Testing & Security

Write effective tests with proper structure and coverage. Use when writing unit tests, integration tests, or improving test quality.

Run integration tests after workstreams complete to verify system-level behavior.Triggers after unit tests pass but before code review. Starts required services(via docker-compose), runs integration test suites, and verifies API contracts.Use when:- All workstreams in a plan complete- Unit tests pass- Before code review phase- User asks "run integration tests"If no integration tests exist: Warn but proceed (don't block).

Build production-ready frontend for Morpho Blue lending protocol on Solana. Covers all 26 program instructions across supply/borrow, flash loans, liquidations, authorization, and admin features. Uses Next.js 14, Anchor client, Jupiter wallet adapter, and Kamino-style UI/UX. Integrates with morpho-solana-builder skill for contract understanding.

foundational definitions for GitHub skills, safety rules, tool escalation, and security boundaries

Prettier configuration validation and templates for package.json "prettier" field in MetaSaver monorepos. Includes 4 required standards (prettier field in package.json with string reference only, no separate prettierrc files, prettier in devDependencies, required npm scripts format and format:check). Use when creating or auditing Prettier configs to ensure consistent code formatting via shared library.

Comprehensive Django best practices covering project structure, models (field choices, Meta options, managers, QuerySets, migrations), views (CBVs vs FBVs, generic views), Django REST Framework (serializers, ViewSets, permissions), forms, templates, security (CSRF, XSS, SQL injection), performance (N+1 queries, select_related, prefetch_related, caching), testing, and common anti-patterns. Essential reference for Django code reviews and development.

JavaScript and TypeScript coding standards, conventions, and best practices. Use when writing, reviewing, or testing JS/TS code.

Place test voice calls via Twilio. Use when testing voice features or debugging voice pipeline. Only works if twilio_place_call.py exists in branch.

Homeostatic sensor detecting requirements without implementation or test coverage. Scans for REQ-* keys in requirements docs and checks if they have corresponding code and tests. Use to find coverage gaps.

Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup

Optimizes ProAgentic development environment by cleaning port conflicts, Docker images, memory issues, and test artifacts. Performs aggressive port cleanup, Docker image optimization, memory monitoring, and system health diagnostics. Use before starting development, when app won't start with port errors, when system feels slow, or for weekly maintenance. Provides before/after metrics and health reports.

Specialized knowledge for working with Angular 19 and Nx in the Sentinel monorepo. Use when generating components, running tests/builds, or working with the frontend workspace structure.

Use this skill whenever the user wants to set up, refactor, or optimize Supabase usage in a Next.js (App Router) + TypeScript project, including auth, database, storage, RLS-safe patterns, edge functions, and secure client/server integration.

Comprehensive Ruby and Rails code review using Sandi Metz rules and SOLID principles. Automatically runs rubycritic and simplecov, analyzes changed files in current branch vs base branch, identifies OOP violations, Rails anti-patterns, security issues, and test coverage gaps. Outputs REVIEW.md with VSCode-compatible file links. Use when reviewing Ruby/Rails code, conducting code reviews, checking for design issues, or when user mentions code review, pull request review, or code quality analysis.

Use this skill when contributing code to open source projects. The skill covers proper pull request creation, avoiding common mistakes that annoy maintainers, cleaning up personal development artifacts before submission, writing effective PR descriptions, following project conventions, and communicating professionally with maintainers. It prevents 16 common contribution mistakes including working on main branch, not testing before PR submission, including unrelated changes, submitting planning documents, session notes, temporary test files, screenshots, and other personal artifacts. Includes 3 Critical Workflow Rules that must NEVER be skipped: (1) Always work on feature branches, (2) Test thoroughly with evidence before PR, (3) Keep PRs focused on single feature. The skill includes automation scripts to validate PRs before submission, templates for PR descriptions and commit messages, and comprehensive checklists. This skill should be used whenever creating pull requests for public repositories, contributing

Keycloak identity and access management including realms, clients, authentication flows, themes, and user federation. Activate for OAuth2, OIDC, SAML, SSO, identity providers, and authentication configuration.

Write clear git commits with Conventional Commits format. Detects project conventions from history and config. Guides commit granularity. Use when: (1) Completing working code, (2) Code builds and tests pass, (3) Ready to save, (4) Before pushing, (5) After review feedback. Triggers: automatically when finishing commitable work that builds and passes tests.

Create feature-rich PHP enums following Laravel conventions with SCREAMING_SNAKE_CASE case names, backed enum values (string or int), helper methods for labels and comparisons, validation rules, and comprehensive Pest tests. Use this skill when converting hardcoded strings or magic numbers to type-safe enums, creating categorical data types like statuses, types, roles or categories, adding enum-based validation to forms or APIs, refactoring magic strings into structured types, or defining a fixed set of allowed values in your application. This skill applies when working on files in app/Enums/ directory, creating enum classes, adding enum casts to models, or implementing enum validation rules.

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

JPA Entity Long FK 전략, BaseAuditEntity/SoftDeletableEntity 상속, EntityMapper Domain⇄Entity 변환.JPA 관계 어노테이션(@ManyToOne, @OneToMany) 금지. Lombok 금지, Setter 금지.Entity는 of() static factory method만 public, 생성자는 protected/private.