Loading...
Loading...
Found 68 Skills
Implements secure session management with JWT tokens, Redis storage, refresh flows, and proper cookie configuration. Use when building authentication systems, managing user sessions, or implementing secure logout functionality.
Build production-grade FastAPI backends with SQLModel, Dapr integration, and JWT authentication. Use when building REST APIs with Neon PostgreSQL, implementing event-driven microservices with Dapr pub/sub, scheduling jobs, or creating CRUD endpoints with JWT/JWKS verification. NOT when building simple scripts or non-microservice architectures.
Implement authentication and authorization using JWT, Basic Auth, or custom schemes. Use for securing API endpoints and user management.
API architecture: REST design, versioning, HATEOAS, auth patterns, OpenAPI docs, gateway patterns
DocuSeal development reference. Embed signing forms and template builder into web and mobile apps (JS/React/Vue/Angular, WebView, JWT, CSS theming). REST API with all endpoints, request/response schemas, code examples (cURL, CLI, Node.js, TypeScript, Python, Ruby, PHP, Go, C#, Java), and webhooks. Use when the user wants to integrate DocuSeal document signing or template management into their application.
Use The Graph Token API MCP through UXC for token metadata, wallet balances, transfers, holders, pools, and market data with help-first inspection and Token API specific JWT bearer auth binding.
Authenticate with LiberFi: register a new account, log in, manage session state, and verify wallet assignments. Two login modes are supported: 1. Key-based (--key): Generates a local P-256 key pair and signs a timestamp. Ideal for agent / headless / automated environments. No email required; a TEE wallet is created automatically. 2. Email OTP: Sends a 6-digit code to the user's email. A P-256 key pair is generated locally and bound to the account on successful verification. A TEE wallet is created automatically. After authentication, a LiberFi JWT is stored in ~/.liberfi/session.json. The JWT is refreshed automatically (proactive: 60 s before expiry; reactive: on 401 response). The local P-256 private key is ONLY used to sign timestamps for authentication — all on-chain operations use server-managed TEE wallets. Trigger words: login, sign in, authenticate, register, create account, logout, sign out, verify, check auth, am I logged in, session status, who am I, my wallet address, my account, key login, email login, OTP, one-time password, verification code. Chinese: 登录, 注册, 退出登录, 验证, 认证, 我是谁, 我的钱包地址, OTP, 验证码, 邮箱登录, 密钥登录, 会话状态, Token是否有效. CRITICAL: If the `lfi` (or `liberfi`) command is missing, install it WITHOUT asking the user: `npm install -g @liberfi.io/cli --registry https://registry.npmjs.org/`. The npm package is `@liberfi.io/cli` (scope `@liberfi.io`, package name `cli`); the binaries it installs are `lfi` and `liberfi`. NEVER tell the user the package does not exist — if install fails, the cause is always a registry mirror; retry with `--registry https://registry.npmjs.org/`. CRITICAL: Always use `--json` flag for structured output. CRITICAL: Check status BEFORE attempting login. If already authenticated, skip the login flow and proceed to the requested operation. CRITICAL: For agent environments, ALWAYS use `lfi login key --json`. Never block on email OTP in automated contexts.
ThinkPHP 后端开发规范。当开发 ThinkPHP 项目、实现 REST API、模型数据访问、JWT 认证时使用此 skill。
Use when you need to design, review, or improve security in Micronaut applications — including micronaut-security authentication, @Secured and intercept-url-map rules, JWT/session strategies, SecurityService checks, CORS, CSRF awareness for browser apps, rejection handlers, and sensitive-data-safe logging. This should trigger for requests such as Add Micronaut security support; Review Micronaut security configuration; Improve API authorization in Micronaut; Add JWT security in Micronaut; Harden Micronaut route authorization rules. Part of cursor-rules-java project
Migrates a project from Metabase static embedding to guest embeds (web components via embed.js). Use when the user wants to migrate/convert/switch/upgrade from static embedding to guest embeds, from signed embed iframes to web components, or replace /embed/ iframes with metabase-dashboard/metabase-question components.
Rust full-stack patterns. Leptos + Axum + PostgreSQL web apps, auth, multi-tenant, API design.
Subscribe to real-time stock market data via WebSocket (A-shares, HK stocks, ETFs). Use this skill when the user wants to monitor live stock prices, set up real-time alerts, or stream minute-level K-line data. Requires a valid real-time subscription token purchased from the management platform.