kensaurus

Adversarial red-team of a running web, React Native, or Capacitor hybrid app. Drives Playwright browser MCP (web/PWA), Playwright Android WebView attach (Capacitor), or adb tap-walk (native chrome) against a feature-first coverage matrix: each feature decomposed to surfaces, sub-pages, components, and states, attacked across 4 dimensions — UI/UX, data pipeline, security (OWASP-mapped), and performance. Cross-references Sentry for production telemetry, Supabase for DB-layer mutation truth and RLS verification, and Firecrawl for current OWASP/MASVS guidance. Produces a severity-ranked defect list with repro steps and evidence. Generic across any repo and stack. Use when asked to "red team this app", "attack my app", "break it", "find all the defects", "adversarial test", "pre-launch hardening", "pentest the app", or "full app QA". Distinct from test-playwright (session PDCA), test-qa (happy-path crawl), and audit-security (static code review).

End-to-end feature build workflow: spec → TDD → implement → smoke test → PR. Sequences workflow-spec-tdd, test-unit, test-playwright, and workflow-pr into a single tracked loop. The single entry point for "build a feature", "implement this", "add X", "ship a new capability", or any non-trivial feature request. Asks for scope clarification before starting if the request is ambiguous. Generic across web, mobile, and full-stack repos.

Complete bug-fix lifecycle in one sweep: triage production signals (Sentry / logs) → reproduce → fix (debug-error) → verify full-stack (test-playwright) → PR (workflow-pr) → post-deploy smoke (deploy-verify). Use when "fix this bug and close the ticket", "patch this and ship", "fix this Sentry issue", "bug report from user", or when a production error needs to go from alert to resolved in a single session.

Full launch preparation sweep for a new app or major release. One entry point that sequences enhance-web-seo, enhance-pwa, audit-bundle-size, audit-i18n, workflow-quality-gate, deploy-verify, and iterate-post-launch. Produces a launch checklist with all open items and a launch-readiness verdict. Use when "prepare for launch", "launch week", "everything before going live", "is the app launch-ready?", "pre-launch sweep", or "ship it to the world".

First-contact orientation for an unfamiliar codebase. Reads package manifests, entry points, routing, data layer, auth, environment variables, and recent git history. Produces a concise briefing: what the app does, how it's structured, how to run it locally, and the top areas to understand first. Generic across web, mobile, and full-stack repos. Use when "I'm new to this repo", "orient me", "explain this codebase", "what does this do?", "onboard me", "first day on this project", or "catch me up on the codebase".

Pre-release quality gate that sequences test-red-team, audit-security, audit-bundle-size, audit-performance, and test-unit into a single sweep. Produces a go/no-go verdict with a ranked defect list. Use when "is this ready to ship?", "quality gate", "pre-release checklist", "what do I need to fix before launch?", "ship-readiness check", or before any production release.

Analyse and shrink JavaScript bundle size for any web app. Auto-detects bundler (Vite, Webpack, Rollup, esbuild, Next.js, Turbopack). Runs a production build with bundle analysis, identifies the largest chunks, duplicate dependencies, non-tree-shakeable imports, and missing code-splitting or lazy-load boundaries. Researches current best practices via Firecrawl and Context7. Maps every finding to a specific file and import with before/after size estimates. Generic across any framework. Use when asked to "reduce bundle size", "analyse bundle", "tree shaking", "lazy loading", "code splitting", "slow initial load", "large JS", "chunk size", "build performance", "LCP caused by JS", "why is the bundle so big", or "first load JS too large".

Audit and fix internationalisation for any web or mobile app. Finds hardcoded user-facing strings, checks they are extracted to i18n keys, and reviews translation quality: natural tone that sounds like a real person wrote it, locale-appropriate phrasing (not literal translation), consistent voice, helpful error messages that guide rather than blame, and action labels that say what actually happens. Walks the live app in each locale via Playwright. Uses Firecrawl for i18n best practices, Context7 for library docs. Works with react-i18next, i18next, next-intl, vue-i18n, and any other library. Use when asked to "audit i18n", "fix translations", "add locale", "natural language", "translation quality", "hardcoded strings", "localisation", or "the Japanese feels like Google Translate".

Debug Mushi Mushi issues — SDK not reporting, API errors, LLM key exhaustion, story mapping failures, QA test failures, PDCA loop not running, edge function errors. Use when "mushi is not working", "sdk not pinging", "story map failed", "tdd test not running", "api key exhausted", "fix-worker failed", "pdca not improving", or any mushi error/failure.

Set up Mushi Mushi in a new project — install SDK, configure API keys, connect to the admin console, map user stories from a live app, and generate TDD tests. Use when the user asks to "set up mushi", "add mushi to my project", "connect mushi", "configure mushi", "install mushi sdk", "map my user stories", or "start using mushi tdd".

Run, review, and improve Mushi Mushi TDD tests — story mapping, Playwright test generation, QA coverage, PDCA improvement loop, test approval workflow. Use when "run tdd tests", "generate tests for my stories", "check qa coverage", "improve failing tests", "test my app with mushi", "review generated tests", or any TDD/QA workflow in mushi.

Debug Mushi Mushi issues — edge function errors, SDK not reporting, API key problems, failed story mapping, failing QA stories, missing inventory, and PDCA loop issues. Use when something isn't working in Mushi.

Set up, configure, and use Mushi Mushi — the AI-powered QA platform for automatic bug detection, user story mapping, TDD scenario generation, and PDCA auto-improvement. Use when setting up Mushi, configuring SDK/CLI/MCP, managing API keys, or asking how any Mushi feature works.