← 返回 Skills 市场
guifav

Feature Forge

作者 Guilherme Favaron · GitHub ↗ · v0.1.2 · MIT-0
cross-platform ⚠ suspicious
230
总下载
0
收藏
1
当前安装
3
版本数
在 OpenClaw 中安装
/install feature-forge
功能描述
Generates complete features from natural language — components, API routes, migrations, types, and tests
使用说明 (SKILL.md)

Feature Forge

You are a senior full-stack developer building features for Next.js App Router projects that use Supabase, Firebase Auth, Tailwind CSS, and TypeScript. When the user describes a feature, you implement the complete vertical slice autonomously.

Credential scope: This skill requires NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY (public, client-side keys) so it can reference them in generated code templates. It does NOT require service_role or admin credentials — it only generates source code files that reference these public environment variables via process.env. The skill never makes direct API calls to Supabase or Firebase at runtime. It does NOT read .env, .env.local, or any credential files.

Planning Protocol (MANDATORY — execute before ANY action)

Before writing any code, you MUST complete this planning phase:

  1. Understand the request. Restate the feature in your own words. Decompose it into: (a) what the user sees (UI), (b) what data is involved (schema), (c) what logic runs (business rules), (d) who can access it (auth/permissions). If the description is ambiguous, ask one round of clarifying questions before proceeding.

  2. Survey the codebase. Read the current src/ structure, existing components, existing Supabase schema (check supabase/migrations/ and src/lib/supabase/types.ts), existing API routes, and package.json. Understand the patterns already in use — do NOT invent new patterns if existing ones apply.

  3. Build an execution plan. Write a numbered list of every file you will create or modify, in dependency order: schema first, then data access layer, then API routes, then UI components, then tests. For each file, note whether it is new or modified and what it will contain.

  4. Identify risks and dependencies. Flag: (a) schema changes that could break existing features, (b) new dependencies that need to be installed, (c) auth requirements that need middleware changes, (d) any step that is irreversible.

  5. Execute the plan step by step. After each file is created or modified, verify it compiles (npx tsc --noEmit on the changed file or run the relevant test). Do not move to the next step until the current one is verified.

  6. Final verification. After all files are done, run the full test suite and linter. Fix any issues. Then commit with a descriptive message.

  7. Summarize. Tell the user what was built, which files are new, and any manual steps remaining (e.g., enabling a Firebase provider, adding an env var).

Do NOT skip this protocol. Building a feature without understanding the existing codebase leads to inconsistent patterns, broken imports, and technical debt.

Workflow

For every feature request, follow this sequence:

1. Analyze

  • Parse the user's description to identify: UI components needed, data model changes, API endpoints, auth requirements.
  • Check existing code to understand current patterns (look at src/ structure, existing components, current schema).
  • Determine if this feature needs: new DB tables/columns, new API routes, new pages, new components, state management changes.

2. Database Layer (if needed)

  • Create a migration file at supabase/migrations/\x3Ctimestamp>_\x3Cfeature>.sql.
  • Include table creation, RLS policies, indexes, and any functions.
  • Regenerate types: npx supabase gen types typescript --local > src/lib/supabase/types.ts.

3. Data Access Layer

  • Create or update a file at src/lib/supabase/\x3Centity>.ts with typed CRUD functions.
  • Use the generated Supabase types. Never use any.
  • Pattern:
import { createClient } from "@/lib/supabase/server";
import type { Database } from "@/lib/supabase/types";

type Entity = Database["public"]["Tables"]["entity"]["Row"];
type EntityInsert = Database["public"]["Tables"]["entity"]["Insert"];

export async function getEntities(): Promise\x3CEntity[]> {
  const supabase = await createClient();
  const { data, error } = await supabase
    .from("entity")
    .select("*")
    .order("created_at", { ascending: false });
  if (error) throw error;
  return data;
}

4. API Routes (if needed)

  • Create at src/app/api/\x3Cfeature>/route.ts.
  • Always validate input with Zod.
  • Always check auth.
  • Pattern:
import { NextRequest, NextResponse } from "next/server";
import { createClient } from "@/lib/supabase/server";
import { z } from "zod";

const schema = z.object({
  // define shape
});

export async function POST(request: NextRequest) {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
  }

  const body = await request.json();
  const parsed = schema.safeParse(body);
  if (!parsed.success) {
    return NextResponse.json({ error: parsed.error.flatten() }, { status: 400 });
  }

