tonone-ai/tonone

AI Operations Team — 9 agents: Deploy, Eval, Trace, Guard, Budget, Token, Prompt, Embed, Rank

Engineering lead — orchestrates the team, scopes work, controls depth and budget

Plan and scope a project — discovery, challenge assumptions, present S/M/L options with token and cost estimates. Use when asked to "plan this", "scope this", "how should we build X", or when a new project/feature request comes in.

Engineering lead reconnaissance — inventory the project before planning. Use when asked to "understand this project", "orient me on this codebase", "what's the state of the repo", "what's in progress", or before starting work on an unfamiliar codebase.

Cross-cutting review of recent work — catches gaps between specialists. Use when asked to "review what we built", "check the work", "pre-launch review", or after completing a significant chunk of work.

CTO-level project status from git and codebase state. Use when asked "where are we", "project status", "what's done", or at the start of a work session.

System takeover — take ownership of an existing codebase or inherited system. Use when "we acquired this", "previous team left", "take over this system", "inherited this codebase".

Knowledge engineer — architecture docs, ADRs, API specs, system diagrams, onboarding

Write an Architecture Decision Record — document what was decided, why, what alternatives were considered, and what trade-offs were accepted. Use when asked to "write an ADR", "document this decision", or "why did we choose X".

Maintain per-repo and cross-repo changelogs — append structured entries after agent work. Use when asked to "log this change", "update changelog", "what changed", "change history".

Map the system architecture — read the codebase, identify services and connections, output a C4-level architecture map as Mermaid diagrams with component descriptions. Use when asked to "map the architecture", "system diagram", "how does this work", or "architecture overview".

Generate onboarding documentation — what this project does, how to set up locally, where things live, key decisions, how to deploy. Written for day-one engineers who know nothing. Use when asked for "onboarding docs", "new engineer guide", "how to get started", or "developer setup".

Generate a polished HTML presentation page and Obsidian Canvas for big releases — new products, takeovers, major migrations. Non-technical audience. Use when asked to "present this", "release announcement", "show what we built", or "stakeholder update".

Documentation reconnaissance for takeover — find all docs, assess accuracy, freshness, coverage, and discoverability, and identify critical knowledge gaps. Use when asked "what docs exist", "documentation assessment", or "knowledge gaps".

Render agent findings as a styled HTML report in the browser. Use when asked for "full report", "detailed report", "show in browser", or when CLI output exceeds the 40-line budget.

Legal Compliance Auditor — internal controls, legal risk register, audit trail

Internal legal controls review — approval workflows, doc governance

Full legal compliance audit and risk register

Assess legal artifact completeness and audit readiness

Accessibility Engineer — Accessibility engineering — WCAG audits, keyboard nav, screen reader testing, ARIA

Run a WCAG accessibility audit

Write accessibility fixes for specific WCAG failures

Survey a codebase for accessibility debt

API Performance Engineer — API performance benchmarking — latency profiling, throughput testing, regression detection

Compare API performance across versions for regression detection

Design a performance benchmark for an API

Audit existing performance testing for gaps and stale baselines

Compliance Framework Engineer — SOC2, GDPR, HIPAA, ISO 27001 gap analysis

Compliance gap analysis — SOC2, GDPR, HIPAA, ISO 27001

Draft compliance policies required by a framework

Survey existing compliance artifacts and certifications

Defensive Security Engineer — Blue team operations — SOC design, detection engineering, hardening playbooks

Design detection rules for a threat — SIEM queries and MITRE ATT&CK mapping

Write a hardening playbook — CIS benchmark mapping and implementation steps

Audit existing security controls and detection coverage

Support engineer — ticket workflow design, SLA architecture, knowledge base, escalation paths, and support operations at scale

Contract & Policy Drafter — NDA, MSA, employment agreements, SLAs, vendor contracts

Draft a contract or policy document from a description

Survey existing contracts and policy documents

Review and redline a contract — risk and missing clauses

AI Operations Team — Budget: LLM spend tracking, model cost optimization, budget alerts, and token efficiency audits across AI workloads.

Audit AI spend — per-model cost breakdown, top consumers, waste identification, optimization levers.

Design cost reduction strategies — model tiering, prompt compression, caching, batch inference.

Map AI cost topology — billing attribution, team-level spend, forecast vs actuals, alert gaps.

PR & community engineer — press pitches, social media, open source community, DevRel, and launch moments

Infrastructure Specialist Team — Cache: Caching strategy — Redis/Memcached design, cache invalidation, eviction policies, application caching patterns

Cache skill: cache-design

Cache skill: cache-evict

Cache skill: cache-recon

Forecasting Engineer — Time series forecasting — demand prediction, trend analysis, seasonal decomposition

Build a forecasting model for a time series

Survey existing forecasting code or models

Validate and benchmark a forecasting model

Supply Chain Security Engineer — Supply chain security — SBOM generation, dependency scanning, third-party risk, license compliance

Audit existing dependency security and supply chain gaps

Design an SBOM generation pipeline for CI/CD

Design a dependency scanning program — CVE detection and license checks

Changelog & Release Communication Engineer — Changelog and release communication — breaking change docs, deprecation notices, migration guides

Design an API versioning and deprecation policy

Audit existing changelog and deprecation practices

Write a changelog entry or release notes for an API version

Infrastructure Specialist Team — Chaos: Chaos engineering — failure injection design, game days, resilience testing, blast radius control

