Steal these agents.
paw ships a core 18 agents. This is the wider roster they come from: 42 in all, the rest worth building yourself. Recipes to chain them, and a prompt to find the ones only you need. A menu, not a spec.
The roster
Jobs worth handing to a narrow, well-scoped agent, grouped by where they earn their keep. The ones tagged in paw ship in the box. The rest are yours to build.
Research
Maps an unfamiliar repo: entry points, data flow, and where the risky code lives.
Finds how this was already solved, in your own history and the wider ecosystem.
Reads the issues, docs, and threads and assembles what the feature actually needs to do.
Pulls apart a competitor's product or docs and reports what they do differently.
Reads a third-party API's docs and hands back the exact calls, auth, and gotchas.
Plan
Turns a spec into a system: components, boundaries, data flow, and the risks up front.
Turns the architecture into a numbered, executable plan with acceptance tests.
Stress-tests the plan for gaps, optimistic assumptions, and hand-waved steps.
Turns a messy issue, PDF, or Slack thread into one clean spec everyone can build from.
Design
Checks new UI against your existing colors, spacing, and components so it matches the rest of the app.
Reviews front-end markup, component states, and responsive behavior.
Writes the microcopy: button labels, empty states, and errors that sound human.
WCAG pass: keyboard, focus, contrast, semantic HTML, and alt text.
Build
Implements one task test-first in an isolated worktree, then refactors.
Designs safe schema changes: expand, backfill, contract. No destructive one-shots.
Integrates parallel branches and resolves conflicts by merge, never rebase.
Generates the boring boilerplate for a new module to your house conventions.
Review
Correctness, edge cases, error handling, naming, and unclear intent on the diff.
Hunts latent bugs: races, off-by-one, null deref, overflow, time-of-check issues.
N+1 queries, unbounded fetches, sync work in async paths, heavy renders.
Flags public-API changes that will break the people who depend on you.
Empty catches, swallowed errors, and fallbacks that hide real failures.
Comments that lie, comments that just narrate, and the missing 'why'.
Security
OWASP Top 10 on the diff: injection, broken access control, SSRF, XSS, secrets.
SOC 2 readiness: access controls, logging, encryption in transit and at rest.
CVEs, licenses, and supply-chain risk in anything new you pulled in.
Hunts hardcoded keys, tokens, and credentials before they reach git history.
Maps the attack surface of a new feature before a line of it is written.
Test & QA
Runs the suite, isolates new failures, and flags code that shipped without a test.
Finds tests that pass and fail without a code change, and quarantines them.
Exercises the seams between systems, where the demo-proof bugs hide.
Finds the changed lines that shipped without a single test touching them.
Ship
Updates the README, migration guide, and examples to match what you just built.
Turns the commits into user-facing release notes people will actually read.
Writes the rollback procedure before you ship, not during the incident.
Opens the PR with the full audit trail and waits for a human to approve the merge.
Ops & risk
Flags irreversible or high-blast-radius steps before anyone runs them.
Prices the change: new crons, full-table scans, LLM calls, edge invocations.
Checks that new code emits enough logs, metrics, and traces to debug at 2am.
Takes over when things derail: halts the mess, preserves forensics, escalates.
Compares what shipped against what was actually asked for, and flags the drift.
Reads the intent check and spawns follow-up work for whatever the plan missed.
Recipes by role
Chaining beats any single agent. A few starting points, one per hat you might wear. Read the arrows as "then".
Have the front-end reviewer check the markup and states, the accessibility auditor catch the keyboard and contrast gaps a demo hides, then docs-writer produce the usage example your team will copy.
Architect drafts the approach, devils-advocate pokes holes in it before you commit, and product-intent-checker confirms the result still matches what you actually asked for.
Run the review trio in parallel on the diff, then the test suite, then write the rollback before you ship. Three passes, and you sleep.
Risk-assessor flags the blast radius, cost-estimator prices the cloud spend, and gap-detector shows what the plan is quietly missing. A one-page decision brief, no meeting.
Bug-auditor hunts the latent stuff, flake-detector quarantines tests that lie, and integration-tester checks the seams between systems where real failures live.
Find your gaps
The best agent to build next is the one that encodes a judgment you already make by hand. Paste this into Claude (or any capable model) pointed at your own work, and let it find them.
Look at my last two weeks: commits, PR comments, and the mistakes I keep catching by hand in review. What repetitive judgment am I applying manually that an agent could encode for me? Propose 3 agents I do not have yet. For each: a name, its one-line job, the tools and permissions it would need, and the specific gap it fills. Rank them by how much time they would save me.
Standing on shoulders
Billed as the agent harness performance optimization system for Claude Code and beyond, it opened my eyes to what was possible and got this whole rabbit hole started. A good number of the ideas above trace straight back to it. Thank you.
github.com/affaan-m/ecc