Testing & Security

Enterprise Mermaid diagramming skill for Claude Code using MCP Playwright. Use when creating architecture diagrams, flowcharts, sequence diagrams, or visual documentation.

Conduct structured implementation postmortems to gather feedback on architecture conformance, library friction, and tooling effectiveness. Use when reviewing completed implementations, PRs, or development phases to surface design gaps, boundary violations, and improvement opportunities. Triggers on requests for code review feedback, implementation retrospectives, architecture audits, or library/tooling evaluations.

Evaluation and reporting for code quality, performance, security, architecture, team processes, AI/LLM outputs, A/B tests, ROI analysis, and compliance. Scoring systems, benchmarking, dashboard creation, and multi-format report generation (PDF, HTML, Markdown, JSON).

Four-phase debugging: root cause → patterns → hypothesis → implement. For complex bugs, test failures, multi-component issues. NOT for obvious syntax errors.

Apply private modules with public re-exports pattern for clean API design. Includes conditional visibility for docs and tests. Use when creating modules, organizing mod.rs files, or before creating commits.

Use when creating PRs to enforce code quality standards. Automated detection of anti-patterns, security issues, and code smells. Python 3.8+

Security vulnerability scanning, secret detection, dependency auditing, and OWASP best practices. Use when performing security audits, scanning for vulnerabilities, detecting exposed secrets, checking dependencies, validating security headers, implementing OWASP patterns, or when user mentions security, vulnerabilities, secrets, CVE, OWASP, npm audit, security headers, or penetration testing.

Run Lighthouse audit and verify Core Web Vitals. Use at project end before release. Triggers on "performance", "Lighthouse", "Core Web Vitals", "speed test", "page speed".

Validates complete requirements traceability across EARS requirements → design → tasks → code → tests.Trigger terms: traceability, requirements coverage, coverage matrix, traceability matrix,requirement mapping, test coverage, EARS coverage, requirements tracking, traceability audit,gap detection, orphaned requirements, untested code, coverage validation, traceability analysis.Enforces Constitutional Article V (Traceability Mandate) with comprehensive validation:- Requirement → Design mapping (100% coverage)- Design → Task mapping- Task → Code implementation mapping- Code → Test mapping (100% coverage)- Gap detection (orphaned requirements, untested code)- Coverage percentage reporting- Traceability matrix generationUse when: user needs traceability validation, coverage analysis, gap detection,or requirements tracking across the full development lifecycle.

Enterprise-ready web development for Next.js 16, React, and TypeScript incorporating Kaizen (continuous improvement) and Monozukuri (meticulous craftsmanship) principles. Use this skill when building web applications, APIs, React components, Next.js projects, or when the user requests clean, efficient, fast, simple, elegant, enterprise-grade, bulletproof, or production-ready web code. This skill enforces modern web best practices, TypeScript patterns, React optimization, security, and performance.

Use when writing HubSpot integration code in Nango - HubSpot-specific guidance on Search API for incremental syncs, property name variations, rate limits, and OAuth introspection

Use when tests have race conditions, timing dependencies, or inconsistent pass/fail behavior - replaces arbitrary timeouts with condition polling to wait for actual state changes, eliminating flaky tests from timing guesses

Evaluates whether a programming language dependency should be used by analyzing maintenance activity, security posture, community health, documentation quality, dependency footprint, production adoption, license compatibility, API stability, and funding sustainability. Use when users ask "should I use X or Y?", "are there better options for [feature]?", "what's a good library for [task]?", "how do we feel about [dependency]?", or when considering adding a new dependency, evaluating an existing dependency, or comparing/evaluating package alternatives.

A skill for managing database migrations with Alembic. Use this for tasks involving Alembic initialization, configuration, creating new migration scripts (both autogenerated and manual), defining upgrade and downgrade logic, handling data migrations, testing migrations, performing rollbacks, and following production deployment best practices for database changes.

Workflow for private repos + Colab training. Trigger when: (1) training on Colab with private repo, (2) separating dev from production, (3) avoiding untested code in production.

Python 3.11+ development with type hints, async patterns, FastAPI, and pytest. Use for backend services, CLI tools, data processing, and API development.

Your approach to handling testing testing. Use this skill when working on files where testing testing comes into play.

Expert system for investigating CockroachDB test failures, especially KV failures.

OPA image security policies for container registry allowlisting, digest enforcement, and signature verification in Kubernetes.

Proactively suggests tests when code changes are detected. Activates when functions are created, logic is modified, security-sensitive code is added, or bug fixes are implemented. Provides non-intrusive test recommendations to help vibe coders ship with confidence.