Testing & Security

Proactively audits developer work to ensure completeness and production-readiness. This skill should be used when reviewing code changes, validating task completion, or verifying that work meets industry standards—catching incomplete implementations, deferred features, hardcoded values, missing tests, and shortcuts before code goes to production.

Master testing strategies (unit, integration, E2E), security best practices, OWASP Top 10, secure coding, and system monitoring. Learn to write secure code, comprehensive tests, and build resilient systems with proper incident response and compliance.

Create dbt models following FF Analytics Kimball patterns and 2×2 stat model. This skill should be used when creating staging models, core facts/dimensions, or analytical marts. Guides through model creation with proper grain, tests, External Parquet configuration, and per-model YAML documentation using dbt 1.10+ syntax.

Goバックエンドのビルド・テスト・Lintワークフロー。「Goビルド」「バックエンドテスト」「golangci-lint」「go mod」「go test」「swagger」などのキーワードで自動適用。

Look up HVAC equipment specifications (capacity, efficiency, dimensions, electrical requirements) by brand and model number. Use when the user mentions equipment specs, model numbers, AHU, VAV, chiller, boiler, pump, fan specifications, or needs to find manufacturer data sheets. Searches manufacturer websites and processes PDF spec sheets with security safeguards.

Use this skill to determine the correct data-testid selector for Playwright or end-to-end tests.

Complete knowledge domain for Cloudflare Hyperdrive - connecting Cloudflare Workers to existing PostgreSQL and MySQL databases with global connection pooling, query caching, and reduced latency.Use when: connecting Workers to existing databases, migrating PostgreSQL/MySQL to Cloudflare, setting up connection pooling, configuring Hyperdrive bindings, using node-postgres/postgres.js/mysql2 drivers, integrating Drizzle ORM or Prisma ORM, or encountering "Failed to acquire a connection from the pool", "TLS not supported by the database", "connection refused", "nodejs_compat missing", "Code generation from strings disallowed", or Hyperdrive configuration errors.Keywords: hyperdrive, cloudflare hyperdrive, workers hyperdrive, postgres workers, mysql workers, connection pooling, query caching, node-postgres, pg, postgres.js, mysql2, drizzle hyperdrive, prisma hyperdrive, workers rds, workers aurora, workers neon, workers supabase, database acceleration, hybrid architecture, cloudflare tunnel database, wrangler h

Generate an end-to-end test for a given feature or user story. Use when the user asks to create E2E tests, automate workflows, test user flows, or convert manual workflows into Playwright tests. Leverages Playwright MCP to perform the workflow interactively before generating test code.

TypeScript monorepo patterns including contract-port architecture, dependency injection, hermetic primitive ports, and composition root. Use when creating packages, designing contracts/interfaces, implementing ports, wrapping platform primitives (Date, console, process), or testing with inline mocks.

Run Java/Spring Boot tests and debug failures. Use when fixing backend tests, implementing new features with tests, or debugging test failures.

Automate Ideal Direct finance and supply chain SOPs with browser-based workflow guidance. Handles payroll, working hours, purchase orders, and audits using Playwright MCP.

Builds APIs with Express including routing, middleware, error handling, and security. Use when creating Node.js APIs, building REST services, or adding middleware-based server functionality.

This skill should be used when the user asks to "create terraform configuration", "deploy static site", "set up cloudfront", "configure route53", "create lambda function", "ssl certificate", or mentions S3 website hosting, CDN, serverless, JAMstack, or static site infrastructure.

Validates code quality before commits in the MigraineTracker React Native project. Use this skill when preparing to commit code, before pushing changes, or when the user asks to run pre-commit checks. Ensures TypeScript type safety, test coverage (80%+), passing tests, and proper branch strategy compliance.

Write tests following 3-layer pyramid (unit 95%, integration 85%, E2E critical paths) with 1:1 file mapping for unit tests. Covers test organization, coverage requirements, fixtures, and best practices. Use when writing tests, checking coverage, or validating test structure.

Testing StickerNest widgets and components. Use when the user asks to test widgets, write tests, add tests, create test cases, run tests, debug tests, or verify widget functionality. Covers Playwright E2E tests, Vitest unit tests, widget integration testing, and pipeline testing.

Comprehensive testing workflow combining TDD, real implementations (no mocking), and E2E testing. Use when implementing features, writing tests, or setting up test infrastructure.

Build responsive layouts that adapt seamlessly across devices using mobile-first design, fluid layouts, and standard breakpoints. Use this skill when implementing responsive designs, creating mobile-first layouts, defining breakpoint styles, working with responsive components and pages, using relative units (rem, em) instead of fixed pixels, implementing media queries, ensuring touch-friendly tap targets, optimizing images and assets for different screen sizes, maintaining readable typography across breakpoints, prioritizing content for smaller screens, testing UI across mobile, tablet, and desktop devices, or building fluid container layouts. Apply this skill when building responsive UI components, optimizing layouts for different screen sizes, or reviewing mobile and tablet user experiences.

Copies an existing landing page (from URL or image) into a specified page in the codebase using Playwright MCP. Iteratively refines the implementation until it matches the reference design and interactions as closely as possible. Use when the user wants to copy/reference/steal an existing landing page/url to replicate in their app

Enterprise systematic code review orchestrator with TRUST 5 principles, multi-language support, Context7 integration, AI-powered quality checks, SOLID principle validation, security vulnerability detection, and maintainability analysis across 25+ programming languages; activates for code reviews, quality standard validation, TRUST 5 enforcement, architectural audits, and automated review automation