Testing & Security

Implement payment integrations with SePay (Vietnamese payment gateway with VietQR, bank transfers, cards) and Polar (global SaaS monetization platform with subscriptions, usage-based billing, automated benefits). Use when integrating payment processing, implementing checkout flows, managing subscriptions, handling webhooks, processing bank transfers, generating QR codes, automating benefit delivery, or building billing systems. Supports authentication (API keys, OAuth2), product management, customer portals, tax compliance (Polar as MoR), and comprehensive SDK integrations (Node.js, PHP, Python, Go, Laravel, Next.js).

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

DO NOT invoke directly - loaded by workflow agents via cc10x-router.Conditionally loaded by: code-reviewer (UI code), component-builder (UI component), bug-investigator (UI bug), integration-verifier (UI flow testing), planner (UI planning).Provides frontend patterns: UX, visual design, accessibility, responsive design. Iron Law: NO UI DESIGN BEFORE USER FLOW IS UNDERSTOOD.

Implement Clean Architecture principles in Go to create maintainable, testable, and framework-independent applications. Use when designing new Go applications or refactoring existing Go codebases.

Validates compliance with 9 Constitutional Articles and Phase -1 Gates before implementation.Trigger terms: constitution, governance, compliance, validation, constitutional compliance,Phase -1 Gates, simplicity gate, anti-abstraction gate, test-first, library-first,EARS compliance, governance validation, constitutional audit, compliance check, gate validation.Enforces all 9 Constitutional Articles with automated validation:- Article I: Library-First Principle- Article II: CLI Interface Mandate- Article III: Test-First Imperative- Article IV: EARS Requirements Format- Article V: Traceability Mandate- Article VI: Project Memory- Article VII: Simplicity Gate- Article VIII: Anti-Abstraction Gate- Article IX: Integration-First TestingRuns Phase -1 Gates before any implementation begins.Use when: validating project governance, checking constitutional compliance,or enforcing quality gates before implementation.

Copilot agent that assists with comprehensive code review focusing on code quality, SOLID principles, security, performance, and best practicesTrigger terms: code review, review code, code quality, best practices, SOLID principles, code smells, refactoring suggestions, code analysis, static analysisUse when: User requests involve code reviewer tasks.

Systematic debugging framework ensuring root cause investigation before fixes. Includes four-phase debugging process, backward call stack tracing, multi-layer validation, and verification protocols. Use when encountering bugs, test failures, unexpected behavior, performance issues, or before claiming work complete. Prevents random fixes, masks over symptoms, and false completion claims.

security-auditor skillTrigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVEUse when: User requests involve security auditor tasks.

test-engineer skillTrigger terms: testing, unit tests, integration tests, E2E tests, test cases, test coverage, test automation, test plan, test design, TDD, test-firstUse when: User requests involve test engineer tasks.

Use when you need to plan technical solutions that are scalable, secure, and maintainable.

Validates complete requirements traceability across EARS requirements → design → tasks → code → tests.Trigger terms: traceability, requirements coverage, coverage matrix, traceability matrix,requirement mapping, test coverage, EARS coverage, requirements tracking, traceability audit,gap detection, orphaned requirements, untested code, coverage validation, traceability analysis.Enforces Constitutional Article V (Traceability Mandate) with comprehensive validation:- Requirement → Design mapping (100% coverage)- Design → Task mapping- Task → Code implementation mapping- Code → Test mapping (100% coverage)- Gap detection (orphaned requirements, untested code)- Coverage percentage reporting- Traceability matrix generationUse when: user needs traceability validation, coverage analysis, gap detection,or requirements tracking across the full development lifecycle.

Implement Clean Architecture principles in Python to create maintainable, testable, and framework-independent applications. Use when designing new Python applications, refactoring existing code, or implementing domain-driven designs.

THE ONLY ENTRY POINT FOR CC10X - AUTO-LOAD AND EXECUTE when user says: build, implement, create, make, write, add, develop, code, feature, component, app, application, review, audit, check, analyze, debug, fix, error, bug, broken, troubleshoot, plan, design, architect, roadmap, strategy.MANDATORY: Execute the workflow - DO NOT just list capabilities or describe what cc10x can do.CRITICAL: All agents and skills MUST be invoked through this router. Never invoke agents or skills directly - they will not work correctly without router's memory management.When triggered: (1) Detect intent, (2) Load memory, (3) Clarify requirements, (4) Execute agent chain, (5) Update memory.

Design and implement production-grade Kubernetes clusters with best practices for reliability, security, and scalability. Use when planning cluster architecture, designing K8s network models, or implementing multi-cluster strategies.

DO NOT invoke directly - loaded by workflow agents via cc10x-router.Always loaded by: code-reviewer, silent-failure-hunter.Provides code review patterns: two-stage review (spec compliance first, then quality), security, performance. Iron Law: NO QUALITY REVIEW BEFORE SPEC COMPLIANCE.

Implements approved specification proposals by working through tasks sequentially with testing and validation. Use when implementing changes, applying proposals, executing spec tasks, or building from approved plans. Triggers include "implement", "apply change", "execute spec", "work through tasks", "build feature", "start implementation".

Execute specification-driven implementation with automatic quality gates, multi-agent orchestration, and progress tracking. Use when building features from specs, fixing bugs with test coverage, or refactoring with validation.

Comprehensive testing patterns for React components with MSW, React Query, and Vitest. Use when writing tests, setting up mocks, testing API interactions, or ensuring 80% coverage. Keywords - testing, MSW, React Query, Vitest, mocks, coverage, API testing.

Specialized skill for Rails security, authorization, and data protection. Use when implementing Pundit policies, Lockbox encryption, Blind Index searches, authentication, secure configuration, or fixing security vulnerabilities. Includes security best practices and common pitfall prevention.

Build and release manager for ARW CLI package. Handles local development, testing, building, documentation, version tagging, and publishing to npm and crates.io. Use when developing locally, running tests, building packages, releasing new versions, or publishing packages.