giuseppe-trisciuoglio/developer-kit
Comprehensive developer toolkit providing reusable skills for Java/Spring Boot, TypeScript/NestJS/React/Next.js, Python, PHP, AWS CloudFormation, AI/RAG, DevOps, and more.
89
Quality
89%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Securityby
Risky
Do not use without reviewing
token-management.mdplugins/developer-kit-java/skills/spring-boot-security-jwt/references/
Token Management Best Practices
Refresh Token Strategy
Secure Refresh Token Storage
@Entity
@Table(name = "refresh_tokens")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class RefreshToken {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(unique = true, nullable = false, columnDefinition = "TEXT")
private String token;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id", nullable = false)
private User user;
@Column(name = "token_id", unique = true, nullable = false)
private String tokenId; // JWT ID (jti claim)
@Column(name = "session_id")
private String sessionId; // Session identifier
@Column(name = "device_id")
private String deviceId; // Device fingerprint
@Column(name = "device_info")
private String deviceInfo; // User agent and device details
@Column(name = "ip_address")
private String ipAddress;
@Column(name = "created_at", nullable = false)
private Instant createdAt;
@Column(name = "expires_at", nullable = false)
private Instant expiresAt;
@Column(name = "last_used_at")
private Instant lastUsedAt;
@Column(name = "revoked_at")
private Instant revokedAt;
@Column(name = "replaced_by")
private String replacedBy; // New token ID if rotated
@Column(nullable = false)
private boolean revoked = false;
@Column(nullable = false)
private boolean active = true;
// Token metadata
@Column(name = "usage_count")
private int usageCount = 0;
@Column(name = "max_usage")
private Integer maxUsage; // Optional usage limit
public boolean isExpired() {
return Instant.now().isAfter(expiresAt);
}
public boolean isValid() {
return !revoked && active && !isExpired();
}
public void revoke() {
this.revoked = true;
this.revokedAt = Instant.now();
this.active = false;
}
public void markUsed() {
this.lastUsedAt = Instant.now();
this.usageCount++;
}
}Refresh Token Repository
@Repository
public interface RefreshTokenRepository extends JpaRepository<RefreshToken, Long> {
Optional<RefreshToken> findByToken(String token);
Optional<RefreshToken> findByTokenId(String tokenId);
List<RefreshToken> findByUserAndRevokedFalse(User user);
List<RefreshToken> findByUserAndRevokedFalseAndExpiresAtAfter(User user, Instant now);
List<RefreshToken> findByExpiresAtBefore(Instant cutoff);
List<RefreshToken> findByRevokedTrueAndRevokedAtBefore(Instant cutoff);
@Query("SELECT rt FROM RefreshToken rt WHERE rt.user = :user AND rt.revoked = false ORDER BY rt.createdAt ASC")
List<RefreshToken> findOldestActiveTokensByUser(@Param("user") User user);
@Query("SELECT COUNT(rt) FROM RefreshToken rt WHERE rt.user = :user AND rt.revoked = false AND rt.expiresAt > :now")
long countActiveTokensByUser(@Param("user") User user, @Param("now") Instant now);
@Modifying
@Query("DELETE FROM RefreshToken rt WHERE rt.user = :user AND rt.createdAt < :cutoff")
void deleteOldTokensByUser(@Param("user") User user, @Param("cutoff") Instant cutoff);
}Refresh Token Service with Rotation
@Service
@Transactional
@Slf4j
public class RefreshTokenService {
private final RefreshTokenRepository refreshTokenRepository;
private final UserRepository userRepository;
private final JwtTokenService jwtTokenService;
private final JwtClaimsService claimsService;