Chaos skill: chaos-design

Chaos skill: chaos-game

Chaos skill: chaos-recon

Legal Researcher — case law synthesis, statute analysis, jurisdiction comparison

Jurisdiction comparison for a legal requirement or clause

Identify open legal questions and research gaps

Legal research — case law, statutes, regulatory guidance

Contract Clause Analyst — redlining, risk scoring, negotiation playbooks

Deep clause-by-clause analysis with risk scores

Generate negotiation playbook for a contract type

Scan existing contracts for risk patterns

Data Quality Engineer — Data quality — deduplication, validation, outlier detection, ETL pipeline design

Audit existing data cleaning code

Design a data cleaning and transformation pipeline

Design a data validation pipeline

Backwards Compatibility Engineer — Backwards compatibility — breaking change detection, deprecation management, semver discipline

Audit a proposed API change for breaking changes

Design an API compatibility and deprecation policy

Audit existing API for breaking change risks and missing controls

Contribute a discovery back to the upstream tonone repo — new skill, improved agent prompt, better routing rule. Use when you hit a gap, found a better pattern, or built something reusable that others would benefit from.

Content Designer — UX writing and content design — microcopy, error messages, onboarding, UI content strategy

Audit UX copy in a product or codebase

Survey all user-facing strings in a codebase

Write UX copy for a feature, flow, or component

ML/AI engineer — model training, MLOps, feature engineering, LLM integration

Evaluate model performance — check for accuracy drops, data drift, and error patterns. Use when asked about "model accuracy dropped", "evaluate the model", "check for drift", or "model performance".

Design and implement an AI feature integration — model selection, architecture pattern, system prompt, data flow, error handling, cost estimate. Use when asked to "add AI to this", "LLM integration", "add Claude/GPT", or "AI-powered feature".

Build an ML pipeline — from data to trained model to serving endpoint. Use when asked to "build ML model", "train a model", "prediction pipeline", "classification", or "regression".

Build a production-ready prompt package — system prompt, few-shot examples, output format, edge case handling, eval criteria. Use when asked to "prompt engineering", "build a prompt", "write a system prompt", or "improve this prompt".

ML reconnaissance — inventory all models, pipelines, data sources, and monitoring. Use when asked "what ML do we have", "model inventory", or "ML assessment".

Product strategist — roadmap planning, prioritization frameworks, competitive analysis, and market positioning

Competitive analysis ending in a clear positioning call — where to play, how to win. Use when asked to "analyze competitors", "competitive landscape", "how do we compare to X", "competitive positioning", "where should we play", "find our white space", or "who else does this".

Strategic narrative — write a standalone strategy memo that frames product direction, bets, and rationale for a planning horizon. Use when asked to "write a strategy doc", "product vision", "strategic narrative", "company strategy memo", "planning memo", or "explain our product direction".

OKR design — create objectives and key results with a North Star metric, input metrics tree, and cadence. Use when asked to "set OKRs", "define our objectives", "what should we measure this quarter", "design our OKR framework", "build a metrics tree", or "what's our North Star".

Strategic context reconnaissance — read existing roadmaps, OKRs, competitive docs, and briefs to establish context before planning. Use when asked to "understand our strategy", "what's the current roadmap", "what OKRs do we have", "strategic context", or before starting any prioritization or roadmap work.

Build a product roadmap with sequenced bets and explicit tradeoffs. Use when asked to "build a roadmap", "prioritize the backlog strategically", "what do we build next quarter", "sequence our bets", "what should we focus on", or "product strategy for the next N months".

Illustration & Icon Designer — Illustration and icon design — custom assets, icon systems, SVG optimization

Design an icon system spec or audit existing icons

Spec or critique custom illustrations

Audit existing icons and illustrations in a codebase

Data Science Team bundle — 10 agents: Cast, Feat, Fit, Score, Drift, Vect, Tune, Plot, Clean, Eval

Revenue & sales engineer — B2B pipeline, deal strategy, pricing, sales playbooks, and enterprise closing

AI Operations Team — Deploy: Model serving, inference APIs, blue/green deploys, rollback, and canary releases for production ML.

Plan and execute canary releases for model updates — traffic splitting, rollback triggers, success metrics.

Audit current model deployment topology — serving config, latency profile, version inventory.

Design and configure model serving infrastructure — endpoint scaling, batching, GPU allocation.

Design Team bundle — 10 agents: Hue, Grid, Glyph, Move, Wire, Mark, Cut, Axe, Tone, Copy

Developer Experience Team bundle — 10 agents: Guide, Sample, Mock, Schema, Port, Change, Onboard, Bench, Compat, Gate

UX designer — user flows, information architecture, wireframes, and interaction design

|

Information architecture — design navigation structure, content hierarchy, sitemap, and taxonomy for a product or feature set. Use when asked to "organize the navigation", "information architecture", "how should content be structured", "sitemap", "nav redesign", "where should X live", or "content hierarchy".

|

|

UI and UX reconnaissance — scan existing frontend routes, components, navigation, and flows to understand the current UX state before designing. Use when asked to "understand the current UI", "what UX patterns exist", "map the navigation", "what screens exist", or before starting any flow or wireframe work.

Usability review — evaluate an existing flow or UI against usability heuristics, flag friction points, and recommend fixes. Use when asked to "review the UX", "usability audit", "what's wrong with this flow", "UX feedback", "critique this design", or "why are users dropping off here".

Text and Mermaid wireframes — produce screen-level layouts with content hierarchy, component placement, and interaction annotations. Use when asked to "wireframe this", "sketch the UI", "layout for this screen", "lo-fi mockup", "screen design", or "what should this page look like".

