Express.js
BackendCommonly used with
Skills using Express.js (117)
anima-deploy-integration
Deploy Anima design-to-code service as a backend API endpoint. Use when building a design-to-code microservice, deploying Anima SDK as a serverless function, or creating an internal design tool API. Trigger: "deploy anima", "anima service deploy", "anima serverless".
anima-webhooks-events
Use Figma webhooks to trigger automatic Anima code generation on design changes. Use when building event-driven design-to-code pipelines, auto-generating components when Figma files change, or integrating design updates into CI. Trigger: "anima webhook", "figma webhook", "anima auto-generate on change".
apollo-enterprise-rbac
Enterprise role-based access control for Apollo.io. Use when implementing team permissions, restricting data access, or setting up enterprise security controls. Trigger with phrases like "apollo rbac", "apollo permissions", "apollo roles", "apollo team access", "apollo enterprise security".
appfolio-local-dev-loop
Set up local development for AppFolio property management API integration. Trigger: "appfolio local dev".
castai-webhooks-events
Configure CAST AI webhook notifications for cluster events and audit logs. Use when setting up alerts for node scaling, cost threshold events, or integrating CAST AI events with Slack, PagerDuty, or custom endpoints. Trigger with phrases like "cast ai webhooks", "cast ai notifications", "cast ai slack alerts", "cast ai events".
clay-local-dev-loop
Set up a local development loop for building and testing Clay integrations. Use when iterating on Clay webhook handlers, testing enrichment pipelines, or building scripts that push data into Clay tables. Trigger with phrases like "clay local dev", "clay development setup", "clay testing locally", "clay dev workflow", "iterate clay integration".
clay-webhooks-events
Implement Clay webhook receivers and HTTP API column callbacks for real-time data flow. Use when setting up webhook endpoints, handling enrichment callbacks from Clay, or building event-driven integrations with Clay tables. Trigger with phrases like "clay webhook", "clay events", "clay callback", "handle clay data", "clay notifications", "clay HTTP API column".
clickhouse-webhooks-events
Ingest data into ClickHouse from webhooks, Kafka, and streaming sources with batching, dedup, and exactly-once patterns. Use when building data ingestion pipelines, consuming webhook payloads, or integrating Kafka topics into ClickHouse. Trigger: "clickhouse ingestion", "clickhouse webhook", "clickhouse Kafka", "stream data to clickhouse", "clickhouse data pipeline".
deepgram-reference-architecture
Implement Deepgram reference architecture for scalable transcription systems. Use when designing transcription pipelines, building production architectures, or planning Deepgram integration at scale. Trigger: "deepgram architecture", "transcription pipeline", "deepgram system design", "deepgram at scale", "enterprise deepgram", "deepgram queue".
evernote-local-dev-loop
Set up efficient local development workflow for Evernote integrations. Use when configuring dev environment, setting up sandbox testing, or optimizing development iteration speed. Trigger with phrases like "evernote dev setup", "evernote local development", "evernote sandbox", "test evernote locally".
fireflies-security-basics
Apply Fireflies.ai security best practices for API keys and webhook verification. Use when securing API keys, verifying webhook signatures, or auditing Fireflies.ai security configuration. Trigger with phrases like "fireflies security", "fireflies secrets", "secure fireflies", "fireflies webhook signature", "fireflies HMAC".
fondo-local-dev-loop
Configure local development workflows that integrate with Fondo for financial data, using Fondo exports with QuickBooks or accounting tools. Trigger: "fondo dev setup", "fondo export", "fondo QuickBooks", "fondo local data".
fondo-webhooks-events
Implement event-driven financial workflows using webhooks from Fondo-connected services: Stripe payment events, Gusto payroll events, and Plaid transactions. Trigger: "fondo webhooks", "fondo events", "stripe payroll webhooks", "financial events".
framer-webhooks-events
Implement Framer webhook signature validation and event handling. Use when setting up webhook endpoints, implementing signature verification, or handling Framer event notifications securely. Trigger with phrases like "framer webhook", "framer events", "framer webhook signature", "handle framer events", "framer notifications".
glean-local-dev-loop
Configure Glean local development with mock search responses, test datasources, and connector development workflow. Trigger: "glean dev setup", "glean local development", "glean connector development".
granola-webhooks-events
Build event-driven automations with Granola's Zapier webhook triggers. Use when creating real-time notification systems, processing meeting events, or building custom integrations that react to Granola note creation. Trigger: "granola webhooks", "granola events", "granola triggers", "granola real-time", "granola event-driven".
groq-webhooks-events
Build event-driven architectures with Groq streaming, batch processing, and async patterns. Use when setting up real-time SSE endpoints, batch processing pipelines, or event-driven LLM processing with Groq. Trigger with phrases like "groq streaming", "groq events", "groq SSE", "groq batch", "groq async", "groq event-driven".
