Testing & Security

Design and implement REST API integrations with proper error handling, authentication, rate limiting, and testing. Use when building API clients, integrating third-party services, or when users mention API, REST, webhooks, HTTP requests, or service integration.

Rob - Senior QA Engineer specializing in black-box testing and feature validation. Use when testing features against acceptance criteria, validating user requirements, creating test reports, or performing exploratory testing. Also responds to 'Rob' or /rob command.

Creates minimal boilerplate structure for new Web Components in Sando Design System following COMPONENT_ARCHITECTURE.md 7-file pattern. Generates only what developer requests - no assumptions, no dead code. Ask first, then scaffold component files, tests, stories based on requirements.

Validate protection enforcement via pre-commit hooks. Use when building or testing code protection system (PROTECT-002).

Review specifications for completeness, clarity, testability, and quality. Use with --mode quick/standard/thorough to control review depth. Default is thorough (3 consecutive passes). (user)

On-demand TDD guideline access without loading full documentation into context. Provides targeted guidance for RED-GREEN-REFACTOR phases, refactoring decisions, and test quality patterns.

Create and maintain WPF UI tests and ViewModel tests for the .NET 8 widget host app. Use when setting up UI automation, testing MVVM logic, or building a test harness for widgets and the shell.

Expert skill for implementing session management in SSG (Static Site Generation) and SSR (Server-Side Rendering) contexts. Covers stateless authentication with JWT, database session management, client-side session handling, and security best practices for different rendering strategies. Use when implementing session management in static sites (SSG), handling authentication in server-side rendered applications (SSR), or implementing stateless authentication with JWT tokens.

Rastreia fluxos documentais completos no Odoo, executa auditorias financeiras e gerencia conciliacoes bancarias.USAR QUANDO:- Rastrear NF de compra/venda: "rastreie NF 12345", "fluxo da nota 54321"- Rastrear pedido de compra: "rastreie PO00789", "fluxo do pedido de compra"- Rastrear pedido de venda: "rastreie VCD123", "fluxo do VFB456"- Rastrear por parceiro: "documentos do Atacadao", "fluxo do fornecedor Vale Sul"- Rastrear por CNPJ: "rastreie 18467441000123"- Rastrear por chave NF-e: "rastreie 3525..."- Ver titulos e conciliacoes: "pagamentos da NF 12345", "titulos do PO00789"- Verificar devolucoes: "devolucao da NF 54321", "nota de credito"- Auditoria de faturas de compra: "auditoria faturas novembro", "faturas fornecedores"- Auditoria de extrato bancario: "extrato bancario 2024", "conciliacao bancaria"- Mapeamento de vinculos: "extratos sem vinculo", "titulos soltos", "faturas sem pagamento"- Vincular extrato com fatura via Excel: "processar planilha de vinculacao", "conciliar via Excel"NA

This skill provides comprehensive knowledge for implementing Cloudflare Turnstile, the CAPTCHA-alternative bot protection system. It should be used when integrating bot protection into forms, login pages, signup flows, or any user-facing feature requiring spam/bot prevention. Turnstile runs invisible challenges in the background, maintaining excellent user experience while blocking automated traffic.Use when: Adding bot protection to forms, implementing login security, protecting API endpoints from abuse, migrating from reCAPTCHA/hCaptcha, encountering CSP errors with Turnstile, handling token validation failures, implementing E2E tests with Turnstile, integrating with React/Next.js/Hono applications, or debugging error codes 100*, 300*, 600*.Keywords: turnstile, captcha, bot protection, cloudflare challenge, siteverify, recaptcha alternative, spam prevention, form protection, cf-turnstile, turnstile widget, token validation, managed challenge, invisible challenge, @marsidev/react-turnstile, hono turnstil

Browser automation, testing, and debugging using Chrome DevTools. Use when users want to take screenshots, test websites, debug UI, inspect network requests, check console errors, or automate browser interactions.

Navegação e teste conversacional de aplicações web usando Chrome DevTools. Permite testar sites através de comandos naturais em português, com suporte a contexto do Neo4j e integração automática com hooks de validação.

Expert code review for Python, microservices, security, and production best practices. Automatically activated when code review is needed to identify bugs, security issues, and quality problems.

Documentation production methodology with DRY principles. Covers 8 document types (GUIDE, INCIDENT, SESSION, AUDIT, RECHERCHE, etc.), naming conventions, and YAML metadata.

Provides svc_unit.sv testbench framework, macros (TEST_CLK_NS, CHECK_EQ, etc.), and template. Triggers when creating or modifying _tb.sv files.

MANDATORY skill for running tests and lint after EVERY code change. Focuses on adherence to just commands and running tests in parallel. If tests fail, use test-fixer skill.

Develop and balance game mechanics for CryptoTribes - battles, territories, units, tribes, resources, and real-time systems. Use when implementing gameplay features, balancing formulas, testing game logic, or working with MongoDB schemas. Triggers on "game logic", "battle system", "balance", "territories", "units", "tribes".

Expert skill for implementing authentication in Docusaurus static sites. Handles FastAPI backend setup for authentication, JWT token management, and secure API communication. Includes setup for static site generation, client-side authentication, and user data protection. Use when adding authentication to Docusaurus static sites, implementing FastAPI backend for authentication services, or securing API routes with JWT tokens in static site context.

Homeostatic actuator that tags code, tests, and commits with REQ-* keys for traceability. Adds "# Implements:" tags to code and "# Validates:" tags to tests. Use when code or tests are missing requirement tags.

GSAP animation best practices for web design - scroll triggers, performance optimization, accessibility, responsive animations, and testing integration. Use when implementing or reviewing animations on WordPress or any web project.