Security

Production-ready deployment workflow examples with OIDC authentication, environment protection, approval gates, and rollback patterns.

Build and deploy Docker containers for Node.js applications. Use when containerizing applications, optimizing Docker builds, or configuring container security.

WHEN: Spring Boot code review, DI patterns, @Transactional, REST API design, security configuration WHAT: Dependency injection + Transaction management + API design + Security config + JPA patterns WHEN NOT: Kotlin Spring → kotlin-spring-reviewer, Pure Java → java-reviewer, Django/FastAPI → respective reviewers

Application security patterns and best practices. Use when implementing authentication, authorization, input validation, secrets management, OWASP protections, or security hardening.

Use when you need to research, analyze, and plan technical solutions that are scalable, secure, and maintainable.

Complete domain hosting setup workflow combining Plesk, Cloudflare, Let's Encrypt, and GitHub Actions deployment. Use when setting up a new domain from scratch, including DNS configuration, SSL certificates, and automated deployment pipelines. Orchestrates plesk-domain-setup, cloudflare-domain-setup, and github-actions-deploy skills.

Use this skill whenever the user wants to design, implement, or refactor authentication and authorization in a NestJS TypeScript backend, including JWT, sessions, refresh tokens, guards, roles/permissions, and integration with modules/services/controllers.

Security audit for vulnerabilities, compliance issues, and sensitive data exposure. Use before production deployments or when reviewing security-sensitive code.

Conduct thorough, constructive code reviews that improve code quality and team knowledge. Focuses on what matters - architecture, logic, security, maintainability - while avoiding bikeshedding.

Review and triage semgrep security scan results to identify true positive vulnerabilities. Use when analyzing semgrep output, triaging security findings, reviewing static analysis results, or when the user has semgrep-results directories to review. Performs deep code analysis to distinguish real vulnerabilities from false positives with high confidence.

Package entire code repositories into single AI-friendly files using Repomix. Capabilities include pack codebases with customizable include/exclude patterns, generate multiple output formats (XML, Markdown, plain text), preserve file structure and context, optimize for AI consumption with token counting, filter by file types and directories, add custom headers and summaries. Use when packaging codebases for AI analysis, creating repository snapshots for LLM context, analyzing third-party libraries, preparing for security audits, generating documentation context, or evaluating unfamiliar codebases.

Prevents RCE, SQL injection, and common vulnerabilities through validation and safe coding practices. Use when implementing or reviewing security-sensitive code involving user input, database queries, or command execution.

Review code for quality, security, and best practices. Use when reviewing recent changes, PRs, or checking code quality. Proactively use after significant code modifications.

Comprehensive guide for implementing Supabase Realtime features with best practices, scalable patterns, and migration strategies. Use when building realtime features in Supabase applications including messaging, notifications, presence, live updates, collaborative features, or migrating from postgres_changes to broadcast. Covers client setup, database triggers with realtime.broadcast_changes, RLS authorization, naming conventions, and performance optimization.

Run static analysis, security scans, and dependency checks on .NET code. Use when task involves code quality, security audits, or vulnerability detection.

Apply security awareness during code review and implementation. Catches common vulnerabilities without requiring full security audit.

Proactively review code quality and security. Use automatically after code changes, when PRs are created, and before commits. Must be used for security, performance, and best practices reviews.

Generate OpenAPI 3.x specification files (YAML) with endpoints, schemas, authentication, and examples for REST API documentation. Triggers on "create OpenAPI spec", "generate API documentation", "swagger spec for", "REST API schema".

Manages SOPS-encrypted Kubernetes secrets for Flux GitOps deployments using age encryption

Generate complete CRUD API endpoints with async patterns, Pydantic validation, JWT authentication, and proper error handling. Activates when creating new API resources or routes.