Testing & Security

Reviews code changes in the Nick Stack codebase, checking for tech stack patterns, security, type safety, and best practices. Use when reviewing PRs, commits, or code changes.

Conducts comprehensive UI/UX and accessibility audits of React components and pages. Use when reviewing designs for quality, checking WCAG compliance, verifying responsive behavior, or validating color contrast. Triggers on audit requests, accessibility checks, or design reviews.

Implement comprehensive input validation on server-side with complementary client-side validation for user experience, using allowlists, type checking, and sanitization to prevent injection attacks. Use this skill when validating user inputs, form data, API requests, file uploads, query parameters, or any external data entering the application. Apply this skill when implementing server-side validation as the primary security layer, adding client-side validation for immediate user feedback, validating data types and formats, checking ranges and required fields, sanitizing inputs to prevent SQL injection and XSS attacks, using allowlists over blocklists, providing field-specific error messages, or enforcing business rules at appropriate application layers. This skill ensures validation happens at all entry points consistently, security is never dependent on client-side checks alone, users receive helpful immediate feedback, and data integrity is maintained through multiple layers of validation.

Data validation and pipeline testing utilities for ML training projects. Validates datasets, model checkpoints, training pipelines, and dependencies. Use when validating training data, checking model outputs, testing ML pipelines, verifying dependencies, debugging training failures, or ensuring data quality before training.

Generate comprehensive coverage report with requirement traceability mapping. Shows coverage per REQ-*, gaps, trends, and recommendations. Use for status dashboards, quality reviews, or compliance audits.

Garante que as alterações de código no Daylyou são pequenas, seguras e testáveis.

Analyze the codebase for security vulnerabilities, including dependency issues, improper data handling, and configuration risks.

Analyze and improve Claude Code skills against best practices. Supports scope keywords (project/global/all) to target current project skills, ~/.claude/skills/, or both. Default is project-only. Evaluate SKILL.md quality using a 100-point rubric. Activated when users mention "improve skill", "analyze skill", "audit skills", or need to refactor existing skills.

Master security principles, cryptography, compliance frameworks, and secure development practices. Use when securing applications, implementing authentication/authorization, or ensuring regulatory compliance.

Provides a complete solution for JWT-based authentication in FastAPI applications. Use this skill when a user wants to add secure token-based authentication to their FastAPI project. This skill handles JWT creation, decoding, signature and expiration verification, password hashing, and custom claims. It includes patterns for login endpoints, protected routes using dependencies, role-based access control decorators, token refresh mechanisms, and middleware-based validation.

Run a bootc build test and report results. Builds a bootc container image, optionally creates a disk image, and downloads the artifact.

Two-phase workflow that generates explicit YAML plan before execution, with approval gates and checkpointing. Use for complex multi-file changes, refactoring, bug fixes with dependencies, or any task where mistakes are costly. Achieves 90% first-pass success rate vs ad-hoc changes. Provides audit trail, rollback capability, and explicit approval points. Triggers on "refactor", "multi-step", "plan then execute", "complex changes", "safe refactoring".

Gera FakeBuilders para agregados DDD usando Chance.js seguindo padrão do projeto com PropOrFactory, type augmentation e dados realistas para testes.

provides response when codeword "FLAMINGO" appears in instructions

This skill should be used when the user requests to scaffold, create, or initialize a full-stack Next.js application with a modern tech stack including Next.js 16, React 19, TypeScript, Tailwind CSS v4, shadcn/ui, Supabase auth, Prisma ORM, and comprehensive testing setup. Use it for creating production-ready starter templates with authentication, protected routes, forms, and example features. Trigger terms scaffold, create nextjs app, initialize fullstack, starter template, boilerplate, setup nextjs, production template, full-stack setup, nextjs supabase, nextjs prisma.

Эксперт по S3 политикам. Используй для IAM policies, bucket permissions, cross-account access и security best practices.

Build AI chat interfaces with custom backends, authentication, and context injection.Use when integrating chat UI with AI agents, adding auth to chat, injecting user/page context,or implementing httpOnly cookie proxies. Covers ChatKitServer, useChatKit, and MCP auth patterns.NOT when building simple chatbots without persistence or custom agent integration.

Documentation organization, maintenance, and cleanup.USE WHEN: organizing docs, cleaning project root, updating documentation,checking for redundancy, maintaining docs structure.NOT FOR: technical implementation (use relevant technical skill).Examples:<example>Context: User added documentation to wrong location.user: "I added a new API doc file to the root directory"assistant: "I'll use docs-keeper to organize it in the proper docs/ location."<commentary>File organization is docs-keeper responsibility.</commentary></example><example>Context: User needs to update docs after code changes.user: "I modified the auth system and need to update the docs"assistant: "I'll use docs-keeper to update the authentication documentation."<commentary>Documentation updates are docs-keeper responsibility.</commentary></example>

Implement robust error handling with user-friendly messages, fail-fast validation, specific exception types, and proper resource cleanup across the application. Use this skill when writing try-catch blocks, throwing or catching exceptions, implementing error boundaries, handling API errors, or managing error states in any part of the codebase. Apply this skill when validating inputs early (fail fast), providing clear actionable error messages to users without exposing security details, using specific exception types rather than generic errors, implementing centralized error handling at appropriate boundaries, designing for graceful degradation, implementing retry logic with exponential backoff, or ensuring resources are cleaned up in finally blocks. This skill ensures errors are caught and handled appropriately, user experience remains positive even when errors occur, security is maintained by not leaking sensitive information, and systems continue operating or degrade gracefully when non-critical services fa

Complete TRUST 4 principles guide covering Test First, Readable, Unified, Secured. Validation methods, enterprise quality gates, metrics, and November 2025 standards. Enterprise v4.0 with 50+ software quality standards references.