Quick Reference
Jira Integration
| /jira | Full ticket orchestrator — fetch, analyze, detect JAM recordings, design, implement, and update a Jira ticket end-to-end |
| /jira sprint | Sprint batch mode — fetches teams dynamically, lets you pick a team, then processes sprint tickets sequentially |
| /jira teams | Lists all available Scrum teams fetched live from Jira — currently 13 teams in the FO project |
| /jam | Analyzes JAM bug recordings via MCP — video analysis, console logs, network requests, and user events |
| /tempo | Quick time tracking for Jira tickets — add or view logged time without leaving the terminal |
Feature Development
| /new-feature | Six-phase feature pipeline — plan, screenshot, design in Paper, parallel implementation, report, and optional testing |
| /code-analysis | Analyze only changed/new code for security, logic, quality, and performance issues — fix critical findings automatically |
Code Quality
| /dev-team | Full development team loop — security audit, quality scan, fixes, tests, and regression verification until zero findings |
| /security-audit | OWASP Top 10 security scan of every file — injection, auth, XSS, access control, misconfig |
| /quality-audit | Code quality scan — code smells, type safety, performance, error handling, API design |
| /fix-all | Fix all issues from security and quality audits, prioritized by severity |
| /test-all | Write comprehensive unit, security, integration, and regression tests — run until 100% pass |
| /master-report | Compile all agent reports into a single polished HTML master report |
Docker & Deployment
| /full-pipeline | End-to-end delivery pipeline — quality loop, Playwright E2E, Docker build/deploy, integration tests, master report |
| /docker-build | Build, validate, and security-scan Docker images |
| /docker-deploy | Deploy with Docker Compose, verify endpoints, collect access information |
| /docker-test | Run comprehensive integration tests against a live Docker deployment |
| /docker-teardown | Gracefully tear down Docker containers and report freed resources |
Testing
| /unit-test | Scan projects for unit test coverage gaps, create missing tests, run and fix until green — supports full scan, single file, and project name resolution |
| /playwright-test | Run full Playwright E2E browser test suite, analyze failures, write missing tests, generate HTML report |
Security & Dependencies
| /deps | Scan project dependencies for CVEs, outdated packages, and license risks — health grade A–F, auto-fix, and CI config export |
| /security-audit | Full security audit of the codebase |
Reporting
| /report | Analyze all branch changes, generate Jira-ready HTML report with categorized changes and QA testing instructions. Optional upload to Jira. |
Universal
| /create | Context-aware feature creator — adapts role to project type, designs in Paper, generates HTML plan, implements, verifies with Playwright |
| /create-project | Full project creator from scratch — questions, Paper design, HTML plan, full agent team build, test, Docker, deliver |
| /bug | Context-aware bug fixer — analyzes screenshots, diagnoses root cause, fixes, verifies with Playwright |
| /verify | E2E Playwright verification with project profile, screenshots, self-contained HTML report with clickable lightbox |
| /changelog | Generate HTML changelog from /create and /bug reports |
Git Operations
| /git sync | Merge branch into current — pre-flight checks, AI conflict resolution with --fix-merge-errors, multi-project with --all |
| /git status | Quick branch overview: ahead/behind, uncommitted changes, stashes |
Repository Onboarding & Impact
| /repo-setup | Clone, analyze, install, build, test any repo. Org scan mode for GitHub orgs. --auto-setup, --search, --local-scan |
| /impact-scan | Cross-repo impact analysis — describe a change, scan all org repos to find exactly where it needs to be implemented. Per-repo file-level detail. |
Jira Integration
/jira Jira Ticket Orchestrator
A senior technical lead that takes a Jira ticket from assignment to resolution. It fetches the ticket, downloads and inspects attachments (including images), automatically detects and analyzes JAM recordings linked in the ticket via MCP, classifies the work, creates UI designs in Paper when visual changes are needed, coordinates implementation agents, runs a code review on the changes, captures verification screenshots with Playwright, generates an HTML report, uploads everything back to Jira, and optionally logs time.
Usage
/jira FO-2872
/jira sprint
/jira teams
Prerequisites
.env file (JIRA_BASE_URL, JIRA_EMAIL, JIRA_API_TOKEN)
Paper MCP (for UI tickets)
JAM MCP (for bug recording analysis)
Playwright (for verification screenshots)
Pipeline Phases (5 phases)
- Fetch & Analyze — Load credentials, fetch ticket via Jira REST API, download attachments, visually inspect images, detect and analyze JAM recordings via MCP (video analysis, console errors, network failures, user events), ask user for project paths (never assumes), present ticket summary, classify the work (Bug Fix / UI Change / Backend / Full-stack / Config), find relevant codebase files, get user approval on the approach.
