Curated library of 38 atomic skills, 7 personas, and 1 orchestrator for Elixir and Phoenix development. Organized by category: fundamentals, phoenix, database, testing, auth, infrastructure, quality, security, integrations, tooling, frameworks, personas, and orchestration. Covers core Elixir patterns, Phoenix LiveView, Ecto, OTP, Oban, testing, security, deployment, real-time, and modern tooling (Req, Swoosh, Cachex, Broadway, Ash).
91
91%
Does it follow best practices?
Impact
91%
1.37xAverage score across 56 eval scenarios
Advisory
Suggest reviewing before use
Notara is a note-taking SaaS that has been running as a full Phoenix web app (HTML/LiveView). The product team has approved a mobile client, and the mobile engineering team needs a JSON API to support it. The existing app already has user authentication and a notes context (MyApp.Notes) with basic CRUD, but the API surface doesn't exist yet.
You've been handed the story: implement the JSON API layer so the mobile team can build against it. The API must support listing a user's notes (with optional keyword search and pagination), retrieving a single note, creating a note, and deleting a note. Authentication is via Bearer tokens that clients send in the Authorization header. The mobile team will be calling these endpoints from devices with variable connectivity, so the API must return consistent, predictable JSON error shapes for all failure modes.
A known previous incident involved a text-search endpoint that was built by concatenating user input directly into a query string, which caused a security regression when the feature shipped. The team lead has asked that whoever implements this takes care to avoid that class of bug — the search term comes from untrusted user input.
Implement the following Elixir source files. Do not create a mix project scaffold — write only the application source files:
lib/my_app_web/router.ex — router with the appropriate pipeline and versioned route scopelib/my_app_web/controllers/fallback_controller.ex — handles error tuples and renders consistent JSON error responseslib/my_app_web/controllers/api/v1/notes_controller.ex — controller with index, show, create, and delete actionslib/my_app_web/plugs/api_auth.ex — a Plug that extracts and verifies the Bearer token from the Authorization headerlib/my_app/notes.ex — context module with list_notes/2 (supports search and pagination), get_note/2, create_note/2, and delete_note/2Write a notes_api_summary.md file summarising the design decisions made in the implementation (pipeline choice, versioning approach, error handling pattern, query safety approach, auth token comparison approach).
.tessl-plugin
evals
scenario-1
scenario-2
scenario-3
scenario-4
scenario-5
scenario-6
scenario-7
scenario-8
scenario-9
scenario-10
scenario-11
scenario-12
scenario-13
scenario-14
scenario-15
scenario-16
scenario-17
scenario-18
scenario-19
scenario-20
scenario-21
scenario-22
scenario-23
scenario-24
scenario-25
scenario-26
scenario-27
scenario-28
scenario-29
scenario-30
scenario-31
scenario-32
scenario-33
scenario-34
scenario-35
scenario-36
scenario-37
scenario-38
scenario-39
scenario-40
scenario-41
scenario-42
scenario-43
scenario-44
scenario-45
scenario-46
scenario-47
scenario-48
scenario-49
scenario-50
scenario-51
scenario-52
scenario-53
scenario-54
scenario-55
scenario-56
skills
frameworks
ash-framework
infrastructure
orchestration
elixir-skill-router
personas
phoenix
quality
security
security-essentials
tooling
mix-tasks-generators