Security & Testing Habilidades de Claude

Policy-as-Code Template Library

Deploys production-ready security and governance policies for Kubernetes using Kyverno and OPA Gatekeeper.

Kubernetes Secure-by-Design Patterns

Implements secure-by-design architecture patterns for Kubernetes environments using zero-trust and defense-in-depth principles.

Multi-Source Policy Aggregator

Aggregates distributed Kyverno policies into a unified enforcement layer using multi-stage OCI container builds.

GitHub Token Permissions Security

Implements least-privilege security for GitHub Actions by configuring explicit GITHUB_TOKEN permissions and reducing attack surfaces.

GitHub Actions Security Cheat Sheet

Secures CI/CD pipelines with copy-pasteable patterns for SHA pinning, token permissions, and workflow hardening.

Clerk Security Basics

Implements enterprise-grade security best practices and hardening for Clerk authentication in Next.js applications.

Exa Load & Scale

Optimizes Exa API integrations through automated load testing, Kubernetes auto-scaling configurations, and capacity planning strategies.

Clerk Session & Middleware Workflow

Secures Next.js applications by implementing Clerk-based session management, advanced middleware route protection, and JWT token refresh logic.

Branch Protection Enforcement

Implements automated GitHub branch protection patterns and drift detection to ensure robust organizational security compliance.

GitHub Actions Security Hub

Implements hardened security patterns for GitHub Actions workflows, including SHA pinning, least-privilege permissions, and OIDC federation.

Intent-Based Spec Tests

Implements natural language specification testing using Claude as a judge to ensure code aligns with business intent and user requirements.

Perplexity Policy & Guardrails

Implements automated linting, security guardrails, and policy enforcement for Perplexity AI integrations.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all implementation work is verified by failing tests before production code is written.

CORS Policy Validator

Ensures secure web communications by validating and configuring Cross-Origin Resource Sharing (CORS) policies according to industry standards.

Verification Before Completion

Enforces a rigorous verification-first workflow that requires fresh command output before claiming any task is complete or successful.

Systematic Debugging Workflow

Enforces a disciplined, four-phase methodology to identify root causes and resolve software defects without guesswork.

Pytest Python Testing

Facilitates the creation and management of comprehensive pytest suites for Python projects using advanced fixtures, mocking, and parametrization.

Solidity Smart Contract Security

Secures Ethereum smart contracts by identifying vulnerabilities and implementing industry-standard protection patterns.

SAST Configuration & Security Scanning

Configures and optimizes Static Application Security Testing (SAST) tools to automate vulnerability detection across multiple programming languages.

Juicebox Local Development Loop

Streamlines the setup of local development environments, mock data, and testing utilities for Juicebox SDK integrations.

Secrets Manager Integrator

Automates the integration of secrets management tools like HashiCorp Vault and AWS Secrets Manager into infrastructure and applications.

Attack Tree Construction

Generates systematic attack path visualizations to identify security vulnerabilities and defensive priorities.

E2E Testing Patterns

Implements robust end-to-end testing suites using Playwright and Cypress to ensure application reliability and performance.

Systematic Debugging

Implements a rigorous, four-phase debugging protocol to identify root causes and prevent regressions before applying code fixes.

Heap Dump Analyzer & Performance Testing

Diagnoses memory leaks and optimizes application performance through automated heap dump analysis and performance testing workflows.

Memory Safety Patterns

Implements and optimizes memory-safe programming patterns across Rust, C++, and C to eliminate leaks and memory-related vulnerabilities.

Test-Driven Development (TDD)

Enforces a strict Red-Green-Refactor workflow to ensure all production code is verified by failing tests first.

Python Testing Patterns

Implements comprehensive Python testing suites using pytest, advanced mocking techniques, and industry-standard testing patterns.

Kubernetes Security Policies

Implements production-grade Kubernetes security using NetworkPolicies, Pod Security Standards, and RBAC to secure clusters and enforce compliance.

Temporal Python Testing

Implements comprehensive testing strategies for Temporal workflows in Python using pytest, time-skipping, and replay validation.