Skills firebase-firestore-enterprise-native-mode

📦

firebase-firestore-enterprise-native-mode

Name: firebase-firestore-enterprise-native-mode
Author: firebase

Low Risk ⚙️ External commands🌐 Network access

Set Up Firestore Enterprise with Security Rules

Enterprise applications need secure, scalable databases with proper access controls. This skill guides you through provisioning Firestore Enterprise Native Mode, writing security rules, and integrating SDKs with production-ready patterns.

Supports: Claude Codex Code(CC)

🥉 72 Bronze

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "firebase-firestore-enterprise-native-mode". Generate security rules for a blog application with users, posts, and comments collections.

Expected outcome:

Security rules file with data model documentation at the top
Helper functions for authentication, ownership, and data validation
Collection-specific rules enforcing CRUD operations and data constraints
Devil's advocate attack results documenting tested vulnerability vectors

Using "firebase-firestore-enterprise-native-mode". Create a composite index for filtering posts by category and sorting by date.

Expected outcome:

firestore.indexes.json configuration with the composite index definition
CLI command to deploy the new indexes to production
Explanation of query patterns this index supports

Security Audit

Low Risk

v1 • 4/14/2026

Static analyzer flagged 304 patterns across 7 documentation files, but all findings are false positives. The scanner misinterpreted markdown code fence backticks as shell command execution (247 external_commands findings). Blocker findings for weak cryptography and system reconnaissance were triggered by documentation text such as field ordering descriptions and workflow instructions. The network findings reference localhost emulator URLs and URL validation regex patterns in examples. This skill contains pure reference documentation with no executable code, no network calls, and no credential handling. Safe for publication.

Files scanned

1,042

Lines analyzed

findings

Total audits

Medium Risk Issues (1)

references/data_model.md:13-54 references/indexes.md:50-111 references/provisioning.md:16-101 references/security_rules.md:49-346

Markdown Code Fences Misidentified as Shell Execution

Static analyzer flagged markdown code fence backticks as Ruby/shell backtick execution across all reference files. These are documentation code blocks containing JavaScript, Python, JSON, and bash examples, not actual shell commands. No command injection risk exists.

Low Risk Issues (2)

references/provisioning.md:101 references/security_rules.md:117

Documentation URLs Flagged as Hardcoded URLs

Static analyzer flagged localhost emulator URLs and URL validation regex patterns in security rules documentation. These are reference examples for development environments, not production hardcoded endpoints.

references/security_rules.md:13-14 references/provisioning.md:17-27

Documentation Text Flagged as System Reconnaissance

Static analyzer flagged words like scan in workflow instructions (e.g., Scan the entire codebase) as system reconnaissance. These are instructions for AI agents to analyze project structure, not actual system scanning code.

Risk Factors

⚙️ External commands (7)

references/data_model.md:12-54 references/indexes.md:17-111 references/provisioning.md:5-101 references/python_sdk_usage.md:10-127 references/security_rules.md:16-415 references/web_sdk_usage.md:7-202 SKILL.md:4

🌐 Network access (2)

references/provisioning.md:101 references/security_rules.md:117

Audited by: claude

Quality Score

Architecture

100

Maintainability

Content

Community

Security

Spec Compliance

What You Can Build

Enterprise Database Provisioning

Set up a new Firestore Enterprise database with proper configuration files, security rules, and index definitions for production deployment.

Security Rules Generation

Generate comprehensive Firebase Security Rules with data validation, role-based access control, and ownership patterns by analyzing your application codebase.

SDK Integration Guidance

Learn to use Firestore Web and Python SDKs for reading, writing, querying, and real-time data synchronization in your applications.

Try These Prompts

Get started with Firestore Enterprise

I need to set up Firestore Enterprise Native Mode for my Firebase project. Help me provision a new database and create the initial configuration files (firebase.json, firestore.rules, firestore.indexes.json).

Generate security rules from codebase

Analyze my application codebase to identify all Firestore collection paths, data models, and access patterns. Generate Firebase Security Rules with proper data validation, role-based access control, and ownership checks.

Optimize query performance with indexes

My Firestore queries are slow. Help me identify which composite indexes I need based on my query patterns, and generate the firestore.indexes.json configuration to deploy them.

Implement real-time data sync in web app

I am building a web application with the Firebase Modular Web SDK. Show me how to set up real-time listeners for a collection of documents, handle document changes (add, modify, remove), and properly clean up subscriptions.

Best Practices

Always start with deny-all security rules and explicitly allow only required access patterns
Use the validator function pattern in security rules to enforce data schemas on both create and update operations
Define all indexes in configuration files and deploy via CLI rather than creating them manually in the console

Avoid

Never allow blanket read access to collections containing personally identifiable information
Do not skip the devil's advocate attack phase when generating security rules, as untested rules often contain privilege escalation vulnerabilities
Avoid mixing public profile data with private user data in the same document, as security rules apply at the document level

Frequently Asked Questions

What is the difference between Firestore Enterprise and standard Firestore?

Firestore Enterprise provides additional features such as composite indexes, sparse indexes, unique indexes, and advanced query capabilities that are not available in standard Firestore. Enterprise edition requires explicit provisioning.

Do I need the Firebase CLI to use this skill?

The Firebase CLI is recommended for provisioning and deploying rules and indexes, but the skill also covers manual configuration and SDK usage without the CLI.

Are the generated security rules production-ready?

No. The generated rules are prototypes designed to be secure by default, but you must review, test, and harden them before deploying to production. The skill includes a devil's advocate attack phase to help validate rules.

Can I use this skill with existing Firestore databases?

Yes. This skill applies to Firestore Enterprise Native Mode databases regardless of when they were created. You can use it to add or update security rules, indexes, and SDK integration for existing projects.

Which SDKs are covered by this skill?

The skill covers the Firebase Modular Web SDK (version 9+) for frontend applications and the Python Server SDK for backend environments.

How do I test Firestore rules locally before deploying?

Use the Firebase Emulator Suite by running firebase emulators:start --only firestore. This starts a local Firestore instance where you can test your rules without affecting production data.