app-dev

Audit a Next.js project for common issues, anti-patterns, and misconfigurations

Audit authentication and authorization implementation for security issues

Audit database schema and queries for performance and design issues

Generate or update OpenAPI spec from existing API routes

Find and clean up unused files, dependencies, exports, and types with knip

Generate database migration files for schema changes

Analyze Next.js bundle size and performance bottlenecks

Manual quality gate control and status.

Scaffold API route handlers from an OpenAPI spec or description

Visualize and document the current database schema

Generate API integration tests for endpoints

Use this agent to review API endpoints for security, design, performance, and best practices. Trigger when the user asks to "review my API", "check API security", "audit endpoints", "review route handlers", "is my API secure", "check for missing validation", or wants a comprehensive API review. Examples: "Review the API endpoints I just created in src/routes/", "Are my API endpoints secure? I'm worried about injection attacks.", "Is this a good REST API design for my user management endpoints?".

Use this agent to review authentication and authorization code for security issues, design flaws, and best practice violations. Trigger when the user mentions "review auth", "is my login secure", "check authentication", "review authorization", "auth security", "password security", "JWT review", "session security", "OAuth implementation", or asks about auth best practices. Examples: "I just built the login system, can you review it for security?", "Is my JWT implementation secure? I'm using HS256.", "I need to add auth to my API endpoints, what's the best approach?".

Use this agent to optimize slow database queries, analyze EXPLAIN plans, and recommend index or query rewrites. Trigger when the user mentions "slow query", "optimize query", "EXPLAIN plan", "query performance", "database is slow", "N+1 queries", "index recommendation", or asks why a query takes too long. Examples: "The /api/users endpoint takes 3 seconds, I think it's the database query", "Can you analyze this EXPLAIN output and tell me what's wrong?", "I'm seeing hundreds of SELECT queries when loading the dashboard".

Use this agent to map, analyze, and optimize Next.js route structure. Trigger when the user asks to "map routes", "analyze routing", "find missing error boundaries", "check loading states", "review middleware", "list all pages", "find route issues", or needs a comprehensive view of their Next.js application structure. Examples: "Map out all the routes in my Next.js app", "Some of my pages don't have error boundaries, can you find which ones?", "I need to add auth protection to my routes, which ones are unprotected?".

This skill should be used when the user asks to "design a REST API", "structure API endpoints", "choose HTTP status codes", "set up API versioning", "implement API pagination", or mentions "REST API", "API design", "endpoint design", "OpenAPI", "Swagger", "API versioning", "HTTP status codes", "API authentication", "rate limiting", "pagination", "HATEOAS". Provides REST API design patterns, OpenAPI specification guidance, authentication strategies, and API versioning.

This skill should be used when the user asks to "implement authentication", "set up JWT auth", "configure OAuth2", "implement RBAC", "add MFA/two-factor", "secure session management", or mentions "authentication", "authorization", "JWT", "OAuth", "login", "session management", "password hashing", "RBAC", "role-based access", "MFA", "two-factor", "API keys", "token refresh", "CSRF", "CORS with auth". Provides authentication and authorization patterns including JWT, OAuth2, session management, RBAC, MFA, and password security.

This skill should be used when the user asks to "design a database schema", "normalize a data model", "plan a migration strategy", "define table relationships", "review an ERD", or mentions "schema design", "database design", "data model", "ERD", "normalization", "migration strategy", "table design", "foreign key", "relationship". Provides database schema design expertise including normalization, relationship patterns, naming conventions, and migration strategies.

This skill should be used when the user asks to "optimize a database query", "analyze a slow query", "review EXPLAIN output", "design indexes", "fix N+1 queries", or mentions "query optimization", "slow query", "EXPLAIN", "index", "performance", "query plan", "table scan", "index tuning", "N+1", "query analysis". Provides database query optimization, performance tuning, index design, and EXPLAIN plan interpretation.

This skill should be used when the user asks to "add animations", "implement transitions", "create gesture interactions", "build layout animations", "add scroll-based effects", or mentions "framer motion", "motion", "animate", "animation", "transition", "gesture", "layout animation", "scroll animation", "variants", "AnimatePresence". Provides Framer Motion animation library expertise for React/Next.js including gestures, layout animations, exit animations, and scroll-driven effects.

This skill should be used when the user asks to 'debug a JavaScript error', 'fix a TypeScript error', 'debug a React component', 'fix a Next.js error', 'debug an API route', 'fix a hydration error', 'investigate a runtime error', or mentions 'JS debugging', 'stack trace', 'React error boundary', 'hydration mismatch', 'unhandled rejection', 'type error'. Provides systematic JavaScript/TypeScript debugging methodology for Next.js applications covering runtime errors, type errors, React issues, hydration mismatches, and API failures.

