Adds hard similarity threshold guards to vector retrieval RPCs. Returns empty results instead of weak matches to prevent downstream hallucination. Use when implementing retrieval guardrails, minimum similarity thresholds, match_threshold parameters, or preventing RAG hallucination from low-confidence results.

Configures private Realtime channels with RLS-backed authorization on the realtime.messages table. Enforces tenant-scoped Presence and Broadcast security. Use when implementing private realtime channels, realtime authorization, presence security, broadcast security, or securing the realtime messages table.

Sets up Prometheus scrape jobs targeting the Supabase metrics endpoint and configures log drain pipelines. Establishes monitoring dashboards and alerting baselines. Use when configuring Supabase monitoring, setting up Prometheus metrics, implementing log drains, or establishing observability for production Supabase deployments.

Creates Postgres triggers that fire database webhooks to Edge Functions or external endpoints on INSERT/UPDATE/DELETE events. Configures pg_net for HTTP callouts and payload serialization. Use when implementing event-driven workflows, database webhooks, trigger-based notifications, or automated pipelines on table changes.

Configures Edge Functions to use EdgeRuntime.waitUntil for background work while returning immediate 200 OK. Routes massive async workloads through pg_cron discovery and pgmq task queuing. Use when building background processing, async third-party calls, long-running edge function tasks, or webhook-driven pipelines.

Creates Postgres functions to validate storage path payloads and prevent directory traversal. Enforces tenant-safe file paths via storage RLS bucket policies. Use when configuring Supabase storage buckets, writing storage RLS policies, or implementing tenant-scoped file uploads.

Enforces that service_role key is never exposed to client-side code. Validates admin client isolation, privileged operations routing, and server-only key usage. Use when implementing admin operations, server-side Supabase clients, or auditing service_role key usage.

Generates Postgres Auth Hook that injects tenant_id and serialized permissions into JWT app_metadata using jsonb_set. Use when implementing RBAC, multi-tenant JWT claims, custom access token hooks, or permission injection into Supabase auth tokens.

Checks upcoming trips for missing bookings (flights, hotels, accommodation) by reading the nightly-built `travel-db.json`. Reports gaps for all upcoming trips — no date limit. Supports snooze state. Silent when all bookings are complete or snoozed. Use when the user asks about upcoming travel plans, itinerary completeness, missing reservations, or TripIt trip status.

Traffic-growth watcher for drive-planner blocks. On a ~15-min precheck poll it re-routes each in-window drive block and, when traffic has grown enough that the user must leave earlier — or it is already time to go — pushes a leave-earlier / leave-now alert. Use on a drive-planner recheck wake event. Triggers - 'drive recheck alert', 'leave earlier for <meeting>', 'leave now for <meeting>', 'traffic grew for my drive'.

Ground-transit drive planner for in-person meetings. On a ~2h precheck sweep it creates a traffic-aware Free drive block (home → venue → home) for each in-person meeting that lacks one and tells the user, who can reply to cancel; the recheck poll then watches each block for traffic growth. Use on a drive-planner sweep wake event, or when the user replies to cancel a drive block. Triggers - 'drive block', 'plan my drive', 'cancel 2', 'cancel that drive', 'skip', 'don't drive to that meeting', 'remove drive block', 'drive to my meeting', 'leave-by for a meeting'.

Use when the user proposes — or the agent detects — a deviation from constitutional defaults that requires an Architecture Decision Record. Triggered by proposals to extract microservices, drop foreign keys, denormalize without measured evidence, store transactional truth in Neo4j, skip Row Level Security, skip the transactional outbox, run destructive migrations, use database-per-service, or any explicit override of a constitutional principle. Drafts a structured ADR with context, decision, consequences, alternatives rejected, migration path, validation criteria, and constitutional sections affected — and refuses to proceed with the underlying work until the ADR is at least Proposed status.

Use when designing or reviewing database architecture for high-demand multi-tenant commerce platforms — including PostgreSQL schema design, foreign keys, indexes, JSONB usage, multi-tenant isolation with Row Level Security, transactional outbox, Neo4j GraphRAG projections, event sourcing decisions, audit logging, partitioning, expand/contract migrations, and product/inventory/order modeling for restaurants, boutiques, drugstores, retailers, distributors, grocery, hardware, or appliance businesses. Triggered by any request to design tables, design schemas, create migrations, model products/variants/inventory/orders/payments, choose between monolith and microservices, choose between PostgreSQL and Neo4j as source of truth, model multi-tenant data, design event flows, or review an ER diagram.

Use when reviewing or designing how Neo4j and GraphRAG interact with PostgreSQL transactional truth — including any feature involving recommendations, semantic product search, ingredient relationships, substitution suggestions, complementary products, AI-assisted discovery, vector search combined with graph traversal, or any proposal that puts orders, inventory, payments, prices, or tenant access rules into Neo4j. Evaluates architectural proposals for data boundary violations, identifies sync pattern errors between Neo4j and PostgreSQL, produces structured design review feedback with severity-ranked findings, counter-proposals with Mermaid diagrams, eventing changes, and re-projection plans. Triggered by mentions of GraphRAG, Neo4j, knowledge graph, recommendations engine, semantic search, vector + graph hybrid search, AI product discovery, or any design that crosses the PostgreSQL ↔ Neo4j boundary.

Register a new Docker Compose project on UGOS Pro (NASync) when the compose file lives in the nanoclaw repo. Plumbs the `/volume1/docker/PROJECT_NAME` directory symlink, the in-repo `.env` symlink, and the UGOS Pro SQLite registration row so the project appears in the Projects UI without UGOS rewriting the tracked compose file. Use when adding a new sidecar that needs UGOS Pro UI Start/Stop visibility, when wiring a repo-tracked compose project onto the NASync for the first time, when migrating an existing service to the symlinked-compose topology, or when asked to "register a UGOS project" / "add a sidecar to UGOS Pro".

