Testing & Security

Evaluate public API surfaces against internal guidelines and external exemplars.Triggers: API review, API design, consistency audit, API documentation,versioning, surface inventory, exemplar researchUse when: reviewing API design, auditing consistency, governing documentation,researching API exemplarsDO NOT use when: architecture review - use architecture-review.DO NOT use when: implementation bugs - use bug-review.Use this skill for API surface evaluation and design review.

Python testing with pytest, fixtures, mocking, and TDD workflows.Triggers: pytest, unit tests, test fixtures, mocking, TDD, test suite, coverage,test-driven development, testing patterns, parameterized testsUse when: writing unit tests, setting up test suites, implementing TDD,configuring pytest, creating fixtures, async testingDO NOT use when: evaluating test quality - use pensive:test-review instead.DO NOT use when: infrastructure test config - use leyline:pytest-config.Consult this skill for Python testing implementation and patterns.

Record browser sessions using Playwright for web UI tutorials.Captures video of browser interactions that can be converted to GIF.Triggers: browser recording, playwright, web demo, ui recordingUse when: creating browser-based tutorials showing web UI interactions

Shared testing quality metrics and standards for cross-plugin use. Referencedby pensive:test-review and parseltongue:python-testing.Triggers: testing standards, quality metrics, coverage thresholds, test quality,anti-patterns, testing best practices, quality gatesUse when: evaluating test quality, setting coverage thresholds, identifyingtesting anti-patterns, establishing quality standardsDO NOT use when: simple scripts without quality requirements.Consult this skill when establishing testing quality standards.

Employ the Hexagonal (Ports & Adapters) pattern to decouple domain logic frominfrastructure, maximizing flexibility and testability.Triggers: hexagonal architecture, ports and adapters, infrastructure independence,dependency inversion, clean architecture, domain isolation, adapter pattern,infrastructure abstraction, database independence, framework independenceUse when: designing systems with strong business logic separation, anticipatinginfrastructure changes, needing easy mocking for tests, building portable domain codeDO NOT use when: selecting from multiple paradigms - use architecture-paradigms first.DO NOT use when: building simple CRUD apps without complex domain logic.Consult this skill when implementing hexagonal patterns or migrating to port-based design.

Functional Core, Imperative Shell: isolate deterministic logic from side effects for testability.Triggers: functional core, imperative shell, pure functions, testabilityUse when: business logic is entangled with I/O or tests are brittleDO NOT use when: simple scripting without complex logic.

detailed development workflow with modular patterns for git, code review, testing, documentation, and deployment

Create distributable Python packages with proper structure and publishing.Triggers: Python packaging, pyproject.toml, uv, pip, PyPI, distribution, CLI tools,entry points, package structure, publishingUse when: creating Python packages, configuring pyproject.toml, setting upentry points, publishing to PyPI, CI/CD for packagesDO NOT use when: testing packages - use python-testing instead.DO NOT use when: optimizing package performance - use python-performance.Consult this skill for Python package creation and distribution.

Transform project brief into detailed, testable specifications using spec-driven development methodology

Complete guide for writing Claude Code and SDK hooks with security-first design.Triggers: hook creation, hook writing, PreToolUse, PostToolUse, UserPromptSubmit,tool validation, logging hooks, context injection, workflow automationUse when: creating new hooks for tool validation, logging operations for audit,injecting context before prompts, enforcing project-specific workflows,preventing dangerous operations in productionDO NOT use when: logic belongs in core skill - use Skills instead.DO NOT use when: complex multi-step workflows needed - use Agents instead.DO NOT use when: behavior better suited for custom tool.Use this skill BEFORE writing any hook. Check even if unsure.

Guide to effective Claude Code skill authoring using TDD methodology andpersuasion principles.Triggers: skill authoring, skill writing, new skill, TDD skills, skill creation,skill best practices, skill validation, skill deployment, skill complianceUse when: creating new skills from scratch, improving existing skills withlow compliance rates, learning skill authoring best practices, validatingskill quality before deployment, understanding what makes skills effectiveDO NOT use when: evaluating existing skills - use skills-eval instead.DO NOT use when: analyzing skill architecture - use modular-skills instead.DO NOT use when: writing general documentation for humans.YOU MUST write a failing test before writing any skill. This is the Iron Law.

