nextjs-secure-bff
Installation
SKILL.md
Next.js Secure BFF
Use this skill when Next.js acts as a public backend boundary, not just a rendering layer. Treat Route Handlers, Proxy, and Server Actions as externally reachable entry points that need normal backend security review.
When to Apply
Use this skill when:
- Writing or reviewing
app/**/route.ts,proxy.ts, webhook handlers, callback URLs, or BFF proxy endpoints - Designing Server Actions that mutate data or depend on authenticated users
- Moving database, secrets, or internal API access into a Next.js app
- Auditing whether data passed to Client Components is minimized and safe
- Debugging leaks through headers, serialized action results, logs, or broad DTOs
Load On Demand
Start with this file. Load detailed files only when the task needs them: