Container image validation with Skaffold test and verify stages. Covers container-structure-tests for image hygiene, custom tests for security scanning, and post-deployment verification. Use when configuring pre-deploy tests, security scans, or integration tests in Skaffold pipelines.
Runs Software Composition Analysis (SCA) to detect vulnerable dependencies. Wraps npm audit and Trivy fs. Use when user asks to "scan dependencies", "check npm vulnerabilities", "SCA scan", "dependency audit", "依存関係スキャン", "脆弱性チェック".
Executes SonarCloud API queries via unified Python CLI. Use when checking quality gate status, searching issues (bugs, vulnerabilities, code smells), retrieving metrics (coverage, complexity), or viewing analysis history.
Create, update, validate, and submit Homebrew Casks. Use when the user mentions Homebrew cask/cask, Homebrew/homebrew-cask, adding a new cask, updating a cask, cask token naming, sha256, url verified:, livecheck, zap/uninstall, or when asked to run brew style/audit for a cask.
Use after creating PR - monitor CI pipeline, resolve failures cyclically until green or issue is identified as unresolvable
Investigate deployment failures, analyze task logs, and troubleshoot Octopus Deploy issues
HARD GATE before PR creation - verifies review artifact exists in issue comments, all findings addressed or tracked, blocks PR creation if requirements not met
Create a new Dagster workspace for managing multiple projects. Use when user wants to initialize a workspace, manage multiple Dagster projects together, or set up a multi-project environment.
FVH (Forum Virium Helsinki) release-please standards and configuration. Use when configuring release-please workflows, checking release automation compliance, or when the user mentions FVH release-please, automated releases, or version management.
Enterprise artifact management with governance, lifecycle, SBOM, and supply chain security for November 2025 standards
Execute comprehensive framework health checks to validate core cc-sessions functionality including write-gating, state persistence, skill precedence, LCMP freshness, and handoff log structure
Test-Driven Development (TDD) red-green-refactor cycle for GMailArchiver. Use when implementing features, fixing bugs, or following the 6-phase workflow. Triggers on: TDD, test-driven, red-green, failing test, write test first, implement feature, fix bug, development workflow, phase.
Controlled batch execution of implementation plans with review checkpoints between phases. Loads plan, critically reviews for issues, executes tasks in batches, then pauses for architect feedback before continuing. Use when you have a complete implementation plan from brainstorming/writing-plans and want structured execution with quality gates. Do NOT use for ad-hoc implementation, exploratory coding, or when you don't have a formal plan - just implement directly with code review at the end.
Extended verification including tests AND spec compliance - runs tests, validates spec compliance, checks for drift, blocks completion on failures
Generate CI/CD configurations and automation scripts for building, testing, and deploying
Implementation orchestrator for stages 2-6 (Foundation through Validation)
Scan project dependencies for known vulnerabilities. Automatically detect and parse package files (package.json, requirements.txt, Gemfile, go.mod, pom.xml) and check all dependencies against the CVE database. Use when you want to audit a project for security vulnerabilities, check if dependencies have known CVEs, or generate a vulnerability report for compliance.
Verify implementation status by querying GitHub API for PRs, issues, Actions, and deployments. Use when checking remote repo activity.
