fastify-better-auth-bridge
Fastify Better Auth Bridge
Wire Better Auth session resolution into Fastify 5 via the onRequest hook. Use this when Better Auth already exists but Fastify lacks the framework bridge.
Do NOT load this skill when
- The problem is callback URL configuration, trusted origins, or provider bootstrap order
- The problem is IDCS group mapping or
org_membersprovisioning rules - The goal is to build a parallel session system alongside Better Auth
NEVER
- Never build a parallel session layer when cookie header forwarding is all that's needed — the symptom (no session) and the fix (forward cookies) are separated by two layers, making it easy to misdiagnose.
- Never enforce RBAC policy inside the bridge
onRequesthook — the bridge resolves identity, route guards enforce access. Mixing them makes both untestable. - Never share mutable array decorator defaults in Fastify 5 — arrays on the prototype are shared across all requests; use a Symbol-backed getter/setter per-request.
- Never skip the Web
Requestbridge —auth.api.getSession()requires a native Web APIRequest, not a Fastify request object. Passing the wrong type silently returns no session. - Never assume
reply.send(undefined)is safe in Fastify 5 — it throws.
The Non-Obvious Parts
More from acedergren/agentic-tools
humanizer
Use when making text sound human, removing AI tells, or fixing writing that sounds like ChatGPT. Detects and rewrites AI patterns: overused phrases (testament to, pivotal, landscape, delve), structural tells (rule of three, em dash overuse, negative parallelisms, copula avoidance), promotional language, and vague attributions. Keywords: AI-generated, humanize, writing style, natural writing, human voice, remove AI patterns, conversational tone.
38cloudflare-zero-trust
Use when working with Cloudflare Tunnel or Access - tunnel setup, authentication configuration, 502 Bad Gateway errors, Docker/Kubernetes deployment, service token management, private network routing (SSH/RDP/databases), WebSocket/gRPC connection issues, replica scaling problems, WARP routing, Terraform/IaC automation, local development with quick tunnels, audit logging setup, compliance requirements (SOC2/HIPAA), or advanced network debugging. Keywords - cloudflared, 502 error, service tokens, terraform, metrics port 20241, trycloudflare, Logpush, SIEM. CRITICAL - Authentication mandatory not optional.
25turborepo
Use when making Turborepo monorepo architecture decisions: choosing between monorepo vs polyrepo, deciding when to split packages, debugging cache misses, setting package boundaries, or avoiding circular dependencies. NOT for basic CLI syntax. Triggers on: turborepo, turbo cache miss, package boundaries, monorepo architecture.
24orchestrate
Use when executing a multi-task implementation plan with parallel agents. Coordinates task assignment, wave sequencing, heartbeat monitoring, git safety, and quality gates. Supports interactive (TeamCreate/Task) and headless (claude -p) modes. Keywords: parallel agents, wave execution, orchestrate, headless, phase execution, task plan.
23refactor-module
Use when deciding whether to extract Terraform code into a reusable module, determining module boundaries, or migrating state after modularization. Covers the refactoring decision (modularize vs inline), anti-patterns causing module sprawl, and state migration risk. Keywords: terraform module, refactor terraform, module boundaries, terraform abstraction, module sprawl, state migration, terraform state mv.
23api-audit
Use when auditing API routes for schema drift, missing auth, or validation gaps. Scans routes against shared TypeScript types to find mismatches, missing middleware, and undocumented endpoints. Read-only — produces a severity-grouped report. Keywords: audit routes, schema drift, auth gaps, missing validation, type mismatch, orphaned schemas.
22