ML Monitoring Engineer — ML monitoring — data drift, concept drift, model degradation, production ML health

Design drift alerts and escalation

Design a drift monitoring system for a production ML model

Audit existing ML monitoring

User researcher — interviews, personas, Jobs-to-Be-Done, and customer feedback synthesis

Feedback synthesis — cluster support tickets, NPS verbatims, app store reviews, and churn surveys by theme, separate signal from noise, and produce an actionable insight report. Use when asked to "synthesize this feedback", "analyze support tickets", "what are users complaining about", "NPS analysis", "churn feedback synthesis", or "what's the feedback telling us".

Run a user interview — produce an interview guide and synthesize the output into an actionable insight report. Use when asked to "run a user interview", "synthesize these interview notes", "what do users actually want", "build a persona from this feedback", "find the JTBD in these transcripts", or "analyze this interview data".

Jobs-to-Be-Done analysis — given a product, user descriptions, transcripts, or tickets, produce a JTBD job map with switching forces analysis and opportunity ranking. Use when asked to "find the JTBD", "what jobs are users hiring us for", "job mapping", "what are users really trying to do", "JTBD framework", or "why are users switching".

User research reconnaissance — survey existing personas, research docs, interview notes, and feedback artifacts to establish what is already known about users. Use when asked to "what research exists", "review existing personas", "what do we know about our users", or before starting new research or synthesis work.

User segmentation and persona creation from mixed data sources — analytics, CRM, support tickets, reviews, or any combination. Use when asked to "build personas", "who are our users", "segment our users", "create user profiles", "define user archetypes", or "who is the target user".

Infrastructure Specialist Team — Edge: Edge computing and CDN — global distribution, cache strategy, edge functions, latency optimization

Edge skill: edge-cdn

Edge skill: edge-recon

Edge skill: edge-route

AI Operations Team — Embed: Embedding model selection, vector pipeline design, similarity search, and production index management.

Design embedding pipelines — model selection, batching, normalization, index refresh strategy.

Audit embedding infrastructure — model drift, index freshness, query latency, coverage gaps.

Optimize similarity search — ANN index tuning, hybrid search, reranking, query expansion.

Install all 15 Engineering Team agents at once

Experiment Design Engineer — Experiment design — A/B testing, statistical power, experiment tracking, causal inference

Analyze A/B test results

Design an A/B test

Design eval harnesses — task schemas, metrics, dataset versioning, eval-as-code patterns.

Audit existing experimentation infrastructure

Build automated regression suites — golden sets, threshold alerting, CI integration for model changes.

AI Operations Team — Evals: Eval harness design, benchmark suites, automated regression, human eval orchestration.

Feature Engineer — Feature engineering — transformations, encodings, feature stores, pipeline design

Design a feature engineering pipeline for a ML problem

Audit feature engineering code for leakage and quality issues

Design or audit a feature store

Infrastructure Specialist Team — Finop: Cloud cost optimization — FinOps practices, rightsizing, reservation strategy, cost attribution

Finop skill: finop-audit

Finop skill: finop-recon

Finop skill: finop-reserve

Model Training Engineer — Model training — algorithm selection, hyperparameter tuning, training infrastructure

Audit existing model training code

Design a model training pipeline

Design a hyperparameter tuning strategy

Data engineer — databases, migrations, pipelines, data modeling

Data quality and pipeline health check — freshness, schema drift, null rates, orphaned records, pipeline status. Use when asked about "data quality check", "pipeline health", "is our data fresh", or "schema drift".

Build zero-downtime database migrations — forward SQL, rollback SQL, deployment sequence. Use when asked to "write migration", "schema change", "add column", "rename table", "drop column", or "migrate safely".

Build a data pipeline — ETL/ELT with extraction, transformation, loading, error handling, and scheduling. Use when asked to "build ETL", "data pipeline", "move data from X to Y", or "sync data".

Optimize slow database queries — analyze execution plans, add indexes, rewrite queries. Use when asked about "slow query", "optimize SQL", "query performance", or "explain this query".

Database reconnaissance — full inventory of schema, migrations, data volume, backups, connection pooling, and query patterns. Use when asked to "assess this database", "understand the schema", or "database health check".

Design and build database schema — tables, columns, types, indexes, constraints, relationships. Given a domain description, output the schema and write the files. Use when asked to "design schema", "database design", "create tables", or "data model".

People engineer — org design, hiring pipelines, compensation frameworks, onboarding playbooks, performance management, and human-to-agent migration

Infrastructure engineer — cloud services, networking, IaC, cost optimization

Audit existing infrastructure for security issues, waste, and misconfigurations. Use when asked to "audit my infra", "check cloud setup", "infra review", "are we wasting money", "security check on infra", or "review my terraform".

Audit cloud infrastructure costs and produce a concrete optimization plan with specific changes and estimated savings. Use when asked to "how much is this costing", "reduce cloud spend", "cost optimization", "are we overpaying", "cloud bill", or "budget for this infra".

Diagnose runtime infrastructure issues — cold starts, timeouts, scaling problems, network failures. Use when asked about "infra is slow", "cold starts", "network issues", "why is this timing out", "scaling problem", "latency spikes", or "service is down".

Build production-grade infrastructure as code for a service or project. Use when asked to "set up infra", "provision infrastructure", "create cloud resources", "IaC for this project", "terraform for this", or "deploy this service".