hootsuite-webhooks-events
Implement Hootsuite webhook signature validation and event handling. Use when setting up webhook endpoints, implementing signature verification, or handling Hootsuite event notifications securely. Trigger with phrases like "hootsuite webhook", "hootsuite events", "hootsuite webhook signature", "handle hootsuite events", "hootsuite notifications".
juicebox-local-dev-loop
Configure Juicebox local dev workflow. Trigger: "juicebox local dev", "juicebox dev setup".
lindy-deploy-integration
Deploy applications that integrate with Lindy AI agents. Use when deploying webhook receivers, callback handlers, or applications connected to Lindy agents. Trigger with phrases like "deploy lindy", "lindy deployment", "lindy production deploy", "release lindy integration".
lindy-local-dev-loop
Set up local development workflow for testing Lindy AI agent integrations. Use when building webhook receivers, testing agent callbacks, or iterating on Lindy-connected applications locally. Trigger with phrases like "lindy local dev", "lindy development", "test lindy locally", "lindy webhook local".
linktree-local-dev-loop
Local Dev Loop for Linktree. Trigger: "linktree local dev loop".
linktree-webhooks-events
Webhooks Events for Linktree. Trigger: "linktree webhooks events".
lokalise-webhooks-events
Implement Lokalise webhook handling and event processing. Use when setting up webhook endpoints, handling translation events, or building automation based on Lokalise notifications. Trigger with phrases like "lokalise webhook", "lokalise events", "lokalise notifications", "handle lokalise events", "lokalise automation".
lucidchart-local-dev-loop
Local Dev Loop for Lucidchart. Trigger: "lucidchart local dev loop".
lucidchart-webhooks-events
Webhooks Events for Lucidchart. Trigger: "lucidchart webhooks events".
maintainx-webhooks-events
Implement MaintainX webhook handling and event-driven integrations. Use when setting up webhooks, handling MaintainX events, or building real-time integrations with MaintainX. Trigger with phrases like "maintainx webhook", "maintainx events", "maintainx notifications", "maintainx real-time", "maintainx triggers".
mindtickle-local-dev-loop
Local Dev Loop for MindTickle. Trigger: "mindtickle local dev loop".
mindtickle-webhooks-events
Webhooks Events for MindTickle. Trigger: "mindtickle webhooks events".
openevidence-local-dev-loop
Local Dev Loop for OpenEvidence. Trigger: "openevidence local dev loop".
perplexity-webhooks-events
Build event-driven architectures around Perplexity Sonar API with streaming, batch pipelines, and scheduled search monitoring. Trigger with phrases like "perplexity streaming", "perplexity events", "perplexity batch search", "perplexity news monitor", "perplexity SSE".
persona-core-workflow-a
Build a complete KYC verification flow with Persona inquiries and embedded UI. Use when implementing identity verification, building KYC onboarding, or integrating Persona's hosted flow into your application. Trigger with phrases like "persona KYC flow", "identity verification", "persona inquiry workflow", "onboarding verification".
podium-core-workflow-a
Podium core workflow a — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium core workflow a", "podium-core-workflow-a".
podium-webhooks-events
Podium webhooks events — business messaging and communication platform integration. Use when working with Podium API for messaging, reviews, or payments. Trigger with phrases like "podium webhooks events", "podium-webhooks-events".
quicknode-webhooks-events
QuickNode webhooks events — blockchain RPC and Web3 infrastructure integration. Use when working with QuickNode for blockchain development. Trigger with phrases like "quicknode webhooks events", "quicknode-webhooks-events", "blockchain RPC".
replit-hello-world
Create a minimal working Replit app with database, object storage, and auth. Use when starting a new Replit project, testing your setup, or learning Replit's built-in services (DB, Auth, Object Storage). Trigger with phrases like "replit hello world", "replit starter", "replit quick start", "first replit app", "replit example".
replit-webhooks-events
Handle Replit deployment events, build Replit Extensions, and set up Agents & Automations. Use when integrating with Replit deployment lifecycle, building workspace extensions, or creating automated workflows with Replit Agent. Trigger with phrases like "replit webhook", "replit events", "replit extension", "replit automation", "replit notifications", "replit agent automation".
retellai-webhooks-events
Retell AI webhooks events — AI voice agent and phone call automation. Use when working with Retell AI for voice agents, phone calls, or telephony. Trigger with phrases like "retell webhooks events", "retellai-webhooks-events", "voice agent".
salesforce-webhooks-events
Implement Salesforce Platform Events, Change Data Capture (CDC), and Outbound Messages. Use when building real-time integrations, listening for record changes, or implementing event-driven architecture with Salesforce. Trigger with phrases like "salesforce events", "salesforce CDC", "salesforce platform events", "salesforce streaming", "salesforce outbound message", "salesforce real-time".
