Testing & Security

5 specialist operations agents for platform engineering, incident response,cloud cost optimization, infrastructure architecture, and security operations.Dispatch when you need production operations expertise.

Test system behavior under extreme load conditions to identify breaking points, capacity limits, and failure modes. Use for stress test, capacity testing, breaking point analysis, spike test, and system limits validation.

Build comprehensive GitHub Actions workflows for CI/CD, testing, security, and deployment. Master workflows, jobs, steps, and conditional execution.

Implement Role-Based Access Control (RBAC), permissions management, and authorization policies. Use when building secure access control systems with fine-grained permissions.

Implement comprehensive cloud security across AWS, Azure, and GCP with IAM, encryption, network security, compliance, and threat detection.

Main orchestrator for the 6-gate development cycle system. Loads tasks/subtasksfrom PM team output and executes through implementation, devops, SRE, testing, review,and validation gates with state persistence and metrics collection.

Configure API gateways for routing, authentication, rate limiting, and request/response transformation. Use when deploying microservices, setting up reverse proxies, or managing API traffic.

Algorithmic trading strategies and execution systems. Use for building trading bots, backtesting strategies, and implementing automated trading rules.

Use Nmap for network discovery and security scanning. Use this skill when performing host discovery, port scanning, OS detection, or vulnerability assessment on network targets.

Exploit padding oracle vulnerabilities in CBC mode encryption. Use this skill when attacking web applications or services that leak information about PKCS7 padding validity.

Graph algorithms for network analysis including shortest paths, cycle detection, and connectivity analysis. Create directed/undirected graphs with weighted edges. Use when modeling currency exchange networks, detecting arbitrage opportunities via negative cycles, finding optimal trading routes, calculating path lengths, analyzing network topology, or working with any connected data structures. Supports Bellman-Ford, Dijkstra, and other graph algorithms.

Comprehensive testing guidelines for Vitest and React Testing Library. Covers quality standards, AAA pattern, naming conventions, branch coverage, and best practices. Reference this skill when creating or updating test code during Phase 2 (Testing & Stories).

QEMU ARM emulation for running ARM binaries and system images on x86 hosts. Use when emulating ARM architecture, running ARM Linux kernels, testing ARM binaries, or creating ARM development environments.

Handle API authentication. Use for Bearer tokens, API keys, OAuth, or Basic auth in requests.

Comprehensive Storybook story creation guidelines. Covers story structure, naming conventions, and visual testing patterns. Reference this skill when creating Storybook stories for components with conditional rendering or complex UI states during Phase 2 (Testing & Stories).

Guide for SELinux (Security-Enhanced Linux) security framework. Use when configuring mandatory access controls, troubleshooting permission denials, creating custom policies, or managing security contexts. Covers modes, contexts, booleans, and policy management.

Make HTTP requests to REST APIs with authentication, handle responses, and manage pagination. Use when connecting to external APIs, fetching data from CRM systems, syncing records between services, or implementing OAuth/API key authentication flows.

Comprehensive React component coding guidelines, refactoring principles, and architectural patterns. **CRITICAL**: Focuses on patterns AI commonly fails to implement correctly, especially testability, props control, and component responsibility separation. Reference this skill when implementing or refactoring React components during Phase 2.

Apply cryptanalysis techniques to break ciphers without knowing the key. Use this skill when performing known-plaintext attacks, chosen-plaintext attacks, or statistical analysis to recover encryption keys.

Automate browser interactions using Selenium WebDriver. Use this skill when you need to interact with dynamic JavaScript-heavy websites, fill forms, click buttons, handle authentication, or scrape content that requires browser rendering. NOT needed for static HTML parsing or processing already-fetched content.