Testing & Security

Write and run Rust tests using cargo test with unit tests, integration tests, doc tests, and property-based testing. Use when writing Rust tests or setting up test infrastructure.

Browser automation with Playwright for testing and validation. Use when user asks to test a page, verify UI, take screenshots, check responsive design, fill forms, or validate web functionality. Writes and executes custom automation scripts.

Comprehensive Ruby on Rails v8.1 development guide with detailed documentation for Active Record, controllers, views, routing, testing, jobs, mailers, and more. Use when working on Rails applications, building Rails features, debugging Rails code, writing migrations, setting up associations, configuring Rails apps, or answering questions about Rails best practices and patterns.

⚡ AUTO-INVOKE when user asks: 'audit', 'investigate', 'how does X work', 'find all', 'where is', 'trace', 'understand', 'map the codebase', 'comprehensive'. MUST run BEFORE Read/Glob when planning to read 3+ files. Prevents tool familiarity bias toward native tools.

AI-Powered Security Testing Toolkit - Professional penetration testing tools with intelligent agent-empowering capabilities

Use when extracting structured data from websites using Playwright MCP tools, when handling login/authentication flows, when crawling paginated content, or when building scrapers that navigate dynamic SPAs with tabs, accordions, or React/HeadlessUI components

Pre-merge security validation detecting secrets, user-specific paths, insecure SSH configurations, and security-weakening flags

Scan test files for anti-patterns including mesa-optimization, disabled tests, trivial assertions, and error swallowing

Write tests for backend services, APIs, and database access. Use when testing Express/Fastify handlers, services with database calls, or integration tests.

Create secure FastAPI routes for task CRUD with search/filter/sort query params and JWT auth when backend endpoints are needed

Implement minimal code to make failing tests pass (GREEN phase of TDD). Write just enough code to pass tests, no more. Use after red-phase when tests are failing.

Complex skill for testing directory support with nested dirs, binary files, and multiple file types

Standard Go security toolkit: race detector, golangci-lint, Trivy, govulncheck. Zero cost, seamless integration, and OpenSSF-certified security workflow patterns.

Ensure store compliance for WebF apps (remote updates, interpreters, rollout/rollback constraints). Use when the user mentions App Store/Play Store, store compliance, remote updates, or publishing WebF-hosted content.

Generate JWT authentication configuration and utilities for API security. Triggers on "create jwt config", "generate jwt authentication", "jwt setup", "token auth config".

Integration Test E2E 테스트, TestRestTemplate 필수, Test Fixtures 재사용. MockMvc 금지, @Sql 어노테이션 테스트 데이터 설정. Gradle testFixtures 플러그인 활용, ArchUnit 의존성 검증.

Guide for porting code from optaic-v0 to optaic-trading. Use when migrating DataAPI, pipelines, stores, accessors, operators, or expressions into the Resource/Activity architecture. Covers pattern mappings for permission checks, audit trails, and catalog lookups.

WHEN: Kubernetes manifest review, Helm charts, resource limits, probes, RBAC WHAT: Resource configuration + Health probes + Security context + RBAC policies + Helm best practices WHEN NOT: Docker only → docker-reviewer, Terraform → terraform-reviewer

Node.js development standards including jest/vitest, eslint, and prettier. Use when working with JavaScript files, package.json, or npm/pnpm.

Better Auth JWT verification for Python/FastAPI backends. Use when integrating Python APIs with a Better Auth TypeScript server via JWT tokens. Covers JWKS verification, FastAPI dependencies, SQLModel/SQLAlchemy integration, and protected routes.