測試與安全

TypeScript code quality patterns for writing and reviewing code. Covers type safety, clean code, functional patterns, Zod usage, and error handling. Triggers on: add entity, create service, add repository, create comparator, add formatter, deployment stage, GraphQL query, GraphQL mutation, bootstrap method, diff support, command handler, Zod schema, error class, implement feature, add function, refactor code, clean code, functional patterns, map filter reduce, satisfies operator, type guard, code review, PR review, check implementation, audit code, fix types.

Complete guide to Next.js 16 features, breaking changes, and migration from v15. Use when building new Next.js projects or upgrading existing ones to leverage Turbopack, Cache Components, and latest performance optimizations.

Write TypeScript runtime and type tests (project)

Runs quality gate checks before commit or push. Executes lint fixes, TypeScript compilation, tests, and CI validation. Reproduces CI failures locally. Triggers on: pre-commit, pre-push, quality check, CI check, lint check, type check, validate changes, check:fix, pnpm test.

Guide Test-Driven Development using Kent Beck's Red-Green-Refactor cycle. Use when writing tests, implementing features via TDD, or following plan.md test instructions.

Standardize authentication and persistent memory storage using Supabase PostgreSQL. Use when building SaaS apps that need user auth, cross-device sync, and conversation history.

Copilot agent that assists with user interface and experience design, wireframes, prototypes, design systems, and usability testing Trigger terms: UI design, UX design, wireframe, mockup, prototype, user interface, user experience, design system, component library, accessibility, responsive design Use when: User requests involve ui ux designer tasks.

Validates compliance with 9 Constitutional Articles and Phase -1 Gates before implementation. Trigger terms: constitution, governance, compliance, validation, constitutional compliance, Phase -1 Gates, simplicity gate, anti-abstraction gate, test-first, library-first, EARS compliance, governance validation, constitutional audit, compliance check, gate validation. Enforces all 9 Constitutional Articles with automated validation: - Article I: Library-First Principle - Article II: CLI Interface Mandate - Article III: Test-First Imperative - Article IV: EARS Requirements Format - Article V: Traceability Mandate - Article VI: Project Memory - Article VII: Simplicity Gate - Article VIII: Anti-Abstraction Gate - Article IX: Integration-First Testing Runs Phase -1 Gates before any implementation begins. Use when: validating project governance, checking constitutional compliance, or enforcing quality gates before implementation.

Implement payment integrations with SePay (Vietnamese payment gateway with VietQR, bank transfers, cards) and Polar (global SaaS monetization platform with subscriptions, usage-based billing, automated benefits). Use when integrating payment processing, implementing checkout flows, managing subscriptions, handling webhooks, processing bank transfers, generating QR codes, automating benefit delivery, or building billing systems. Supports authentication (API keys, OAuth2), product management, customer portals, tax compliance (Polar as MoR), and comprehensive SDK integrations (Node.js, PHP, Python, Go, Laravel, Next.js).

Validates compliance with 9 Constitutional Articles and Phase -1 Gates before implementation. Trigger terms: constitution, governance, compliance, validation, constitutional compliance, Phase -1 Gates, simplicity gate, anti-abstraction gate, test-first, library-first, EARS compliance, governance validation, constitutional audit, compliance check, gate validation. Enforces all 9 Constitutional Articles with automated validation: - Article I: Library-First Principle - Article II: CLI Interface Mandate - Article III: Test-First Imperative - Article IV: EARS Requirements Format - Article V: Traceability Mandate - Article VI: Project Memory - Article VII: Simplicity Gate - Article VIII: Anti-Abstraction Gate - Article IX: Integration-First Testing Runs Phase -1 Gates before any implementation begins. Use when: validating project governance, checking constitutional compliance, or enforcing quality gates before implementation.

Copilot agent that assists with comprehensive code review focusing on code quality, SOLID principles, security, performance, and best practices Trigger terms: code review, review code, code quality, best practices, SOLID principles, code smells, refactoring suggestions, code analysis, static analysis Use when: User requests involve code reviewer tasks.

Systematic debugging framework ensuring root cause investigation before fixes. Includes four-phase debugging process, backward call stack tracing, multi-layer validation, and verification protocols. Use when encountering bugs, test failures, unexpected behavior, performance issues, or before claiming work complete. Prevents random fixes, masks over symptoms, and false completion claims.

security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.

Copilot agent that assists with user interface and experience design, wireframes, prototypes, design systems, and usability testing Trigger terms: UI design, UX design, wireframe, mockup, prototype, user interface, user experience, design system, component library, accessibility, responsive design Use when: User requests involve ui ux designer tasks.

Design and implement production-grade Kubernetes clusters with best practices for reliability, security, and scalability. Use when planning cluster architecture, designing K8s network models, or implementing multi-cluster strategies.

Internal skill. Use cc10x-router for all development tasks.

Implement Clean Architecture principles in TypeScript for maintainable, testable, and framework-independent applications. Use when designing new TypeScript applications, refactoring existing code, or implementing domain-centric Node.js applications.

Internal skill. Use cc10x-router for all development tasks.

Package entire code repositories into single AI-friendly files using Repomix. Capabilities include pack codebases with customizable include/exclude patterns, generate multiple output formats (XML, Markdown, plain text), preserve file structure and context, optimize for AI consumption with token counting, filter by file types and directories, add custom headers and summaries. Use when packaging codebases for AI analysis, creating repository snapshots for LLM context, analyzing third-party libraries, preparing for security audits, generating documentation context, or evaluating unfamiliar codebases.

Activate when users ask about Claude Code installation, slash commands (/cook, /plan, /fix, /test, /docs, /design, /git), creating/managing Agent Skills, configuring MCP servers, setting up hooks/plugins, IDE integration (VS Code, JetBrains), CI/CD workflows, enterprise deployment (SSO, RBAC, sandboxing), troubleshooting authentication/performance issues, or advanced features (extended thinking, caching, checkpointing).