Compute perceptually-correct confidence from dlib face_recognition distances using piecewise mapping (d at most 0.3 maps to 1.0, d at least 0.6 maps to 0.0, linear between). Includes enrollment averaging and the setuptools==75.8.0 pin. Use when mapping face_recognition distance to a user-facing confidence score or diagnosing weak recognition results.

Capture and validate high-quality face enrollments for dlib face_recognition. Covers pose diversity, face-coverage framing, blur rejection, and intra-class distance diagnostics. Use when building or refreshing a face enrollment dataset, diagnosing "recognition looks weak even with my photos", or deciding whether to retune thresholds vs retake photos.

Producer-side face persistence that absorbs transient detection dropouts. Keeps the last observed confidence across N consecutive no-face frames instead of flipping to "nobody here" on every single missed frame. Use when you see the bar/state flickering even though the subject is plainly in frame, or when detection + recognition hands off to a downstream actuator that wants steady state.

Controls Govee H6056 Flow Plus light bars (smart LED lights) via cloud REST API with correct segment-to-bar mapping (Yankee=0-5, Golf=6-11) and phantom-segment awareness (12-14 return 200 OK but do nothing). Use when the user wants to control Govee H6056 light bars, change LED light colors or brightness, set bar segment colors, or automate Govee smart lighting scenes.

Optimizes RLS policies by enforcing SELECT-wrapped auth.uid() calls, mandatory B-Tree/GIN indexes on policy-referenced columns, and SECURITY DEFINER encapsulation of deep JOINs. Use when optimizing RLS performance, fixing policy full table scans, wrapping auth.uid in SELECT, or indexing columns used in RLS policies.

Configures pgsodium Vault extension for API key and secret storage. Creates SECURITY DEFINER functions assigned to service_role for secure access. Eliminates hardcoded secrets. Use when storing API keys, managing secrets in Supabase, implementing pgsodium Vault, or replacing hardcoded credentials with Vault references.

Creates PL/pgSQL RPC implementing Reciprocal Rank Fusion (score = 1/(k+rank)) to fuse semantic pgvector results with full-text tsvector results. Use when implementing hybrid search, RRF search, semantic plus keyword search, exact SKU and conceptual queries, or vector and full-text fusion.

Configures TUS resumable upload client for files over 6MB with Postgres Advisory Lock 409 Conflict handling. Enforces tenant-scoped bucket paths. Use when implementing large file uploads, resumable uploads, TUS protocol, uploads over unstable networks, or files larger than 6MB in Supabase Storage.

Creates RLS policies enforcing tenant_id isolation on shared-schema tables. Verifies ALTER TABLE ENABLE ROW LEVEL SECURITY before policy creation. Requires tenant_id column and custom-access-token-hook JWT claims. Use when implementing multi-tenant data isolation, tenant-safe queries, shared schema RLS, or tenant_id policy creation.

Inspects database health by analyzing slow queries, identifying bottlenecks, and checking Postgres performance indicators. Use when diagnosing database issues, checking slow queries, inspecting DB health, finding performance bottlenecks, or troubleshooting Supabase Postgres problems.

Configures pgvector HNSW indexes with correct distance operators. Enforces inner product operator for normalized embeddings instead of cosine distance. Use when setting up vector search, creating embedding indexes, configuring semantic search, or choosing between HNSW and IVFFlat index types.

Generates code verifier/challenge pairs, exchanges authorization codes for sessions, sets secure HTTP-only session cookies, and configures server-side callback handling to implement the Proof Key for Code Exchange auth flow. Replaces implicit token-in-fragment flows by removing hash-based token extraction and localStorage usage. Use when implementing Supabase authentication, OAuth login, secure browser auth, SSR auth setup, or modern auth flow migration.

Lists permitted and prohibited actions, blocks disallowed content types, and responds to permission queries in shared or public group settings. Use when joining a new group, when unsure about rules, permissions, or boundaries, when someone asks what you are allowed to do here, or when operating in a public channel or untrusted group chat environment.

Add a new Java Flight Recorder event to a TamboUI module following project conventions — `dev.tamboui.AREA.THING` naming, `enabled()` guards, static `commit(...)` helper, and `compileOnly(libs.jfr.polyfill)` for Java 8 modules. Use when the user says "add a JFR event", "trace X with JFR", "instrument Y for flight recorder", or "emit a JFR event for Z".

Bootstrap a new TamboUI Toolkit DSL application — generates a `ToolkitApp` subclass with a working `render()` and a `main` entry point, plus the right Maven/Gradle/JBang dependencies. Use when the user says "create a TamboUI app", "scaffold a TUI", "new tamboui app", "hello world TamboUI", or asks to start a TUI project from scratch.

Add a Toolkit `Element` wrapping an existing TamboUI widget so it gains CSS support, styled sub-components, focus integration, and a Toolkit factory method. Use when the user says "wrap a widget", "add an element for X widget", "make widget Y CSS-aware", "expose widget Z in the DSL", or asks to integrate a custom widget into the Toolkit.

