測試與安全

Use this skill to diagnose and repair broken tests with a methodical, surgical approach.AUTO-ACTIVATE when user mentions (FR/EN): - test cassé, broken test, failing test, test fail, test échoue - erreur test, test error, assertion failed, timeout test - réparer test, fix test, corriger test, debug test - npm test fail, jest error, test suite failedAGENTS: Specialized agents (backend-specialist, frontend-specialist, database-specialist) MUST invoke this skill when asked to fix tests. Use: Skill("test-doctor")CRITICAL: NO mass corrections. ONE test at a time with validation. ALWAYS diagnose before fixing. ALWAYS consult DONT_DO.md first.Context: 1211 test files, 5561/6101 passing (540 failing). Stack: Jest, React Testing Library, Prisma, Next.js 15, TypeScript 5.

Multi-tenant permission checking for Wasp applications. Use when implementing authorization, access control, or role-based permissions. Includes organization/department/role patterns and permission helper functions.

Pre-deployment validation, content verification, and testing strategies for CJS2026 given the current lack of automated tests

Comprehensive code review for pull requests with quality, security, and best practices analysis

GitHub issueの対応内容をレビューし、改善タスクを作成します。専門家エージェント（coding/architecture/testing/document-specialist）によるレビューを実施し、指摘点を元にtmp/todoフォルダにタスクファイルを作成します。

Use when implementing features or fixes in projects with tdd-guard installed. This skill guides the RED-GREEN-REFACTOR cycle with proper test registration, preventing common TDD violations like writing code before tests or implementing multiple tests simultaneously. Invoke when tdd-guard blocks an edit or when starting TDD work.

Use when creating or updating Energize Denver compliance proposals including benchmarking, energy audits, compliance pathways, and performance target analysis. Handles proposal generation from template, cost estimation based on building size and service type, timeline planning, and compliance verification against Denver Article XIV requirements for commercial and multifamily buildings (project)

Implement secure secrets management for CI/CD pipelines using Vault, AWS Secrets Manager, or native platform solutions. Use when handling sensitive credentials, rotating secrets, or securing CI/CD environments.

Solidity smart contract development with Foundry. Covers writing, testing, security, deployment, and upgrades. Triggers on .sol files, contract, pragma solidity, forge.

Testing patterns for React with Jest and React Testing Library. Use when writing tests, mocking modules, testing Zustand stores, or debugging test failures in React web applications.

Expert knowledge for building web APIs and real-time applications with Composable Rust. Use when building HTTP REST APIs with Axum, implementing WebSocket for real-time updates, working with authentication (magic link, OAuth, passkeys), setting up email providers (SMTP, Console), designing API routes or request handlers, or questions about web integration and real-time communication.

Iterative coding development with Test-Driven Development (TDD). Follows a structured workflow of planning reviewable changes, implementing with tests, getting code review, and committing incrementally. Use when implementing features or changes that require iterative development with verification at each step.

Browser automation QA testing skill. Systematically tests web applications for functionality, security, and usability issues. Reports findings by severity (CRITICAL/HIGH/MEDIUM/LOW) with immediate alerts for critical failures.

Write and run tests with Vitest for Vite-based projects. Use when testing Astro components, JavaScript modules, or any Vite project requiring fast, modern testing.

Deploys public-facing apps that handle their own authentication (like Jellyfin, game servers) without Authelia forward auth

Run PHPUnit tests and fix failures using intelligent agent delegation. Use when user requests to:- Run tests (full suite, specific path, or single file)- Fix failing tests- Analyze test failures- Check test coverageDelegates to runner agent (haiku) for execution and fixer agent (sonnet) for fixes.Automatically cycles between run and fix until tests pass or human intervention needed.

VeloxTS framework assistant for building full-stack TypeScript APIs. Helps with procedures, generators (velox make), REST routes, authentication, validation, and common errors. Use when creating endpoints, adding features, debugging issues, or learning VeloxTS patterns.

Multi-agent and MCP pipeline security with 5-layer defense architecture. Use when building MCP servers, multi-agent systems, or any pipeline that handles user input to prevent prompt injection and ensure proper authorization.

Why pinning GitHub Actions to SHA-256 commits matters for supply chain security. Attack vectors from unpinned actions and comparison of tag vs SHA pinning.

Searches the NIST NVD database for CVE vulnerabilities using API 2.0. Returns CVE details, CVSS scores, affected software, and references. Use when user asks about "CVE", "vulnerability database", "NIST", "NVD", "security advisory", "CVE-2024", "CVE-2023", "脆弱性", "セキュリティアドバイザリ", or wants to find known vulnerabilities for specific software.