- Visual Capture & Design (mandatory for any UI change) — Screenshot existing UI with Playwright, create before/after design mockups in Paper with artboards prefixed by the ticket key, user reviews and approves designs.
- Implementation — Decide single or parallel agents based on scope, launch Backend and/or Frontend developer agents with full ticket context and design references, capture Paper design screenshots, run a Code Analyst agent on the diff (fixes CRITICAL issues automatically), take Playwright verification screenshots of the running app.
- Report & Jira Update — Generate a comprehensive HTML report, present results to user, optionally post a comment to Jira, upload report and screenshots as attachments, transition ticket status, log time.
- Final Summary — Present a complete summary of changes, Jira updates, files modified, and report location.
Key Features
- Full Jira REST API integration (fetch, comment, attach, transition, worklog)
- Automatic attachment download and visual inspection of images
- JAM MCP integration — auto-detects jam.dev links in ticket descriptions/comments, fetches video analysis, console errors, failed network requests, and user interaction timelines
- Dynamic team fetching —
/jira teams lists all Scrum teams; /jira sprint fetches teams live and lets you pick
- Mandatory user path input — always asks for project paths, never assumes the current directory is the codebase
- Mandatory Paper design phase for any UI change, no matter how small
- Parallel frontend + backend implementation agents when appropriate
- Automatic code review of changes with critical-issue auto-fixing
- Playwright verification screenshots of the live running app
- HTML report generation with ticket details, changes, and screenshots
- User-controlled Jira updates (agent updates, manual, or skip)
- Time logging with smart estimates based on work complexity
Multi-Stack Support
The pipeline always asks the user for project paths — it never assumes or auto-detects which codebase a ticket belongs to. The current working directory (AIComp) is the orchestration project, not the ticket's codebase. After the user provides paths, the stack is detected from file indicators (package.json, *.csproj, pom.xml, go.mod, etc.):
Backend: D:\Kunder\247\Finago\control-backend-api
Frontend: D:\Kunder\247\Finago\control-frontend
Database: SQL Server
Agent prompts are tailored to the detected stack so agents write idiomatic code in the correct language and follow the correct conventions.
- Supported stacks: C#/.NET, Java/Spring, Python/Django/Flask/FastAPI, Go, Rust, C++, PHP/Laravel, Ruby/Rails, Dart/Flutter, Swift, React, Angular, Vue, Next.js, and more
- Falls back to
/project-index skill if auto-detection is unclear
Before/After Visual Comparison
- Playwright takes BEFORE screenshots of affected pages before any code changes are made
- Takes matching AFTER screenshots after implementation using the same routes/viewports
- Generates a side-by-side comparison HTML with red “Before” and green “After” labels
- The comparison HTML and all screenshots are uploaded to the Jira ticket as attachments
Sprint Batch Processing
/jira sprint
- Dynamically fetches all Scrum teams from Jira and presents them as selectable options
- Fetches all tickets in the active sprint for the selected team (assigned to you or unassigned)
- Presents a prioritized table with type, priority, status, and assignee
- User selects: All tickets, Specific tickets, Only mine, or Only unassigned
- Processes each ticket sequentially through the full 5-phase pipeline
- Between tickets: continue, skip next, or stop
- Sprint summary table at the end with tickets processed, changes made, time logged, and reports generated
Team Listing
/jira teams
- Fetches all distinct Scrum team values from Jira via JQL query
- Displays a numbered table of all available teams (currently 13 teams in the FO project)
- Teams include: Annual accounts, BANK, Busy, Control, Kjetil, No Team, PAPI, Payday, PublicAPI, Reports and navigation, Rocket, Spirit, Test Automation
JAM Recording Detection
When processing a ticket, the pipeline automatically scans the description and comments for jam.dev links. When found, it uses the JAM MCP tools in parallel:
mcp__Jam__getDetails — reporter, duration, browser, OS infomcp__Jam__analyzeVideo — AI-extracted user intents, steps, and visual changesmcp__Jam__getConsoleLogs — filtered for errorsmcp__Jam__getNetworkRequests — filtered for 4xx/5xx failuresmcp__Jam__getUserEvents — click targets, navigation events, keyboard input- Falls back to WebFetch if MCP tools are unavailable
/tempo Jira Time Tracking
A quick utility for logging and viewing time on Jira tickets without opening a browser. Supports both clock-time ranges (14:00–16:00) and duration shorthand (2h, 45m). Handles timezone offset detection automatically.
