Security

Reviews code changes in the Nick Stack codebase, checking for tech stack patterns, security, type safety, and best practices. Use when reviewing PRs, commits, or code changes.

Analyze the codebase for security vulnerabilities, including dependency issues, improper data handling, and configuration risks.

Master security principles, cryptography, compliance frameworks, and secure development practices. Use when securing applications, implementing authentication/authorization, or ensuring regulatory compliance.

Provides a complete solution for JWT-based authentication in FastAPI applications. Use this skill when a user wants to add secure token-based authentication to their FastAPI project. This skill handles JWT creation, decoding, signature and expiration verification, password hashing, and custom claims. It includes patterns for login endpoints, protected routes using dependencies, role-based access control decorators, token refresh mechanisms, and middleware-based validation.

Эксперт по S3 политикам. Используй для IAM policies, bucket permissions, cross-account access и security best practices.

Documentation organization, maintenance, and cleanup.USE WHEN: organizing docs, cleaning project root, updating documentation,checking for redundancy, maintaining docs structure.NOT FOR: technical implementation (use relevant technical skill).Examples:<example>Context: User added documentation to wrong location.user: "I added a new API doc file to the root directory"assistant: "I'll use docs-keeper to organize it in the proper docs/ location."<commentary>File organization is docs-keeper responsibility.</commentary></example><example>Context: User needs to update docs after code changes.user: "I modified the auth system and need to update the docs"assistant: "I'll use docs-keeper to update the authentication documentation."<commentary>Documentation updates are docs-keeper responsibility.</commentary></example>

Implement robust error handling with user-friendly messages, fail-fast validation, specific exception types, and proper resource cleanup across the application. Use this skill when writing try-catch blocks, throwing or catching exceptions, implementing error boundaries, handling API errors, or managing error states in any part of the codebase. Apply this skill when validating inputs early (fail fast), providing clear actionable error messages to users without exposing security details, using specific exception types rather than generic errors, implementing centralized error handling at appropriate boundaries, designing for graceful degradation, implementing retry logic with exponential backoff, or ensuring resources are cleaned up in finally blocks. This skill ensures errors are caught and handled appropriately, user experience remains positive even when errors occur, security is maintained by not leaking sensitive information, and systems continue operating or degrade gracefully when non-critical services fa

Build Shopify applications, extensions, and themes using GraphQL/REST APIs, Shopify CLI, Polaris UI components, and Liquid templating. Capabilities include app development with OAuth authentication, checkout UI extensions for customizing checkout flow, admin UI extensions for dashboard integration, POS extensions for retail, theme development with Liquid, webhook management, billing API integration, product/order/customer management. Use when building Shopify apps, implementing checkout customizations, creating admin interfaces, developing themes, integrating payment processing, managing store data via APIs, or extending Shopify functionality.

Evaluates code changes and documents against product, architecture, security and coding standards.

Master MongoDB Atlas cloud setup, cluster configuration, security, networking, backups, and monitoring. Get production-ready cloud database in minutes. Use when setting up cloud MongoDB, configuring clusters, or managing Atlas.

Analyze routes and recommend whether to use Server Actions or API routes based on use case patterns including authentication, revalidation, external API calls, and client requirements. Use this skill when deciding between Server Actions and API routes, optimizing Next.js data fetching, refactoring routes, analyzing route architecture, or choosing the right data mutation pattern. Trigger terms include Server Actions, API routes, route handler, data mutation, revalidation, authentication flow, external API, client-side fetch, route optimization, Next.js patterns.

Guide users through a structured workflow for co-authoring documentation. Use when user wants to write documentation, proposals, technical specs, decision docs, or similar structured content. This workflow helps users efficiently transfer context, refine content through iteration, and verify the doc works for readers. Trigger when user mentions writing docs, creating proposals, drafting specs, or similar documentation tasks.