@Value("${jwt.refresh-token-expiration:P7D}")
private Duration refreshTokenExpiration;
@Value("${jwt.max-active-tokens:5}")
private int maxActiveTokensPerUser;
@Value("${jwt.token-rotation-enabled:true}")
private boolean tokenRotationEnabled;
@Value("${jwt.token-rotation-threshold:P3D}")
private Duration tokenRotationThreshold;
public RefreshTokenResponse createRefreshToken(User user, HttpServletRequest request) {
// Enforce maximum active tokens
enforceMaxActiveTokens(user);
// Extract request information
String ipAddress = extractIpAddress(request);
String deviceInfo = extractDeviceInfo(request);
String deviceId = generateDeviceId(request);
// Create JWT claims
JwtClaimsSet claims = claimsService.createRefreshTokenClaims(user);
String tokenValue = jwtTokenService.encodeToken(claims);
// Create refresh token entity
RefreshToken refreshToken = RefreshToken.builder()
.token(tokenValue)
.user(user)
.tokenId(claims.getClaimAsString("jti"))
.sessionId(claims.getClaimAsString("sessionId"))
.deviceId(deviceId)
.deviceInfo(deviceInfo)
.ipAddress(ipAddress)
.createdAt(Instant.now())
.expiresAt(claims.getExpiresAt())
.active(true)
.revoked(false)
.build();
refreshToken = refreshTokenRepository.save(refreshToken);
// Publish token created event
applicationEventPublisher.publishEvent(
new RefreshTokenCreatedEvent(refreshToken));
return new RefreshTokenResponse(
refreshToken.getToken(),
refreshToken.getExpiresAt().toEpochMilli(),
refreshToken.getSessionId()
);
}
@Transactional
public AccessTokenResponse refreshToken(RefreshTokenRequest request,
HttpServletRequest httpRequest) {
String refreshTokenValue = request.refreshToken();
String ipAddress = extractIpAddress(httpRequest);
// Validate and retrieve refresh token
RefreshToken refreshToken = validateRefreshToken(refreshTokenValue, ipAddress);
User user = refreshToken.getUser();
// Check account status
validateUserAccount(user);
// Mark token as used
refreshToken.markUsed();
refreshTokenRepository.save(refreshToken);
// Generate new access token
AccessTokenResponse accessToken = jwtTokenService.generateAccessToken(user);
// Implement token rotation if enabled
if (shouldRotateRefreshToken(refreshToken)) {
RefreshTokenResponse newRefreshToken = createRefreshToken(user, httpRequest);
// Mark old token as replaced
refreshToken.setReplacedBy(extractTokenId(newRefreshToken.token()));
refreshToken.revoke();
refreshTokenRepository.save(refreshToken);
return AccessTokenResponse.builder()
.token(accessToken.token())
.expiresAt(accessToken.expiresAt())
.refreshToken(newRefreshToken.token())
.refreshTokenExpiresAt(newRefreshToken.expiresAt())
.build();
}
return accessToken;
}
@Transactional
public void revokeRefreshToken(String token, String reason) {
refreshTokenRepository.findByToken(token)
.ifPresent(refreshToken -> {
refreshToken.revoke();
refreshTokenRepository.save(refreshToken);
// Publish token revoked event
applicationEventPublisher.publishEvent(
new RefreshTokenRevokedEvent(refreshToken, reason));
});
}
@Transactional
public void revokeAllUserTokens(User user, String reason) {
List<RefreshToken> activeTokens = refreshTokenRepository
.findByUserAndRevokedFalse(user);
activeTokens.forEach(token -> {
token.revoke();
// Store revocation reason in audit log
});
refreshTokenRepository.saveAll(activeTokens);
// Publish batch revocation event
applicationEventPublisher.publishEvent(
new AllRefreshTokensRevokedEvent(user, activeTokens.size(), reason));
}
private RefreshToken validateRefreshToken(String tokenValue, String ipAddress) {