Usage
/tempo addTime FO-2872 14:00 16:00 "Implemented invoice reference fix"
/tempo addTime FO-2872 2h "Quick bug fix"
/tempo addTime FO-2872 45m "Standup and planning"
/tempo getTime FO-2872
Prerequisites
.env file (JIRA_BASE_URL, JIRA_EMAIL, JIRA_API_TOKEN)
Key Features
- Two actions:
addTime (log a worklog) and getTime (view all logged time)
- Accepts clock-time ranges (HH:MM–HH:MM) or duration shorthand (2h, 45m, 1h30m)
- Auto-detects timezone offset (Europe/Berlin, DST-aware)
- Formatted output table with date, day, start/end, duration, author, and description
- Displays totals, original estimate, and remaining estimate
/jam JAM Session Analyzer
Analyzes JAM (jam.dev) bug recordings to understand bugs, issues, and feature requests captured in video sessions. Connects to the JAM MCP server to fetch full recording data including AI video analysis, console logs, network requests, and user interaction timelines.
Usage
/jam https://jam.dev/c/4828d597-d49b-4fa8-99b8-f696321af056
/jam abc123
/jam FO-2847
Prerequisites
JAM MCP server
.env file (for Jira ticket lookup mode)
Input Modes
- Full JAM URL —
https://jam.dev/c/abc123 — analyzes the recording directly
- JAM ID —
abc123 — constructs the full URL and analyzes
- Jira ticket key —
FO-2847 — fetches the Jira ticket, scans description/comments for jam.dev links, then analyzes each one
Analysis Output
- Bug/Issue Summary — one-paragraph description of what was recorded
- Steps to Reproduce — extracted from video analysis and user events
- Expected vs Actual Behavior
- Error Details — console errors and failed network requests
- Environment — browser, OS, screen dimensions, page URL
- Affected Components — UI components and file paths if identifiable
- Suggested Fix — technical suggestion based on the analysis
Follow-up Actions
- Create Jira ticket — creates a new ticket with the analysis pre-filled
- Link to existing ticket — posts analysis as a Jira comment
- Fix it now — runs the full
/jira pipeline with the analysis as context
- Just the analysis — done, no further action
MCP Tools Used
mcp__Jam__getDetails — metadata, reporter, duration, browser/OS, system infomcp__Jam__analyzeVideo — AI-extracted user intents, key actions, visual changes, findingsmcp__Jam__getConsoleLogs — JavaScript errors, warnings, stack tracesmcp__Jam__getNetworkRequests — HTTP requests with status codes, headers, payloads, timingmcp__Jam__getUserEvents — clicks, keyboard input, navigation, scroll actionsmcp__Jam__getMetadata — custom metadata set via jam.metadata() SDKmcp__Jam__getScreenshots — visual screenshots from screenshot-type JAMs
Feature Development
/new-feature Feature Development Pipeline
A senior product manager and architect that guides a feature from idea to implementation. It plans the feature, captures the current app state, creates visual designs in Paper for user approval, launches parallel frontend and backend implementation agents, runs a code analysis pass, and produces a polished master HTML report.
Usage
/new-feature Add a user profile page with avatar upload and bio editing
Prerequisites
Paper MCP (for UI design)
Playwright (for screenshots)
Pipeline Phases (6 phases)
- Feature Planning — Analyze the codebase, draft a structured plan (scope, backend changes, API contract, UI changes, dependencies, risks), get user approval, save the plan.
- Visual Capture (for UI/Full-stack) — Check if the app is running, capture Playwright screenshots of relevant existing pages for the designer's reference.
- UI Design in Paper (for UI/Full-stack) — Launch a UI Designer agent that creates artboards in Paper matching the app's design language, documents component hierarchy, interaction flows, and CSS approach. User must review and approve before continuing.
- Parallel Implementation — Launch Frontend Developer and/or Backend Developer agents in parallel based on scope. Each follows the approved plan and API contract exactly.
- Code Change Analysis — Run a Code Analyst agent on the diff to catch security issues, logic errors, and quality problems. Fix critical issues automatically.
- Master Feature Report — A Documentation Lead agent compiles all reports into a single HTML report with dashboard, plan, design, implementation details, integration map, and testing checklist.
Key Features
- Structured feature planning with API contract specification
- Mandatory visual design review before any UI implementation
- Paper MCP integration for interactive design mockups (with text fallback)
- Parallel frontend + backend agents for full-stack features
- Automatic code analysis pass after implementation
- Professional HTML report with dashboard, code snippets, and testing checklist
- Optional handoff to
/full-pipeline for comprehensive testing
Multi-Stack Support
Step 1.0 now detects the project stack and asks for paths before anything else. Auto-detects from file indicators (package.json, *.csproj, pom.xml, go.mod, etc.), always asks user for project paths (supports multi-project setups), and builds a stack profile passed to all agents. Supported stacks: C#/.NET, Java/Spring, Python/Django/Flask/FastAPI, Go, Rust, C++, PHP/Laravel, Ruby/Rails, Dart/Flutter, Swift, React, Angular, Vue, Next.js, and more. Falls back to /project-index if auto-detection is unclear.