Design and build networking infrastructure — VPCs, subnets, DNS, load balancers, firewall rules. Use when asked to "set up networking", "VPC design", "configure DNS", "load balancer setup", "network architecture", or "firewall rules".

Infrastructure reconnaissance — inventory all cloud resources, map connections, flag risks. Use when asked to "inventory our infra", "what infrastructure do we have", "map our cloud resources", "infra discovery", or "what's running in our cloud".

Visual designer — brand identity, color systems, typography, UI design, and design systems

|

|

|

|

|

|

|

|

|

|

|

|

|

Corporate Governance Advisor — board resolutions, cap table, equity plan docs

Draft board resolutions and corporate consent documents

Draft equity plan documents and option grant agreements

Survey corporate governance artifacts and flag gaps

Install all 23 tonone agents at once — Engineering Team + Product Team

API Quality Gate Engineer — API quality gates — linting, style enforcement, breaking change CI, and API governance

Integrate API quality gates into CI

Design an API linting ruleset with style rules and severity levels

Audit existing API quality controls and CI gates

Typography Designer — Typography system design — font pairing, type scale, hierarchy tokens

Select and pair fonts for a product

Audit existing typography in a codebase

Design a type scale and hierarchy

Layout Systems Designer — Layout system design — spacing scales, responsive grids, layout primitives

Design a layout system — spacing scale, grid columns, and layout primitives

Audit existing layout patterns in a codebase

Audit or redesign responsive behavior of a layout

AI Operations Team — Guard: Input/output safety filters, PII detection, content moderation, and AI policy enforcement at runtime.

Audit guardrail coverage — bypass vectors, false positive rates, policy gap analysis, red-team scenarios.

Design guardrail layers — input classifiers, output validators, PII scrubbers, policy rule engines.

Map current AI safety controls — filter inventory, coverage gaps, latency impact, incident history.

API Documentation Engineer — API and SDK documentation — reference docs, guides, and documentation architecture

Audit existing API documentation for completeness and accuracy

Survey documentation coverage across an API or SDK

Write API reference documentation for an endpoint or SDK method

Head of Product — product strategy, requirements, and engineering handoff via the Helm↔Apex interface

Scope arbitration — resolve disagreements between product and engineering on what is in or out of scope, with a decision log and escalation path. Use when asked to "resolve this scope disagreement", "arbitrate between product and eng", "scope is creeping", "we can't agree on what's in scope", or "help us decide what to cut".

|

|

|

Product landscape reconnaissance — survey existing briefs, research, strategy, and team output before writing new briefs or dispatching specialists. Use when asked to "understand the product state", "what briefs exist", "what has the team produced", "orient me on this product", or before starting a new product initiative.

Color Systems Designer — Color palette design — semantic tokens, dark/light mode, WCAG contrast

Design a color palette with semantic tokens for a brand or product

Audit existing color usage in a codebase

Audit or refactor a design token system for color

Threat Hunter — Threat hunting — hypothesis-driven hunting, compromise assessment, IOC analysis

Design a compromise assessment — hunting scope and evidence collection

Analyze indicators of compromise — enrichment and attribution

Design a threat hunting program — maturity assessment and playbook library

Infrastructure Specialist Team — 10 agents: Kube, Terra, Finop, Serv, Edge, Cache, Queue, Mesh, Multi, Chaos

Content marketing engineer — blog strategy, SEO, thought leadership, developer content, and content calendar

Operations engineer — process design, vendor management, legal ops, compliance (SOC2/GDPR), OKR execution, and cross-functional coordination

Customer success engineer — onboarding optimization, health scoring, expansion revenue, and churn prevention

Infrastructure Specialist Team — Kube: Kubernetes cluster design — RBAC, networking, operators, workload configuration

Kube skill: kube-design

Kube skill: kube-rbac

Kube skill: kube-recon

Install all 10 Legal Team agents at once — contracts, compliance, IP, governance, regulatory

Data analytics & BI engineer — dashboards, metrics design, reporting, data storytelling

Review existing analytics — find all dashboards and reports, check who uses them, whether metrics are defined, and whether they drive decisions. Recommend what to keep, kill, or add. Use when asked "are our dashboards useful", "analytics review", or "metrics audit".

|

Design and spec an analytical dashboard — define the question each chart answers, write the SQL queries, spec the layout and refresh cadence. Produces a complete dashboard spec ready to implement. Use when asked to "build a dashboard", "analytics dashboard", "BI dashboard", "weekly product health", or "visualize this data".

Produce a complete metrics definition doc — metric name, formula, data source, segmentation, SQL or event tracking spec, and what good/bad looks like. Given a product area, outputs the full metrics spec. Use when asked to "define KPIs", "metrics framework", "what should we measure", "north star metric", or "instrument this feature".

Analytics reconnaissance for takeover — find all analytics tools, inventory what's tracked and dashboarded, assess data freshness and metric definitions, and present a coverage map. Use when asked "what analytics exist", "BI assessment", or "what do we track".

Build a reporting pipeline — scheduled reports with SQL queries, delivery via Slack or email, threshold alerts, and historical comparison. Use when asked for "automated reports", "scheduled report", "email digest", or "Slack alerts for metrics".

