jang4360
19 verified skills
.agents/skills/docs-mermaid-architecture
# Skill: docs-mermaid-architecture ## Purpose Keep architecture diagrams updated. ## Triggers - New DB table - Billing flow change - Auth change ## Responsibilities - Update ERD - Update state machine diagram ## Implementation Steps 1. Modify Mermaid diagram. 2. Commit alongside code change. ## Required Artifacts - docs/architecture/*.md - docs/product/*.md ## Verification - Mermaid diagrams render without syntax errors - Diagrams reflect latest schema and flow changes
development
.agents/skills/full-gate-ci
# Skill: full-gate-ci ## Purpose Ensure CI security and quality gates. ## Triggers - Creating new feature - Merging to main - Releasing ## Canonical References - AGENTS.md - SECURITY_CHECKLIST.md (CI section) ## Responsibilities - Run Fast Gate on every PR - Run Full Gate on main ## Implementation Steps 1. Fast Gate: - lint - typecheck - test - secret scan 2. Full Gate: - vulnerability scan - code scanning - webhook tests ## Required Artifacts - .github/workflows/*.yml
development
skills/growth
TITLE: SKILL_GROWTH_L1 TRIGGER: - Use for event schema, conversion experiments, and retention instrumentation. READ_FIRST: - skills/growth/reference.md - skills/growth/checklists.md - skills/growth/validation.md
testing
.agents/skills/nextjs-app-router-fullstack
# Skill: nextjs-app-router-fullstack ## Purpose Standardize fullstack implementation using Next.js App Router (Server Components + Route Handlers). ## Triggers - Creating new routes or features - Adding server actions - Handling cookies or authentication state - Implementing API routes in /app/api ## Canonical References (Do not duplicate) - AGENTS.md (Security Rules) - SECURITY_CHECKLIST.md - PR-SEQUENCE.md ## Responsibilities - Enforce correct Server vs Client boundary - Ensure secure cook
tools
.agents/skills/pr-sequencing-worktree
# Skill: pr-sequencing-worktree ## Purpose Enforce small, reviewable PR units. ## Triggers - Large feature - Auth/Admin/Billing change ## Responsibilities - Slice into minimal PRs - Follow PR-SEQUENCE.md ## Implementation Steps 1. Identify smallest atomic change. 2. Open worktree branch. 3. Link to checklist in PR description. 4. Run Fast Gate before request review. ## Required Artifacts - docs/product/PR-SEQUENCE.md - .github/PULL_REQUEST_TEMPLATE.md ## Verification - Each PR remains roll
testing
skills/qa
TITLE: SKILL_QA_L1 TRIGGER: - Use for test strategy and regression prevention on revenue paths. READ_FIRST: - skills/qa/reference.md - skills/qa/checklists.md - skills/qa/validation.md
testing
skills/release
TITLE: SKILL_RELEASE_L1 TRIGGER: - Use for deployment readiness, rollback, and runtime stability checks. READ_FIRST: - skills/release/reference.md - skills/release/checklists.md - skills/release/validation.md
testing
.agents/skills/supabase-rls-standard
# Skill: supabase-rls-standard ## Purpose Apply standardized Row-Level Security policies. ## Triggers - Creating new tables - Modifying ownership rules - Introducing role-based access ## Canonical References - SECURITY_CHECKLIST.md (RLS section) - AGENTS.md ## Responsibilities - Ensure RLS is enabled - Apply ownership + role override template - Index policy columns ## Implementation Steps 1. Enable RLS on new tables. 2. Create SELECT/INSERT/UPDATE/DELETE policies. 3. Use ownership pattern:
testing
skills/backend
TITLE: SKILL_BACKEND_L1 TRIGGER: - Use for API, entitlements, payments, webhook, DB integration work. READ_FIRST: - skills/backend/reference.md - skills/backend/checklists.md - skills/backend/validation.md
development
skills/security
TITLE: SKILL_SECURITY_L1 TRIGGER: - Use for secrets, auth, webhook, and privacy-sensitive changes. READ_FIRST: - skills/security/reference.md - skills/security/checklists.md - skills/security/validation.md
development
.agents/skills/admin-rbac-audit