/code-analysis Code Change Analysis
A senior code reviewer that analyzes only the files changed during the current session (not the entire codebase). It reviews every changed line for security vulnerabilities, logic errors, code quality issues, and performance problems, then automatically fixes critical findings.
Usage
/code-analysis
/code-analysis FO-2872 invoice fix changes
Key Features
- Scoped to changed code only — uses
git diff and git ls-files --others
- Security checks: SQL injection, XSS, command injection, hardcoded secrets, path traversal, CORS
- Logic checks: off-by-one, null references, race conditions, incorrect conditionals
- Quality checks: unused imports, dead code, missing error handling, inconsistent naming
- Performance checks: N+1 queries, missing indexes, memory leaks, unnecessary re-renders
- CRITICAL issues are fixed automatically; WARNING issues fixed if straightforward
- Produces a structured report at
reports/code-analysis.md
Code Quality
/dev-team Full Development Team
Orchestrates a complete development team of five specialized agents in an iterative loop. Security Auditor and Code Quality Engineer scan in parallel, a Backend Developer fixes all findings, a Test Engineer writes and runs tests, then the auditors re-scan. This loop continues until a verification round produces zero new findings, then a master HTML report is generated.
Usage
/dev-team
Pipeline Workflow
- Round 1 — Parallel Scan: Security Auditor + Code Quality Engineer scan every file in parallel. Findings categorized as CRITICAL / WARNING / INFO.
- Fix: Backend Developer agent receives all findings and fixes every issue (CRITICAL first, then WARNING, then INFO).
- Test: Test Engineer writes tests for every fix plus edge cases, runs all tests, iterates until 100% pass.
- Verify: If test failures remain, the Backend Developer fixes them and tests re-run.
- Round 2..N — Regression Check: Auditors re-scan modified code. If new issues are found, the fix-test-verify cycle repeats. Loop continues until zero new findings.
- Master Report: Documentation Writer compiles all rounds into a professional HTML report with executive summary, per-round breakdown, before/after snippets, test coverage, and production-readiness assessment.
Key Features
- Five specialized agents: Security Auditor, Code Quality Engineer, Backend Developer, Test Engineer, Documentation Writer
- Iterative loop — never stops until zero findings in a verification round
- Parallel scanning for speed (Security + Quality run simultaneously)
- Comprehensive test coverage with security regression tests
- Professional master HTML report at
reports/master-report.html
/security-audit Security Auditor
A senior security auditor that performs a thorough OWASP Top 10 review of every file in the codebase. Checks for injection, broken authentication, sensitive data exposure, XSS, broken access control, security misconfiguration, and more.
Usage
/security-audit
Key Features
- OWASP Top 10 coverage: Injection (A03), Broken Auth (A07), Sensitive Data (A02), XSS (A03), Access Control (A01), Misconfig (A05)
- Additional checks: prototype pollution, ReDoS, path traversal, race conditions, insecure dependencies
- Structured output with severity, file path, line number, impact, and recommended fix
- Summary counts by severity level
- Report written to
reports/security-audit.md
/quality-audit Code Quality Engineer
A senior code quality engineer that scans every file for code smells, anti-patterns, performance issues, type safety bugs, error handling gaps, inconsistent API design, and maintainability concerns.
Usage
/quality-audit
Key Features
- Code smells: dead code, duplication, long functions, deep nesting, magic numbers, callback hell
- Type safety: loose equality, missing null checks, type coercion bugs, floating point issues
- Performance: N+1 queries, redundant computations, missing caching, memory leaks
- Error handling: missing try/catch, swallowed errors, unchecked array/object access
- API design: inconsistent response formats, missing status codes, no pagination
- Report written to
reports/quality-audit.md
/fix-all Backend Developer (Fixer)
A senior backend developer that reads all findings from the security and quality audit reports and fixes every issue, prioritized by severity: CRITICAL first (security vulnerabilities, data-loss bugs), then WARNING (correctness, quality), then INFO (improvements, best practices).
Usage
/fix-all
Prerequisites
Requires reports/security-audit.md and/or reports/quality-audit.md from prior audit runs.
Key Features
- Security fixes: parameterized queries, input sanitization, secrets to env vars, security headers
- Quality fixes: strict equality, dead code removal, null checks, proper error responses
- Minimal, focused changes — fixes the issue without refactoring surrounding code
- Preserves existing API contract (same endpoints, same request/response shapes)
- Summary report at
reports/fixes-applied.md
/test-all Test Engineer
A senior test engineer that ensures comprehensive test coverage for the entire codebase. Writes unit tests, security regression tests, integration tests, and edge-case tests, then runs them iteratively until all pass.
