測試與安全

Test klaude-code interactively using tmux with synchronous task completion. Use when testing UI features, verifying changes, or debugging interactive behavior. Eliminates polling/sleep by using KLAUDE_TEST_SIGNAL for precise synchronization.

Verify code implementation aligns with design specifications. Use after implementing features, during code reviews, or when refactoring to ensure architectural compliance. Compares design docs with actual code.

Guide for implementing metacircular evaluators—interpreters that can interpret themselves. This skill should be used when building self-interpreting Scheme-like evaluators, debugging multi-level interpretation issues, or implementing language features like environments, closures, and special forms. Focuses on incremental development, continuous metacircular testing, and systematic debugging of nested interpretation failures.

Plans Story test task by Risk-Based Testing after manual testing. Calculates priorities, selects E2E/Integration/Unit, delegates to ln-311-task-creator. Invoked by ln-340-story-quality-gate.

Scan for security vulnerabilities using pnpm audit, Snyk, and automated tools. Use when checking security, before deployments, or resolving CVEs.

Guide for sanitizing git repositories by identifying and replacing sensitive information such as API keys, tokens, and credentials. This skill should be used when tasks involve removing secrets from codebases, sanitizing repositories before sharing, or replacing sensitive values with placeholders. Applies to tasks involving secret detection, credential removal, or repository cleanup for security purposes.

Upgrade dependencies safely using pnpm catalog, checking for breaking changes, and testing upgrades. Use when updating packages, applying security patches, or upgrading major versions.

E2E Critical Coverage audit worker (L3). Validates E2E coverage for critical paths (Money 20+, Security 20+, Data 15+). Pure risk-based - no pyramid percentages.

Build edge-first TypeScript applications on Cloudflare Workers. Covers Workers API, Hono framework, KV/D1/R2 storage, Durable Objects, Queues, and testing patterns. Use when creating serverless workers, edge functions, or Cloudflare-deployed services.

Dependencies and reuse audit worker (L3). Checks outdated packages, unused dependencies, reinvented wheels, custom implementations of standard library features. Returns findings with severity, location, effort, recommendations.

This skill provides guidance for tasks involving merging git branches that contain different implementations of ARC-AGI pattern recognition algorithms, and then implementing a working solution that generalizes across examples. Use this skill when the task involves (1) merging git branches with conflicting code, (2) analyzing ARC-AGI style input/output grid transformations, or (3) implementing pattern recognition algorithms that must generalize to unseen test cases.

When creating tests and using tests for testing of application operation

Executes Story Finalizer test tasks (label "tests") from Todo -> To Review. Enforces risk-based limits and priority.

Guidance for bypassing HTML/JavaScript sanitization filters in security testing contexts. This skill should be used when tasked with finding XSS filter bypasses, testing HTML sanitizers, or exploiting parser differentials between server-side filters and browsers. Applies to CTF challenges, authorized penetration testing, and security research involving HTML injection and JavaScript execution through sanitization bypasses.

Write Ruby on Rails specs with RSpec following best practices for unit tests, request specs, feature specs, and job specs. Use when writing or modifying RSpec test files for Rails applications.

Story-level quality orchestrator. Pass 1: code quality -> regression -> manual testing (fail fast). Pass 2: verify tests/coverage -> mark Story Done. Auto-discovers team/config.

Style guide templates for content creation. Used by /majestic:style-guide:new command.

Monitor and refactor large files into smaller, AI-friendly modules. Use when user asks to check file sizes, split large files, or organize the codebase. Ensures tests pass before and after refactoring.

Test implementation of thin router skill for DiPeO backend. Provides decision criteria and documentation anchors for FastAPI server, CLI (dipeo run/results/metrics/compile/export), SQLite schema, and MCP integration in apps/server/. Use when task mentions CLI commands, server endpoints, database queries, or MCP tools.

Use when creating new skills, editing existing skills, or verifying skills work - applies TDD to documentation by testing with subagents before writing