Testing & Security

Jest with TypeScript - Industry standard testing framework with 70% market share, mature ecosystem, React Testing Library integration

Complete full-stack development with Next.js 13+, React, Firebase, Tailwind CSS, and payment integration (Stripe, JazzCash, EasyPaisa). Build production-ready e-commerce platforms, SaaS applications, and scalable web applications. Comprehensive coverage of frontend architecture, backend API routes, database design, authentication systems, payment processing, form handling, error management, and optimization. Generate complete project structures, pages, components, API routes, database schemas, security rules, and deployment configurations using TypeScript.

This skill provides comprehensive knowledge for integrating Vercel KV (Redis-compatible key-value storage powered by Upstash) into Vercel applications. It should be used when setting up Vercel KV for Next.js applications, implementing caching patterns, managing sessions, or handling rate limiting in edge and serverless functions.Use this skill when:- Setting up Vercel KV for Next.js applications- Implementing caching strategies (page cache, API cache, data cache)- Managing user sessions or authentication tokens in serverless environments- Building rate limiting for APIs or features- Storing temporary data with TTL (time-to-live)- Migrating from Cloudflare KV to Vercel KV- Encountering errors like "KV_REST_API_URL not set", "rate limit exceeded", or "JSON serialization errors"- Need Redis-compatible API with strong consistency (vs eventual consistency)Keywords: vercel kv, @vercel/kv, vercel redis, upstash vercel, kv vercel, redis vercel edge, key-value vercel, vercel cache, vercel sessions, vercel

Automated test generation, review, and execution for pytest-based projects. Auto-activates on keywords test, coverage, pytest, unittest, integration test, e2e, performance, benchmark, security testing. Routes to specialized testing workflows based on user intent.

Comprehensive Supabase expert with access to 2,616 official documentation files covering PostgreSQL database, authentication, real-time subscriptions, storage, edge functions, vector embeddings, and all platform features. Invoke when user mentions Supabase, PostgreSQL, database, auth, real-time, storage, edge functions, backend-as-a-service, or pgvector.

Discover the primary .sln, list projects, and emit a solution map with target frameworks and test flags.

Truth Auditor Captain - Fact validation, hallucination detection, evidence synthesis, and final verification

Design multi-stage CI/CD pipelines with approval gates, security checks, and deployment orchestration. Use when architecting deployment workflows, setting up continuous delivery, or implementing GitOps practices.

Map security controls between different compliance frameworks including NIST 800-53, ISO 27001, CIS Controls, PCI-DSS, HIPAA, SOC 2, and CMMC. Use this skill for gap analysis, multi-framework compliance, and control rationalization.

Accessibility audit for CSS covering focus styles, color contrast, text sizing, screen reader support, and WCAG compliance. Provides actionable fixes. Use when auditing accessibility or fixing a11y issues.

Primary entry point for testing guidance. Routes to appropriate test type (unit, integration, E2E) based on what you're testing. Use when asked about "test", "testing", "write tests", "TDD", or test strategy. Embeds Testing Trophy philosophy and TDD Red-Green-Refactor as core discipline.

Comprehensive guide for developing Temporal.io workflows and activities in the A4C-AppSuite.Covers Workflow-First architecture, deterministic workflow design, event-driven activities,saga compensation patterns, CQRS integration, and testing strategies for durable workfloworchestration in healthcare compliance contexts (HIPAA audit trails).

Master Supabase patterns for migrations, RLS policies, pgvector, and authentication. Use when creating database schemas, writing migrations, implementing row-level security, setting up auth, or debugging Supabase issues. Triggers on "supabase migration", "RLS policy", "row level security", "pgvector", "supabase auth", "magic link".

Use when contributing skills back to the community. Follow git workflow: sync upstream → create branch → develop skill → test with writing-skills → commit → push → PR. One skill per PR.

Guide for conducting thorough code reviews focusing on correctness, security, performance, maintainability, and best practices

Penetration testing for Android/PC applications. Authorized security testing using Metasploit, Drozer, Burp Suite, and custom exploits. Requires explicit authorization. Triggers on: pentest, penetration test, exploit, attack simulation, red team, security assessment, vulnerability exploitation, authorized testing.

Execution workflow preferences including no dev servers, read-only information gathering, real data over mocks, and proper error handling over fallbacks. Use when executing code, running servers, testing, or handling data.

Implements Auth0 authentication with Next.js SDK, React hooks, role-based access, and API protection. Use when integrating Auth0, implementing enterprise SSO, or needing managed authentication with MFA.

Use when planning Rails features or breaking down work into PRs - enforces 2-5 file PRs, bug fix separation, and one-sentence scope test

Validate and grade Claude Code Skills, Commands, Subagents, and Hooks for quality and correctness. Check YAML syntax, verify naming conventions, validate required fields, test activation patterns, assess description quality. Generate quality scores using Q = 0.40R + 0.30C + 0.20S + 0.10E framework with specific improvement recommendations. Use when validating artifacts, checking quality, troubleshooting activation issues, or ensuring artifact correctness before deployment.