Testing & Security

Expert PM validation for increment closure with 3-gate quality checks (tasks, tests, documentation). Acts as final quality gate before closing increments. Validates task completion, test coverage, documentation updates, and detects scope creep. Activates for /done command, increment closure, close increment, validate increment, completion check, quality gate, PM approval, ready to close, scope creep detection, release validation, increment validation.

.NET/C# backend developer for ASP.NET Core APIs with Entity Framework Core. Builds REST APIs, minimal APIs, gRPC services, authentication with Identity/JWT, authorization, database operations, background services, SignalR real-time features. Activates for: .NET, C#, ASP.NET Core, Entity Framework Core, EF Core, .NET Core, minimal API, Web API, gRPC, authentication .NET, Identity, JWT .NET, authorization, LINQ, async/await C#, background service, IHostedService, SignalR, SQL Server, PostgreSQL .NET, dependency injection, middleware .NET.

Node.js/TypeScript backend developer. Builds Express.js, Fastify, NestJS APIs with Prisma ORM, TypeORM, Mongoose. Implements REST APIs, GraphQL, authentication (JWT, session, OAuth), authorization, database operations, background jobs, WebSockets, real-time features, API validation, error handling, middleware. Activates for: Node.js, NodeJS, Express, Fastify, NestJS, TypeScript backend, API, REST API, GraphQL, Prisma, TypeORM, Mongoose, MongoDB, PostgreSQL with Node, MySQL with Node, authentication backend, JWT, passport.js, bcrypt, async/await, promises, middleware, error handling, validation, Zod, class-validator, background jobs, Bull, BullMQ, Redis, WebSocket, Socket.io, real-time.

Comprehensive unit testing expertise covering Vitest, Jest, test-driven development (TDD), mocking strategies, test coverage, snapshot testing, test architecture, testing patterns, dependency injection, test doubles (mocks, stubs, spies, fakes), async testing, error handling tests, parametric testing, test organization, code coverage analysis, mutation testing, and production-grade unit testing best practices. Activates for unit testing, vitest, jest, test-driven development, TDD, red-green-refactor, mocking, stubbing, spying, test doubles, test coverage, snapshot testing, test architecture, dependency injection, async testing, test patterns, code coverage, mutation testing, test isolation, test fixtures, AAA pattern, given-when-then, test organization, testing best practices, vi.fn, vi.mock, vi.spyOn, describe, it, expect, beforeEach, afterEach.

Lightning Web Components development skill with PICKLES architecture methodology, component scaffolding, wire service patterns, event handling, Apex integration, GraphQL support, and Jest test generation. Build modern Salesforce UIs with proper reactivity, accessibility, dark mode compatibility, and performance patterns.

Advanced SOQL skill with natural language to query generation, query optimization, relationship traversal, aggregate functions, and performance analysis. Build efficient queries that respect governor limits and security requirements.

Coding standards discovery and documentation expert. Analyzes codebase to detect naming conventions, patterns, anti-patterns, and best practices. Generates or updates coding standards documentation in .specweave/docs/internal/governance/. Detects ESLint/Prettier configs, analyzes TypeScript/JavaScript patterns, finds security issues, and creates evidence-based standards with confidence levels. Activates for analyze coding standards, discover conventions, code style analysis, detect patterns, coding guidelines, what are the standards, code quality check, naming conventions, linting rules, best practices analysis, standards audit, code review standards, detect anti-patterns.

Code review expert for security vulnerabilities, performance, and best practices. Activates for review code, code review, security review, PR review, pull request review, check my code, code quality, vulnerability scan, OWASP, code analysis, static analysis.

Salesforce data operations expert with 130-point scoring. Use when writing SOQL queries, creating test data, performing bulk data operations, or importing/exporting data via sf CLI.

Comprehensive Salesforce testing skill with test execution, code coverage analysis, and agentic test-fix loops. Run Apex tests, analyze coverage, generate test patterns, and automatically fix failing tests with 120-point scoring.

Comprehensive Playwright end-to-end testing expertise covering browser automation, cross-browser testing, visual regression, API testing, mobile emulation, accessibility testing, test architecture, page object models, fixtures, parallel execution, CI/CD integration, debugging strategies, and production-grade E2E test patterns. Activates for playwright, e2e testing, end-to-end testing, browser automation, cross-browser testing, visual testing, screenshot testing, API testing, mobile testing, accessibility testing, test fixtures, page object model, POM, test architecture, parallel testing, playwright config, trace viewer, codegen, test debugging, flaky tests, CI integration, playwright best practices.

Enterprise-grade compliance architecture for SOC 2, HIPAA, GDPR, PCI-DSS. Provides compliance checklists, security controls, audit guidance, and regulatory requirements for serverless and cloud architectures. Activates for compliance, HIPAA, SOC2, SOC 2, GDPR, PCI-DSS, PCI DSS, regulatory, healthcare data, payment card, data protection, audit, security standards, regulated industry, BAA, business associate agreement, DPIA, data protection impact assessment.

Visual regression testing expert using Playwright snapshots, Percy, Chromatic, BackstopJS, and pixel-diff analysis. Covers baseline management, responsive testing, cross-browser visual testing, component visual testing, and CI integration. Activates for visual regression, screenshot testing, visual diff, Percy, Chromatic, BackstopJS, pixel comparison, snapshot testing, visual testing, CSS regression, UI looks different, layout changed, style regression, component looks wrong, responsive breakpoints, cross-browser differences, screenshot comparison, baseline update, approve changes, Storybook visual tests, design QA, pixel perfect, UI drift, visual bugs.

Run GDUnit4 tests for Godot projects. Use after implementing features, fixing bugs, or modifying GDScript files to verify correctness.

Python backend developer for FastAPI, Django, Flask APIs with SQLAlchemy, Django ORM, Pydantic validation. Implements REST APIs, async operations, database integration, authentication, data processing with pandas/numpy, machine learning integration, background tasks with Celery, API documentation with OpenAPI/Swagger. Activates for: Python, Python backend, FastAPI, Django, Flask, SQLAlchemy, Django ORM, Pydantic, async Python, asyncio, uvicorn, REST API Python, authentication Python, pandas, numpy, data processing, machine learning, ML API, Celery, Redis Python, PostgreSQL Python, MongoDB Python, type hints, Python typing.

Provisions infrastructure on Hetzner Cloud with Terraform/Pulumi. Generates IaC code for CX11/CX21/CX31 instances, managed Postgres, SSL configuration, Docker deployment. Activates for deploy on Hetzner, Hetzner Cloud, budget deployment, cheap hosting, $10/month hosting.

Generates or updates an AGENTS.md file by scanning a repository for structure, commands, tests, and conventions. Use when a user asks to create or improve `AGENTS.md` for a repository.

Executes the /clarify phase using AskUserQuestion tool to resolve ambiguities through structured questions (≤3), prioritization, and answer integration. Use when spec.md contains [NEEDS CLARIFICATION] markers, when requirements need disambiguation, or when running /clarify command to resolve critical scope/security/UX ambiguities before planning. (project)

Use for testing tasks including test strategy design, writing Vitest unit/integration tests, ensuring coverage, and exploring edge cases. Activate when creating tests, reviewing test coverage, or designing test strategies.

Guides manual staging validation before production deployment through smoke tests, critical user flow testing, data migration verification, and rollback capability checks. Use when validating staging deployments, running pre-production tests, or preparing for production promotion in staging-prod deployment model. (project)