Skills do squad.

tdd-mastery

Test-Driven Development orientado por specialistas. Red-Green-Refactor. Testes ANTES da implementação em features novas. Reproduz bug com teste antes de fixar. Cobertura mínima 70%.

Ativa: @tester, @qa-expert, features novas

testing-strategies

Test pyramid (unit / integration / e2e), risk-based testing, property-based testing (fast-check / hypothesis), mutation testing (Stryker), contract testing (Pact).

Ativa: @qa-expert, @test-automator

performance-optimization

Core Web Vitals (LCP, FID, CLS, INP), bundle analysis, code splitting, image optimization, server timing API, CDN strategy.

Ativa: @performance-engineer, /perf-audit

postgres-optimization

EXPLAIN ANALYZE, índices BTREE/GIN/BRIN, partial indexes, RLS performance, query rewrite, connection pooling. Detecta N+1, missing indexes, table bloat.

Ativa: @postgres-pro, /db-optimize

codebase-design

Vocabulário de deep modules (Ousterhout/Feathers): module, interface, seam, adapter, depth, leverage, locality. Projeta interfaces que escondem complexidade e ficam testáveis. Inclui DEEPENING + DESIGN-IT-TWICE (sub-agents paralelos). Adaptada de mattpocock/skills (MIT).

Ativa: @engineering-chief, design de módulo, refactor

domain-modeling

Constrói e afia o domain model: linguagem ubíqua, glossário CONTEXT.md e ADRs (docs/adr/). Desafia termos vagos e registra decisões arquiteturais que não devem ser re-litigadas. Adaptada de mattpocock/skills (MIT).

Ativa: @engineering-chief, glossário, ADR

improve-codebase-architecture

Varre a codebase, acha oportunidades de deepening (module shallow → deep) e entrega relatório HTML visual (Tailwind + Mermaid). Fluxo: Explore → relatório → design-it-twice na candidata escolhida. Adaptada de mattpocock/skills (MIT).

Ativa: @engineering-chief, auditar arquitetura

feedback-loop-debugging

Loop de diagnóstico para bugs difíceis: construir e apertar um feedback loop red-capable ANTES de hipotetizar. 6 fases + script HITL. Complementa o systematic-debugging. Adaptada de mattpocock/skills (MIT).

Ativa: @error-detective, @production-debugger

security-hardening

OWASP top 10 enforcement, threat modeling, RBAC review, secret rotation, dependency CVE check. Aplicada quando o código toca: auth, payment, PII, endpoints públicos, parser de input.

Ativa: @security-auditor, /security-audit

offensive-security-tradecraft

Pentesting autorizado: STRIDE/PASTA, MITRE ATT&CK, OWASP Top 10/Mobile/API/LLM. Recon, exploitation, post-exploitation com legal gates explícitos.

Ativa: @penetration-tester

cti-expert

Cyber Threat Intelligence: 8 case patterns (incident response, fraud, BEC, ransomware, etc), legal gates, OPSEC. Condensado para operação real (187 linhas).

Ativa: @security-auditor, @incident-responder

prompt-engineering

Eval-driven prompt design (Anthropic), few-shot vs zero-shot decision tree, structured outputs, prompt caching, token optimization.

Ativa: @prompt-engineer, @ai-engineer

llm-integration

Multi-LLM (OpenRouter, Claude API, Gemini), retry com exponential backoff, AbortController, token tracking, fallback chain, RAG patterns (chunking, embeddings, retrieval).

Ativa: @ai-engineer, @llm-architect

llm-eval-frameworks

DeepEval, Ragas, promptfoo, LangSmith. Eval-driven LLM development. CI gate pra prompts. Ground truth datasets, golden tests, A/B variantes.

Ativa: @evals-engineer

local-llm-stack

Ollama, LM Studio, llama.cpp, vLLM. Quantization (GGUF/AWQ/GPTQ), context window management, GPU offloading, OpenAI-compat API.

Ativa: @local-llm-orchestrator, /llm-route

mcp-builder + mcp-management

Build de MCP servers (TypeScript/Python SDK), discovery, tool/prompt/resource design. Filtragem de capabilities por task. Pinning de versões.

Ativa: @ai-engineer, MCP work

monitoring-observability

Logs estruturados (JSON), traces (OpenTelemetry), métricas (RED/USE methods), SLOs definidos, alertas acionáveis. Dashboards Grafana/Datadog/New Relic.