Usage
/test-all
Prerequisites
Requires reports/fixes-applied.md from a prior fix run.
Key Features
- Unit tests: every public method, edge cases (null, empty, negative, zero), boundary conditions
- Security tests: SQL injection payloads, XSS payloads, command injection, sensitive data leaks
- Integration tests: happy path, 404, 400, consistent response format for each endpoint
- Regression tests: every previously broken scenario, cross-impact verification
- Iterative — re-runs until all tests pass, distinguishes test bugs from code bugs
- Report at
reports/test-report.md
/master-report Master Report Generator
A documentation lead that compiles all individual agent reports (security audit, quality audit, fixes, tests) into a single, polished master HTML report with a dark theme, severity badges, collapsible sections, and print-friendly styling.
Usage
/master-report
Prerequisites
Requires reports from prior audit/fix/test runs in the reports/ directory.
Key Features
- Executive summary with dashboard (issue counts, tests, rounds, files modified)
- Security audit results with OWASP mapping and before/after code snippets
- Code quality results with improvement patterns
- Chronological fixes grouped by file with rationale
- Test results with pass/fail table and coverage analysis
- Professional dark-themed HTML at
reports/master-report.html
Docker & Deployment
/full-pipeline Full Pipeline Orchestrator
The ultimate delivery pipeline that coordinates the entire software delivery process: an iterative code quality loop (scan, fix, test, repeat), Playwright E2E browser testing, Docker build and deployment, live integration testing against the container, and a comprehensive master report.
Usage
/full-pipeline
Prerequisites
Docker
Playwright
Pipeline Phases (4 phases)
- Phase 1 — Code Quality Loop: Parallel security audit + quality scan, Backend Developer fixes all issues, Test Engineer writes and runs tests, regression check. Loop until zero new findings.
- Phase 2 — Playwright E2E Testing: Run the full Playwright suite against the web UI, fix any failures (app bugs or test bugs), check coverage gaps, write additional tests.
- Phase 3 — Docker Pipeline: Build image (validate size, security scan, non-root user), deploy with Docker Compose (health check, endpoint verification), run integration tests against the live container (auth, CRUD, orders, security, edge cases).
- Phase 4 — Master Report: Compile all reports into a single HTML report with executive summary, security findings, quality improvements, test results, Docker build/deploy info, integration test matrix, and recommendations.
Key Features
- Four-phase pipeline: quality loop, E2E testing, Docker, and reporting
- Iterative quality loop — never proceeds until zero findings
- Playwright E2E with coverage gap detection
- Docker image validation (size, security scan, non-root, health check)
- Live integration tests against deployed container
- Comprehensive master HTML report at
reports/master-report.html
- Teardown via
/docker-teardown
/docker-build Docker Build
A Docker build engineer that builds the Docker image, validates it (size, non-root user, health check, no secrets in layers), runs a security scan for CVEs, and checks optimization opportunities (multi-stage builds, layer ordering, slim base).
Usage
/docker-build
Prerequisites
Docker
Key Features
- Builds with
docker compose build and reports build time, image size, layer count
- Validates: image size (<200MB), non-root user, HEALTHCHECK, no secrets in layers
- Security scan via
docker scout cve if available
- Optimization checks: multi-stage build, layer ordering, production dependencies only
- Report at
reports/docker-build-report.md
/docker-deploy Docker Deploy
A deployment engineer that deploys the application using Docker Compose, waits for health checks, tests key endpoints, and collects comprehensive deployment information including container ID, IP, network, port mappings, resource usage, and logs.
Usage
/docker-deploy
Prerequisites
Docker
Key Features
- Pre-deploy cleanup of previous containers and port verification
- Deploys with
docker compose up -d and waits for health check
- Endpoint verification: health, auth login, protected routes, error handling
- Full access information table: URL, container name/ID, IP, network, ports, resource usage
- Container logs and health check history
- Report at
reports/docker-deploy-report.md
/docker-test Docker Integration Tests
A QA engineer that runs comprehensive integration tests against the live Docker deployment using curl. Covers smoke tests, authentication flows, CRUD operations, order lifecycle, security tests (XSS, SQL injection, auth bypass), edge cases, and container health verification.
Usage
/docker-test
Prerequisites
Docker (container running on port 3000)
Key Features
- Seven test categories: smoke, authentication, CRUD, order flow, security, edge cases, container health
- Security tests: XSS payloads, SQL injection, auth bypass, secret exposure
- Edge cases: empty bodies, wrong content types, very long strings, concurrent requests
- Container health monitoring during tests (restarts, memory, error logs)
- Detailed failure analysis with full curl commands and responses
- Report at
reports/docker-integration-test-report.md
/docker-teardown Docker Teardown
A cleanup engineer that captures the current Docker state, performs a graceful shutdown with docker compose down, verifies containers are removed and ports are released, and reports on remaining resources that could be cleaned up.
