測試與安全

Complete Software Development Life Cycle workflow for Linear issues. Coordinates requirements analysis, TDD setup, implementation, testing, and PR creation through agent chaining. Use when starting work on Linear issues, implementing features from Linear, or when user mentions SDLC workflow, Linear issue development, test-driven development, or feature implementation workflow.

Interactive setup wizard for development environments. ALWAYS trigger first when users want to set up, create, or initialize a new development environment. Asks discovery questions about tech stack, services, and preferences, then coordinates other skills (zero-to-running, database-seeding, git-hooks, local-ssl, env-manager) to generate a customized environment.

Configures secure authentication with Azure using OIDC (OpenID Connect). Eliminates long-lived secrets by integrating GitHub Actions with Azure AD for secure resource access.

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

Audit SQLite persistence layer for unused tables and broken integrations. Trigger when: (1) checking database usage, (2) cleaning up schema, (3) finding missing methods.

Write pytest tests using Test-Driven Development (TDD). Use when implementing features, fixing bugs, or when the user mentions testing, TDD, or pytest. Tests should be written BEFORE implementation code.

Comprehensive read-only code review analyzing code quality, security vulnerabilities, performance issues, best practices compliance, and VSCode diagnostics. Use when user asks to review code, check for errors, analyze code quality, mentions security review, or wants feedback on their code.

Use when validating project structure during Standards Audit phase. Detects package type from package.json metasaver.projectType, loads structure rules from domain skills (react-app-structure, prisma-database, contracts-package), scans created/modified files, and reports violations with fix suggestions. File types: .tsx, .ts, directory layouts.

Test Driven Development (TDD) workflow automation for Java Spring Boot projects. Use for writing tests, checking coverage, generating test scaffolds, and implementing Red-Green-Refactor cycles with JUnit 5, Mockito, and Testcontainers.

Comprehensive code review knowledge including security, performance, accessibility, and quality standards across multiple languages and frameworks

Validates output-style persona definitions, behavior specifications, and keep-coding-instructions decisions. Use when auditing, reviewing, or improving output-styles, checking persona clarity, validating behavior concreteness, or verifying scope alignment (user vs project). Triggers when user asks about output-style best practices or needs help with persona definition.

Design and build scalable backend systems, master database technologies, design APIs, implement authentication, and optimize performance. Use for backend design, database selection, API development, and scaling strategies.

JSON-driven content architecture for services, programmes, FAQs, testimonials, and policies with TypeScript interfaces and locale-aware data fetching. Use when defining content schemas, creating data utilities, adding new content types, or fetching localized business data.

Docker containerization for packaging applications with dependencies into isolated, portable units ensuring consistency across development, testing, and production environments.

Generate a detailed test plan covering scenarios, environments, data, and reporting for the release.

Message broker setup patterns (Redis, RabbitMQ, SQS) for Celery including connection strings, SSL configuration, high availability, and production best practices. Use when configuring message brokers, setting up Redis/RabbitMQ/SQS, troubleshooting broker connections, implementing HA/failover, securing broker communications with SSL, or when user mentions broker setup, connection issues, sentinel, quorum queues, or AWS SQS integration.

Implement authentication and authorization with Better Auth - a framework-agnostic TypeScript authentication framework. Features include email/password authentication with verification, OAuth providers (Google, GitHub, Discord, etc.), two-factor authentication (TOTP, SMS), passkeys/WebAuthn support, session management, role-based access control (RBAC), rate limiting, and database adapters. Use when adding authentication to applications, implementing OAuth flows, setting up 2FA/MFA, managing user sessions, configuring authorization rules, or building secure authentication systems for web applications.

Shopify OAuth integration patterns for VioletConnect merchant onboarding

Complete browser automation with Playwright. Auto-detects dev servers, writes clean test scripts to /tmp. Test pages, fill forms, take screenshots, check responsive design, validate UX, test login flows, check links, automate any browser task. Use when user wants to test websites, automate browser interactions, validate web functionality, or perform any browser-based testing.

Implement comprehensive testing strategies using Jest, Vitest, and Testing Library for unit tests, integration tests, and end-to-end testing with mocking, fixtures, and test-driven development. Use when writing JavaScript/TypeScript tests, setting up test infrastructure, or implementing TDD/BDD workflows.