Testing & Security

Writing high-quality unit tests for JavaScript and TypeScript using Jest. Covers test structure (AAA pattern, USE naming), breaking dependencies (stubs, mocks, dependency injection), testing async code (promises, callbacks, timers), avoiding flaky tests, and test-driven development. Use when writing tests, debugging test failures, refactoring tests for maintainability, or questions about Jest, TDD, mocks, stubs, or test best practices.

Security auditing for Rust/WebAssembly applications. Identifies vulnerabilities,reviews unsafe code, validates input handling, and ensures secure defaults.Follows OWASP guidelines and Rust security best practices.

Comprehensive FastAPI development skill covering REST API creation, routing, request/response handling, validation, authentication, database integration, middleware, and deployment. Use when working with FastAPI projects, building APIs, implementing CRUD operations, setting up authentication/authorization, integrating databases (SQL/NoSQL), adding middleware, handling WebSockets, or deploying FastAPI applications. Triggered by requests involving .py files with FastAPI code, API endpoint creation, Pydantic models, or FastAPI-specific features.

Python project scaffolding and development with modern tooling. Use when creating new Python projects, setting up virtual environments, configuring dependencies, or working with Flask web applications. Triggers on mentions of Python setup, uv, Flask, pytest, or project initialization.

Create and maintain Roslyn source generators for compile-time code generation. Use when building incremental generators, designing pipelines with ForAttributeWithMetadataName, creating marker attributes, implementing equatable models, testing generators, or debugging generator performance issues.

Manage Jira tickets from the command line using jira-cli. Contains essential setup instructions, non-interactive command patterns with required flags (--plain, --raw, etc.), authentication troubleshooting, and comprehensive command reference. This skill is triggered when the user says things like "create a Jira ticket", "list my Jira issues", "update Jira issue", "move Jira ticket to done", "log time in Jira", "add comment to Jira", or "search Jira issues". IMPORTANT - Read this skill before running any jira-cli commands to avoid blocking in interactive mode.

Systematic methodology for debugging bugs, test failures, and unexpected behavior.Use when encountering any technical issue before proposing fixes. Covers root causeinvestigation, pattern analysis, hypothesis testing, and fix implementation.Use ESPECIALLY when under time pressure, "just one quick fix" seems obvious, oryou've already tried multiple fixes. NOT for exploratory code reading.

Comprehensive pre-production repository audit for preparing repos for public release. Use when the user wants to perform a "final sweep", "production check", "pre-release audit", or prepare a repository to be made public. Audits metadata files across all project types (Fabric mods, Node/npm, Go, Python, etc.) for correct username/organization, checks README links, and identifies leftover development artifacts like planning docs, test scripts, and temporary files. Interactive cleanup with user confirmation.

Use when writing or changing tests, adding mocks, or tempted to add test-only methods to production code - prevents testing mock behavior, production pollution with test-only methods, and mocking without understanding dependencies

A comprehensive skill for integrating the `better-auth` authentication framework into modern web applications. Use this skill for tasks involving user authentication, including setup, configuration, database integration, and implementing various auth methods like email/password, social logins, magic links, and passkeys, especially within a Next.js environment.

Validate SOPS encryption on secret files before committing. Use when staging secrets, committing encrypted files, or checking if secrets are properly encrypted. Prevents committing unencrypted secrets.

Add and configure domains in Plesk Panel via API. Use when setting up new domains on Plesk servers remotely including hosting setup, PHP configuration, and Let's Encrypt SSL certificates. Works from any machine with network access to Plesk.

OPA pod security policies preventing privileged containers, restricting Linux capabilities, and enforcing security contexts in Kubernetes.

Debug Django Channels WebSocket issues including connection failures, authentication, message handling, Redis pub/sub, and real-time streaming. Use when troubleshooting WebSocket not connecting, messages not received, connection dropped, or streaming not working.

Maintains SnowTower project documentation, README, and Claude configuration. Use when updating documentation, auditing .claude folder contents, syncing README with actual project state, or reviewing agent/pattern definitions. Triggers on mentions of documentation, README, maintenance, or .claude folder updates.

Reviews Kubernetes manifests for best practices, security, and homelab standards compliance. Use when reviewing YAML files, K8s manifests, Helm values, or ArgoCD applications.

Use this agent when you need to design, implement, or optimize FastAPI backend applications. This includes API endpoint creation, database integration, authentication/authorization implementation, cloud deployment strategies, business logic architecture, performance optimization, and following FastAPI best practices.

Write secure, performant database queries using parameterization, proper indexing, and optimization techniques. When creating or modifying database query logic, data access layers, or repository files. When working on files that interact with databases using SQL, ORMs, or query builders. When implementing SELECT queries, joins, transactions, or data fetching logic. When optimizing queries to prevent N+1 problems, using eager loading, or implementing query caching. When writing parameterized queries to prevent SQL injection vulnerabilities.

Ensures comprehensive test coverage following Rails testing best practices

Work on Rust crates in packages/rust_viterbo. Use for crate layout, commands (fmt/clippy/test/bench), and coding conventions.