Testing & Security

Migrate Express.js REST APIs to Fastify with automated testing, performance benchmarking, and schema generation. Use when migrating Express applications to Fastify, modernizing Node.js APIs, improving API performance, or when users mention Express to Fastify migration, Fastify conversion, API modernization, or performance optimization of Express apps.

Comprehensive financial analysis workflow covering ratio analysis, trend analysis, benchmarking, and variance analysis. Delivers documented, audit-ready insights.

Create serverless functions on Azure with triggers, bindings, authentication, and monitoring. Use for event-driven computing without managing infrastructure.

Design and implement CI/CD pipelines with GitHub Actions, GitLab CI, Jenkins, or CircleCI. Use for automated testing, building, and deployment workflows.

Gate 4 of development cycle - dispatches 3 specialized reviewers (code, business-logic, security) in parallel for comprehensive code review feedback.

Prevent Cross-Site Scripting (XSS) attacks through input sanitization, output encoding, and Content Security Policy. Use when handling user-generated content in web applications.

Measure relationships between variables using correlation coefficients, correlation matrices, and association tests for correlation measurement, relationship analysis, and multicollinearity detection

Implement OAuth 2.0 authentication flows for CRM API access. Use when authenticating with Salesforce, HubSpot, or other CRM APIs, managing access tokens, refreshing expired tokens, or building OAuth-based integrations.

Apply this repository's coding conventions and patterns. Use when writing or reviewing code in this codebase to ensure consistency with established patterns for DI, logging, error handling, testing, and documentation. Auto-trigger when implementing features, fixing bugs, or reviewing code changes.

Browser automation with Playwright for modern web scraping. Use this skill for scraping JavaScript-rendered pages, handling complex interactions, managing multiple browser contexts, or testing web applications. NOT needed for static HTML parsing or processing already-fetched content.

Graph algorithms for network analysis including shortest paths, cycle detection, and connectivity analysis. Create directed/undirected graphs with weighted edges. Use when modeling currency exchange networks, detecting arbitrage opportunities via negative cycles, finding optimal trading routes, calculating path lengths, analyzing network topology, or working with any connected data structures. Supports Bellman-Ford, Dijkstra, and other graph algorithms.

Comprehensive testing guidelines for Vitest and React Testing Library. Covers quality standards, AAA pattern, naming conventions, branch coverage, and best practices. Reference this skill when creating or updating test code during Phase 2 (Testing & Stories).

Guide for SELinux (Security-Enhanced Linux) security framework. Use when configuring mandatory access controls, troubleshooting permission denials, creating custom policies, or managing security contexts. Covers modes, contexts, booleans, and policy management.

Make HTTP requests to REST APIs with authentication, handle responses, and manage pagination. Use when connecting to external APIs, fetching data from CRM systems, syncing records between services, or implementing OAuth/API key authentication flows.

Comprehensive React component coding guidelines, refactoring principles, and architectural patterns. **CRITICAL**: Focuses on patterns AI commonly fails to implement correctly, especially testability, props control, and component responsibility separation. Reference this skill when implementing or refactoring React components during Phase 2.

QEMU ARM emulation for running ARM binaries and system images on x86 hosts. Use when emulating ARM architecture, running ARM Linux kernels, testing ARM binaries, or creating ARM development environments.

Handle API authentication. Use for Bearer tokens, API keys, OAuth, or Basic auth in requests.

UEFI Secure Boot configuration and key management. Use when signing boot loaders, managing Secure Boot keys, or creating UEFI-compatible bootable media with signature verification.

Work with modern cryptographic primitives including AES, RSA, elliptic curves, and key derivation functions. Use this skill when implementing or breaking modern encryption schemes in CTF challenges.

WebAssembly runtime execution and instantiation. Use when running compiled WebAssembly modules, testing WASM execution, or interfacing with WASM instances from Python.