Agent-Skills.md

Agent Skills: Data Access Layer (DAL)

Build secure, reusable data access patterns with DTOs, taint checks, and colocated authorization in Next.js. Use when centralizing database queries, transforming raw data to DTOs, adding server-only guards, or preventing sensitive data from reaching Client Components. (triggers: **/lib/data.ts, **/services/*.ts, **/dal/**, DAL, Data Access Layer, server-only, DTO)

UncategorizedID: hoangnguyen0403/agent-skills-standard/nextjs-data-access-layer

Repository

hoangnguyen0403/agent-skills-standard
HoangNguyen0403License: Apache-2.0
362103

Install this agent skill to your local

pnpm dlx add-skill https://github.com/HoangNguyen0403/agent-skills-standard/tree/HEAD/skills/nextjs/nextjs-data-access-layer

Skill Files

Browse the full folder contents for nextjs-data-access-layer.

Download Skill

Loading file tree…

skills/nextjs/nextjs-data-access-layer/SKILL.md

Skill Metadata

Name
nextjs-data-access-layer
Description
"Build secure, reusable data access patterns with DTOs, taint checks, and colocated authorization in Next.js. Use when centralizing database queries, transforming raw data to DTOs, adding server-only guards, or preventing sensitive data from reaching Client Components. (triggers: **/lib/data.ts, **/services/*.ts, **/dal/**, DAL, Data Access Layer, server-only, DTO)"

Data Access Layer (DAL)

Priority: P1 (HIGH)

Centralize all data access (Database & External APIs) to ensure consistent security, authorization, and caching.

Workflow

  1. Create DAL module in services/ or lib/data.ts with import 'server-only'.
  2. Verify auth inside every DAL function using await auth().
  3. Transform raw DB/API data into DTOs before returning to components.
  4. Wrap with cache() from React to deduplicate requests within a render cycle.
  5. Taint-check sensitive objects to prevent accidental client exposure.

See implementation examples

Implementation Guidelines

  • DTOs: Always transform raw data into plain objects. Never return ORM model instances.
  • Security: Use taintObjectReference or taintUniqueValue from the experimental taint API to guard sensitive data.
  • Authorization: Colocate auth checks inside every DAL function. Never rely on the UI layer.
  • Caching: Wrap DAL functions in cache() to deduplicate within a single render.
  • Error Handling: Throw standardized errors (NotFoundError, UnauthorizedError) caught by error.tsx or notFound().

Limitations

  • Client Components cannot import DAL files. Use Server Actions or Route Handlers as bridges.

Anti-Patterns

  • No auth checks outside DAL: Auth verification must live inside DAL functions.
  • No raw ORM instances returned: Transform to plain DTO objects before returning.
  • No fetch('localhost/api') in Server Components: Call DAL functions directly.
  • No DAL imports in Client Components: Use Server Actions or Route Handlers as bridges.