測試與安全

Verify API contracts between services to ensure compatibility and prevent breaking changes. Use for contract testing, Pact, API contract validation, schema validation, and consumer-driven contracts.

Create and manage mocks, stubs, spies, and test doubles for isolating unit tests from external dependencies. Use for mock, stub, spy, test double, Mockito, Jest mocks, and dependency isolation.

Manage project dependencies across languages including npm install, package versioning, dependency conflicts, security scanning, and lock files. Use when dealing with dependencies, version pinning, semantic versioning, or resolving conflicts.

Conduct statistical tests including t-tests, chi-square, ANOVA, and p-value analysis for statistical significance, hypothesis validation, and A/B testing

Develop lightweight Flask APIs with routing, blueprints, database integration, authentication, and request/response handling. Use when building RESTful APIs, microservices, or lightweight web services with Flask.

Manage SSL/TLS certificates with automated provisioning, renewal, and monitoring using Let's Encrypt, ACM, or Vault.

Implement feature flags (toggles) for controlled feature rollouts, A/B testing, canary deployments, and kill switches. Use when deploying new features gradually, testing in production, or managing feature lifecycles.

Apply cryptanalysis techniques to break ciphers without knowing the key. Use this skill when performing known-plaintext attacks, chosen-plaintext attacks, or statistical analysis to recover encryption keys.

Automate browser interactions using Selenium WebDriver. Use this skill when you need to interact with dynamic JavaScript-heavy websites, fill forms, click buttons, handle authentication, or scrape content that requires browser rendering. NOT needed for static HTML parsing or processing already-fetched content.

Unit testing framework for Python using pytest. Use when writing test cases, validating code behavior, checking test coverage, or debugging test failures.

Advanced scientific computing for portfolio optimization, statistical testing, and numerical methods. Use when minimizing portfolio variance, fitting distributions to returns data, performing correlation analysis, running hypothesis tests, or solving constrained optimization problems. Provides optimization algorithms (BFGS, SLSQP) and statistical distributions essential for risk modeling.

Implement OAuth 2.0 authentication flows for CRM API access. Use when authenticating with Salesforce, HubSpot, or other CRM APIs, managing access tokens, refreshing expired tokens, or building OAuth-based integrations.

Apply this repository's coding conventions and patterns. Use when writing or reviewing code in this codebase to ensure consistency with established patterns for DI, logging, error handling, testing, and documentation. Auto-trigger when implementing features, fixing bugs, or reviewing code changes.

Browser automation with Playwright for modern web scraping. Use this skill for scraping JavaScript-rendered pages, handling complex interactions, managing multiple browser contexts, or testing web applications. NOT needed for static HTML parsing or processing already-fetched content.

QEMU ARM emulation for running ARM binaries and system images on x86 hosts. Use when emulating ARM architecture, running ARM Linux kernels, testing ARM binaries, or creating ARM development environments.

Handle API authentication. Use for Bearer tokens, API keys, OAuth, or Basic auth in requests.

Exploit padding oracle vulnerabilities in CBC mode encryption. Use this skill when attacking web applications or services that leak information about PKCS7 padding validity.

Comprehensive Storybook story creation guidelines. Covers story structure, naming conventions, and visual testing patterns. Reference this skill when creating Storybook stories for components with conditional rendering or complex UI states during Phase 2 (Testing & Stories).

Use Nmap for network discovery and security scanning. Use this skill when performing host discovery, port scanning, OS detection, or vulnerability assessment on network targets.

UEFI Secure Boot configuration and key management. Use when signing boot loaders, managing Secure Boot keys, or creating UEFI-compatible bootable media with signature verification.