# Skill: admin-rbac-audit ## Purpose Standardize Admin dashboard and RBAC behavior. ## Triggers - Adding admin pages - Implementing support tooling - Adding operational controls ## Canonical References - AGENTS.md - SECURITY_CHECKLIST.md (Admin section) ## Responsibilities - Enforce role-based guards - Keep default admin read-only - Log write actions ## Implementation Steps 1. Add admin layout in packages/admin. 2. Protect routes via middleware + server guard. 3. Log all write operations in
tools
.agents/skills/billing-toss-stripe
# Skill: billing-toss-stripe ## Purpose Implement payment and subscription logic with Toss (primary) and Stripe (secondary). ## Triggers - Adding payment flow - Implementing subscription - Creating webhook endpoints ## Canonical References - SECURITY_CHECKLIST.md (Webhook + Payment) - AGENTS.md ## Responsibilities - Enforce idempotency - Store raw webhook payloads - Validate order integrity ## Implementation Steps 1. Create billing tables: - billing_customers - billing_subscriptions
development
.agents/skills/systematic-debugging
# Skill: systematic-debugging ## Purpose Enforce structured debugging workflow. ## Triggers - Production bug - CI failure - Billing mismatch ## Responsibilities - Reproduce - Identify root cause - Patch - Add regression test ## Implementation Steps 1. Reproduce issue locally. 2. Add failing test. 3. Fix. 4. Confirm test passes.
development
skills/frontend
TITLE: SKILL_FRONTEND_L1 TRIGGER: - Use for UI, interaction flow, error UX, and conversion UX work. READ_FIRST: - skills/frontend/reference.md - skills/frontend/checklists.md - skills/frontend/validation.md
development
skills/planner
TITLE: SKILL_PLANNER_L1 TRIGGER: - Use for requirement freeze, scope definition, and plan creation. READ_FIRST: - skills/planner/reference.md - skills/planner/checklists.md - skills/planner/validation.md
testing
.agents/skills/observability-sentry-logging
# Skill: observability-sentry-logging ## Purpose Add logging and error tracking with safe redaction. ## Triggers - Adding API routes - Implementing billing - Admin write operations ## Canonical References - AGENTS.md (No sensitive logs) ## Responsibilities - Structured logs - Redact tokens - Add request-id ## Implementation Steps 1. Add logger utility. 2. Mask sensitive fields. 3. Integrate Sentry (if used). 4. Attach request-id per request. ## Required Artifacts - packages/observability/*
tools
.agents/skills/security-headers-csp
# Skill: security-headers-csp ## Purpose Apply secure HTTP headers and Content Security Policy. ## Triggers - Deploying to Vercel - Introducing third-party scripts - Hardening production ## Canonical References - SECURITY_CHECKLIST.md ## Responsibilities - Configure CSP (Report-Only first) - Add security headers ## Implementation Steps 1. Configure next.config headers. 2. Add CSP header. 3. Use Report-Only mode initially. 4. Monitor violations. ## Required Artifacts - next.config.js ## Ve
testing
.agents/skills/supabase-auth-ssr-session
# Skill: supabase-auth-ssr-session ## Purpose Implement SSR-based authentication using Supabase with secure cookie handling. ## Triggers - Adding login/logout - Protecting routes - Accessing user session server-side ## Canonical References - AGENTS.md - SECURITY_CHECKLIST.md (Auth section) ## Responsibilities - Create browser and server Supabase clients - Enforce cookie-based session flow - Protect admin routes ## Implementation Steps 1. Create `createBrowserClient` and `createServerClient`
tools
.agents/skills/testing-vitest-playwright
# Skill: testing-vitest-playwright ## Purpose Ensure test coverage for route handlers and critical flows. ## Triggers - New API route - Billing logic - Auth changes ## Responsibilities - Unit test core logic - Test webhook idempotency - Test auth guards ## Implementation Steps 1. Write unit test for business logic. 2. Mock webhook replay scenario. 3. Test unauthorized access case. ## Required Artifacts - tests/*
development