// This skill should be used when adding ACL to an existing module, modifying role-based access rules, debugging 403 errors, configuring ownership checks, or writing Access Query Services manually. For new modules, use rockets-crud-generator with ACL config instead — it generates all ACL wiring automatically.
This skill should be used when generating an entire Rockets SDK project from a spec, bootstrapping multiple entities at once, or when the user has a plan.json file. Orchestrates wave-based generation with dependency ordering and validation gates. Works sequentially by default; supports Agent Teams for parallel execution. Requires rockets-crud-generator.
This skill should be used when implementing business logic beyond standard CRUD — state machines, approval workflows, event-driven automation, notifications, file uploads, external API integration, or cross-entity orchestration. Use after CRUD modules are generated. Also covers the foundational rule that application services must inject model services, never repositories.
This skill should be used when the user asks to generate a CRUD module, create a new entity, scaffold a domain object, add a new resource with endpoints, or create a junction table. Generates complete Rockets SDK modules including TypeORM entities, NestJS modules, controllers, services, DTOs, interfaces, and ACL wiring using generate.js, integrate.js, and validate.js scripts.
This skill should be used when starting a new Rockets SDK project, setting up a fresh API, or initializing from the rockets-starter template. Automates clone, env setup, dependency install, and build/test verification.
Diagnose common Rockets SDK startup/build/security wiring issues with executable checks and fix-ready output. Use when an app fails to boot, build, or enforce ACL as expected.
| name | rockets-access-control |
| description | This skill should be used when adding ACL to an existing module, modifying role-based access rules, debugging 403 errors, configuring ownership checks, or writing Access Query Services manually. For new modules, use rockets-crud-generator with ACL config instead — it generates all ACL wiring automatically. |
rockets-crud-generator with acl config — it generates all ACL wiring automaticallydevelopment-guides/ACCESS_CONTROL_GUIDE.mdsrc/modules/{name}/constants/{name}.constants.tsapp.acl.tsapp.acl.ts (acRules.grant())@InjectDynamicRepository for ownership checks@UseGuards(AccessControlGuard), @AccessControlQuery, etc.See development-guides/ACCESS_CONTROL_GUIDE.md for the full Access Query Service pattern and registration code.
| Issue | Cause | Fix |
|---|---|---|
| 403 on all requests | Resource not in acRules | Add acRules.grant() in app.acl.ts |
| 403 for users only | Missing Own permissions | Add createOwn/readOwn/etc. |
| Access Query always denies | Default return false | Implement ownership check in canAccess() |
| 500 "provider does not exist" | Access query service not in controller's module | Add to providers + exports in the feature module |
| Users see all resources | No ownership filtering | Implement readOwn in Access Query using @InjectDynamicRepository |
development-guides/ACCESS_CONTROL_GUIDE.md