Auth

The laravel-security skill is a practical Laravel security checklist for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment. Use it for audits, feature reviews, and hardening work in Laravel apps.

django-security is a practical guide for hardening Django apps with authentication, authorization, CSRF, XSS, SQL injection prevention, secure cookies, and production settings. It helps developers and reviewers run a focused Security Audit, quickly spot risky config, and apply concrete fixes before deployment.

auth-implementation-patterns is a practical skill for designing and implementing authentication and authorization patterns, including sessions, JWT, OAuth2/OIDC, RBAC, and access control checks for APIs and apps.

The security-and-hardening skill helps harden application code before release. Use it for user input, auth, sessions, sensitive data, file uploads, webhooks, and external services, with concrete checks like input validation, parameterized queries, output encoding, secure cookies, HTTPS, and secrets handling.

The sharp-edges skill helps you find APIs, configs, and interfaces where the easy path leads to insecure use. Use it to review authentication flows, cryptographic wrappers, dangerous defaults, null or zero semantics, and misuse-prone design choices. It is a strong fit for sharp-edges for Security Audit work when you need concrete footguns, not generic security guesses.

The insecure-defaults skill helps spot fail-open configuration patterns that let software run with unsafe settings instead of stopping. Use it for a Security Audit of production code, deployment configs, and secret-handling logic to catch weak auth, hardcoded secrets, and permissive defaults.

azure-identity-py helps set up Azure authentication in Python with Microsoft Entra ID. Use it to choose DefaultAzureCredential, managed identity, or service principal auth, configure environment variables, and troubleshoot access control and credential chain issues. Install guidance, usage patterns, and practical setup notes are based on the repo skill file.

firebase skill guide for Firestore, Auth, Storage, Functions, Hosting, and security rules. Learn practical firebase usage for building and maintaining real-time apps, with setup tips, emulator-first workflows, and guidance for firebase for Database Engineering.

two-factor-authentication-best-practices for Better Auth: install the twoFactor plugin, add client redirects, run migrations, verify schema, and implement TOTP, backup codes, trusted devices, and 2FA sign-in flows for Access Control.

better-auth-best-practices helps developers install and use Better Auth with the right env vars, auth.ts location, CLI migrate or generate steps, plugin updates, and /api/auth/ok verification.

create-auth-skill helps add Better Auth to JS or TS apps with a planning-first workflow. It scans your repo, detects framework and database signals, asks structured setup questions, then guides route wiring, providers, auth pages, and migration-safe implementation.

email-and-password-best-practices helps you configure Better Auth email/password login, verification emails, reset flows, password rules, hashing options, and the required migration step.

organization-best-practices guides Better Auth organization setup for access control, covering server and client plugins, migration, database checks, org creation, invitations, roles, and RBAC-focused usage.

The neon-postgres skill helps agents answer Neon Serverless Postgres questions with less guesswork. Learn install context, usage patterns, connection choices, local development, branching, auth, the Data API, Neon CLI, and how to verify current Neon docs before acting.

detecting-anomalous-authentication-patterns helps analyze authentication logs for impossible travel, brute force, password spraying, credential stuffing, and compromised-account activity. Built for Security Audit, SOC, IAM, and incident response workflows with baseline-aware detection and evidence-backed sign-in analysis.

supabase-nextjs helps build Next.js App Router apps with Supabase auth, storage, and realtime, while using Drizzle ORM for typed database queries. It fits backend development workflows that need protected routes, server-side session handling, and a clear server/client split.

supabase-node is a guide for building a Node.js backend with Supabase Auth, storage, and Drizzle ORM. It helps teams use Express or Hono with clear route, middleware, and query boundaries for backend development.

The supabase skill helps you manage Supabase-backed apps with a local-first workflow for database changes, auth, storage, Edge Functions, migrations, and RLS. Use this supabase guide when you want practical supabase usage, install guidance, and repeatable deployment steps instead of ad hoc production edits.

azure-identity-java helps Java backend developers use Microsoft Entra ID authentication with Azure SDK clients. Learn the right credential for local dev, CI/CD, and Azure-hosted apps, including DefaultAzureCredential, managed identity, and service principal patterns.

entra-agent-id is a Microsoft Entra Agent ID preview skill for backend development teams building OAuth2-capable AI agent identities with Graph beta. It covers blueprint setup, blueprint principals, agent identities, permissions, sponsors, workload identity federation, and sidecar-based auth. Use it to understand entra-agent-id install, usage, and rollout constraints.