Testing & Security

Write and run Python tests using pytest with fixtures, mocking, coverage, and the AAA pattern. Use when writing Python tests, creating test files, or setting up pytest configuration.

Understanding GitHub Actions secret types, storage hierarchy, and threat model. Secure patterns for managing credentials, tokens, and sensitive configuration.

Review existing tests for completeness, quality issues, and common mistakes

Detects unsafe signed/unsigned integer conversions that can lead to integer overflow and security check bypasses. Use when analyzing integer operations, comparisons, or investigating conversion-related vulnerabilities.

Integration testing patterns for ABP Framework APIs using xUnit and WebApplicationFactory. Use when: (1) testing API endpoints end-to-end, (2) verifying HTTP status codes and responses, (3) testing authorization, (4) database integration tests.

Manage Cloudflare infrastructure including DNS records, zones, SSL/TLS, caching, firewall rules, Workers, Pages, and analytics. Use when working with Cloudflare APIs, creating or modifying DNS records, managing domain security, purging cache, deploying Workers/Pages, or analyzing traffic. Created by After Dark Systems, LLC.

This skill provides comprehensive knowledge for integrating Neon serverless Postgres and Vercel Postgres (which is built on Neon infrastructure) into web applications. It should be used when setting up serverless Postgres databases, configuring connection pooling for edge and serverless environments, implementing database branching workflows, or troubleshooting Postgres connection issues in Cloudflare Workers, Vercel Edge Functions, or Node.js serverless functions.Use this skill when:- Setting up Neon Postgres for Cloudflare Workers, Vercel Edge, or serverless environments- Configuring Vercel Postgres for Next.js applications- Implementing database branching workflows (git-like database branches)- Integrating Drizzle ORM or Prisma with Neon/Vercel Postgres- Debugging connection pool errors, transaction timeouts, or SSL configuration issues- Migrating from D1/SQLite to Postgres or from traditional Postgres to serverless Postgres- Setting up point-in-time restore (PITR) or database backups- Encounteri

Expert-level C# unit testing skill based on ISTQB standards and best practices. Use this skill when creating, reviewing, or refactoring unit tests for C# applications (.NET/ASP.NET Core). Applies test design techniques, coverage strategies, and quality assurance principles from ISTQB Foundation and Advanced levels.

Design and implement RESTful APIs, GraphQL endpoints, and backend API architecture following modern standards. Use this skill when creating or modifying API endpoints, route handlers, controllers, API middleware, authentication/authorization logic, or any files that define HTTP endpoints such as routes.py, api.js, controllers/, endpoints/, or API specification files (OpenAPI/Swagger). Apply this skill when implementing API versioning, rate limiting, request/response handling, API documentation, or when working with API gateway configurations. This skill is essential for building scalable, secure, and well-documented APIs that follow RESTful principles, handle errors gracefully, and provide consistent developer experiences across microservices and serverless architectures.

Find existing packages before writing custom code. Uses context7 and websearch to discover battle-tested solutions, maximizes package usage to minimize custom code and complexity. Use when implementing features, adding functionality, or when user requests new capabilities.

Connect to and interact with Azure Blob Storage (ADLS Gen2). Use when working with Azure blob storage, listing containers, reading files, uploading data, or when user mentions Azure storage, blob containers, or ADLS. Handles authentication, container operations, and blob management.

Martin Fowler's refactoring catalog with incremental change patterns and test-driven refactoring discipline

Do experiment-driven research (hypotheses → minimal repros → evidence) and continuously improve research skills + tooling. Use when behavior is uncertain, contested, or performance-sensitive.

README.md documentation templates and validation logic for MetaSaver monorepos. Includes repository type detection (library vs consumer), required sections (Title, Description, Installation, Usage, Scripts), and line count guidance (consumer 75-100 lines, library 150-200 lines). Use when creating or auditing README.md files at monorepo root.

Follow project-wide development conventions for file organization, version control, documentation, and dependency management. Use this skill when organizing project directories and files, writing README documentation, creating commit messages, working with git branches, managing pull requests, configuring environment variables, handling secrets and API keys, managing project dependencies, setting up feature flags, maintaining changelogs, defining testing requirements, establishing code review processes, or structuring the overall project architecture. Apply this skill when setting up new projects, refactoring project structure, working with version control, managing configuration files, or ensuring the project follows consistent organizational patterns and best practices.

ABP Framework cross-cutting patterns including authorization, background jobs, distributed events, multi-tenancy, and module configuration. Use when: (1) defining permissions, (2) creating background jobs, (3) publishing/handling distributed events, (4) configuring modules.

Enterprise AI security patterns - LLM vulnerabilities, prompt injection defense, guardrails, PII protection, and OWASP LLM Top 10 mitigations

Work with imp.lib and imp.gits for Nix flake development. Use when working with imp.lib directory imports, imp.gits multi-repo injection, .d fragment directories, flake-parts integration, or when the user mentions imp, imp.lib, imp.gits, or asks about directory-based Nix configuration.

Apply Command Query Responsibility Segregation (CQRS) and Event Sourcing (ES) for collaboration-heavy domains that require strong auditability and independent scaling of reads and writes.

Backend API authentication patterns with Clerk JWT middleware and route protection. Use when building REST APIs, GraphQL APIs, protecting backend routes, implementing JWT validation, setting up Express middleware, or when user mentions API authentication, backend security, JWT tokens, or protected endpoints.