The contract every new or modified API endpoint must follow so it is correct for the public OpenAPI spec, the MCP server (npm @trycompai/mcp-server), the ValidationPipe, and the docs. Triggers on "new endpoint", "add API", "new DTO", "@Body", "@RequirePermission", "MCP tool", "edit controller in apps/api", "OpenAPI", or whenever editing controllers under apps/api/src/.
MUST run after writing or modifying code — reviews changed files for verbose patterns, inconsistencies, and readability issues before considering work done
Use when changing Comp AI billing, Stripe products/prices, subscription checkout, org payment methods, entitlements, usage ledgers, invoices, or billing webhooks.
Audit & fix design system usage — migrate @trycompai/ui and lucide-react to @trycompai/design-system
Audit & fix hooks and API usage patterns — eliminate server actions, raw fetch, and stale patterns
Audit & fix RBAC and audit log compliance in API endpoints and frontend components
Audit & fix unit tests for permission-gated components
Configure Better Auth server and client, set up database adapters, manage sessions, add plugins, and handle environment variables. Use when users mention Better Auth, betterauth, auth.ts, or need to set up TypeScript authentication with email/password, OAuth, or plugin configuration.