bugbash

Deep bug bash—broader negatives, more concurrency/soak where safe, mandatory residual-risk section

Short smoke bug bash—primary paths and a few negative checks only

Load **`bugbash-core`** with the **Skill** tool and run a bug bash for this project.

Use when you want a subagent focused on HTTP/GraphQL/gRPC-style surfaces, CLIs that behave like APIs, webhooks, and contract boundaries—not primary browser UX. Examples: "Hammer the REST checkout endpoints with bad auth and race conditions" or "Negative test the webhook receiver and idempotency keys."

Generalist bug-bash subagent for mixed surfaces when you want one agent to explore APIs, UI, and CLI in scope together—charter is reproduce and report, not fix. Use when splitting api vs ui is not worth it (small feature, tight scope). Examples: user wants one agent to "walk the whole onboarding funnel including API and web" in a single pass.

Use when you want a subagent focused on browser or native UI flows, navigation, forms, and client-visible state—not deep API contract matrices. Examples: "Break the multi-step wizard" or "Double-submit and back-button every form in the settings area."

Core bug-bash workflow with mission brief, intensity modes, risk triage, evidence bars, and structured outputs—running system first, code second; find and reproduce, do not fix unless asked.

Use when the user wants to find bugs, stress-test, QA, exploratory-test, or verify behavior by exercising the running system—not for routine implementation, refactors, or fix-focused debugging unless they ask to switch modes after findings exist.