RefreshToken refreshToken = refreshTokenRepository.findByToken(tokenValue)
.orElseThrow(() -> new InvalidTokenException("Refresh token not found"));
// Validate token status
if (!refreshToken.isValid()) {
if (refreshToken.isRevoked()) {
throw new TokenRevokedException("Token has been revoked");
}
if (refreshToken.isExpired()) {
refreshTokenRepository.delete(refreshToken);
throw new ExpiredTokenException("Refresh token expired");
}
throw new InvalidTokenException("Token is invalid");
}
// Validate token usage
if (refreshToken.getMaxUsage() != null &&
refreshToken.getUsageCount() >= refreshToken.getMaxUsage()) {
refreshToken.revoke();
refreshTokenRepository.save(refreshToken);
throw new TokenUsageExceededException("Token usage limit exceeded");
}
// Validate IP address (optional security measure)
if (!isValidIpAddress(refreshToken.getIpAddress(), ipAddress)) {
log.warn("Suspicious refresh token usage - IP mismatch. Expected: {}, Actual: {}",
refreshToken.getIpAddress(), ipAddress);
// Optional: revoke token on IP mismatch
// refreshToken.revoke();
// refreshTokenRepository.save(refreshToken);
// throw new SecurityException("IP address mismatch");
}
return refreshToken;
}
private void enforceMaxActiveTokens(User user) {
long activeTokens = refreshTokenRepository.countActiveTokensByUser(
user, Instant.now());
if (activeTokens >= maxActiveTokensPerUser) {
// Revoke oldest token
List<RefreshToken> oldestTokens = refreshTokenRepository
.findOldestActiveTokensByUser(user);
if (!oldestTokens.isEmpty()) {
RefreshToken oldestToken = oldestTokens.get(0);
oldestToken.revoke();
refreshTokenRepository.save(oldestToken);
log.info("Revoked oldest refresh token for user {} due to limit",
user.getId());
}
}
}
private boolean shouldRotateRefreshToken(RefreshToken refreshToken) {
if (!tokenRotationEnabled) {
return false;
}
// Rotate if token is older than threshold
boolean ageThreshold = refreshToken.getCreatedAt()
.isBefore(Instant.now().minus(tokenRotationThreshold));
// Rotate if token has been used too many times
boolean usageThreshold = refreshToken.getUsageCount() > 50;
return ageThreshold || usageThreshold;
}
// Cleanup expired and revoked tokens
@Scheduled(fixedRate = 86400000) // Daily
public void cleanupTokens() {
Instant cutoff = Instant.now().minus(30, ChronoUnit.DAYS);
// Delete expired tokens older than 30 days
List<RefreshToken> expiredTokens = refreshTokenRepository
.findByExpiresAtBefore(cutoff);
refreshTokenRepository.deleteAll(expiredTokens);
// Delete revoked tokens older than 30 days
List<RefreshToken> revokedTokens = refreshTokenRepository
.findByRevokedTrueAndRevokedAtBefore(cutoff);
refreshTokenRepository.deleteAll(revokedTokens);
log.info("Cleaned up {} expired and {} revoked tokens",
expiredTokens.size(), revokedTokens.size());
}
}Token Blacklisting
BlacklistedToken Entity
@Entity
@Table(name = "blacklisted_tokens")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class BlacklistedToken {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Column(name = "token_id", unique = true, nullable = false)
private String tokenId; // JWT ID (jti claim)
@Column(columnDefinition = "TEXT")
private String token; // Full token (for debugging)
@Column(name = "blacklisted_at", nullable = false)
private Instant blacklistedAt;
@Column(name = "expires_at", nullable = false)
private Instant expiresAt;
@Column(name = "blacklisted_by")
private String blacklistedBy; // User ID or system
private String reason; // Reason for blacklisting
@Enumerated(EnumType.STRING)
