Testing & Security

Use when you need to plan technical solutions that are scalable, secure, and maintainable.

Generate comprehensive API documentation for REST, GraphQL, WebSocket APIs with OpenAPI specs, endpoint descriptions, request/response examples, error codes, authentication guides, and SDKs. USE WHEN user says 'viết document API', 'tạo API docs', 'generate API documentation', 'document REST endpoints', hoặc cần tạo technical reference cho developers.

Run E2E tests for React, Vue, and Svelte frameworks. Use when testing components, verifying changes, or before committing.

Universal security checklist based on OWASP Top 10 for ANY project type or language. Use before deploying to production, handling sensitive data, or processing user input.

Use when implementing any feature or bugfix, before writing implementation code

Generates tsconfig.json for TypeScript compilation configuration. Includes path aliases (@/ for src/), Jest types, and Vite client types.

Build new data ingestion providers following the FF Analytics registry pattern. This skill should be used when adding new data sources (APIs, files, databases) to the data pipeline. Guides through creating provider packages, registry mappings, loader functions, storage integration, primary key tests, and sampling tools following established patterns.

Tests UI components with Testing Library including queries, user events, and async utilities. Use when testing React/Vue/Svelte components, writing accessible tests, or testing user interactions.

iOS Simulator automation and interaction using the AXe CLI tool. Use when working with iOS simulators for UI automation, testing, accessibility verification, or screen recording. Specific use cases include simulating touches and gestures (tap, swipe), entering text, pressing hardware buttons (home, lock, Siri), recording or streaming simulator video, extracting UI accessibility information, or automating iOS simulator interactions. Assumes axe CLI is already installed.

Run visual tests, compare golden files, and report bugs for Stapledons Voyage. Use when user asks to run tests, check golden files, or report visual regressions.

Use when OAuth tokens expire frequently, need automatic token refresh, YouTube/Google API integration, or when workflows fail due to expired credentials

Generates comprehensive BDD/Gherkin tests for features. Triggers when user needs to write tests, create test scenarios, add test coverage, or verify feature completeness.

Orchestrate complete or partial feature implementation workflow with configurable phases. This skill should be used to run the full workflow (specification → research → plan → implement → test → fix) or specific phases, coordinating between all feature-implementation skills automatically.

Implements authentication and authorization for Rust backend services using JWT, password hashing, sessions, and middleware patterns. Use when building auth systems, implementing login/logout, protecting routes, hashing passwords, or working with JWT tokens in Axum/Tower applications.

Authorization patterns including RBAC and ABAC. Use when implementing access control.

Эксперт A/B тестирования. Используй для статистических тестов, экспериментов и ML-оптимизации.

Iterative UI testing using Playwright MCP server for automated browser interaction and visual verification

Expert in Chrome browser automation, debugging, and performance analysis using Chrome DevTools MCP. Use when browser automation, performance testing, web scraping, debugging, or browser interaction is needed. **CRITICAL:** Always uses persistent data-dir at ~/.claude/credentials/chrome for session management. (project, gitignored)

Meta-skill for selecting correct WorldCrafter skill. Use when unclear which skill to use, request maps to multiple skills, need to orchestrate skills, user asks for guidance, or ambiguous requests need clarification. Provides decision trees and trigger matching for feature-builder (complete features with forms), database-setup (tables/migrations/RLS), test-generator (add tests), route-creator (simple pages/APIs), auth-guard (authentication/authorization), ai-assistant (AI generation/suggestions/consistency), visualization (maps/timelines/graphs), and chatgpt-setup (MCP integration). Do NOT use when request clearly maps to one skill or trigger phrases clearly indicate specific skill.

레포지토리 보안 감사 스킬. 현재 코드와 commit history를 분석하여 민감 정보 유출을 점검합니다. '보안 점검', '보안 감사', 'security audit', '민감 정보 검사' 요청 시 활성화됩니다.