Testing & Security

Backup database before tests, migrations, or other database operations

테스트 데이터 검증 및 자동 수정. validate-test-data.mjs 실행, 빌드 확인, 에러 자동 수정. 테스트 생성/수정 후 필수 사용.

Run and interpret visual QA pipeline for EPUB XHTML files. Use when user asks about layout, screenshots, visual issues, or rendering problems in REBRANDED_OUTPUT.

Zoho Books and Zoho Inventory API integration for TSH Clients Console. Use when:(1) Creating new API routes that call Zoho endpoints(2) Debugging API errors, token issues, or rate limits(3) Adding new Zoho data fetching functions(4) Understanding OAuth token caching with Upstash Redis(5) Working with products, orders, invoices, payments, or credit notes(6) Troubleshooting "Contact for price" or stock display issues

セキュリティレビュー、RLS確認、認証・認可チェック、脆弱性検出。コードレビューやセキュリティ監査時に使用。

Test design patterns, best practices, and examples for comprehensive Solidity testing. Use when writing tests for smart contracts or improving test coverage.

Expert CISO coaching and mentorship for security leaders in training. Use when the user asks for CISO coach guidance, executive communication advice, security leadership strategies, or needs help translating technical security issues for non-technical audiences. Also activates for discussions about current security events, threat landscape analysis, board-level security topics, risk communication, or security program development from a CISO perspective.

Pre-push validation checklist (cargo fmt, clippy with zero warnings, feature flag testing, test suite), CI monitoring, merge process, and release quality gates. Use when preparing to push code, validating changes before PR, running CI checks, merging PRs, or preparing releases.

Deploy defense-in-depth SDLC hardening across four phases: pre-commit hooks, CI/CD gates, runtime enforcement, and continuous audit evidence collection systems.

Modern coding patterns for clean, maintainable code - use before implementing complex logic; includes orchestration, pure functions, function decomposition, vertical slice, composition, DI, SOLID, anti-patterns; prevents code complexity bloat and testability issues

WordPress development best practices - coding standards, custom post types, security, performance, hooks/filters, and template hierarchy. Use for any WordPress theme or plugin development guidance.

FastMCP Cloud deployment validation, testing, and verification patterns. Use when deploying MCP servers, validating deployments, testing server configurations, checking environment variables, verifying deployment health, tracking deployments, or when user mentions FastMCP Cloud, deployment validation, pre-deployment checks, post-deployment verification, deployment troubleshooting, or deployment lifecycle management.

Quick database queries and notification testing for sbhq-mobile. Use when querying contests, users, notifications, or testing push notifications.

Employ the "Functional Core, Imperative Shell" pattern to isolate deterministic business logic from side-effecting code for superior testability.

Browser automation and E2E testing via local Playwright Docker container

WHEN: Code review, quality check, code smell detection, refactoring suggestionsWHAT: Complexity analysis + code smell list + severity-based issues + improvement suggestionsWHEN NOT: Next.js specific → nextjs-reviewer, Security → security-scanner, Performance → perf-analyzer

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

Use when writing or changing tests, adding mocks, or tempted to add test-only methods to production code - prevents testing mock behavior, production pollution with test-only methods, and mocking without understanding dependencies

Automated E2E test infrastructure setup with Playwright, Vitest, MSW, and GitHub Actions. Generates 80%+ coverage tests based on REDR-prototype patterns.

Generates complete, runnable RSpec tests for Rails models, services, controllers, and background jobs following project conventions. Use when new code is created without corresponding tests, when refactoring existing code, or when explicitly asked to add test coverage.