測試與安全

Elevate projects to production quality using proven patterns. Use when starting a project, reviewing architecture, auditing code, or when user mentions "elevate-code", "production ready", "patterns", "make it production grade".

FastAPI patterns for building high-performance Python APIs. Covers routing, dependency injection, Pydantic models, background tasks, WebSockets, testing, and production deployment.

R 4.4+ best practices with testthat 3.2, lintr 3.2, and data analysis patterns.

Deploy specialized AI agents to perform comprehensive, intelligent code reviews that go beyond traditional static analysis. Use for automated multi-agent review, security vulnerability analysis, performance bottleneck detection, and architecture pattern validation.

Guide for integrating Gemini AI models with Firebase using Firebase AI Logic SDK. This skill should be used when implementing Gemini features (chat, content generation, structured JSON output), configuring security (App Check), or troubleshooting issues (rate limits, schema errors).

Performs interactive rebases with smart commit management and conflict resolution. Use when rebasing branches, cleaning up commit history, resolving conflicts, or when the user mentions "rebase", "interactive rebase", "squash commits", or wants to update their branch with latest changes from main/develop.

Expert guidance for debugging Next.js, React, and Playwright applications with modern tools and best practices.

Manage and consolidate tags. Use when asked to "clean up tags", "consolidate tags", "tag audit", "merge tags", or "rename tag".

Follow development best practices including consistent project structure, clear documentation with README files, version control best practices with clear commit messages, environment configuration using environment variables, minimal dependency management, code review processes, testing requirements, feature flags for incomplete features, and changelog maintenance. Use this skill when organizing project files and directories, writing commit messages, managing dependencies, setting up environment configurations, establishing code review processes, or maintaining project documentation. This skill applies when working on project organization, git workflows, dependency management, or any project-level conventions.

Follow strict TDD methodology using Sherpa's workflow enforcement. Activates when implementing new features, adding functionality, or building code that requires tests. Ensures RED-GREEN-REFACTOR discipline with guide check/done tracking.

Test GitHub Actions workflows locally using act, including installation, configuration, debugging, and troubleshooting local workflow execution

This skill should be used when developing with the Hono web framework, including CLI tool usage, project scaffolding, routing, middleware configuration, testing, optimization, and deployment across multiple JavaScript runtimes (Cloudflare Workers, Deno, Bun, Vercel, AWS Lambda, Node.js)

Bash/Shell scripting standards including shellcheck, shfmt, and bats testing. Use when working with shell scripts (.sh, .bash).

Performs comprehensive code reviews following industry best practices. Use when reviewing pull requests, code changes, or when asked to analyze code quality, security, performance, or maintainability. Checks for common bugs, security vulnerabilities, code smells, and adherence to coding standards.

Browser automation for NHS Nervecentre EPR systems using local MCP servers. Use when asked to scrape, extract, or interact with Nervecentre patient data, worklists, clinical notes, or any NHS EPR system that requires local network access. Supports browser-use MCP (primary), Playwright MCP (fallback), and Browser MCP extension. Handles OAuth 2.0 authentication, dynamic SPA content, and FHIR-compliant data extraction. IMPORTANT - Requires local network access (hospital WiFi) - cloud browser services will not work.

Operates local Kubernetes clusters with Minikube for development and testing.Use when setting up local K8s, deploying applications locally, or debugging K8s issues.Covers Minikube, kubectl essentials, local image loading, and networking.

Run Bandit security analysis to find common security issues and vulnerabilities in Python code. Use when the user mentions Bandit, security analysis, vulnerability scanning, security audit, software composition analysis (SCA), or wants to check for security issues in Python code.

Audits code for security vulnerabilities, performance issues, accessibility, complexity metrics, and infrastructure security. Use when reviewing code quality, performing security audits, checking OWASP compliance, analyzing complexity, auditing IaC, or finding dead code.

Use this skill when working with Decap CMS (formerly Netlify CMS) configuration, OAuth authentication, collection setup, or editorial workflow. Triggers include CMS configuration issues, GitHub backend authentication problems, collection schema design, field widget configuration, or media library integration. Critical for Triunghi.md's headless CMS architecture.

Comprehensive Claude Code conversation analysis skill for deep-diving into CC session logs.Use when analyzing exported Claude Code conversations to understand: project patterns, error rates,command failures, security risks, session duration, tool usage, and workflow efficiency.Triggers: "analyze conversation", "CC analysis", "conversation analysis", "session review","Claude Code logs", "analyze my sessions", "review CC usage", "conversation insights","what went wrong in my session", "session forensics", "CC forensics"