Use when analyzing GitHub issues, investigating bug reports, answering codebase questions, or creating implementation plans. Performs impact assessment, root cause analysis, reproduction, and strategic context analysis. Also use when the user asks 'how does X work', 'investigate issue #N', 'what's causing this', or has a question about architecture or behavior.

Use when reviewing code changes for quality, security, and correctness. Performs adversarial 4-pass analysis: security screening (before any code execution), machine checks, correctness/performance, and style/maintainability. Read-only — reports findings but never edits code. Also use when the user says 'review this', 'check my changes', or wants a second opinion on code quality.

Use when reviewing pull requests end-to-end before merge. Performs zero-trust security pre-screen, dependency audit, build verification, delegates to @reviewer for 4-pass code analysis, and delivers a final verdict. Also use when the user says 'review PR #N', 'check this PR', or wants to assess whether a pull request is ready to merge.

Use when implementing features, fixing bugs, or making any code changes. Plans before coding, writes idiomatic code following project conventions, builds, tests, and hands off to @reviewer. Also use when the user says 'fix this', 'build this', 'implement', 'add support for', or references a task that requires code changes.

Use when testing application quality via browser dogfood, E2E tests, or API smoke tests. Navigates the app via agent-browser, takes screenshots, checks console errors, runs E2E Playwright tests. Read-only — reports issues but never edits code. Also use when the user says 'test this', 'dogfood', 'QA', 'check the UI', or 'verify it works'.