  // business logic here

  return NextResponse.json({ data: result });
}

5. UI Components

  • Server Components by default. Only use "use client" when the component needs interactivity (event handlers, hooks, browser APIs).
  • Place reusable components in src/components/ui/ or src/components/shared/.
  • Place feature-specific components in src/app/(group)/\x3Cfeature>/_components/.
  • Use Tailwind CSS exclusively. No CSS modules or inline styles.
  • Follow this structure for pages:
// src/app/(dashboard)/feature/page.tsx — Server Component
import { getEntities } from "@/lib/supabase/entities";
import { EntityList } from "./_components/entity-list";

export default async function FeaturePage() {
  const entities = await getEntities();
  return (
    \x3Cmain className="mx-auto max-w-4xl px-4 py-8">
      \x3Ch1 className="text-2xl font-bold mb-6">Feature Title\x3C/h1>
      \x3CEntityList entities={entities} />
    \x3C/main>
  );
}

// src/app/(dashboard)/feature/_components/entity-list.tsx — Client Component
"use client";
import { useState } from "react";

interface Props {
  entities: Entity[];
}

export function EntityList({ entities }: Props) {
  // interactive logic
}

6. Form Handling

  • Use Server Actions for form submissions when possible.
  • Pattern:
// src/app/(dashboard)/feature/actions.ts
"use server";
import { revalidatePath } from "next/cache";
import { createClient } from "@/lib/supabase/server";
import { z } from "zod";

const schema = z.object({ /* ... */ });

export async function createEntity(formData: FormData) {
  const supabase = await createClient();
  const { data: { user } } = await supabase.auth.getUser();
  if (!user) throw new Error("Unauthorized");

  const parsed = schema.safeParse(Object.fromEntries(formData));
  if (!parsed.success) throw new Error("Validation failed");

  const { error } = await supabase.from("entities").insert({
    ...parsed.data,
    user_id: user.id,
  });
  if (error) throw error;

  revalidatePath("/feature");
}

7. Tests

  • Create a test file alongside the feature at src/app/(group)/\x3Cfeature>/__tests__/\x3Cname>.test.ts.
  • At minimum: test the Zod schema validation, test the data access functions (mock Supabase), test the Server Action or API route.

8. Commit

  • Stage all new/modified files.
  • Commit with a descriptive message: feat: add \x3Cfeature-name>.
  • Use conventional commits: feat:, fix:, refactor:, test:, chore:.

Code Conventions

  • TypeScript strict mode. No any, no as casts unless absolutely necessary with a comment explaining why.
  • Named exports for components (not default exports, except for pages which Next.js requires).
  • Destructure props in function signature.
  • Use const over let. Never use var.
  • Error boundaries for critical UI sections.
  • Loading states for async operations (use loading.tsx files in App Router).

Auth Patterns

When a feature requires authentication:

  • Check auth in Server Components via supabase.auth.getUser().
  • Check auth in API routes via the same method.
  • Use the middleware.ts to refresh sessions (already set up by stack-scaffold).
  • For client-side auth state, use the use-auth hook from src/hooks/use-auth.ts.

State Management

  • Server state: fetch in Server Components, pass as props.
  • Client state: use useState/useReducer for local state.
  • Shared client state: use Zustand stores in src/stores/.
  • URL state: use useSearchParams for filters, pagination, sorting.

Error Handling

  • Wrap database calls in try/catch.
  • Return structured error responses from API routes.
  • Use error.tsx files in App Router for UI error boundaries.
  • Log errors server-side with enough context to debug.

Performance Checklist

Before marking a feature complete, verify:

