Testing & Security

Build RAG systems with Ollama local + cloud models. Latest cloud models include DeepSeek-V3.2 (GPT-5 level), Qwen3-Coder-480B (1M context), MiniMax-M2. Use for document Q&A, knowledge bases, and agentic RAG. Covers LangChain, LlamaIndex, ChromaDB, and embedding models.

Runs Google Lighthouse audits using Playwright for SEO, Performance, Accessibility, and Best Practices scoring. Supports both URLs and local HTML files. Use when user mentions "Lighthouse", "page speed", "performance audit", "Core Web Vitals", "CWV", or needs comprehensive web performance analysis.

Azure AKS Agentic CLI - AI-powered troubleshooting and insights tool for Azure Kubernetes Service. Use when diagnosing AKS cluster issues, getting cluster health insights, troubleshooting networking/storage/security problems, or analyzing cluster configuration with natural language queries.

Generate tests using AI and run test suites. Use for generating unit tests, running coverage reports, and mutation testing.

Use the project's specific technology stack including Next.js, React, TypeScript, Hono, PostgreSQL, Chakra UI, and Temporal for workflow automation. When setting up new features, choosing libraries, or making architectural decisions. When working on frontend code using React and Next.js. When implementing backend APIs with Hono. When working with PostgreSQL databases via Drizzle or Prisma. When styling with Chakra UI components. When implementing authentication with better-auth or workflows with Temporal. When adding dependencies or configuring build tools. This skill ensures technology choices align with the project's established stack.

Security tool command reference

Optional - Add comprehensive tests beyond the basic smoke test

Handle unexpected test behaviors and recover from TDD issues

This skill guides working with Neovim configuration including testing changes headlessly, managing plugins with lazy.nvim, configuring LSP servers, and troubleshooting startup errors. Use this when modifying nvim config files or debugging nvim issues.

Testing best practices for modern Python development. Activated when working with tests, pytest, Hypothesis property-based testing, Atheris fuzz testing, test coverage, test organization, or mutation testing.

Automatically generate test scaffolding when user writes new code without tests or mentions needing tests. Supports unit, integration, e2e, and data tests for PHP and JavaScript. Invoke when user mentions "tests", "testing", "coverage", "write tests", or shows new untested code.

Row Level Security policy templates for Supabase - multi-tenant patterns, user isolation, role-based access, and secure-by-default configurations. Use when securing Supabase tables, implementing RLS policies, building multi-tenant AI apps, protecting user data, creating chat/RAG systems, or when user mentions row level security, RLS, Supabase security, tenant isolation, or data access policies.

Implement comprehensive input validation on both client and server sides, using allowlists over blocklists, sanitizing user input, and providing specific error messages to prevent security vulnerabilities. Use this skill when writing validation logic for forms, API endpoints, function parameters, or any user input. Use this skill when implementing server-side validation to ensure data integrity and security, adding client-side validation for immediate user feedback, or sanitizing input to prevent injection attacks. Use this skill when working with form components, API route handlers, data processing functions, or validation schemas. Use this skill when defining validation rules for data types, formats, ranges, required fields, or business logic constraints across all application entry points.

质量门禁/发布前检查流程生成器。统一输出可复用的质量门禁清单与命令集：跑测试、覆盖率阈值、格式化、lint、依赖漏洞扫描、构建产物检查、变更摘要。用于让 git-manager/test-builder/debug-helper 形成稳定闭环。

Test game mechanics via SQL. Use game_* tools for gameplay flow.

Automatically applies when creating FastAPI endpoints, routers, and API structures. Enforces best practices for endpoint definitions, dependency injection, error handling, and documentation.

Apply pytest best practices and project testing conventions. Use when writing or modifying tests.

Comprehensive Tourplan HostConnect API integration for African safari booking engine. Use this skill for (1) Creating travel bookings, quotes, and itineraries, (2) Building chatbots for travel inquiries, (3) Managing Tourplan API requests for tours, accommodation, cruises, rail, and packages, (4) Generating tailor-made safari itineraries, (5) Processing XML-based API interactions with authentication and error handling. This skill includes complete API workflows, XML templates, booking lifecycle management, and specialized support for This Is Africa's booking system requirements.

Automate container image updates for Kubernetes workloads managed by Argo CD. USE WHEN configuring ArgoCD Image Updater, setting up automatic image updates, configuring update strategies (semver, digest, newest-build, alphabetical), implementing git write-back, troubleshooting image update issues, or working with ImageUpdater CRDs. Covers installation, configuration, authentication, and best practices.

Use for bugs/test failures. Reproduce, isolate root cause, fix, and validate with evidence.