wso2

Translate error messages (duplicate — should be skipped)

Translate error messages to user-friendly language

Summarize pull requests into concise changelog entries

Review code for security vulnerabilities using OWASP guidelines

Convert JSON payloads to Markdown tables

Generate and run unit tests for code changes

Draft release notes from recent commits

Generate Oxygen UI React components following best practices. Use when creating new components, data tables, cards, or UI elements with the Oxygen UI library.

Migrate existing MUI code to Oxygen UI patterns. Use when converting @mui/material imports, replacing MUI components, or updating to Oxygen UI conventions.

Sync AI documentation with current source code. Use when components, themes, hooks, or exports have been added, modified, or removed in the Oxygen UI package.

Generate forms with Form.* components and validation. Use when creating input forms, multi-step wizards, or form validation.

Generate application layouts with AppShell, Header, and Sidebar. Use when creating app shells, navigation structures, or dashboard layouts.

How the platform's API gateway validates JWTs, injects X-User-Id from the sub claim, attaches CORS, and how to design + write services and consumers that match. Apply to any service with exposesAPI.auth set, and to any consumer (sibling component OR external dependentApi) that calls a protected API.

Load when working a component task dispatched by WSO2 Labs Agentic Engineer. The cwd is a clone of the project's repo on its default branch; the task is anchored by a GitHub issue passed in your prompt. You create your own working branch and open the PR. Defines the workflow, the mandatory `Closes

How to build a React SPA on the platform — Vite project layout, multi-stage Dockerfile → nginx:alpine runtime, synchronous /env-config.js load before the bundle, the authoritative window._env_ key set, throw-on-missing-key rule, and stock static-only nginx config (no envsubst, no proxy). Apply to every web-app component.

How the platform's Thunder IDP is wired into SPAs that sign users in. Covers the callerIdentity.mode design field, the per-project Thunder OAuth client (BFF-owned — agent never sees client_id), the window._env_.THUNDER_* key set, and OIDC client wiring with oidc-client-ts. Pairs with react-webapp when the SPA wiring patterns apply. Apply on any project whose spec implies users sign in.

How to build a Go service on the platform — pinned golang:1.25-alpine builder (the build pod runs with GOTOOLCHAIN=local), pure-Go modernc.org/sqlite driver (CGO times out under the build pod's CPU throttle), suggested layout, port 9090, GET /health liveness, multi-stage Dockerfile → slim runtime, embedded SQLite for per-user data inside the owning service. Apply to every Go component.

Diagnose and resolve common order issues such as delayed shipments, wrong or incorrect items, stuck or pending orders, payment failures, or packages not received. Use when a customer reports a shipping problem or any issue with their order.

Process customer refund requests following company policy. Use when a customer requests a refund, return, exchange, money back, or store credit for an order.

Diagnose and resolve common platform issues. Use when a user reports something not working — login failures, sync errors, slow performance, or API connection problems.

Use this skill to set up the WSO2 API Platform Gateway, expose backend services as managed APIs, and manage APIs with the ap CLI. Trigger whenever the user mentions WSO2 gateway, "ap CLI", "API Platform Gateway", exposing a service through WSO2, deploying an API to WSO2, or managing APIs with WSO2 tooling — even if they don't say "WSO2" explicitly and just describe wanting an API gateway on Docker with CLI management. Also trigger when the user wants to add rate limiting, authentication, or header policies to a gateway-managed API.

Use this skill to design an OpenAPI specification from scratch, assess an existing spec for AI agent readiness / security / design quality, or fix issues found in a spec. Trigger when the user describes an API they want to build, asks to "design", "create", "draft", or "scaffold" an OpenAPI spec, or mentions building a REST API for a service or domain. Also trigger when the user says things like "I want to expose endpoints for X", "help me design an API for Y", or "I need an OpenAPI spec for Z" — even if they don't say "OpenAPI" explicitly. ALSO trigger when the user asks to evaluate, review, check, or assess an OpenAPI spec for agent compatibility, API quality, security, OWASP compliance, WSO2 guidelines, or REST best practices — or when they share a .yaml/.json OpenAPI file and ask how good it is. ALSO trigger when the user asks to fix, correct, remediate, or apply fixes to issues in an OpenAPI spec — including "fix issue spec-001", "fix all HIGH severity issues", "apply autoFixable fixes", or "fix the spec

Use when an agent needs to drive the full agent-manager lifecycle through `amctl` — install the CLI, log in, create/deploy an agent, list projects and agents, watch build progress, fetch build/runtime logs and metrics, and pull traces.

Debug or fix an issue in the WSO2 API Platform gateway. Use when the user asks to debug the gateway, debug the gateway-controller or policy-engine, step through gateway source code, set a breakpoint in the controller or policy-engine, or investigate why a deployed REST API or routed request misbehaves at the source level; or to fix a gateway bug end-to-end.

Run or debug WSO2 API Platform gateway integration tests. Use when the user asks to run gateway IT tests, BDD tests, godog tests, or a specific `.feature` file; verify a feature file passes; or debug why a gateway integration test is failing.

Guidelines to follow for sending fixes for documentation related GitHub issues

Use when adding or updating Ballerina extension E2E tests that need agent-assisted VS Code authoring before promotion into the Playwright suite.

Guide for creating documentation. Use this when asked to create documentation for a new policy or modify existing documentation.