Testing & Security

Browser automation with Playwright. Use for web testing, form filling, file uploads, screenshots. Daemon-based for persistent browser state.

This skill should be used when the user asks to "create a React component", "use React hooks", "handle state", "implement forms", "use useOptimistic", "use useActionState", "create Server Components", "add interactivity", or discusses React patterns, component architecture, or state management. Always use the latest React version and modern patterns.

Virtual test environment for Claude Code hooks, plugins, and agents. Use when testing or validating plugin components without affecting production.

Python development. Use when writing Python code, CLI tools, scripts, or services. Emphasizes stdlib, type hints, pytest toolchain, and minimal dependencies.

Analyze Claude Code plugins for quality, DX, and architecture. Use when "review plugin quality", "audit plugins", "analyze the marketplace", "check plugins against Anthropic standards", "improve plugin design", or evaluating plugin architecture. Provides systematic analysis methodology with validation framework.

Comprehensive User Acceptance Testing (UAT) automation for H2 Tank Designer (proagentic-dfx). Executes 30 critical smoke tests covering requirements entry, 3D visualization, analysis panels, compliance, validation, and export. Uses Chrome DevTools browser automation with mandatory screenshot analysis. Captures screenshots AFTER processes complete, analyzes each with detailed descriptions, updates report incrementally. Use when validating H2 Tank Designer functionality with evidence-based testing.

Use TDD workflow (Red-Green-Refactor-Validate) when creating or modifying any business logic, use cases, or domain code. MANDATORY for all implementations. Apply when user requests new features, bug fixes, or refactoring that involves testable code.

Pure logic and math testing with Vitest. Use for single-point assertions on functions, state transitions, and physics calculations. Auto-apply when editing *.test.ts files (except *Progressions.test.ts).

Intelligently debug and fix bugs with a repro-first approach. Use when the user reports a bug, unexpected behavior, or asks to fix an issue. Establishes reproducible test cases before fixing.

Test REST and GraphQL APIs for authentication bypasses, authorization flaws, IDOR, mass assignment, injection attacks, and rate limiting issues. Use when pentesting APIs or testing microservices security.

Use when working with unit tests in any capacity - reading, writing, updating, planning, evaluating, or reviewing tests - applies TDD principles with focused test coverage, filtering out redundant tests while ensuring critical paths, edge cases, and state changes are verified

Generate a STRIDE-based security threat model for a repository. Use when setting up security monitoring, after architecture changes, or for security audits.

Supabase test harness patterns including local Supabase setup, test user creation via Auth Admin API, RLS testing, migration testing (db_reset), seed sequences, rate limiting, and environment detection. Use when setting up Supabase testing infrastructure, creating test users, troubleshooting Supabase test failures, or implementing RLS validation. Triggers on: supabase test setup, test user creation, supabase local testing, RLS testing, migration testing, supabase test harness, auth test helpers.

PARAMOUNT security gate that scans for sensitive data before public releases. Detects absolute paths, API keys, instance files, and private information. Use when preparing cherry-picks to public repo, releasing versions, or reviewing contributions.

Use this skill when creating comprehensive testing strategies for applications. Provides test planning templates, coverage targets, test case structures, and guidance for unit, integration, E2E, and performance testing. Ensures robust quality assurance across the development lifecycle.

This skill should be used when the user asks about "Python code style", "type hints", "structlog logging", "how to log", "code organization", "testing patterns", "error handling", or needs guidance on Python development best practices, project conventions, or coding standards for this project.

Harness Platform administration including delegates, RBAC, connectors, secrets, templates, policy as code (OPA), user management, audit logs, and governance

AI-powered enterprise web application testing orchestrator with Context7 integration, intelligent test generation, visual regression testing, cross-browser coordination, and automated QA workflows for modern web applications

Senior-level development guidance for this project. Use when writing code, implementing features, refactoring, reviewing code architecture, or when best practices and security considerations are needed. (project)

Write comprehensive unit tests for Laylder using Vitest. Use when creating tests for lib/ functions, schema validation, canvas utilities, or any business logic. Follows AAA pattern and project testing conventions.