Testing & Security

Generate production-ready Saloon-based API integrations for Laravel projects including connector classes, request classes, readonly DTOs, service layer methods with comprehensive error handling, and complete Pest test suites. Use this skill when integrating external APIs using Saloon, creating API request/response handlers, adding new API endpoints to existing services, building API client wrappers for third-party services, or setting up API communication with proper error handling and testing. This skill applies when working on files in app/Services/Api/, app/DataTransferObjects/Api/, creating Saloon connectors and requests, implementing API service methods, or writing API integration tests.

Professional security report generation, executive summaries, finding documentation, and remediation tracking

This skill should be used when the user asks to "generate Rails code", "create a model", "create a controller", "add a migration", "write Rails tests", "set up background jobs", "configure Rails app", or discusses Rails conventions, best practices, ActiveRecord patterns, Hotwire/Stimulus, ViewComponent, RSpec testing, or Ruby on Rails development. Based on Evil Martians' AGENTS.md.

This skill should be used when the user asks about "Rails testing", "RSpec", "Minitest", "request specs", "system specs", "FactoryBot", "fixtures", "test coverage", "testing controllers", "testing models", "integration tests", or needs guidance on writing effective tests for Rails 7+ applications.

MUST invoke when encountering errors, bugs, test failures, or unexpected behavior - before any debugging action.

Write automated tests following a pragmatic, integration-focused philosophy. Use when writing tests for new features, writing tests for bug fixes, adding test coverage, or deciding what/how to test. Emphasizes confidence over coverage, real objects over mocks, integration over isolation, and simplicity over dogma.

Generate behavioral unit tests from functional specifications using PreDB/PostDB pattern. Use when user provides specs with PreDB/Workflow/PostDB structure or asks to write tests for a specification before implementation (TDD approach).

Python testing framework for writing simple, scalable, and powerful tests

Comprehensive security scanning examples with SAST (CodeQL), dependency scanning, container vulnerability detection (Trivy), and SARIF upload to GitHub Security tab.

Guide for implementing MongoDB - a document database platform with CRUD operations, aggregation pipelines, indexing, replication, sharding, search capabilities, and comprehensive security. Use when working with MongoDB databases, designing schemas, writing queries, optimizing performance, configuring deployments (Atlas/self-managed/Kubernetes), implementing security, or integrating with applications through 15+ official drivers. (project)

Detects session management vulnerabilities including session fixation, session hijacking, and insecure cookie handling. Use when analyzing authentication sessions, cookie security, or investigating session-related vulnerabilities.

This skill should be used when working with SLICOT (Subroutine Library In Control Theory) routines, translating Fortran 77 to C, parsing SLICOT HTML documentation, creating test cases from SLICOT examples, understanding SLICOT data formats, or planning translation priorities using dependency analysis tools.

Production-ready authentication system for Next.js 15 + Supabase. Use when setting up auth, login, signup, OAuth, Google login, password reset, or user authentication.

Tailwind CSS configuration template and validation logic for tailwind.config.js with src/index.css directives. Includes 5 required standards (required content paths for scanning, must extend default theme not replace, required plugins array, must be named tailwind.config.js, required dependencies). Ensures proper PostCSS integration and Tailwind directive setup. Use when creating or auditing tailwind.config.js files for consistent Tailwind CSS setup.

Aplica padrões de excelência em testes com NestJS e Jest seguindo Clean Architecture, DDD e boas práticas de testabilidade. Use quando criar ou refatorar testes unitários, de integração ou E2E em projetos NestJS.

Vitest + Storybook testing strategy with clear role separation.Reference for implementing unit tests and UI interaction tests.

CLI testing strategies and patterns for Node.js (Jest) and Python (pytest, Click.testing.CliRunner). Use when writing tests for CLI tools, testing command execution, validating exit codes, testing output, implementing CLI test suites, or when user mentions CLI testing, Jest CLI tests, pytest CLI, Click.testing.CliRunner, command testing, or exit code validation.

Build programmatic SEO pages with server-side meta tags and structured data. Use this skill to implement database schemas, dynamic routes, SEO injection, sitemaps, and JSON-LD structured data.

Add a new Docker Compose service with automatic DNS configuration (OVH) and SSL certificates. Use when adding new web services to the homelab infrastructure.

Testing patterns for litefs-py and litefs-django. Use when writing tests, setting up fixtures, understanding test organization, or configuring pytest marks. Triggers: test, pytest, unit test, integration test, property-based testing, hypothesis, fixtures, in-memory adapters.