Testing & Security

MANDATORY for ANY bug, test failure, or unexpected behavior - four-phase systematic framework (root cause investigation, pattern analysis, hypothesis testing, implementation) that ensures understanding before attempting solutions. CONSULT THIS SKILL if you find yourself having to fix bugs, test failures, or unexpected behavior.

Never test mock behavior. Never add test-only methods to production classes. Understand dependencies before mocking.

Replace arbitrary timeouts with condition polling for reliable async tests

Systematically inspect unit and E2E tests to verify they test the right behavior, provide meaningful coverage, and catch real regressions

Evidence-based completion verification for Starwards - run actual npm test commands, check E2E snapshots, verify TypeScript types, and confirm build success before claiming work is complete; evidence before assertions always

Systematic debugging for Starwards - four-phase framework (root cause investigation, pattern analysis, hypothesis testing, implementation) with Colyseus state inspection, Tweakpane debugging, multiplayer sync issues, and monorepo-specific troubleshooting

Guide for testing code changes in AEM Edge Delivery projects including blocks, scripts, and styles. Use this skill after making code changes and before opening a pull request to validate functionality. Covers unit testing for utilities and logic, browser testing with Playwright/Puppeteer, linting, performance validation, and guidance on which tests to maintain vs use as throwaway validation.

npm workspace monorepo workflow for Starwards - build order, module dependencies, watch mode, testing across modules, and avoiding common monorepo pitfalls; core builds first always

Test-driven development for Starwards - write the test first, watch it fail, write minimal code to pass; includes Jest unit tests, Playwright E2E tests, Colyseus state sync, @gameField decorators, Tweakpane UI, and multiplayer scenarios

CODE PHASE (Backend): Server-side implementation patterns and best practices.Provides service layer patterns, API implementation guidance, error handling strategies,data validation approaches, middleware patterns, and backend security practices.Use when: implementing APIs, creating services, handling errors, validating data,building middleware, implementing authentication/authorization.

CODE PHASE (Database): Data layer implementation patterns and best practices.Provides schema design patterns, query optimization strategies, indexing guidelines,data integrity constraints, migration patterns, and database security practices.Use when: designing schemas, writing queries, optimizing performance, planningmigrations, implementing data validation, ensuring data integrity.

CROSS-CUTTING: Security patterns and best practices for ALL PACT phases.Provides OWASP Top 10 guidance, authentication/authorization patterns, input validation,secure coding practices, secrets management, and security testing checklists.Use when: implementing authentication, handling user input, storing secrets,designing authorization, reviewing code for vulnerabilities, planning security tests.

Use this skill to inspect what a Rails page currently displays, extract HTML content, or verify rendering WITHOUT starting a dev server. Useful for understanding page output before making changes, debugging views, searching for content, or testing that pages work correctly. Provides scripts/render.rb for quick page inspection and HTML extraction.

Test Model Context Protocol (MCP) servers using the MCP Inspector CLI with correct syntax

Information about running tests, test coverage, and known testing issues in the Rails application. Use when the user asks about testing procedures, encounters test failures, wants to know about coverage, or needs to troubleshoot intermittent system test issues.

ARCHITECT PHASE: Architectural design patterns, component templates, and system design guidance.Provides proven architectural patterns including microservices, layered architecture,event-driven systems, C4 diagram templates, API contract formats, and design anti-patterns.Use when: designing system architecture, creating component diagrams, defining interfaces,planning component boundaries, choosing architectural patterns, organizing system modules,or when user mentions: architecture, components, system design, diagrams, C4, microservices,API contracts, service boundaries, architectural patterns.Use for: component design, interface definition, system boundaries, dependency management,architecture documentation, design patterns, integration patterns.DO NOT use for: code implementation details, specific framework syntax, database schema design,frontend-specific patterns, testing strategies, or security implementation (use dedicated skills).

TEST PHASE: Testing strategies, patterns, and quality assurance workflows.Provides test strategy frameworks, coverage guidelines, unit/integration/e2e patterns,performance testing approaches, and security testing checklists.Use when: designing test strategies, writing tests, evaluating coverage,planning QA workflows, implementing test automation.

Refactor codebases using Design by Typed Holes methodology - iterative, test-driven refactoring with formal hole resolution, constraint propagation, and continuous validation. Use when refactoring existing code, optimizing architecture, or consolidating technical debt through systematic hole-driven development.

Build mobile-compatible Obsidian study vaults from academic materials with checkpoint workflow and QA. Battle-tested on 800KB+ projects. Works across CS, medicine, business.

How to approach tests, types, lints, and coverage