Ativa: @incident-responder, features de produção

slo-burn-rate-alerts

SLI/SLO com error budget, multi-window burn-rate (Google SRE Workbook), alert design (1h/6h/3d), runbook templates, postmortem blameless.

Ativa: @sre-engineer

production-profiling

USE method, eBPF, perf, py-spy, heaptrack, async-profiler. Race condition detection, memory leak hunting, p99 latency analysis em prod.

Ativa: @production-debugger

billing-webhook-recipes

Stripe, Polar, Paddle, Lemon Squeezy webhook handlers com HMAC verification, idempotency keys, MRR/ARR/churn calc, dunning flows, refund/chargeback.

Ativa: @billing-specialist

webhook-engineering

Webhook design (retries, dead-letter queue, idempotency), assinatura HMAC, replay protection, observabilidade, debugging com tunnels (ngrok/cloudflared).

Ativa: @webhook-bypass-engineer

ci-cd-pipelines

GitHub Actions, GitLab CI, CircleCI. Caching estratégico, matrix builds, reusable workflows, deployment gates, secret rotation.

Ativa: @ci-cd-pipeline-designer

monorepo-engineering

Turborepo, Nx, pnpm workspaces. Task pipelines, remote cache, code sharing, dependency boundaries, incremental builds.

Ativa: @monorepo-architect, /monorepo-init

cloudflare-deployment

Cloudflare Pages + Workers + Functions + KV + D1. wrangler CLI, custom domains, environment variables, Functions HMAC patterns.

Ativa: @cloudflare-pages-specialist, /cf-deploy

tanstack

TanStack Query/Router/Table/Form. Cache invalidation, optimistic updates, infinite scroll, type-safe routing.

Ativa: @nextjs-developer, frontend React

docs-seeker + agentize

Busca dirigida em docs oficiais (Context7, llms.txt). Agentize: extração de tarefas repetitivas em sub-agentes especializados.

Ativa: @researcher, @docs-site-builder

anti-ai-engineering-protocol 🆕 v3.5

8 perguntas bloqueantes + 12 pecados de código IA: over-engineering, premature abstraction, try/catch swallow, any explosion, naming genérico, wrappers inúteis.

naming.md

kebab-case JS/TS/Python, PascalCase C#/Java, snake_case Go/Rust, descriptive names para LLM tools.

testing.md

TDD em features novas, teste reproduz bug antes do fix, cobertura mín 70%, no mocks que mascaram bugs.

security.md

OWASP top 10, no creds hard-coded, input validation, output encoding, RBAC review.

performance.md

p99 dentro do SLO, no N+1, indexes obrigatórios em FK, lazy loading default.

error-handling.md

Try/catch nunca silencia, errors são logados+classificados, retries com backoff exponencial.

api-design.md

RESTful conventions, versionamento explícito, paginação cursor-based, idempotency em writes.

database.md

Migrations atômicas reversíveis, FKs sempre indexed, JSONB com índice GIN se buscar.

monitoring.md

Logs estruturados, traces obrigatórios em endpoints, alertas acionáveis (zero barulho).

accessibility.md

WCAG 2.1 AA, semantic HTML, ARIA labels, contrast ratio, keyboard nav.

dependency-management.md

Lock files commitados, audit semanal, no deps com CVE crítico, atualização gradual.

cloudflare-bypass.md 🆕 v3.0

Webhook 403 = Managed Challenge. Bypass via header signing + IP allowlist no WAF.

cloudflare-pages-deploy.md 🆕 v3.0

wrangler deploy patterns, environment variables, custom domains via 7dsecrets.com.

supabase-source-of-truth 🆕 v3.0

Supabase = fonte canônica. JSON é espelho/backup. Toda mudança DDL vai pelo schema.

next-standalone-middleware 🆕 v3.0

Middleware static: usar JWT decode local, não supabase.auth.getUser() em rotas servindo public/.

monorepo-conventions.md 🆕 v3.1

Naming pacotes, dependency boundaries, public API surface, no circular deps.

ci-cd-caching.md 🆕 v3.1

Cache key strategies, immutable layers, save/restore, hit ratio monitoring.

docs-site-structure.md 🆕 v3.1

Estrutura tutorial/how-to/reference/explanation (Diátaxis). Versionamento docs.

local-llm-routing.md 🆕 v3.0

Quando usar local vs cloud LLM. Routing por sensibilidade de dados, latência, custo.