cometchat-production
Purpose
This skill teaches Claude how to harden a CometChat integration for production. It covers two critical areas:
- Token-based authentication — replacing client-side
authKeywith server-side token generation - User management — server-side CRUD for CometChat users (create on signup, update on profile change, delete on account deletion)
The cometchat-core skill's provider pattern supports both dev mode (login(uid)) and production mode (loginWithAuthToken(token)). This skill provides the server-side half: the token endpoint and user management endpoints.
1. Why production auth matters
In development mode, CometChatUIKit.login(uid) uses the authKey configured via UIKitSettingsBuilder.setAuthKey(). This key is embedded in your client-side JavaScript bundle. Anyone can open browser DevTools, find the auth key, and use it to log in as ANY user in your CometChat app. They can read private messages, send messages as other users, and access every conversation.
Production deployments MUST use server-side token generation. The auth key stays on your server. Clients receive short-lived tokens scoped to a single user. If a token leaks, the blast radius is one user session, not your entire app.
More from cometchat/cometchat-skills
cometchat
Entry-point for CometChat integration in any React, React Native, Angular, Android, Flutter, or iOS project — web (React/Next.js/React Router/Astro), React Native (Expo/bare), Angular (12-15), native Android (V5 stable, V6 beta), Flutter (V5 stable, V6 beta), and native iOS (V5 stable). Detects the framework, gathers requirements through an interactive conversation, and writes production-quality integration code.
31cometchat-react-nextjs
Integrate CometChat React UI Kit v6 into a Next.js project (App Router or Pages Router) using the @cometchat/skills-cli. Replaces the v1 prose skill once the CLI is published to npm.
12cometchat-theming
Customize CometChat UI to match the user's app design system. Covers the CSS variable cascade, preset themes, brand color overrides, design system extraction, dark mode, and framework-specific override locations.
10cometchat-react-reactjs
Integrate CometChat React UI Kit v6 into a React (Vite or CRA) project using the @cometchat/skills-cli. Replaces the v1 prose skill once the CLI is published to npm.
10cometchat-troubleshooting
Diagnose and fix problems with a CometChat integration. Runs verify checks, detects drift, queries the docs MCP for symptom-to-cause lookups, and proposes targeted fixes. Works on any state — broken, missing, or drifted integrations.
9cometchat-react-react-router
Integrate CometChat React UI Kit v6 into a React Router project (v6 or v7) using the @cometchat/skills-cli. Replaces the v1 prose skill once the CLI is published to npm.
9