Skip to content

Subagents

Specialist subagents you invoke for scoped work through the Agent tool. Each carries a slice of the factory’s conventions — ask for one by role and Claude routes to it.

  • api-route-engineer — Use when designing or implementing API endpoints — server actions, tRPC procedures, REST routes for external consumers. Carries the factory’s API conventions — the server actions vs tRPC decision, procedure tier stacking, per-mutation Zod schemas, central router composition with manual registration, pagination (limit/offset/orderBy default; cursor only when needed), multi-field search via ilike + or(), aggregated stats in list queries, mutation lifecycle hooks, stale-time defaults, custom error class taxonomy, fetch adapter for tRPC in App Router. Outputs endpoints that fit the house style — not bespoke per-route handlers.
  • auth-wiring-specialist — Use when wiring auth into a new project, switching auth providers, or adding role/org features. Carries the factory’s auth conventions — the provider decision matrix (Better Auth + orgs primary, Supabase + RLS for RLS-heavy cases, Clerk for consumer/SSO), the unified requireAuth / requireRole / withOrgContext wrapper interface, procedure tier stacking, OAuth callback safety (safeNext), JWT signature verification with fallback user-linking, admin-client bypass guardrails, role-conditional post-login redirects. Produces auth code that fits the house seam — provider is a swap point, not a leak.
  • code-reviewer — Use to review a PR, diff, or recently-written code against the factory’s conventions. Read-only — outputs structured review, not diffs. Carries the full factory-pitfalls digest as a PR checklist plus the conventions from every other factory-*.md skill. Flags anti-patterns, missing conventions, security risks, and inconsistencies with prior builds. Invoke after writing nontrivial code, before merge, or when on-boarding a contractor.
  • data-pipeline-engineer — Use when designing or implementing data ingestion, CSV imports, time-series storage, Python services that sit alongside Next.js, simulation pipelines, or external-API integration with submit/poll/fetch shapes. Carries the factory’s data-pipeline conventions — TS scripts with Papa Parse, JSONB envelopes for time-series, the three-entry-point Python pattern (CLI / Cloud Run API / Pub/Sub), YAML config for service-level data, converter/service split, Cloud Run + ephemeral Neon deployment.
  • db-schema-architect — Use when designing or modifying database schemas, migrations, multi-tenant data models, or polymorphic table structures. Carries the factory’s data-layer conventions — Drizzle with domain-partitioned schema modules, _shared.ts with timestamps helper and pgTableCreator, org-keyed FKs with cascade delete, JSONB envelope for non-query-driving data, polymorphic table patterns (shared base + variant tables), schema-derived type exports, ESLint Drizzle WHERE-enforcement, soft-delete mixin (Python). Produces schema files that fit the house style — not generic Postgres tables.
  • feature-architect — Use to turn a vague client ask into a buildable feature spec — scoping, decisions-needed identification, skill routing, risk surfacing. Carries the factory’s decision-criteria stack (Mantine vs shadcn, server actions vs tRPC, auth provider, etc.) and routes to the right specialist skills. Outputs a structured spec — not code. The first agent to invoke when a client request lands; outputs become the input to other specialist subagents.
  • forms-builder — Use when building multi-step forms, complex intake flows, drawer-CRUD forms, or anything beyond a one-shot Mantine form. Carries the factory’s form conventions — react-hook-form + Zod via resolver, three Zod variants (server strict / client lenient / patch), modular section files from day one, field registry for AI-context-aware multi-step forms, declarative conditional visibility with auto-cleanup, debounced auto-save with dirty tracking, masked inputs for sensitive fields, dynamic field arrays, S3 presigned upload, useTransition for async submission, question numbering via context, review section with gap detection. Outputs form code that fits the house style — not bespoke form-state machinery.
  • frontend-engineer — Use when scaffolding any frontend surface that touches lists, forms, drawers, tables, or entity editing. Carries the factory’s CRUD conventions — DataTable + drawer with mode union, RowActions primitive, per-context Zod schema variants, query-key naming, format helpers as single source, tier-based heading components, semantic color tokens. Picks Mantine vs shadcn per project criteria. Returns code that fits the house style — not a generic React component.
  • llm-workflow-engineer — Use when building LangGraph workflows, agents, RAG systems, structured-output nodes, streaming chat surfaces, or anything LLM-driven with state. Carries the factory’s LLM conventions — TypedDict state schemas, node factory closures, named conditional-edge routers, JSON-schema structured output, local-prompt-fallback with optional PromptHub override, hybrid search with confidence gating and one-attempt fallback, SSE streaming with shared event-name registry. Cothon is the reference repo.
  • security-engineer — Use to threat-model a feature, audit AI-generated code, design sensitive-data handling, or review auth/authz boundaries. Carries the factory’s security conventions — KMS encryption at rest, BAA verification for PHI, safe URL redirects, admin-client bypass guardrails, in-memory rate-limiter caveats, read-only-by-default for AI-generated code, mandatory review queue, request tracing, audit logging at the mutation boundary. Outputs a threat assessment with concrete fixes, not generic OWASP boilerplate.