testing-strategies
Comprehensive testing strategies for Kailash applications including the 3-tier testing approach with NO MOCKING policy for Tiers 2-3. Use when asking about 'testing', 'test strategy', '3-tier testing', 'unit tests', 'integration tests', 'end-to-end tests', 'testing workflows', 'testing DataFlow', 'testing Nexus', 'NO MOCKING', 'real infrastructure', 'test organization', or 'testing best practices'.
integration-testing
Integration testing patterns for API endpoints using real database and services with WebApplicationFactory and testcontainers. Use this skill when writing integration tests for endpoints.
eridu-authentication-authorization
Provides general authentication and authorization principles for designing secure systems. This skill should be used when implementing login flows, protecting endpoints, enforcing permissions, or designing API security.
contract-testing
Consumer-driven contract testing with Pact, schema validation, provider verification, and CI/CD integration.
xunit-testing-patterns
Master xUnit testing patterns for ABP Framework applications including unit tests, integration tests, test data seeders, and mocking strategies. Use when: (1) writing xUnit tests for ABP services, (2) creating test data seeders, (3) implementing integration tests, (4) setting up test infrastructure.
pinpoint-security
Security patterns, CSP nonces, input validation, auth checks, Supabase SSR patterns. Use when implementing authentication, forms, security features, or when user mentions security/validation/auth.
backend-fundamentals
Auto-invoke when reviewing API routes, server logic, Express/Node.js code, or backend architecture. Enforces REST conventions, middleware patterns, and separation of concerns.
api-authentication
Apply when implementing API authentication: JWT tokens, session management, API keys, and auth middleware. Follows JWT Best Current Practices (RFC 8725).
auth-route-protection-checker
This skill should be used when the user requests to audit, check, or generate authentication and authorization protection for Next.js routes, server components, API routes, and server actions. It analyzes existing routes for missing auth checks and generates protection logic based on user roles and permissions. Trigger terms include auth check, route protection, protect routes, secure endpoints, auth middleware, role-based routes, authorization check, api security, server action security, protect pages.
keycloak-fastapi-integration
This skill should be used when the user asks to "add Keycloak authentication", "implement OIDC", "configure SSO", "validate JWT token", "add role-based access", "protect API endpoint", or mentions Keycloak, OAuth2, OpenID Connect, identity provider, or authentication in FastAPI. Provides Keycloak/OIDC integration patterns.
graphql-security
Secure GraphQL APIs - authentication, authorization, rate limiting, and validation
cloudflare-security-hardening
Use this skill whenever the user wants to harden security for Cloudflare Workers/Pages APIs (e.g. Hono + TypeScript), including WAF-style protections, rate limiting, IP restrictions, secrets handling, and secure headers.
middleware-patterns
Next.js middleware patterns for protected routes, auth redirects, and URL handling. Use when working with middleware.ts, protected routes, or auth redirects. Keywords: middleware, protected routes, redirect, auth check, URL, searchParams.
eridu-authentication-authorization-backend
Provides backend-specific authentication and authorization implementation patterns for NestJS/TypeScript servers. This skill should be used when implementing JWT validation, role-based access control, API key guards, token lifecycle management, or designing protected endpoints.
api-testing-patterns
This skill should be used when performing exploratory testing of REST or GraphQL APIs, including endpoint discovery, request/response validation, authentication testing, and error handling checks. Triggers when testing APIs, validating OpenAPI specs, checking endpoint security, or verifying API responses.
nestjs-authentication
Use this skill whenever the user wants to design, implement, or refactor authentication and authorization in a NestJS TypeScript backend, including JWT, sessions, refresh tokens, guards, roles/permissions, and integration with modules/services/controllers.
secure-nextjs-api-routes
A comprehensive security middleware system for Next.js 13+ App Router API routes that provides authentication, rate limiting, CSRF protection, audit logging, and security headers in a composable, production-ready pattern. Use when building secure Next.js APIs that need protection against common web vulnerabilities.
route-tester
Test authenticated routes in the your project using cookie-based authentication. Use this skill when testing API endpoints, validating route functionality, or debugging authentication issues. Includes patterns for using test-auth-route.js and mock authentication.
aiwfroute-tester
Test authenticated routes in the your project using cookie-based authentication. Use this skill when testing API endpoints, validating route functionality, or debugging authentication issues. Includes patterns for using test-auth-route.js and mock authentication.
hono-authentication
Use this skill whenever the user wants to design, implement, or refactor authentication and authorization in a Hono + TypeScript backend, including JWT, sessions/cookies, middleware, guards-like patterns, and route protection for Node/Edge/Workers runtimes.
functional-prototype
Build working prototypes from PRDs with mock data and stubbed integrations. Use when user has a PRD, spec, or feature description and wants a clickable demo to validate flows before full implementation. Triggers: build a prototype, functional prototype, make a demo, implement this PRD, prototype this spec, make it clickable.
component-tester
This skill should be used when the user asks to "test memex-cli", "test code-with-codex", "test ux-design-gemini", "test /multcode", "run component tests", "validate workflow components", "run integration tests", or "verify plugin functionality". Provides comprehensive testing framework for coding-workflow plugin components.
wp-security
WordPress security best practices and vulnerability prevention for plugin development. Use when reviewing code for security issues or implementing security-sensitive features.
