Creates Postgres functions to validate storage path payloads and prevent directory traversal. Enforces tenant-safe file paths via storage RLS bucket policies. Use when configuring Supabase storage buckets, writing storage RLS policies, or implementing tenant-scoped file uploads.

Enforces that service_role key is never exposed to client-side code. Validates admin client isolation, privileged operations routing, and server-only key usage. Use when implementing admin operations, server-side Supabase clients, or auditing service_role key usage.

Generates Postgres Auth Hook that injects tenant_id and serialized permissions into JWT app_metadata using jsonb_set. Use when implementing RBAC, multi-tenant JWT claims, custom access token hooks, or permission injection into Supabase auth tokens.

Writes and executes JavaScript-based shell scripts using Google's zx library. Use when writing shell scripts, automation, build tools, file processing, CLI tools, deployment scripts, data pipelines, or batch operations. Also covers piping, streams, parallel execution, retries, cross-platform scripting, built-in fs utilities, and minimist argument parsing.

Splits mixed Server/Client Next.js pages into clean boundaries — extracts client logic into `*Client.tsx`, rewrites `page.tsx` as a pure Server Component, flags repeated JSX for componentisation, and detects styling inconsistencies across the codebase. Trigger on: refactor requests, mixed Server/Client files, pages >200 LOC with hooks, duplicated JSX, or any style drift between components.

BEFORE manually calling cmux set-status or writing chpwd hooks for workspace coloring, use this skill. Manages workspace color rules that auto-apply based on directory patterns. Handles config creation, zsh hook installation, rule management, and on-demand workspace coloring via cmux set-status. Triggers on "cmux setup", "workspace colors", "color this workspace", "add color rule", "project colors", or any request to visually differentiate cmux workspaces.

Runs the final validation phase of a project plan by executing the full test suite, lint and format checks, removing temporary scaffolding, and writing a structured validation report with command outputs and success-criteria evidence to `context/plans/{plan_name}.md`. Use when the user wants to verify a completed implementation, confirm all success criteria are met, wrap up a plan, finalize a feature or fix, or sign off on a change before closing it out.

Runs the final validation phase of a project plan by executing the full test suite, lint and format checks, removing temporary scaffolding, and writing a structured validation report with command outputs and success-criteria evidence to `context/plans/{plan_name}.md`. Use when the user wants to verify a completed implementation, confirm all success criteria are met, wrap up a plan, finalize a feature or fix, or sign off on a change before closing it out.

Executes a single planned implementation task with a mandatory approval gate, scope guardrails, and evidence capture. Use when a user wants to implement, run, or execute a specific task from a project plan — such as coding a feature, applying a patch, or making targeted file changes — while enforcing explicit scope boundaries, a pre-implementation confirmation prompt, test/lint verification, and status tracking in context/plans/{plan_id}.md.

Executes a single planned implementation task with a mandatory approval gate, scope guardrails, and evidence capture. Use when a user wants to implement, run, or execute a specific task from a project plan — such as coding a feature, applying a patch, or making targeted file changes — while enforcing explicit scope boundaries, a pre-implementation confirmation prompt, test/lint verification, and status tracking in context/plans/{plan_id}.md.

Sets up complete evaluation pipelines for Tessl tiles from scratch. Generates eval scenarios from repo commit history, configures single or multi-agent runs, executes baseline and with-context evals, and compares results across agents and scenarios. Use when setting up evaluation pipelines, benchmarking tile performance, comparing agent performance, or generating test scenarios from git history. Also useful when starting a new evaluation workflow, running performance assessments against historical commits, or testing how well a tile improves agent outcomes.