Testing & Security

PR 作成後に .github/workflows/ci.yml が失敗したときの対応手順。ローカルで pytest 全ケースを実行し、エラー有無で分岐。エラーがあれば修正して commit-push スキルでコミット・プッシュ、無ければ GitHub Actions のログを確認して原因を特定する。

Comprehensive Supabase integration covering authentication, database operations, realtime subscriptions, storage, and MCP server patterns for building production-ready backends with PostgreSQL, Auth, and real-time capabilities

Senior ISMS Audit Expert for internal and external information security management system auditing. Provides ISO 27001 audit expertise, security audit program management, security control assessment, and compliance verification. Use for ISMS internal auditing, external audit preparation, security control testing, and ISO 27001 certification support.

Documentation organization, maintenance, and cleanup.USE WHEN: organizing docs, cleaning project root, updating documentation,checking for redundancy, maintaining docs structure.NOT FOR: technical implementation (use relevant technical skill).Examples:<example>Context: User added documentation to wrong location.user: "I added a new API doc file to the root directory"assistant: "I'll use docs-keeper to organize it in the proper docs/ location."<commentary>File organization is docs-keeper responsibility.</commentary></example><example>Context: User needs to update docs after code changes.user: "I modified the auth system and need to update the docs"assistant: "I'll use docs-keeper to update the authentication documentation."<commentary>Documentation updates are docs-keeper responsibility.</commentary></example>

How to run tests in this project. Load when implementing or verifying code.

Author or update Locque .lq code and tests with the canonical M-expr syntax, CBPV rules, data/match forms, modules/imports/opens, and project conventions.

Generate comprehensive tests for architectural layers with coverage-first analysis.Use when testing specific layers (core, domain, application, infrastructure, boundary).Reads testing strategy from playbook or uses interactive template selection.

Advanced FastAPI patterns including hierarchical dependency injection, background task management, and type-safe dependency annotation. Triggers: fastapi, dependency-injection, background-tasks, annotated-dependency, permission-chain.

Trusted domains, security assessment patterns, and domain research standards for WebFetch permissions

Implement testing patterns for PhotoVault using Playwright and Vitest. Use when writing E2E tests, unit tests, API route tests, or debugging flaky tests. Includes PhotoVault test fixtures, page objects, and Stripe webhook testing patterns.

Systematically analyzes and fixes GitHub CodeQL security alerts with proper documentation and testing

Master when to fail fast vs degrade gracefully. Production-tested error handling strategies for GitHub Actions, CI/CD pipelines, and platform automation.

Audit notes for quality issues. Use when asked to "review notes", "check content quality", "audit my knowledge base", or "find broken links".

Executa testes end-to-end em aplicacoes React locais (Vite) usando Playwright. Permite validar formularios, capturar logs e inspecionar UI.

Validate production builds, check bundle sizes, verify deployment readiness. Use when building for production, validating build output, checking bundle optimization, testing production server, or preparing for deployment.

Comprehensive n8n workflow engineering support for creating production-ready workflows. Use when users need to generate n8n workflows, debug loop execution issues, implement nested operations, design data table architectures, fix anti-patterns, create parallel processing patterns, handle webhook callbacks, or build complex multi-tier workflows. Provides battle-tested patterns that work around known n8n bugs and limitations.

Expert guidance for designing, integrating, and maintaining third-party APIs with best practices for authentication, error handling, rate limiting, security, and data transformation. Use when integrating external APIs, troubleshooting API issues, implementing OAuth flows, handling webhooks, or building API wrappers and clients.

Comprehensive code review with security, performance, and quality analysis

Create, configure, and manage Claude Code hooks for workflow automation, validation, and security. Guides hook implementation, configuration patterns, and best practices.

Automatically applies when managing Python dependencies. Ensures proper use of uv/Poetry, lock files, version constraints, conflict resolution, and dependency security.