陌讯skills聚合平台

data-safety-auditor

📁 ananddtyagi/cc-marketplace 📅 Jan 24, 2026
12
总安装量
8
周安装量
#25953
全站排名
安装命令
npx skills add https://github.com/ananddtyagi/cc-marketplace --skill data-safety-auditor

Agent 安装分布

antigravity 6
claude-code 6
gemini-cli 5
codex 5
opencode 5

Skill 文档

Data Safety Auditor

Purpose: Comprehensive audit tool that identifies data loss risks in Vue 3 + Pinia + IndexedDB + PouchDB applications with actionable remediation guidance.

Philosophy

This skill provides rigorous data safety analysis with:

  • Zero tolerance for data loss – Identifies every potential failure point
  • Complete coverage – Storage, sync, hydration, integrity, testing
  • Evidence-based findings – Code locations, patterns, severity
  • Actionable fixes – Specific remediation with code examples
  • Test generation – Creates missing safety tests

What It Detects

CRITICAL Risks (Deployment Blockers)

  • QUOTA_EXCEEDED – Storage full, data can’t save
  • SAFARI_ITP_EXPIRATION – 7-day data loss on Safari
  • UNHANDLED_QUOTA_ERROR – QuotaExceededError not caught
  • NO_CONFLICT_RESOLUTION – PouchDB conflicts not handled
  • NON_ATOMIC_UPDATES – Multi-item updates can partially fail

HIGH Risks (Must Fix)

  • HYDRATION_RACE_CONDITION – Pinia data loads after render
  • NO_SYNC_ERROR_HANDLING – Sync failures silently fail
  • INCOMPLETE_SYNC_UNDETECTED – Stranded data not detected
  • RACE_CONDITION_SAME_KEY – Concurrent LocalForage writes
  • UNHANDLED_STORAGE_ERROR – Storage calls have no try/catch

MEDIUM Risks (Should Fix)

  • NO_CHECKSUM_VERIFICATION – Data corruption undetected
  • NO_PRIVATE_MODE_HANDLING – Private mode data loss unhandled
  • NO_PERSISTENT_STORAGE_REQUEST – PWA not requesting persist
  • STORAGE_PARTITIONING_UNACCOUNTED – iframe storage isolated
  • DRIVER_VALIDATION_MISSING – LocalForage driver not checked

LOW Risks (Consider Fixing)

  • NO_PERSISTENCE_TESTS – Missing persistence test coverage
  • NO_OFFLINE_TESTS – Offline sync not tested
  • MISSING_SAFARI_TESTS – Safari-specific tests missing

Detection Categories

A. Browser-Specific Data Loss Vectors

  • Storage quota limits and eviction policies per browser
  • Safari ITP 7-day storage limitations
  • Private/incognito mode behavior
  • Storage partitioning impacts

B. Storage-Specific Patterns

  • LocalForage race conditions
  • Concurrent write conflicts
  • Driver fallback behavior
  • Configuration issues

C. Sync Patterns

  • PouchDB/CouchDB conflict detection
  • Network failure handling
  • Incomplete sync detection
  • Sync integrity verification

D. Vue/Pinia Risks

  • Hydration race conditions
  • beforeRestore/afterRestore hooks
  • Object reference breakage
  • Multiple persistence sources

E. Data Integrity Checks

  • Schema validation on load
  • Checksum verification
  • Corruption detection
  • Backup/recovery validation

F. Testing & Compliance

  • Persistence test coverage
  • Quota failure tests
  • OWASP compliance
  • GDPR data integrity

Usage

const auditor = new DataSafetyAuditor();

// Full project audit
const report = await auditor.auditVueApp('./src');
console.log(report.toConsole());

// Targeted audits
const quotaFindings = await auditor.checkQuotaRisks(codeAST);
const itpFindings = await auditor.checkSafariCompat(codeAST);
const piniaFindings = await auditor.checkPiniaPersistence(piniaStore);
const syncFindings = await auditor.checkSyncIntegrity(pouchdbCode);

// Generate missing tests
const tests = await auditor.generateTestSuite();

// Get detailed remediation
const fixes = await auditor.suggestRemediations(findings);

Report Formats

  • Console – Colored, readable CLI output with severity indicators
  • JSON – Machine-readable for CI/CD integration
  • Markdown – Documentation and reports
  • HTML – Interactive dashboard view

Deployment Gate

The auditor enforces deployment gates:

  • CRITICAL findings = Deployment blocked
  • HIGH findings = Warning, recommend fixing
  • MEDIUM/LOW = Information only

When to Use

Use this skill when:

  • Before deploying to production
  • After adding new persistence features
  • When debugging data loss issues
  • During code review of storage code
  • Setting up CI/CD quality gates
  • Auditing third-party storage libraries

Integration

CI/CD Pipeline

const report = await auditor.auditVueApp('./src');
if (report.hasBlockers()) {
  console.error('DEPLOYMENT BLOCKED: Critical data safety issues found');
  process.exit(1);
}

Custom Rules

auditor.rules.addRule('MUST_USE_ENCRYPTION', (code) => {
  if (code.includes('sensitive_data') && !code.includes('crypto.subtle')) {
    return { severity: 'CRITICAL', msg: 'Sensitive data must be encrypted' };
  }
});

MANDATORY USER VERIFICATION REQUIREMENT

Policy: No Safety Claims Without User Confirmation

CRITICAL: Before claiming ANY data safety issue is “fixed”, “resolved”, or “safe”, the following verification protocol is MANDATORY:

Step 1: Technical Verification

  • Run full audit with all detectors
  • Verify no CRITICAL or HIGH findings
  • Take screenshots/evidence of clean audit

Step 2: User Verification Request

REQUIRED: Use the AskUserQuestion tool to explicitly ask the user to verify:

"I've completed the data safety audit. Before confirming your app is safe, please verify:
1. [Specific storage operations to test]
2. [Sync scenarios to test]
3. [Browser-specific tests to run]

Please confirm the data persists correctly, or let me know what's failing."

Step 3: Wait for User Confirmation

  • DO NOT claim app is “data safe” until user confirms
  • DO NOT approve deployment without user verification
  • DO NOT skip any CRITICAL finding verification

Remember: The user is the final authority on data safety. No exceptions.

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。