Testing & Security

Git attributes configuration for cross-platform line ending normalization and file handling. Includes 8 required pattern categories (global auto-detection, source code, shell scripts, Windows files, Docker files, binary files, lock files, generated files). Critical for Windows WSL compatibility. Use when creating or auditing .gitattributes files to prevent line ending issues and binary corruption.

Phoenix controllers, JSON APIs, Channels, and Presence on the BEAM. Covers routing, plugs, versioned APIs, Ecto-backed contexts, PubSub broadcasting, Presence tracking, authentication, testing, telemetry, and deployment considerations.

Create encrypted, verifiable backups with proof receipts (BLAKE3 + ROOT.txt) and mandatory restore drill. Uses age encryption for modern, simple UX. Designed for sovereign EU infrastructure. Use after node-hardening completes. Triggers: 'backup node', 'encrypted backup', 'create backup', 'restore drill', 'generate proof receipts', 'verify backup', 'backup with proof'.

Security requirements, threats, and controls that apply across this system.

Create custom Semgrep rules for vulnerability detection. Use when writing new rules for specific vulnerability patterns, creating org-specific detections, or building rules for novel attack vectors discovered during bug bounty hunting.

REST API best practices, OpenAPI/Swagger patterns, authentication, and error response formats

Security review and implementation support based on OWASP Cheat Sheet Series. Use for code review requests, security-related implementation/research, and vulnerability checks. Covers security topics such as XSS, SQL Injection, CSRF, and authentication/authorization.

Automate QuantConnect cloud backtesting workflow with GitHub integration. Push strategies to QuantConnect cloud, execute backtests, wait for completion, and retrieve performance metrics. This skill should be used when running backtests on QuantConnect cloud or testing trading strategies.

Generate FastAPI endpoint files with Pydantic models, dependency injection, and async handlers. Triggers on "create fastapi endpoint", "generate fastapi router", "python API endpoint", "fastapi route".

Parse OSCAL (Open Security Controls Assessment Language) documents in JSON, YAML, or XML formats and extract structured compliance data. Use this skill when working with security control catalogs, system security plans, component definitions, or other OSCAL document types.

Tests web applications with Playwright including E2E tests, locators, assertions, and visual testing. Use when writing end-to-end tests, testing across browsers, automating user flows, or debugging test failures.

交易员最新指令管理 - AI 代理在每次对话开始时必须检查此 skill, 读取并遵守 docs/最新指令.md 中的指令

Adapt escape room games for global markets (English, Korean, Japanese) with cultural considerations, efficient translation workflows, and language-agnostic design strategies. Handles multilingual template creation, cultural adaptation, and localization testing. Use when preparing games for international audiences or implementing multi-language support.

Expert guidance for ElysiaJS web framework development. Use when building REST APIs, GraphQL services, or WebSocket applications with Elysia on Bun. Covers routing, lifecycle hooks, TypeBox validation, Eden type-safe clients, authentication with JWT/Bearer, all official plugins (OpenAPI, CORS, JWT, static, cron, GraphQL, tRPC), testing patterns, and production deployment. Assumes bun-expert skill is active for Bun runtime expertise.

Guides writing HMR/Dev Server tests in test/bake/. Use when creating or modifying dev server, hot reloading, or bundling tests.

Testing conventions, test runner configurations, coverage requirements, and failure interpretation for the Klassenzeit monorepo.

Build integration tests for data access in the widget host app. Use when setting up test databases, running EF Core migrations for tests, or validating repository behavior end-to-end.

Deep security analysis for Solidity smart contracts with DeFi context

Set up and manage user authentication using Convex Auth with login, signup, password reset, and user profile initialization. Use when implementing auth flows, managing user sessions, initializing user profiles, or handling authentication state.

LangGraph framework skill for implementing SITNOVA's stateful AI operator with StateGraph, tools, and conditional routing for security gate automation.