hashlips/nextjs-capability-implementation
skills/nextjs-capability-implementation/SKILL.md
Implements capability-based architecture inside TypeScript-first Next.js applications with current stable Next.js and React, verified dependency security, correct server/client boundaries, routing adapters, secure configuration patterns, and server-side observability practices. Use when creating or refactoring Next.js projects that should follow capability architecture principles and enforce TypeScript, linting, and testing standards.
$ install --global
skillsauthnpx skillsauth add hashlips/agent-skills nextjs-capability-implementationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 2:07 AM8.6s17 files scanned
SKILL.md
- name:
- nextjs-capability-implementation
- description:
- Implements capability-based architecture inside TypeScript-first Next.js applications with current stable Next.js and React, verified dependency security, correct server/client boundaries, routing adapters, secure configuration patterns, and server-side observability practices. Use when creating or refactoring Next.js projects that should follow capability architecture principles and enforce TypeScript, linting, and testing standards.
Next.js Capability Implementation
Apply capability-architecture principles inside Next.js projects using concrete framework patterns for routing, composition, data flow, and security-sensitive boundaries.
Core Workflow
When implementing a Next.js feature or system:
- Bootstrap project with secure defaults (see dependency and version security rules)
- Establish capability-first folder structure
- Keep
app/focused on routing and composition - Enforce server/client execution boundaries
- Implement thin transport adapters (Server Actions and Route Handlers)
- Protect sessions, cookies, and environment variables
- Add server-side observability at capability boundaries
- Keep types and mapping logic close to capabilities
- Validate implementation against checklist
Non-Negotiable Rules
- Next.js and React versions: use the latest stable Next.js and the React /
react-domversions that release requires; do not intentionally pin to unsupported or end-of-life stacks without a documented, reviewed exception - Vulnerabilities: before treating bootstrap or a dependency upgrade as complete, run a package-manager audit (or equivalent) and resolve or explicitly document high/critical (and any policy-defined “major”) issues affecting
next,react,react-dom, and other app runtime dependencies - Preferred bootstrap: create new apps with Create Next App via
npx/pnpm dlx/bunxso the official toolchain and peer versions stay aligned (see reference below) - Treat Next.js primitives as delivery mechanisms, not business-logic containers
- Keep Server Actions and Route Handlers thin; delegate to capability logic
- Do not leak secrets or sensitive env vars into client bundles
- Validate and map external data before UI/domain propagation
- Log significant server-side capability events with safe, structured context
- Use TypeScript (no new JavaScript-only feature modules); keep types close to capabilities
- Use React hooks and Context only in Client Components for presentation and wiring; keep capability truth on the server
- Keep feature ownership explicit in module structure and type placement
Output Contract
Implementations produced with this skill should:
- preserve capability boundaries within a Next.js codebase
- separate server and client concerns intentionally
- keep routing layers compositional and thin
- handle auth/session/cookies in secure server contexts
- include server-side logging/observability at transport and capability boundaries
- be covered by basic linting (ESLint) and tests for critical capability paths
- keep project structure and references consistent and maintainable
- use supported
next/react/react-domversions and satisfy the dependency security baseline in references/dependency-and-version-security.md
Reference Index
- Next.js / React version choice, Create Next App, and vulnerability audits: references/dependency-and-version-security.md
- Project bootstrap steps and baseline setup sequence: references/project-bootstrap.md
- Environment variable safety rules and secret exposure boundaries: references/environment-variables.md
.gitignorepatterns for Next.js and sensitive files: references/gitignore.md- Capability-first folder structure for Next.js repositories: references/project-structure.md
app/router responsibilities and composition boundaries: references/app-router.md- Server versus client execution model and placement decisions: references/server-vs-client.md
- Server Action usage as thin capability adapters: references/server-actions.md
- Route Handler usage as HTTP transport adapters: references/route-handlers.md
- Cookie and session handling security guidance: references/cookies-session-security.md
- Server-side observability and logging patterns for capabilities: references/observability-logging.md
- Type placement strategy across capability modules: references/type-placement.md
- Data fetching and mapping boundaries before rendering: references/data-fetching.md
- UI composition patterns that avoid feature-logic leakage: references/ui-composition.md
- React hooks and Context usage within server/client boundaries: references/react-hooks-and-context.md
- End-to-end implementation validation checklist: references/implementation-checklist.md
When To Use This Skill
Use this skill when:
- building a new Next.js application with capability architecture
- refactoring an existing Next.js codebase for modularity
- implementing features with Server Actions or Route Handlers
- hardening configuration, cookies, and session boundaries
- adding reliable server-side logging and observability signals
- aligning project structure and UI composition with capability ownership
This skill is designed to pair with the capability-architecture skill.
Related Skills
hashlips/project-graph
development
VerifiedTrustedCommunity
Generates an interactive HTML map of any coding project showing all files, their connections, and entry-point flows, enriched by a living AI knowledge file that grows as the project is explored. Use when asked to generate a project graph, visualize project structure, map file connections or flows, get a high-level overview of a codebase, or answer questions about a project that already has a generated graph (technologies, services, how a flow works).
16SKILL.mdUpdated Jun 12, 2026
hashlips/skill-scan
development
VerifiedTrustedCommunity
Static security audit of an Agent Skill package (untrusted text only)—safe to run, data-exfil and hidden-action risks, est_tokens, and a verdict. Use only when the user explicitly asks to scan, security-scan, or sanity-check a skill.
12SKILL.mdUpdated May 26, 2026
hashlips/token-estimator
development
VerifiedTrustedCommunity
Gives a consistent rough token-size estimate for a file or folder of text using fixed integer rules. Use when you need repeatable ballpark token counts for Markdown or plain text without calling a provider API.
12SKILL.mdUpdated May 24, 2026
hashlips/md-compressor
testing
VerifiedTrustedCommunity
Compresses Markdown to minimal token form while preserving facts and agent-executable intent; duplicates sources first and compresses skill packages (SKILL.md plus reference MD). Use when reducing context cost in docs, skills, or prompts at light, medium, heavy, or extreme compression.
12SKILL.mdUpdated Apr 22, 2026