Testing & Security

Level 2 patterns - vulns, lic, sbom, doctor (security, compliance, environment health)

Use when working on the Miden compiler (`midenc` / `cargo miden`), debugging failing tests or implementing compiler changes, and you need a Miden VM MASM execution trace to understand the stack state after each instruction. Covers `MIDENC_TRACE=executor=trace` (typically with `cargo make test -- --no-capture ...`).

Automatically wraps verbose commands (pytest, ruff, builds) with silent execution for context-efficient output. Use this proactively when running tests, linters, formatters, or build commands to minimize context usage while preserving error information.

Sensitive data patterns for security testing: API keys, credit cards, emails, SSNs, phone numbers, IPs, and more. Use for data discovery and validation.

Activates when reviewing code to identify quality issues, security vulnerabilities, and suggest improvements

Execute tests from persistent test cases. Reads ./tests/ directory, runs cleanup, wallet setup (if Web3), executes tests, and generates report.

Network security, cryptography, vulnerability assessment, and ethical hacking.

Execute shell commands in persistent, stateful VT100 terminal sessions. WHEN: User needs to "run a command", "execute shell", "build project", "run tests", "deploy", system administration. WHEN NOT: Simple file operations (use fs_* tools), reading known files (use fs_read_file).

Comprehensive guidance for writing high-quality unit tests in Java projects using JUnit 5 and AssertJ. Use when writing unit tests, creating test classes, or need guidance on mocking strategies, assertions, test builders, or JUnit 5 best practices. Requires JUnit 5, AssertJ, and Mockito dependencies.

Yeni özellikler geliştirirken mimari uyum, performans etkileri ve best practices önerileri sunar. İstekte bulunduğunuzda özellikleri implement eder ve testlerini yazar.

Master end-to-end testing with Playwright and Cypress to build reliable test suites that catch bugs, improve confidence, and enable fast deployment. Use when implementing E2E tests, debugging flaky tests, or establishing testing standards.

Эксперт по container registry. Используй для настройки ECR, Harbor, Docker Hub, image security и CI/CD интеграции.

Test at extremes (1000x bigger/smaller, instant/year-long) to expose fundamental truths hidden at normal scales

Master ABP Framework patterns including repository pattern, unit of work, domain services, application services, authorization, multi-tenancy, background jobs, and distributed events. Use when: (1) building ABP-based applications with DDD architecture, (2) creating CRUD services with Entity, AppService, DTOs, validators, (3) handling authorization/permissions, (4) generating ABP module code.

Validate and audit CSV data for quality, consistency, and completeness. Use when you need to check CSV files for data issues, missing values, or format inconsistencies.

Generate pytest test templates for UTXOracle modules following TDD patterns. Automatically creates RED phase tests with async fixtures, coverage markers, and integration test stubs.

Write E2E tests using Playwright with Cucumber/Gherkin for this project. Use when creating tests, writing test cases, testing UI flows, API testing, or when user mentions e2e, playwright, cucumber, gherkin, bdd, test automation, or QA.

Verify tests by following recorded trajectories in tests-in-verification.json. Use this skill during the verify stage to independently confirm test results by re-executing recorded steps.

Node.js/Express/TypeScript microservices development. Layered architecture (routes → controllers → services → repositories), BaseController, error handling, Sentry monitoring, Prisma, Zod validation, dependency injection. USE WHEN creating routes, controllers, services, repositories, middleware, API endpoints, database access, error tracking.

Clean Architecture and Cosmic Python guidance for well-tested, layered Python systems. Use for designing Python projects with layered architecture (models, adapters, services, entrypoints), enforcing Clean Code and SOLID principles, testing strategies (unit tests, BDD, Gherkin), CI/CD setup (pytest, tox, importlinter), and architectural decision-making (ADRs). Applicable to systems requiring strict boundary enforcement, clean separation of concerns, and comprehensive test coverage.