This skill should be used when the user asks to 'write tests', 'add test coverage', 'test a component', 'test an API route', 'test a hook', 'set up Vitest', 'use React Testing Library', 'mock an API', or mentions 'component testing', 'integration tests', 'vitest', 'RTL', 'msw', 'testing library'. Provides JavaScript/TypeScript testing patterns using Vitest and React Testing Library for Next.js applications.

This skill should be used when the user asks to "find unused code", "clean up dead code", "find unused dependencies", "find unused exports", "find unused files", "remove dead code", "run knip", "check for unused imports", "clean up dependencies", "prune unused packages", or mentions "knip", "dead code detection", "unused exports", "unused dependencies", "unused files", "dependency cleanup", "export cleanup". Provides expert guidance on using knip for JavaScript/TypeScript project cleanup including configuration, analysis, auto-fixing, and safe removal workflows.

This skill should be used when the user asks to "write a MySQL query", "configure my.cnf", "choose a storage engine", "tune MySQL performance", "set up MySQL replication", or mentions "mysql", "mariadb", "innodb", "my.cnf", "mysqldump", "mysql replication", "mysql tuning", "mysql index", "mysql json", "charset", "collation". Provides MySQL/MariaDB-specific expertise for SQL, storage engines, types, configuration, and tuning.

This skill should be used when the user asks to "build a Next.js app", "configure App Router routing", "implement data fetching", "create a server action", "optimize Next.js performance", or mentions "next.js", "app router", "server component", "client component", "next config", "middleware", "route handler", "server action", "ISR", "SSR", "SSG". Provides Next.js framework expertise for App Router, Server Components, data fetching, routing, middleware, and optimization.

This skill should be used when the user asks to "set up a Next.js TypeScript project", "define code conventions", "organize project structure", "implement component patterns", "enforce type safety", or mentions "next.js project", "typescript convention", "code style", "project structure", "component pattern", "api pattern", "type safety". Provides full-stack Next.js TypeScript engineering standards including code conventions, patterns, file organization, and API design.

This skill should be used when the user asks to 'write a PostgreSQL query', 'configure postgresql.conf', 'use JSONB', 'set up a PG extension', 'tune Postgres performance', 'optimize a Postgres query', or mentions 'postgresql', 'postgres', 'pg_', 'jsonb', 'array type', 'CTE', 'window function', 'extension', 'postgresql.conf', 'pg_stat', 'vacuum', 'WAL'. Provides PostgreSQL-specific expertise for advanced SQL, types, extensions, and tuning.

Prisma ORM expertise for schema design, migrations, client usage, and deployment. Use when writing Prisma schemas, creating migrations, querying with Prisma Client, defining relations, or deploying database changes. Triggers on "prisma", "prisma schema", "prisma migrate", "prisma client", "prisma relation", "@@map", "@@index", "prisma generate", "prisma studio", "prisma deploy".

This skill should be used when the user asks to "run a quality gate", "check code quality", "run lint checks", "run pre-push security scan", "check for dead code", or mentions "quality gate", "quality check", "lint check", "run checks", "code quality", "pre-push scan", "security scan". Provides automated JavaScript/TypeScript code quality enforcement including type checking, linting, formatting, dead code detection, type coverage, circular dependency detection, tests, and security scanning before git push.

This skill should be used when the user asks to "integrate Supabase", "set up Supabase auth", "write RLS policies", "use Supabase storage", "subscribe to realtime changes", or mentions "supabase", "supabase auth", "RLS", "row level security", "supabase client", "supabase storage", "realtime", "edge function", "supabase migration". Provides Supabase best practices for Next.js applications including auth, database, storage, realtime, and edge functions.

This skill should be used when the user asks to "style a component with Tailwind", "set up dark mode", "create a responsive layout", "build a reusable UI component", "configure Tailwind", "use cn() utility", or mentions "tailwind", "tailwindcss", "utility class", "className", "dark mode", "responsive design", "tailwind-merge", "cva", "class variance authority", "shadcn", "tailwind v4", "CSS theme variables", "@theme", "@variant". Provides Tailwind CSS expertise for React and Next.js applications including utility patterns, responsive design, dark mode, component abstractions, and Tailwind v4 CSS-first configuration.

This skill should be used before claiming any work is complete, before committing, before creating PRs, or before reporting task status. Enforces fresh verification evidence for all completion claims. Provides the verification gate methodology: run commands, read output, then report.

6 hooks across 3 events