Stats
Actions
Tags
Help us improve
Share bugs, ideas, or general feedback.
From firebase-development
Validates Firebase code for security best practices, Firestore rules, functions architecture, emulator configuration, and authentication during reviews and audits.
npx claudepluginhub 2389-research/claude-plugins --plugin firebase-developmentHow this skill is triggered — by the user, by Claude, or both
Slash command
/firebase-development:validateThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
This sub-skill validates existing Firebase code against proven patterns and security best practices. It checks configuration, rules, architecture consistency, authentication, testing, and production readiness.
Audits Firestore security rules against rigorous criteria to identify vulnerabilities, bypasses, and misconfigurations. Use when rules are updated.
Build and configure Firebase-powered web and mobile apps: Firestore, Auth, Hosting, Cloud Functions, Storage, App Check, Remote Config, Analytics. Use for authentication flows, data modeling, hosting deployment, security rules.
Guides Firebase backend development covering auth, Firestore, Realtime DB, Cloud Functions, Storage, Hosting; emphasizes security rules, denormalized data modeling, and query optimization.
Share bugs, ideas, or general feedback.
This sub-skill validates existing Firebase code against proven patterns and security best practices. It checks configuration, rules, architecture consistency, authentication, testing, and production readiness.
Key principles:
Do not use for:
firebase-development:project-setupfirebase-development:add-featurefirebase-development:debugCreate checklist with these 9 steps:
Validate required sections:
hosting - Array or object presentfunctions - Source directory, runtime, predeploy hooksfirestore - Rules and indexes filesemulators - Local development configCheck hosting pattern matches implementation (site:, target:, or single).
Reference: docs/examples/multi-hosting-setup.md
Critical settings:
{
"emulators": {
"singleProjectMode": true,
"ui": { "enabled": true }
}
}
Verify all services in use have emulator entries.
Reference: docs/examples/emulator-workflow.md
Check for:
isAuthenticated(), isOwner())diff().affectedKeys().hasOnly([...]) for client writescollectionGroup() queriesReference: docs/examples/firestore-rules-patterns.md
Identify pattern in use:
middleware/, tools/, CORS, health endpointshared/Critical: Don't mix patterns. Verify consistency throughout.
Reference: docs/examples/express-function-architecture.md
For API Keys:
collectionGroup('apiKeys') queryactive: true flaguserId to requestFor Firebase Auth:
request.auth.uidReference: docs/examples/api-key-authentication.md
All .ts files should start with:
// ABOUTME: Brief description of what this file does
// ABOUTME: Second line with additional context
grep -L "ABOUTME:" functions/src/**/*.ts # Find missing
Check for:
functions/src/__tests__/**/*.test.tsfunctions/src/__tests__/emulator/**/*.test.tsvitest.config.ts and vitest.emulator.config.ts existnpm test && npm run test:coverage
All handlers must:
{ success: boolean, message: string, data?: any }console.errorSecurity checks:
grep -r "apiKey.*=" functions/src/).env files in .gitignoreallow read, write: if true; in rulesProduction checks:
npm audit cleannpm run buildnpm test.firebasercallow write: if false;diff().affectedKeys() validation| Issue | Fix |
|---|---|
Missing singleProjectMode | Add to emulators config |
| No default deny rule | Add match /{document=**} { allow: if false; } |
| Mixed architecture | Migrate to consistent pattern |
| Missing ABOUTME | Add 2-line header to all .ts files |
| No integration tests | Add emulator tests for workflows |
| Inconsistent response format | Standardize to {success, message, data?} |
| No error handling | Add try-catch to all handlers |
| Secrets in code | Move to environment variables |
For general code quality review beyond Firebase patterns, invoke superpowers:requesting-code-review.
After validation, provide:
docs/examples/multi-hosting-setup.mddocs/examples/api-key-authentication.mddocs/examples/express-function-architecture.mddocs/examples/firestore-rules-patterns.mddocs/examples/emulator-workflow.md