Usage
/docker-teardown
Prerequisites
Docker
Key Features
- Captures full state before teardown (containers, networks, images, volumes, resource usage)
- Graceful shutdown via
docker compose down
- Verifies containers stopped and port 3000 released
- Lists dangling images and unused volumes (does not auto-prune)
- Report at
reports/docker-teardown-report.md
Testing
/unit-test Unit Test Engineer
A senior unit test engineer that analyzes codebases, maps existing test coverage, identifies gaps, creates comprehensive unit tests, and runs them iteratively until they all pass. Supports any tech stack and resolves project names from prior work sessions.
Usage
/unit-test *
/unit-test * control-backend-api
/unit-test se/inbooks/backend/admin/auth/AdminAuth.java
/unit-test AdminAuth.java control-backend-api
/unit-test --fix-ignored
/unit-test --fix-ignored control-backend-api
Modes
- Full Scan (
/unit-test *) — Scans all existing unit tests, maps coverage, identifies every file missing tests, creates unit tests for all gaps, runs and fixes until green
- Full Scan at Path (
/unit-test * {path_or_name}) — Same as full scan but targets a specific project by path or name (e.g., control-backend-api)
- Single File (
/unit-test {file}) — Creates unit tests for a specific file or class, checks for existing tests first
- Single File at Path (
/unit-test {file} {path_or_name}) — Targets a specific file in a specific project
- Fix Ignored (
/unit-test --fix-ignored) — Finds all ignored/disabled/skipped tests (@Disabled, @Ignore, .skip, pytest.mark.skip, t.Skip, #[ignore]), presents them in a selectable list, then unignores and debugs each selected test until it passes. User can fix all, pick specific tests, or only fix tests with no reason given
Multi-Stack Support
- Java: JUnit 5 + Mockito, Maven (
mvn test) or Gradle (gradle test)
- C# / .NET: xUnit / NUnit / MSTest (
dotnet test)
- JavaScript / TypeScript: Jest / Vitest / Mocha (
npm test)
- Python: pytest / unittest (
pytest)
- Go: stdlib testing (
go test ./...)
- Rust: built-in test framework (
cargo test)
- PHP: PHPUnit — Ruby: RSpec / Minitest
Project Name Resolution
The command resolves project names from prior work. For example, typing control-backend-api is resolved to the full path based on known project directories. If the name can't be resolved, the user is asked for the full path.
Pipeline Phases (5 phases)
- Parse & Resolve — Parse arguments, resolve project name to path, detect tech stack, find test directory and conventions.
- Map Coverage (full scan) — Find all test files, document what each tests, find all source files, create a coverage map (Full / Partial / None), identify gaps sorted by priority.
- Create Tests — Launch specialized test agents for each file. Tests cover happy path, edge cases, error handling, return values, and side effects. Mocks external dependencies only.
- Run & Fix — Run new tests, analyze failures (compilation errors, mock issues, assertion failures, source bugs), fix and re-run up to 5 iterations. Then run full test suite to check for regressions.
- Report — Generate detailed HTML report with coverage map, tests created, fixes applied, source bugs found, test run results, and remaining gaps.
Key Features
- Comprehensive coverage mapping — documents every existing test and identifies every gap
- Matches project's existing test patterns, naming conventions, and utilities
- Smart failure analysis — distinguishes test bugs from source bugs
- Iterative fix loop — tests are run and fixed until green (up to 5 iterations)
- Full suite regression check after new tests pass individually
- Source bugs documented but never modified — only test files are created/changed
- Professional HTML report at
reports/unit-test-report.html
- User controls scope: all gaps, top priority only, specific files, or just the coverage map
--fix-ignored mode — finds all @Disabled/@Ignore/skip tests, presents selectable list, unignores and fixes them individually- Intelligent triage — distinguishes tests that need test fixes vs source fixes vs deletion (obsolete features)
/deps Dependency Health Auditor
A senior security & dependency engineer that scans all project dependencies for known vulnerabilities (CVEs), outdated packages, and license compatibility risks. Produces a risk-scored health grade and can auto-apply safe updates or generate CI automation configs.
