Data Safety Auditor
Purpose: Comprehensive audit tool that identifies data loss risks in Vue 3 + Pinia + IndexedDB + PouchDB applications with actionable remediation guidance.
Philosophy
This skill provides rigorous data safety analysis with:
-
Zero tolerance for data loss - Identifies every potential failure point
-
Complete coverage - Storage, sync, hydration, integrity, testing
-
Evidence-based findings - Code locations, patterns, severity
-
Actionable fixes - Specific remediation with code examples
-
Test generation - Creates missing safety tests
What It Detects
CRITICAL Risks (Deployment Blockers)
-
QUOTA_EXCEEDED
-
Storage full, data can't save
-
SAFARI_ITP_EXPIRATION
-
7-day data loss on Safari
-
UNHANDLED_QUOTA_ERROR
-
QuotaExceededError not caught
-
NO_CONFLICT_RESOLUTION
-
PouchDB conflicts not handled
-
NON_ATOMIC_UPDATES
-
Multi-item updates can partially fail
HIGH Risks (Must Fix)
-
HYDRATION_RACE_CONDITION
-
Pinia data loads after render
-
NO_SYNC_ERROR_HANDLING
-
Sync failures silently fail
-
INCOMPLETE_SYNC_UNDETECTED
-
Stranded data not detected
-
RACE_CONDITION_SAME_KEY
-
Concurrent LocalForage writes
-
UNHANDLED_STORAGE_ERROR
-
Storage calls have no try/catch
MEDIUM Risks (Should Fix)
-
NO_CHECKSUM_VERIFICATION
-
Data corruption undetected
-
NO_PRIVATE_MODE_HANDLING
-
Private mode data loss unhandled
-
NO_PERSISTENT_STORAGE_REQUEST
-
PWA not requesting persist
-
STORAGE_PARTITIONING_UNACCOUNTED
-
iframe storage isolated
-
DRIVER_VALIDATION_MISSING
-
LocalForage driver not checked
LOW Risks (Consider Fixing)
-
NO_PERSISTENCE_TESTS
-
Missing persistence test coverage
-
NO_OFFLINE_TESTS
-
Offline sync not tested
-
MISSING_SAFARI_TESTS
-
Safari-specific tests missing
Detection Categories
A. Browser-Specific Data Loss Vectors
-
Storage quota limits and eviction policies per browser
-
Safari ITP 7-day storage limitations
-
Private/incognito mode behavior
-
Storage partitioning impacts
B. Storage-Specific Patterns
-
LocalForage race conditions
-
Concurrent write conflicts
-
Driver fallback behavior
-
Configuration issues
C. Sync Patterns
-
PouchDB/CouchDB conflict detection
-
Network failure handling
-
Incomplete sync detection
-
Sync integrity verification
D. Vue/Pinia Risks
-
Hydration race conditions
-
beforeRestore/afterRestore hooks
-
Object reference breakage
-
Multiple persistence sources
E. Data Integrity Checks
-
Schema validation on load
-
Checksum verification
-
Corruption detection
-
Backup/recovery validation
F. Testing & Compliance
-
Persistence test coverage
-
Quota failure tests
-
OWASP compliance
-
GDPR data integrity
Usage
const auditor = new DataSafetyAuditor();
// Full project audit const report = await auditor.auditVueApp('./src'); console.log(report.toConsole());
// Targeted audits const quotaFindings = await auditor.checkQuotaRisks(codeAST); const itpFindings = await auditor.checkSafariCompat(codeAST); const piniaFindings = await auditor.checkPiniaPersistence(piniaStore); const syncFindings = await auditor.checkSyncIntegrity(pouchdbCode);
// Generate missing tests const tests = await auditor.generateTestSuite();
// Get detailed remediation const fixes = await auditor.suggestRemediations(findings);
Report Formats
-
Console - Colored, readable CLI output with severity indicators
-
JSON - Machine-readable for CI/CD integration
-
Markdown - Documentation and reports
-
HTML - Interactive dashboard view
Deployment Gate
The auditor enforces deployment gates:
-
CRITICAL findings = Deployment blocked
-
HIGH findings = Warning, recommend fixing
-
MEDIUM/LOW = Information only
When to Use
Use this skill when:
-
Before deploying to production
-
After adding new persistence features
-
When debugging data loss issues
-
During code review of storage code
-
Setting up CI/CD quality gates
-
Auditing third-party storage libraries
Integration
CI/CD Pipeline
const report = await auditor.auditVueApp('./src'); if (report.hasBlockers()) { console.error('DEPLOYMENT BLOCKED: Critical data safety issues found'); process.exit(1); }
Custom Rules
auditor.rules.addRule('MUST_USE_ENCRYPTION', (code) => { if (code.includes('sensitive_data') && !code.includes('crypto.subtle')) { return { severity: 'CRITICAL', msg: 'Sensitive data must be encrypted' }; } });
MANDATORY USER VERIFICATION REQUIREMENT
Policy: No Safety Claims Without User Confirmation
CRITICAL: Before claiming ANY data safety issue is "fixed", "resolved", or "safe", the following verification protocol is MANDATORY:
Step 1: Technical Verification
-
Run full audit with all detectors
-
Verify no CRITICAL or HIGH findings
-
Take screenshots/evidence of clean audit
Step 2: User Verification Request
REQUIRED: Use the AskUserQuestion tool to explicitly ask the user to verify:
"I've completed the data safety audit. Before confirming your app is safe, please verify:
- [Specific storage operations to test]
- [Sync scenarios to test]
- [Browser-specific tests to run]
Please confirm the data persists correctly, or let me know what's failing."
Step 3: Wait for User Confirmation
-
DO NOT claim app is "data safe" until user confirms
-
DO NOT approve deployment without user verification
-
DO NOT skip any CRITICAL finding verification
Remember: The user is the final authority on data safety. No exceptions.