測試與安全

Implement secure file upload handling with validation, virus scanning, storage management, and serving files efficiently. Use when building file upload features, managing file storage, and implementing file download systems.

Integrate automated testing into CI/CD pipelines for continuous quality feedback. Use for continuous testing, CI testing, automated testing pipelines, test orchestration, and DevOps quality practices.

Build production-ready Express.js servers with middleware, authentication, routing, and database integration. Use when creating REST APIs, managing requests/responses, implementing middleware chains, and handling server logic.

Implement backup and restore strategies for disaster recovery. Use when creating backup plans, testing restore procedures, or setting up automated backups.

Create and execute incident response procedures for security breaches, data leaks, and cyber attacks. Use when handling security incidents, creating response playbooks, or conducting forensic analysis.

This skill should be used when editing Python code in the erk codebase. Use when writing, reviewing, or refactoring Python to ensure adherence to LBYL exception handling patterns, Python 3.13+ type syntax (list[str], str | None), pathlib operations, ABC-based interfaces, absolute imports, and explicit error boundaries at CLI level. Also provides production-tested code smell patterns from Dagster Labs for API design, parameter complexity, and code organization. Essential for maintaining erk's dignified Python standards.

Integrate payment gateways like Stripe, PayPal, and Square with backends for payment processing, subscription management, and webhook handling. Use when building e-commerce platforms, implementing billing systems, and handling payments securely.

Automate browser interactions using Selenium WebDriver. Use this skill when you need to interact with dynamic JavaScript-heavy websites, fill forms, click buttons, handle authentication, or scrape content that requires browser rendering. NOT needed for static HTML parsing or processing already-fetched content.

Unit testing framework for Python using pytest. Use when writing test cases, validating code behavior, checking test coverage, or debugging test failures.

Advanced scientific computing for portfolio optimization, statistical testing, and numerical methods. Use when minimizing portfolio variance, fitting distributions to returns data, performing correlation analysis, running hypothesis tests, or solving constrained optimization problems. Provides optimization algorithms (BFGS, SLSQP) and statistical distributions essential for risk modeling.

Graph algorithms for network analysis including shortest paths, cycle detection, and connectivity analysis. Create directed/undirected graphs with weighted edges. Use when modeling currency exchange networks, detecting arbitrage opportunities via negative cycles, finding optimal trading routes, calculating path lengths, analyzing network topology, or working with any connected data structures. Supports Bellman-Ford, Dijkstra, and other graph algorithms.

Comprehensive testing guidelines for Vitest and React Testing Library. Covers quality standards, AAA pattern, naming conventions, branch coverage, and best practices. Reference this skill when creating or updating test code during Phase 2 (Testing & Stories).

Use Nmap for network discovery and security scanning. Use this skill when performing host discovery, port scanning, OS detection, or vulnerability assessment on network targets.

Exploit padding oracle vulnerabilities in CBC mode encryption. Use this skill when attacking web applications or services that leak information about PKCS7 padding validity.

Comprehensive Storybook story creation guidelines. Covers story structure, naming conventions, and visual testing patterns. Reference this skill when creating Storybook stories for components with conditional rendering or complex UI states during Phase 2 (Testing & Stories).

Guide for SELinux (Security-Enhanced Linux) security framework. Use when configuring mandatory access controls, troubleshooting permission denials, creating custom policies, or managing security contexts. Covers modes, contexts, booleans, and policy management.

Make HTTP requests to REST APIs with authentication, handle responses, and manage pagination. Use when connecting to external APIs, fetching data from CRM systems, syncing records between services, or implementing OAuth/API key authentication flows.

Comprehensive React component coding guidelines, refactoring principles, and architectural patterns. **CRITICAL**: Focuses on patterns AI commonly fails to implement correctly, especially testability, props control, and component responsibility separation. Reference this skill when implementing or refactoring React components during Phase 2.

Implement OAuth 2.0 authentication flows for CRM API access. Use when authenticating with Salesforce, HubSpot, or other CRM APIs, managing access tokens, refreshing expired tokens, or building OAuth-based integrations.

Apply this repository's coding conventions and patterns. Use when writing or reviewing code in this codebase to ensure consistency with established patterns for DI, logging, error handling, testing, and documentation. Auto-trigger when implementing features, fixing bugs, or reviewing code changes.