nextjs-supabase-guard
Next.js + Supabase Guard
Full-stack validation orchestrator. Loads composable sub-guards and Supabase-specific skills.
Composable Architecture
This skill is built from independent layers that can also be used standalone:
| Layer | Skill | Standalone? |
|---|---|---|
| Universal | code-quality |
Yes — any project, any language |
| React | react-guard |
Yes — any React project |
| Next.js | nextjs-guard |
Yes — any Next.js project |
| Supabase | This skill | No — requires all above |
When to Use
- During or after implementing any feature in a Next.js + Supabase project
- After writing or modifying components, actions, queries, middleware
- Before committing — as a final quality gate
- When reviewing your own work
Workflow
Phase 1: Load Context
Read the git diff to understand what changed:
git diff --stat
git diff
Also read CLAUDE.md in the project root — it contains project-specific conventions that override general best practices.
Phase 2: Load Skills by Domain
Load skills based on what changed. Always start with the universal layer.
Always load:
code-quality— DRY, KISS, YAGNI, SRP principles
React (if any .tsx/.jsx changed):
2. react-guard — loads all React skills automatically
Next.js (if routes, layouts, middleware, or server code changed):
3. nextjs-guard — loads Next.js + React skills automatically
Supabase + Auth (if auth, queries, or DB-related code changed):
4. nextjs-supabase-auth
5. supabase-postgres-best-practices
6. security-review
Styling (if className or CSS changed):
7. tailwind-patterns
Tests (if test files changed or new code lacks tests):
8. test-behavior-not-implementation
Code simplification (always):
9. anti-slop
10. code-simplifier
Phase 3: Validate Changes
For each changed file, check against the loaded skills. Report issues grouped by severity:
BLOCKER — Must fix before merge:
- Security issues (auth bypass, injection, exposed secrets)
- Broken dependency rule (app/ importing from features/ internals, shared code importing features/)
'use client'on a component that doesn't need interactivity- Business logic in route files (app/)
- Missing Zod validation in Server Actions
- Hardcoded colors instead of Tailwind theme classes
- DRY violations: 3+ occurrences of the same pattern without extraction
- Throwing exceptions from Server Actions (return errors as data)
WARNING — Should fix:
- Anti-patterns from loaded React/Next.js skills
- Over-engineering or AI slop (unnecessary abstractions, defensive code)
- Missing
revalidatePath()beforeredirect()in actions - Relative imports going up more than one level
- Memoization issues (unnecessary useMemo/useCallback, missing where needed)
- KISS violations: overly complex solutions for simple problems
- YAGNI violations: building features before they're needed
INFO — Consider:
- Simplification opportunities from
code-simplifier - Performance patterns from
vercel-react-best-practices - Testing gaps
- SRP violations: functions/components doing too many things
Phase 4: Report
Output a structured report:
## Guard Report
### Files reviewed
- list of files
### BLOCKER (X)
- [file:line] description — skill reference
### WARNING (X)
- [file:line] description — skill reference
### INFO (X)
- [file:line] description — skill reference
### Verdict
PASS / PASS WITH WARNINGS / BLOCKED
Key Rules from CLAUDE.md to Always Check
These are the most commonly violated project conventions:
- Dependency rule:
app/ -> features/ -> components/, lib/, types/ - Thin route files: No business logic in
app/— import and render only - Feature public API: Cross-feature imports MUST go through
index.ts - No relative imports going up more than one level
- Server Components by default —
'use client'only when needed - Zod validation in all Server Actions
- Return errors as data from Server Actions, not exceptions
- kebab-case for all files and directories
@/path alias always — never../../- No hardcoded hex colors — use Tailwind theme classes
- DRY — extract patterns repeated 3+ times
- KISS — simplest solution that works
- SRP — one responsibility per function/component
More from b4r7x/agent-skills
react-design-patterns
Use when choosing a React component pattern — custom hooks, control props, compound components, headless components, render props, container/presentational, or other architectural patterns. Includes 13 patterns with decision guide and 2025 popularity ranking.
26human-commit
Generates human-like git commit messages based on staged or unstaged changes. Reads git diff, analyzes what changed, and outputs 3 natural commit message options that sound like they were written by a developer — not AI. This skill should be used when the user wants a commit message, asks "what should I write for commit", "generate commit message", "human like commit", "wiadomość do commita", or just asks for help committing.
24humanize-readme
Rewrites a README.md to remove AI slop — buzzwords, generic openers, fake enthusiasm, and formulaic structure — replacing it with direct, honest, human-sounding writing. This skill should be used when the user wants to humanize a README, remove AI-generated writing patterns, make documentation sound less like ChatGPT wrote it, or asks to "fix the README", "humanize readme", "remove AI slop", "make it sound human".
24improve-prompt
Transforms a rough, unpolished prompt idea into a precise, structured AI coding prompt. Automatically researches the current project context (stack, file structure, conventions, git history) before generating. This skill should be used when the user provides a vague or "dirty" prompt idea and asks to refine, improve, or rewrite it — e.g. "improve this prompt", "refine my prompt", "ulepszony prompt", "dopracuj prompt", or simply describes what they want done in rough terms.
23react-anti-patterns
Use when reviewing React code — especially AI-generated code — to catch common anti-patterns. Covers 18 anti-patterns with detection difficulty, including stale closures, state mutation, useEffect abuse, and boolean explosion.
21deep-plan
Takes a rough, unpolished prompt idea and autonomously turns it into an implementation plan. Researches the project deeply, asks clarifying questions, generates a precise internal prompt, then executes it to produce a structured plan with todos. Designed for plan mode. Use when the user gives a vague feature request, rough idea, or "dirty" prompt and wants a ready-to-execute implementation plan — e.g. "plan this", "deep plan", "turn this into a plan", "zaplanuj to", "zrób plan".
19