Usage
/deps
/deps control-backend-api
/deps --vuln-only
/deps --outdated gateway-backend
/deps --license
Modes
- Full Audit (
/deps) — Runs all three checks: vulnerabilities, outdated packages, and license audit
- Vulnerabilities Only (
/deps --vuln-only) — Focus on CVEs and exploitability assessment only
- Outdated Only (
/deps --outdated) — Check for newer versions available, categorized as patch/minor/major
- License Only (
/deps --license) — Check license compatibility (permissive, weak/strong copyleft, unknown)
Multi-Stack Support
- JavaScript / TypeScript: npm audit, yarn audit, license-checker
- Java (Maven): OWASP dependency-check, versions:display-dependency-updates
- Java (Gradle): dependencyCheckAnalyze, dependencyUpdates
- C# / .NET: dotnet list package --vulnerable / --outdated
- Python: pip-audit, safety, pip-licenses
- Go: govulncheck, go list -m -u all
- Rust: cargo audit, cargo outdated, cargo license
- PHP: composer audit / outdated — Ruby: bundle audit / outdated
Project Name Resolution
Resolves project names from prior work. For example, control-backend-api resolves to the full path. If unresolvable, the user is asked for the full path.
Pipeline Phases (4 phases)
- Parse & Resolve — Parse arguments, resolve project path, detect stack and package manager, identify lock files and native audit commands.
- Vulnerability Scan — Run native audit tools, parse CVEs with severity/CVSS scores, assess exploitability in the project context (exploitable / potentially exploitable / not exploitable).
- Outdated & License — Check all dependencies for newer versions (patch/minor/major), compute staleness score. Audit licenses for copyleft/unknown/no-license risks.
- Report & Action — Generate health score (0–100, grade A–F), produce detailed HTML report, offer to auto-fix safe updates or export Dependabot/Renovate configs.
Key Features
- Health score 0–100 with letter grade (A–F) — quick project health snapshot
- Exploitability assessment — checks if CVEs are actually reachable in your code, not just theoretical
- Staleness score — quantifies how far behind dependencies are, weighted by severity
- License risk categorization — permissive, weak copyleft, strong copyleft, unknown, no license
- Safe auto-fix — applies patch updates automatically, asks before major bumps
- CI export — generates Dependabot or Renovate config for ongoing automation
- Distinguishes direct vs transitive dependencies for update prioritization
- Professional HTML report at
reports/deps-audit-report.html
/playwright-test Playwright E2E Tests
A senior E2E test engineer that runs the full Playwright browser test suite against the web application. It verifies Playwright installation, runs all tests, analyzes failures (distinguishing app bugs from test bugs), identifies coverage gaps, writes new tests for untested flows, and generates both a Playwright HTML report and a markdown summary.
Usage
/playwright-test
Prerequisites
Playwright
App running on port 3000 (or Docker container)
Key Features
- Pre-flight check: verifies Playwright is installed, installs Chromium if needed
- Runs full suite:
cd demo-api && npx playwright test
- Smart failure analysis: determines if each failure is an app bug or a test bug, fixes accordingly
- Coverage gap detection: checks for untested pages, interactions, error states, edge cases, accessibility
- Writes new tests following existing patterns (
data-testid selectors, test.describe blocks)
- Iterative — re-runs until all tests pass
- Interactive HTML report at
reports/playwright-report/index.html
- Summary at
reports/playwright-test-report.md
Reporting
/report Change Report Generator
Analyzes ALL code changes on the current branch (vs main/develop), categorizes them, and generates a comprehensive HTML report with detailed QA testing instructions. Works for both AI-assisted and manual changes. Can upload directly to Jira.
Usage
/report
/report FO-2847
/report --compare develop
/report --since abc1234
Report Contents
- Executive summary with risk assessment
- Changes categorized: new feature, bug fix, refactoring, config, database, styling, tests
- Screenshots of affected pages (if app running + Playwright)
- Step-by-step QA test cases with preconditions, exact steps, expected results, priority
- Checkboxes for testers to mark off completed tests
- Commit history and technical details
- Auto-detects Jira ticket from branch name (e.g., feature/FO-2847)
Jira Upload
- Uploads HTML report as attachment
- Uploads screenshots as attachments
- Posts summary comment on ticket
Universal Commands
/create Feature Creator
Context-aware feature creator that adapts to any project type. Reads ProjectType from .claude/.env, assumes the matching senior role, designs in Paper, generates an HTML plan with embedded mockup screenshots, auto-opens in browser for user approval, implements, and verifies with Playwright.
Usage
/create "Add dark mode toggle to settings"
/create "REST endpoint for bulk invoice export"
/create "Monsters that hunt the player using pathfinding"
Key Features
- Adapts role: GAME (Unity/Unreal/Godot Dev), APPLICATION (React/.NET/Java), SAAS, API, MOBILE
- Designs UI in Paper via MCP, embeds screenshots as base64 in HTML plan
- Auto-opens plan in browser before asking user to approve
- Reads existing code patterns before writing (mandatory codebase understanding)
- Auto-offers Playwright E2E verification after implementation
- Saves timestamped report to .claude/unprocessed_reports/ for /changelog
/create-project Project Creator
Creates a complete project from scratch. Asks clarifying questions, designs architecture and UI in Paper, generates HTML plan, then orchestrates the full agent team: Backend Dev, Frontend Dev, Security Auditor, Quality Engineer, Test Engineer, Code Analyst, and Documentation Lead.
