FastMCP FastMCP
Sign In

ananddtyagi / data-safety-auditor

Comprehensive data safety auditor for Vue 3 + Pinia + IndexedDB + PouchDB applications. Detects data loss risks, sync issues, race conditions, and browser-specific vulnerabilities with actionable remediation guidance.

Security Data & Analytics
0 views
0 installs
Source: https://github.com/ananddtyagi/cc-marketplace/tree/main/plugins/claude-dev-infrastructure/skills/data-safety-auditor

Skill Content

---
name: data-safety-auditor
emoji: "🛡️"
description: Comprehensive data safety auditor for Vue 3 + Pinia + IndexedDB + PouchDB applications. Detects data loss risks, sync issues, race conditions, and browser-specific vulnerabilities with actionable remediation guidance.
triggers:
  - "audit data safety"
  - "check data loss risks"
  - "data safety auditor"
  - "activate data-safety-auditor"
keywords:
  - data safety
  - data loss
  - IndexedDB
  - LocalForage
  - PouchDB
  - CouchDB
  - sync
  - persistence
  - Safari ITP
  - quota
  - backup
  - integrity
activation_count: 0
last_used: null
related_skills:
  - indexeddb-backup-debugger
  - comprehensive-system-analyzer
  - qa-testing
  - couchdb-cross-device-sync
---

# Data Safety Auditor

**Purpose**: Comprehensive audit tool that identifies data loss risks in Vue 3 + Pinia + IndexedDB + PouchDB applications with actionable remediation guidance.

## Philosophy

This skill provides **rigorous data safety analysis** with:
- **Zero tolerance for data loss** - Identifies every potential failure point
- **Complete coverage** - Storage, sync, hydration, integrity, testing
- **Evidence-based findings** - Code locations, patterns, severity
- **Actionable fixes** - Specific remediation with code examples
- **Test generation** - Creates missing safety tests

## What It Detects

### CRITICAL Risks (Deployment Blockers)
- `QUOTA_EXCEEDED` - Storage full, data can't save
- `SAFARI_ITP_EXPIRATION` - 7-day data loss on Safari
- `UNHANDLED_QUOTA_ERROR` - QuotaExceededError not caught
- `NO_CONFLICT_RESOLUTION` - PouchDB conflicts not handled
- `NON_ATOMIC_UPDATES` - Multi-item updates can partially fail

### HIGH Risks (Must Fix)
- `HYDRATION_RACE_CONDITION` - Pinia data loads after render
- `NO_SYNC_ERROR_HANDLING` - Sync failures silently fail
- `INCOMPLETE_SYNC_UNDETECTED` - Stranded data not detected
- `RACE_CONDITION_SAME_KEY` - Concurrent LocalForage writes
- `UNHANDLED_STORAGE_ERROR` - Storage calls have no try/catch

### MEDIUM Risks (Should Fix)
- `NO_CHECKSUM_VERIFICATION` - Data corruption undetected
- `NO_PRIVATE_MODE_HANDLING` - Private mode data loss unhandled
- `NO_PERSISTENT_STORAGE_REQUEST` - PWA not requesting persist
- `STORAGE_PARTITIONING_UNACCOUNTED` - iframe storage isolated
- `DRIVER_VALIDATION_MISSING` - LocalForage driver not checked

### LOW Risks (Consider Fixing)
- `NO_PERSISTENCE_TESTS` - Missing persistence test coverage
- `NO_OFFLINE_TESTS` - Offline sync not tested
- `MISSING_SAFARI_TESTS` - Safari-specific tests missing

## Detection Categories

### A. Browser-Specific Data Loss Vectors
- Storage quota limits and eviction policies per browser
- Safari ITP 7-day storage limitations
- Private/incognito mode behavior
- Storage partitioning impacts

### B. Storage-Specific Patterns
- LocalForage race conditions
- Concurrent write conflicts
- Driver fallback behavior
- Configuration issues

### C. Sync Patterns
- PouchDB/CouchDB conflict detection
- Network failure handling
- Incomplete sync detection
- Sync integrity verification

### D. Vue/Pinia Risks
- Hydration race conditions
- beforeRestore/afterRestore hooks
- Object reference breakage
- Multiple persistence sources

### E. Data Integrity Checks
- Schema validation on load
- Checksum verification
- Corruption detection
- Backup/recovery validation

### F. Testing & Compliance
- Persistence test coverage
- Quota failure tests
- OWASP compliance
- GDPR data integrity

## Usage

```javascript
const auditor = new DataSafetyAuditor();

// Full project audit
const report = await auditor.auditVueApp('./src');
console.log(report.toConsole());

// Targeted audits
const quotaFindings = await auditor.checkQuotaRisks(codeAST);
const itpFindings = await auditor.checkSafariCompat(codeAST);
const piniaFindings = await auditor.checkPiniaPersistence(piniaStore);
const syncFindings = await auditor.checkSyncIntegrity(pouchdbCode);

// Generate missing tests
const tests = await auditor.generateTestSuite();

// Get detailed remediation
const fixes = await auditor.suggestRemediations(findings);
```

## Report Formats

- **Console** - Colored, readable CLI output with severity indicators
- **JSON** - Machine-readable for CI/CD integration
- **Markdown** - Documentation and reports
- **HTML** - Interactive dashboard view

## Deployment Gate

The auditor enforces deployment gates:
- **CRITICAL findings** = Deployment blocked
- **HIGH findings** = Warning, recommend fixing
- **MEDIUM/LOW** = Information only

## When to Use

Use this skill when:
- Before deploying to production
- After adding new persistence features
- When debugging data loss issues
- During code review of storage code
- Setting up CI/CD quality gates
- Auditing third-party storage libraries

## Integration

### CI/CD Pipeline
```javascript
const report = await auditor.auditVueApp('./src');
if (report.hasBlockers()) {
  console.error('DEPLOYMENT BLOCKED: Critical data safety issues found');
  process.exit(1);
}
```

### Custom Rules
```javascript
auditor.rules.addRule('MUST_USE_ENCRYPTION', (code) => {
  if (code.includes('sensitive_data') && !code.includes('crypto.subtle')) {
    return { severity: 'CRITICAL', msg: 'Sensitive data must be encrypted' };
  }
});
```

---

## MANDATORY USER VERIFICATION REQUIREMENT

### Policy: No Safety Claims Without User Confirmation

**CRITICAL**: Before claiming ANY data safety issue is "fixed", "resolved", or "safe", the following verification protocol is MANDATORY:

#### Step 1: Technical Verification
- Run full audit with all detectors
- Verify no CRITICAL or HIGH findings
- Take screenshots/evidence of clean audit

#### Step 2: User Verification Request
**REQUIRED**: Use the `AskUserQuestion` tool to explicitly ask the user to verify:

```
"I've completed the data safety audit. Before confirming your app is safe, please verify:
1. [Specific storage operations to test]
2. [Sync scenarios to test]
3. [Browser-specific tests to run]

Please confirm the data persists correctly, or let me know what's failing."
```

#### Step 3: Wait for User Confirmation
- **DO NOT** claim app is "data safe" until user confirms
- **DO NOT** approve deployment without user verification
- **DO NOT** skip any CRITICAL finding verification

**Remember: The user is the final authority on data safety. No exceptions.**