john.q.tcg

Review Go code for code quality, style, and modern Go practices including function length, nesting depth, naming, mutable globals, interface design, receiver consistency, modern Go idioms (slog, generics, typed atomics), and static analysis. Trigger when reviewing Go code structure, readability, or maintainability. Also runs golangci-lint for automated style checks.

Perform exploitability-first security reviews for code changes (auth, input, secrets, API, data, concurrency, container, third-party, and dependency risk), with mandatory evidence, suppression discipline, scope-based review depth, and Go-specific secure-coding gates.

Use when debugging, diagnosing, or investigating any bug, test failure, flaky test, race condition, unexpected behavior, build failure, production incident, third-party breakage, root cause analysis, or performance regression before proposing fixes

Review Go code for concurrency safety and goroutine lifecycle issues including race conditions, deadlocks, goroutine leaks, mutex misuse, and context propagation. Trigger when code contains go func, channels, sync primitives, WaitGroup, errgroup, or goroutine lifecycle management. Use for concurrency-focused review of Go projects.

REST API contract designer and reviewer. ALWAYS use when designing new endpoints, reviewing existing API contracts, planning API versioning, or standardizing error models. Covers resource modeling (URL/naming), HTTP method semantics, status code selection, error model consistency, pagination/filtering/sorting, idempotency keys, concurrency control (ETag/If-Match), object-level authorization (IDOR prevention), rate limiting, backward compatibility assessment, and OpenAPI-ready output. Use even for "just add an endpoint" — inconsistent APIs compound into integration nightmares that are extremely expensive to fix after clients depend on them.

Review Go code for performance issues including slice/map pre-allocation, string concatenation, N+1 queries, connection pool configuration, sync.Pool, memory alignment, lock scope, buffered I/O, and HTTP transport tuning. Trigger when code contains make(), loops, database queries, string building, sync primitives, HTTP clients, or hot-path operations. Use for performance-focused review.

Kafka event-driven architecture designer and reviewer. ALWAYS use when designing, reviewing, or troubleshooting Kafka-based event systems — topic design, partition strategy, consumer group configuration, event schema definition (Avro/Protobuf/JSON), idempotent consumers, dead letter queues, exactly-once semantics, Schema Registry compatibility, backpressure handling, and consumer lag monitoring. Use even for "just publish an event" — Kafka's partition-ordered-not-globally-ordered semantics, at-least-once default delivery, and consumer rebalance storms are the source of most production event-driven bugs.

Monitoring and alerting design reviewer for production backend services. ALWAYS use when writing Prometheus alerting rules, designing Grafana dashboards, defining SLI/SLO, configuring alert routing (PagerDuty/OpsGenie/Slack), or reviewing existing monitoring setups. Covers SLI/SLO definition, alert rule quality (sensitivity/specificity tradeoff), burn-rate alerting, alert fatigue prevention, dashboard design principles, label cardinality management, and on-call routing configuration. Use even for "just add an alert" — a poorly designed alert either pages at 3AM for non-issues (alert fatigue) or stays silent during real outages (false confidence).

MongoDB schema migration safety reviewer and migration script generator. ALWAYS use when writing, reviewing, or planning MongoDB schema changes — field additions/removals, index builds, schema validator changes, document type migrations, shard key modifications, or any bulk update touching production collections. Covers index build lock behavior (foreground vs rolling builds), additive schema evolution, _id-range batched updates, write concern tuning during migration, reshardCollection (5.0+), collMod validator changes, and rollback planning. Use even for "just add a field" — MongoDB's schema-less nature makes silent type inconsistencies and missing-field bugs harder to detect than RDBMS constraint violations.

Redis caching strategy designer and reviewer. ALWAYS use when designing, reviewing, or troubleshooting Redis caching layers — cache pattern selection (cache-aside, write-through, write-behind), TTL strategy, cache stampede/penetration/avalanche prevention, hot key handling, cache-DB consistency, distributed locking, key naming, and degradation design. Use even for "just add a cache" requests — cache invalidation is one of the two hard problems in computer science, and a naive implementation creates subtle consistency bugs that surface only under load.

Transcribe a specified local video or audio file into cleaned final `.txt`, `.pdf`, or `.docx` transcripts using speech recognition with Apple Silicon GPU acceleration and LLM-based proofreading. Use when the user wants text extracted from a local media file path such as `.mp4`, `.mov`, `.mkv`, `.webm`, `.mp3`, `.m4a`, or `.wav`, and the output language should follow the spoken language in the media automatically. Prefer this skill for local-file transcription workflows that should produce cleaned transcripts with natural paragraphs, LLM-corrected Chinese text, and simplified Chinese output for Chinese speech.

Enforce practical Test-Driven Development for code changes in Go services. Use for new features, bug fixes, refactors, API changes, and new modules. Requires Red-Green-Refactor evidence, defect-hypothesis-driven tests, killer cases, and coverage gates (line + risk-path).

