curiositech/schema-evolution-manager
skills/schema-evolution-manager/SKILL.md
Avro, Protobuf, backward/forward compatibility for schema evolution. Activate on: schema evolution, Avro, Protobuf, backward compatibility, forward compatibility, schema registry, breaking change, schema migration. NOT for: database migrations (use data-migration-specialist), API versioning (use api-versioning-backward-compatibility).
development
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add curiositech/windags-skills schema-evolution-managerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 2:44 PM43.5s1 file scanned
SKILL.md
- license:
- Apache-2.0
- name:
- schema-evolution-manager
- description:
- Avro, Protobuf, backward/forward compatibility for schema evolution. Activate on: schema evolution, Avro, Protobuf, backward compatibility, forward compatibility, schema registry, breaking change, schema migration. NOT for: database migrations (use data-migration-specialist), API versioning (use api-versioning-backward-compatibility).
- allowed-tools:
- Read,Write,Edit,Bash(npm:*,npx:*,python:*,docker:*)
- category:
- Backend & Infrastructure
- - skill:
- cqrs-event-sourcing-architect
- reason:
- Event store schemas must evolve while remaining replayable
Schema Evolution Manager
Design schema evolution strategies using Avro, Protobuf, and JSON Schema with compatibility enforcement via schema registries.
Activation Triggers
Activate on: "schema evolution", "Avro schema", "Protobuf", "backward compatibility", "forward compatibility", "schema registry", "breaking change", "schema migration", "schema versioning"
NOT for: Database DDL migrations → data-migration-specialist | API versioning → api-versioning-backward-compatibility | Data contract enforcement → data-quality-guardian
Quick Start
- Choose serialization — Avro (schema-with-data, compact), Protobuf (code-gen, fast), JSON Schema (human-readable)
- Set compatibility mode — BACKWARD (default for consumers), FORWARD (for producers), FULL (both)
- Deploy schema registry — Confluent Schema Registry or AWS Glue for centralized schema governance
- Test compatibility — check every schema change against the registry before deployment
- Plan for breaking changes — new topic/table + migration period, never in-place breaks
Core Capabilities
| Domain | Technologies | |--------|-------------| | Serialization | Apache Avro 1.12+, Protobuf 5.x, JSON Schema 2020-12 | | Registry | Confluent Schema Registry, AWS Glue, Apicurio | | Compatibility | BACKWARD, FORWARD, FULL, NONE modes | | Code Generation | avro-codegen, protoc, json-schema-to-ts | | Validation | Schema compatibility checks, CI integration |
Architecture Patterns
Compatibility Mode Decision Matrix
BACKWARD FORWARD FULL
───────── ──────── ────
Allowed changes:
Add field YES (with default) YES YES (with default)
Remove field NO YES NO
Rename field NO NO NO
Change type NO NO NO
Use when:
Consumer-first YES NO NO
Producer-first NO YES NO
Both evolve NO NO YES
Default choice: Most common Rare Safest
Avro Schema Evolution Example
// v1: original schema
{
"type": "record",
"name": "UserEvent",
"namespace": "com.example",
"fields": [
{ "name": "user_id", "type": "string" },
{ "name": "email", "type": "string" },
{ "name": "created_at", "type": "long" }
]
}
// v2: BACKWARD compatible (new field with default)
{
"type": "record",
"name": "UserEvent",
"namespace": "com.example",
"fields": [
{ "name": "user_id", "type": "string" },
{ "name": "email", "type": "string" },
{ "name": "created_at", "type": "long" },
{ "name": "phone", "type": ["null", "string"], "default": null }
]
}
// Old consumers can read v2 data (they ignore `phone`)
// New consumers can read v1 data (`phone` defaults to null)
CI Schema Compatibility Check
#!/bin/bash
# ci/check-schema-compatibility.sh
REGISTRY_URL="http://schema-registry:8081"
