Use when threat modeling a system or feature, reviewing code or a design for security flaws, hardening auth / authorization / sessions / secrets, responding to a suspected vulnerability or incident, evaluating dependencies for CVEs, classifying data sensitivity, or designing security controls (CSP, CORS, rate limiting, WAF rules, audit logging, encryption-at-rest, encryption-in-transit). Triggers: security, threat model, STRIDE, OWASP, CVE, vulnerability, secret, leak, IDOR, SSRF, XSS, CSRF, SQLi, prompt injection, supply chain, auth, authz, RBAC, encryption, KMS, secrets, compliance, SOC2, GDPR, HIPAA, PCI. Produces threat models, secure-review findings, hardening plans, incident triage notes. Authorized contexts only: defensive security, pentest engagements with scope, CTF, security research.
Use when designing a system, choosing a database / framework / cloud / message bus, writing an ADR or RFC, deciding build vs buy, planning capacity or scaling, reviewing an architecture diagram or proposal, sequencing a migration, or weighing technical tradeoffs at the CTO level. Triggers: architect, system design, HLD, high level design, ADR, RFC, topology, capacity, scaling, build vs buy, migration plan, tech selection, tradeoff. Produces ADRs, RFCs, system diagrams, capacity plans, migration sequences. Not for implementation or code review, hand off to senior-backend-engineer / senior-frontend-engineer.
Use when {trigger verbs}, {artifact nouns}, or {situations}. Produces {outputs}. {Antitrigger if needed, name the better fit skill}.
Use when designing, implementing, or reviewing automotive software for ECUs, infotainment, telematics, ADAS adjacencies, EV battery management, or V2X; when classifying hazards and assigning ASIL ratings under ISO 26262; when running a cybersecurity threat analysis under ISO 21434; when planning OTA campaigns under UN R156 or type approval under UN R155; when choosing between Classic AUTOSAR and Adaptive AUTOSAR; when designing CAN, CAN-FD, LIN, FlexRay, or Automotive Ethernet topologies with SOME/IP; when locking down UDS and DoIP diagnostics; when planning HIL, vehicle in the loop, and fleet validation for a multi year program. Triggers: automotive, vehicle, car, ECU, AUTOSAR, Classic AUTOSAR, Adaptive AUTOSAR, ISO 26262, ASIL, ASIL-A, ASIL-B, ASIL-C, ASIL-D, HARA, ISO 21434, TARA, UN R155, UN R156, CAN, CAN-FD, LIN, FlexRay, Automotive Ethernet, SOME/IP, SecOC, UDS, DoIP, OBD-II, V2X, V2V, V2I, ADAS, infotainment, IVI, Android Automotive, QNX, MISRA C, MISRA C++, telematics, OTA for vehicles, recall.
Use when building, reviewing, or operating online stores, storefronts, catalogs, carts, checkouts, inventory, order management, fulfillment, returns, and promotions. Covers product / variant / SKU modeling, PIM, external identifiers (GTIN, EAN, MPN), cart and checkout flows, pricing and promotion rule engines, tax (Avalara, TaxJar, Stripe Tax), shipping rates, OMS, ATP and reservations, RMA, fraud and chargeback workflows, peak readiness (Black Friday, drops, flash sales), and platform choice (Shopify, BigCommerce, commercetools, Magento, Adobe Commerce, headless on Next.js). Triggers: ecommerce, e commerce, store, storefront, catalog, PIM, SKU, GTIN, EAN, MPN, cart, checkout, conversion, abandoned cart, shipping, fulfillment, OMS, inventory, ATP, ATS, returns, RMA, refund, promotion, discount, coupon, loyalty, gift card, BNPL, Black Friday, flash sale, fraud, chargeback, Shopify, BigCommerce, commercetools, Magento, headless commerce. Produces catalog schemas, checkout sequences, order state machines.
Use when designing, implementing, or reviewing education technology: learning management systems (LMS), MOOCs, K-12 classroom tools, higher ed admin, assessment and proctoring, tutoring, gradebooks, parent portals, and student information system (SIS) integrations. Covers interoperability (LTI 1.3, OneRoster, xAPI, SCORM, QTI), student data privacy (FERPA, COPPA, CIPA, GDPR-K), age gating and parental consent, accessibility for educational content (WCAG 2.1 AA, captions, MathML, IEP accommodations), and classroom workflow for teachers and students on Chromebooks, school iPads, and locked down browsers. Triggers: edtech, education technology, LMS, Canvas, Moodle, Blackboard, Schoology, Google Classroom, K-12, higher ed, MOOC, tutoring, assessment, proctoring, quiz, grade, gradebook, SIS, LTI 1.3, OneRoster, xAPI, SCORM, QTI, FERPA, COPPA, CIPA, GDPR-K, age gate, student data privacy, classroom, teacher, student, parent portal, IEP, accommodation. Produces data classification tables.
Use when planning a sprint or week, breaking an epic into tickets, sizing / estimating work, sequencing tasks across people, unblocking a stuck engineer, running a standup or retro, preparing a 1:1, writing a project update, or re-prioritizing in response to a fire. Triggers: sprint, planning, tickets, breakdown, estimate, story points, standup, retro, 1:1, status update, unblock, delegate, capacity, WIP. Produces ticket breakdowns, sprint plans, status updates, retro outcomes, 1:1 agendas, project trackers. Not for technical design (use staff-software-architect) or hands on implementation (use senior-backend-engineer / senior-frontend-engineer).
Use when designing, implementing, or reviewing payments, money movement, accounts, balances, ledgers, settlement, reconciliation, KYC, AML, sanctions screening, disputes, chargebacks, FX, or regulated financial product surfaces. Covers authorization vs capture, refunds, partial refunds, refunds across days, idempotency on money endpoints, double entry posting, bank file ingestion, processor integrations, PCI DSS scope reduction, and tokenization. Triggers: fintech, payments, payment processing, card processing, ACH, wire, SEPA, Faster Payments, PayPal, Stripe, Adyen, ledger, double entry, journal, account, balance, settlement, clearing, authorization, capture, refund, chargeback, dispute, KYC, AML, PCI DSS, PCI scope, SCA, 3DS, FX, currency, reconciliation, bank file, ISO 20022, NACHA, OFAC, sanctions, BSA, transaction monitoring. Produces money flow diagrams, ledger schemas, idempotency designs, reconciliation jobs, PCI scope diagrams, KYC decision logs, dispute case shapes.