Systematically uncover and fix bugs using language-specific expertise andreproducible evidence.Triggers: bug hunting, defect detection, debugging, fix verification, bug fix,regression check, error investigation, defect documentationUse when: deep bug hunting needed, documenting defects, verifying fixes,systematic debugging requiredDO NOT use when: test coverage audit - use test-review instead.DO NOT use when: architecture issues - use architecture-review.Use this skill for systematic bug hunting with evidence trails.

Expert-level Rust audits covering ownership, concurrency, unsafe blocks,traits, and Cargo dependencies.Triggers: Rust review, ownership analysis, borrowing, unsafe audit, concurrency,Cargo dependencies, lifetime annotations, trait boundsUse when: reviewing Rust code, auditing unsafe blocks, analyzing ownership patterns,scanning Cargo dependencies for securityDO NOT use when: general code review without Rust - use unified-review.DO NOT use when: performance profiling - use parseltongue:python-performance pattern.Use this skill for Rust-specific code audits.

Detect codebase bloat through progressive analysis: dead code, duplication, complexity, and documentation bloat.Triggers: bloat detection, dead code, code cleanup, duplication, redundancy, codebase health, technical debt, unused codeUse when: preparing for refactoring, context usage is high, quarterly maintenance, pre-release cleanupDO NOT use when: actively developing new features, time-sensitive bug fixes.DO NOT use when: codebase is < 1000 lines (insufficient scale for bloat).Progressive 3-tier detection: quick scan → targeted analysis → deep audit.

Audit Makefiles for duplication, portability, and idiomatic GNU Make usage.Triggers: Makefile review, build system, GNU Make, portability, deduplication,pattern rules, automatic variables, dependency graphUse when: auditing Makefiles, reviewing build system, checking portability,eliminating recipe duplicationDO NOT use when: creating new Makefiles - use abstract:make-dogfood.DO NOT use when: architecture review - use architecture-review.Use this skill for Makefile audit and optimization.

Configure comprehensive three-layer pre-commit quality system with linting, type checking, and testing enforcement

Evaluate and upgrade test suites with TDD/BDD rigor, coverage tracking,and quality assessment.Triggers: test audit, test coverage, test quality, TDD, BDD, test gaps,test improvement, coverage analysis, test remediationUse when: auditing test suites, analyzing coverage gaps, improving testquality, evaluating TDD/BDD complianceDO NOT use when: writing new tests - use parseltongue:python-testing.DO NOT use when: updating existing tests - use sanctum:test-updates.Use this skill for test suite evaluation and quality assessment.

Evaluate codebase architecture against ADRs, coupling rules, and team guardrails.Triggers: architecture review, ADR audit, coupling analysis, design review,principle checks, Law of Demeter, architecture assessmentUse when: reviewing architecture decisions, auditing ADR compliance, analyzingcoupling, validating design principlesDO NOT use when: selecting architecture paradigms - use archetypes skills.DO NOT use when: API surface review - use api-review.Use this skill for architecture assessment and compliance.

Go conventions for hexagonal architecture, project structure, error handling, testing, and observability. Use when writing Go services.

detailed hook evaluation framework for Claude Code and Agent SDK hooks.Triggers: hook audit, hook security, hook performance, hook compliance,SDK hooks, hook evaluation, hook benchmarking, hook vulnerabilityUse when: auditing existing hooks for security vulnerabilities, benchmarkinghook performance, implementing hooks using Python SDK, understanding hookcallback signatures, validating hooks against compliance standardsDO NOT use when: deciding hook placement - use hook-scope-guide instead.DO NOT use when: writing hook rules from scratch - use hookify instead.DO NOT use when: validating plugin structure - use validate-plugin instead.Use this skill BEFORE deploying hooks to production.