Regulatory Filing Advisor — DMCA, FTC disclosures, GDPR DPAs, government filings

Draft DMCA takedown notice or counter-notice

Prepare regulatory filing, disclosure notice, or government submission

Identify required regulatory filings and their status

Product analyst — metrics frameworks, funnel analysis, OKRs, A/B test design, and retention analysis

A/B test design — produce an experiment spec with hypothesis, primary metric, MDE, sample size, run time, and decision rule. Also determines when NOT to A/B test and what to do instead. Use when asked to "design an A/B test", "should we test this", "experiment design", "how do we know if this works", "what's the sample size", or "set up an experiment".

|

Instrumentation plan — design event taxonomy, property schema, and tracking plan for analytics tools. Use when asked to "what should we track", "instrumentation plan", "set up analytics events", "analytics event schema", "tracking plan", or "instrument this feature".

Metrics architecture — produce a complete metrics plan given a product description. North Star, input metrics tree, instrumentation spec, action triggers, and counter-metrics. Use when asked to "design a metrics framework", "what should we measure", "build a metrics system", "define our KPIs", "what are our success metrics", "metrics strategy", or "what do we track".

Analytics reconnaissance — scan existing event tracking, metric definitions, dashboards, and analytics configuration to understand what is currently being measured. Use when asked to "what are we tracking", "audit our analytics", "what metrics exist", "analytics inventory", or before designing new metrics or instrumentation.

Brand Designer — Brand identity design — logo usage rules, brand guidelines, visual identity systems

Design an asset library structure — naming, formats, delivery specs

Write brand guidelines — logo usage, color, typography, voice

Audit existing brand assets and usage

Infrastructure Specialist Team — Mesh: Service mesh design — Istio/Linkerd/Envoy, mTLS, traffic management, observability integration

Mesh skill: mesh-design

Mesh skill: mesh-observe

Mesh skill: mesh-recon

Finance engineer — P&L, runway, unit economics, fundraising, board reporting, and cap table management

API Mocking & Contract Engineer — API mocking — mock server design, contract testing, API simulation

Design a consumer-driven contract testing setup

Design a mock server for an API

Audit existing mocks for contract drift and missing error cases

Motion Designer — Motion design — animation principles, transition systems, micro-interaction specs

Design an animation spec for a component or interaction

Audit existing animations in a codebase

Design a motion system for a product

Infrastructure Specialist Team — Multi: Multi-cloud architecture — provider selection, portability strategy, lock-in avoidance, workload placement

Multi skill: multi-design

Multi skill: multi-port

Multi skill: multi-recon

Developer Onboarding Engineer — Developer onboarding — quickstart design, time-to-first-call optimization, onboarding funnel audit

Audit the developer onboarding experience and measure TTFC

Write a developer quickstart — minimal steps to first successful API call

Survey existing onboarding docs and developer portal

Vulnerability Management Engineer — Vulnerability management — CVE triage, CVSS prioritization, patching cadence, SLA design

Design a vulnerability management program — SLAs and asset tiers

Audit existing vulnerability management for SLA gaps

Triage CVEs — CVSS + EPSS + KEV scoring and prioritization

Platform engineer — developer experience, service catalogs, internal CLIs, golden paths, environment management

Audit developer experience — measure onboarding time, build speed, deployment friction, and developer satisfaction. Use when asked to "DX audit", "developer experience review", "why is development slow", "onboarding assessment", or "DORA metrics".

Build a service catalog — schema, starter entries, and governance model. Produces what information to capture per service, how it's maintained, and where it lives. Use when asked to "service catalog", "what services do we have", "catalog our services", "service inventory", or "who owns what".

Set up local development environments — devcontainers, Docker Compose, one-command setup, dev/prod parity. Use when asked to "set up dev environment", "devcontainer", "docker compose for dev", "local development setup", or "one command to run".

Define a golden path — the opinionated, supported way to do a common developer task (create a new service, set up an environment, deploy a feature). Produces concrete steps, templates, and tooling. Use when asked to "golden path", "create project template", "scaffold a new service", "how should we create services", or "standardize our setup".

Platform reconnaissance — inventory all developer tooling, environments, build systems, and developer workflows for project takeover. Use when asked to "understand the dev setup", "developer tooling assessment", "platform assessment", or "how do developers work here".

Security Awareness Engineer — Security awareness — phishing simulation design, security training programs, social engineering assessment

Design a phishing simulation program — scenarios and measurement

Audit existing security awareness program — coverage and effectiveness

Design a security awareness training curriculum

Product marketer — positioning, messaging, value proposition, GTM strategy, and launch copy

Landing page and marketing copy — write hero section, problem/solution blocks, proof points, and CTAs. Use when asked to "write landing page copy", "write the homepage", "marketing copy for this feature", "product page copy", "write the hero section", or "write copy for [surface]".

|

Produce an actual launch plan with announcement copy, channel sequence, and day-1 checklist. Use when asked to "plan a launch", "GTM strategy", "how do we announce this", "launch plan for [feature]", "go-to-market", "write our Product Hunt post", or "how do we get people to notice this".

Messaging framework — produce a full headline, subheadline, proof points, and CTA hierarchy for use across all surfaces. Use when asked to "write our messaging", "messaging framework", "what should our headline say", "copy hierarchy", "tagline and messaging", or "how do we talk about the product".

Produce a complete positioning document using the Dunford framework — competitive alternatives, unique attributes, value, best-fit customer, market category, positioning statement, and tagline. Use when asked to "write our positioning", "define our value prop", "positioning statement", "what market are we in", "how do we position against X", "what's our tagline", or "write our messaging foundation".

Marketing and messaging reconnaissance — read existing landing pages, copy, positioning docs, and marketing materials to understand the current messaging state. Use when asked to "review our current messaging", "what copy exists", "audit our positioning", "what marketing materials do we have", or before writing new positioning or copy.

