Testing & Security

Playwright 기반 TDD 개발을 지원합니다. 테스트 작성, 실행, 디버깅을 자동화하고 테스트가 통과할 때까지 반복 개발합니다. 사용자가 "TDD로 개발", "Playwright 테스트 작성", "테스트 통과시켜"와 같은 요청을 할 때 사용합니다.

Audits code against CI/CD style rules, quality guidelines, and best practices, then rewrites code to meet standards without breaking functionality. Use this skill after functionality validation to ensure code is not just correct but also maintainable, readable, and production-ready. The skill applies linting rules, enforces naming conventions, improves code organization, and refactors for clarity while preserving all behavioral correctness verified by functionality audits.

GitLab CI/CD pipeline patterns including testing stages, Docker builds, caching strategies, secrets management, deployment patterns (blue-green, canary, rolling), and rollback procedures. Use when creating .gitlab-ci.yml, optimizing CI performance, setting up deployment pipelines, or troubleshooting CI failures.

Comprehensive system design skill for creating professional software architecture specifications. Use this skill when asked to design systems (e.g., "Design a chat application", "Design an e-commerce platform", "Create system architecture for X"). Generates complete technical specifications with architecture diagrams, database schemas, API designs, scalability plans, security considerations, and deployment strategies. Creates organized spec folders with all documentation following professional software engineering standards, from high-level overview down to detailed implementation specifications.

Implement RxJS patterns for reactive programming in Angular. Use this skill when working with Observables, operators, subscriptions, async data flows, and error handling. Covers common patterns like combineLatest, switchMap, debounceTime, catchError, retry logic, and integration with Angular Signals using toSignal() and toObservable(). Ensures proper subscription cleanup with takeUntilDestroyed().

WHEN: Infrastructure security audit, secrets management, network policies, compliance checksWHAT: Secrets scanning + Network policies + IAM/RBAC audit + Compliance validation + Security hardeningWHEN NOT: Application security → security-scanner, Docker only → docker-reviewer

Use after completing file changes - strongest for source code (AST-aware linting, security, tests), lighter support for markdown/config. Dispatches CodeRabbit reviewer subagent. ALWAYS request review before considering work complete.

Enterprise-grade FastAPI development covering complete full-stack architecture with Next.js/React frontend, Neon Serverless PostgreSQL, SQLModel ORM, security hardening, payment integrations (Stripe, JazzCash, EasyPaisa), async patterns, real-time features, microservices, and production deployment. Use when building APIs, integrating with databases, implementing authentication/authorization, payment systems, real-time functionality, or deploying to production.

Optimizes GitHub Actions CI/CD workflows through test sharding, intelligent caching, and workflow parallelization. Use when CI execution time exceeds limits, costs are too high, or workflows need parallelization.

Creates testable acceptance criteria in Given/When/Then format for user stories

Review security of command execution, tool permissions, and API key handling. Use when user mentions "security review", "audit", "check security", "vulnerabilities", or before deploying to production.

Execute the complete TestFlight deployment workflow for this Flutter iOS app. Use when the user asks to deploy, release, publish, or upload the app to TestFlight, or says things like "deploy to testflight", "release a new build", "push to beta testers", or "upload to app store connect".

WordPress security best practices and vulnerability prevention patterns. Use when reviewing WordPress code for security issues, writing secure WordPress code, or checking for common vulnerabilities like SQL injection, XSS, CSRF, and authentication issues.

Python unit testing patterns for pytest, including test file structure, fixtures, mocks, and coverage strategy. Use when asked to write tests (unit/integration) for any Python module, function, class, or method.

Fastify Node.js expert for .ts API files, REST endpoints, routes, middleware, handlers, PostgreSQL, SQL queries, pg.Pool, Zod schemas, validation, authentication, authorization, async/await, database connections, camelCase, type safety, error handling

Use when working on the Miden compiler (`cargo miden`, `cargo-miden`) and its integration test suite, debugging compiler issues or failing tests, or implementing compiler changes and you need to inspect intermediate artifacts. Covers `MIDENC_EMIT` (the environment-variable equivalent of `--emit`) for emitting WAT/HIR/MASM (and related outputs), plus `MIDENC_EMIT_MACRO_EXPAND` for dumping macro-expanded Rust via `cargo expand` for integration-test fixtures.

Comprehensive PostgreSQL configuration and usage analysis for Rails applications. Use when Claude Code needs to analyze a Rails codebase for database performance issues, optimization opportunities, or best practice violations. Detects N+1 queries, missing indexes, suboptimal database configurations, anti-patterns, and provides actionable recommendations. Ideal for performance audits, optimization tasks, or when users ask to "analyze the database", "check for N+1 queries", "optimize PostgreSQL", "review database performance", or "suggest database improvements".

전체 SEMO 패키지 통합 품질 감사. Use when (1) 전체 패키지 품질 점검, (2) Agent/Skill/Command 표준 준수 검토, (3) 비효율적 구조 탐지, (4) 정기 감사 수행.

Use when creating or editing skills, before deployment, to verify they work under pressure and resist rationalization - applies RED-GREEN-REFACTOR cycle to process documentation by running baseline without skill, writing to address failures, iterating to close loopholes

Create optimized Dockerfiles with multi-stage builds, security hardening, layer caching, and health checks. Includes docker-compose patterns for development and production environments.