private BlacklistReason blacklistReason;
public enum BlacklistReason {
LOGOUT,
PASSWORD_CHANGE,
ROLE_CHANGE,
ACCOUNT_SUSPENSION,
SUSPICIOUS_ACTIVITY,
TOKEN_THEFT,
ADMIN_REVOCATION,
MASS_REVOCATION
}
public boolean isExpired() {
return Instant.now().isAfter(expiresAt);
}
}Token Blacklisting Service
@Service
@Transactional
public class TokenBlacklistingService {
private final BlacklistedTokenRepository blacklistedTokenRepository;
private final JwtDecoder jwtDecoder;
public void blacklistToken(String token, String reason, BlacklistReason blacklistReason) {
try {
Jwt jwt = jwtDecoder.decode(token);
String tokenId = jwt.getClaimAsString("jti");
Instant expiresAt = jwt.getExpiresAt();
if (tokenId == null || expiresAt == null) {
throw new InvalidTokenException("Token missing required claims");
}
BlacklistedToken blacklistedToken = BlacklistedToken.builder()
.tokenId(tokenId)
.token(token.substring(0, Math.min(token.length(), 100))) // Store first 100 chars
.blacklistedAt(Instant.now())
.expiresAt(expiresAt)
.blacklistedBy(getCurrentUser())
.reason(reason)
.blacklistReason(blacklistReason)
.build();
blacklistedTokenRepository.save(blacklistedToken);
log.info("Token {} blacklisted for reason: {}", tokenId, reason);
} catch (JwtException e) {
log.error("Failed to blacklist token", e);
throw new InvalidTokenException("Invalid token", e);
}
}
@Transactional(readOnly = true)
public boolean isTokenBlacklisted(String token) {
try {
Jwt jwt = jwtDecoder.decode(token);
String tokenId = jwt.getClaimAsString("jti");
if (tokenId == null) {
return false;
}
return blacklistedTokenRepository.existsByTokenId(tokenId);
} catch (JwtException e) {
// If token is invalid, it's effectively blacklisted
return true;
}
}
@Transactional
public void blacklistAllUserTokens(User user, String reason, BlacklistReason blacklistReason) {
// This would require tracking all active tokens in the system
// For now, we'll implement a user-based blacklist
UserBlacklist blacklist = UserBlacklist.builder()
.user(user)
.blacklistedAt(Instant.now())
.reason(reason)
.blacklistReason(blacklistReason)
.build();
userBlacklistRepository.save(blacklist);
}
@Scheduled(fixedRate = 3600000) // Every hour
public void cleanupExpiredBlacklistedTokens() {
List<BlacklistedToken> expiredTokens = blacklistedTokenRepository
.findByExpiresAtBefore(Instant.now());
blacklistedTokenRepository.deleteAll(expiredTokens);
if (!expiredTokens.isEmpty()) {
log.info("Cleaned up {} expired blacklisted tokens", expiredTokens.size());
}
}
}Session Management
Session Tracking
@Entity
@Table(name = "user_sessions")
@Getter
@Setter
@NoArgsConstructor
@AllArgsConstructor
@Builder
public class UserSession {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@ManyToOne(fetch = FetchType.LAZY)
@JoinColumn(name = "user_id", nullable = false)
private User user;
@Column(name = "session_id", unique = true, nullable = false)
private String sessionId;
@Column(name = "device_id")
private String deviceId;
@Column(name = "device_info")
private String deviceInfo;
@Column(name = "ip_address")
private String ipAddress;
@Column(name = "user_agent")
private String userAgent;
@Column(name = "location")
private String location; // Geolocation based on IP
@Column(name = "login_at", nullable = false)
private Instant loginAt;
@Column(name = "last_activity_at")
private Instant lastActivityAt;
@Column(name = "logout_at")
private Instant logoutAt;
@Column(name = "session_timeout_at")
private Instant sessionTimeoutAt;
@Column(nullable = false)
private boolean active = true;
@Column(nullable = false)
