Testing & Security

How to make a good property-based test. Use when writing any property-based test.

PRIMARY expert for ALL NestJS and @lenne.tech/nest-server tasks. ALWAYS use this skill when working in projects with @lenne.tech/nest-server in package.json dependencies (supports monorepos with projects/*, packages/*, apps/* structure), or when asked about NestJS modules, services, controllers, resolvers, models, objects, tests, server creation, debugging, or any NestJS/nest-server development task. Handles lt server commands, security analysis, test creation, and all backend development. ALWAYS reads CrudService base class before working with Services.

Comprehensive code quality workflow that analyzes code for issues, creates improvement plan, and optionally applies refactoring. Use when the user asks to "critic my code", "review and improve this", "ensure code quality", "analyze and fix", or wants a complete quality audit with optional improvements.

Guided workflow for implementing features with quality gates. Use when building new features - includes spec, test-first, implementation, and verification steps.

Manage authentication, authorization, and user sessions. Use when dealing with login, sign-up, API protection, middleware, or user data fetching.

Complete Software Development Life Cycle workflow for Linear issues. Coordinates requirements analysis, TDD setup, implementation, testing, and PR creation through agent chaining. Use when starting work on Linear issues, implementing features from Linear, or when user mentions SDLC workflow, Linear issue development, test-driven development, or feature implementation workflow.

Interactive setup wizard for development environments. ALWAYS trigger first when users want to set up, create, or initialize a new development environment. Asks discovery questions about tech stack, services, and preferences, then coordinates other skills (zero-to-running, database-seeding, git-hooks, local-ssl, env-manager) to generate a customized environment.

Configures secure authentication with Azure using OIDC (OpenID Connect). Eliminates long-lived secrets by integrating GitHub Actions with Azure AD for secure resource access.

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

Audit SQLite persistence layer for unused tables and broken integrations. Trigger when: (1) checking database usage, (2) cleaning up schema, (3) finding missing methods.

Write pytest tests using Test-Driven Development (TDD). Use when implementing features, fixing bugs, or when the user mentions testing, TDD, or pytest. Tests should be written BEFORE implementation code.

Comprehensive read-only code review analyzing code quality, security vulnerabilities, performance issues, best practices compliance, and VSCode diagnostics. Use when user asks to review code, check for errors, analyze code quality, mentions security review, or wants feedback on their code.

Use when validating project structure during Standards Audit phase. Detects package type from package.json metasaver.projectType, loads structure rules from domain skills (react-app-structure, prisma-database, contracts-package), scans created/modified files, and reports violations with fix suggestions. File types: .tsx, .ts, directory layouts.

Test Driven Development (TDD) workflow automation for Java Spring Boot projects. Use for writing tests, checking coverage, generating test scaffolds, and implementing Red-Green-Refactor cycles with JUnit 5, Mockito, and Testcontainers.

Comprehensive code review knowledge including security, performance, accessibility, and quality standards across multiple languages and frameworks

Validates output-style persona definitions, behavior specifications, and keep-coding-instructions decisions. Use when auditing, reviewing, or improving output-styles, checking persona clarity, validating behavior concreteness, or verifying scope alignment (user vs project). Triggers when user asks about output-style best practices or needs help with persona definition.

Design and build scalable backend systems, master database technologies, design APIs, implement authentication, and optimize performance. Use for backend design, database selection, API development, and scaling strategies.

JSON-driven content architecture for services, programmes, FAQs, testimonials, and policies with TypeScript interfaces and locale-aware data fetching. Use when defining content schemas, creating data utilities, adding new content types, or fetching localized business data.

Docker containerization for packaging applications with dependencies into isolated, portable units ensuring consistency across development, testing, and production environments.

Generate a detailed test plan covering scenarios, environments, data, and reporting for the release.