測試與安全

Define services, provide layers, compose dependencies, and switch live/test. Use for DI boundaries and app composition.

Guide experienced developers through REFACTOR phase of TDD cycle - improving code quality while maintaining green tests

Use CloudBase HTTP API to access CloudBase platform features (database, authentication, cloud functions, cloud hosting, cloud storage, AI) via HTTP protocol from backends or scripts that are not using SDKs.

Best practices for creating and updating Claude Code skills including YAML frontmatter structure, description patterns for discoverability, content organization, progressive disclosure, and testing strategies. Use when creating new skills or updating existing skills to follow proven patterns.

⚡ PRIMARY TOOL for: 'what's tested', 'find test coverage', 'audit test quality', 'missing tests', 'edge cases', 'test patterns'. Uses claudemem v0.3.0 AST with callers analysis for test discovery. GREP/FIND/GLOB ARE FORBIDDEN.

Ensure optimal haptic feedback throughout the app. Use when adding interactions, reviewing code, or auditing haptics usage. Keywords: haptics, feedback, vibration, touch, UX, interaction.

Security risk assessment from specifications, manuals, and design documents. Threat modeling (STRIDE/DREAD), asset identification, risk matrix generation, and CRA pre-compliance evaluation. Use for upstream security analysis before implementation. Triggers on: risk assessment, threat modeling, security review, design review, specification analysis, STRIDE, DREAD, attack tree, security requirements, pre-implementation security.

Implement comprehensive input validation on both client and server sides with clear error messages, type checking, and sanitization to prevent security vulnerabilities. Use this skill when validating user input, implementing form validation, checking data types and formats, sanitizing input to prevent injection attacks (SQL, XSS, command injection), validating business rules, providing field-specific error messages, implementing server-side validation for all entry points (API endpoints, web forms, background jobs), using client-side validation for immediate user feedback, applying allowlists over blocklists, validating ranges and required fields, or ensuring consistent validation across the application. Apply this skill when handling any user input, building forms, creating API endpoints, or reviewing code for security and data integrity.

Use when starting work on an unfamiliar project or needing to understand a codebase - performs comprehensive analysis discovering architecture, patterns, dependencies, testing coverage, and improvement opportunities. Do NOT use on projects you already know well or for targeted questions about specific files - use direct exploration instead for focused queries.

Write focused, strategic tests for core user flows with behavior-based testing, clear naming, and proper mocking of external dependencies. Use this skill when writing unit tests, integration tests, or end-to-end tests. When working on files in tests/, __tests__/, spec/, or *.test.ts, *.spec.ts files. When deciding what to test during feature development. When naming test cases descriptively. When mocking databases, APIs, or external services. When focusing on testing behavior rather than implementation details.

Generate Vitest configuration files for fast unit testing of JavaScript/TypeScript projects. Triggers on "create vitest config", "generate vitest configuration", "vitest setup", "unit test config".

Oracle DBA and DevOps expertise for Autonomous Database (ADB) on OCI. This skill should be used when managing Oracle Autonomous Databases, writing optimized SQL/PLSQL, configuring security (TDE, Database Vault, Data Safe), implementing HA/DR (Data Guard, PITR), using OCI CLI for database operations, or integrating with Oracle MCP servers for AI-assisted database management. Covers Oracle Database versions 19c, 21c, 23ai, and 26ai.

Reviews Dockerfiles for best practices, security issues, and image size optimizations including multi-stage builds and layer caching. Use when working with Docker, containers, or deployment.

Comprehensive CSS and UI/UX code review, issue identification, and automated fixing with documentation. Use when reviewing stylesheets, analyzing UI/UX patterns, auditing frontend code quality, fixing CSS issues, or documenting style improvements. Triggers on requests like "review my CSS", "audit UI/UX", "fix styling issues", "improve my styles", or "document CSS fixes".

Generate comprehensive pytest test suites for CasareRPA components, including nodes, controllers, use cases, and domain entities. Use when: creating new tests, testing nodes, controller tests, use case tests, domain entity tests, test coverage needed, pytest test generation.

Implement Advent of Code solutions using Test-Driven Development. Generates test cases from puzzle examples, writes failing tests first, implements solutions incrementally, and iterates until all tests pass. Use when solving AoC puzzles, implementing solutions with TDD, or when user mentions test-driven development or writing tests.

智能测试代码生成工具，支持单元测试、集成测试、E2E测试的快速创建。支持Python(pytest/unittest)、JavaScript(Jest/Mocha)、Java(JUnit)、Go(testing)等主流测试框架。适用于生成测试、写测试、测试用例、单元测试、集成测试等场景。

Use to regression test the full OODA loop. Validates phase transitions,artifact handoffs, and resumption. Maintainer tooling - invoke explicitlywith "use loop-test to verify the system".

MVVM pattern, Clean Architecture, Repository pattern, dependency injection, SOLID principles. Use when designing app architecture.

Decomposes requirements into executable tasks and coordinates domain orchestrators (frontend, backend, data, test, devops). Use when receiving PRDs, user requirements, or feature requests that span multiple domains. Acts as CEO of the AI development system.