DevOps

Fetch official NIST 800-53 and FedRAMP OSCAL catalogs from authoritative sources

Disposable runner patterns for GitHub Actions. Container-based, VM-based, and ARC deployment strategies with complete state isolation between jobs.

Transform PRDs (Product Requirements Documents) into structured XML app specifications optimized for AI coding agents. Converts developer-focused docs with code examples into declarative agent-consumable format. USE WHEN user says "convert PRD", "generate app spec", "transform PRD", "create specification from requirements", or wants to prepare a PRD for agent consumption.

This skill provides comprehensive knowledge for integrating Clerk authentication in React, Next.js, and Cloudflare Workers applications. It should be used when setting up user authentication, implementing protected routes, verifying JWT tokens, creating custom JWT templates with user metadata and organization claims, configuring Clerk middleware, integrating with shadcn/ui components, testing authentication flows, or troubleshooting Clerk authentication errors. Use when: adding Clerk to React/Vite projects, setting up Clerk in Next.js App Router, implementing Clerk authentication in Cloudflare Workers, configuring clerkMiddleware for route protection, creating custom JWT templates with shortcodes (user.id, user.email, user.public_metadata.role), accessing session claims for RBAC, integrating with Supabase/Grafbase, verifying tokens with @clerk/backend, integrating Clerk with Hono, using Clerk shadcn/ui components, writing E2E tests with Playwright, generating test session tokens, using test email addresses and phone numbers, or encountering authentication errors. Prevents 11 documented issues: missing secret key errors, API key migration failures, JWKS cache race conditions, CSRF vulnerabilities from missing authorizedParties, import path errors after Core 2 upgrade, JWT size limit issues, deprecated API version warnings, ClerkProvider JSX component errors, async auth() helper confusion, environment variable misconfiguration, and Vite dev mode 431 header errors. Keywords: clerk, clerk auth, clerk authentication, @clerk/nextjs, @clerk/backend, @clerk/clerk-react, clerkMiddleware, createRouteMatcher, verifyToken, useUser, useAuth, useClerk, JWT template, JWT claims, JWT shortcodes, custom JWT, session claims, getToken template, user.public_metadata, org_id, org_slug, org_role, CustomJwtSessionClaims, sessionClaims metadata, clerk webhook, clerk secret key, clerk publishable key, protected routes, Cloudflare Workers auth, Next.js auth, shadcn/ui auth, @hono/clerk-auth, "Missing Clerk Secret Key", "cannot be used as a JSX component", JWKS error, authorizedParties, clerk middleware, ClerkProvider, UserButton, SignIn, SignUp, clerk testing, test emails, test phone numbers, +clerk_test, 424242 OTP, session token, testing token, @clerk/testing, playwright testing, E2E testing, clerk test mode, bot detection, generate session token, test users

Core planning principles for Portfolio Buddy 2 development. Use when: planning any feature implementation, modification, or refactoring. Ensures code preservation, mobile/desktop optimization, and thorough requirement gathering.

Expert in creating comprehensive task files, planning docs, PRDs, tech specs, and implementation roadmaps with proper sequencing, testing strategy, and production checklists. Use when planning features, creating project docs, or structuring development workflows.

Generate ASCII art of a cow (or other animals) with a speech bubble containing a message. Use this skill when the user asks you to display a cowsay message, make an ASCII cow speak, or wants fun terminal-style ASCII art output.

Enforce ThemeGPT complexity budgets and prevent over-engineering. Activates automatically when writing, reviewing, or refactoring code. Validates against 6 anti-patterns from SynthAI archaeology (Specification Inflation, Enterprise Pattern Obsession, Premature Abstraction, Configuration Explosion, Framework Absorption, Test Suite Inflation). Use when creating features, adding abstractions, writing tests, or configuring projects.

Supabase operational knowledge for migrations, RLS optimization, MCP tool benchmarks, and ADR-003 compliance. Use when validating database migrations, optimizing Row-Level Security policies, checking MCP tool performance, or ensuring Supabase operational standards. Triggers on: migration validation, RLS patterns, Supabase benchmarks, ADR-003, database state tracking, schema governance.

Longitudinal memory tracking, philosophy teaching, and personal accountability with compassion. Expert in pattern recognition, Stoicism/Buddhism, and growth guidance. Activate on 'accountability', 'philosophy', 'Stoicism', 'Buddhism', 'personal growth', 'commitment tracking', 'wisdom teaching'. NOT for therapy or mental health treatment (refer to professionals), crisis intervention, or replacing professional coaching credentials.

Send a Bark push notification when work is blocked, needs user input, or when all requested tasks are finished. Use by default for these cases unless the user explicitly opts out.

Expert guidance for Apache NiFi data integration platform including flow design, processors, controller services, process groups, NiFi Registry integration, and cluster configuration. Use this when working with data flows, processors, or NiFi configuration.

Social proof patterns for lead generation sites. Testimonials, reviews, trust badges, stats, logos. Use for building trust and credibility.

Docker Compose 서비스 정의 추가. Use when (1) 새 서비스 추가, (2) compose 수정, (3) 서비스 정의 필요.

Query multiple AI agents in parallel for diverse perspectives. Use when you want multiple viewpoints on a question, to compare approaches, or to find consensus among AI models.

Provides critical feedback and alternative architectural perspectives on code changes. Use when you want to explore different ways to implement a feature or find potential flaws in the current plan.

Generate technology-specific best practices and anti-patterns documentation. Use when setting up a new project or when the user asks about coding standards for a specific language or framework.

Build interactive AI chat widgets with buttons, forms, and bidirectional actions. Use when creating agentic UIs with clickable widgets, entity tagging (@mentions), composer tools, or server-handled widget actions. Covers full widget lifecycle. NOT when building simple text-only chat without interactive elements.

Scrum Master & Engineering-Oriented Delivery Lead with hands-on frontend/backend development experience. Interprets Technical Design Documents, reviews UX/UI designs, and understands product requirements to ensure delivery clarity. Breaks features into well-scoped Scrum stories (max 3 story points, Fibonacci estimation). Stories are sliced for incremental value, minimal risk, fast feedback. For every ticket provides: clear description, explicit acceptance criteria, expected behavior, constraints, and test case expectations (happy path + edge cases). Ensures stories are implementation-ready, testable, aligned with technical/product goals. Enables team to execute efficiently while maintaining high quality and predictable velocity. Use when creating sprint stories, planning sprints, estimating work, or breaking down features into tickets.

This skill should be used when the user asks about "token efficiency", "compress responses", "reduce token usage", "minimize context", "compact format", "token optimization", or discusses reducing token consumption in MCP responses while maintaining value.