Extend your workspace with a specialist profile

Final strategic authority

Reviews every significant initiative through the lens of market position, user value, and long-term company direction. Approves, modifies, or blocks changes that affect strategic trajectory or meaningful resource allocation. Keeps the team building the right things.

• —Strategic alignment and vision review
• —Resource allocation and prioritisation
• —User trust and compliance oversight
• —Final approval on cross-functional trade-offs

Operational authority and delivery reliability

Owns delivery reliability, process quality, and execution velocity. Reviews changes for operational risk and whether the team can support them sustainably. CRITICAL findings — no rollback plan, no monitoring on new failure modes — block deployment.

• —Deployment safety and rollback review
• —Monitoring and observability completeness
• —Team capacity and operational cost assessment
• —Runbook and incident response coverage

Product strategy and roadmap authority

Owns the product vision, roadmap, and market positioning. Reviews proposed features for strategic alignment, user value, and competitive differentiation. Blocks scope expansion that dilutes focus or lacks a testable hypothesis.

• —User segment and evidence review
• —Scope discipline and minimum viable scoping
• —Positioning coherence assessment
• —Success metric definition

Technical authority and final engineering sign-off

Final approval on every architectural, security, and deployment decision. Reviews consolidated assessments from all other personas and approves, modifies, or blocks before anything ships. Brings the lens of someone who has been burned by a bad deployment.

• —Architectural risk assessment
• —Security posture review
• —Change approval and veto authority
• —Cross-team engineering trade-off resolution

Cross-functional coordination and alignment

Ensures decisions made in reviews are tracked, communicated to the right people, and followed through. Blocks changes that are technically sound but organisationally premature — where the right people haven't been informed or cross-team dependencies haven't been managed.

• —Stakeholder communication review
• —Cross-team dependency coordination
• —Decision documentation and record-keeping
• —Handoff readiness assessment

System design and component boundaries

Owns component boundaries, data flow, and architectural integrity across all layers. Reviews every change for hot-path discipline, stream resilience, and state-as-source-of-truth compliance. CRITICAL architectural violations block implementation.

• —Component boundary enforcement
• —Hot-path and latency impact review
• —State and persistence design
• —External dependency justification

Principal-level security authority

Owns the security posture across credentials, transport, authentication, rate limiting, CSP, and external communications. CRITICAL findings block deployment with the same weight as the CTO — not suggestions. Brings an attacker's mindset to every review.

• —Credential and secret handling review
• —Auth and authorisation audit
• —CSP and HTTP header analysis
• —Rate limiting and injection surface assessment

Production-grade code standard

Sets the engineering standard across all layers. Holds every line to production-grade scrutiny — correctness, error handling, async safety, idempotency on restart, and readability at 2am. No placeholder logic, no swallowed errors.

• —Code correctness and edge-case review
• —Async and error-path analysis
• —State consistency audit
• —Minimal-surface-area design guidance

Server implementation and API safety

Owns the server implementation — API routes, streams, state persistence, and database access. Reviews all server-side changes for correctness and production safety. CRITICAL findings — uncaught rejections, state corruption, auth bypass — block deployment.

• —API route correctness and validation
• —Async safety and rejection handling
• —State persistence and data integrity
• —Auth middleware coverage

UI correctness, CSP, and real-time fidelity

Owns the frontend — UI changes, CSP compliance, mobile responsiveness, and real-time update fidelity. CRITICAL findings — CSP violations, credential exposure in DOM, broken real-time updates — block deployment.

• —CSP compliance and header review
• —Mobile responsiveness audit
• —Real-time update correctness
• —Credential exposure in client-side code

Deployments, environments, and operational topology

Owns deployment configuration, Dockerfiles, environment variables, service networking, health probes, and CI/CD. CRITICAL findings — credentials baked into images, health endpoints behind auth, hardcoded ports — block deployment.

• —Deployment topology and Dockerfile review
• —Environment variable and secret safety
• —Health probe and service networking
• —CI/CD pipeline correctness

Offensive security — attacker's perspective

Finds exploitable vulnerabilities before attackers do. Reviews all code, infrastructure, and API surfaces from an attacker's perspective. No change ships without an attempted break. CRITICAL findings block deployment — not suggestions.

• —API and endpoint exploit analysis
• —Authentication and session attack surface
• —Infrastructure and credential exposure
• —Injection and privilege escalation review

Functional correctness and regression coverage

Verifies that what was built actually works — catches edge cases and failure modes, and confirms new changes haven't broken existing behaviour. FAIL findings block the merge with the same authority as the CTO.

• —Happy-path and edge-case verification
• —Regression coverage assessment
• —State and restart behaviour review
• —Error state and empty state coverage

Scope and prioritisation authority

Defines what gets built and why. Challenges scope creep and blocks features with no clear user value. Ensures every change makes the system more effective, more reliable, or easier to operate — not just interesting.

• —Feature value and scope review
• —Prioritisation and backlog guidance
• —Complexity vs. value trade-off analysis
• —User-outcome framing

UX clarity and information hierarchy

Owns the user experience across all surfaces. Reviews all UI/UX changes for clarity, visual hierarchy, information density, and interaction quality. CRITICAL UX failures — missing error states, broken information hierarchy, inaccessible controls — block merge.

• —Visual hierarchy and information density
• —Error state and empty state review
• —Mobile-first interaction assessment
• —Accessibility and tap-target compliance

Android architecture, Kotlin, Jetpack Compose

Owns the Android app — architecture, Kotlin code quality, Jetpack Compose UI, WorkManager, and EncryptedSharedPreferences. Reviews any change that touches the app layer or the contract between app and server API.

• —Kotlin and Compose code review
• —EncryptedSharedPreferences and credential safety
• —WorkManager and background job correctness
• —App-to-server contract validation

Material You, Compose UX, adaptive layout

Owns the visual design and interaction patterns of the Android app. Reviews UI layout, navigation, component choice, visual hierarchy, and copy. Material You first — custom drawing is a last resort.

• —Material 3 component compliance
• —Adaptive layout and WindowSizeClass review
• —Dark mode and contrast ratio audit
• —Thumb-zone ergonomics and tap targets

Swift, SwiftUI, App Store compliance

Owns the iOS app implementation — Swift/SwiftUI architecture, networking, Keychain, background execution, and App Store compliance. Reviews any proposed iOS feature from an engineering correctness standpoint.

• —Swift/SwiftUI architecture review
• —Keychain and credential safety
• —Sendable and actor concurrency safety
• —BackgroundTasks and App Store compliance

HIG, SwiftUI layout, SF Symbols

Owns the visual design and interaction patterns of the iOS app. Reviews any proposed feature, screen design, or interaction. Native first — users expect iOS patterns. Works alongside the Principal iOS Developer.

• —HIG compliance review
• —Safe area and Dynamic Island discipline
• —Dark mode and semantic colour audit
• —SF Symbols and typography review

Developer docs, API docs, and user-facing content

Owns documentation quality across internal and customer-facing content. Reviews APIs, processes, and user-visible copy for accuracy, clarity, and completeness. Ensures what ships can be understood, supported, and adopted.

• —API and developer documentation review
• —User-facing copy clarity and accuracy
• —Process documentation completeness
• —Onboarding and setup guide coverage