thefixer3x/base-client-guardian
.claude/skills/base-client-guardian/SKILL.md
Guardrails for edits to core/base-client.js covering auth injection, retries, circuit breaker behavior, and request/response events. Use when modifying the universal API client or its auth/retry/error handling.
tools
Updated Apr 16, 2026
$ install --global
skillsauthnpx skillsauth add thefixer3x/onasis-gateway base-client-guardianInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 2:51 PM4.4s2 files scanned
SKILL.md
- name:
- base-client-guardian
- description:
- Guardrails for edits to core/base-client.js covering auth injection, retries, circuit breaker behavior, and request/response events. Use when modifying the universal API client or its auth/retry/error handling.
Skill: Base Client Guardian
Purpose & Scope
This skill applies when modifying the Universal API Client (core/base-client.js).
The Base Client provides:
- HTTP request handling with axios
- Multi-protocol authentication (Bearer, API Key, Basic, HMAC, OAuth2)
- Exponential backoff retry logic
- Circuit breaker pattern for fault tolerance
- Rate limiting management
- EventEmitter-based request/response/error logging
Critical Rules - NEVER Do
Public Method Stability
- NEVER remove or rename these public methods:
request()- Main entry point for API callsretryRequest()- Handles retry logic with backoffhealthCheck()- Service health verificationgenerateMethods()- Dynamic method generation from endpointsaddAuthentication()- Auth injection into requests
EventEmitter Events
- NEVER remove or rename these event names:
request- Emitted before each requestresponse- Emitted on successful responseerror- Emitted on request failurecircuit-breaker-open- Emitted when circuit opens
Authentication Types
- NEVER change these auth type identifiers:
bearer- Bearer token authapikey- API key (header or query)basic- Basic authhmac- HMAC signature authoauth2- OAuth 2.0 auth
Security
- NEVER log sensitive data (auth tokens, credentials, API keys)
- NEVER disable TLS/SSL verification
- NEVER expose raw credentials in error messages
- NEVER store credentials in plain text
Circuit Breaker
- NEVER change the state machine flow:
CLOSED -> OPEN -> HALF_OPEN -> CLOSED - NEVER remove the 5-failure threshold for circuit opening
- NEVER remove the 60-second recovery timeout
Required Patterns - MUST Follow
Retry Logic
// MUST use exponential backoff
const delay = this.config.retryDelay * Math.pow(2, attempt - 1);
// MUST check shouldRetry() before retrying
if (attempt < this.config.retryAttempts && this.shouldRetry(error)) {
await this.sleep(delay);
return this.retryRequest(config, attempt + 1);
}
Event Emission
// MUST emit events after state changes
this.emit('request', { service, method, url, timestamp });
this.emit('response', { service, status, statusText, timestamp });
this.emit('error', { service, type, message, status, timestamp });
Circuit Breaker State Management
// MUST follow state machine
// On success: reset to CLOSED
this.circuitBreaker.failures = 0;
this.circuitBreaker.state = 'CLOSED';
// On failure: increment and potentially open
this.circuitBreaker.failures++;
if (this.circuitBreaker.failures >= 5) {
this.circuitBreaker.state = 'OPEN';
this.emit('circuit-breaker-open', { service, failures });
}
// On timeout: transition to HALF_OPEN
if (timeSinceLastFailure > 60000) {
this.circuitBreaker.state = 'HALF_OPEN';
}
Authentication Handling
// MUST handle all auth types in switch statement
switch (auth.type) {
case 'bearer':
case 'apikey':
case 'basic':
case 'hmac':
case 'oauth2':
// Implementation here
break;
}
Safe Modification Examples
Adding a New Authentication Type
// Add to the switch statement in addAuthentication()
case 'custom_auth_type':
config.headers['X-Custom-Auth'] = auth.config.customValue;
break;
Adding New Retry Conditions
// Extend shouldRetry() - do NOT replace existing conditions
shouldRetry(error) {
return (
error.code === 'ECONNRESET' ||
error.code === 'ETIMEDOUT' ||
error.code === 'ENOTFOUND' ||
error.code === 'YOUR_NEW_CODE' || // ADD here
(error.response && error.response.status >= 500)
);
}
Adding New Events
// Add new events - do NOT modify existing event signatures
this.emit('your-new-event', { service, customData, timestamp });
Integration Points
| Component | Integration Method |
|-----------|-------------------|
| Metrics Collector | Listen to request, response, error events |
| Compliance Manager | Intercept in addAuthentication() |
| Version Manager | Pass version in request options |
| Vendor Abstraction | Uses request() method |
Testing Requirements
Before any changes to this file:
# 1. Run existing tests
npm test -- --grep "BaseClient"
# 2. Verify authentication works for all types
node -e "const BaseClient = require('./core/base-client'); const client = new BaseClient({ name: 'test', baseUrl: 'https://httpbin.org' }); console.log('Client initialized:', client.config.name);"
# 3. Test circuit breaker states
# Verify: CLOSED -> OPEN (after 5 failures) -> HALF_OPEN (after 60s)
# 4. Test retry logic
# Verify exponential backoff: delay * 2^(attempt-1)
Rollback Procedure
If changes cause issues:
-
Immediate Rollback
git checkout HEAD~1 -- core/base-client.js -
Verify Recovery
# Restart the server bun run dev # Check health endpoint curl http://localhost:3001/health -
Event Listener Check
// Verify all components can still receive events client.on('request', () => console.log('Request event works')); client.on('response', () => console.log('Response event works')); client.on('error', () => console.log('Error event works'));
Related Skills
thefixer3x/onasis-gateway
tools
VerifiedTrustedCommunity
# Onasis Gateway — Agent & IDE Skill Guide > **Read this file first.** This guide is the primary reference for AI agents (Claude, Cursor, Copilot, etc.) and developers working with the Onasis Gateway API integration repository. It covers all 16 third-party API integrations, Postman MCP setup, auth patterns, environment variables, and recommended workflows. --- ## Table of Contents 1. [Overview](#overview) 2. [Postman MCP Integration](#postman-mcp-integration) 3. [16 API Integrations](#16-api
SKILL.mdUpdated Apr 24, 2026
thefixer3x/version-manager
data-ai
VerifiedTrustedCommunity
Guardrails for edits to core/versioning/version-manager.js covering semver validation, deprecation, migrations, and compatibility rules. Use when changing version registration or migration handling.
SKILL.mdUpdated Apr 16, 2026
thefixer3x/vendor-abstraction
tools
VerifiedTrustedCommunity
Guardrails for edits to core/abstraction/vendor-abstraction.js that preserve vendor isolation, mappings, fallback selection, and stable client-facing schemas. Use when adding/removing vendors, operations, or schema fields.
SKILL.mdUpdated Apr 16, 2026
thefixer3x/sdk-behavior-extension
tools
VerifiedTrustedCommunity
Use this skill when adding new methods, tools, or schema changes to the `@lanonasis/mem-intel-sdk`. Trigger when the user wants to extend the SDK with new capabilities, add a new MCP tool to mcp-core, add a new intelligence endpoint, or migrate the behavior_patterns schema. Also trigger when the user says things like "add a new tool to the SDK", "extend mem-intel-sdk", "add behavior X to the MCP server", or "update the SDK schema." Do NOT use for general behavior pattern recording/recall — use the behavior-memory skill for that.
SKILL.mdUpdated Apr 16, 2026