NestJS (Nest.js) production patterns for modules, controllers, providers, guards, interceptors, pipes, middleware, JWT, ValidationPipe, microservices, GraphQL, Bull queues, Prisma, and TypeORM. Triggers: NestJS, Nest.js, Nest module, dependency injection, class-validator DTO, exception filter, testing module, GraphQL resolver, Bull queue, microservice client. Uses: Read, Grep, Glob, Bash, WebSearch. Outputs: tier-ordered review checklists and/or concrete code edits with cited rule filenames. Do NOT use for: non-Nest backends (Express/Fastify only with no Nest integration), frontend-only frameworks, generating AGENTS.md, or toolchain setup unrelated to Nest.

Testing Library patterns for React component testing — queries, user events, async assertions, and accessibility-first testing. Use when testing React components, when writing component tests that avoid implementation details, or when migrating from Enzyme.

Apply formal verification methods (Hoare Logic, wp calculus, Design-by-Contract) to ensure software correctness. Use this skill whenever writing new functions, implementing algorithms, modifying existing logic, or performing code reviews. Trigger when asked to "prove correctness", "verify code", "check invariants", "mathematical proof of code", or "ensure the algorithm is correct".

Add a new Java Flight Recorder event to a TamboUI module following project conventions — `dev.tamboui.AREA.THING` naming, `enabled()` guards, static `commit(...)` helper, and `compileOnly(libs.jfr.polyfill)` for Java 8 modules. Use when the user says "add a JFR event", "trace X with JFR", "instrument Y for flight recorder", or "emit a JFR event for Z".

Bootstrap a new TamboUI Toolkit DSL application — generates a `ToolkitApp` subclass with a working `render()` and a `main` entry point, plus the right Maven/Gradle/JBang dependencies. Use when the user says "create a TamboUI app", "scaffold a TUI", "new tamboui app", "hello world TamboUI", or asks to start a TUI project from scratch.

Add a Toolkit `Element` wrapping an existing TamboUI widget so it gains CSS support, styled sub-components, focus integration, and a Toolkit factory method. Use when the user says "wrap a widget", "add an element for X widget", "make widget Y CSS-aware", "expose widget Z in the DSL", or asks to integrate a custom widget into the Toolkit.

Set up or align a GitHub Actions release pipeline for a versioned package, library, CLI, or marketplace action. Use when standardizing repos around the verify-then-release shape: push to main → guardrails → semantic-release tags + publishes → version-bump commit back to main with `[skip ci]`. Pairs with `gh-deploy-pipeline` for running apps; use for publishing versioned artifacts to a registry, not deploying a running service.

Audit and build the infrastructure a repo needs so agents can work autonomously — boot scripts, smoke tests, CI/CD gates, dev environment setup, observability, and isolation. Use when a repo can't boot, tests are broken or missing, there's no dev environment, agents can't verify their work, or agents need human help to get anything done. Do not use for reviewing an existing diff or for documentation-only cleanup.

Security essentials for Flask APIs — CORS, Talisman security headers, rate limiting, CSRF protection, and input validation. Use when building or reviewing Flask apps before production deployment, or when a security review flags missing protections.

PostgreSQL best practices that must be applied by default in every Node.js application using the pg client. Covers connection pooling with production settings, parameterized queries, transactions, BIGINT/NUMERIC type handling, PostgreSQL error code handling, bulk inserts with unnest, and production hardening (SSL, keepAlive, graceful shutdown). Always apply these patterns when creating or modifying any Node.js service that connects to PostgreSQL.

Mongoose and MongoDB patterns — schema design, validation, indexes, virtuals, middleware, population, lean queries, transactions, and pagination. Use when building or reviewing apps with MongoDB and Mongoose, when designing document schemas, or when migrating from SQL to MongoDB.

Pytest patterns for testing Python APIs (FastAPI, Flask). Covers httpx AsyncClient setup, conftest.py fixture organization, fixture scoping, parametrize for edge cases, factory fixtures, database isolation, testing error responses and auth flows. Triggers when writing tests for any Python web API, adding test coverage, or building a new API that needs tests.