Testing & Security

Perform security-focused code review using OWASP guidelines and AI-specific security best practices.

This skill provides comprehensive knowledge for working with the Anthropic Claude Agent SDK. It should be used when building autonomous AI agents, creating multi-step reasoning workflows, orchestrating specialized subagents, integrating custom tools and MCP servers, or implementing production-ready agentic systems with Claude Code's capabilities.Use when building coding agents, SRE systems, security auditors, incident responders, code review bots, or any autonomous system that requires programmatic interaction with Claude Code CLI, persistent sessions, tool orchestration, and fine-grained permission control.Keywords: claude agent sdk, @anthropic-ai/claude-agent-sdk, query(), createSdkMcpServer, AgentDefinition, tool(), claude subagents, mcp servers, autonomous agents, agentic loops, session management, permissionMode, canUseTool, multi-agent orchestration, settingSources, CLI not found, context length exceeded

Guidelines for preparing changelog entries for nextest releases following Keep a Changelog format

Test implementations against requirements, collect feedback, and create improvement loops

Expert KillBill administrator for managing billing, subscriptions, invoices, and overdue states. Provides ready-to-use commands via Traefik DNS for tenant management, catalog uploads, test clock manipulation, and overdue testing workflows.

Authenticate to AWS using Single Sign-On (SSO). Use when AWS CLI operations require SSO authentication or when SSO session has expired.

Documentation management skill for audit, creation, and maintenance. Enforces documentation standards, checks for staleness and broken references, auto-fixes issues, and ensures docs are created in correct locations. Use when user says "check docs", "audit docs", "fix docs", "create doc", "archive docs", or when scattered .md files are detected.

Comprehensive JWT authentication expert for senior developers (10+ years experience). Intelligently detects project language/framework and implements production-ready JWT auth systems with refresh tokens, secure HTTP-only cookies, token rotation, blacklisting, RBAC, MFA, and complete security. Covers Express, FastAPI, Next.js, React, Django, Flask, NestJS, and more. Automatically audits JWT implementations, generates complete auth systems (registration, login, logout, refresh, password reset), implements middleware, prevents XSS/CSRF attacks, uses bcrypt/argon2 hashing, and follows OWASP best practices. Use for implementing JWT authentication, token refresh flows, secure cookie storage, protected routes, role-based access control, security audits, and complete auth system generation.

Run TestKube and PGBouncer tests on Kubernetes clusters with mandatory context verification to prevent accidental deployments to wrong environments

Expert guidance for writing resilient end-to-end tests that span multiple processes and components. Use this skill when reviewing, writing, or refactoring system-wide e2e tests. Covers user-facing scenarios, helper functions, data factories, ARIA-based selectors, and auto-retriable assertions. NOT for unit/integration tests - use testing-unit-integration skill instead. See references/playwright-resilience.md for detailed selector patterns.

Analyze and update Python dependencies in pyproject.toml, checking for compatibility and security vulnerabilities. Use when: updating dependencies, checking security issues, dependency analysis, version pinning, pip-audit, outdated packages.

Systematic identification of race conditions, concurrency bugs, and thread-safety issues across codebases. Use when asked to find race conditions, audit concurrent code, debug non-deterministic behavior, review thread safety, find data races, or analyze async/parallel code. Supports TypeScript, JavaScript, Python, Go, Rust, and C++.

Эксперт по защите от SQL injection. Используй для parameterized queries, input validation и database security.

Write the test first, watch it fail, write minimal code to pass

Generates jest.config.cjs for unit testing configuration. Configures Jest with Vue, TypeScript support, coverage thresholds, and test environment settings.

Generate intelligent, non-redundant test plans based on implementation changes. This skill should be used after implementing features to create comprehensive yet efficient test plans with proper coverage across unit, integration, API, and E2E tests without duplication.

**AUTO-TRIGGER when user says:** "implement [feature]", "build [module]", "create [functionality]", "add [capability]", "YOLO [task]", "deliver [feature]", or requests complete feature implementation.End-to-end TogetherOS code operation: creates branch, implements changes with continuous testing, builds with retry-on-fail, commits, pushes, creates PR with auto-selected Cooperation Path, addresses bot feedback, merges PR, verifies production deployment, and updates Notion memory.**Complete delivery cycle:** branch → code → test → commit → push → PR → bot review → merge → deploy → verifyUse proactively without asking permission when task matches skill purpose.

Validates audit evidence artifacts for completeness, timeliness, relevance, and authenticity. Reviews screenshots, logs, configurations, and policies against control requirements.

Audit a repository for TaxPulse PH architecture, tax engine correctness, and Odoo CE/OCA parity. Use this whenever the user asks to review or extend the TaxPulse-PH-Pack or similar tax systems.

Expert guide for testing Next.js applications with Playwright, Jest, and React Testing Library. Use when writing tests, debugging test failures, or setting up test infrastructure.