List pending skills and rules on the NAS staging area. Shows what the agent has created or updated that hasn't been promoted to tiles yet. Use before running promote, or when the user asks what's on staging.

Sequential workflow for migrating an admin-tile skill, rule, or script set into a per-chat overlay tile. Audits cadence frontmatter, state-plane couplings, and cross-skill imports; moves files across two tile repos; updates per-group additionalTiles config; ships each side through publish-tile; verifies live materialisation. Use when extracting an admin skill to an overlay, refactoring admin content into per-chat tiles, splitting capabilities out of nanoclaw-admin, or wiring additionalTiles for a freshly extracted overlay.

Creates Postgres INSERT triggers that fire Edge Functions for document chunking and embedding generation. Configures the ingestion pipeline from raw document insert to vector storage. Use when building RAG ingestion, embed-on-insert pipelines, database-driven document ingestion, or automated embedding workflows.

Executes EXPLAIN ANALYZE via MCP to debug slow queries, identify missing indexes, detect sequential scans, and optimize query plans. Use when debugging slow SQL, analyzing query plans, finding unused indexes, optimizing Postgres queries, or investigating index-not-used issues.

Implements server-side auth session management with HTTP-only cookie synchronization for Next.js, SvelteKit, and other SSR frameworks. Depends on PKCE auth flow. Use when implementing SSR authentication, server-side session sync, HTTP-only auth cookies, Next.js Supabase auth, or SvelteKit Supabase auth.

Checks upcoming trips for missing bookings (flights, hotels, accommodation) by reading the nightly-built `travel-db.json`. Reports gaps for all upcoming trips — no date limit. Supports snooze state. Silent when all bookings are complete or snoozed. Use when the user asks about upcoming travel plans, itinerary completeness, missing reservations, or TripIt trip status.

Composes a user-facing flight notification — delay, gate change, cancellation, boarding, connection risk, inbound-delay, time-to-leave, baggage carousel, day-before check, or arrival logistics — from a byAir precheck wake event, and configures the tile (verify credentials, set home base). Use when a tracked-flight wake event needs a notification, or when setting up or diagnosing flight-assist. Triggers - "check flight-assist env", "diagnose flight-assist", "set flight-assist home base", "set home address", "configure flight-assist", "flight delay notification", "gate change notification", "cancellation notification", "boarding alert", "time to leave alert", "inbound delay notification", "baggage carousel", "arrival logistics", "day before sanity check", "flight removed upstream", "connection at risk", "tight connection alert".

Travel-data refresh bundle: TripIt → Reclaim timezone sync, refresh travel-schedule.json from the TripIt iCal feed with a two-tier Gmail freshness probe, rebuild travel-db.json, then check upcoming trips for booking gaps. Runs daily; precheck-gated on travel-db.json freshness. Triggers: 'sync trips', 'sync travel', 'update travel data', 'pull trip info', 'refresh travel schedule', 'rebuild travel db', 'check my bookings'.

Read-only system-status probe for trusted-tier NanoClaw containers — surfaces stuck scheduled tasks, DB size, and recent task-run failures from the orchestrator's SQLite at `/workspace/store/messages.db`. Use as part of heartbeat or standalone. Triggers on "system status", "check tasks", "stuck tasks", "database size", "task failures".

Session bootstrap and rolling memory updates for trusted containers. On session start, reads MEMORY.md (permanent facts), RUNBOOK.md (operational workflows), recent daily and weekly logs, and highlights.md to restore context. After non-trivial interactions, appends timestamped entries to group-local and cross-group shared daily logs. Use when starting a new session to load previous notes and remember context, or after meaningful conversations to save conversation history, persist session state, or record newly learned owner preferences.

Start a FastAPI dev server, verify docs and OpenAPI schema, test endpoints, and run pytest. Use when running, checking, or debugging a FastAPI application.

Scaffold a new FastAPI project with an opinionated directory layout, pydantic-settings config, and starter files. Use when creating a new FastAPI application from scratch.

Monitors GitHub Actions workflow runs and reports pass/fail results. Use when git push has been executed, code has been pushed to a remote, or when the user asks about CI status.

One-coroutine-per-device debounce controller for rate-limited IoT APIs in Kotlin. Min-interval throttle, 2-tick stability filter, send-latest semantics. Min-interval is 0.2s for LAN devices, 1.2s for cloud APIs. Dispatches on Dispatchers.IO. Use when a real-time producer (camera loop, sensor feed, Flow<T>) drives a cloud or LAN IoT device that can't keep up with per-frame updates, or when you see flicker / HTTP 429 errors from hammering an actuator.

Render a segmented LED progress bar that fills bottom-up with red/yellow/green gradient — thermometer pattern, not falling-bar. Handles top-indexed hardware (where segment[0] is physically at the top) and bottom-indexed hardware. Use when wiring a quantised level (0..N) into an LED bar, especially Govee H6056, Hue Lightstrip, or similar segmented devices where fill direction and gradient matter.

Discretise continuous producer signals (Float, Double) into Int targets so the debounce controller's stability filter can actually commit. Without quantization, a noisy 0.42-vs-0.43-vs-0.42 signal blocks every commit and the actuator stays dark. Use when wiring a continuous producer (confidence score, sensor reading, audio level) into a debounce controller, or debugging "I call submit() but onApply() never fires".

Configures Supabase Realtime clients with worker:true to prevent background tab disconnections. Implements heartbeat monitoring and reconnection strategies. Use when fixing realtime disconnects, configuring worker-based realtime clients, implementing heartbeat resilience, or handling browser tab WebSocket stability.