Testing & Security

Activates when generating unit tests, integration tests, or test cases for code

Research Maven dependency updates with breaking changes, release notes, and security information

Implement comprehensive testing strategies using Jest, Vitest, and Testing Library for unit tests, integration tests, and end-to-end testing with mocking, fixtures, and test-driven development. Use when writing JavaScript/TypeScript tests, setting up test infrastructure, or implementing TDD/BDD workflows.

This skill should be used when the user asks to "implement with TDD", "write tests first", "do test-driven development", or as Phase 5 of the /dev workflow. Enforces RED-GREEN-REFACTOR cycle with mandatory test-first approach.

Park Golf Platform 통합 테스트 가이드. API 테스트, 서비스 간 통신 테스트, E2E 테스트 실행 방법 안내. "통합테스트", "integration", "API 테스트", "서비스 테스트" 관련 질문 시 사용합니다.

Provides architecture knowledge for the dealflow-network project including tRPC router patterns, Drizzle ORM conventions, authentication flow, file organization, and collaborative contact system. Use when working on this codebase, adding features, or understanding existing patterns.

Systematic code review covering quality, security, performance, and architecture using PAL MCP. Use for pull request reviews, code audits, or pre-commit validation. Triggers on review requests, PR reviews, or code quality checks.

Automated test case generation specialist that creates comprehensive unit tests, integration tests, and test scenarios from code, requirements, or specifications across multiple testing frameworks

Plan and manage security evidence collection for compliance audits and assessments. Use this skill to identify required evidence, track collection status, and ensure audit readiness.

Generate and manage database seed data for development and testing. Use when developers need realistic test data, database migrations with initial data, or automated seeding for local environments. Supports PostgreSQL, MySQL, SQLite with Faker-based data generation and relationship management.

Frontend-backend integration patterns, CORS configuration, API contract validation, and build hygiene for full-stack TypeScript applications. Use when integrating separate services or debugging cross-origin issues.

Test web applications for security vulnerabilities including SQLi, XSS, command injection, JWT attacks, SSRF, file uploads, XXE, and API flaws. Use when pentesting web apps, analyzing authentication, or exploiting OWASP Top 10 vulnerabilities.

Use this skill when performing QA reviews of the Planted website (Astro frontend at localhost:4321), Admin Dashboard V2 (localhost:5175), or production sites (planted.com, admin.planted.com). Orchestrates visual inspection, console/network error detection, accessibility auditing, Core Web Vitals measurement, and interactive testing using Chrome DevTools MCP.

Full 9-phase workflow for complex features, epics, and security-critical changes (2-4 hours)

QuantConnect walk-forward validation and Phase 5 robustness testing (project)

Expert knowledge in Flutter Riverpod state management (2025 best practices). Use when working with Riverpod, Flutter state management, AsyncNotifier, provider types, code generation with riverpod_generator, state synchronization, or when the user mentions data fetching, mutations, reactive state, performance optimization, or testing in Flutter apps. Covers AsyncNotifierProvider patterns, repository architecture, autoDispose, family providers, and common anti-patterns to avoid.

Handles user authentication, profile management, and personalized features using BetterAuth for the Physical AI & Humanoid Robotics textbook.

Overview of protected quality thresholds and quick reference for all quality tools. Use when you need to understand quality metrics, run comprehensive quality checks, or learn which specialized skill to use. For specific issues, use dedicated skills (deptrac-fixer for Deptrac, complexity-management for PHPInsights, testing-workflow for coverage).

Scaffold Next.js App Router routes for simple pages without forms or complex logic. Use when user needs "create a page", "add route", "add about/contact/terms page", "create API endpoint", "add layout", or mentions SSE/webhooks. Generates page, layout, loading, error, and not-found files with boilerplate. Best for static content, read-only pages, and API endpoints (REST, SSE, webhooks). Do NOT use for forms with validation (use worldcrafter-feature-builder), complete features with database (use worldcrafter-feature-builder), database-only changes (use worldcrafter-database-setup), or comprehensive testing (use worldcrafter-test-generator).

Run and verify frontend tests for the React/Vite application.