private boolean persistent = false;
// Session metadata
@Column(name = "login_method")
@Enumerated(EnumType.STRING)
private LoginMethod loginMethod;
@Column(name = "mfa_verified")
private boolean mfaVerified = false;
@Column(name = "risk_score")
private Integer riskScore;
public boolean isValid() {
return active && !isExpired();
}
public boolean isExpired() {
return sessionTimeoutAt != null && Instant.now().isAfter(sessionTimeoutAt);
}
public void updateActivity() {
this.lastActivityAt = Instant.now();
// Update session timeout based on inactivity policy
this.sessionTimeoutAt = Instant.now().plus(30, ChronoUnit.MINUTES);
}
public void terminate() {
this.active = false;
this.logoutAt = Instant.now();
}
}
@Service
public class SessionManagementService {
@Value("${security.session.max-concurrent:5}")
private int maxConcurrentSessions;
@Value("${security.session.inactivity-timeout:PT30M}")
private Duration inactivityTimeout;
public UserSession createSession(User user, HttpServletRequest request, LoginMethod loginMethod) {
String sessionId = UUID.randomUUID().toString();
String ipAddress = extractIpAddress(request);
String deviceInfo = extractDeviceInfo(request);
String deviceId = generateDeviceId(request);
// Enforce concurrent session limit
enforceConcurrentSessionLimit(user);
UserSession session = UserSession.builder()
.user(user)
.sessionId(sessionId)
.deviceId(deviceId)
.deviceInfo(deviceInfo)
.ipAddress(ipAddress)
.userAgent(request.getHeader("User-Agent"))
.location(lookupLocation(ipAddress))
.loginAt(Instant.now())
.lastActivityAt(Instant.now())
.sessionTimeoutAt(Instant.now().plus(inactivityTimeout))
.active(true)
.loginMethod(loginMethod)
.riskScore(calculateRiskScore(request))
.build();
session = sessionRepository.save(session);
// Publish session created event
applicationEventPublisher.publishEvent(new UserSessionCreatedEvent(session));
return session;
}
@Transactional
public void terminateSession(String sessionId, String reason) {
sessionRepository.findBySessionId(sessionId)
.ifPresent(session -> {
session.terminate();
sessionRepository.save(session);
// Revoke associated refresh tokens
refreshTokenService.revokeTokensBySessionId(sessionId);
// Publish session terminated event
applicationEventPublisher.publishEvent(
new UserSessionTerminatedEvent(session, reason));
});
}
@Transactional
public void terminateAllUserSessions(User user, String reason) {
List<UserSession> activeSessions = sessionRepository
.findByUserAndActiveTrue(user);
activeSessions.forEach(session -> {
session.terminate();
// Revoke associated tokens
refreshTokenService.revokeTokensBySessionId(session.getSessionId());
});
sessionRepository.saveAll(activeSessions);
// Publish batch session termination event
applicationEventPublisher.publishEvent(
new AllUserSessionsTerminatedEvent(user, activeSessions.size(), reason));
}
private void enforceConcurrentSessionLimit(User user) {
long activeSessions = sessionRepository.countByUserAndActiveTrue(user);
if (activeSessions >= maxConcurrentSessions) {
// Terminate oldest session
List<UserSession> oldestSessions = sessionRepository
.findByUserAndActiveTrueOrderByLoginAtAsc(user);
if (!oldestSessions.isEmpty()) {
UserSession oldestSession = oldestSessions.get(0);
terminateSession(oldestSession.getSessionId(),
"Concurrent session limit exceeded");
}
}
}
// Cleanup inactive sessions
@Scheduled(fixedRate = 300000) // Every 5 minutes
public void cleanupInactiveSessions() {
List<UserSession> inactiveSessions = sessionRepository
