Testing & Security

Testing patterns for Vercel AI SDK including mock providers, streaming tests, tool calling tests, snapshot testing, and test coverage strategies. Use when implementing tests, creating test suites, mocking AI providers, or when user mentions testing, mocks, test coverage, AI testing, streaming tests, or tool testing.

Systematic UI testing using Playwright for GAO-Dev web interface. Provides patterns for testing layouts, interactions, and visual regressions. Use when testing web interface changes or verifying UI bug fixes.

Tests JavaScript and TypeScript applications with Jest test runner including mocking, snapshot testing, and code coverage. Use when setting up testing, writing unit tests, or when user mentions Jest, test runner, or JavaScript testing.

Repository discovery and development commands for Soracom repos. Use when cloning repos, running builds/tests, or identifying which repos a feature affects.

Find and attach the newest screenshot PNG in ~/temp/screenshots. Use when a user asks to locate, show, or attach the latest screenshot or wants the newest PNG from the screenshots folder.

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

Writing Probitas scenarios. MUST BE USED when writing/editing E2E tests, creating scenarios, or working with *.probitas.ts files.

Building and deploying Expo React Native apps to iOS. Use when configuring EAS Build, submitting to TestFlight, App Store deployment, managing certificates, or troubleshooting build issues.

This skill should be used when the user asks to "write specs", "create spec", "add RSpec tests", "fix failing spec", or mentions RSpec, describe blocks, it blocks, expect syntax, test doubles, or matchers. Should also be used when editing *_spec.rb files, working in spec/ directory, planning implementation phases that include tests (TDD/RGRC workflow), writing Testing Strategy or Success Criteria sections, discussing unit or integration tests, or reviewing spec output and test failures. Comprehensive RSpec and FactoryBot reference with best practices, ready-to-use patterns, and examples.

Comprehensive Spring Boot 3.x best practices for building scalable, maintainable enterprise applications with Jakarta EE. Use this skill when creating Spring Boot applications, designing REST APIs, implementing security, writing tests, or architecting Spring Boot projects. Covers Controller-Service-Repository patterns, validation, error handling, testing strategies, performance optimization, and production-ready configurations.

Use when reviewing plugin quality, auditing plugins, analyzing the marketplace, checking plugins against Anthropic standards, or evaluating plugin architecture - provides systematic analysis methodology with validation framework

Nodemon JSON configuration templates and validation logic for development server hot-reload. Includes 5 required standards (watch patterns, exec command, ignore patterns, development settings, required dependencies). Use when creating or auditing nodemon.json files to enable automatic server restart on file changes.

Expert Node.js guidance for fetching and integrating RSS feeds and REST APIs. Use when requests mention Fetch, RSS, API, REST endpoints, Atom feeds, pagination, authentication, rate limits, webhooks, or when building API clients that ingest feed data.

Use when writing narrative memos, 6-pagers, 1-pagers, press releases, or PRFAQs in Amazon style. Applies Amazon's no-PowerPoint writing standards with data over adjectives, active voice, and the "so what" test.

Auth0 security specialist covering attack protection, multi-factor authentication, token security, sender constraining, and compliance. Use when implementing Auth0 security features, configuring attack defenses, setting up MFA, or meeting regulatory requirements.

CI/CD pipelines as merge gates. Tests, security scans, and linting must pass before code reaches production. Automated validation that satisfies auditors.

Orchestrates comprehensive GitHub API access across all services. Intelligently routes API operations to specialized resource files covering authentication, repositories, issues/PRs, workflows, security, and more. Use when implementing GitHub integrations, automating operations, or building applications that interact with GitHub.

Create comprehensive Selenium test scripts using the 3-agent workflow (planner → architect → scripter). Use this when the user asks to create selenium tests, write test scripts, test a page with selenium, automate testing workflows, or needs selenium page objects.

Validate test suite quality using mutation testing with mutmut or cosmic-ray to detect weak tests, calculate mutation scores, and improve test coverage. Use when validating test effectiveness, achieving high test quality, or detecting tests that pass but don't validate behavior.

Implements Passport.js authentication middleware with local, OAuth, and JWT strategies for Express/Node.js. Use when building Node.js APIs, implementing custom auth flows, or needing flexible authentication strategies.