Testing & Security

Format concise, actionable test plans for Jira tickets using existing fptest tools and minimal MongoDB operations

Build production-grade FastAPI backends with SQLModel, Dapr integration, and JWT authentication.Use when building REST APIs with Neon PostgreSQL, implementing event-driven microservices withDapr pub/sub, scheduling jobs, or creating CRUD endpoints with JWT/JWKS verification.NOT when building simple scripts or non-microservice architectures.

TLA+ formal verification for modeling and verifying concurrent algorithms and distributed systems.Use when asked about: TLA+, formal verification, model checking, verify algorithm, verify spec,check invariants, race condition analysis, concurrency model, TLC, Apalache, formal spec,temporal logic, prove correctness, state machine verification, model concurrent, TOCTOU,double-check locking, create TLA spec, run TLC, explain counterexample, verify safety,liveness property, deadlock detection, formal methods.Capabilities: Create specs from templates, run TLC/Apalache, generate CI pipelines,check code-spec drift, explain counterexamples, generate tests from invariants.

Test iOS apps using AXe CLI for accessibility auditing, UI automation, and simulator control. Use when testing iOS Simulator apps, automating UI interactions, recording test videos, or auditing accessibility labels and VoiceOver support.

Use when testing Android apps on ADB-connected devices/emulators - UI automation, screenshots, location spoofing, navigation, app management. Triggers on ADB, emulator, Android testing, location mock, UI test, screenshot walkthrough.

Generates integration tests for system components and workflows

Expert in managing YouTube content using YouTube Data API v3 and yt-dlp. **Use this skill whenever the user mentions 'YouTube', 'video download', 'playlist', 'YouTube videos', 'download from YouTube', or requests to list playlists, search videos, download videos, manage playlists, or any YouTube-related operations.** Handles authentication via OAuth, listing playlists (including Watch Later and Liked Videos), getting playlist items, downloading videos with yt-dlp, searching videos, getting video details, creating/deleting playlists, and adding/removing videos from playlists. (project, gitignored)

Expert skill for implementing Better Auth with JWT tokens and JWKS (JSON Web Key Set) for secure authentication between Next.js frontend and FastAPI backend. Handles JWT token generation, verification, JWKS endpoint setup, and secure API communication. Includes setup for database integration, session management, and user isolation. Use when implementing authentication between frontend (Next.js) and backend (FastAPI) services with JWT tokens and JWKS.

Test data generation patterns using Bogus, test builders, and ABP seeders. Use when: (1) creating realistic test data, (2) implementing test data seeders, (3) building test fixtures, (4) generating fake data for development.

GitHub/Railway housekeeping for CI env/secret management and DX maintenance.Use when setting or auditing GitHub Actions variables/secrets, syncing Railway env → GitHub, or fixing CI failures due to missing env.

This skill should be used when the user asks to "configure Supabase with SQLAlchemy", "set up Supabase async engine", "create Supabase models", "handle Supabase authentication with SQLAlchemy", or "integrate Supabase pooling with SQLAlchemy async patterns". It provides complete Supabase integration patterns for SQLAlchemy with async support, authentication, and connection pooling optimizations.

Generate polished walkthrough videos from Playwright test suites. Runs thematically connected tests with video recording, creates title cards, slows footage for readability, and concatenates into a final demo video.

Generates comprehensive tests with balanced quality and speed

Introduce test-driven development to beginners with simple Flask/Sinatra test examples and TDD concepts

Apply testing patterns like AAA (Arrange-Act-Assert), mocking, fixtures, and parameterization for maintainable test suites

Automatic OWASP security checks on generated code. Use when: any code is generated in the pipeline. Triggers: internal use only.

Execute end-to-end tests for Nikita using Telegram MCP, Gmail MCP, Supabase MCP, Chrome DevTools MCP, and gcloud CLI. Use when verifying implementations, testing user journeys, validating integrations, performing regression testing, or after completing any feature implementation. MANDATORY after /implement completes.

Analyzes vendor security questionnaire responses. Identifies red flags, gaps, and areas requiring follow-up. Supports SIG, CAIQ, and custom questionnaires.

Perform deep, expert-level codebase and architecture audits to identify technical strengths, weaknesses, risks, and opportunities. Use when a user asks for an assessment of a codebase's structure, quality, or readiness for scale. Deliver detailed, actionable, and prioritized recommendations grounded in engineering best practices.

Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.