Testing & Security

Screenshot capture, organization, and comparison for QA testing. Use when taking screenshots during test execution to ensure proper naming, organization, and traceability back to test cases.

QuantConnect backtesting API usage and Phase 3 decision integration (project)

Execute end-to-end test scenarios for the D&D 5E terminal game using terminal-control MCP. This skill should be used when the user requests running test scenarios, creating new test scenarios, or debugging game functionality through automated testing. Requires terminal-control MCP server to be installed and running.

Implement secure authentication with JWT, sessions, OAuth, and password hashing. Use when adding login/logout, token auth, or integrating OAuth providers.

Test-Driven Development for Rust. Use when creating new functionality, writing tests, or fixing bugs through the Red-Green-Refactor TDD cycle.

Level 2 patterns - vulns, lic, sbom, doctor (security, compliance, environment health)

Use when working on the Miden compiler (`midenc` / `cargo miden`), debugging failing tests or implementing compiler changes, and you need a Miden VM MASM execution trace to understand the stack state after each instruction. Covers `MIDENC_TRACE=executor=trace` (typically with `cargo make test -- --no-capture ...`).

Automatically wraps verbose commands (pytest, ruff, builds) with silent execution for context-efficient output. Use this proactively when running tests, linters, formatters, or build commands to minimize context usage while preserving error information.

Sensitive data patterns for security testing: API keys, credit cards, emails, SSNs, phone numbers, IPs, and more. Use for data discovery and validation.

Activates when reviewing code to identify quality issues, security vulnerabilities, and suggest improvements

Execute tests from persistent test cases. Reads ./tests/ directory, runs cleanup, wallet setup (if Web3), executes tests, and generates report.

Network security, cryptography, vulnerability assessment, and ethical hacking.

Execute shell commands in persistent, stateful VT100 terminal sessions. WHEN: User needs to "run a command", "execute shell", "build project", "run tests", "deploy", system administration. WHEN NOT: Simple file operations (use fs_* tools), reading known files (use fs_read_file).

Comprehensive guidance for writing high-quality unit tests in Java projects using JUnit 5 and AssertJ. Use when writing unit tests, creating test classes, or need guidance on mocking strategies, assertions, test builders, or JUnit 5 best practices. Requires JUnit 5, AssertJ, and Mockito dependencies.

Yeni özellikler geliştirirken mimari uyum, performans etkileri ve best practices önerileri sunar. İstekte bulunduğunuzda özellikleri implement eder ve testlerini yazar.

Master end-to-end testing with Playwright and Cypress to build reliable test suites that catch bugs, improve confidence, and enable fast deployment. Use when implementing E2E tests, debugging flaky tests, or establishing testing standards.

Эксперт по container registry. Используй для настройки ECR, Harbor, Docker Hub, image security и CI/CD интеграции.

Test at extremes (1000x bigger/smaller, instant/year-long) to expose fundamental truths hidden at normal scales

Master ABP Framework patterns including repository pattern, unit of work, domain services, application services, authorization, multi-tenancy, background jobs, and distributed events. Use when: (1) building ABP-based applications with DDD architecture, (2) creating CRUD services with Entity, AppService, DTOs, validators, (3) handling authorization/permissions, (4) generating ABP module code.

Validate and audit CSV data for quality, consistency, and completeness. Use when you need to check CSV files for data issues, missing values, or format inconsistencies.