Testing & Security

Use when writing narrative memos, 6-pagers, 1-pagers, press releases, or PRFAQs in Amazon style. Applies Amazon's no-PowerPoint writing standards with data over adjectives, active voice, and the "so what" test.

Auth0 security specialist covering attack protection, multi-factor authentication, token security, sender constraining, and compliance. Use when implementing Auth0 security features, configuring attack defenses, setting up MFA, or meeting regulatory requirements.

CI/CD pipelines as merge gates. Tests, security scans, and linting must pass before code reaches production. Automated validation that satisfies auditors.

Orchestrates comprehensive GitHub API access across all services. Intelligently routes API operations to specialized resource files covering authentication, repositories, issues/PRs, workflows, security, and more. Use when implementing GitHub integrations, automating operations, or building applications that interact with GitHub.

Create comprehensive Selenium test scripts using the 3-agent workflow (planner → architect → scripter). Use this when the user asks to create selenium tests, write test scripts, test a page with selenium, automate testing workflows, or needs selenium page objects.

Validate test suite quality using mutation testing with mutmut or cosmic-ray to detect weak tests, calculate mutation scores, and improve test coverage. Use when validating test effectiveness, achieving high test quality, or detecting tests that pass but don't validate behavior.

Implements Passport.js authentication middleware with local, OAuth, and JWT strategies for Express/Node.js. Use when building Node.js APIs, implementing custom auth flows, or needing flexible authentication strategies.

Expert on Aptos blockchain, Move language, smart contracts, NFTs, DeFi, and Aptos development. Triggers on keywords aptos, move, blockchain, smart contract, nft, defi, web3, mainnet, testnet, devnet

Comprehensive Citrix environment health assessment and diagnostics. Use when analyzing Citrix site health, checking VDA registration status, verifying Delivery Controller services, assessing StoreFront availability, or performing environment audits. Covers infrastructure health, database connectivity, resource utilization, and component status verification.

API authentication patterns, SDK installation scripts, environment variable management, and connection testing for ElevenLabs. Use when setting up ElevenLabs authentication, installing ElevenLabs SDK, configuring API keys, testing ElevenLabs connection, or when user mentions ElevenLabs authentication, xi-api-key, ELEVENLABS_API_KEY, or ElevenLabs setup.

Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries.

Validate Kubernetes manifests, Helm charts, and Dapr configs against security and governance rules. Use when: (1) Generating K8s manifests, (2) Creating Helm charts, (3) Building Docker configurations, (4) Reviewing Dapr components, (5) After any infrastructure code generation, (6) Before deployment reviews. Validates container security, RBAC policies, resource limits, Dapr standards, and network policies.

Write BDD scenarios in Gherkin format (Given/When/Then) in pure business language. Use when creating acceptance tests, user story scenarios, or stakeholder-readable specifications.

Use picocom to interact with IoT device UART consoles for pentesting operations including device enumeration, vulnerability discovery, bootloader manipulation, and gaining root shells. Use when the user needs to interact with embedded devices, IoT hardware, or serial consoles.

Develop React applications for VS Code Webview surfaces. Use when working on the `webview-ui` package, creating features, components, or hooks for VS Code extensions. Includes project structure, coding guidelines, and testing instructions.

Run build processes, test suites, deployments, and development servers in monitored tmux sessions with persistent logging. Use when executing long-running tasks that need background execution with real-time monitoring, or when running commands like npm build, pytest, deployment scripts, or dev servers that should continue running while you work on other tasks.

Guide AI assistants through Gray Swan MITM challenges using Playwright browser automation to interact with AI agent intermediaries. Use when working on Gray Swan Machine-in-the-Middle CTF challenges.

Tailwind CSS configuration template and validation logic for tailwind.config.js or tailwind.config.ts with src/index.css directives. Includes 5 required standards (required content paths for scanning, must extend default theme not replace, required plugins array, file naming convention for .js or .ts, required dependencies). Ensures proper PostCSS integration and Tailwind directive setup. Use when creating or auditing tailwind.config.js or tailwind.config.ts files for consistent Tailwind CSS setup.

Pod Security Standards and admission controllers for GKE. Runtime monitoring with Falco and behavioral analysis to detect anomalous workload activity.

Crea commits git con verificación obligatoria de calidad. Ejecuta dart analyze, format y tests antes de commitear.