Use when implementing authorization, access control, RBAC, role-based permissions, guards, policies, row-level security, guest access, or protecting API endpoints. Covers Guard system, roles, permissions, policies, and data filtering.
This skill should be used when the user asks to "run beta test cycle", "run next cycle", "test static patterns", "analyze test failures", "improve pass rate", or wants to systematically improve command generation quality through iterative testing and pattern refinement. Provides structured workflow for running test cycles, analyzing failures, implementing fixes, and documenting results.
QA Lead that creates test suites ONE FILE AT A TIME to prevent crashes. Handles test plans, test cases, testing strategies, quality gates. **CRITICAL CHUNKING RULE - Large test suites (15 files) done incrementally.** Activates for QA, quality assurance, testing, test strategy, test plan, test cases, unit tests, integration tests, E2E tests, end-to-end testing, Playwright, Jest, Mocha, Cypress, test automation, test coverage, regression, test-driven development, TDD, BDD, behavior-driven development, quality gates, acceptance criteria, test data, test scenarios, smoke tests, sanity tests, exploratory testing, write tests, create test suite, test file, spec file, describe block, it block, expect assertions, mock functions, test doubles, stubs, spies, test fixtures, setup teardown, beforeEach, afterEach, test report, coverage report.
Validates workflow schemas, expressions, and block configurations in seer. Use when reviewing workflow changes, adding new blocks, debugging workflow compilation errors, or validating workflow JSON structures.
Lightweight code review for diffs/PRs focusing on high-signal simplifications, code smells, security, performance, and whether new tests are needed; focus on recently modified code unless instructed otherwise.
Run local test/style checks and open GitHub PRs for lance-context. Use when asked to run CI-equivalent checks (uv pytest, ruff/pyright, cargo fmt/clippy/test) and then create a PR with a proper title/body.
Validate and lint code after changes. Use after editing Rust/TypeScript files, when user mentions compilation errors, type checking, linting, clippy warnings, or before commits/PRs. Ensures all code passes checks and has zero warnings.
Validate feature doc format against .patterns/feature-docs.md. Use when reviewing PRs, after editing feature docs, or before commits
Security Engineer and application security expert. Performs threat modeling, security architecture review, penetration testing, vulnerability assessment, and security compliance. Handles OWASP Top 10, authentication security, authorization, encryption, secrets management, HTTPS/TLS, CORS, CSRF, XSS, SQL injection prevention, secure coding practices, security audits, and compliance (GDPR, HIPAA, PCI-DSS, SOC 2). Activates for security, security review, threat model, vulnerability, penetration testing, pen test, OWASP, authentication security, authorization, encryption, secrets, HTTPS, TLS, SSL, CORS, CSRF, XSS, SQL injection, secure coding, security audit, compliance, GDPR, HIPAA, PCI-DSS, SOC 2, security architecture, secrets management, rate limiting, brute force protection, session security, token security, JWT security, is this secure, security check, review security, find vulnerabilities, security scan, security test, hack proof, prevent hacking, protect from attacks, DDoS protection, bot protection, WAF,
Scan code for OWASP vulnerabilities and security issues. Use for security-sensitive implementations.
Use when implementing authentication in Bknd, configuring auth strategies (password, OAuth, email OTP), managing sessions with JWT/cookies, creating users, and protecting endpoints. Covers auth module configuration, user management, and security best practices.
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
security-auditor skill Trigger terms: security audit, vulnerability scan, OWASP, security analysis, penetration testing, security review, threat modeling, security best practices, CVE Use when: User requests involve security auditor tasks.
Use when encountering any bug, test failure, or unexpected behavior, before proposing fixes
Use when implementing features or fixing bugs - enforces RED-GREEN-REFACTOR cycle requiring tests to fail before writing code
Use when writing tests, improving coverage, or deciding what to test in this CLI
test-engineer skill Trigger terms: testing, unit tests, integration tests, E2E tests, test cases, test coverage, test automation, test plan, test design, TDD, test-first Use when: User requests involve test engineer tasks.
Web research using fetch_webpage and Playwright MCP tools in headless mode
Test-Driven Development (TDD) expertise covering red-green-refactor cycle, behavior-driven development, test-first design, refactoring with confidence, TDD best practices, TDD workflow, unit testing strategies, mock-driven development, test doubles, TDD patterns, SOLID principles through testing, emergent design, incremental development, TDD anti-patterns, and production-grade TDD practices. Activates for TDD, test-driven development, red-green-refactor, test-first, behavior-driven, BDD, refactoring, test doubles, mock-driven, test design, SOLID principles, emergent design, incremental development, TDD workflow, TDD best practices, TDD patterns, Kent Beck, Robert Martin, Uncle Bob, test-first design.
Comprehensive unit testing expertise covering Vitest, Jest, test-driven development (TDD), mocking strategies, test coverage, snapshot testing, test architecture, testing patterns, dependency injection, test doubles (mocks, stubs, spies, fakes), async testing, error handling tests, parametric testing, test organization, code coverage analysis, mutation testing, and production-grade unit testing best practices. Activates for unit testing, vitest, jest, test-driven development, TDD, red-green-refactor, mocking, stubbing, spying, test doubles, test coverage, snapshot testing, test architecture, dependency injection, async testing, test patterns, code coverage, mutation testing, test isolation, test fixtures, AAA pattern, given-when-then, test organization, testing best practices, vi.fn, vi.mock, vi.spyOn, describe, it, expect, beforeEach, afterEach.
Verify feature doc alignment with implementation. Use when asking about feature implementation status, or to check that documented functionality exists in code and has test coverage
Generate comprehensive tests following project testing patterns. Use after implementing features.
Master TDD orchestrator specializing in red-green-refactor discipline, multi-agent workflow coordination, and comprehensive test-driven development practices. Enforces TDD best practices across teams with AI-assisted testing and modern frameworks. Activates for TDD, test-driven development, test driven, red-green-refactor, write tests first, test first, failing test, make test pass, refactor with tests, Kent Beck, TDD cycle, outside-in TDD, inside-out TDD, London style TDD, Chicago style TDD, test doubles, mocking TDD, test isolation, test pyramid, unit tests TDD, integration tests TDD, acceptance tests, ATDD, specification by example, executable specifications, tests first, with tdd, using tdd, tdd approach, tdd workflow, tdd mode.
