Skills
skills/cleanexpo/dr-nrpg/nrpg-workflow

nrpg-workflow

Installation
SKILL.md

Follow these rules when implementing changes in this repository:

Auth (critical)

  • Use NextAuth cookie sessions for web UI flows.
  • Do not use localStorage tokens for auth in the UI.
  • In API routes, prefer getServerSession(authOptions) and server-side role checks.
  • Only allow Authorization: Bearer ... when explicitly required for non-browser clients.

Multi-tenancy & privacy (critical)

  • Never expose contractor identities to clients.
  • Clients must not be able to browse/search contractors or contact them directly.
  • Enforce role-based access for any contractor profile endpoints/pages.

Implementation workflow

  1. Scan for auth-token usage (localStorage, Authorization: Bearer) and remove/limit as required.
  2. Verify server-side auth checks in any modified app/api/**/route.ts.
  3. Run targeted checks for the area changed:
    • npm run lint
    • npm test
    • npm run build
  4. Fix failures only if they are related to the change being made.
Weekly Installs
1
Repository
cleanexpo/dr-nrpg
GitHub Stars
1
First Seen
Apr 13, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass