Testing & Security

Design clean, scalable, and maintainable REST and GraphQL APIs following industry best practices. Use when designing public or internal APIs, planning endpoint structures, defining request/response contracts, establishing versioning strategies, implementing authentication patterns, designing data models, creating API documentation, ensuring consistent error handling, optimizing for performance, or establishing service contracts between microservices.

Systematically review pull requests, feature implementations, and code changes to ensure quality, maintainability, security, and adherence to best practices. Use when reviewing code before merging, conducting peer reviews, performing self-reviews, auditing code quality, checking for security vulnerabilities, ensuring consistent coding standards, verifying test coverage, assessing performance implications, evaluating architectural decisions, or providing constructive feedback to improve team code quality.

Creates assessments with varied question types (MCQ, code-completion, debugging, projects) alignedto learning objectives with meaningful distractors based on common misconceptions. Activate wheneducators design quizzes, exams, or tests measuring understanding; need questions at appropriatecognitive levels (Bloom's taxonomy); want balanced cognitive distribution (60%+ non-recall); orrequire rubrics for open-ended questions. Generates MCQs with diagnostic distractors, code-writingprompts, debugging challenges, and project-based assessments targeting deep understanding.

Generate measurable learning outcomes aligned with Bloom's taxonomy and CEFR proficiency levels for educational content.Use this skill when educators need to define what students will achieve, create learning objectivesfor curriculum planning, or ensure objectives are specific and testable rather than vague.This skill helps break down complex topics into progressively building learning goals with clearassessment methods and success criteria.

Use when deploying Docker Compose applications to production including security hardening, resource management, health checks, logging, monitoring, and high-availability patterns.

Use when modifying, removing, or refactoring code that lacks test coverage. Emphasizes the danger of untested changes and the RGR workflow to add characterization tests before modifications.

Use when creating or modifying GitHub Actions workflow files. Provides guidance on workflow syntax, triggers, jobs, steps, and expressions for creating valid GitHub Actions workflows that can be tested locally with act.

Use when nestJS dependency injection with providers, modules, and decorators. Use when building modular NestJS applications.

Use when jUnit fundamentals including annotations, assertions, and test lifecycle for Java testing.

Use when modern PHP features including typed properties, union types, match expressions, named arguments, attributes, enums, and patterns for writing type-safe, expressive PHP code with latest language improvements.

Use when implementing SIP authentication, security mechanisms, and encryption. Use when securing SIP servers, clients, or proxies.

Use when nestJS testing with unit tests, integration tests, and e2e tests. Use when building well-tested NestJS applications.

Use automatically during development workflows when making claims about tests, builds, verification, or code quality requiring concrete evidence to ensure trust through transparency.

Use when mocha test structure, hooks, and async testing patterns for JavaScript testing.

This skill should be used when investigating .NET project dependencies, understanding why packages are included, listing references, or auditing for outdated/vulnerable packages.

Fix bugs, add features to completed plugins. Includes versioning, backups, regression testing, changelog automation. Auto-detects deep-research handoffs to preserve investigation context. Trigger terms - improve, fix, add feature, modify plugin, version bump, rollback

Use when configuring parallel test execution with TestNG including thread pools, suite configuration, and synchronization.

Use when configuring Docker environments for act, selecting runner images, managing container resources, or troubleshooting Docker-related issues with local GitHub Actions testing.

Use when rSpec fundamentals including describe, context, it blocks, let, and basic matchers for BDD testing.

Use when vitest testing patterns including unit tests, mocks, spies, and browser mode testing.