Behnam Ebrahimi

Designs RESTful API endpoints following REST conventions and OpenAPI standards. Use when adding new API endpoints, redesigning existing ones, or ensuring API consistency.

Expert code reviewer for quality, security, and best practices. Use proactively after writing or modifying code to catch issues before they reach review.

Read-only database query assistant. Runs SELECT queries to inspect data, schema, and statistics. Use when you need to explore database contents, verify data, or diagnose data issues without any risk of modifications.

Root cause analysis and bug fixing specialist using hypothesis-driven debugging. Use proactively when encountering errors, test failures, unexpected behavior, or crashes.

Audits project dependencies for known vulnerabilities and outdated packages. Use proactively before releases, after adding new dependencies, or on a regular maintenance schedule.

Writes and updates documentation including JSDoc, docstrings, README files, and inline comments. Use proactively after implementing features, changing APIs, or when documentation is missing or outdated.

Plans framework, library, and language version migrations with step-by-step execution plans. Use when upgrading major dependencies, switching frameworks, or modernizing legacy code.

Generates comprehensive codebase walkthroughs for new developers. Use when onboarding a new team member, returning to a project after a long break, or when you need a high-level orientation to an unfamiliar codebase.

Profiles and optimizes application performance. Identifies bottlenecks, N+1 queries, unnecessary loops, memory leaks, and missing indexes. Use proactively when response times are slow, memory usage is high, or before scaling.

Refactors code for readability and maintainability while preserving behavior. Use proactively when code is hard to understand, duplicated, or violates project conventions.

Deep security audit specialist covering OWASP Top 10 and beyond. Use proactively when adding authentication, handling user input, storing sensitive data, or before any production release.

Writes tests that match the project's existing patterns, framework, and style. Use proactively after implementing new features or fixing bugs to ensure coverage.

Generate a database migration file with up and down methods for the described change, then test rollback.

Run tests, build, and deploy to the specified environment (staging or production). Includes safety checks.

Audit dependencies for vulnerabilities, list outdated packages, update safe ones, and run tests.

Orchestrate git workflow from code review through PR creation with quality gates

Detect the project linter and type checker, run them, auto-fix all fixable issues, and verify clean output.

Scaffold a new feature by following existing project patterns, creating all necessary files, tests, and wiring up imports.

Update changelog, bump version, tag, and push a release for the specified version number.

REST API design conventions and standards. Apply when writing, reviewing, or discussing API endpoints, routes, controllers, serializers, or HTTP handlers. Covers URL structure, HTTP methods, response formats, error handling, pagination, versioning, and authentication headers.

Generate a changelog from git history since the last tag or release. Groups commits by type and formats them for a CHANGELOG.md file or release notes. Use when cutting a release, updating the changelog, or when the user says "generate changelog", "what changed since last release", or "write release notes".

Smart git commit. Runs tests, stages all changes, generates a conventional commit message, and commits. Use when committing work, saving progress, or when the user says "commit this", "save my work", or "make a commit".

Systematic debugging using hypothesis testing. Reproduces the error, isolates the cause, and implements a fix. Use when the user reports a bug, error, or unexpected behavior, or says "debug this", "fix this error", "why is this failing", or "it's not working".

Generate or update documentation for a module, file, function, or class. Produces JSDoc, docstrings, README sections, or standalone docs depending on the target. Use when the user says "document this", "add docs", "generate documentation", or "write a README for this module".

Explain code using ASCII diagrams, analogies, and step-by-step walkthroughs. Use when the user asks "how does this work?", "explain this code", "walk me through this", "what does this do?", or "help me understand this".

Fix a GitHub issue by number. Reads the issue, implements the fix, writes tests, and commits the result. Use when the user says "fix issue #123", "work on issue", or "implement the bug fix for #N".

Migrate files or a directory from one framework, library, or pattern to another. Preserves behavior while updating syntax, imports, and idioms. Use when the user says "migrate from X to Y", "convert this to use X", "upgrade from React class components to hooks", or "port this to FastAPI".

Generate a codebase overview for new team members. Produces an architecture summary, key files guide, and conventions reference. Use when someone is new to a project, when the user asks "give me an overview", "explain the architecture", "where do I start?", or "onboard me to this codebase".

Find performance bottlenecks in the codebase. Analyzes hot code paths, database queries, memory allocation patterns, and algorithmic complexity. Use when the user asks about performance, says "why is this slow", "find bottlenecks", "optimize this", or "perf audit".

Create a pull request. Summarizes changes since the base branch, generates a PR title and description, pushes the branch, and opens a PR via the gh CLI. Use when opening a PR, submitting work for review, or when the user says "open a PR", "create a pull request", or "submit for review".

Refactor a target file, function, or module while preserving behavior. Runs tests before and after to verify correctness. Use when the user says "refactor this", "clean up", "improve this code", or "simplify this function".

Review the current diff for bugs, security issues, logic errors, and style problems. Use when the user asks to review changes, check a diff, audit recent edits, or says "review my code", "check this diff", or "look for issues".

Scan the codebase for security vulnerabilities based on the OWASP Top 10. Use when the user asks to audit security, find vulnerabilities, check for security issues, or says "security scan", "audit this", "find security bugs".

Test-driven development cycle. Writes a failing test for a feature, implements the minimum code to make it pass, then refactors. Use when the user says "use TDD", "write the test first", "TDD this feature", or "red-green-refactor".