Convert JUnit-style test classes (`@Test` methods, `assertEquals`, `assertThrows`) to idiomatic Kotest specs (`DescribeSpec` / `BehaviorSpec`, `shouldBe`, `shouldThrow`). Maps assertions, rewrites imports, preserves test intent, then verifies the conversion by delegating to `scripts/verify-no-junit-assertions.sh`. Use when the user wants to migrate a JUnit test file to Kotest, when a test file mixes JUnit and Kotest assertions, or when a new contributor writes JUnit-style assertions in a Kotest project.

Replace java.util.Optional usage (Optional.of, Optional.empty, Optional.ofNullable, orElse, ifPresent, etc.) with idiomatic Kotlin nullable types using the question-mark suffix and the safe-call, elvis, and let operators. Strips Java's Optional workaround out of Kotlin code where the language has a better answer. Use when the user asks to "remove Optional," "kotlinify nullables," "strip Optional wrappers," or shows code that wraps nullable values in Optional for no benefit.

Refactor a regular Kotlin `class` with hand-written `equals`, `hashCode`, `toString`, and Java-bean accessors (getX/setX) into an idiomatic Kotlin `data class` with `val` properties, nullable `?` types, and compiler- generated equality. Removes the boilerplate that ports from Java leave behind. Use when the user asks to "make this a data class," "convert this POJO," "kotlinify this model," or shows a class with all three of equals / hashCode / toString manually overridden.

Configures NotificationClient handlers, implements async dispatch workflows, and handles DispatchError failures for the pidge v3 notification library in async Python services. Use when working with pidge, pidge v3, pidge notifications, NotificationClient, async notifications, or pidge integration — including setting up API keys, dispatching messages, and handling delivery errors.

Use when the user asks to write unit tests, generate a test suite, or migrate/convert Jest or Vitest tests to Themis in Node.js/TypeScript repos. Produces Themis-native tests, runs validation commands, and applies Themis migration workflows.

One-thread-per-device async controller for rate-limited IoT APIs with min-interval throttle, stability filter, and send-latest semantics. Use when a real-time producer (camera loop, sensor feed, event stream) drives a cloud or LAN IoT device that can't keep up with per-frame updates, or when you see flicker / HTTP 429 errors from hammering an actuator.

Renders a segmented progress bar that fills bottom-up with a red/yellow/green gradient — the thermometer pattern users expect, not top-down list order. Use when the user asks for a thermometer chart, vertical progress bar, gauge, meter, status indicator, temperature indicator, RAG status bar, or any color-coded level display where fill direction matters.

Discretise your target values so the debounce controller's stability filter can commit. A floating-point target from a noisy producer will never hold for 2 consecutive ticks — the filter blocks every send and the actuator stays dark. Use when wiring a continuous producer signal (confidence score, sensor reading) into a debounced controller, or debugging "I set_target() but _apply() never fires".

Use when the user proposes — or the agent detects — a deviation from constitutional defaults that requires an Architecture Decision Record. Triggered by proposals to extract microservices, drop foreign keys, denormalize without measured evidence, store transactional truth in Neo4j, skip Row Level Security, skip the transactional outbox, run destructive migrations, use database-per-service, or any explicit override of a constitutional principle. Drafts a structured ADR with context, decision, consequences, alternatives rejected, migration path, validation criteria, and constitutional sections affected — and refuses to proceed with the underlying work until the ADR is at least Proposed status.

Use when designing or reviewing database architecture for high-demand multi-tenant commerce platforms — including PostgreSQL schema design, foreign keys, indexes, JSONB usage, multi-tenant isolation with Row Level Security, transactional outbox, Neo4j GraphRAG projections, event sourcing decisions, audit logging, partitioning, expand/contract migrations, and product/inventory/order modeling for restaurants, boutiques, drugstores, retailers, distributors, grocery, hardware, or appliance businesses. Triggered by any request to design tables, design schemas, create migrations, model products/variants/inventory/orders/payments, choose between monolith and microservices, choose between PostgreSQL and Neo4j as source of truth, model multi-tenant data, design event flows, or review an ER diagram.

Use when reviewing or designing how Neo4j and GraphRAG interact with PostgreSQL transactional truth — including any feature involving recommendations, semantic product search, ingredient relationships, substitution suggestions, complementary products, AI-assisted discovery, vector search combined with graph traversal, or any proposal that puts orders, inventory, payments, prices, or tenant access rules into Neo4j. Evaluates architectural proposals for data boundary violations, identifies sync pattern errors between Neo4j and PostgreSQL, produces structured design review feedback with severity-ranked findings, counter-proposals with Mermaid diagrams, eventing changes, and re-projection plans. Triggered by mentions of GraphRAG, Neo4j, knowledge graph, recommendations engine, semantic search, vector + graph hybrid search, AI product discovery, or any design that crosses the PostgreSQL ↔ Neo4j boundary.

Adds hard similarity threshold guards to vector retrieval RPCs. Returns empty results instead of weak matches to prevent downstream hallucination. Use when implementing retrieval guardrails, minimum similarity thresholds, match_threshold parameters, or preventing RAG hallucination from low-confidence results.

Configures private Realtime channels with RLS-backed authorization on the realtime.messages table. Enforces tenant-scoped Presence and Broadcast security. Use when implementing private realtime channels, realtime authorization, presence security, broadcast security, or securing the realtime messages table.