Skill Gallery
โ† Back to list
georgekhananaev

nextjs-senior-dev

by georgekhananaev

A curated collection of high impact skills for Claude Code designed to supercharge the senior full stack workflow. This vault automates the repetitive parts of development like architectural reviews, TDD cycles, and PR management so you can stay in flow. It is a force multiplier for shipping clean, production ready code at scale. ๐Ÿš€โšก๏ธ

โญ 5๐Ÿด 5๐Ÿ“… Jan 14, 2026
claudeclaude-codeclaude-commandsclaude-mcpclaude-skillsclaude-skills-hubmcp-serversopus
View on GitHubRun in Manus

SKILL.md

name: nextjs-senior-dev description: Senior Next.js 15+/16 Engineer skill for App Router. Use when scaffolding production apps, enforcing RSC patterns, auditing codebases, or optimizing performance. author: George Khananaev version: 1.3.0

Next.js Senior Developer

Transform into Senior Next.js 15+/16 Engineer for production-ready App Router applications.

When to Use

  • Scaffolding new Next.js App Router projects
  • RSC vs Client Component decisions
  • Server Actions and data fetching patterns
  • Performance optimization (CWV, bundle, caching)
  • Middleware and authentication setup
  • Next.js 15/16 migration or audit

Version Notes

VersionKey Changes
Next.js 16middleware.ts โ†’ proxy.ts, Node.js runtime only, Cache Components
Next.js 15fetch uncached by default, React 19, Turbopack stable

Triggers

CommandPurpose
/next-initScaffold new App Router project
/next-routeGenerate route folder (page, layout, loading, error)
/next-auditAudit codebase for patterns, security, performance
/next-optOptimize bundle, images, fonts, caching

Reference Files (20 Total)

Load based on task context:

Core References

CategoryReferenceWhen
Routingreferences/app_router.mdRoute groups, parallel, intercepting
Componentsreferences/components.mdRSC vs Client decision, patterns
Datareferences/data_fetching.mdfetch, cache, revalidation, streaming
Securityreferences/security.mdServer Actions, auth, OWASP
Performancereferences/performance.mdCWV, images, fonts, bundle, memory
Middlewarereferences/middleware.mdAuth, redirects, Edge vs Node

Architecture & Quality

CategoryReferenceWhen
Architecturereferences/architecture.mdFile structure, feature-sliced design
Shared Componentsreferences/shared_components.mdDRY patterns, composition, reusability
Code Qualityreferences/code_quality.mdError handling, testing, accessibility

Features & Integrations

CategoryReferenceWhen
SEO & Metadatareferences/seo_metadata.mdgenerateMetadata, sitemap, OpenGraph
Databasereferences/database.mdPrisma, Drizzle, queries, migrations
Authenticationreferences/authentication.mdAuth.js, sessions, RBAC
Formsreferences/forms.mdReact Hook Form, Zod, file uploads
i18nreferences/i18n.mdnext-intl, routing, RTL support
Real-Timereferences/realtime.mdSSE, WebSockets, polling, Pusher
API Designreferences/api_design.mdREST, tRPC, webhooks, versioning

DevOps & Migration

CategoryReferenceWhen
Deploymentreferences/deployment.mdVercel, Docker, CI/CD, env management
Monoreporeferences/monorepo.mdTurborepo, shared packages, workspaces
Migrationreferences/migration.mdPagesโ†’App Router, version upgrades
Debuggingreferences/debugging.mdDevTools, profiling, error tracking

Core Tenets

1. Server-First

Default to Server Components. Use Client only when required.

RSC when: data fetching, secrets, heavy deps, no interactivity
Client when: useState, useEffect, onClick, browser APIs

2. Component Archetypes

PatternRuntimeMust Have
page.tsxServerasync, data fetching
*.action.tsServer"use server", Zod, 7-step security
*.interactive.tsxClient"use client", event handlers
*.ui.tsxEitherPure presentation, stateless

3. 7-Step Server Action Security

"use server"
// 1. Rate limit (IP/user)
// 2. Auth verification
// 3. Zod validation (sanitize errors!)
// 4. Authorization check (IDOR prevention)
// 5. Mutation
// 6. Granular revalidateTag() (NOT revalidatePath)
// 7. Audit log (async)

4. Data Fetching Strategy

Static โ†’ generateStaticParams + fetch
ISR โ†’ fetch(url, { next: { revalidate: 60 }})
Dynamic โ†’ fetch(url, { cache: 'no-store' })
Real-time โ†’ Client fetch (SWR)

Next.js 15 Change: fetch is UNCACHED by default (opposite of 14).

5. Caching

TypeScopeInvalidation
Request MemoizationRequestAutomatic
Data CacheServerrevalidateTag()
Full Route CacheServerRebuild
Router CacheClientrouter.refresh()

Prefer revalidateTag() over revalidatePath() to avoid cache storms.

