Firebase
Stand up Firebase auth, Firestore, functions, storage, and hosting with a query-first data model and correct security rules before you ship.
Overview
Firebase is an agent skill for the Build phase that guides solo builders through Firebase Auth, databases, Functions, Storage, and Hosting with query-first Firestore modeling and mandatory security rules.
Install
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill firebaseWhat is this skill?
- Covers six Firebase surfaces: Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Hosting
- Seven implementation principles: query-first data design, mandatory security rules, denormalization, batched writes/tran
- Emphasizes Firestore listener and read-cost pitfalls that show up after the data model is already wrong
- Treats security rules as the last line of defense, not an afterthought
- 2025-oriented guidance: plan queries and billing before modeling around relationships
- Covers 6 Firebase products: Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Hosting
- Documents 7 core Firebase implementation principles in the skill body
Adoption & trust: 1.2k installs on skills.sh; 40.1k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You can provision a Firebase backend in minutes but still ship the wrong data shape, weak security rules, and runaway Firestore read costs.
Who is it for?
Indie builders launching MVPs or mobile apps on Firebase who need auth, realtime data, and hosting without hiring a dedicated backend team first.
Skip if: Teams that need complex SQL joins, heavy ad-hoc analytics on normalized schemas, or a backend strategy that deliberately avoids Firebase vendor coupling without a migration plan.
When should I use this skill?
You are building or refactoring on Firebase (auth, Firestore/RTDB, Functions, storage, hosting) and need help with data modeling for queries, security rules, cost-aware listeners, or server-side logic boundaries.
What do I get? / Deliverables
You leave with a Firebase backend plan aligned to real query patterns, hardened rules, and clearer boundaries for Functions, storage, and environment config before you wire the client.
- Query-aligned Firestore or RTDB structure with denormalization choices documented
- Draft or reviewed Firebase security rules for auth-bound reads and writes
- Checklist for Functions, Storage paths, Hosting, and non-hardcoded environment config
Recommended Skills
Journey fit
Firebase is where solo builders implement the product backend—auth, database, serverless logic, and hosting—during active build, not during idea research or post-launch growth tactics. The skill centers on backend services (Firestore modeling, Cloud Functions, Storage, Hosting) rather than frontend UI patterns or pure third-party OAuth wiring alone.
How it compares
Use this procedural Firebase playbook when you want Firebase-specific modeling and rules—not generic REST API design or a self-hosted Postgres migration guide.
Common Questions / FAQ
Who is firebase for?
Solo and indie builders using Claude Code, Cursor, or Codex who are implementing or hardening a Firebase backend for web or mobile products.
When should I use firebase?
Use it during Build when you choose Firestore vs Realtime Database, design collections for queries, write security rules, add Cloud Functions, or fix listener-driven cost spikes; also when you are in Ship tightening rules before production traffic.
Is firebase safe to install?
Treat it as third-party procedural content: review the Security Audits panel on this Prism page and your own repo policies before granting agents network, secrets, or deploy access to Firebase projects.
SKILL.md
READMESKILL.md - Firebase
# Firebase Firebase gives you a complete backend in minutes - auth, database, storage, functions, hosting. But the ease of setup hides real complexity. Security rules are your last line of defense, and they're often wrong. Firestore queries are limited, and you learn this after you've designed your data model. This skill covers Firebase Authentication, Firestore, Realtime Database, Cloud Functions, Cloud Storage, and Firebase Hosting. Key insight: Firebase is optimized for read-heavy, denormalized data. If you're thinking relationally, you're thinking wrong. 2025 lesson: Firestore pricing can surprise you. Reads are cheap until they're not. A poorly designed listener can cost more than a dedicated database. Plan your data model for your query patterns, not your data relationships. ## Principles - Design data for queries, not relationships - Security rules are mandatory, not optional - Denormalize aggressively - duplication is cheap, joins are expensive - Batch writes and transactions for consistency - Use offline persistence wisely - it's not free - Cloud Functions for what clients shouldn't do - Environment-based config, never hardcode keys in client ## Capabilities - firebase-auth - firestore - firebase-realtime-database - firebase-cloud-functions - firebase-storage - firebase-hosting - firebase-security-rules - firebase-admin-sdk - firebase-emulators ## Scope - general-backend-architecture -> backend - payment-processing -> stripe - email-sending -> email - advanced-auth-flows -> authentication-oauth - kubernetes-deployment -> devops ## Tooling ### Core - firebase - When: Client-side SDK Note: Modular SDK - tree-shakeable - firebase-admin - When: Server-side / Cloud Functions Note: Full access, bypasses security rules - firebase-functions - When: Cloud Functions v2 Note: v2 functions are recommended ### Testing - @firebase/rules-unit-testing - When: Testing security rules Note: Essential - rules bugs are security bugs - firebase-tools - When: Emulator suite Note: Local development without hitting production ### Frameworks - reactfire - When: React + Firebase Note: Hooks-based, handles subscriptions - vuefire - When: Vue + Firebase Note: Vue-specific bindings - angularfire - When: Angular + Firebase Note: Official Angular bindings ## Patterns ### Modular SDK Import Import only what you need for smaller bundles **When to use**: Client-side Firebase usage # MODULAR IMPORTS: """ Firebase v9+ uses modular SDK. Import only what you need. This enables tree-shaking and smaller bundles. """ // WRONG: v8-compat style (larger bundle) import firebase from 'firebase/compat/app'; import 'firebase/compat/firestore'; const db = firebase.firestore(); // RIGHT: v9+ modular (tree-shakeable) import { initializeApp } from 'firebase/app'; import { getFirestore, collection, doc, getDoc } from 'firebase/firestore'; const app = initializeApp(firebaseConfig); const db = getFirestore(app); // Get a document const docRef = doc(db, 'users', 'userId'); const docSnap = await getDoc(docRef); if (docSnap.exists()) { console.log(docSnap.data()); } // Query with constraints import { query, where, orderBy, limit } from 'firebase/firestore'; const q = query( collection(db, 'posts'), where('published', '==', true), orderBy('createdAt', 'desc'), limit(10) ); ### Security Rules Design Secure your data with proper rules from day one **When to use**: Any Firestore database # FIRESTORE SECURITY RULES: """ Rules are your last line of defense. Every read and write goes through them. Get them wrong, and your data is exposed. """ rules_version = '2'; service cloud.firestore { match /databases/{d