測試與安全

How tests should be structured, named, and prioritized in this codebase.

Production-tested integration patterns for connecting React frontends to Cloudflare Worker backendswith Hono, Clerk authentication, and D1 databases. Prevents common frontend-backend connection issues,CORS errors, auth token failures, and race conditions.Use when: connecting frontend to backend, implementing auth flow, setting up API calls,troubleshooting CORS, fixing race conditions, auth tokens not passing, frontend-backend connection errors,401 errors, integrating Clerk with Workers, setting up full-stack Cloudflare app, vite cloudflare plugin setup.Prevents: CORS errors, 401 Unauthorized, auth token mismatches, race conditions with auth loading,environment variable confusion, frontend calling wrong endpoints, JWT verification errors, D1 connection issues.Keywords: frontend backend integration, Cloudflare Workers, Hono, Clerk auth, JWT verification, CORS, React API client,race conditions, auth loading, connection issues, full-stack integration, vite plugin, @cloudflare/vite-plugin,D1 database,

Analyze and optimize project dependencies. Use when auditing npm packages, checking for vulnerabilities, finding outdated dependencies, analyzing bundle size, or detecting circular imports.

Specialized agent for BarqNet backend development. Focuses on Go backend API development, PostgreSQL database management, authentication systems, JWT tokens, OpenVPN integration, and production-ready backend architecture. Use this skill when working on server-side code, API endpoints, database migrations, or backend infrastructure.

Code review and quality assurance specialist for ensuring code quality, security, and maintainability

Webhook validation patterns with signature verification, event logging, and testing tools. Use when implementing webhooks, validating webhook signatures, securing payment webhooks, testing webhook endpoints, preventing replay attacks, or when user mentions webhook security, Stripe webhooks, signature verification, webhook testing, or event validation.

Audit a repository's structure and propose a safe, approval-gated reorganization plan. Use when asked to review repo anatomy, propose folder changes, or apply an approved reorg with rollback.

Generates cross-platform commands and scripts for Linux, macOS, and Windows with security validation and compatibility guidance

Factory.ai Droid CLI integration for autonomous AI coding agent. Supports interactive and exec modes with multiple autonomy levels for code review, feature development, and testing. Activated when users need terminal-based AI assistance for comprehensive code tasks.

Generate optimized indirect prompt injection, H-CoT, and multi-layer attack payloads for AI security testing and CTF competitions with automated family selection and success rate optimization

Production-grade accessibility skill for WCAG 2.2 AA compliance.Covers auditing, remediation, component authoring, and validation workflows.Auto-invoked for UI implementation, a11y fixes, and accessibility testing.

End-to-end testing patterns for backend services. Use when testing complete application flows.

A tiered approach to answering research questions with clear stop rules, evidence capture, and escalation to Tavily/Playwright only when needed.

Use when building a production-ready REST API from requirements through deployment.Orchestrates 8-12 specialist agents across 5 phases using Test-Driven Development methodology.Covers planning, architecture, TDD implementation, comprehensive testing, documentation, andblue-green deployment over a 2-week timeline with emphasis on quality and reliability.

Analyze and fix CI/CD pipeline failures including build errors, test failures, and linting issues

Comprehensive checklist for releasing OSS projects. Covers security (CSP, PII, secrets), legal compliance (licenses, API terms, trademarks), privacy (GDPR, telemetry opt-out), and documentation. Use when preparing to open source a project, adding telemetry/error monitoring, auditing dependencies, or creating privacy policies.

Review code for quality, security, and best practices. Use when asked to review code, find bugs, or suggest improvements.

Processo e template para auditoria técnica + estratégica da plataforma. TRIGGERS: 'auditoria', 'platform audit', 'análise completa', 'health check'. Use para executar análises periódicas de saúde técnica, arquitetura, ROI e sustentabilidade.

Use when generating PDFs from markdown with Pandoc - covers differences from Python-Markdown, blank line rules, fix scripts for labels/anchors/metadata, and visual testing workflow

Comprehensive database security scanning and data integrity validation. Identify security vulnerabilities, enforce OWASP compliance, validate data types/formats/ranges, ensure referential integrity, and implement business rules. Use when assessing database security, checking compliance, validating data integrity, or enforcing constraints.