測試與安全

This skill guides writing comprehensive Minitest tests for Ruby and Rails applications. Use when creating test files, writing test cases, or testing new features. Covers both traditional and spec styles, fixtures, mocking, and Rails integration testing patterns.

Architecture audit worker (L3). Checks DRY (7 types), KISS/YAGNI, layer breaks, error handling, DI patterns. Returns findings with severity, location, effort, recommendations.

Analyze test coverage, generate reports, and identify untested code. Use when improving test coverage, ensuring code quality, or preparing for production.

Guidance for filtering JavaScript and XSS attack vectors from HTML while preserving original formatting. This skill should be used when tasks involve removing script content, sanitizing HTML, filtering XSS payloads, or creating security filters that must preserve the original document structure unchanged.

PRD templates and structure for product requirements documents. Used by /majestic:prd command.

Guidance for sanitizing git repositories by identifying and removing sensitive credentials, API keys, tokens, and other secrets. This skill should be used when tasks involve cleaning repositories of secrets, preparing code for public release, auditing for credential exposure, or removing sensitive data from version control history.

Test klaude-code interactively using tmux with synchronous task completion. Use when testing UI features, verifying changes, or debugging interactive behavior. Eliminates polling/sleep by using KLAUDE_TEST_SIGNAL for precise synchronization.

Verify code implementation aligns with design specifications. Use after implementing features, during code reviews, or when refactoring to ensure architectural compliance. Compares design docs with actual code.

Browser automation using browser-cdp CLI. Control Chrome, Brave, or Edge browsers for testing, scraping, and web interaction. Uses your real browser (not test mode) for authentic sessions.

Build health audit worker (L3). Checks compiler/linter errors, deprecation warnings, type errors, failed tests, build configuration issues. Returns findings with severity (Critical/High/Medium/Low), location, effort, and recommendations.

Story-level quality orchestrator. Pass 1: code quality -> regression -> manual testing (fail fast). Pass 2: verify tests/coverage -> mark Story Done. Auto-discovers team/config.

Test Isolation + Anti-Patterns audit worker (L3). Checks isolation (APIs/DB/FS/Time/Random/Network), determinism (flaky, order-dependent), and 6 anti-patterns.

Business Logic Focus audit worker (L3). Detects tests that validate framework/library behavior (Prisma, Express, bcrypt, JWT, axios, React hooks) instead of OUR code. Returns findings with REMOVE decisions.

Use when implementing features or fixing bugs - enforces RED-GREEN-REFACTOR cycle requiring tests to fail before writing code

Optimize content for search engines and AI answer engines. Use when writing or auditing SEO for any Lightfast page.

Coverage Gaps audit worker (L3). Identifies missing tests for critical paths (Money 20+, Security 20+, Data Integrity 15+, Core Flows 15+). Returns list of untested critical business logic with priority justification.

Analyze test coverage, identify gaps, detect dead code, and improve test quality. Use when user asks to check coverage, review tests, find untested code, or improve test robustness.

Application lifecycle audit worker (L3). Checks bootstrap initialization order, graceful shutdown, resource cleanup, signal handling, liveness/readiness probes. Returns findings with severity, location, effort, recommendations.

Design system templates and patterns for UI/UX briefs. Used by /majestic:ux-brief command.

Observability audit worker (L3). Checks structured logging, health check endpoints, metrics collection, request tracing, log levels. Returns findings with severity, location, effort, recommendations.