Data Visualization Engineer — Data visualization — chart design, visualization libraries, exploratory analysis

Design or critique a data visualization

Design an exploratory data analysis workflow

Audit existing visualizations in a codebase or notebook

SDK Design Engineer — SDK design — multi-language SDK architecture, idiomatic patterns, cross-language consistency

Design an SDK architecture for an API

Audit multi-language SDK coverage and consistency

Review an existing SDK for idiomatic quality and consistency

Frontend & DX engineer — UI, internal tools, developer portals

Frontend audit — bundle size, dependencies, accessibility, performance, component quality. Use when asked for "frontend review", "performance audit", "accessibility check", or "bundle size".

|

Implement a reusable, accessible, typed component from a design spec. Use when asked to "create a component", "build a widget", "implement this design", or "reusable UI element".

Build an internal dashboard with data tables, filters, detail views, and CRUD. Use when asked to build an "admin panel", "internal dashboard", "back office", or "data dashboard UI".

Frontend reconnaissance — map the component tree, routing, state management, build config, and assess quality. Use when asked to "understand this frontend", "frontend assessment", or "what's the UI built with".

|

Implement a complete UI screen or feature from a Form visual spec. Use when asked to "build a page", "implement this screen", "build the frontend for this feature", or "create this UI".

Install all 8 Product Team agents at once

AI Operations Team — Prompt: System prompt design, few-shot libraries, chain-of-thought patterns, and prompt versioning for production LLM applications.

Design production prompts — system prompt architecture, instruction clarity, few-shot selection.

Audit prompt library — duplication, quality, coverage gaps, version drift, eval alignment.

Build prompt versioning systems — storage, A/B testing, regression tracking, rollback.

QA & testing engineer — test strategy, E2E suites, integration testing, test infrastructure, flaky test triage

Build API test suites — endpoint testing, contract testing, load testing for REST/GraphQL/gRPC APIs. Use when asked to "test this API", "API tests", "endpoint testing", "contract tests", or "load test".

Audit test suite health — find flaky tests, slow tests, coverage gaps, and testing anti-patterns. Use when asked to "audit tests", "fix flaky tests", "why are tests slow", "test health", or "improve test suite".

|

Build E2E test specs for critical user journeys — Playwright or Cypress, page objects, setup/teardown, CI config. Use when asked to "write E2E tests", "end-to-end testing", "browser tests", "UI tests", or "Playwright tests".

Testing reconnaissance — inventory all tests, frameworks, coverage, CI integration, and assess testing maturity for project takeover. Use when asked to "understand the tests", "testing assessment", "what's tested", or "test inventory".

Produce a test strategy for a project or feature — risk map, test type decisions, coverage targets, CI config. Use when asked to "create test strategy", "what should we test", "testing plan", or "improve test coverage".

Infrastructure Specialist Team — Queue: Message queuing and streaming — Kafka, SQS, RabbitMQ design, consumer group strategy, dead letter queues

Queue skill: queue-design

Queue skill: queue-recon

Queue skill: queue-scale

AI Operations Team — Rank: Retrieval reranking, relevance scoring, learning-to-rank pipelines, and result quality evaluation for search and RAG.

Design ranking pipelines — reranker selection, score fusion, cross-encoder patterns, latency trade-offs.

Build ranking evaluation — NDCG/MRR measurement, human relevance labeling, offline eval harness.

Audit ranking quality — metric trends, failure modes, dataset coverage, reranker performance.

Offensive Security Engineer — Red team operations — penetration testing, attack simulation, vulnerability exploitation

Design a penetration testing plan — scope, methodology, and rules of engagement

Design a reconnaissance plan — OSINT and attack surface mapping

Write a penetration test finding report with CVSS scores and remediation

DevOps engineer — CI/CD, deployments, GitOps, developer experience

Audit an existing CI/CD pipeline for slowness, security issues, and reliability gaps. Use when asked to "audit pipeline", "why is CI slow", "pipeline review", or "deployment review".

Set up a complete deployment configuration — Dockerfile, deployment manifest, environment config, and rollback procedure. Use when asked about "deployment setup", "how do I deploy this", "deployment strategy", or "rollback plan".

Build production-ready Dockerfiles with multi-stage builds, security hardening, and docker-compose for local dev. Use when asked to "create Dockerfile", "optimize container", or "dockerize this".

Build a full CI/CD pipeline from scratch. Use when asked to "set up CI/CD", "create pipeline", or "automate deploys".

Map the full CI/CD pipeline — triggers, build, test, deploy flow — with risk assessment. Use when asked "how does this deploy", "map the pipeline", or "understand CI/CD".

End-to-end ship workflow — merge base, run tests, review diff, bump version, commit, push, create PR. Use when asked to "ship", "push to main", "create a PR", "get this merged", or "deploy this branch".

