測試與安全

Scaffolds comprehensive testing setup for Next.js applications including Vitest unit tests, React Testing Library component tests, and Playwright E2E flows with accessibility testing via axe-core. This skill should be used when setting up test infrastructure, generating test files, creating test utilities, adding accessibility checks, or configuring testing frameworks for Next.js projects. Trigger terms include setup testing, scaffold tests, vitest, RTL, playwright, e2e tests, component tests, unit tests, accessibility testing, a11y tests, axe-core, test configuration.

Generates production-ready API clients with TypeScript types, retry logic, rate limiting, authentication (OAuth, API keys), error handling, and mock responses. Use when user says "integrate API", "API client", "connect to service", or requests third-party service integration.

Debug bugs and errors using intel-first approach with systematic root cause analysis. Use proactively when errors occur, tests fail, or unexpected behavior appears. MUST trace from symptom to root cause with CoD^Σ reasoning.

Comprehensive testing approaches for reliable software

Introduces spelling errors into text at a specified rate. Use when you need to corrupt text with typos for testing or analysis.

Docker and containerization best practices including multi-stage builds, security, and Docker Compose.

REST API design patterns including versioning strategies (URL, header, content negotiation), pagination (offset, cursor, keyset), filtering and sorting, error response formats (RFC 7807), authentication (JWT, OAuth 2.0, API keys), rate limiting, and OpenAPI specification. Use when designing APIs, documenting endpoints, implementing authentication, standardizing error responses, or reviewing API implementations.

Audit and implement security best practices for GitHub repositories. USE THIS SKILL when user says "security audit", "check security", "add gitleaks", "secret scanning", "dependency audit", or needs security hardening.

Master containerization with Docker. Learn building images, running containers, registry management, and container security best practices.

Create and update pull request descriptions with comprehensive, well-structured content. Use when the user asks to create a PR, mentions "pull request" or "PR", wants to merge a branch, or needs to update an existing PR description. Invokes /git-actions:pr-write (create draft PR) or /git-actions:pr-edit (update PR) commands which analyze commits, generate structured descriptions with testing/deployment notes, and handle approval workflow.

Use when working with .svelte files, SvelteKit projects, or Svelte reactivity. Covers component structure, stores, routing, Svelte 5 runes, and testing patterns.

Master Kubernetes security, RBAC, network policies, pod security, and compliance. Learn to secure clusters and enforce access control.

Write server actions following the Epic architecture patterns. Use when creating server-side logic for behaviors, including authentication, validation, and model calls. Triggers on "create an action", "add an action", or "write an action for".

Comprehensive testing and validation tools for Clerk authentication integrations. Includes E2E auth flow testing, security audits, configuration validation, unit testing patterns for sign-in/sign-up flows. Use when implementing Clerk tests, validating authentication setup, testing auth flows, running security audits, creating E2E tests for Clerk, or when user mentions Clerk testing, auth validation, E2E authentication tests, security audit, or test coverage.

Implement accessible UI components using semantic HTML elements, keyboard navigation support, sufficient color contrast ratios, alternative text for images, ARIA attributes when needed, logical heading structure, and proper focus management. Use this skill when creating UI components, forms, interactive elements, navigation menus, modals or dialogs, implementing keyboard shortcuts, adding screen reader support, ensuring WCAG compliance, or testing with assistive technologies. This skill applies when working on any frontend component files, HTML templates, Vue components, React components, or any user interface code that needs to be accessible to all users including those with disabilities.

Creates React components for SideDish. Use when adding new UI components, modals, forms, or interactive elements. Includes TypeScript interfaces, styling patterns, and security considerations.

Executes tests, analyzes test results, checks test coverage, and provides comprehensive testing status overview. Primarily for Go projects. Activates after implementing/modifying code to verify correctness, or when explicitly requested to assess test suite health.

Update or create API documentation after making changes to the public interface of an API. Use when modifying existing endpoints, introducing new endpoints, or when API implementation changes are complete and tested.

Reference and maintain the project's technical stack documentation including frameworks, languages, databases, testing tools, and third-party services to ensure consistency across all development work. Use this skill when choosing technologies for new features, when documenting technology decisions, when working with framework-specific code patterns, or when ensuring consistency with existing technology choices. Use this skill when working with any code file to verify it follows the conventions of the project's chosen frameworks and tools. Use this skill when setting up new dependencies, configuring build tools, or making architectural decisions about which libraries or services to use. Use this skill when onboarding new team members or creating technical documentation about the project's architecture and technology choices.

Provides quick reference for BI Dashboard (Plotly Dash) commands and operations. Activates when user asks how to run, test, or verify the BI Dashboard. Includes startup, shutdown, verification, and troubleshooting procedures.