Generate and run yt-dlp download commands with probe-driven format selection, safe output naming, retry defaults, and structured execution reports. Use when users want to download videos, extract audio, fetch playlists, grab subtitles, handle authenticated/age-gated content, or download live streams. Covers single videos, playlists, audio extraction, subtitle-inclusive downloads, format-ID / resolution-capped downloads, SponsorBlock integration, live streams, and browser-cookie authentication.

PostgreSQL schema migration safety reviewer and DDL generator. ALWAYS use when writing, reviewing, or planning PostgreSQL schema changes — ALTER TABLE, CREATE/DROP INDEX, column type changes, constraint additions, RLS policy changes, or any DDL touching production tables. Covers lock-level analysis, CREATE INDEX CONCURRENTLY, NOT VALID constraint patterns, transactional DDL rollback, pg_repack for table rewrites, phased rollout design, and backward compatibility. Use even for "simple" ADD COLUMN — PostgreSQL DDL lock behavior varies by operation and version, and AccessExclusiveLock on a hot table causes immediate outage.

Oracle Database schema migration safety reviewer and DDL generator. ALWAYS use when writing, reviewing, or planning Oracle schema changes — ALTER TABLE, CREATE/DROP INDEX, column type changes, constraint additions, partition DDL, or any DDL touching production tables. Covers DDL auto-commit implications, DDL_LOCK_TIMEOUT, DBMS_REDEFINITION for online table restructuring, ENABLE NOVALIDATE constraint patterns, global index impact from partition DDL, CTAS-based migration, ROWID-range batching, and Flashback recovery. Use even for "simple" ADD COLUMN — Oracle DDL issues implicit COMMIT before and after execution, making every DDL statement irreversible without manual rollback planning.

Create and run gated Go integration tests for third-party APIs with real external calls, strict configuration gates, bounded timeouts, and safe runtime controls. Use for vendor/client contract verification and failure triage.

Write, review, and improve technical documents (技术文档, 设计文档, 操作手册, 故障报告, API文档). Use when users ask to write/draft/review/improve a technical document, create an RFC/ADR, write a runbook or operation guide, produce API docs, or create any structured technical writing deliverable. Audience-aware, evidence-based, with quality gates and anti-staleness enforcement. Supports concept docs, task docs, reference docs, troubleshooting docs, and design docs (RFC/ADR).

Keep repository documentation synchronized with the latest code. Use when updating README/docs/codemaps after code changes, running docs-drift checks, or producing scoped evidence-backed doc patches for service/library/CLI/monorepo projects.

Use when the user asks for unit tests (e.g, "单元测试", "unit test"), wants to add/fix Go tests, wants table-driven and subtest organization, or wants to enforce a minimum coverage gate (default 80% for logic packages). Prioritize bug discovery (especially boundary, mapping loss, and concurrency defects) over test volume. Do NOT use for benchmarks, fuzz tests, integration tests, E2E tests, load tests, or mock generation.

Create implementation plans for multi-step tasks. Use when you have a spec, requirements, or feature request that needs decomposition into concrete steps before implementation. Covers feature, bugfix, refactor, migration, API change, and docs-only plans. NOT for single-file edits, trivial fixes, or tasks completable in under 5 minutes.

Review Go code for observability gaps: missing structured logging, broken trace context propagation, Prometheus cardinality explosions, span lifecycle errors, and sensitive fields in logs. Dispatched by go-review-lead as a vertical reviewer. Also trigger directly when the user says "review my logging", "check my tracing", "observability review", or "are my metrics correct".

Use when creating or refactoring GitHub Actions CI workflows for Go repositories. Covers repository-shape detection, Make-driven delegation with formal fallbacks, Go setup, caching, tool pinning, permissions, reusable workflows, and quality gate design.

Design, maintain, and execute reliable end-to-end tests for critical user journeys with Agent Browser as first choice for exploration and Playwright as the preferred code path for suites and CI. Use for E2E strategy, journey coverage, flaky test triage, artifact collection, CI gating, regression prevention, and browser automation tasks.

Use when the user wants help finding information through Google or Google-style web search and expects more than raw links. Handle current facts, public-information lookups, official documents, tutorials, reports, tools, materials, or source discovery by classifying the search goal, generating precise queries, executing search, ranking sources, cross-checking key claims, and returning a concise conclusion plus reusable search strings. Also use for programmer-specific searches (error debugging, official docs, GitHub code search, Stack Overflow, RFC lookup, benchmarks).

Incident post-mortem specialist for writing blameless post-mortems, extracting timelines from logs/events, conducting root cause analysis (5-Why, fishbone), classifying severity, and generating tracked action items. ALWAYS use when writing a post-mortem, reviewing an incident, extracting a timeline, performing root cause analysis, or converting incident data into organizational knowledge. Complements systematic-debugging (finds the cause) with structured documentation that prevents recurrence.

