Why Use This This skill provides specialized capabilities for ananddtyagi's codebase.
Use Cases Developing new features in the ananddtyagi repository Refactoring existing code to follow ananddtyagi standards Understanding and working with ananddtyagi's codebase structure
Install Guide 2 steps 1 2 Install inside Ananke
Click Install Skill, paste the link below, then press Install.
https://github.com/ananddtyagi/cc-marketplace/tree/main/plugins/claude-dev-infrastructure/skills/data-safety-auditor Skill Snapshot Auto scan of skill assets. Informational only.
Valid SKILL.md Checks against SKILL.md specification
Updated At Dec 25, 2025, 07:21 AM
SKILL.md 208 Lines
Total Files 4
Total Size 6.2 KB
License NOASSERTION
---
name: data-safety-auditor
emoji: "🛡️"
description: Comprehensive data safety auditor for Vue 3 + Pinia + IndexedDB + PouchDB applications. Detects data loss risks, sync issues, race conditions, and browser-specific vulnerabilities with actionable remediation guidance.
triggers:
- "audit data safety"
- "check data loss risks"
- "data safety auditor"
- "activate data-safety-auditor"
keywords:
- data safety
- data loss
- IndexedDB
- LocalForage
- PouchDB
- CouchDB
- sync
- persistence
- Safari ITP
- quota
- backup
- integrity
activation_count: 0
last_used: null
related_skills:
- indexeddb-backup-debugger
- comprehensive-system-analyzer
- qa-testing
- couchdb-cross-device-sync
---
# Data Safety Auditor
**Purpose**: Comprehensive audit tool that identifies data loss risks in Vue 3 + Pinia + IndexedDB + PouchDB applications with actionable remediation guidance.
## Philosophy
This skill provides **rigorous data safety analysis** with:
- **Zero tolerance for data loss** - Identifies every potential failure point
- **Complete coverage** - Storage, sync, hydration, integrity, testing
- **Evidence-based findings** - Code locations, patterns, severity
- **Actionable fixes** - Specific remediation with code examples
- **Test generation** - Creates missing safety tests
## What It Detects
### CRITICAL Risks (Deployment Blockers)
- `QUOTA_EXCEEDED` - Storage full, data can't save
- `SAFARI_ITP_EXPIRATION` - 7-day data loss on Safari
- `UNHANDLED_QUOTA_ERROR` - QuotaExceededError not caught
- `NO_CONFLICT_RESOLUTION` - PouchDB conflicts not handled
- `NON_ATOMIC_UPDATES` - Multi-item updates can partially fail
### HIGH Risks (Must Fix)
- `HYDRATION_RACE_CONDITION` - Pinia data loads after render
- `NO_SYNC_ERROR_HANDLING` - Sync failures silently fail
- `INCOMPLETE_SYNC_UNDETECTED` - Stranded data not detected
- `RACE_CONDITION_SAME_KEY` - Concurrent LocalForage writes
- `UNHANDLED_STORAGE_ERROR` - Storage calls have no try/catch
### MEDIUM Risks (Should Fix)
- `NO_CHECKSUM_VERIFICATION` - Data corruption undetected
- `NO_PRIVATE_MODE_HANDLING` - Private mode data loss unhandled
- `NO_PERSISTENT_STORAGE_REQUEST` - PWA not requesting persist
- `STORAGE_PARTITIONING_UNACCOUNTED` - iframe storage isolated
- `DRIVER_VALIDATION_MISSING` - LocalForage driver not checked
### LOW Risks (Consider Fixing)
- `NO_PERSISTENCE_TESTS` - Missing persistence test coverage
- `NO_OFFLINE_TESTS` - Offline sync not tested
- `MISSING_SAFARI_TESTS` - Safari-specific tests missing
## Detection Categories
### A. Browser-Specific Data Loss Vectors
- Storage quota limits and eviction policies per browser
- Safari ITP 7-day storage limitations
- Private/incognito mode behavior
- Storage partitioning impacts
### B. Storage-Specific Patterns
- LocalForage race conditions
- Concurrent write conflicts
- Driver fallback behavior
- Configuration issues
### C. Sync Patterns
- PouchDB/CouchDB conflict detection
- Network failure handling
- Incomplete sync detection
- Sync integrity verification
### D. Vue/Pinia Risks
- Hydration race conditions
- beforeRestore/afterRestore hooks
- Object reference breakage
- Multiple persistence sources
### E. Data Integrity Checks
- Schema validation on load
- Checksum verification
- Corruption detection
- Backup/recovery validation
### F. Testing & Compliance
- Persistence test coverage
- Quota failure tests
- OWASP compliance
- GDPR data integrity
## Usage
```javascript
const auditor = new DataSafetyAuditor();
// Full project audit
const report = await auditor.auditVueApp('./src');
console.log(report.toConsole());
// Targeted audits
const quotaFindings = await auditor.checkQuotaRisks(codeAST);
const itpFindings = await auditor.checkSafariCompat(codeAST);
const piniaFindings = await auditor.checkPiniaPersistence(piniaStore);
const syncFindings = await auditor.checkSyncIntegrity(pouchdbCode);
// Generate missing tests
const tests = await auditor.generateTestSuite();
// Get detailed remediation
const fixes = await auditor.suggestRemediations(findings);
```
## Report Formats
- **Console** - Colored, readable CLI output with severity indicators
- **JSON** - Machine-readable for CI/CD integration
- **Markdown** - Documentation and reports
- **HTML** - Interactive dashboard view
## Deployment Gate
The auditor enforces deployment gates:
- **CRITICAL findings** = Deployment blocked
- **HIGH findings** = Warning, recommend fixing
- **MEDIUM/LOW** = Information only
## When to Use
Use this skill when:
- Before deploying to production
- After adding new persistence features
- When debugging data loss issues
- During code review of storage code
- Setting up CI/CD quality gates
- Auditing third-party storage libraries
## Integration
### CI/CD Pipeline
```javascript
const report = await auditor.auditVueApp('./src');
if (report.hasBlockers()) {
console.error('DEPLOYMENT BLOCKED: Critical data safety issues found');
process.exit(1);
}
```
### Custom Rules
```javascript
auditor.rules.addRule('MUST_USE_ENCRYPTION', (code) => {
if (code.includes('sensitive_data') && !code.includes('crypto.subtle')) {
return { severity: 'CRITICAL', msg: 'Sensitive data must be encrypted' };
}
});
```
---
## MANDATORY USER VERIFICATION REQUIREMENT
### Policy: No Safety Claims Without User Confirmation
**CRITICAL**: Before claiming ANY data safety issue is "fixed", "resolved", or "safe", the following verification protocol is MANDATORY:
#### Step 1: Technical Verification
- Run full audit with all detectors
- Verify no CRITICAL or HIGH findings
- Take screenshots/evidence of clean audit
#### Step 2: User Verification Request
**REQUIRED**: Use the `AskUserQuestion` tool to explicitly ask the user to verify:
```
"I've completed the data safety audit. Before confirming your app is safe, please verify:
1. [Specific storage operations to test]
2. [Sync scenarios to test]
3. [Browser-specific tests to run]
Please confirm the data persists correctly, or let me know what's failing."
```
#### Step 3: Wait for User Confirmation
- **DO NOT** claim app is "data safe" until user confirms
- **DO NOT** approve deployment without user verification
- **DO NOT** skip any CRITICAL finding verification
**Remember: The user is the final authority on data safety. No exceptions.**
