Loading...
Loading...
Found 280 Skills
Review Express.js security audit patterns for middleware and routes. Use for auditing Helmet.js, CORS, body-parser limits, and auth middleware. Use proactively when reviewing Express.js apps. Examples: - user: "Secure my Express app" → add Helmet.js and disable x-powered-by - user: "Check Express CORS config" → verify origin allowlists and credentials - user: "Review Express auth middleware" → check route order and coverage - user: "Scan for Express path traversal" → verify path normalization and validation - user: "Audit Express session config" → check secure, httpOnly, and sameSite flags
Idiomatic Go design patterns: functional options, builder, factory, strategy, middleware chain, pub/sub, and other patterns adapted for Go's type system. Use when: "design pattern", "functional options", "builder pattern", "factory pattern", "strategy pattern", "middleware chain", "option pattern", "how to structure this". Do NOT use for: interface design principles (use go-interface-design), package layout (use go-architecture-review), or concurrency patterns (use go-concurrency-review).
Guides edge and tactical autonomous systems—perception-planning-control under latency and safety constraints; behavior trees/state machines vs learned policies; human-on-the-loop; geofencing, no-strike rules, mission abort; sim and field testing; ROS2/middleware patterns; sensor fusion; degraded modes; autonomy audit logging. Use for UAS/autonomous stacks, safety rules, HITL, sim-to-field validation, fail-safe—not LLM products (ai-engineer), LLM red team (ai-redteam), safeguard serving (ml-infrastructure-engineer-safeguards), governance only (ai-risk-governance), MCU firmware without autonomy (embedded-real-time-software-engineer), plant PLC/DCS (control-software-developer), HIL security bench (hardware-in-the-loop-security-tester).
Create a new evlog framework integration to add automatic wide-event logging to an HTTP framework. Use when adding middleware/plugin support for a framework (e.g., Hono, Elysia, Fastify, Express, NestJS) to the evlog package. Covers source code, build config, package exports, tests, example app, and all documentation.
Scaffold a complete credits/token metering system for any app — database schema, backend middleware, payment webhooks, frontend state, and UI components. Goes from zero to "users can buy and spend credits" in one session.
Refactor Express.js/Node.js code to improve maintainability, readability, and adherence to best practices. Transforms callback hell, fat route handlers, and outdated patterns into clean, modern JavaScript/TypeScript code. Applies async/await, controller-service-repository architecture, proper middleware patterns, and ESM modules. Identifies and fixes anti-patterns including blocking event loop, improper error handling, forEach with async callbacks, and memory leaks.
Debug Express.js and Node.js applications with systematic diagnostic techniques. This skill provides comprehensive guidance for troubleshooting middleware execution issues, routing problems, CORS errors, async error handling, memory leaks, and unhandled promise rejections. Covers DEBUG environment variable usage, Node Inspector with Chrome DevTools, VS Code debugging, Morgan request logging, and diagnostic middleware patterns. Includes four-phase debugging methodology and common error message reference.
Provides comprehensive guidance for Gin-Gonic framework including routing, middleware, validation, and best practices. Use when the user asks about Gin-Gonic, needs to create Go web applications, or implement Gin patterns.
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures.
Nuxt full-stack Vue framework with SSR, auto-imports, and file-based routing. Use when working with Nuxt apps, server routes, useFetch, middleware, or hybrid rendering.
Use when building, refactoring, or documenting Graft apps and proxies, including when asked to create a tool server, API server, dual-protocol server, or MCP-HTTP bridge. Graft's core thesis: define tools once and serve them as both HTTP REST endpoints and MCP tools from the same server, with discovery, docs, and OpenAPI generated automatically. Covers concrete actions such as defining tools and handlers, configuring authentication middleware, setting up HTTP and stdio transports, generating OpenAPI documentation, wrapping existing APIs via proxy mode, and wiring up the full CLI workflow.
Create Zustand stores with TypeScript, subscribeWithSelector middleware, and proper state/action separation. Use when building React state management, creating global stores, or implementing reactive state patterns with Zustand.