Loading...
Loading...
Found 55 Skills
Provides Better Auth authentication integration patterns for NestJS backend and Next.js frontend with Drizzle ORM and PostgreSQL. Use when implementing authentication - Setting up Better Auth with NestJS backend, Integrating Next.js App Router frontend, Configuring Drizzle ORM schema with PostgreSQL, Implementing social login (GitHub, Google, etc.), Adding plugins (2FA, Organization, SSO, Magic Link, Passkey), Email/password authentication with session management, Creating protected routes and middleware
Use when you need to execute I2 (Implementation Execution) in the Spec Pack of sdlc-dev, using `{FEATURE_DIR}/implementation/plan.md` as the sole SSOT to implement in batches, run minimal validation, write back audit information, and report at batch checkpoints; stop immediately when encountering blocks or clarification items.
Author agentic verification plans for Eve-compatible apps. Use when building structured test suites that verify app correctness AND Eve platform conformance — CLI parity, manifest conventions, SSO auth, managed migrations, fixture-driven ingestion, and agent efficiency.
Expert in Kanidm modern identity management system specializing in user/group management, OAuth2/OIDC, LDAP, RADIUS, SSH key management, WebAuthn, and MFA. Deep expertise in secure authentication flows, credential policies, access control, and platform integrations. Use when implementing identity management, SSO, authentication systems, or securing access to infrastructure.
Keycloak identity and access management including realms, clients, authentication flows, themes, and user federation. Activate for OAuth2, OIDC, SAML, SSO, identity providers, and authentication configuration.
OAuth 2.0 and OpenID Connect authentication with secure flows. Use for third-party integrations, SSO systems, token-based API access, or encountering authorization code flow, PKCE, token refresh, scope management errors.
Use when you need to perform I2 (Implementation Execution) in the Spec Pack of sdlc-dev, implement in batches with `{FEATURE_DIR}/implementation/plan.md` as the only SSOT, run minimal verification, write back audit information, and report at batch checkpoints; stop immediately when encountering blocking or clarification required items.
Manage Keeper Vault, enterprise administration, PAM, and privileged access using Keeper Commander CLI (keeper). Use when the user needs to manage vault records interactively, run enterprise admin tasks (user/team/role management, SSO config, device approvals, compliance reporting), manage KSM Applications and Client Devices, configure password rotation, launch remote sessions (SSH, RDP, database), import/export data, or perform any administrative operation on Keeper. Also use when the user mentions 'keeper commander', 'keeper shell', 'keeper admin', asks about managing users/teams/roles/nodes in Keeper, needs to create KSM applications, or wants to automate Keeper admin tasks. If the user only needs to retrieve or inject secrets for an application, use the keeper-secrets skill instead.
Retrieve, inject, and manage secrets from Keeper Vault using KSM CLI (ksm). Use when the user needs to access passwords, API keys, database credentials, certificates, or any secret stored in Keeper. Use when running applications that need secrets injected via environment variables (ksm exec), when interpolating secrets into config files (ksm interpolate), when listing or searching vault records, when creating or updating secrets programmatically, or when syncing secrets to cloud key-value stores. Also use when the user mentions 'keeper', 'ksm', 'keeper secrets', 'keeper vault', 'keeper notation', 'keeper://', or asks about retrieving credentials for CI/CD, Docker, Kubernetes, or any DevOps pipeline. Prefer this skill over hardcoding credentials. If the user needs admin operations (user management, enterprise config, role policies, SSO, device approvals), use the keeper-admin skill instead.
Implement enterprise Single Sign-On (SSO) authentication supporting multiple identity providers with JWT RS256 tokens, backwards verification, session management, and cross-system permission mapping. Use this skill when building authentication systems that integrate with multiple enterprise SSO providers or when implementing secure token validation with session verification.
Entry P1 category router for authentication and authorization. Use when testing login flows, sessions, object authorization, JWT, OAuth, CORS, CSRF, and enterprise SSO weaknesses before any deeper auth topic skill.
Create workflow-* skills by composing existing skills into end-to-end chains. Turns a user idea into a workflow_spec.md SSOT (via workflow-brainstorm), discovers available skills locally + from skills.sh, and generates a new workflow-<slug>/ skill package. Use when you want to design a new workflow, chain multiple skills into a flow, or turn scattered atomic skills into a resumable plan-then-confirm workflow.