latuconsinafr

Use when you want to audit project dependencies — scans all lockfiles for CVEs, outdated major versions, and license violations. Run before releases or periodically as a health check.

Use when you are about to create a git commit — generates a conventional commit message with type(scope): TICKET description format. Auto-detects ticket from branch name or arguments. Always use this instead of running git commit directly.

Use when you encounter a bug, error, or unexpected behavior during a task — follows a reproduce → isolate → fix → verify cycle. Invoke this instead of guessing at a fix.

Use when you want to audit environment variable usage — scans the entire codebase for all env var references across all sources (code, Docker, CI, config files) and flags anything undocumented or inconsistent. Works for any stack and any env var pattern.

Use when starting work on a GitHub or Jira issue — reads the issue, explores affected code, and produces a ready-to-execute implementation plan. Invoke this at the start of any ticket-driven task instead of jumping straight to /plan.

Use at the start of a session on an unfamiliar or returning project — reads architecture docs, recent activity, open work, and coding conventions to prime context before starting any task. Invoke this before /plan or /issue when you haven't worked on the project recently.

Use when a file or module has grown too complex — removes unnecessary abstractions, dead code, and over-engineering without changing behavior. Invoke after implementing a feature when the code feels over-engineered.

Use before writing any code for a new feature, task, or significant change — produces a structured implementation plan with affected files, ordered steps, risks, and open questions. Always invoke this at the start of any non-trivial implementation task and wait for explicit approval before writing code.

Use when you are about to open a GitHub pull request — generates a semver-prefixed title ([PATCH/MINOR/MAJOR] TICKET: description) and structured body from commits. Always invoke this instead of running gh pr create directly.

Use when you need to investigate an unfamiliar library, framework, architectural question, or technical decision — spawns the researcher agent which explores the codebase and searches external sources in parallel. Invoke before making technology choices or when the right approach is unclear.

Use before committing or opening a pull request — reviews staged changes as a principal engineer for correctness, edge cases, and logic flaws. Always invoke this before creating a PR.

Use when you want a dedicated security review of staged or recently changed files — deeper than the security section in /review. Covers OWASP Top 10, secrets exposure, dependency vulnerabilities, and auth gaps. Run before opening a PR on security-sensitive changes.

Use before implementing a complex, high-stakes, or cross-cutting feature — produces a full technical specification including data model, API contract, edge cases, and open questions. The planning layer above /plan. Invoke this when /plan alone isn't detailed enough.

Use when you want to surface accumulated technical debt — scans for TODOs, deprecated APIs, dead code, and code quality issues. Produces a prioritized list with age and estimated effort. Run periodically or before planning a refactor sprint.

Use when you need to document E2E test cases for a feature or bug fix that can't be covered by unit or integration tests alone. Auto-detects ticket from branch name. Reuses codebase context from /plan if already run; falls back to git diff + explorer when invoked standalone. Outputs to a markdown file by default.