Security & Testing Habilidades de Claude

Test Coverage Analysis

Analyzes code coverage metrics, identifies testing gaps, and provides actionable recommendations to improve software quality.

GitHub Action SHA Pinning Guide

Secures CI/CD pipelines by enforcing immutable SHA-256 commit pinning for GitHub Actions to prevent supply chain attacks.

FoundationDB Simulation Testing

Facilitates the creation of deterministic, chaos-driven simulation workloads for FoundationDB using Rust.

Bats Shell Testing Patterns

Master the Bash Automated Testing System (Bats) to implement robust, unit-tested shell scripts and CI/CD pipelines.

Dify Frontend Testing

Generates production-grade Vitest and React Testing Library tests for Dify frontend components, hooks, and utilities.

MOVA Evidence & Proof Verification

Generates deterministic evidence-first reports and proof kits for safe, verifiable code modifications and security audits.

Systematic Debugging

Investigates and resolves software bugs through a structured process of reproduction, root cause analysis, and regression testing.

Web App Testing with Playwright

Automates end-to-end web application testing and debugging using Playwright to ensure seamless frontend functionality and UI integrity.

Bats Shell Testing Patterns

Master the Bash Automated Testing System (Bats) to create comprehensive, production-grade unit tests for shell scripts and CI/CD pipelines.

Web Console Debugger

Automatically captures and analyzes browser console errors to streamline web application debugging and error resolution.

Scale Game Problem Solving

Stress-tests software architecture and logic by simulating extreme operational scales to identify hidden vulnerabilities and scalability bottlenecks.

Verification Before Completion

Enforces a rigorous final quality gate for code changes through mandatory testing, documentation, and requirement validation.

Verification Before Completion

Enforces a rigorous quality gate and multi-point checklist to ensure tasks are fully tested, documented, and requirement-compliant before completion.

Test Organization & Patterns

Enforces standardized test file structures, naming conventions, and Jest implementation patterns for JavaScript and React projects.

Kyverno Admission Control & Runtime Security

Secures Kubernetes clusters by deploying Kyverno admission controllers and policy reporters to enforce compliance at runtime.

Advanced Compliance & Audit Evidence

Automates audit evidence collection and compliance validation for SLSA and OpenSSF standards.

Brutal Codebase Audit

Audits codebases for architectural rot, security vulnerabilities, and bugs using parallel AI agents to provide unfiltered, actionable fixes.

Git Repository Standards

Enforces consistent repository naming, directory structure, documentation requirements, and security compliance for Git projects.

JWT Authentication for GitHub Apps

Generates JSON Web Tokens (JWTs) for GitHub App authentication, installation management, and discovery workflows.

AI Agent Guardrails Generator

Generates comprehensive security guardrails and safety policies for AI agents to ensure controlled and auditable operations.

Dual-AI Code Review

Enhances code quality by employing a two-agent Evaluator-Optimizer workflow to automatically write, verify, and refine implementations.

QA Test Case Generator (Traditional Chinese)

Generates comprehensive, code-driven QA test cases in Traditional Chinese by analyzing TypeScript components and templates.

Vibe Auditor

Audits and secures vibe-coded projects by proactively identifying security risks in code patterns, environment files, and authentication flows.

Legacy Migration QA Verifier

Validates legacy code against QA test cases to ensure functional parity and completeness during migrations.

Runner Group Management

Implements strategic organization and security boundaries for GitHub Actions self-hosted runners to prevent lateral movement and repository compromise.

Secret Rotation Patterns

Automates credential lifecycle management and zero-downtime secret rotation within GitHub Actions workflows.

GitHub OAuth Authentication

Implements secure OAuth flows for GitHub Apps to enable user-context operations, device-based CLI authorization, and token management.

Kubernetes Runtime Security Enforcement (Phase 3)

Hardens Kubernetes production environments through runtime policy enforcement, image verification, and resource constraints using Kyverno.

SDLC Security Foundation (Phase 1)

Establishes essential SDLC security controls including secrets detection, branch protection, and commit verification to create a secure development environment.

GitHub Self-Hosted Runner Hardening

Secures self-hosted GitHub Actions runners using OS-level hardening, network isolation, and credential protection to prevent infrastructure compromise.