測試與安全

Use this skill to analyze, improve, and enforce accessibility (a11y) + SEO best practices for Next.js projects using App Router, TypeScript, Tailwind & shadcn/ui. Applies when auditing components, routes, pages, metadata, semantics, or performance-impacting SEO issues.

Handle post-ticket completion tasks including test exports, planning doc updates, and learning reflection. Use this skill after a ticket's tests all pass and 6-final.md exists.

Generate tests following Frontera test patterns. Use when user says "write tests", "add tests", "test this", "create unit tests", "generate tests", or asks to test a component/function/API.

Manage major dependency version upgrades with compatibility analysis, staged rollout, and comprehensive testing. Use when upgrading framework versions, updating major dependencies, or managing breaking changes in libraries.

Configure django-allauth with headless API, MFA, social authentication, and CORS for React frontends. This skill should be used when setting up authentication for a new Django project or adding django-allauth to an existing project that needs a React frontend integration. (project)

Use this skill when the user needs help creating, testing, validating, or troubleshooting Detection & Response (D&R) rules in LimaCharlie.

AI agent skill for implementing evidence-based UI improvements. Use when tasked with UI audits, design system implementation, accessibility fixes, or frontend optimization. Provides step-by-step workflows, code patterns, and validation criteria for automated execution. Triggers on UI review, accessibility audit, design system setup, CSS refactoring, form optimization, button hierarchy, color contrast, spacing system, typography scale, or WCAG compliance tasks.

Use when creating new skills, editing existing skills, or verifying skills work before deployment - applies TDD to process documentation by testing with subagents before writing, iterating until bulletproof against rationalization

Master authentication and authorization patterns including JWT, OAuth2, session management, and RBAC to build secure, scalable access control systems. Use when implementing auth systems, securing APIs, or debugging security issues.

Use when tests have race conditions, timing dependencies, or inconsistent pass/fail behavior - replaces arbitrary timeouts with condition polling to wait for actual state changes, eliminating flaky tests from timing guesses

Use when starting feature work that needs isolation from current workspace or before executing implementation plans - creates isolated git worktrees with smart directory selection and safety verification. Verifies .gitignore, runs project setup, confirms clean test baseline. Do NOT use for quick fixes or small changes - worktrees add overhead; use simple branch switching for trivial changes.

Comprehensive deployment validation for Cloudflare Workers, ensuring production readiness through automated checks of code quality, configuration, security, and environment setup.

Write secure, performant database queries using parameterized queries, eager loading, proper indexing, and transactions. Use this skill when writing database query code, ORM query methods, SQL statements, or data fetching logic. Use this when preventing SQL injection with parameterized queries, optimizing queries to avoid N+1 problems with eager loading, selecting specific columns instead of SELECT *, implementing database transactions for related operations, adding query timeouts, or caching expensive queries. Use this when working on repository files, service files with database access, query builder code, or any file that retrieves or manipulates data from databases.

Implement and validate FastAPI authentication strategies including JWT tokens, OAuth2 password flows, OAuth2 scopes for permissions, and Supabase integration. Use when implementing authentication, securing endpoints, handling user login/signup, managing permissions, integrating OAuth providers, or when user mentions JWT, OAuth2, Supabase auth, protected routes, access control, role-based permissions, or authentication errors.

Guide for designing Instance resources in OptAIC. Use when creating DatasetInstance, SignalInstance, ExperimentInstance, ModelInstance, PortfolioOptimizerInstance, or BacktestInstance. Covers definition references, config patterns, composition, flow execution pairing, and scheduling.

Follow plan.md-driven development workflow with strict TDD discipline. Use when the user says "go", references plan.md, asks to proceed with next test or task, create implementation plan, or needs step-by-step test-driven development from a plan file. Enforces one test at a time with explicit user control.

This skill should be used when setting up organization-level app integrations (Reddit, Notion, LinkedIn, WordPress) with OAuth flows, encrypted token storage, API client wrappers, and usage logging in a Next.js App Router application. Use this skill when implementing external provider connections for a multi-tenant app with secure credential management, token refresh, and admin-controlled integration features.

Efficiently fix large batches (10-15+) of existing bugs by reading failing tests, fixing code in batches, and validating once per batch. Use when user has multiple failing tests, says "fix bugs/failing tests", or bug report shows many issues. NOT for test-first development (use TDD skill instead).

The core skill for working within the bigquery-etl repository. Use this skill when understanding project structure, conventions, and common patterns. Works with model-requirements, query-writer, metadata-manager, sql-test-generator, and bigconfig-generator skills.

Validate environment configuration files across local, staging, and production environments. Ensure required secrets, database URLs, API keys, and public variables are properly scoped and set. Use this skill when setting up environments, validating configuration, checking for missing secrets, auditing environment variables, ensuring proper scoping of public vs private vars, or troubleshooting environment issues. Trigger terms include env, environment variables, secrets, configuration, .env file, environment validation, missing variables, config check, NEXT_PUBLIC, env vars, database URL, API keys.