Testing & Security

Message broker setup patterns (Redis, RabbitMQ, SQS) for Celery including connection strings, SSL configuration, high availability, and production best practices. Use when configuring message brokers, setting up Redis/RabbitMQ/SQS, troubleshooting broker connections, implementing HA/failover, securing broker communications with SSL, or when user mentions broker setup, connection issues, sentinel, quorum queues, or AWS SQS integration.

Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.

Shopify OAuth integration patterns for VioletConnect merchant onboarding

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.

Implement comprehensive testing strategies using Jest, Vitest, and Testing Library for unit tests, integration tests, and end-to-end testing with mocking, fixtures, and test-driven development. Use when writing JavaScript/TypeScript tests, setting up test infrastructure, or implementing TDD/BDD workflows.

Guides correct usage of @j0kz/mcp-agents standardization and automation scripts including version.json single source of truth, test count automation, URL casing rules, and critical workflow pattern...

Use this skill when developing Streamlit applications with uv package manager. Covers project setup, running apps, testing (unit/e2e), and development workflows. Trigger when user mentions "streamlit", "uv run streamlit", "streamlit testing", or asks about building data apps with Python.

E2E testing skill for Pawel Lipowczan portfolio project (Playwright + React/Vite). Use when user wants to create new E2E tests, debug flaky tests, extend test coverage, verify test completeness for features, or run/interpret test results. Covers navigation, forms, blog, SEO, accessibility (WCAG 2.1 AA), responsiveness. References docs/portfolio/testing/{README.md,TESTING_QUICKSTART.md}. Complements portfolio-code-review skill.

Use this skill when you need to start or call Chitti's MCP server (chitti.decide/recall/policy/audit) from Codex, keeping tool details out of context until invoked.

Use when implementing in-app purchases, StoreKit 2 subscriptions, consumables, non-consumables, or transaction handling. Covers testing-first workflow with .storekit configuration, StoreManager architecture, and transaction verification.

This skill should be used when building backend applications with Encore.ts, a TypeScript backend framework. Use this skill for creating APIs, managing databases, implementing authentication, handling async messaging (Pub/Sub), managing storage, scheduling tasks (cron jobs), implementing middleware, configuring CORS, managing secrets, and structuring backend services. This skill is triggered when users need to create or modify backend services, endpoints, databases, authentication systems, or any other backend infrastructure using Encore.ts.

Python testing best practices with pytest. Covers unit, integration, async tests, mocking, fixtures.Triggers: "напиши тесты", "write tests", "add tests", "test coverage", "pytest"

Web shell samples for detection and analysis: PHP, ASP, ASPX, JSP, Python, Perl shells. Use for security research and detection system testing.

Modern Rust development best practices for 2025. Use when working on Rust projects including: (1) Project setup and Cargo.toml configuration, (2) Clippy/rustfmt linting and formatting, (3) Error handling with thiserror/anyhow, (4) Async programming with Tokio, (5) Testing strategies (unit, integration, property-based), (6) CI/CD pipelines and security scanning, (7) Performance optimization and profiling, (8) Observability with tracing, (9) Unsafe code review.

Expert assistant for provisioning charm development and testing environments using concierge. Use when setting up development machines, bootstrapping Juju controllers, installing craft tools (charmcraft, snapcraft, rockcraft), or preparing test environments. Keywords include concierge, provision, development environment, Juju bootstrap, LXD, MicroK8s, K8s, craft tools, prepare, restore.

Generate Python code to call undocumented AWS APIs using SigV4 authentication from cURL requests captured in browser dev tools. This skill should be used when users need to create Python functions that call AWS internal or undocumented APIs with proper AWS Signature Version 4 authentication.

Analyze, review, and provide recommendations for distributed system designs. Use when:(1) Reviewing existing system architectures for gaps or improvements,(2) Analyzing system designs for scalability, reliability, or performance issues,(3) Providing recommendations on load balancing, caching, databases, sharding, replication, messaging, rate limiting, authentication, resilience, or monitoring,(4) Assessing trade-offs in system design decisions,(5) Creating system design review documents with gaps and recommendations.Triggers: "review my system design", "analyze this architecture", "what are the gaps", "system design recommendations", "scalability review", "reliability analysis".

Template for creating new cybersecurity skills. Provides structure and examples for skill development.

Extract mathematical formulas (F-*) from requirements - calculations, algorithms, conversions. Enables autogeneration of calculation functions with tests. Use when requirements involve math, dates, percentages, or algorithms.

Validates compliance with 9 Constitutional Articles and Phase -1 Gates before implementation.Trigger terms: constitution, governance, compliance, validation, constitutional compliance,Phase -1 Gates, simplicity gate, anti-abstraction gate, test-first, library-first,EARS compliance, governance validation, constitutional audit, compliance check, gate validation.Enforces all 9 Constitutional Articles with automated validation:- Article I: Library-First Principle- Article II: CLI Interface Mandate- Article III: Test-First Imperative- Article IV: EARS Requirements Format- Article V: Traceability Mandate- Article VI: Project Memory- Article VII: Simplicity Gate- Article VIII: Anti-Abstraction Gate- Article IX: Integration-First TestingRuns Phase -1 Gates before any implementation begins.Use when: validating project governance, checking constitutional compliance,or enforcing quality gates before implementation.