.findByActiveTrueAndSessionTimeoutAtBefore(Instant.now());
inactiveSessions.forEach(session -> {
session.terminate();
// Revoke associated refresh tokens
refreshTokenService.revokeTokensBySessionId(session.getSessionId());
});
sessionRepository.saveAll(inactiveSessions);
if (!inactiveSessions.isEmpty()) {
log.info("Cleaned up {} inactive sessions", inactiveSessions.size());
}
}
}Token Security Headers
Security Headers Configuration
@Configuration
public class SecurityHeadersConfig {
@Bean
public SecurityFilterChain securityHeaders(HttpSecurity http) throws Exception {
return http
.headers(headers -> headers
.contentTypeOptions(cto -> cto.and()
.xssProtection(xss -> xss.headerValue(XXssProtectionHeaderWriter.HeaderValue.ENABLED_MODE_BLOCK))
.httpStrictTransportSecurity(hsts -> hsts
.maxAgeInSeconds(31536000)
.includeSubdomains(true)
.preload(true))
.frameOptions(frame -> frame.deny())
.contentSecurityPolicy(csp -> csp
.policyDirectives("default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https:; font-src 'self'; connect-src 'self'; frame-ancestors 'none';"))
.referrerPolicy(referrer -> referrer
.policy(ReferrerPolicy.STRICT_ORIGIN_WHEN_CROSS_ORIGIN))))
.and())
.build();
}
}Rate Limiting for Token Endpoints
@RestController
@RequestMapping("/api/auth")
public class AuthController {
private final RateLimiter authRateLimiter;
@PostMapping("/login")
@RateLimited(requests = 5, window = "PT1M")
public ResponseEntity<LoginResponse> login(@RequestBody LoginRequest request) {
// Login implementation
}
@PostMapping("/refresh")
@RateLimited(requests = 10, window = "PT1M")
public ResponseEntity<RefreshTokenResponse> refresh(
@RequestBody RefreshTokenRequest request) {
// Refresh token implementation
}
}
@Aspect
@Component
public class RateLimitingAspect {
private final Map<String, Bucket> bucketCache = new ConcurrentHashMap<>();
@Around("@annotation(rateLimited)")
public Object around(ProceedingJoinPoint joinPoint, RateLimited rateLimited) throws Throwable {
String key = generateKey(joinPoint, rateLimited);
Bucket bucket = bucketCache.computeIfAbsent(key, k -> createBucket(rateLimited));
if (bucket.tryConsume(1)) {
return joinPoint.proceed();
} else {
throw new RateLimitExceededException("Rate limit exceeded");
}
}
private String generateKey(ProceedingJoinPoint joinPoint, RateLimited rateLimited) {
HttpServletRequest request = getCurrentRequest();
String clientIp = getClientIpAddress(request);
return String.format("%s:%s:%s",
joinPoint.getSignature().toShortString(),
clientIp,
rateLimited.identifier());
}
}docs
plugins
developer-kit-ai
developer-kit-aws
agents
docs
skills
aws
aws-cli-beast
aws-cost-optimization
aws-drawio-architecture-diagrams
aws-sam-bootstrap
aws-cloudformation
aws-cloudformation-auto-scaling
aws-cloudformation-bedrock
aws-cloudformation-cloudfront
aws-cloudformation-cloudwatch
aws-cloudformation-dynamodb
aws-cloudformation-ec2
aws-cloudformation-ecs
aws-cloudformation-elasticache
references
aws-cloudformation-iam
references
aws-cloudformation-lambda
aws-cloudformation-rds
aws-cloudformation-s3
aws-cloudformation-security
aws-cloudformation-task-ecs-deploy-gh
aws-cloudformation-vpc
references
developer-kit-core
agents
commands
skills
developer-kit-devops
developer-kit-java
agents
commands
devkit.java.architect-review.mddevkit.java.code-review.mddevkit.java.dependency-audit.mddevkit.java.generate-crud.mddevkit.java.generate-docs.mddevkit.java.generate-refactoring-tasks.mddevkit.java.refactor-class.mddevkit.java.security-review.mddevkit.java.upgrade-dependencies.mddevkit.java.write-integration-tests.mddevkit.java.write-unit-tests.md
