rzyfront/vendix-backend-middleware
skills/vendix-backend-middleware/SKILL.md
Backend middleware and request-context patterns: ecommerce-only domain resolution, cache-manager usage, domain_context on the request, and AsyncLocalStorage request context population via interceptor. Trigger: When configuring middleware.
$ install --global
skillsauthnpx skillsauth add rzyfront/vendix vendix-backend-middlewareInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 16, 2026, 5:05 AM230.0s1 file scanned
SKILL.md
- name:
- vendix-backend-middleware
- description:
- >
- Backend middleware and request-context patterns:
- ecommerce-only domain resolution,
- population via interceptor. Trigger:
- When configuring middleware.
- license:
- MIT
- author:
- rzyfront
- version:
- 2.0
- scope:
- [root]
- auto_invoke:
- Configuring middleware
Vendix Backend Middleware
Source of Truth
apps/backend/src/common/middleware/domain-resolver.middleware.tsapps/backend/src/common/interceptors/request-context.interceptor.tsapps/backend/src/common/context/request-context.service.tsapps/backend/src/app.module.ts
Domain Resolver Reality
DomainResolverMiddleware is not a generic all-route tenancy resolver. It currently runs only for ecommerce-style requests and exits early unless req.originalUrl contains /ecommerce/.
It resolves store context in this order:
x-store-idheader orstore_idquery param.- Hostname resolution via
PublicDomainsService.resolveDomain(hostname). - Cached hostname lookup through Nest
cache-manager.
The middleware writes:
req['domain_context'] = { store_id, organization_id? }
It does not write req.store_id / req.organization_id / req.domain_type directly.
Request Context Reality
RequestContextService is AsyncLocalStorage-based, not request-scoped DI over REQUEST.
RequestContextInterceptormerges auth user data andreq['domain_context'].- It propagates
x-request-idinto the request context. - It calls
RequestContextService.asyncLocalStorage.run(contextObj, ...). - Consumers read static helpers like
getStoreId(),getUserId(),getRequestId(),isSuperAdmin().
Rules
- Do not document or implement new middleware assuming route-param tenancy.
- Do not inject a request-scoped
RequestContextService; use the real ALS/static API. - If you need tenant context in backend logic, prefer the interceptor-populated request context and scoped Prisma services.
- If you need hostname-based public store resolution outside ecommerce routes, verify the route path and current middleware coverage before expanding behavior.
Related Skills
vendix-multi-tenant-contextvendix-prisma-scopesvendix-backend-domain
Related Skills
rzyfront/mobile-dev
development
VerifiedTrustedCommunity
Mobile app development rules for Vendix Expo/React Native project. Trigger: When editing, creating, or modifying any file under apps/mobile, or when developing mobile-specific features.
5SKILL.mdUpdated May 29, 2026
rzyfront/vendix-subscription-gate
development
VerifiedTrustedCommunity
Feature gating by store subscription state: global store write guard, AI feature gate, Redis feature resolution, quota consumption, frontend paywall interceptor, banner, and subscription UI states. Trigger: When adding feature gates, paywalls, subscription-based access control, protecting store write operations, AI feature gates, or rollout flags.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-saas-billing
testing
VerifiedTrustedCommunity
SaaS subscription billing for Vendix stores: plan pricing, invoices, Wompi platform payments, manual payments, partner commissions, payouts, proration, and dunning. Trigger: When creating SaaS invoices, working with partner rev-share, margin/surcharge pricing, invoice sequence allocation, partner payout batches, subscription payments, manual payments, or dunning flows.
5SKILL.mdUpdated May 16, 2026
rzyfront/vendix-redis-quota
development
VerifiedTrustedCommunity
Periodic quota counters with Redis, UTC period keys, Lua-based idempotent AI quota consumption, request-id deduplication, and post-success consumption. Trigger: When building quota counters, enforcing monthly/daily feature caps, or reusing AI quota patterns for uploads, emails, exports, or rate-limited features.
5SKILL.mdUpdated May 16, 2026