測試與安全

Set up and maintain continuous integration and continuous deployment pipelines with GitHub Actions, GitLab CI, Jenkins, or similar tools to automate testing, building, and deployment. Use when configuring automated builds, setting up test automation, implementing deployment automation, creating release workflows, managing environment deployments, configuring build caching, implementing blue-green deployments, setting up rollback strategies, or automating the entire software delivery pipeline.

Systematically review pull requests, feature implementations, and code changes to ensure quality, maintainability, security, and adherence to best practices. Use when reviewing code before merging, conducting peer reviews, performing self-reviews, auditing code quality, checking for security vulnerabilities, ensuring consistent coding standards, verifying test coverage, assessing performance implications, evaluating architectural decisions, or providing constructive feedback to improve team code quality.

Creates assessments with varied question types (MCQ, code-completion, debugging, projects) alignedto learning objectives with meaningful distractors based on common misconceptions. Activate wheneducators design quizzes, exams, or tests measuring understanding; need questions at appropriatecognitive levels (Bloom's taxonomy); want balanced cognitive distribution (60%+ non-recall); orrequire rubrics for open-ended questions. Generates MCQs with diagnostic distractors, code-writingprompts, debugging challenges, and project-based assessments targeting deep understanding.

Generate measurable learning outcomes aligned with Bloom's taxonomy and CEFR proficiency levels for educational content.Use this skill when educators need to define what students will achieve, create learning objectivesfor curriculum planning, or ensure objectives are specific and testable rather than vague.This skill helps break down complex topics into progressively building learning goals with clearassessment methods and success criteria.

Use when jUnit fundamentals including annotations, assertions, and test lifecycle for Java testing.

Use when modern PHP features including typed properties, union types, match expressions, named arguments, attributes, enums, and patterns for writing type-safe, expressive PHP code with latest language improvements.

Use when implementing SIP authentication, security mechanisms, and encryption. Use when securing SIP servers, clients, or proxies.

Use when nestJS testing with unit tests, integration tests, and e2e tests. Use when building well-tested NestJS applications.

Use automatically during development workflows when making claims about tests, builds, verification, or code quality requiring concrete evidence to ensure trust through transparency.

Use when mocha test structure, hooks, and async testing patterns for JavaScript testing.

This skill should be used when investigating .NET project dependencies, understanding why packages are included, listing references, or auditing for outdated/vulnerable packages.

Use when deploying Docker Compose applications to production including security hardening, resource management, health checks, logging, monitoring, and high-availability patterns.

Use when modifying, removing, or refactoring code that lacks test coverage. Emphasizes the danger of untested changes and the RGR workflow to add characterization tests before modifications.

Use when creating or modifying GitHub Actions workflow files. Provides guidance on workflow syntax, triggers, jobs, steps, and expressions for creating valid GitHub Actions workflows that can be tested locally with act.

Use when nestJS dependency injection with providers, modules, and decorators. Use when building modular NestJS applications.

Use when essential PHP security patterns including input validation, SQL injection prevention, XSS protection, CSRF tokens, password hashing, secure session management, and defense-in-depth strategies for building secure PHP applications.

Use when testing Effect code including Effect.gen in tests, test layers, mocking services, and testing error scenarios. Use for writing tests for Effect applications.

Use when restructuring code to improve quality without changing external behavior. Emphasizes safety through tests and incremental changes.

Writing effective step definitions and organizing test code

Use when implementing GraphQL resolvers with resolver functions, context management, DataLoader batching, error handling, authentication, and testing strategies.