docs
skills
aws-lambda-java-integration
aws-rds-spring-boot-integration
aws-sdk-java-v2-bedrock
aws-sdk-java-v2-core
aws-sdk-java-v2-dynamodb
aws-sdk-java-v2-kms
aws-sdk-java-v2-lambda
aws-sdk-java-v2-messaging
aws-sdk-java-v2-rds
aws-sdk-java-v2-s3
aws-sdk-java-v2-secrets-manager
clean-architecture
graalvm-native-image
langchain4j-ai-services-patterns
references
langchain4j-mcp-server-patterns
references
langchain4j-rag-implementation-patterns
references
langchain4j-spring-boot-integration
langchain4j-testing-strategies
langchain4j-tool-function-calling-patterns
langchain4j-vector-stores-configuration
references
qdrant
references
spring-ai-mcp-server-patterns
spring-boot-actuator
spring-boot-cache
spring-boot-crud-patterns
spring-boot-dependency-injection
spring-boot-event-driven-patterns
spring-boot-openapi-documentation
spring-boot-project-creator
spring-boot-resilience4j
spring-boot-rest-api-standards
spring-boot-saga-pattern
spring-boot-security-jwt
assets
references
authorization-patterns.mdconfiguration.mdexamples.mdjwt-complete-configuration.mdjwt-configuration.mdjwt-quick-reference.mdjwt-testing-guide.mdmicroservices-security.mdmigration-spring-security-6x.mdoauth2-integration.mdperformance-optimization.mdsecurity-hardening.mdstructure.mdtesting-jwt-security.mdtesting.mdtoken-management.mdtroubleshooting.md
scripts
spring-boot-test-patterns
spring-data-jpa
references
spring-data-neo4j
references
unit-test-application-events
unit-test-bean-validation
unit-test-boundary-conditions
unit-test-caching
unit-test-config-properties
references
unit-test-controller-layer
unit-test-exception-handler
references
unit-test-json-serialization
unit-test-mapper-converter
references
unit-test-parameterized
unit-test-scheduled-async
references
unit-test-service-layer
references
unit-test-utility-methods
unit-test-wiremock-rest-api
references
developer-kit-php
developer-kit-project-management
developer-kit-python
developer-kit-specs
commands
docs
hooks
test-templates
tests
skills
developer-kit-tools
developer-kit-typescript
agents
expo-react-native-development-expert.mdnestjs-backend-development-expert.mdnestjs-code-review-expert.mdnestjs-database-expert.mdnestjs-security-expert.mdnestjs-testing-expert.mdnestjs-unit-testing-expert.mdreact-frontend-development-expert.mdreact-software-architect-review.mdtypescript-documentation-expert.mdtypescript-refactor-expert.mdtypescript-security-expert.mdtypescript-software-architect-review.md
docs
hooks
rules
drizzle-orm-conventions.mderror-handling.mdi18n-conventions.mdlambda-conventions.mdlanguage-best-practices.mdnaming-conventions.mdnestjs-api-design.mdnestjs-architecture.mdnestjs-security.mdnestjs-testing.mdnx-monorepo-conventions.mdproject-structure.mdreact-component-conventions.mdreact-data-fetching.mdreact-routing-conventions.mdserver-feature-conventions.mdshared-dto-conventions.mdtailwind-styling-conventions.mdzod-validation-patterns.md
skills
aws-cdk
aws-lambda-typescript-integration
better-auth
clean-architecture
drizzle-orm-patterns
dynamodb-toolbox-patterns
references
nestjs
nestjs-best-practices
nestjs-code-review
nestjs-drizzle-crud-generator
nextjs-app-router
nextjs-authentication
nextjs-code-review
nextjs-data-fetching
nextjs-deployment
nextjs-performance
nx-monorepo
react-code-review
react-patterns
shadcn-ui
tailwind-css-patterns
tailwind-design-system
references
turborepo-monorepo
typescript-docs
typescript-security-review
zod-validation-utilities
references
github-spec-kit