rzyfront/buildcheck-dev
skills/buildcheck-dev/SKILL.md
Build and runtime verification steps for Vendix development. Trigger: Verifying Build, checking Docker watch-mode logs, or confirming development changes do not introduce compile/runtime errors.
$ install --global
skillsauthnpx skillsauth add rzyfront/vendix buildcheck-devInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 15, 2026, 4:43 AM35.9s1 file scanned
SKILL.md
- name:
- buildcheck-dev
- description:
- >
- Trigger:
- Verifying Build, checking Docker watch-mode logs, or confirming development changes do not introduce compile/runtime errors.
- license:
- MIT
- author:
- rzyfront
- version:
- 1.0
- scope:
- [root]
Buildcheck Dev
CRITICAL: A task is not complete while affected development containers show compilation, runtime, type, dependency, or template errors.
Shared component tip: If frontend logs show errors in shared components, check
apps/frontend/src/app/shared/components/{component}/README.mdbefore changing the component usage.
Core Rule
Development verification always uses Docker watch-mode logs. Do not run production build commands unless the human explicitly asks for a production build, deployment check, or production compilation check.
Default Verification Workflow
- Apply the code change.
- Check the logs for every affected development container using
docker logs --tail 40. - Check container status with
docker ps. - If logs contain errors, fix them and repeat from step 2.
- Finish only when affected containers are running and logs show zero relevant errors.
Development Commands
Use the commands that match the files changed:
| Change Area | Required Check |
| --- | --- |
| Backend | docker logs --tail 40 vendix_backend |
| Frontend | docker logs --tail 40 vendix_frontend |
| Database/Prisma | docker logs --tail 40 vendix_postgres |
| Multiple areas | Check each affected container |
| Container status | docker ps |
Expected healthy signals include messages such as Compiled successfully, Successfully compiled, Nest application successfully started, or database system is ready to accept connections.
Blocking signals include ERROR, ERROR in, TypeError, ReferenceError, TypeScript errors, template parsing errors, missing dependency errors, database syntax errors, or connection failures.
Production Build Rule
Run npm run build only when the human explicitly requests one of these:
| Explicit Request | Allowed Command |
| --- | --- |
| Backend production build | npm run build --workspace apps/backend or the repo-approved backend build command |
| Frontend production build | npm run build --workspace apps/frontend or the repo-approved frontend build command |
| Deployment/production compilation check | The repo-approved production build command for the requested target |
If the human does not explicitly request production verification, do not run production build commands. Development logs are the required verification source.
Docker Availability
If Docker is unavailable, Docker Desktop is stopped, or the expected containers do not exist:
- Report the verification blocker clearly.
- Do not mark the task as fully verified.
- Do not start, restart, rebuild, or recreate containers unless that action is necessary for the task or the human approves it.
If a relevant container exists but is stopped unexpectedly, inspect docker ps -a and only restart it when it clearly belongs to the affected Vendix service.
Container Restart/Recreate
Use restart or recreate only for cache, dependency, Dockerfile, compose, or stuck-container issues.
Prefer the compose command used by the repository (docker compose or docker-compose). Examples below use docker compose.
# Restart a service
docker compose restart <service>
# Rebuild one service after dependency or Dockerfile changes
docker compose build --no-cache <service>
docker compose up -d <service>
# Recreate one service safely
docker compose stop <service>
docker compose rm -f <service>
docker compose up -d <service>
# Force recreate all services only when needed
docker compose up -d --force-recreate
After any restart or recreate, re-run the development log checks and docker ps.
Completion Checklist
- [ ] Logs checked for all affected development containers with
docker logs --tail 40. - [ ] Container status checked with
docker ps. - [ ] Zero relevant errors remain in affected logs.
- [ ] Fixes were re-verified after changes.
- [ ] Production build was not run unless explicitly requested.
- [ ] If Docker was unavailable, the blocker was reported instead of claiming full verification.
Golden Rule
Development means Docker logs/watch mode. Production build means npm run build, and only when explicitly requested by the human.
Related Skills
vendix-development-rules- General development rulesvendix-naming-conventions- Naming conventionsvendix-backend-domain- Backend verification patternsvendix-frontend-component- Frontend verification patterns
Related Skills
rzyfront/mobile-dev
development
VerifiedTrustedCommunity
Mobile app development rules for Vendix Expo/React Native project. Trigger: When editing, creating, or modifying any file under apps/mobile, or when developing mobile-specific features.
5SKILL.mdUpdated May 29, 2026
rzyfront/vendix-subscription-gate
development
VerifiedTrustedCommunity
Feature gating by store subscription state: global store write guard, AI feature gate, Redis feature resolution, quota consumption, frontend paywall interceptor, banner, and subscription UI states. Trigger: When adding feature gates, paywalls, subscription-based access control, protecting store write operations, AI feature gates, or rollout flags.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-saas-billing
testing
VerifiedTrustedCommunity
SaaS subscription billing for Vendix stores: plan pricing, invoices, Wompi platform payments, manual payments, partner commissions, payouts, proration, and dunning. Trigger: When creating SaaS invoices, working with partner rev-share, margin/surcharge pricing, invoice sequence allocation, partner payout batches, subscription payments, manual payments, or dunning flows.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-redis-quota
development
VerifiedTrustedCommunity
Periodic quota counters with Redis, UTC period keys, Lua-based idempotent AI quota consumption, request-id deduplication, and post-success consumption. Trigger: When building quota counters, enforcing monthly/daily feature caps, or reusing AI quota patterns for uploads, emails, exports, or rate-limited features.
5SKILL.mdUpdated May 16, 2026