Security

Reviews Dockerfiles for best practices, security issues, and image size optimizations including multi-stage builds and layer caching. Use when working with Docker, containers, or deployment.

Ability to plan, direct, and oversee the development, operation, and governance of information systems to meet organisational objectives. Includes aligning technology strategy with business needs, managing teams and resources, ensuring system reliability and security, overseeing budgets and vendors, and governing risk and compliance. Applies across public and private sector contexts and is independent of specific technologies or platforms, with human accountability retained for strategic decisions, assurance, and outcomes.

Analytical thinking patterns for comprehensive evaluation, code audits, security analysis, and performance reviews. Provides structured templates for thorough investigation with extended thinking support.

This skill should be used when setting up email OTP authentication with JWT sessions, password management, rate limiting, CSRF protection, and audit logging in a Next.js application. Use this skill when implementing a production-ready authentication system that matches the reference implementation pattern with Resend email, Prisma ORM, PostgreSQL, bcrypt password hashing, and jose JWT tokens.

This skill should be used when configuring Supabase Auth for server-side rendering with Next.js App Router, including secure cookie handling, middleware protection, route guards, authentication utilities, and logout flow. Apply when setting up SSR auth, adding protected routes, implementing middleware authentication, configuring secure sessions, or building login/logout flows with Supabase.

Convex Auth - authentication, user management, protected functions, and session handling

This skill should be used when the user wants to commit their work to git and push to GitHub. It guides through reviewing changes, crafting meaningful commit messages following project conventions (including Conventional Commits when detected), creating commits with security checks, and pushing to remote repositories.

Master backend development with Node.js, Python, Java, Go, and PHP. Learn API design, database optimization, authentication, microservices, and server-side best practices.

FastAPI best practices, Pydantic models, SQLAlchemy ORM, async patterns, dependency injection, and JWT authentication. Activate for FastAPI apps, async Python APIs, API design, and modern Python web services.

Use when searching the codebase with natural language queries like "authentication logic" or "database connection"

Generates production-ready API clients with TypeScript types, retry logic, rate limiting, authentication (OAuth, API keys), error handling, and mock responses. Use when user says "integrate API", "API client", "connect to service", or requests third-party service integration.

Docker and containerization best practices including multi-stage builds, security, and Docker Compose.

REST API design patterns including versioning strategies (URL, header, content negotiation), pagination (offset, cursor, keyset), filtering and sorting, error response formats (RFC 7807), authentication (JWT, OAuth 2.0, API keys), rate limiting, and OpenAPI specification. Use when designing APIs, documenting endpoints, implementing authentication, standardizing error responses, or reviewing API implementations.

Audit and implement security best practices for GitHub repositories. USE THIS SKILL when user says "security audit", "check security", "add gitleaks", "secret scanning", "dependency audit", or needs security hardening.

Master containerization with Docker. Learn building images, running containers, registry management, and container security best practices.

Master Kubernetes security, RBAC, network policies, pod security, and compliance. Learn to secure clusters and enforce access control.

Write server actions following the Epic architecture patterns. Use when creating server-side logic for behaviors, including authentication, validation, and model calls. Triggers on "create an action", "add an action", or "write an action for".

Creates React components for SideDish. Use when adding new UI components, modals, forms, or interactive elements. Includes TypeScript interfaces, styling patterns, and security considerations.

Multi-tenant permission checking for Wasp applications. Use when implementing authorization, access control, or role-based permissions. Includes organization/department/role patterns and permission helper functions.

Comprehensive code review for pull requests with quality, security, and best practices analysis