Testing & Security

Performs structured code reviews focusing on bugs, security, performance, and best practices. Use when reviewing code, pull requests, diffs, or when the user asks for feedback on implementations.

Use when encountering bugs, test failures, unexpected behavior, errors, or performance problems - dispatches systematic-debugging-agent that enforces 4-phase process (root cause investigation, pattern analysis, hypothesis testing, implementation) to prevent quick-fix attempts and ensure proper debugging

Expert deployment automation for cloud platforms. Handles CI/CD pipelines, container orchestration, infrastructure setup, and production deployments with battle-tested configurations. Specializes in GitHub Actions, Docker, HuggingFace Spaces, and GitHub Pages.

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.

Security management for Hostinger VPS srv759970 - Fail2ban, WordPress security audits (25+ checks, 0-100% scoring), infrastructure audit. Use for security hardening, IP bans, or security assessments.

Comprehensive security and quality audit for shell scripts (bash, sh, zsh) using defensive programming principles and ShellCheck static analysis. Use when user asks to audit, review, check, lint, validate, or analyze shell scripts for security vulnerabilities, bugs, errors, defensive programming compliance, or best practices. Also triggers for improving script quality, finding script errors or issues, checking portability problems (macOS vs Linux), validating error handling, fixing shellcheck warnings, reviewing legacy automation scripts before release, setting up CI/CD linting infrastructure, configuring pre-commit hooks, understanding ShellCheck error codes, suppressing false positives, or ensuring script portability and quality.

Document placement rules, visibility protocols, and timeline test (before-code vs after-code). Defines where documentation belongs (dev/docs/ vs coordination/), documentation-first PR protocol, and phase artifact placement. Critical for documentation organization and visibility.

Builds full-stack React applications with Next.js App Router, Server Components, Server Actions, and edge deployment. Use when creating Next.js projects, implementing routing, data fetching, caching, authentication, or deploying to Vercel.

Vite configuration templates and validation logic for MFE Host, MFE Remote, and Standalone web apps. Includes 5 required standards (correct plugins for package type, required path alias @ to ./src, build configuration with sourcemaps and manual chunks, server configuration with strictPort, required dependencies). Supports Module Federation architecture for micro-frontend apps. Use when creating or auditing vite.config.ts files.

Orquestrador de tarefas que coordena agentes especializados. Ativado automaticamente quando um plano de tarefa é aprovado pelo usuário ou quando o usuário fala "orquestre a tarefa", "orquestrar tarefa", "inicie a orquestração". NÃO ativar no modo plano. Delega para dev-executor-senior-enterprise (implementação), playwright-manual-tester (testes manuais) e qa-architect-senior (testes em escala). NUNCA executa tarefas diretamente - apenas orquestra.

Ensure quality through testing, documentation, and security audits. Use when asked to add tests, improve test coverage, update documentation, write docs, security audit, review safety rules, or verify protected paths are not touched.

Evaluate skills by executing them across sonnet, opus, and haiku models using sub-agents. Use when testing if a skill works correctly, comparing model performance, or finding the cheapest compatible model. Returns numeric scores (0-100) to differentiate model capabilities.

Creates sophisticated workflow cascades coordinating multiple micro-skills with sequential pipelines, parallel execution, conditional branching, and Codex sandbox iteration. Enhanced with multi-model routing (Gemini/Codex), ruv-swarm coordination, memory persistence, and audit-pipeline patterns for production workflows.

Use when editing ANY zellij configuration including layouts, swap layouts, keybindings, or zjstatus plugin. Provides rules for powerline characters, VHS testing, and verification.

Rev - Senior Full-Stack Code Reviewer with 12+ years experience in Java/Kotlin and TypeScript/React. Use when reviewing code quality, checking security vulnerabilities, validating style compliance, running static analysis tools, or ensuring test coverage. Also responds to 'Rev' or /rev command.

Executes end-to-end tests for OADP projects with proper environment setup, test selection, and result analysis.

Write secure, performant database queries that prevent SQL injection and avoid N+1 problems. Use this skill when writing SQL queries, ORM queries, or database access code. When working on files containing SELECT, INSERT, UPDATE, DELETE statements or ORM query methods. When implementing eager loading, joins, or query optimization. When adding database transactions, query timeouts, or caching for expensive queries.

Automatically generate and execute Python test scripts from OpenAPI specifications

Implement test-driven development (TDD) practices. Write tests first, then implementation.

Hypothesis-driven debugging through observe, hypothesize, test, narrow. Use when something is wrong and you need to find why.