測試與安全

Systematic refactoring with small-step discipline. Use when user says 'refactor', 'clean up', 'restructure', 'extract', 'rename', 'simplify', or mentions code smells. Enforces one change → test → commit cycle. For structural improvements, NOT style/formatting (use /lint). NOT for adding features or fixing bugs.

Teaches testing Server Actions in isolation in React 19. Use when testing Server Actions, form handling, or server-side logic.

Use this skill when the user wants to call different LLM models through OpenRouter's unified API, compare model responses, track costs and response times, or find the best model for a task. Triggers include requests to test models, benchmark performance, use specific providers (OpenAI, Anthropic, Google, etc.), or optimize for speed/cost.

Comprehensive hooks and webhook creation toolkit for building event-driven integrations and automation systems. Use when users want to create any type of hook, webhook, or event handler including: (1) REST webhooks for external services, (2) Event listeners and triggers, (3) Real-time subscriptions and WebSockets, (4) Callback systems and async handlers, (5) Automation workflows with triggers, (6) API integrations with event processing, (7) Custom middleware and interceptors. Supports Express, FastAPI, Flask, WebSocket protocols, serverless functions, and various automation platforms. Handles authentication, payload validation, retry logic, and error handling.

Master backend development with Node.js, Python, Java, Go, and PHP. Learn API design, database optimization, authentication, microservices, and server-side best practices.

WHEN: Test code generation, unit/integration/E2E test writing, component/hook/utility testsWHAT: Framework detection + Jest/Vitest/RTL/Playwright templates + Happy Path/Edge/Error case testsWHEN NOT: Coverage analysis → coverage-analyzer, Test quality review → code-reviewer

Validate WCAG 2.1 compliance, screen reader compatibility, and Universal Design for Learning (UDL) principles implementation throughout curriculum materials. Use when checking accessibility, validating UDL, or ensuring compliance. Activates on "accessibility check", "WCAG validation", "UDL review", or "screen reader test".

Running and validating Probitas scenarios. Use when executing tests, running scenarios, or debugging test failures.

Jest and React Native Testing Library patterns. Use when writing component tests.

Core test infrastructure patterns for monorepo Vitest setup including global configuration, browser API polyfills, mocking patterns, test cleanup, directory structure, and coverage philosophy. Use when setting up Vitest test infrastructure, configuring test environments, implementing test utilities, or establishing test standards. Triggers on: vitest setup, test configuration, test infrastructure setup, test mocking patterns, test cleanup, test standards, monorepo testing.

Quantitative trading expertise for DeFi and crypto derivatives. Use when building trading strategies, signals, risk management. Triggers on signal, backtest, alpha, sharpe, volatility, correlation, position size, risk.

Comprehensive persona journey testing and UX verification across all personas

Use Gemini CLI for web search powered by Google. Triggers on search requests where Google's search quality matters. Use for "google this", "search for...", "find information about...", "what's the latest on...".

Create and manage K6 load tests for REST and GraphQL APIs. Use when creating load tests, writing K6 scripts, testing API performance, debugging load test failures, or setting up performance monitoring. Covers REST endpoints, GraphQL operations, data generation, IRI handling, configuration patterns, and performance troubleshooting.

Thorough code review. Use when reviewing PR, checking code quality, or auditing changes.

FastAPI best practices, Pydantic models, SQLAlchemy ORM, async patterns, dependency injection, and JWT authentication. Activate for FastAPI apps, async Python APIs, API design, and modern Python web services.

Use when searching the codebase with natural language queries like "authentication logic" or "database connection"

Comprehensive guide for writing Playwright E2E tests in the Aldoa codebase. Use when creating new test files, debugging failing tests, or refactoring existing tests. Covers authentication patterns, helper functions, Semantic UI/React Select interactions, data generation strategies, and common testing scenarios.

TRUST quality principles (Test-first, Readable, Unified, Secured, Trackable) ensuring production-ready code. Use when implementing, reviewing, testing, or evaluating code quality across all development phases.

Top password lists for authorized security testing: common passwords, darkweb leaks, worst passwords. Curated essentials (<10MB).