Testing & Security

End-to-end guide for creating React components in AgenticFleet's frontend, from design tokens through Tailwind styling, shadcn/ui integration, state management, to testing.

Create, review, and refactor project documentation (README, AGENTS.md, architecture docs, runbooks, API docs) with deep codebase analysis, clear markdown structure, and diagrams/user flows. Use when asked to write or improve docs, audit existing documentation for accuracy or quality, generate diagrams/flows, or assess agent-first docs like AGENTS.md/PLANS.md for freshness and completeness.

Aggregates and summarizes the latest AI news from multiple sources including AI news websites and web search. Provides concise news briefs with direct links to original articles. Activates when user asks for 'today's AI news', 'AI updates', 'latest AI developments', or mentions wanting a 'daily AI briefing'.

Renders and validates Crossplane compositions with security and policy checks. Automatically activates when testing compositions, rendering examples, or validating resources with Polaris, kube-linter, and Datree. Works standalone or as part of complete KCL validation workflow.

Validates KCL Crossplane compositions with comprehensive checks including formatting, syntax validation, and rendering tests. Automatically activates when working with KCL files, Crossplane compositions, or before commits touching infrastructure/base/crossplane/configuration/. Prevents CI failures and catches critical bugs like the mutation pattern.

Arma Reforger Workbench workflow, testing guidelines, and debugging patterns

Create distributable Python packages with proper structure and publishing.Triggers: Python packaging, pyproject.toml, uv, pip, PyPI, distribution, CLI tools,entry points, package structure, publishingUse when: creating Python packages, configuring pyproject.toml, setting upentry points, publishing to PyPI, CI/CD for packagesDO NOT use when: testing packages - use python-testing instead.DO NOT use when: optimizing package performance - use python-performance.Consult this skill for Python package creation and distribution.

Transform project brief into detailed, testable specifications using spec-driven development methodology

Systematically uncover and fix bugs using language-specific expertise andreproducible evidence.Triggers: bug hunting, defect detection, debugging, fix verification, bug fix,regression check, error investigation, defect documentationUse when: deep bug hunting needed, documenting defects, verifying fixes,systematic debugging requiredDO NOT use when: test coverage audit - use test-review instead.DO NOT use when: architecture issues - use architecture-review.Use this skill for systematic bug hunting with evidence trails.

Expert-level Rust audits covering ownership, concurrency, unsafe blocks,traits, and Cargo dependencies.Triggers: Rust review, ownership analysis, borrowing, unsafe audit, concurrency,Cargo dependencies, lifetime annotations, trait boundsUse when: reviewing Rust code, auditing unsafe blocks, analyzing ownership patterns,scanning Cargo dependencies for securityDO NOT use when: general code review without Rust - use unified-review.DO NOT use when: performance profiling - use parseltongue:python-performance pattern.Use this skill for Rust-specific code audits.

Detect codebase bloat through progressive analysis: dead code, duplication, complexity, and documentation bloat.Triggers: bloat detection, dead code, code cleanup, duplication, redundancy, codebase health, technical debt, unused codeUse when: preparing for refactoring, context usage is high, quarterly maintenance, pre-release cleanupDO NOT use when: actively developing new features, time-sensitive bug fixes.DO NOT use when: codebase is < 1000 lines (insufficient scale for bloat).Progressive 3-tier detection: quick scan → targeted analysis → deep audit.

Audit Makefiles for duplication, portability, and idiomatic GNU Make usage.Triggers: Makefile review, build system, GNU Make, portability, deduplication,pattern rules, automatic variables, dependency graphUse when: auditing Makefiles, reviewing build system, checking portability,eliminating recipe duplicationDO NOT use when: creating new Makefiles - use abstract:make-dogfood.DO NOT use when: architecture review - use architecture-review.Use this skill for Makefile audit and optimization.

Configure pre-commit hooks for code formatting, linting, and security checks

Evaluate and upgrade test suites with TDD/BDD rigor, coverage tracking,and quality assessment.Triggers: test audit, test coverage, test quality, TDD, BDD, test gaps,test improvement, coverage analysis, test remediationUse when: auditing test suites, analyzing coverage gaps, improving testquality, evaluating TDD/BDD complianceDO NOT use when: writing new tests - use parseltongue:python-testing.DO NOT use when: updating existing tests - use sanctum:test-updates.Use this skill for test suite evaluation and quality assessment.

Evaluate codebase architecture against ADRs, coupling rules, and team guardrails.Triggers: architecture review, ADR audit, coupling analysis, design review,principle checks, Law of Demeter, architecture assessmentUse when: reviewing architecture decisions, auditing ADR compliance, analyzingcoupling, validating design principlesDO NOT use when: selecting architecture paradigms - use archetypes skills.DO NOT use when: API surface review - use api-review.Use this skill for architecture assessment and compliance.

Go conventions for hexagonal architecture, project structure, error handling, testing, and observability. Use when writing Go services.

detailed hook evaluation framework for Claude Code and Agent SDK hooks.Triggers: hook audit, hook security, hook performance, hook compliance,SDK hooks, hook evaluation, hook benchmarking, hook vulnerabilityUse when: auditing existing hooks for security vulnerabilities, benchmarkinghook performance, implementing hooks using Python SDK, understanding hookcallback signatures, validating hooks against compliance standardsDO NOT use when: deciding hook placement - use hook-scope-guide instead.DO NOT use when: writing hook rules from scratch - use hookify instead.DO NOT use when: validating plugin structure - use validate-plugin instead.Use this skill BEFORE deploying hooks to production.

Complete guide for writing Claude Code and SDK hooks with security-first design.Triggers: hook creation, hook writing, PreToolUse, PostToolUse, UserPromptSubmit,tool validation, logging hooks, context injection, workflow automationUse when: creating new hooks for tool validation, logging operations for audit,injecting context before prompts, enforcing project-specific workflows,preventing dangerous operations in productionDO NOT use when: logic belongs in core skill - use Skills instead.DO NOT use when: complex multi-step workflows needed - use Agents instead.DO NOT use when: behavior better suited for custom tool.Use this skill BEFORE writing any hook. Check even if unsure.

Orchestrate and run appropriate pensive review skills based on codebaseanalysis and context.Triggers: code review, unified review, full review, review orchestration,multi-domain review, intelligent review, auto-detect reviewUse when: general review needed without knowing which specific skill applies,full multi-domain review desired, integrated reporting neededDO NOT use when: specific review type known - use bug-review, test-review, etc.DO NOT use when: architecture-only focus - use architecture-review.Use this skill when orchestrating multiple review types.

Session-aware usage logging for audit trails, cost tracking, and analytics with JSONL format.Triggers: usage logging, audit trails, cost tracking, session logging, analytics, structured logging, JSONLUse when: implementing audit trails, tracking costs, collecting usage analytics, managing session loggingDO NOT use when: simple operations without logging needs.Consult this skill when implementing usage logging and audit trails.