auth

This skill provides a robust framework for implementing authentication and payment processing within your application. Designed for developers working on secure user-facing features, it acts as a gatekeeper to ensure that sensitive operations like login, subscription management, and transaction handling follow industry best practices. By centralizing these operations, the skill helps prevent common security pitfalls associated with credential handling and financial data processing, guiding the agent to verify critical security requirements before beginning any code implementation.

• Full support for modern authentication providers including Clerk and Supabase Auth, ensuring secure session management.

• Deep integration with Stripe for payment processing, including subscription management and secure checkout flows.

• Mandatory security gate (Step 0) that forces a review of critical safety checklists before tool usage.

• Automated verification of security controls such as bcrypt/argon2 password hashing, HTTPOnly cookie utilization, and CSRF protection.

• Payment-specific safeguards, including webhook signature verification and server-side amount validation to prevent tampering.

• Standardized error handling patterns designed to minimize information leakage through excessive detail.

• Always load this skill when the user mentions login, authentication, payments, subscriptions, or Stripe usage.

• Do not use this skill for general UI implementation, basic database design, or non-auth-related feature development.

• Refer to the provided documentation in references/authentication.md and references/payments.md for specific implementation details.

• Ensure that all card information is handled via SDKs and never stored on the application server.

• Always output the security checklist and注意 level notifications as part of the initial development plan to ensure transparency regarding potential security risks.