Testing & Security

Enforce comprehensive verification and testing before declaring completion. Use when implementing features, making changes, or completing tasks. Prevents insufficient verification (FP-10).

Assists with code review by analyzing code changes for quality, best practices, security, and potential issues. Activates after implementing code features, bug fixes, or refactorings. Provides structured feedback with critical issues, suggestions, and positive highlights.

Comprehensive code review skill for TypeScript, JavaScript, Python, Swift, Kotlin, Go. Includes automated code analysis, best practice checking, security scanning, and review checklist generation. Use when reviewing pull requests, providing code feedback, identifying issues, or ensuring code quality standards.

Phase 5 of disciplined development. Validates system against original requirements through system testing and user acceptance testing (UAT). Uses structured stakeholder interviews to gather sign-off and traces defects back to research or design phases.

CodeGenAgent スキル - Claude Sonnet 4によるAI駆動コード生成。 GitHub Issueの内容を解析し、TypeScriptコード・ユニットテスト・型定義を自動生成。 Use when: - 新しいコードを生成する時 - Issue内容からコード実装が必要な時 - TypeScript/Vitestテストの自動生成が必要な時 - BaseAgentパターンに従った実装が必要な時 - "コード生成", "実装", "feature", "bug fix" がキーワードに含まれる時

Generic DigitalOcean droplet deployment using doctl CLI for any application type (APIs, web servers, background workers). Includes validation, deployment scripts, systemd service management, secret handling, health checks, and deployment tracking. Use when deploying Python/Node.js/any apps to droplets, managing systemd services, handling secrets securely, or when user mentions droplet deployment, doctl, systemd, or server deployment.

React Native mobile development patterns for authentication, platform-specific issues, navigation, and SDK integration. Use when debugging React Native apps, fixing iOS/Android issues, handling auth flows, or integrating native SDKs.

Test LogiDocs Certify features from customer persona perspectives. Use when the user wants to test features as a customer, get simulated feedback, review UI from user perspective, or mentions "test as Aftrac", "test as Sirius", "customer feedback", "user testing", or "persona review".

Kailash Kaizen - production-ready AI agent framework with signature-based programming, multi-agent coordination, and enterprise features. Use when asking about 'AI agents', 'agent framework', 'BaseAgent', 'multi-agent systems', 'agent coordination', 'signatures', 'agent signatures', 'RAG agents', 'vision agents', 'audio agents', 'multimodal agents', 'agent prompts', 'prompt optimization', 'chain of thought', 'ReAct pattern', 'Planning agent', 'PEV agent', 'Tree-of-Thoughts', 'pipeline patterns', 'supervisor-worker', 'router pattern', 'ensemble pattern', 'blackboard pattern', 'parallel execution', 'agent-to-agent communication', 'A2A protocol', 'streaming agents', 'agent testing', 'agent memory', 'agentic workflows', 'AgentRegistry', 'OrchestrationRuntime', 'distributed agents', 'agent registry', '100+ agents', 'capability discovery', 'fault tolerance', 'health monitoring', 'trust protocol', 'EATP', 'TrustedAgent', 'trust chains', 'secure messaging', 'enterprise trust', 'credential rotation', 'trust verification', or 'cross-organization agents'.

Create mocks using mockall and trait-based abstractions. Use when unit testing code with external dependencies.

Production-ready Express.js development covering middleware architecture, error handling, security hardening, testing strategies, and deployment patterns

Generate comprehensive test suites following the test pyramid: static analysis → unit → integration → E2E. LOAD THIS SKILL WHEN: User says "寫測試", "test", "測試", "TG", "coverage", "覆蓋率", "pytest", "unittest", "驗證" | wants test generation | asks about testing strategy | needs coverage report | code review requires tests | before release/deployment. CAPABILITIES: pytest configuration, mypy/ruff/bandit static analysis, parametrized tests, fixtures/conftest, async testing, httpx API tests, Playwright E2E, coverage reports (pytest-cov), CI integration, test data factories (factory-boy/faker).

Comprehensive guide for Test-Driven Development (TDD) methodology. Use this skill when the user asks to implement features using TDD, write tests first, follow red-green-refactor cycle, or develop code with test-first approach. Also use when user mentions TDD, unit testing workflow, or wants to refactor code with test coverage.

Generate Docker and Traefik deployment configurations for any application (Node.js, Python, Go, Rust, Java). Creates Dockerfile, docker-compose.yml, docker-compose.for-traefik.yml overlay, and .env.sample with production best practices. Use when: dockerize app, containerize, add Docker, deploy with Traefik, reverse proxy setup, HTTPS/SSL, Let's Encrypt certificates, production deployment, docker-compose setup. Requires: Docker, docker-compose.

Core WordPress testing procedures and patterns for browser-based plugin testing. Use when testing WordPress plugins, logging into WordPress admin, verifying plugin activation, or navigating WordPress UI.

Type hints, dataclasses, async patterns, testing with pytest, and modern Python tooling

Clerk session handling, JWT verification, token management, and multi-session workflows. Use when implementing session validation, JWT claims customization, token refresh patterns, session lifecycle management, or when user mentions session errors, authentication tokens, JWT verification, multi-device sessions, or session security.

Comprehensive code review skill for FastAPI projects. Analyzes codebase against industry best practices covering async patterns, project structure, Pydantic usage, dependency injection, database patterns, testing, and performance. Generates detailed refactor plans with prioritized recommendations. Use when reviewing FastAPI projects, auditing code quality, planning refactors, or ensuring adherence to FastAPI/async best practices.

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

Apply when setting up the development environment, running dev server, building, testing, or deploying the extension. Covers npm commands, CORS configuration, debugging, and deployment to ChurchTools.