Testing & Security

Auditar produtores/consumidores Kafka reativos, tópicos, secrets e observabilidade para os fluxos de resultados.

Verify that implemented code meets acceptance criteria from user stories. Use when validating story completion - performs code inspection, test execution, and manual checks against each AC criterion.

Set up synthetic monitoring with Lighthouse CI and Playwright. Use when implementing automated performance testing, CI/CD performance gates, or proactive monitoring.

Use when reviewing code or PRs in the llama-stack repository (llamastack/llama-stack on GitHub). Provides specialized knowledge about Llama Stack's architecture, testing patterns (recordings folders), backward compatibility requirements, distributed system considerations, and code review focus areas specific to this project.

Application security best practices including OWASP Top 10, authentication, and data protection.

Build GitLab CI/CD pipelines with multi-stage workflows, caching, and distributed runners for scalable automation. Use when implementing GitLab CI/CD, optimizing pipeline performance, or setting up automated testing and deployment.

Guides writing Vitest tests for Chrome extension code. Use when creating tests, improving coverage, or testing Vue components, content scripts, or Chrome APIs.

Verifica que no haya credenciales, secrets o archivos sensibles antes de pushear a GitHub. Busca API keys hardcodeadas, .env con valores reales, y valida .gitignore.

Comprehensive guide for creating effective Claude Code skills with security best practices, CLI-specific features, and structural patterns. Use when creating skills, needing security guidance, understanding skill architecture, or learning best practices.

Comprehensive security engineering skill for application security, penetration testing, security architecture, and compliance auditing. Includes security assessment tools, threat modeling, crypto implementation, and security automation. Use when designing security architecture, conducting penetration tests, implementing cryptography, or performing security audits.

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.

Generate realistic fake content for HTML prototypes. Use when populating pages with sample text, products, testimonials, or other content. NOT generic lorem ipsum.

Grades and improves CLAUDE.md (Claude Code) and AGENTS.md (Codex/OpenCode) configuration files. Use when asked to grade, score, evaluate, audit, review, improve, fix, optimize, or refactor agent config files. Triggers on 'grade my CLAUDE.md', 'score my AGENTS.md', 'is my CLAUDE.md too big', 'improve my agent config', 'fix my CLAUDE.md', 'optimize context usage', 'reduce tokens in CLAUDE.md', or 'audit my config files'. Automatically grades both files if present, generates improvement plan, and implements changes on approval.

Comprehensive change tracking and audit logging system that monitors file modifications, code changes, and project evolution. Use when tracking project history, maintaining audit trails, analyzing development patterns, or when detailed change documentation is required for compliance and team collaboration.. Enhanced with Context7 MCP for up-to-date documentation.

Transforms security audits and vulnerability assessments into prioritized remediation tasks with 15 enrichments (10 universal + 5 security-specific). Use when user says 'format security audit', 'process vulnerabilities', 'convert security findings', 'prioritize security issues', or when detect-input-type returns 'security'. Handles CVE reports, penetration test results, and security scans in .md files. (plugin:task-streams)

Write and run JavaScript/TypeScript tests using Vitest or Jest with mocking, component testing, and coverage. Use when writing JS/TS tests, testing Svelte/React components, or setting up test configuration.

Executes git commands (fetch, rebase, commit, merge, push) following worktree workflow, then monitors ALL resulting deployments with temporal boundaries and cascade detection. After git push, monitors all workflows from the last 5 minutes including cascading workflows (e.g., Test → Deploy chains). Automatically tracks multiple parallel workflows and waits for triggered workflows. Use /devops-check for comprehensive monitoring with automatic fixing. All deployments are triggered by git push, not manual AWS CLI commands.

Use when designing tests, implementing test cases, running tests, analyzing test coverage, or fixing test failures. Apply when user mentions testing, test cases, TDD, coverage, or asks to run tests. Use proactively after implementation is complete to ensure adequate test coverage.

Guide experienced developers through TDD failure scenarios and recovery procedures when tests behave unexpectedly

A skill for generating and seeding realistic test data into a database. Use this skill for tasks related to database seeding, test data generation, and populating a database for development, testing, or demo purposes. It supports idempotent seeding, relationship data generation (e.g., users and their tasks), and environment-specific data sets (dev, test, demo). Triggers: "seed database", "generate test data", "populate db", "database seeding".