Testing & Security

foundational definitions for GitHub skills, safety rules, tool escalation, and security boundaries

Prettier configuration validation and templates for package.json "prettier" field in MetaSaver monorepos. Includes 4 required standards (prettier field in package.json with string reference only, no separate prettierrc files, prettier in devDependencies, required npm scripts format and format:check). Use when creating or auditing Prettier configs to ensure consistent code formatting via shared library.

Comprehensive Django best practices covering project structure, models (field choices, Meta options, managers, QuerySets, migrations), views (CBVs vs FBVs, generic views), Django REST Framework (serializers, ViewSets, permissions), forms, templates, security (CSRF, XSS, SQL injection), performance (N+1 queries, select_related, prefetch_related, caching), testing, and common anti-patterns. Essential reference for Django code reviews and development.

JavaScript and TypeScript coding standards, conventions, and best practices. Use when writing, reviewing, or testing JS/TS code.

Place test voice calls via Twilio. Use when testing voice features or debugging voice pipeline. Only works if twilio_place_call.py exists in branch.

Homeostatic sensor detecting requirements without implementation or test coverage. Scans for REQ-* keys in requirements docs and checks if they have corresponding code and tests. Use to find coverage gaps.

Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup

Optimizes ProAgentic development environment by cleaning port conflicts, Docker images, memory issues, and test artifacts. Performs aggressive port cleanup, Docker image optimization, memory monitoring, and system health diagnostics. Use before starting development, when app won't start with port errors, when system feels slow, or for weekly maintenance. Provides before/after metrics and health reports.

Specialized knowledge for working with Angular 19 and Nx in the Sentinel monorepo. Use when generating components, running tests/builds, or working with the frontend workspace structure.

Use this skill whenever the user wants to set up, refactor, or optimize Supabase usage in a Next.js (App Router) + TypeScript project, including auth, database, storage, RLS-safe patterns, edge functions, and secure client/server integration.

Comprehensive Ruby and Rails code review using Sandi Metz rules and SOLID principles. Automatically runs rubycritic and simplecov, analyzes changed files in current branch vs base branch, identifies OOP violations, Rails anti-patterns, security issues, and test coverage gaps. Outputs REVIEW.md with VSCode-compatible file links. Use when reviewing Ruby/Rails code, conducting code reviews, checking for design issues, or when user mentions code review, pull request review, or code quality analysis.

Use this skill when contributing code to open source projects. The skill covers proper pull request creation, avoiding common mistakes that annoy maintainers, cleaning up personal development artifacts before submission, writing effective PR descriptions, following project conventions, and communicating professionally with maintainers. It prevents 16 common contribution mistakes including working on main branch, not testing before PR submission, including unrelated changes, submitting planning documents, session notes, temporary test files, screenshots, and other personal artifacts. Includes 3 Critical Workflow Rules that must NEVER be skipped: (1) Always work on feature branches, (2) Test thoroughly with evidence before PR, (3) Keep PRs focused on single feature. The skill includes automation scripts to validate PRs before submission, templates for PR descriptions and commit messages, and comprehensive checklists. This skill should be used whenever creating pull requests for public repositories, contributing

Keycloak identity and access management including realms, clients, authentication flows, themes, and user federation. Activate for OAuth2, OIDC, SAML, SSO, identity providers, and authentication configuration.

Write clear git commits with Conventional Commits format. Detects project conventions from history and config. Guides commit granularity. Use when: (1) Completing working code, (2) Code builds and tests pass, (3) Ready to save, (4) Before pushing, (5) After review feedback. Triggers: automatically when finishing commitable work that builds and passes tests.

Create feature-rich PHP enums following Laravel conventions with SCREAMING_SNAKE_CASE case names, backed enum values (string or int), helper methods for labels and comparisons, validation rules, and comprehensive Pest tests. Use this skill when converting hardcoded strings or magic numbers to type-safe enums, creating categorical data types like statuses, types, roles or categories, adding enum-based validation to forms or APIs, refactoring magic strings into structured types, or defining a fixed set of allowed values in your application. This skill applies when working on files in app/Enums/ directory, creating enum classes, adding enum casts to models, or implementing enum validation rules.

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

JPA Entity Long FK 전략, BaseAuditEntity/SoftDeletableEntity 상속, EntityMapper Domain⇄Entity 변환.JPA 관계 어노테이션(@ManyToOne, @OneToMany) 금지. Lombok 금지, Setter 금지.Entity는 of() static factory method만 public, 생성자는 protected/private.

Auditar segredos e variáveis na esteira CI/CD (GitHub Actions) e no runtime (Docker Swarm), verificando integração via OIDC com Azure Key Vault e paridade de ambientes. Use quando houver falhas por falta de segredos, variáveis ausentes, “id-token: write” ausente, ou inconsistência entre Key Vault, Swarm e workflows.

Code review best practices including review checklists (functionality, tests, documentation, security, performance), providing constructive feedback, automated checks integration, and handling review comments. Use when reviewing pull requests, providing code feedback, responding to review comments, or setting up review processes.

Comprehensive REST and GraphQL API design patterns, best practices, OpenAPI specifications, versioning, authentication, error handling, pagination, rate limiting, and security. Use when designing APIs, creating endpoints, reviewing specifications, implementing authentication, or building scalable backend services.