Incident Response Engineer — Incident response — playbook design, containment procedures, DFIR, post-incident review

Design containment procedures for an active incident

Write an incident response playbook for a threat scenario

Audit existing incident response capability and playbook coverage

Code Sample Engineer — Code samples and tutorials — working examples, quickstarts, and language-specific guides

Survey existing code samples — coverage, language parity, and freshness

Review existing code samples for correctness and developer experience

Write a working code sample or tutorial for an API feature

Application Security Engineer — Application security — SAST/DAST scanning, code security review, secure SDLC design

Analyze and fix a SAST finding with secure code alternative

Audit application security tooling for OWASP Top 10 coverage

Design a SAST/DAST scanning pipeline — tooling and CI integration

API Schema Engineer — API schema design — OpenAPI, GraphQL, gRPC schema quality and design standards

Design an API schema — OpenAPI, GraphQL, or gRPC proto

Audit existing API schemas for inconsistencies and coverage gaps

Review an API schema for consistency and completeness

IP & Trademark Advisor — trademark clearance, patent landscape, OSS license compliance

Open source license compliance audit — GPL, LGPL, AGPL risks

Survey IP assets, license obligations, and assignment gaps

Trademark clearance research and filing preparation

Model Evaluation Engineer — Model evaluation — metrics design, statistical significance, model comparison

Compare two or more models statistically

Design an evaluation framework for a ML model

Audit existing model evaluation code

Security Operations Team bundle — 10 agents: Red, Blue, Hunt, Patch, Chain, Sast, Siem, Resp, Zero, Phish

Infrastructure Specialist Team — Serv: Serverless architecture — Lambda/Cloud Functions/Cloud Run design, cold start optimization, event patterns

Serv skill: serv-cold

Serv skill: serv-design

Serv skill: serv-recon

Regulatory Risk Advisor — GDPR, CCPA, FTC, financial regulation, export controls

Regulatory exposure assessment for a product or geography

Map product data flows and identify regulatory triggers

Draft regulatory response letters and regulator comms

Detection & SIEM Engineer — SIEM engineering — log pipeline design, detection rule development, alert tuning

Tune a SIEM alert to reduce false positives

Audit existing SIEM deployment — log coverage and rule quality

Write SIEM detection rules in SIGMA format with MITRE mapping

Backend engineer — APIs, system design, performance, distributed systems

Design and spec an API — endpoints, request/response shapes, error codes, auth pattern, pagination. Applies Stripe's consistency principles. Use when asked to "design an API", "build API endpoints", "create REST API", or "API for this feature".

Produce a system design doc — components, data flow, decisions made, tradeoffs, failure modes. Not a list of options. An actual design with calls made. Use when asked for "system design for", "architect this", "how should we build", or "design the backend".

Find and fix performance bottlenecks — N+1 queries, missing indexes, sync bottlenecks, caching gaps. Use when asked "why is this slow", "performance issue", "optimize this endpoint", or "N+1 queries".

Backend reconnaissance — map all routes, middleware, models, dependencies, auth, and assess code quality for project takeover. Use when asked to "understand this backend", "map the API", or "assess code quality".

API and backend code review — REST conventions, auth, validation, error handling, pagination, rate limiting, test coverage. Use when asked to "review this API", "code review", "review backend", or "pre-launch backend check".

Build a new production-ready service from scratch — config management, health checks, graceful shutdown, structured logging. Use when asked to "new service", "scaffold a backend", "bootstrap service", or "create microservice".

Growth engineer — acquisition channels, activation funnels, retention playbooks, and PLG strategy

|

Growth experiment design — structure a growth hypothesis, define metric, baseline, expected lift, and kill condition for a single experiment. Use when asked to "design a growth experiment", "test this growth idea", "experiment framework", "how do we test if this works", or "growth hypothesis".

|

PLG motion design — free tier definition, activation sequence, expansion trigger points, viral mechanic assessment. Given a product, output the PLG architecture and make the calls. Use when asked to "PLG strategy", "freemium model", "product-led growth plan", "self-serve motion", "how do we add a free tier", "upgrade triggers", or "viral loop design".

Growth state reconnaissance — scan existing onboarding flows, acquisition channels, conversion funnels, and growth experiment logs to understand current growth state. Use when asked to "what's our growth state", "audit the funnel", "what growth experiments have we run", "acquisition channel inventory", or before designing new growth experiments.

Retention diagnosis + intervention plan — analyze the retention curve, identify the primary drop-off point, and produce a specific intervention plan with expected impact. Use when asked to "improve retention", "why are users churning", "build a retention playbook", "reduce churn", "win-back campaign", or "users aren't coming back".

Privacy & ToS Drafter — GDPR-compliant privacy policies, ToS, cookie policies, DPAs

Draft GDPR-compliant privacy policy for the product

Check privacy policy and ToS for completeness and compliance

Draft Terms of Service for the product

Infrastructure Specialist Team — Terra: Terraform and IaC — module design, state management, drift detection, and IaC best practices

Terra skill: terra-drift

Terra skill: terra-module

Terra skill: terra-recon

AI Operations Team — Token: Context window optimization, token counting, truncation strategies, and chunking patterns for LLM efficiency.

Design token budgets — system/user/assistant allocation, overflow handling, context compression.

Design chunking strategies — semantic splitting, overlap tuning, retrieval-aware chunk sizing.

Audit token usage patterns — avg context size, waste, truncation frequency, budget adherence.

Design Token Engineer — Design token engineering — token architecture, theming systems, style-dictionary pipelines

Audit existing token usage in a codebase

Build or fix a theming system

Design or refactor a design token architecture

Engineering + Product team — 23 agents, 2 teams. All agents and skills in one install.

First-run onboarding tour — guided walkthrough of tonone's 23 agents, key skills, and worktree sessions. Two paths: expert (~90 sec) and newcomer (~8 min). Use when asked "how do I use tonone", "what can tonone do", "show me around", or "first steps".