Orchestrate a comprehensive Go code review by triaging code changes, dispatching vertical review skills (security, concurrency, error, logic, performance, quality, test, observability) as parallel agents, then consolidating results into a unified report. Use for full Go PR review or comprehensive code review. Replaces the monolithic go-code-reviewer with focused parallel analysis.

Performance load testing specialist for writing k6/vegeta/wrk scripts, defining SLOs, modeling scenarios (spike/soak/stress/breakpoint), analyzing results, and identifying bottlenecks. ALWAYS use when writing load test scripts, reviewing test results, designing test scenarios, setting performance SLOs, or diagnosing latency and throughput issues at the service level. Complements go-benchmark (micro-level function profiling) with macro-level end-to-end service testing. Use proactively for any pre-release performance validation, capacity planning, or production incident investigation involving latency/throughput.

Review Go code for business logic correctness, boundary conditions, off-by-one errors, state management, data flow integrity, and return value contracts. Trigger on any Go code change that modifies behavior, conditional logic, state transitions, or data processing. Use for logic-correctness focused review.

Safely create a git commit by validating repository state, staging intended changes, scanning for secrets/conflicts, generating an English Angular (Conventional Commits) message from staged diff, and committing without amend.

Review Go code with a defect-first approach using repository policy (constitution.md first, then AGENTS.md fallback). Use for code review, PR review, quality checks, risk analysis, and regression detection.

Real-time research workflow for source-backed analysis. Use when users ask to research a topic, compare options, investigate claims, analyze trends, or produce synthesis with real citations. Handles web research, codebase research, and hybrid (web + codebase) scenarios with mandatory content extraction, hallucination-aware verification, and structured report delivery.

Review Go code for error handling correctness, nil safety, and failure-path integrity including ignored errors, missing wrapping, panic misuse, SQL/HTTP resource lifecycle, and transaction patterns. Trigger when code contains error returns, panic calls, sql.Rows, transactions, HTTP client/server code, or nil-sensitive pointer operations. Use for error-handling and correctness-focused review.

Create, maintain, and run gated Go integration tests for internal APIs and service-to-service clients (HTTP/gRPC). Use for endpoint verification, contract checks with real runtime config, opt-in execution, timeout/retry safety, and integration failure triage in Go services.

Generate Go fuzz tests (Go 1.18+ testing.F) for specified code when users ask for fuzzing/模糊测试/fuzz test generation, parser robustness, round-trip, or differential fuzzing. Always run an applicability gate first; if the target is not suitable, explain concrete reasons and stop without writing fuzz test code.

Go performance benchmarking and pprof profiling specialist. ALWAYS use when writing benchmark functions (testing.B), generating or reading pprof profiles, interpreting flame graphs, finding memory allocation hotspots, comparing implementations with benchstat, or measuring ns/op / B/op / allocs/op. In Go code contexts, also trigger when the user says "it's slow", "too many allocations", "find the bottleneck", or "profile this Go code".

Go dependency audit specialist for CVE scanning (govulncheck), license compliance, outdated dependency detection, upgrade impact analysis, and supply chain security. ALWAYS use when auditing go.mod dependencies, running govulncheck, checking license compatibility, planning dependency upgrades, or investigating supply chain risks in Go projects. Complements security-review (code-level) with module-level supply chain analysis.

Create evidence-backed pull requests to the GitHub main branch with strict preflight, quality, and security gates. Use when users ask to create/submit/open/update a PR to main (including private repos), decide draft vs ready state, and provide reviewer-ready context for team review.

Canonical skill for Go Makefiles. Create/refactor root Makefiles for Go repositories with standardized build/test/lint/run targets, self-documenting help outputexample, predictable artifacts, and maintainable target naming.

MySQL schema migration safety reviewer and DDL generator. ALWAYS use when writing, reviewing, or planning MySQL schema changes — ALTER TABLE, CREATE/DROP INDEX, column type changes, charset conversions, data backfills, or any DDL touching production tables. Covers online DDL algorithm selection (INSTANT/INPLACE/COPY), lock-safety analysis, large-table migration with gh-ost/pt-osc, phased rollout design, replication-safe DDL, backward compatibility, and rollback planning. Use even for "simple" ADD COLUMN — MySQL DDL locking behavior is version- and operation-dependent, and mistakes cause production outages.

Review Go test code for quality including table-driven tests, t.Helper usage, assertion completeness, boundary cases, benchmarks, fuzz tests, and coverage targets. Trigger when PR contains _test.go files, test helpers, httptest usage, testing.B, testing.F, or testdata directories. Use for test-quality focused review.

Generate or refactor project README.md files using repository evidence. Use when the user asks to create/rewrite/standardize README, improve documentation structure, or produce maintainable README templates for different project types (service/library/CLI/monorepo).

Review Go code for security vulnerabilities including OWASP Top 10, injection, auth/authz, crypto, secrets, SSRF, XSS, and input validation. Trigger when code involves SQL, user input, authentication, HTTP handlers, TLS, crypto, secrets, or file path operations. Use for security-focused code review of Go projects.