npx claudepluginhub nudesk/nudesk-os-plugin --plugin nudesk-osThis skill uses the workspace's default tool permissions.
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Details PluginEval's skill quality evaluation: 3 layers (static, LLM judge), 10 dimensions, rubrics, formulas, anti-patterns, badges. Use to interpret scores, improve triggering, calibrate thresholds.
This skill is both a reference and an active query engine. It queries Asana and Vanta for live compliance data, cross-references against nuDesk's 91-control matrix, and identifies gaps with recommended actions.
/compliance-status, /security-check, /session-closeout, /evidence-collectLoad compliance project GIDs from ~/.claude/memory/compliance-config.md.
Query these Asana projects via MCP:
Check ~/.claude/memory/compliance-config.md → Vanta → API Access.
If "yes": query Vanta REST API or MCP (if Core+ plan) for:
If Vanta is unavailable or UI-only: Skip Vanta queries gracefully. Report Asana data only and note: "Vanta data unavailable — operating in export mode."
The full control table lives in ~/Projects/nudesk-os-plugin/knowledge-base/Policies/_Summary of nuDesk Sec Policies.md (Tier 1 — Controls Quick Reference).
| Category | Count | Enforcement |
|---|---|---|
| A — Automatable | 28 | Hooks, scheduled tasks, auto-evidence via Asana |
| B — Semi-Automated | 31 | Human-triggered commands with Asana workflow execution |
| C — Policy-Only | 32 | Scheduled review reminders + acknowledgment tracking |
| Control | Statement | Enforcement Mechanism |
|---|---|---|
| OS-01 | Changes tested, reviewed, approved before deploy | Pre-deploy hook + Change Log subtask checklist |
| SD-01 | Code changes require review before merge | PR review + Change Log evidence |
| SD-02 | Mandatory version control | Git hook evidence (commit logs) |
| SD-04 | Code scanned before deployment | /security-check + evidence buffer |
| OS-04 | No confidential data in non-prod | PII pattern scan hook |
| AC-13 | Source code access restricted and logged | Git access logs |
| DM-02 | Confidential data encrypted at rest/transit | Config scan evidence |
| CR-01 | AES-256 at rest, TLS in transit | Infrastructure config checks |
| AI-04 | PII anonymized before AI processing | PII scan hook on Write/Edit |
| Control | Statement | Enforcement Mechanism |
|---|---|---|
| IR-01–05 | Incident response lifecycle | /incident-log command |
| RM-01–03 | Risk assessment and register | Risk Register project + scheduled reviews |
| OS-08 | Quarterly vulnerability scans | Scheduled task + evidence collection |
| BC-01 | Annual DR test | Scheduled task + evidence collection |
.env files locally, Secret Manager in production..env files are blocked by hook. Modify manually./session-closeout → evidence buffer./weekly-report.~/.claude/memory/context/evidence-buffer.md — batch-processed by /evidence-collect./incident-log to create properly structured incident tasks.env files are not staged/security-check has been run this session| Change Type | Required Tests | Gate | Enforcement |
|---|---|---|---|
| API endpoint | Unit + integration test | Pre-commit | pr-test-analyzer |
| Auth/permissions | Security test + integration | Pre-deploy | security-reviewer + pr-test-analyzer |
| Database schema | Migration + rollback test | Pre-deploy | Manual dry-run |
| Frontend component | Behavioral component test | Pre-commit | pr-test-analyzer |
| Credential handling | Security review | Pre-deploy | security-reviewer |
| n8n workflow | E2E test with synthetic payload | Pre-publish | Manual |
| Infrastructure | Dry-run + smoke test | Pre-deploy | Local build + health check |
faker (Python) or @faker-js/faker (JS)."gid_test_001" patterns.@example.com and 555-0100 range..env.test (gitignored).