Testing & Security

Husky git hooks configuration with smart auto-detection for sensitive files, fail-fast execution, auto-fix workflows, and CI detection. Includes 5 required standards (smart .npmrc detection for multi-mono repos, set -e for fail-fast, pre-commit auto-fix with prettier:fix and lint:fix, pre-push validation with time tracking, clear emoji-enhanced output). Use when creating or auditing .husky/pre-commit and .husky/pre-push hooks.

Add additional test cases to an existing exercise to improve coverage

Multi-tenant architecture patterns including org_id claim management, JWT token structure with organization context, database isolation strategies for MongoDB and PostgreSQL, theme switching per organization, tenant provisioning workflows, data isolation patterns, and cross-tenant security. Activate for multi-tenancy implementation, tenant isolation, and organization-scoped data access.

Provides exhaustive security vulnerability checklists with severity classifications, point deductions, and detection commands. Use when performing security audits, code reviews, penetration testing preparation, or checking OWASP compliance.

Principles for writing effective, maintainable tests. Covers naming conventions, assertion best practices, and comprehensive edge case checklists. Based on BugMagnet by Gojko Adzic.

Progressive audit and cleanup of GitHub accounts - stale forks, orphaned secrets, failing workflows, security configs. Audit-first with user approval before destructive actions. Triggers on 'clean up GitHub', 'audit my repos', 'GitHub hygiene', 'stale forks', 'orphaned secrets'. Requires gh CLI. (user)

Query and manage local Convex documentation mirror (42 docs). Search Convex topics for real-time database, serverless functions, authentication, file storage, and React hooks. Use when implementing Convex backend features or answering Convex-related questions. (user)

Comprehensive Vitest testing framework guide with strong emphasis on Jest-to-Vitest migration. Covers automated migration using codemods, configuration setup, API differences, best practices, and troubleshooting. Use when migrating from Jest, setting up Vitest, writing tests, configuring test environments, or resolving migration issues. Primary focus is seamless Jest migration with minimal code changes.

Review test cases for Scope and Claims handling. Covers openid scope requirement, standard scopes (profile, email, address, phone), claims request parameter, and claim types per OIDC Core 1.0 Section 5.4 and 5.5.

Load testing, chaos engineering, and performance validation. Prove your system works under pressure with k6, trace correlation, and progressive load profiles.

Test WordPress form submissions and email delivery. Validates contact forms, checks WP Mail SMTP configuration, and sends test emails. Use when verifying form functionality or troubleshooting email delivery issues.

Control Chrome browser programmatically using chrome-devtools-mcp. Use when user asks to automate Chrome, debug web pages, take screenshots, evaluate JavaScript, inspect network requests, or interact with browser DevTools. Also use when asked about browser automation, web scraping, or testing websites.

Auto-invoke when reviewing test files or discussing testing strategy. Enforces testing pyramid, strategic coverage, and stack-appropriate frameworks.

WordPress performance optimization - Core Web Vitals, image/video compression, caching, asset optimization, and speed testing. Use when optimizing site speed or diagnosing performance issues.

This skill should be used when the user requests to audit, check, or generate authentication and authorization protection for Next.js routes, server components, API routes, and server actions. It analyzes existing routes for missing auth checks and generates protection logic based on user roles and permissions. Trigger terms include auth check, route protection, protect routes, secure endpoints, auth middleware, role-based routes, authorization check, api security, server action security, protect pages.

Guides creation of high-quality MCP (Model Context Protocol) servers that enable LLMsto interact with external services through well-designed tools. Use when building MCPservers to integrate external APIs or services, whether in Python (FastMCP) orNode/TypeScript (MCP SDK). Covers tool design, authentication, Docker deployment,and evaluation creation. NOT when consuming existing MCP servers (use the server directly).

Copy-paste hardened CI/CD workflows with SHA-pinned actions, minimal GITHUB_TOKEN permissions, OIDC authentication, and comprehensive security scanning for GitHub Actions.

Playwright modern end-to-end testing framework with cross-browser automation, auto-wait, and built-in test runner

Visually verify implemented features work correctly before marking complete. Use when testing UI changes, verifying web features, or checking user flows work in the browser.

Use when implementation is complete, all tests pass, and you need to decide how to integrate the work - guides completion of development work by presenting structured options for merge, PR, or cleanup