Testing & Security

Use PROACTIVELY when auditing code quality, running security scans, assessing technical debt, reviewing code for production readiness, setting up CI quality gates, or tracking DORA metrics. Analyzes codebases against OWASP Top 10, SOLID principles, Testing Trophy, and 2024-25 SDLC standards. Supports incremental audits for large codebases. Not for runtime profiling or real-time monitoring.

Diagnose and repair selftest failures by running diagnostic commands and proposing fixes

Review code for best practices, bugs, and security risks; use for PR reviews, code quality audits, or whenever the user wants feedback.

Test-first development strategy for PAI projects. USE WHEN user needs test strategy, coverage analysis, ATDD workflows, risk-based testing, or quality gates. Ensures tests are written before code, not after bugs appear.

Design production-grade Terraform modules for home lab infrastructure with HA patterns, proper structure, variable design, and Proxmox optimization. Use when creating new modules, implementing multi-master Kubernetes clusters, load balancers, or building reusable infrastructure components. Includes module structure, HA implementations, cost optimization, and testing patterns.

Enforces zero-tolerance test quality through two-phase testing strategy (Focus → Stable → Regression). Proactively activates when testing context detected. Blocks failures, enforces coverage thresholds (70% min, 85% actors, 80% business logic), and provides gamified feedback. Implements "testing is art in efficiency" - fast module feedback then comprehensive regression.

Reference and maintain consistency with the project's technical stack including frameworks, runtimes, languages, frontend libraries, databases, ORMs, testing tools, deployment platforms, and third-party services. Use this skill when making technology choices or selecting libraries that need to align with the existing stack, adding new dependencies to package.json, pnpm-workspace.yaml, requirements.txt, or other dependency management files, implementing features using the project's established frameworks, ORMs, databases, or APIs, writing code in the project's primary language and runtime environment, setting up testing infrastructure with the project's test frameworks, configuring CI/CD pipelines or deployment settings, integrating third-party services that match the project's existing integrations, ensuring compatibility with the project's build tools and bundlers, or ensuring any technical implementation decision aligns with the project's established technologies, architectural patterns, and conventions doc

Comprehensive code review checklist covering correctness, performance, security, and maintainability. Use when performing code reviews or preparing code for review.

테스트 실행 및 품질 검증. Use when:(1) 테스트 실행 요청, (2) 변경 후 검증 필요,(3) 커버리지 확인, (4) CI 전 로컬 검증.

Use when implementing authentication, user management, organization/tenant management, team invitations, role-based access control (RBAC), or multi-tenant architecture in a Supabase project. Provides complete schema, API templates, and frontend components for AuthHub-style authentication.

인프라 계층(JpaEntity, Adapter, Repository) TDD 개발 지침. Red-Green-Refactor 사이클을 통해 테스트 주도 개발을 수행합니다. 실제 DB(Testcontainer)를 사용하며 Mocking하지 않습니다.

Production-ready Supabase database schemas for customers, subscriptions, payments, invoices, and webhook events with comprehensive Row Level Security policies. Use when setting up payment infrastructure, creating subscription tables, implementing secure payment data storage, or configuring RLS policies for multi-tenant payment systems.

Comprehensive NestJS framework skill for building scalable server-side applications. Use for TypeScript backend development with controllers, providers, modules, dependency injection, middleware, guards, interceptors, pipes, database integration (MikroORM + MongoDB), GraphQL, microservices, testing, and API documentation. Also triggers when working with NestJS TypeScript files (.ts), NestJS module files, nest-cli.json, or NestJS project structure. Example triggers: "Create NestJS controller", "Set up dependency injection", "Add middleware", "Create GraphQL resolver", "Build microservice", "Write NestJS test", "Set up database module"

Tag Zotero items with timestamp tags after generating bibliographies. Uses secure macOS Keychain storage for credentials. Claude Code only.

Write and update RSpec tests following BDD principles with behavior-first approach, characteristic-based context hierarchy, and happy path priority. **Activate when:** user mentions RSpec/specs/testing, works with *_spec.rb files, asks to write/add/update/fix tests, or requests test coverage. Ensures tests describe observable behavior, not implementation details.

Create or audit requirements-to-design-to-code-to-test traceability. Builds atraceability matrix (REQ → design/ADR → implementation files → tests →evidence) and flags gaps (unimplemented requirements, untested changes,undocumented decisions). Use when you need a requirements traceability checkfor a PR/release, regulated/compliance work, or when requirements are driftingfrom implementation.

Python development for scientific computing and SciTeX projects. Includes testing, debugging, ML practices, and environment management.

pnpm workspace YAML configuration templates and validation logic for monorepo workspace patterns. Includes 5 required standards (architecture-specific patterns for consumer vs library repos, exact path matching, no missing directories, no extra patterns, alphabetical ordering). Critical distinction between consumer repos (specific paths like packages/contracts/*) and library repos (broad patterns like packages/*). Use when creating or auditing pnpm-workspace.yaml files.

Custom Hypothesis strategy patterns for property-based testing. Activated when designing test data generators or property tests.

Guide for building applications with @fpkit/acss components. This skill should be used when composing custom React components from fpkit primitives, validating CSS variable naming conventions, extending fpkit components with custom behavior, or ensuring accessibility compliance in fpkit-based applications. Use when the user needs help with component composition patterns, CSS customization, or accessibility testing. Not for developing the @fpkit/acss library itself.