測試與安全

Expert knowledge of Express.js and Node.js for building production-ready web applications and APIs. Covers middleware patterns, routing, async/await error handling, security, performance optimization, proxy patterns, static file serving, and production deployment. Use when working with server.js, adding routes, implementing middleware, debugging Express issues, or optimizing API endpoints.

REQUIRED before implementing any game feature, scoring logic, state transition, or decision-making. ALL business logic lives in PostgreSQL - frontend is presentation only. Load this to understand where code belongs: database function vs component. Covers RPC patterns, SECURITY DEFINER, and anti-patterns.

Run tests and systematically fix all failing tests using smart error grouping. Use when user asks to fix failing tests, mentions test failures, runs test suite and failures occur, or requests to make tests pass.

Visual E2E testing workflow for frontend UI changes. Use after modifying Svelte components, layouts, or styles to verify the UI renders correctly.

Browser automation and E2E testing with Playwright for real browser interactions

Skill for managing model provider priorities with authentication (OAuth/Subscription/API), usage limits, and automatic fallback across all major AI providers

Production-ready templates for CONTRIBUTING.md, SECURITY.md, and GitHub issue forms. OpenSSF Best Practices Badge compliant, copy-paste ready, with realistic SLAs.

iOS development skill for Swift, SwiftUI, Live Activities, WidgetKit, and XCTest. Use when implementing iOS features.

Manage SSL/TLS certificates and diagnose certificate issues. Use when the user says "cert expiring", "SSL error", "certificate problem", "renew certificate", "check certificate", "HTTPS not working", or asks about TLS/SSL.

Develop, test, and register PMC workflows.Workflows are JSON state machines for Claude CLI, shell, sub-workflows.WORKFLOW:1. DEFINE - Create workflow JSON with states, transitions2. VALIDATE - pmc validate <workflow.json>3. MOCK - Create mock scripts for each state4. TEST MOCK - pmc run --mock to test transitions5. TEST REAL - pmc run with real data6. REGISTER - Add to registry.jsonUse when:- User says "create workflow", "new workflow", "automate"- Automating repetitive multi-step processes- Building CI/CD or development pipelines

Standards for security documentation and writeups

Make security mandatory through automation. Branch protection, pre-commit hooks, status checks, policy-as-code, and SLSA provenance for SOC 2 compliance.

PROACTIVELY invoke this skill when the user asks to "debug this", "review my code", "refactor this file", or "security audit". Unified engineering capabilities for debugging, code review, refactoring, and testing.

Coordinate planning, auditing, and validation workflows. Use when the user mentions plan/planning, audit/auditing, review, or validation for engineering, data, or pipeline work.

Triggering and managing AI reflection cycles in StickerNest. Use when the user wants to run AI evaluation, trigger reflection, check AI quality, improve AI prompts, analyze AI performance, or audit AI generations. Covers reflection triggers, evaluation analysis, and improvement actions.

Audit Makefiles for duplication, portability, and idiomatic GNU Make usage.

Send and draft professional emails with seasonal HTML formatting, authentic writing style, contact lookup via Google Contacts, security-first approach, and Google Gmail API via Ruby CLI. This skill should be used for ALL email operations (mandatory per RULES.md).

WHEN: Spring Boot + Kotlin, Ktor backend review, coroutine-based server, WebFlux/R2DBC pattern checksWHAT: Spring Kotlin idioms + Coroutines integration + WebFlux patterns + Data class usage + Test strategiesWHEN NOT: Android → kotlin-android-reviewer, KMP shared code → kotlin-multiplatform-reviewer

Use when implementing any feature or bugfix, before writing implementation code - write the test first, watch it fail, write minimal code to pass; ensures tests actually verify behavior by requiring failure first

Save backtest results to SQLite database for comparison. Trigger when: (1) tracking backtest history, (2) comparing model performance, (3) querying best backtests.