Testing & Security

Generate Docker and Traefik deployment configuration for any application (Node.js, Python, Go, etc). Creates Dockerfile, docker-compose.yml, docker-compose.for-traefik.yml overlay, and .env.sample. Use when user wants to dockerize an app, add Docker deployment, deploy with Traefik, or set up HTTPS/SSL with Let's Encrypt.

Core WordPress testing procedures and patterns for browser-based plugin testing. Use when testing WordPress plugins, logging into WordPress admin, verifying plugin activation, or navigating WordPress UI.

Type hints, dataclasses, async patterns, testing with pytest, and modern Python tooling

Clerk session handling, JWT verification, token management, and multi-session workflows. Use when implementing session validation, JWT claims customization, token refresh patterns, session lifecycle management, or when user mentions session errors, authentication tokens, JWT verification, multi-device sessions, or session security.

Comprehensive code review skill for FastAPI projects. Analyzes codebase against industry best practices covering async patterns, project structure, Pydantic usage, dependency injection, database patterns, testing, and performance. Generates detailed refactor plans with prioritized recommendations. Use when reviewing FastAPI projects, auditing code quality, planning refactors, or ensuring adherence to FastAPI/async best practices.

Create production-ready FastAPI projects with async patterns, dependency injection, and comprehensive error handling. Use when building new FastAPI applications or setting up backend API projects.

Apply when setting up the development environment, running dev server, building, testing, or deploying the extension. Covers npm commands, CORS configuration, debugging, and deployment to ChurchTools.

⚡ PRIMARY TOOL for: 'comprehensive audit', 'deep analysis', 'full codebase review', 'multi-perspective investigation', 'complex questions'. Combines ALL detective perspectives (architect+developer+tester+debugger). Uses Opus model. REPLACES grep/glob entirely. Uses claudemem v0.3.0 AST with ALL commands (map, symbol, callers, callees, context). GREP/FIND/GLOB ARE FORBIDDEN.

Automated dependency management with security scanning, update orchestration, and compatibility validation

Comprehensive audit of Claude Code hooks for correctness, safety, and performance. Use when reviewing, validating, or debugging hooks, checking JSON stdin handling, verifying exit codes (0=allow, 2=block), analyzing error handling, fixing hook failures, ensuring safe degradation, optimizing performance, or validating settings.json registration. Also triggers when user asks about hook best practices, wants to create a new hook, or needs help with hook configuration.

Senior Frontend QA Engineer with 10+ years JavaScript/TypeScript testing experience. Use when writing unit tests for React components, creating integration tests with React Testing Library, testing custom hooks, mocking APIs, or following TDD for frontend.

Build accessible user interfaces with semantic HTML, keyboard navigation, proper color contrast, ARIA attributes, and screen reader support. Use this skill when creating or modifying frontend UI components, HTML templates, JSX/TSX files, forms, interactive elements, modals, navigation menus, or any user-facing interface code. Use this when ensuring keyboard accessibility, adding ARIA labels and roles, providing alt text for images, managing focus states, implementing proper heading hierarchy, testing with screen readers, or ensuring sufficient color contrast ratios. Use this when working on .jsx, .tsx, .vue, .html, or component files that render UI elements.

セキュリティ・エラーハンドリングレビュー - OWASP Top 10、エラー処理、ログ管理を統合評価

Auditar a camada de cache Redis reativa (lettuce), garantindo binding de secrets, TTLs e métricas consistentes no Swarm.

Git attributes configuration for cross-platform line ending normalization and file handling. Includes 8 required pattern categories (global auto-detection, source code, shell scripts, Windows files, Docker files, binary files, lock files, generated files). Critical for Windows WSL compatibility. Use when creating or auditing .gitattributes files to prevent line ending issues and binary corruption.

Phoenix controllers, JSON APIs, Channels, and Presence on the BEAM. Covers routing, plugs, versioned APIs, Ecto-backed contexts, PubSub broadcasting, Presence tracking, authentication, testing, telemetry, and deployment considerations.

Create encrypted, verifiable backups with proof receipts (BLAKE3 + ROOT.txt) and mandatory restore drill. Uses age encryption for modern, simple UX. Designed for sovereign EU infrastructure. Use after node-hardening completes. Triggers: 'backup node', 'encrypted backup', 'create backup', 'restore drill', 'generate proof receipts', 'verify backup', 'backup with proof'.

Security requirements, threats, and controls that apply across this system.

Create custom Semgrep rules for vulnerability detection. Use when writing new rules for specific vulnerability patterns, creating org-specific detections, or building rules for novel attack vectors discovered during bug bounty hunting.

REST API best practices, OpenAPI/Swagger patterns, authentication, and error response formats