SUBJECT="user-events-value"
SCHEMA_FILE="schemas/user-event.avsc"
# Check compatibility before merge
RESULT=$(curl -s -X POST \
"${REGISTRY_URL}/compatibility/subjects/${SUBJECT}/versions/latest" \
-H "Content-Type: application/vnd.schemaregistry.v1+json" \
-d "{\"schema\": $(cat $SCHEMA_FILE | jq -Rs .)}")
IS_COMPATIBLE=$(echo $RESULT | jq -r '.is_compatible')
if [ "$IS_COMPATIBLE" != "true" ]; then
echo "SCHEMA INCOMPATIBLE: $RESULT"
exit 1
fi
echo "Schema is compatible"
Anti-Patterns
- Removing required fields — under BACKWARD compatibility, removing a field without a default breaks old consumers
- Renaming fields — renaming is equivalent to remove + add; it breaks both readers and writers
- No default values — new fields must have defaults for backward compatibility; always provide one
- Skipping the registry — local schema files without centralized validation lead to runtime deserialization failures
- NONE compatibility mode — disabling compatibility checks "for speed" guarantees future production incidents
Quality Checklist
- [ ] Schema registry deployed and enforced (no bypass)
- [ ] Compatibility mode set: BACKWARD for consumer-first, FULL for maximum safety
- [ ] All new fields have default values
- [ ] CI pipeline checks schema compatibility before merge
- [ ] Breaking changes require new subject/topic + migration plan
- [ ] Schema changes documented in changelog with migration notes
- [ ] Producers and consumers tested against both old and new schemas
- [ ] Schema IDs embedded in messages (Confluent wire format)
- [ ] Unused schemas deprecated and cleaned up quarterly
- [ ] Team trained on compatibility rules for their serialization format
Related Skills
curiositech/circuit-breakers-and-retries
tools
VerifiedTrustedCommunity
Building resilient distributed systems with circuit breakers, retries with full-jitter exponential backoff, retry budgets (per-request 3-attempt + per-client 10% ratio per Google SRE), deadline propagation, and the cascading-failure math (4 layers × 3 retries = 64x amplification). Grounded in Resilience4j, Microsoft Cloud Patterns, AWS Architecture Blog (Marc Brooker), and Google SRE Book.
4SKILL.mdUpdated May 6, 2026
curiositech/cdn-cache-control-headers
testing
VerifiedTrustedCommunity
Designing HTTP cache headers that work correctly across browsers, CDNs, and shared proxies — `Cache-Control` directives per RFC 9111, `stale-while-revalidate` and `stale-if-error` per RFC 5861, the Vary header for varying responses, and surrogate keys for tag-based purging. Grounded in IETF RFCs and Cloudflare/Fastly docs.
4SKILL.mdUpdated May 5, 2026
curiositech/content-security-policy-headers
development
VerifiedTrustedCommunity
Use when designing or fixing a Content Security Policy on a real site, choosing between nonce-based and hash-based CSP, adding strict-dynamic, debugging "Refused to execute inline script" errors, deploying CSP in report-only mode first, configuring report-to / report-uri, or auditing an existing policy for unsafe-inline / unsafe-eval / wildcards. Triggers: "CSP blocks legitimate inline script", strict-dynamic, nonce-{RANDOM}, sha256-{HASH}, object-src none, base-uri none, frame-ancestors, Trusted Types, X-Content-Security-Policy obsolete, report-only vs enforced. NOT for general HTTP security headers (HSTS, COOP/COEP), Trusted Types deep dive, CORS configuration, or building a WAF.
3SKILL.mdUpdated May 4, 2026
curiositech/api-versioning-strategy
tools
VerifiedTrustedCommunity
Choosing and operating an HTTP API versioning strategy that doesn't break clients — Stripe's date-based pinned versions, the Deprecation/Sunset header pair (RFC 9745 + RFC 8594), URI vs header vs media-type approaches, and the version-transformer pattern. Grounded in Stripe's published architecture and IETF RFCs.
3SKILL.mdUpdated May 4, 2026