

You are being dispatched to review code quality. Spec compliance has already been verified — focus on HOW the code is written, not WHETHER it meets the spec.

You are being dispatched to verify that an implementation matches its specification. Be adversarial — do NOT trust the implementer's claims.

Completeness auditor for L0-L5 feature verification. Use proactively after story/epic completion, when auditing features, or when validating that implemented features are user-accessible.

Refines ambiguous task requirements through structured exploration. Produces clear acceptance criteria and implementation approach. Runs before implementation for under-specified tasks.

Verifies UI changes in a real browser. Checks visual elements, interactions, and console errors. Returns PASS, ISSUE, or SKIP with evidence.

Reviews task requirements against codebase patterns and produces a validated implementation approach before coding begins. Read-only pre-implementation design check. Searches for and consults relevant design skills.

Fast codebase exploration for understanding structure, patterns, and architecture. Use proactively for research tasks, planning phases, or when you need to understand how something works before implementing.

Lightweight test failure fixer. Parses test output, makes targeted edits to fix failures, re-runs tests. Attempt limit set by coordinator (default 3).

Implements a single task with fresh context. Receives full task details from coordinator, implements following TDD, self-reviews, commits, and reports back.

Analyzes PRD documents and produces structured implementation plans with epic/story/task breakdowns, skill routing, and dependency mapping. Returns a structured plan for the coordinator to create in ohno.

Reviews implementation for code quality, tests, edge cases, and conventions. Only runs after spec review passes. Returns PASS or FAIL with specific issues.

Code review specialist. Analyzes code quality, security, and best practices. Use proactively after code changes, before commits, or when reviewing pull requests.

Security audit specialist. Scans for vulnerabilities, OWASP issues, and security misconfigurations. Use proactively for security reviews, before deployments, or when auditing authentication/authorization.

Reviews implementation against task specification with adversarial framing. Checks all acceptance criteria met, no missing requirements, no scope creep. Returns PASS or FAIL with specific issues.

Time-boxed technical investigation with structured output. Use for feasibility studies, architecture exploration, integration assessment, or when you need to answer a bounded technical question.

Test execution specialist. Runs test suites and reports failures concisely. Use after implementation changes, before commits, or when verifying fixes.

Use when designing new REST APIs, reviewing API designs, establishing API standards, designing request/response formats, pagination, versioning, authentication flows, or creating OpenAPI specifications.

Use when consuming external APIs, integrating third-party services, generating type-safe API clients, implementing authentication flows, or working with OpenAPI/Swagger, GraphQL, or REST specs. TypeScript-primary with language-agnostic patterns.

Use when auditing project structure, planning refactors, improving code organization, analyzing dependencies and module boundaries, or identifying structural issues. TypeScript/JavaScript-primary with language-agnostic patterns.

Automatically verify UI changes in a real browser after implementation. Integrated into the /work workflow — checks visual elements, interactions, and console errors using Playwright. Not a standalone skill.

Use when creating or debugging CI/CD pipelines, implementing deployment strategies (blue-green, canary, rolling), optimizing build times, reviewing pipeline security, or working with GitHub Actions, GitLab CI, CircleCI, Azure DevOps, or Bitbucket Pipelines.

Use when provisioning cloud resources, choosing between AWS services (Lambda vs ECS vs EKS), writing CDK/IaC, designing serverless or container architectures, configuring IAM/security groups, or optimizing cloud costs.

Use when designing database schemas, reviewing data models, planning migrations, optimizing slow queries, or establishing database patterns. Covers relational (PostgreSQL, MySQL, SQLite), document (MongoDB), and ORM-integrated (Prisma, Drizzle, TypeORM) projects.

Use for multi-day technology evaluations, competitive analysis, architectural exploration, best practices research, or major strategic decisions requiring comprehensive investigation and stakeholder reports. Unlike spike (time-boxed hours), supports extended multi-day investigation.

Create and maintain technical documentation including READMEs, API docs, architecture decision records (ADRs), and user guides. Use this skill when writing project documentation, documenting APIs, recording architectural decisions, creating how-to guides, or establishing documentation standards.

Use when designing error hierarchies, implementing React error boundaries, adding retry logic or fallbacks, creating API error responses, integrating error tracking (Sentry), or improving user-facing error communication.

Use when verifying feature completeness against PRD requirements, identifying gaps between backend implementation and user-facing accessibility, generating remediation tasks, or auditing across frameworks (Next.js, React Router, TanStack, React Native, Expo).

Use when adding logging to services, setting up monitoring, creating alerts, debugging production issues, designing SLIs/SLOs, or implementing structured logging (Pino, Winston), metrics (Prometheus, DataDog, CloudWatch), or distributed tracing (OpenTelemetry).

Use when revising existing implementation plans, analyzing impact of task changes, exploring modifications to project scope or dependencies, or updating task hierarchies with full impact visibility before execution.

Use when analyzing PRD documents, concept briefs, or feature specs to create implementation plans, breaking work into epics/stories/tasks with dependencies and estimates, or generating PROJECT.md and kanban tracking.

Use when building TypeScript SDKs, extracting shared code into packages, creating developer tooling libraries, designing clean API surfaces, or publishing to npm (public or private). Covers typed clients, error handling, multi-target bundling (ESM/CJS/browser).

Use when reviewing code security, auditing dependencies for CVEs, checking configuration or secret security, assessing authentication and authorization patterns, identifying OWASP vulnerabilities (injection, XSS, CSRF), or addressing security concerns about implementations.

Use after completing work sessions to analyze agent behavior patterns, prepare session handoffs for continuity, document completed work, identify blockers, or preserve context for the next session.

Time-boxed technical investigation with structured output. Use for feasibility studies, architecture exploration, integration assessment, performance analysis, or risk evaluation. Creates spike tasks in ohno, enforces time-boxing, generates spike reports, and creates actionable follow-up tasks.

Use when designing test architecture, building API test suites, validating API contracts, setting up component or E2E testing, managing test data, debugging flaky tests, reviewing coverage strategy, or organizing test files. Covers test pyramid, mocking (MSW), frontend (React Testing Library, Playwright), and CI integration.

Use when starting AI development sessions, resuming interrupted work, managing multi-session projects, or orchestrating work with human checkpoint control (supervised, semi-auto, auto, or unattended modes).

Git worktree management for isolated task development