Testing & Security

Comprehensive test-driven development for Terraform providers with iterative co-development of tests, generators, and schemas. NEVER skip development or refactoring - always fix root causes in generators, schemas, or test code. Only skip resources requiring external credentials (AWS/Azure/GCP) or premium licensing. Uses terraform-plugin-testing SDK with modern assertion patterns.

PostgreSQL expert for .sql migration files, CREATE TABLE, ALTER TABLE, indexes, constraints, foreign keys, schema changes, docker/postgres/migrations/, init.sql, idempotent SQL, transactions, BEGIN/COMMIT, psql, database testing, schema_migrations

Execute TDD red-green-refactor cycle with just verify gate. Use when writing new features or fixing bugs that require test coverage.

File-to-agent mapping and manifest generation for composite monorepo audits. Provides dynamic discovery of all config agents, generates structured audit manifests with priority-ordered spawn instructions, and handles library vs consumer repo exclusions. Use when performing root-level composite audits that scan repository for all config files and coordinate parallel agent execution across 26+ config domains.

DDDアーキテクチャでFastAPIのバックエンドを新規実装または既存コードベースをリファクタリングする際のガイド。レイヤー構成（domain/application/infrastructure/controller）、依存方向、責務境界、pydantic/sqlalchemy(sqlmodel)/alembic/pytestの前提、セッション管理（Dependsで1リクエスト1セッション、必要時UoW）を含む。

TypeScript strictest patterns, type guards, optional properties (exactOptionalPropertyTypes), Drizzle query safety, null checks. Use when fixing type errors, implementing complex types, or when user mentions TypeScript/types/generics.

Analyze test coverage, identify gaps, suggest strategic test cases. Use when writing features, after bug fixes, or during test reviews. Ensures comprehensive coverage without over-testing.

Enforces security guardrails for Claude Code. Blocks access to secrets, credentials, and sensitive files. Requires confirmation for network requests and infrastructure changes. Use when accessing files, making network requests, or running infrastructure commands.

Define semantic layer cubes with Drizzle ORM tables, including dimensions, measures, time dimensions, and security context. Use when creating analytics cubes, defining data models, setting up multi-tenant filtering, or working with drizzle-cube semantic layers.

Generate GitHub Actions workflow for beta testing track deployment

Toolkit for interacting with and testing local web applications using Playwright. Supports verifying frontend functionality, debugging UI behavior, capturing browser screenshots, and viewing browser logs.

Guide for testing Firebase Admin SDK with Vitest mocks. Use when writing tests that involve Firebase Auth, Firestore, or Firebase App.

Practical guide for building production ML systems based on Chip Huyen's AI Engineering book. Use when users ask about model evaluation, deployment strategies, monitoring, data pipelines, feature engineering, cost optimization, or MLOps. Covers metrics, A/B testing, serving patterns, drift detection, and production best practices.

Implement n8n credential types including API key, OAuth2, and header-based authentication patterns. Use this skill when creating *.credentials.ts files, implementing ICredentialType interfaces, configuring OAuth2 flows, setting up credential testing, injecting authentication headers, or following credential security best practices. Apply when building any n8n node that requires API authentication, token management, or secure credential handling.

Create a 24-hour tactical market brief from the latest macro and financial news, covering equities, commodities, and macro/FX. Use when asked for a market brief, daily/24h outlook, short-term drivers, or a structured multi-asset summary with JST timestamps and strict short-line formatting.

Write optimized and secure database queries using parameterized queries, eager loading, and proper indexing strategies. Use this skill when writing database queries, constructing SQL statements, using ORM query methods, implementing data fetching logic, preventing SQL injection attacks, optimizing query performance, avoiding N+1 query problems, selecting specific columns instead of all data, implementing transactions for related operations, setting query timeouts, caching expensive queries, or working with WHERE clauses, JOINs, and ORDER BY statements. Apply this skill when fetching data from databases, optimizing slow queries, refactoring data access code, or reviewing query security and performance.

Comprehensive BDD testing with Cucumber and Gherkin syntax. Use when writing feature files (.feature), step definitions, hooks, or implementing Behaviour-Driven Development. Covers Gherkin keywords (Feature, Scenario, Given/When/Then, Background, Scenario Outline, Rule), step definition patterns for Ruby/JavaScript/Java/Python, hooks (Before/After/BeforeAll/AfterAll), tags, data tables, doc strings, and best practices. Triggers on cucumber, gherkin, BDD, feature files, step definitions, acceptance testing, executable specifications.

Review React/TypeScript code against established coding guidelines. Use when reviewing React components, performing code audits, checking for React best practices, anti-patterns, performance issues, or when the user asks to review React code, check code quality, or audit React implementation.

Enforces local testing before any deployment. MUST be used before running vercel, git push, or any deployment command. Prevents deploying untested code.

This skill should be used when the user asks to "write tests", "add unit tests", "create test cases", "test this function", "add test coverage", or discusses testing strategies and test implementation.