6. Feature-Sliced Architecture

For large apps (50+ routes), use domain-driven structure:

src/
โ”œโ”€โ”€ app/           # Routing only
โ”œโ”€โ”€ components/    # Shared UI (ui/, shared/)
โ”œโ”€โ”€ features/      # Business logic per domain
โ”‚   โ””โ”€โ”€ [feature]/
โ”‚       โ”œโ”€โ”€ components/
โ”‚       โ”œโ”€โ”€ actions/
โ”‚       โ”œโ”€โ”€ queries/
โ”‚       โ””โ”€โ”€ hooks/
โ”œโ”€โ”€ lib/           # Global utilities
โ””โ”€โ”€ types/         # Global types

7. Component Sharing Rules

Used 3+ places?Contains business logic?Action
YesNoMove to components/ui/ or shared/
YesYesKeep in features/
NoAnyKeep local (_components/)

8. State Management Hierarchy

State TypeToolExample
URL StatesearchParamsFilters, pagination
Server StateServer ComponentsUser data, posts
Form StateuseFormStateForm submissions
UI StateuseStateModals, dropdowns
Shared ClientContext/ZustandTheme, cart

Rule: Prefer URL state for shareable/bookmarkable state.

9. DRY with createSafeAction

// lib/safe-action.ts - Reuse for all Server Actions
export const createPost = createSafeAction(schema, handler, {
  revalidateTags: ["posts"]
})

Eliminates duplicate auth/validation/error handling.

Anti-Patterns

Don'tDo
"use client" at tree rootPush boundary down to leaves
API routes for server dataDirect DB in Server Components
useEffect for fetchingServer Component async fetch
revalidatePath('/')Granular revalidateTag()
Trust middleware aloneValidate at data layer too
Prop drill 5+ levelsContext or composition
any typesProper types or unknown
Barrel exports in featuresDirect imports
localStorage for authhttpOnly cookies
Global caches (memory leak)LRU cache or React cache()

Middleware: Deny by Default

// middleware.ts - Public routes MUST be allowlisted
const publicRoutes = ['/login', '/register', '/api/health']
if (!publicRoutes.some(r => pathname.startsWith(r))) {
  // Require auth
}

CRITICAL: Upgrade to Next.js 15.2.3+ (CVE-2025-29927 fix).

Scripts

ScriptPurpose
scripts/scaffold_route.pyGenerate route folder w/ all files

Templates

FilePurpose
templates/page.tsxStandard async page
templates/layout.tsxLayout w/ metadata
templates/action.ts7-step secure Server Action
templates/loading.tsxLoading UI skeleton
templates/error.tsxError boundary

Assets

FilePurpose
assets/next.config.tsProduction config w/ security headers
assets/middleware.tsDeny-by-default auth (Next.js 15)
assets/proxy.tsDeny-by-default auth (Next.js 16+)

Quick Reference: Senior Code Review

Before merging any PR, verify:

Performance

  • No unnecessary "use client"
  • Images use next/image with dimensions
  • Heavy components dynamic imported
  • Parallel fetching (Promise.all)

Security

  • Server Actions validate with Zod
  • Auth in actions (not just middleware)
  • IDOR prevention (user owns resource)
  • No secrets in client bundles

Architecture

  • Components in correct layer
  • No cross-feature imports
  • DRY patterns used (createSafeAction)
  • URL state for shareable state

Quality

  • No any types
  • Error boundaries present
  • Loading states for async
  • Accessibility (semantic HTML, alt text)

Score

Total Score

75/100

Based on repository quality metrics

โœ“SKILL.md

SKILL.mdใƒ•ใ‚กใ‚คใƒซใŒๅซใพใ‚Œใฆใ„ใ‚‹

+20
โœ“LICENSE

ใƒฉใ‚คใ‚ปใƒณใ‚นใŒ่จญๅฎšใ•ใ‚Œใฆใ„ใ‚‹

+10
โœ“่ชฌๆ˜Žๆ–‡

100ๆ–‡ๅญ—ไปฅไธŠใฎ่ชฌๆ˜ŽใŒใ‚ใ‚‹

+10
โ—‹ไบบๆฐ—

GitHub Stars 100ไปฅไธŠ

0/15
โœ“ๆœ€่ฟ‘ใฎๆดปๅ‹•

1ใƒถๆœˆไปฅๅ†…ใซๆ›ดๆ–ฐ

+10
โ—‹ใƒ•ใ‚ฉใƒผใ‚ฏ

10ๅ›žไปฅไธŠใƒ•ใ‚ฉใƒผใ‚ฏใ•ใ‚Œใฆใ„ใ‚‹

0/5
โœ“Issue็ฎก็†

ใ‚ชใƒผใƒ—ใƒณIssueใŒ50ๆœชๆบ€

+5
โœ“่จ€่ชž

ใƒ—ใƒญใ‚ฐใƒฉใƒŸใƒณใ‚ฐ่จ€่ชžใŒ่จญๅฎšใ•ใ‚Œใฆใ„ใ‚‹

+5
โœ“ใ‚ฟใ‚ฐ

1ใคไปฅไธŠใฎใ‚ฟใ‚ฐใŒ่จญๅฎšใ•ใ‚Œใฆใ„ใ‚‹

+5

Reviews

๐Ÿ’ฌ

Reviews coming soon