Usage
/create-project "Task management app with Kanban boards"
/create-project "SaaS dashboard for IoT monitoring"
/create-project "2D platformer with procedural levels"
Pipeline (10 steps)
- Ask questions → Design architecture → Paper UI mockups (3-5+ screens)
- Generate HTML plan with screenshots → Auto-open in browser → User approval
- Scaffold project → Backend + Frontend agents (parallel) → Code review
- Quality loop (scan, fix, test, re-scan) → Playwright verification → Docker (optional)
- Delivery report with all screenshots
/bug Bug Fixer
Context-aware bug fixer. Same role adaptation as /create. Analyzes pasted screenshots, diagnoses root cause, applies minimum fix, verifies with Playwright.
Usage
/bug "Player falls through floor when jumping near walls"
/bug "Login shows 500 error after session timeout"
/verify E2E Verification
Playwright-based verification that features work and bugs are fixed. Uses a project profile (.claude/project-profile.json) for login and navigation. Takes before/after screenshots. Generates self-contained HTML report with clickable lightbox.
Usage
/verify # Auto-verify latest report
/verify reports/jira-FO-2847-report.html # Verify specific report
/verify setup # Create/update project profile
/verify "Check login redirects properly" # Manual verification
Key Features
- Project profile: login URL, form selectors, test credentials (built interactively on first run)
- Auth types: form login, OAuth/SSO (saved sessions), API keys, basic auth, no auth
- Profile completeness check: asks for missing fields before running
- All screenshots embedded as base64 in HTML report (self-contained)
- Auto-called by /create and /bug after implementation
/changelog Changelog Generator
Reads reports from .claude/unprocessed_reports/ and generates a project-themed HTML changelog. Design automatically matches the project type: dark neon patch notes for games, clean corporate for apps, terminal-style for APIs. Saves design to project profile for consistency across all reports.
Usage
/changelog
Project-Aware Design
- GAME: Dark bg, neon accents, "Patch Notes" style, ADDED/FIXED labels, genre-adaptive (pixel, sci-fi, fantasy)
- APPLICATION: Clean white, blue accent, corporate timeline
- SAAS: Minimal indigo, product update feel
- API: Dark terminal, green/cyan, technical changelog
- MOBILE: App-like, rounded, "What's New" style
- Design detected from: project profile → project CSS → auto-generated from ProjectType
Git & Repository Onboarding
/git Git Operations
Branch syncing with AI-powered conflict resolution and multi-project support.
Usage
/git sync develop
/git sync develop --fix-merge-errors
/git sync develop --all
/git status
Key Features
- Pre-flight checks: uncommitted changes, stash option, branch existence
- AI conflict resolution: per-file analysis (both-needed, incoming, current, needs-human-review)
- Lock file regeneration: npm, yarn, poetry, go, dotnet
- Multi-project sync across frontend + backend
/repo-setup Repository Onboarding
Analyzes and sets up any repository or entire GitHub organization for local development.
Usage
/repo-setup https://github.com/org/project.git
/repo-setup https://github.com/nexum-fo
/repo-setup https://github.com/nexum-fo --auto-setup --search "API"
/repo-setup --local-scan D:\Projects
Key Features
- Single repo: clone, analyze, install, build, test, start
- Org scan: fetch all repos, map relationships, architecture diagram, startup order
- GitHub account switching: lists all gh accounts, user picks
- --auto-setup: skip prompts, process everything in dependency order
- --search: filter repos by name, description, topics, README content
- 12-section HTML setup guide with prerequisites, architecture, testing
/impact-scan Cross-Repository Impact Scanner
Describe a change you want to make, and this command scans all repositories in an organization to find exactly where it needs to be implemented. Produces a detailed HTML report with per-repo file-level change descriptions, dependency chain, implementation order, and risk assessment.
Usage
/impact-scan "Add product price to payload response for REST public api"
/impact-scan "Add price field" --org https://github.com/nexum-fo
/impact-scan "Add price field" --local-scan D:\Projects
/impact-scan "Add price" --repos backend-api,frontend,shared-types
Key Features
- Extracts entities, actions, layers from the description automatically
- Deep search: models, DTOs, controllers, endpoints, serializers, tests
- Reads matching files to understand what they do (not just keyword grep)
- Per-file impact classification: change type, priority, complexity
- Cross-repo dependency mapping and correct implementation order
- HTML report with impact diagram, code snippets, risk assessment
- After analysis: can start implementing or create Jira tickets per repo