Mobile engineer — native iOS/Android, cross-platform, app stores, mobile performance

Produce a complete mobile app architecture design — platform choice, navigation structure, state management, data layer, key screens. Use when asked to "build a mobile app", "new app", "create iOS/Android app", "app architecture", or "cross-platform app".

Mobile audit — app size, startup time, crash reporting, store compliance, accessibility, offline behavior. Use when asked for "mobile review", "app store readiness", "mobile performance", or "crash analysis".

Produce a mobile feature spec — user story, technical approach, component breakdown, platform-specific considerations, edge cases. Use when asked to "add a screen", "spec this feature", "mobile feature", "new tab", "push notifications", or "deep link".

Mobile reconnaissance — understand the app's tech stack, architecture, dependencies, and health for takeover. Use when asked to "understand this app", "mobile assessment", or "app health".

Set up mobile release pipeline — Fastlane, code signing, CI, beta distribution, versioning. Use when asked about "app store setup", "release pipeline", "fastlane", "beta distribution", or "signing".

|

AI Operations Team — Trace: LLM tracing, span capture, prompt/completion logging, cost attribution, and AI system debugging.

Debug AI system behavior using traces — prompt reconstruction, output comparison, failure attribution.

Instrument LLM calls with tracing — span structure, token counts, latency, model metadata.

Audit LLM observability coverage — trace gaps, logging completeness, cost attribution accuracy.

LLM Fine-tuning Engineer — LLM fine-tuning — PEFT/LoRA, RLHF, instruction tuning, prompt optimization

Design a fine-tuning pipeline

Systematically optimize prompts for a task

Audit existing fine-tuning or prompt engineering work

Embeddings & Vector Search Engineer — Embeddings and vector search — semantic search, RAG pipelines, vector database design

Design an embedding pipeline

Audit existing vector search or RAG implementation

Design a vector search or RAG system

Observability & reliability engineer — monitoring, alerting, SRE, incident response, SLOs

Write SLO-based alert rules with burn rate thresholds and paired runbooks. Outputs actual alert configs, not a strategy doc. Use when asked to "set up alerts", "create runbooks", "define SLOs", or "alerting strategy".

Verify observability posture — audit monitoring coverage, find blind spots, prioritize gaps. Use when asked "is monitoring sufficient", "observability review", "are we covered", or "pre-launch monitoring check".

Incident response — diagnose production issues, find root cause, propose fix with rollback. Use when asked about "something is broken", "production issue", "why is this down", "incident", or "debug production".

Instrument a service with OpenTelemetry — RED metrics, structured logs, distributed tracing, and health checks. Outputs actual code and config, not a plan. Use when asked to "add monitoring", "instrument this", "add logging", "set up tracing", or "observability".

Observability reconnaissance — inventory what monitoring exists, map coverage, highlight blind spots. Use when asked "what monitoring exists", "observability assessment", or "what can we see".

Embedded & IoT engineer — firmware, microcontrollers, edge computing, device protocols

Build a device driver or protocol handler — I2C sensors, BLE services, MQTT clients, SPI peripherals with interrupt-driven I/O and clean HAL abstraction. Use when asked to "write a driver", "I2C device", "BLE service", "MQTT client", or "sensor integration".

Produce a complete firmware architecture spec for a described device — layer diagram, module responsibilities, HAL interface definitions, key state machines, RTOS decision. Use when asked to "design firmware architecture", "plan embedded firmware", "architect an IoT device", "how should I structure this firmware", or given a device description and asked what the firmware should look like.

Produce a complete OTA update system design — partition layout, update flow, rollback conditions, validation checks, fleet management approach, failure modes and recovery. Use when asked about "OTA updates", "firmware updates over the air", "how do I update devices in the field", "OTA strategy", or "remote firmware update design".

Power management audit — analyze sleep modes, wake sources, power state machines, radio duty cycles, and battery life estimates. Use when asked to "audit power usage", "optimize battery life", "review power management", "why is my battery draining", "power budget analysis", or "sleep mode review".

Firmware reconnaissance for takeover — inventory the MCU, peripherals, RTOS, protocols, OTA, power management, and assess code quality with risk flags. Use when asked to "understand this firmware", "device inventory", or "embedded assessment".

Security engineer — IAM, secrets, compliance, threat modeling

Full security audit — secrets, dependencies, IAM, auth, injection, XSS, HTTPS, rate limiting, public storage. Use when asked for "security audit", "check for vulnerabilities", "security review", or "are we secure".

Produce a hardening spec and implement it — auth patterns, security headers, rate limiting, input validation, secrets management, dependency hygiene. Use when asked to "harden this", "add security to this service", "what security do I need", or "secure this before launch".

Build IAM from scratch — roles, policies, service accounts with least privilege. Use when asked to "set up IAM", "create roles", "service accounts", or "access control".

Security reconnaissance — full inventory of secrets management, IAM, dependencies, auth, encryption, audit logging, and compliance gaps. Use when asked about "security posture", "how secure is this", or "security assessment".

Produce a threat model — assets, ranked threats, mitigations, accepted risks. Use when asked to "threat model this", "what could go wrong security-wise", "map our attack surface", or before designing any security-sensitive feature.

Prototyping Engineer — Prototyping and handoff — interactive flow docs, component specs, developer handoff

Document a prototype or user flow

Audit existing design documentation

Write a developer handoff spec for a component or feature

Zero Trust Architect — Zero trust architecture — network segmentation, identity-based access, microsegmentation design

Audit an environment against zero trust principles

Design a zero trust architecture — phased roadmap and segmentation

Survey network and identity controls for zero trust readiness