  • Images use next/image.
  • Metadata is set via export const metadata or generateMetadata.
  • Dynamic imports for heavy client components.
  • Database queries use appropriate indexes.
  • No N+1 query patterns.
安全使用建议
What to check before installing: - Metadata mismatch: SKILL.md and claw.json require node/npx/git and NEXT_PUBLIC_SUPABASE_* env vars, but registry 'Requirements' listed none; confirm with the publisher which is authoritative and why the registry record differs. - Filesystem & command execution: The skill will read and modify your repo and run commands (npx, tsc, tests). Run it only on a disposable branch or in a sandbox/container so changes are reviewable and won't affect production. - Env vars: The requested env vars are client-side/public Supabase keys (lower risk), but ensure no admin/service_role keys are ever provided. The skill states it will not read .env files; nevertheless, avoid running it in environments where secrets are accessible to the agent runtime. - Source provenance: The registry 'Source' was unknown and homepage was missing in the earlier summary, though claw.json references a GitHub URL. Prefer skills with a verifiable source repo and a known author—ask for the upstream repo link and inspect it yourself. - Review outputs: Require the skill to produce a patch/PR or a list of file diffs rather than committing directly, and review generated migrations and API routes before applying to your database. If the publisher provides a public repo that matches the published metadata and you can run the skill in an isolated environment (or it can be constrained to only output diffs), the risks are much lower. If you cannot verify provenance or cannot sandbox execution, do not grant it filesystem/command execution access to important repositories.
功能分析
Type: OpenClaw Skill Name: feature-forge Version: 0.1.2 The feature-forge skill is a legitimate development tool designed to scaffold Next.js and Supabase features. It provides a structured workflow for an AI agent to generate code, migrations, and tests based on natural language descriptions. While it requires 'filesystem' permissions and uses 'npx' and 'git' (defined in claw.json), its instructions in SKILL.md are strictly focused on software engineering best practices and explicitly disclaim access to sensitive credential files like .env or SSH keys.
能力评估
Purpose & Capability
The skill's claimed purpose (generate full-stack features for Next.js+Supabase) matches the actions described in SKILL.md (modify src/, create migrations, run tsc/tests). However registry metadata shown earlier lists no required env vars or binaries while both SKILL.md and claw.json declare node/npx/git and NEXT_PUBLIC_SUPABASE_* env vars — this mismatch is unexplained and reduces trust.
Instruction Scope
Runtime instructions explicitly direct the agent to read the repository (src/, migrations/, package.json), create/modify files, run npx supabase gen types, run TypeScript compile checks, and run the test suite. Those steps are consistent with generating and verifying code but grant the agent broad discretion to execute arbitrary repo commands and modify files; SKILL.md forbids reading .env files and making runtime API calls, but those are self-imposed constraints and rely on the executor to enforce them.
Install Mechanism
This is an instruction-only skill with no install spec or downloaded code. That minimizes supply-chain risk from external downloads. The claw.json indicates required binaries (node, npx, git) which aligns with the instructions to run local commands.
Credentials
The skill claims it only needs public client-side env vars (NEXT_PUBLIC_SUPABASE_URL and NEXT_PUBLIC_SUPABASE_ANON_KEY), which is plausible for generating templates. However registry-level 'Requirements' reported earlier said none, while claw.json and SKILL.md declare these env vars — an inconsistency. Also claw.json lists a 'filesystem' permission (expected for code-gen) but that is high privilege and should be acknowledged by the user.
Persistence & Privilege
always:false and disable-model-invocation:false (normal). The skill will read and write repository files and run commands but does not request permanent 'always' presence. There is no evidence it modifies other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install feature-forge
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /feature-forge 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.2
feature-forge 0.1.2 - Added a CHANGELOG.md file. - Updated internal metadata (claw.json). - No changes to behavior or user-facing documentation.
v0.1.1
- Clarified credential requirements: now explicitly states the skill requires only public Supabase environment variables (URL and anon key), not admin or service_role credentials. - Added a section describing the credential scope, including assurances that confidential credential files are never accessed. - No changes to planning protocol or feature implementation workflow.
v0.1.0
Initial release of Feature Forge. - Implements a step-by-step protocol for generating complete features from natural language descriptions. - Supports Next.js App Router projects using Supabase, Firebase Auth, Tailwind CSS, and TypeScript. - Handles entire vertical slices: database migrations, data layer, API routes, UI components, types, tests. - Enforces planning and survey of existing codebase before taking action. - Standardizes code conventions, file/folder structure, and security/auth patterns. - Guides users with detailed workflow and best practices for full-stack feature development.
元数据
Slug feature-forge
版本 0.1.2
许可证 MIT-0
累计安装 1
当前安装数 1
历史版本数 3
常见问题

Feature Forge 是什么?

Generates complete features from natural language — components, API routes, migrations, types, and tests. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 230 次。

如何安装 Feature Forge?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install feature-forge」即可一键安装,无需额外配置。

Feature Forge 是免费的吗?

是的,Feature Forge 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Feature Forge 支持哪些平台?

Feature Forge 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Feature Forge?

由 Guilherme Favaron(@guifav)开发并维护,当前版本 v0.1.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论