測試與安全

Gather DevOps context for infrastructure planning. Detects IaC tools, providers, and recommends skills. Use when /majestic:plan detects infrastructure work.

Use proactively when refactoring Ruby on Rails code. Applies Rails conventions, Sandi Metz rules, and idiomatic Ruby patterns while maintaining test coverage.

Comprehensive SEO and GEO audit methodology covering technical SEO, on-page optimization, content quality, E-E-A-T signals, and AI citation readiness. Informed by Google's ranking pipeline architecture. Use for thorough content and site audits.

Create and maintain GitHub Actions workflows for CI/CD, testing, deployment, and automation. Use when setting up pipelines, automating tasks, or configuring continuous integration.

Test suite audit coordinator (L2). Delegates to 5 workers (Business Logic, E2E, Value, Coverage, Isolation). Aggregates results, creates Linear task in Epic 0.

This skill provides guidance for cracking 7z archive password hashes. It should be used when tasked with recovering passwords from 7z encrypted archives, extracting and cracking 7z hashes, or working with password-protected 7z files in CTF challenges, security testing, or authorized recovery scenarios.

Audit code comments and docstrings quality across 6 categories (WHY-not-WHAT, Density, Forbidden Content, Docstrings, Actuality, Legacy). Use when code needs comment review, after major refactoring, or as part of ln-100-documents-pipeline. Outputs Compliance Score X/10 per category + Findings + Recommended Actions.

Use proactively for authorization with ActionPolicy. Creates policies, scopes, and integrates with GraphQL/ActionCable. Preferred over Pundit for composable, cacheable authorization.

This skill guides writing comprehensive RSpec tests for Ruby and Rails applications. Use when creating spec files, writing test cases, or testing new features. Covers RSpec syntax, describe/context organization, subject/let patterns, fixtures, mocking with allow/expect, and shoulda matchers.

Execute acceptance testing based on Gherkin scenarios.Use when: validating implementations, running acceptance tests, verifying features against acceptance criteria.Keywords: acceptance testing, Gherkin, validation, verify implementation, test execution, 驗收測試, 驗收, 驗證實作.

Audit project documentation quality across 6 categories (Hierarchy, SSOT, Compactness, Requirements, Actuality, Legacy). Use when documentation needs quality review, after major doc updates, or as part of ln-100-documents-pipeline. Outputs Compliance Score X/10 per category + Findings + Recommended Actions.

Run Vitest tests for a specific component with coverage. Use when making changes to React components to ensure tests pass and coverage is maintained.

Guidance for identifying and fixing security vulnerabilities in code. This skill should be used when tasks involve fixing CWE-classified vulnerabilities, addressing security flaws, patching injection vulnerabilities, or responding to security-related test failures.

Performs manual testing of Story AC via executable bash scripts saved to tests/manual/. Creates reusable test suites per Story. Worker only.

Write comprehensive pytest tests with fixtures, parametrization, mocking, async testing, and modern patterns.

Use to audit test quality with Google Fellow SRE scrutiny - identifies tautological tests, coverage gaming, weak assertions, missing corner cases. Creates bd epic with tasks for improvements, then runs SRE task refinement on each.

Use when encountering bugs or test failures - systematic debugging using debuggers, internet research, and agents to find root cause before fixing

This skill guides configuring Litestream for continuous SQLite backup in Rails 8+ apps. Use when setting up production backups for SQLite databases (Solid Queue, Solid Cache, Solid Cable).

Generate realistic mock data for testing using factories, fixtures, and Faker.js. Use when seeding test databases, creating test fixtures, or mocking API responses.

Write and run API tests with Vitest for endpoints, middleware, and integrations. Use when testing API functionality, request/response validation, error handling.