Testing & Security

Expert-level state management with Redux Toolkit and Zustand using TypeScript. Handle complex application state including shopping carts, user authentication, product catalogs, API state management, and advanced patterns. Generate production-ready store configurations, slices, hooks, and complete implementations across React, Next.js, and universal applications. Use when building scalable state management solutions with TypeScript for e-commerce, authentication, async operations, and complex state architectures.

Automatic OWASP security checks on generated code.Use when: any code is generated in the pipeline.Triggers: internal use only.

Execute end-to-end tests for Nikita using Telegram MCP, Gmail MCP, Supabase MCP, Chrome DevTools MCP, and gcloud CLI. Use when verifying implementations, testing user journeys, validating integrations, performing regression testing, or after completing any feature implementation. MANDATORY after /implement completes.

Analyzes vendor security questionnaire responses. Identifies red flags, gaps, and areas requiring follow-up. Supports SIG, CAIQ, and custom questionnaires.

Perform deep, expert-level codebase and architecture audits to identify technical strengths, weaknesses, risks, and opportunities. Use when a user asks for an assessment of a codebase's structure, quality, or readiness for scale. Deliver detailed, actionable, and prioritized recommendations grounded in engineering best practices.

Build robust backend systems with modern technologies (Node.js, Python, Go, Rust), frameworks (NestJS, FastAPI, Django), databases (PostgreSQL, MongoDB, Redis), APIs (REST, GraphQL, gRPC), authentication (OAuth 2.1, JWT), testing strategies, security best practices (OWASP Top 10), performance optimization, scalability patterns (microservices, caching, sharding), DevOps practices (Docker, Kubernetes, CI/CD), and monitoring. Use when designing APIs, implementing authentication, optimizing database queries, setting up CI/CD pipelines, handling security vulnerabilities, building microservices, or developing production-ready backend systems.

Dockerizes backend projects with auto-detection, latest base images via web search, Dockerfile generation, and Makefile with port override support.

Mocks APIs with Mock Service Worker including request handlers, server/browser setup, and testing integration. Use when mocking APIs in tests, developing without backend, or simulating network conditions.

Write failing tests before implementation (RED phase of TDD). Creates test file with test functions that fail because code doesn't exist yet. Use when starting TDD workflow or adding tests for new functionality.

Use when encountering any bug, test failure, or unexpected behavior - four-phase framework (root cause investigation, pattern analysis, hypothesis testing, implementation) that ensures understanding before attempting solutions

Introduces property-based testing with proptest, helping users find edge cases automatically by testing invariants and properties. Activates when users test algorithms or data structures.

Parallel execution of analysis check skills. Command-specific - /ms uses all 3 checks, /build uses 2, /audit uses 2 different ones. See command for which checks to run.

Expert guidance on statistical analysis methodologies and Monte Carlo simulation for fantasy football. Use this skill when selecting regression approaches, designing simulations, performing variance analysis, or conducting hypothesis tests. Covers regression types (OLS, Ridge, Lasso, GAMs), Monte Carlo frameworks, regression-to-mean analysis, and statistical best practices for player performance modeling.

Multi-stage deep investigation and reasoning for complex problems using PAL MCP. Use for architecture decisions, complex analysis, performance challenges, or when you need thorough reasoning. Triggers on complex problems requiring deep thought, hypothesis testing, or expert analysis.

Bootstraps complete backend with Apso, including API setup, database configuration, and testing. Triggers when user needs to create backend, setup API, or initialize server.

Reference and maintain the project's technology stack including frameworks, languages, databases, testing tools, and third-party services to ensure consistency across the codebase. Use this skill when making technology decisions, adding new dependencies, choosing appropriate tools or libraries, configuring build systems, setting up testing frameworks, or documenting the tech stack. Apply this skill when selecting which framework, library, or tool to use for a given task, when ensuring code follows the conventions of the chosen stack (React patterns, Python idioms, Rails conventions), when integrating third-party services, or when documenting technology choices in README or architecture documentation. This skill ensures all team members use consistent technologies, new additions align with existing stack decisions, technology choices are documented with rationale, and the project maintains coherent patterns rather than mixing conflicting approaches or frameworks.

E2E 테스트, Flyway vs @Sql 분리, TestRestTemplate 필수. MockMvc 금지. /kb-integration 명령 시 자동 활성화.

Expert at handling Supabase database migrations, creating RPC functions, managing RLS policies, and updating database schemas. Use when working with migrations, database schema changes, SQL functions, or Row Level Security policies.

Use to avoid critical testing mistakes. Five Iron Laws: Never test mock behavior, Never add test-only methods, Never mock without understanding, Always integration test, Always test error paths.

EditorConfig file validation and template for enforcing consistent coding styles across editors and IDEs in monorepos. Includes 4 required standards (root declaration, universal settings with UTF-8/LF/2-space defaults, language-specific sections for JS/TS/JSON/YAML/Markdown/Python/Shell/SQL/Docker/Prisma, root-only placement in monorepos). Use when creating or auditing .editorconfig files to ensure consistent code formatting.