backend-business-scoped-endpoint
Add a new authenticated business-scoped API endpoint in Kyora backend (Gin) with correct tenant isolation, RBAC/plan gates, error handling, and Swagger annotations.
Add a new authenticated business-scoped API endpoint in Kyora backend (Gin) with correct tenant isolation, RBAC/plan gates, error handling, and Swagger annotations.
Use this when implementing TanStack Start server functions and middleware (validation, auth, redirects, request context) in the Cloudflare Workers runtime.
Add authentication and authorization to routes, Server Actions, and API endpoints using Supabase Auth. Use when user needs "protect [route]", "add authentication", "require login", "add RBAC", "implement login/logout", or mentions auth, permissions, OAuth, API keys. Provides patterns for protected routes, Server Action auth checks, role-based access control (5 roles), OAuth providers (Google, GitHub), email verification, password strength, account lockout, and API key authentication. Do NOT use when building new features (use worldcrafter-feature-builder which can add auth), database-only changes (use worldcrafter-database-setup for RLS policies), routes without auth (use worldcrafter-route-creator), or testing only (use worldcrafter-test-generator).
Configure multi-platform deployment for FastAPI applications including Docker containerization, Railway, DigitalOcean App Platform, and AWS deployment. Use when deploying FastAPI apps, setting up production environments, containerizing applications, configuring cloud platforms, implementing health checks, managing environment variables, setting up reverse proxies, or when user mentions Docker, Railway, DigitalOcean, AWS, deployment configuration, production setup, or container orchestration.
Keep HTTP handlers and OpenAPI (openapi.yaml) in sync. Use when adding/changing endpoints, request/response schemas, auth requirements, or error shapes.
Implement authentication, authorization, input validation, and security best practices. Use when securing API endpoints and data.
Guide for TypeBox schema conventions in Fastify routes and environment validation. Use when defining request/response schemas or validating configuration.
Load when editing Python files in backend/, api/, routes/, services/, models/, websocket files, or alembic/. Provides FastAPI, async SQLAlchemy, WebSocket, Authentication, and Database Migration patterns.
Guide for creating paginated list endpoints with cursor-based pagination and RFC 8288 Link headers following this project's conventions.
Guide for creating Huma API endpoints following this project's conventions including routing, input/output structs, error handling, and OpenAPI documentation.
To be used for writing API endpoints with Express.js. Follow these instructions to implement RESTful API endpoints.
Use Zod to validate and type inputs at boundaries (route params/search params, server functions, DB access). Use when adding validation or debugging input issues.
Adds OpenAPI standards (Swagger) documentation to .NET ASP.NET Core APIs with Scalar UI or Swagger UI. Configures Swashbuckle, generates OpenAPI specs, and sets up interactive API documentation endpoints.
Guide for creating Fastify route handlers with TypeBox schemas and OpenAPI documentation. Use when adding new routes to app/src/routes/.
Implement authentication and authorization using @delon/auth. Use this skill when adding login/logout flows, JWT token management, role-based access control (RBAC), route guards, HTTP interceptors, and session management. Integrates with Firebase Auth and custom permission systems. Ensures secure token storage, automatic token refresh, and consistent authorization checks across components and services.
Security review and analysis for Frappe API endpoints decorated with @frappe.whitelist(). Use when reviewing API security, checking for permission vulnerabilities, scanning for unprotected endpoints, validating role restrictions, or auditing API endpoints for security best practices. Helps identify missing frappe.only_for(), frappe.has_permission(), or frappe.get_list() usage.
Deploy applications and websites to Vercel. Use this skill when the user requests deployment actions such as "Deploy my app", "Deploy this to production", "Create a preview deployment", "Deploy and give me the link", or "Push this live". No authentication required - returns preview URL and claimable deployment link.