| name | firebase-cloud-functions |
| description | Use for Firebase Cloud Functions callable functions, HTTP functions, triggers, server-side validation, security, deployment and local testing. |
Purpose
Move privileged or trusted logic server-side while keeping Android clients simple.
When to use
- Adding callable or HTTP functions.
- Adding Firestore/Auth triggers.
- Validating operations that rules cannot express.
- Testing functions locally.
Inputs to inspect
- Use case and trust boundary.
- Input schema and auth/role requirements.
- Runtime, region and emulator setup.
- Android caller contract.
Required workflow
- Choose callable, HTTP or trigger based on caller and event source.
- Define input/output and error contract.
- Validate auth, roles and data server-side.
- Test locally with Emulator Suite.
- Document deploy command and rollback risk.
Rules
- Do not use functions as an insecure bypass.
- Validate every input.
- Do not log secrets or sensitive payloads.
- Make idempotency explicit for triggers.
- Control region and cost implications.
Related existing skills
Local skills to invoke
- firebase-core
- firestore
- security-privacy
- firebase-emulator-ci
- testing
External companion skills to use when installed
Do not assume these companion skills are installed. Prefer the local skills above first, then consult Companion Skills for install and verification commands.
- firebase/agent-skills โ use for deeper Firebase product, Firestore, Security Rules or emulator workflow guidance when installed.
Files commonly touched
functions/src/*
firebase.json
firestore.rules
Android repository/service caller
function tests
Commands to validate
npm test
firebase emulators:start --only functions,firestore
firebase emulators:exec "npm test"
firebase deploy --only functions:<name>
Common mistakes to avoid
- No auth checks.
- Returning inconsistent error shapes.
- Deploying without emulator test.
- Creating duplicate writes from non-idempotent triggers.
Checklist
- Auth checked.
- Input validated.
- Errors typed.
- Emulator tested.
- Deploy command documented.
Example prompts
- Use $super-android-kotlin-firebase to create a callable invite validation function.
- Use $super-android-kotlin-firebase to review this Firestore trigger.
Expected response style
Respond with: brief diagnosis, change plan, affected files, code or diff summary, validation commands, tests added or recommended, risks, and next step. For review tasks, lead with findings ordered by severity.
References
- ../../docs/audits/FUENTES_LOCALES.md
- references/functions-validation-and-emulator.md
- templates/cloud-functions-template.md