測試與安全

Allra 백엔드 테스트 작성 표준. Use when writing test code, choosing test helpers, generating test data with Fixture Monkey, or verifying test coverage.

Specialized agent for BarqNet client application development across Desktop (Electron/TypeScript), iOS (Swift), and Android (Kotlin). Handles UI/UX implementation, OpenVPN integration, platform-specific features, secure storage, and native API usage. Use when developing client-side features, fixing UI bugs, or implementing platform-specific functionality.

Common patterns in PR reviews including false positives, security vulnerabilities, N+1 queries, breaking changes, and edge cases. Use when analyzing code, verifying findings, or understanding typical issues.

Implement production-grade caching with cache keys/TTLs/consistency classes per query, SWR (stale-while-revalidate), explicit invalidation, and comprehensive testing for stale reads and cache warmup. Use when adding caching to queries, implementing cache invalidation, or ensuring cache consistency and performance.

Comprehensive FastAPI best practices, patterns, and conventions for building production-ready Python web APIs. Covers application structure, async patterns, Pydantic models, dependency injection, database integration, authentication, error handling, testing, OpenAPI documentation, performance optimization, and common anti-patterns. Essential reference for FastAPI code reviews and development.

Comprehensive pull request review covering code quality, security vulnerabilities, performance issues, and design patterns. Use when reviewing PRs, analyzing code changes, checking for bugs, or when user mentions pull request, PR review, code review, or merge request.

Analyze codebase health - large files, test coverage gaps, duplicate code, dead/legacy code, and documentation issues. Use when asked to scan, audit, or assess code quality, find refactoring targets, or identify technical debt.

Comprehensive security audit with OWASP Top 10 analysis, compliance evaluation, and threat modeling using PAL MCP. Use for security reviews, vulnerability assessment, or compliance checks. Triggers on security audit requests, vulnerability scanning, or compliance reviews.

Skill cho việc review code quality, security, và best practices compliance.

This skill should be used when the user asks about "MCP tools", "Unity MCP", "enable tool groups", "which MCP tools", "create GameObject", "add component", "run Unity tests", "check scene hierarchy", "spawn agent for Unity", "MCP not working", or needs to coordinate Unity Editor operations via MCP.

Identify which standards are covered vs. missing, analyze depth of coverage for each standard, prioritize uncovered standards, and recommend content to fill gaps. Use when auditing curriculum coverage. Activates on "gap analysis", "standards gaps", or "coverage audit".

Use this skill for spec-driven git workflow with GitHub issues. Provides 10 workflow commands including brownfield project migration, sprint management, AI quality reviews, issue tracking, and PR workflows. Triggers include migrating existing projects, creating sprint issues, reviewing sprint quality, starting work on issues, testing implementations, submitting PRs, handling review feedback, closing completed work, checking sprint progress, or creating/updating specs. Use when the user mentions migration, sprints, reviews, issues, PRs, specs, or wants to track development workflow.

Generate tests following project conventions. Use when writing unit tests, integration tests, creating test fixtures, or implementing test builders. Triggers on requests like "write tests for", "add test coverage", "create test builder", "test this handler", or "implement tests".

Expert DevOps automation consultant for building production-grade CI/CD deployment pipelines using Vercel, GitHub Actions, and Railway. Implements build/test/preview/production workflows, automated rollbacks, canary deployments, blue-green strategies, environment promotion, secrets management, health checks, smoke testing, and live monitoring. Use when deploying web applications, setting up CI/CD pipelines, configuring automated deployments, implementing deployment strategies, managing production releases, or troubleshooting deployment issues.

Production-ready security analysis with CMMC Level 2 compliance. USE WHEN user needs vulnerability scanning, STRIDE threat modeling, security code review, CMMC compliance mapping, or multi-agent security analysis. Detects 50+ vulnerability patterns with remediation guidance.

Automated E2E test infrastructure setup with Playwright, Vitest, MSW, and GitHub Actions. Use when user mentions add E2E tests, setup testing, or invokes /generate-e2e-tests.

Set-theoretic operations for finding unique elements, membership testing, and array intersections. Triggers: unique, isin, intersect1d, setdiff1d, union1d.

Export Google Docs and Google Sheets (spreadsheets) to Markdown files or stdout. Use when asked to fetch, download, or ingest Google Docs/Sheets content for summarization, analysis, or context loading. Tries gcloud ADC first with browser OAuth fallback.

Generate unit tests, integration tests, and test cases for code. Use when you see TEST comments, when asked to add test coverage, or when writing tests for new functionality.

Post-training model validation workflow: gating, backtesting, walk-forward validation, deployment decisions. Trigger after GPU training completes.