Testing & Security

Build evaluation frameworks for agent systems. Use when testing agent performance, validating context engineering choices, or measuring improvements over time.

Control Chrome browser directly via DevTools Protocol using the use_browser MCP tool. Use when you need browser automation - authenticated sessions, multi-tab management, form filling, content extraction, web scraping. Provides navigate, click, type, extract, screenshot, eval, and tab management actions. Use this instead of WebFetch for interactive sites requiring authentication or JavaScript execution.

Audit or critique a plan for feasibility, risks, missing steps, and test coverage. Use when the user asks to review, audit, or critique a plan or process.

Guides evaluation-driven development (EDD) process for agent skills. Use when setting up skill testing workflows, creating skill evaluation scenarios, or establishing Claude A/B feedback loops for skill validation. Provides development methodology, not content guidance.

Generate Helmet.js security middleware configuration for Express applications. Triggers on "create helmet config", "generate helmet configuration", "express security headers", "helmet setup".

Maintain and improve code quality using PHPInsights without decreasing quality thresholds. Use when PHPInsights fails, cyclomatic complexity is too high, code quality drops, or when refactoring for better maintainability. Always maintains 93% complexity for src/ and 95% for tests/, plus 100% quality/architecture/style scores.

Enforce strict TDD workflow for all development tasks. Use when implementing new features, fixing bugs, or refactoring code. Ensures comprehensive test coverage (unit, integration, e2e) before writing implementation code. Activates automatically for all coding tasks unless explicitly authorized to skip testing.

Automated QA testing for Radulator's 18 medical calculators across radiology, hepatology/liver, and urology specialties. Tests accuracy, collects browser diagnostics, generates Playwright tests, and manages three-branch Git workflow (dev1→test1→main). Use when testing Radulator calculators, reviewing PRs with qa label, verifying medical formulas, generating test reports, or creating comprehensive test suites.

Implement authentication with ArcGIS using OAuth 2.0, API keys, and identity management. Use for accessing secured services, portal items, and user-specific content.

Phase 2 of disciplined development. Creates implementation plans based onapproved research. Specifies file changes, function signatures, test strategy,and step sequence. Requires human approval before implementation.

Analyzes algorithmic trading backtest results from Jupyter notebooks and generates summary reports. Use when the user wants to analyze or summarize backtest notebooks.

Clean up test sessions - kill browsers, stop dev servers, free ports, and optionally remove test data. Use this BEFORE starting new tests or AFTER completing tests.

SQL Server administration and maintenance. Use for database backups, security, user management, maintenance tasks, monitoring, and troubleshooting.

Testing guidelines for Bun/TypeScript projects using bun:test framework. Use when writing tests, creating test files, debugging test failures, setting up mocks, or reviewing test code. Triggers on *.test.ts files, test-related questions, mocking patterns, and coverage discussions.

Create Claude Code subagents from natural language requirements. Use when users want to create specialized AI subagents for Claude Code without manually writing the configuration. Handles agent creation for testing, code review, debugging, documentation, refactoring, and custom workflows. Generates .claude/agents/*.md files with appropriate YAML frontmatter and system prompts.

Creates and optimizes MSW (Mock Service Worker) handlers for Playwright E2E tests, implementing handler caching, fixture management, and AI Gateway mocking patterns. Use when mock setup is slow or test data needs centralization.

Configuring Claude Code settings.json & Security. Set up permissions (allow/deny), permission modes, environment variables, tool restrictions. Use when securing Claude Code, restricting tool access, or optimizing session settings.

Systematic debugging framework ensuring root cause investigation before fixes. Includes four-phase debugging process, backward call stack tracing, multi-layer validation, and verification protocols. Use when encountering bugs, test failures, unexpected behavior, performance issues, or before claiming work complete. Prevents random fixes, masks over symptoms, and false completion claims.

Enforces visibility pattern for testability by detecting private methods that prevent unit testing (causes 20-40% coverage loss). References authoritative style guides rather than duplicating. Auto-refactors code to private[module] object pattern with user approval. Detects inline lambdas and suggests extraction to named functions ("laws"). Blocks during scala-ninja review (Phase 2) as peer review rejection point.

Playwright E2E testing setup and configuration. Use when setting up end-to-end tests.