Testing & Security

Update CLAUDE.md with minimal, concise, targeted edits. Avoid bloat.TRIGGERS - Use this skill when user says:- "update claude.md", "update the claude md"- "sync claude.md", "refresh claude.md"- "edit claude.md", "modify claude.md"- "add to claude.md", "change claude.md"- "update claude.md with X" (explicit content)- Any request to make changes to CLAUDE.md contentTWO MODES:(1) DEFAULT MODE - "update claude.md" → Analyze git changes since last timestamp(2) EXPLICIT MODE - "update claude.md with X" → Add the specific content XCORE PRINCIPLE: Every update must be minimal and concise. Question every line added.Also use when:- User asks to sync CLAUDE.md with recent code changes (default mode)- Adding major dependencies, architecture patterns, or directory changes- Claude repeatedly makes mistakes that a targeted rule could prevent- Post-milestone updates (new APIs, testing patterns, security fixes)- Project standards, workflows, or conventions change

Generate optimized, production-ready Dockerfiles with multi-stage builds, security best practices, and proper layer caching for various application types. Triggers on "create Dockerfile", "generate Dockerfile for", "docker image for", "containerize my app".

Analyze ANY web project - detect if Web3 DApp, research dependencies via WebSearch, understand business functions from code AND UI screenshots, generate test requirements.

Advanced Python testing strategies with Pytest, covering fixtures, matrix testing with parametrization, and async test architecture. Triggers: pytest, fixtures, parametrize, pytest-asyncio, matrix-testing, yield-fixture.

Build accessible user interfaces following WCAG 2.2 standards with proper semantic HTML, ARIA attributes, keyboard navigation, and screen reader support. Use this skill when creating or modifying UI components, forms, interactive elements, navigation menus, modals, or any frontend code that users interact with. Apply this skill when implementing keyboard navigation, focus management, color contrast requirements, alternative text for images, form labels, ARIA roles and landmarks, or when ensuring components work with assistive technologies like screen readers. This skill is essential when working with React, Vue, or other framework components, HTML templates, JSX files, or any UI implementation to ensure inclusive design that serves users with visual, auditory, motor, or cognitive disabilities and meets legal compliance standards (ADA, WCAG 2.2 Level AA).

Generates comprehensive role-based permission matrices in markdown or SQL format for pages, components, and data access patterns. This skill should be used when designing authorization systems, documenting permissions, creating RBAC tables, or planning access control. Use for RBAC, role permissions, access control, authorization matrix, permission mapping, or security policies.

Execute refactoring safely with test-first verification following best practices. Takes refactoring discovery reports as input and performs incremental refactoring with continuous validation. Ensures tests stay green, captures metrics, and generates execution logs. Use after refactoring-discovery analysis to implement recommended improvements. (project, gitignored)

Use when creating reusable composables, managing reactive state, or implementing the Composition API. Load for useX patterns, Pinia store patterns, withLoadingState helper, lifecycle management, and type-safe state patterns. Covers composable structure, error handling, and testing composables.

Playwright E2E testing patterns for TaxHelper. Use for auth redirects, insights drill-down, mobile viewport checks, and PWA verification.

Analyze feature documentation (PDF, markdown, or requirements) and create comprehensive implementation plans for DevPortfolio Portfolio app features. Use when asked to create implementation plans, analyze feature requirements, plan new sections, or design features for apps/portfolio/. Generates detailed phase-by-phase plans with entity design, core layer, components, hooks, styling, i18n, and testing checklists.

Production-tested patterns for fault-tolerant browser audio with zero-lag rapid-fire support. Use when implementing sound effects, background music, voice feedback, or any audio playback in web applications. Covers AudioContext singleton, preloading, cloneNode for rapid-fire, autoplay handling, and Web Audio API effects.

Modern authentication and security patterns for web applications. Expert in JWT tokens, OAuth2 flows, session management, RBAC, MFA, API security, and zero-trust architectures. Framework-agnostic patterns that work with any tech stack.

Use Playwright MCP to check UI styles and usability. Automatically used for requests like "check UI", "verify appearance", "take screenshot".

Comprehensive change tracking and audit logging system that monitors file modifications, code changes, and project evolution. Use when tracking project history, maintaining audit trails, analyzing development patterns, or when detailed change documentation is required for compliance and team collaboration.

Use this skill immediately when the user mentions merge conflicts that need to be resolved. Do not attempt to resolve conflicts directly - invoke this skill first. This skill specializes in providing a structured framework for merging imports, tests, lock files (regeneration), configuration files, and handling deleted-but-modified files with backup and analysis.

Interact with and test local web apps using Playwright.

Automatically applies when reviewing code. Ensures structured review checklist covering correctness, security, performance, maintainability, testing, and documentation.

Test Midnight smart contracts using simulators and unit tests. Use when setting up test environments, writing contract tests, or debugging circuit behavior. Triggers on testing, simulator, unit test, or test framework questions.

OWASP Top 10, authentication, and secure coding practices

Soracom testing standards (unit/contract/E2E, Root vs SAM users, 80% coverage). Use when writing tests or creating test plans.