Testing & Security

Performance Auditor - Metrics expert, monitoring specialist, and optimization targeter

OWASP Top 10, vulnerability scanning, security best practices

Architecture patterns for rRNA-Phylo project including FastAPI backend design, service organization, async task processing with Celery, Pydantic schemas, testing with pytest, Biopython integration, and API design conventions. Covers project structure, dependency injection, error handling, and configuration management.

Testing, performance optimization, security, and Play Store deployment. Use when shipping production apps.

Configure Vitest for unit and integration testing. Use when setting up a test framework, when no test runner is detected, or when the user asks to configure testing.

Guide for implementing DefectDojo - an open-source DevSecOps, ASPM, and vulnerability management platform. Use when querying vulnerabilities, managing findings, configuring CI/CD pipeline imports, or working with security scan data. Includes MCP tools for direct API interaction.

Use Functional Core, Imperative Shell pattern to isolate deterministic business logic from side-effect orchestration for improved testability.

Manage iOS delivery builds to QC testing with GitLab pipeline creation and issue management. Supports develop, delivery, bugfix, and redelivery modes. Use when "create delivery", "delivery build", "build for qc", "send to testing", or "deliver build".

Comprehensive code review assistant that analyzes code for security vulnerabilities, performance issues, and code quality. Use when reviewing pull requests, conducting code audits, or analyzing code changes. Supports Python, JavaScript/TypeScript, and general code patterns. Includes automated analysis scripts and structured checklists.

Searching internet for technical documentation using llms.txt standard, GitHub repositories via Repomix, and parallel exploration. Use when user needs: (1) Latest documentation for libraries/frameworks, (2) Documentation in llms.txt format, (3) GitHub repository analysis, (4) Documentation without direct llms.txt support, (5) Multiple documentation sources in parallel

Use when user says "verify story", "check acceptance criteria", "validate implementation", "is story ready", or asks to verify that an implemented story meets its acceptance criteria - parses acceptance criteria from story description, verifies each with test/code evidence, generates pass/fail report, and updates story status based on results.

SwiftプロジェクトのビルドとテストをXcodeコマンドラインで実行（iOS/macOS対応）。Use when: ビルド、テスト、xcodebuild、swift test を依頼された時。

Generates test cases, creates mocks, identifies edge cases, analyzes coverage gaps, and supports property-based, mutation, and contract testing. Use when writing tests, improving coverage, detecting flaky tests, or implementing advanced testing strategies.

Expert on Shelby Protocol smart contracts on Aptos blockchain. Helps with blob metadata, micropayment channels, auditing system, storage commitments, placement group assignments, Move modules, and on-chain state management. Triggers on keywords Shelby smart contract, Shelby Move, blob metadata, micropayment channel, Shelby auditing, placement group assignment, storage commitment, Aptos contract.

Structured framework for evaluating GitHub Actions security before adoption. Trust tiers, risk assessment checklist, and decision tree for action evaluation.

Write Vitest unit tests and browser mode component tests for TypeScript projects. Use when asked to write tests, create test files, add test coverage, fix failing tests, test React components with browser mode, or work with Vitest testing patterns. Handles both unit testing with Given-When-Then pattern and React component testing with vitest-browser-react.

Tests JavaScript and TypeScript applications with Vitest including unit tests, mocking, coverage, and React component testing. Use when writing tests, setting up test infrastructure, mocking dependencies, or measuring code coverage.

Analyze existing PHPUnit test failure logs without running tests. Use when:- User says "fix the test failures" (after manually running tests)- User says "what tests are failing?"- User points to specific log file- Tests were run outside Claude's contextDelegates to fixer agent (sonnet) to find logs, parse failures, and implement fixes.Does NOT execute tests - use phpunit-runner for that.

Use when writing Python tests, setting up test suites, or implementing testing best practices. Covers pytest, fixtures, mocking, and test-driven development.

Intelligence-first code analysis for bugs, architecture, performance, and security. Use proactively when investigating code issues, tracing dependencies, or understanding system behavior. MUST query project-intel.mjs before reading files.