測試與安全

C17/C23 best practices with Unity test framework, cppcheck, and Make/CMake build systems.

Automatically applies when working with database migrations. Ensures proper Alembic patterns, upgrade/downgrade scripts, data migrations, rollback safety, and migration testing.

Multi-agent collaborative decision-making for complex problems. USE WHEN you need multiple specialist perspectives on high-stakes decisions (architecture, prioritization, security, compliance). Orchestrates conversation between custom agent rosters, synthesizes perspectives into actionable decisions. Finds 2-3x more issues than solo agent mode.

Design and implement REST API integrations with proper error handling, authentication, rate limiting, and testing. Use when building API clients, integrating third-party services, or when users mention API, REST, webhooks, HTTP requests, or service integration.

Handles emergency hotfix process for critical bugs in ash_cookie_consent library including branch creation, minimal fixes, testing, and rapid release. Use when user asks to "create hotfix", "emergency fix", "patch critical bug", or "hotfix for version".

Prevent SQL injection by using $queryRaw tagged templates instead of $queryRawUnsafe. Use when writing raw SQL queries or dynamic queries.

OAuth flows for user-context operations. Web application patterns, device flow for CLI tools, and token refresh strategies for GitHub Apps.

Deploy build artifacts (e.g., NRO files) to a Nintendo Switch using just deploy. Use when deploying built homebrew to the console for testing.

Review workscript node implementations for alignment with NODE_DEVELOPMENT_BLUEPRINT.md and consistency with the new-node skill. Use when reviewing node code, auditing node implementations, checking for compliance with single-edge return pattern, validating ai_hints metadata consistency, or ensuring thorough documentation of state interactions. Triggers on requests like "review this node", "check node compliance", "audit node implementation", or "validate node metadata".

Эксперт ISO 27001. Используй для ISMS, security controls и compliance implementation.

Diagnoses and debugs A2A agent communication issues including agent status, message routing, transport connectivity, and log analysis. Use when agents aren't responding, messages aren't being delivered, routing is incorrect, or when debugging orchestrator, coder-agent, tester-agent communication problems.

使用 Minion 框架生成智能测试用例

Guide experienced developers through GREEN phase of TDD cycle - writing minimal implementation to pass failing tests

Multi-step analytical reasoning with hypothesis testing for complex problems

Generates sonar-project.properties for SonarQube code quality analysis and coverage reporting. Auto-detects test framework (Jest/Vitest) and configures coverage paths.

Writes minimal code to make tests pass during implement phase

WHEN: Deep AI-powered code analysis, multi-model code review, security scanning with Codex and GeminiWHAT: Comprehensive code review using external AI models with severity-based findings, deduplication, and secret detectionWHEN NOT: Simple lint checks -> code-reviewer, Quick security only -> security-scanner, Style formatting -> code-quality-checker

Manually verify code changes work as expected. Use after implementing a feature or bug fix, after making visual/UI changes, after modifying API endpoints, or before considering work "done". All functional changes must be manually verified, even small changes. This is in addition to automated tests.

Authentication patterns including JWT, sessions, and OAuth. Use when implementing user authentication.

Implements product analytics with PostHog including event tracking, feature flags, and session replay. Use when adding analytics, A/B testing, or user behavior tracking to React and Next.js applications.