Testing & Security

Test LogiDocs Certify features from customer persona perspectives. Use when the user wants to test features as a customer, get simulated feedback, review UI from user perspective, or mentions "test as Aftrac", "test as Sirius", "customer feedback", "user testing", or "persona review".

Kailash Kaizen - production-ready AI agent framework with signature-based programming, multi-agent coordination, and enterprise features. Use when asking about 'AI agents', 'agent framework', 'BaseAgent', 'multi-agent systems', 'agent coordination', 'signatures', 'agent signatures', 'RAG agents', 'vision agents', 'audio agents', 'multimodal agents', 'agent prompts', 'prompt optimization', 'chain of thought', 'ReAct pattern', 'Planning agent', 'PEV agent', 'Tree-of-Thoughts', 'pipeline patterns', 'supervisor-worker', 'router pattern', 'ensemble pattern', 'blackboard pattern', 'parallel execution', 'agent-to-agent communication', 'A2A protocol', 'streaming agents', 'agent testing', 'agent memory', 'agentic workflows', 'AgentRegistry', 'OrchestrationRuntime', 'distributed agents', 'agent registry', '100+ agents', 'capability discovery', 'fault tolerance', 'health monitoring', 'trust protocol', 'EATP', 'TrustedAgent', 'trust chains', 'secure messaging', 'enterprise trust', 'credential rotation', 'trust verification', or 'cross-organization agents'.

Create mocks using mockall and trait-based abstractions. Use when unit testing code with external dependencies.

Production-ready Express.js development covering middleware architecture, error handling, security hardening, testing strategies, and deployment patterns

Generate comprehensive test suites following the test pyramid: static analysis → unit → integration → E2E. LOAD THIS SKILL WHEN: User says "寫測試", "test", "測試", "TG", "coverage", "覆蓋率", "pytest", "unittest", "驗證" | wants test generation | asks about testing strategy | needs coverage report | code review requires tests | before release/deployment. CAPABILITIES: pytest configuration, mypy/ruff/bandit static analysis, parametrized tests, fixtures/conftest, async testing, httpx API tests, Playwright E2E, coverage reports (pytest-cov), CI integration, test data factories (factory-boy/faker).

Comprehensive guide for Test-Driven Development (TDD) methodology. Use this skill when the user asks to implement features using TDD, write tests first, follow red-green-refactor cycle, or develop code with test-first approach. Also use when user mentions TDD, unit testing workflow, or wants to refactor code with test coverage.

Generate Docker and Traefik deployment configurations for any application (Node.js, Python, Go, Rust, Java). Creates Dockerfile, docker-compose.yml, docker-compose.for-traefik.yml overlay, and .env.sample with production best practices. Use when: dockerize app, containerize, add Docker, deploy with Traefik, reverse proxy setup, HTTPS/SSL, Let's Encrypt certificates, production deployment, docker-compose setup. Requires: Docker, docker-compose.

Core WordPress testing procedures and patterns for browser-based plugin testing. Use when testing WordPress plugins, logging into WordPress admin, verifying plugin activation, or navigating WordPress UI.

Type hints, dataclasses, async patterns, testing with pytest, and modern Python tooling

Clerk session handling, JWT verification, token management, and multi-session workflows. Use when implementing session validation, JWT claims customization, token refresh patterns, session lifecycle management, or when user mentions session errors, authentication tokens, JWT verification, multi-device sessions, or session security.

Comprehensive code review skill for FastAPI projects. Analyzes codebase against industry best practices covering async patterns, project structure, Pydantic usage, dependency injection, database patterns, testing, and performance. Generates detailed refactor plans with prioritized recommendations. Use when reviewing FastAPI projects, auditing code quality, planning refactors, or ensuring adherence to FastAPI/async best practices.

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

Apply when setting up the development environment, running dev server, building, testing, or deploying the extension. Covers npm commands, CORS configuration, debugging, and deployment to ChurchTools.

⚡ PRIMARY TOOL for: 'comprehensive audit', 'deep analysis', 'full codebase review', 'multi-perspective investigation', 'complex questions'. Combines ALL detective perspectives (architect+developer+tester+debugger). Uses Opus model. REPLACES grep/glob entirely. Uses claudemem v0.3.0 AST with ALL commands (map, symbol, callers, callees, context). GREP/FIND/GLOB ARE FORBIDDEN.

Automated dependency management with security scanning, update orchestration, and compatibility validation

Audits Claude Code hooks for correctness, safety, and performance. Use when reviewing, validating, or debugging hooks, checking exit codes, error handling, or learning hook best practices.

Senior Frontend QA Engineer with 10+ years JavaScript/TypeScript testing experience. Use when writing unit tests for React components, creating integration tests with React Testing Library, testing custom hooks, mocking APIs, or following TDD for frontend.

Build accessible user interfaces with semantic HTML, keyboard navigation, proper color contrast, ARIA attributes, and screen reader support. Use this skill when creating or modifying frontend UI components, HTML templates, JSX/TSX files, forms, interactive elements, modals, navigation menus, or any user-facing interface code. Use this when ensuring keyboard accessibility, adding ARIA labels and roles, providing alt text for images, managing focus states, implementing proper heading hierarchy, testing with screen readers, or ensuring sufficient color contrast ratios. Use this when working on .jsx, .tsx, .vue, .html, or component files that render UI elements.

セキュリティ・エラーハンドリングレビュー - OWASP Top 10、エラー処理、ログ管理を統合評価

Auditar a camada de cache Redis reativa (lettuce), garantindo binding de secrets, TTLs e métricas consistentes no Swarm.