測試與安全

Use when building Laravel 10+ applications requiring Eloquent ORM, API resources, or queue systems. Invoke for Laravel models, Livewire components, Sanctum authentication, Horizon queues. Keywords: Laravel, Eloquent, PHP 8.2+, API, queues, Livewire, Sanctum, Horizon.

Use when writing tests, creating test strategies, or building automation frameworks. Invoke for unit tests, integration tests, E2E, coverage analysis, performance testing, security testing. Keywords: testing, QA, unit test, integration test, E2E, coverage, pytest, Jest.

Use when building NestJS applications requiring modular architecture, dependency injection, or TypeScript backend development. Invoke for modules, controllers, services, DTOs, guards, interceptors, TypeORM/Prisma. Keywords: NestJS, Nest, Node.js, TypeScript backend, dependency injection.

Use for PR/code reviews and any task that benefits from a dedicated tmux sub-agent with per-task git worktrees; default path for reviewing diffs (read diff → summarize → run checks/tests) with automated monitoring.

Generates agentic outside-in tests using gadugi-agentic-test framework for CLI, TUI, Web, and Electron apps.Use when you need behavior-driven tests that verify external interfaces without internal implementation knowledge.Creates YAML test scenarios that AI agents execute, observe, and validate against expected outcomes.Supports progressive complexity from simple smoke tests to advanced multi-step workflows.

Creates high-quality pull requests with comprehensive descriptions, test plans, and context. Activates when user wants to create PR, says 'ready to merge', or has completed feature work. Analyzes commits and changes to generate meaningful PR descriptions.

Use for Python work with uv—envs, deps, and commands run through uv; avoid pip/venv/pip-tools; keep Justfile/CI parity with ruff, mypy, pytest.

Use when developing Rust projects in the tempoxyz org—standardizes fmt/clippy/nextest, sccache+mold, feature-powerset checks, MSRV builds, docsrs flags, and xtask patterns so local and CI behavior match.

Comprehensive codebase quality audit with parallel agent orchestration, GitHub issue creation, automated PR generation per issue, and PM-prioritized recommendations. Use for code review, refactoring audits, technical debt analysis, module quality assessment, or codebase health checks.

Launch Baldur's Gate 3 through Steam on macOS and load saved games using macos-automator and peekaboo MCP servers.Designed for testing bg3se-macos (Script Extender) development.Use when: (1) launching BG3 from Steam, (2) loading a BG3 saved game, (3) testing SE mod injection,(4) user asks to "start BG3", "load my BG3 save", "play Baldur's Gate", "test the script extender".Requires macos-automator and peekaboo MCP servers installed with accessibility permissions.

Analyzes events through cybersecurity lens using threat modeling, attack surface analysis, defense-in-depth,zero-trust architecture, and risk-based frameworks (CIA triad, STRIDE, MITRE ATT&CK).Provides insights on vulnerabilities, attack vectors, defense strategies, incident response, and security posture.Use when: Security incidents, vulnerability assessments, threat analysis, security architecture, compliance.Evaluates: Confidentiality, integrity, availability, threat actors, attack patterns, controls, residual risk.

Comprehensive static code analysis to enforce architectural patterns, conventions, and code quality standards.

Docker image optimization patterns including multi-stage builds, layer caching, security hardening, and size reduction techniques. Use when building Docker images, optimizing container size, improving build performance, or implementing Docker security best practices. Reduces image sizes by 70-90% and build times by 50-80%.

LLM evaluation and testing patterns including prompt testing, hallucination detection, benchmark creation, and quality metrics. Use when testing LLM applications, validating prompt quality, implementing systematic evaluation, or measuring LLM performance.

Analyzes events through computer science lens using computational complexity, algorithms, data structures,systems architecture, information theory, and software engineering principles to evaluate feasibility, scalability, security.Provides insights on algorithmic efficiency, system design, computational limits, data management, and technical trade-offs.Use when: Technology evaluation, system architecture, algorithm design, scalability analysis, security assessment.Evaluates: Computational complexity, algorithmic efficiency, system architecture, scalability, data integrity, security.

Analyzes code to identify untested functions, low coverage areas, and missing edge cases.Use when reviewing test coverage or planning test improvements.Generates specific test suggestions with example templates following amplihack's testing pyramid (60% unit, 30% integration, 10% E2E).Can use coverage.py for Python projects.

Use when building high-performance async Python APIs with FastAPI and Pydantic V2. Invoke for async SQLAlchemy, JWT authentication, WebSockets, OpenAPI documentation. Keywords: FastAPI, Pydantic, async, SQLAlchemy, JWT, OpenAPI.

Use when implementing authentication/authorization, securing user input, or preventing OWASP Top 10 vulnerabilities. Invoke for authentication, authorization, input validation, encryption, OWASP Top 10 prevention. Keywords: security, authentication, authorization, OWASP, encryption, vulnerability.

Use when building enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke for WebFlux, JPA optimization, Spring Security, cloud-native patterns. Keywords: Spring Boot, Java 21, WebFlux, Hibernate, microservices.

Use when building Django web applications or REST APIs with Django REST Framework. Invoke for Django models, ORM optimization, DRF serializers, viewsets, authentication with JWT. Keywords: Django, DRF, ORM, serializer, viewset, model.