測試與安全

This skill provides comprehensive knowledge for integrating Neon serverless Postgres and Vercel Postgres (which is built on Neon infrastructure) into web applications. It should be used when setting up serverless Postgres databases, configuring connection pooling for edge and serverless environments, implementing database branching workflows, or troubleshooting Postgres connection issues in Cloudflare Workers, Vercel Edge Functions, or Node.js serverless functions.Use this skill when:- Setting up Neon Postgres for Cloudflare Workers, Vercel Edge, or serverless environments- Configuring Vercel Postgres for Next.js applications- Implementing database branching workflows (git-like database branches)- Integrating Drizzle ORM or Prisma with Neon/Vercel Postgres- Debugging connection pool errors, transaction timeouts, or SSL configuration issues- Migrating from D1/SQLite to Postgres or from traditional Postgres to serverless Postgres- Setting up point-in-time restore (PITR) or database backups- Encounteri

Expert-level C# unit testing skill based on ISTQB standards and best practices. Use this skill when creating, reviewing, or refactoring unit tests for C# applications (.NET/ASP.NET Core). Applies test design techniques, coverage strategies, and quality assurance principles from ISTQB Foundation and Advanced levels.

Design and implement RESTful APIs, GraphQL endpoints, and backend API architecture following modern standards. Use this skill when creating or modifying API endpoints, route handlers, controllers, API middleware, authentication/authorization logic, or any files that define HTTP endpoints such as routes.py, api.js, controllers/, endpoints/, or API specification files (OpenAPI/Swagger). Apply this skill when implementing API versioning, rate limiting, request/response handling, API documentation, or when working with API gateway configurations. This skill is essential for building scalable, secure, and well-documented APIs that follow RESTful principles, handle errors gracefully, and provide consistent developer experiences across microservices and serverless architectures.

Find existing packages before writing custom code. Uses context7 and websearch to discover battle-tested solutions, maximizes package usage to minimize custom code and complexity. Use when implementing features, adding functionality, or when user requests new capabilities.

Connect to and interact with Azure Blob Storage (ADLS Gen2). Use when working with Azure blob storage, listing containers, reading files, uploading data, or when user mentions Azure storage, blob containers, or ADLS. Handles authentication, container operations, and blob management.

Martin Fowler's refactoring catalog with incremental change patterns and test-driven refactoring discipline

Do experiment-driven research (hypotheses → minimal repros → evidence) and continuously improve research skills + tooling. Use when behavior is uncertain, contested, or performance-sensitive.

README.md documentation templates and validation logic for MetaSaver monorepos. Includes repository type detection (library vs consumer), required sections (Title, Description, Installation, Usage, Scripts), and line count guidance (consumer 75-100 lines, library 150-200 lines). Use when creating or auditing README.md files at monorepo root.

Follow project-wide development conventions for file organization, version control, documentation, and dependency management. Use this skill when organizing project directories and files, writing README documentation, creating commit messages, working with git branches, managing pull requests, configuring environment variables, handling secrets and API keys, managing project dependencies, setting up feature flags, maintaining changelogs, defining testing requirements, establishing code review processes, or structuring the overall project architecture. Apply this skill when setting up new projects, refactoring project structure, working with version control, managing configuration files, or ensuring the project follows consistent organizational patterns and best practices.

ABP Framework cross-cutting patterns including authorization, background jobs, distributed events, multi-tenancy, and module configuration. Use when: (1) defining permissions, (2) creating background jobs, (3) publishing/handling distributed events, (4) configuring modules.

Enterprise AI security patterns - LLM vulnerabilities, prompt injection defense, guardrails, PII protection, and OWASP LLM Top 10 mitigations

Work with imp.lib and imp.gits for Nix flake development. Use when working with imp.lib directory imports, imp.gits multi-repo injection, .d fragment directories, flake-parts integration, or when the user mentions imp, imp.lib, imp.gits, or asks about directory-based Nix configuration.

Apply Command Query Responsibility Segregation (CQRS) and Event Sourcing (ES) for collaboration-heavy domains that require strong auditability and independent scaling of reads and writes.

Backend API authentication patterns with Clerk JWT middleware and route protection. Use when building REST APIs, GraphQL APIs, protecting backend routes, implementing JWT validation, setting up Express middleware, or when user mentions API authentication, backend security, JWT tokens, or protected endpoints.

Guide for implementing Better Auth - a framework-agnostic authentication and authorization framework for TypeScript. Use when adding authentication features like email/password, OAuth, 2FA, passkeys, or advanced auth functionality to applications.

Delta Sharing configuration, monitoring, and recipient management for secure cross-organization data sharing.

Comprehensive code review checking quality, security, and best practices. Triggers: CR, review, 審查, 檢查, check, 看一下, PR, code review, 品質.

Expert en stratégie et méthodologie de tests - Pyramide, types de tests, qualité, performance, sécurité, accessibilité

KnockOff source-generated test stubs. Use when creating interface stubs for unit tests, migrating from Moq, understanding the duality pattern (user methods vs callbacks), configuring stub behavior, verifying invocations, or working with interface spy handlers for tracking calls.

Write and validate Firestore Security Rules following the project's multi-tenancy Blueprint pattern. Use this skill when implementing collection-level security, Blueprint membership validation, role-based permissions, and data access controls. Ensures rules validate BlueprintMember status, check permissions array, enforce data isolation, and integrate with the three-layer architecture where Security Rules are the first line of defense.