stackblitz-install-auth
Install the WebContainer API and configure StackBlitz SDK for browser-based Node.js. Use when setting up WebContainers, embedding StackBlitz projects, or initializing the @stackblitz/sdk package. Trigger: "install stackblitz", "setup webcontainers", "stackblitz SDK".
together-local-dev-loop
Together AI local dev loop for inference, fine-tuning, and model deployment. Use when working with Together AI's OpenAI-compatible API. Trigger: "together local dev loop".
azure-web-pubsub-ts
Real-time messaging with WebSocket connections and pub/sub patterns.
backend-dev-guidelines
You are a senior backend engineer operating production-grade services under strict architectural and reliability constraints. Use when routes, controllers, services, repositories, express middleware, or prisma database access.
gcp-cloud-run
Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub.
nodejs-backend
Node.js backend patterns with Express/Fastify, repositories
implementing-api-rate-limiting-and-throttling
Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms to protect against brute force attacks, credential stuffing, resource exhaustion, and API abuse. The engineer configures per-user, per-IP, and per-endpoint rate limits using Redis-backed counters, API gateway plugins, or application middleware, and implements proper HTTP 429 responses with Retry-After headers. Activates for requests involving rate limiting implementation, API throttling setup, request quota management, or API abuse prevention.
apollo-server
Apollo Server configuration, plugins, caching, federation, and performance optimization.
express
Express.js middleware patterns, routing, error handling, security, and production best practices.
mcp-transport-sse-setup
Configure HTTP/SSE transport for web-based MCP servers with proper endpoints, authentication, and CORS.
gcp-cloud-run
Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub.
azure-web-pubsub-ts
Build real-time messaging applications using Azure Web PubSub SDKs for JavaScript (@azure/web-pubsub, @azure/web-pubsub-client). Use when implementing WebSocket-based real-time features, pub/sub messaging, group chat, or live notifications.
nestjs-expert
Creates and configures NestJS modules, controllers, services, DTOs, guards, and interceptors for enterprise-grade TypeScript backend applications. Use when building NestJS REST APIs or GraphQL services, implementing dependency injection, scaffolding modular architecture, adding JWT/Passport authentication, integrating TypeORM or Prisma, or working with .module.ts, .controller.ts, and .service.ts files. Invoke for guards, interceptors, pipes, validation, Swagger documentation, and unit/E2E testing in NestJS projects.
help
help and documentation for babysitter command usage, processes, skills, agents, and methodologies. use this command to understand how to use babysitter effectively.
senior-backend
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
sponsor-finder
Find which of a GitHub repository's dependencies are sponsorable via GitHub Sponsors. Uses deps.dev API for dependency resolution across npm, PyPI, Cargo, Go, RubyGems, Maven, and NuGet. Checks npm funding metadata, FUNDING.yml files, and web search. Verifies every link. Shows direct and transitive dependencies with OSSF Scorecard health data. Invoke with /sponsor followed by a GitHub owner/repo (e.g. "/sponsor expressjs/express").
nodejs-backend-patterns
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures.
debug-live-issue
Debug production-like issues in this repository with disciplined evidence gathering. Use when fixing failing workflows, regressions, flaky behavior, or data inconsistencies across hooks, API, DB, websocket, and UI.
mcp-maintainer
Operate and maintain the local MCP server for this repository. Use for MCP tool updates, policy-guard changes, host configuration, and MCP runtime troubleshooting.
mcp-operations
Operate and maintain the local MCP server for this project. Use when creating MCP host config, troubleshooting tool connectivity, modifying tool domains, or adjusting safety policy flags.
ship-feature
Implement a feature safely end-to-end in this repository. Use when adding or changing functionality across backend, frontend, or MCP with required verification and documentation updates.
api-rate-limiting
Implements API rate limiting using token bucket, sliding window, and Redis-based algorithms to protect against abuse. Use when securing public APIs, implementing tiered access, or preventing denial-of-service attacks.
hunt-nodejs
Hunt Node.js specific vulnerabilities — Prototype Pollution → RCE chains (lodash/merge/assign), Express trust proxy misconfiguration, child_process/eval injection, template engine SSTI (EJS/Pug/Handlebars), path traversal in file servers, require() injection, environment variable exfil via /proc/self/environ. Use when target runs Node.js/Express/Fastify/NestJS/Koa.
release-guard
Run release-readiness checks for this repository. Use when validating docs, scripts, verification coverage, and operational safety before merge or release.
repo-onboarding
Understand this repository quickly before making changes. Use for architecture discovery, ownership mapping, command selection, and initial implementation planning.
anomaly-alert
Identify anomalous sessions using Agent Monitor data — cost outliers from the pricing engine, token anomalies (cache miss spikes, compaction baseline surges), unusual event type ratios (PreToolUse/PostToolUse gaps, APIError clusters), behavioral deviations from workflow intelligence (complexity score outliers, error propagation anomalies), and sessions with abnormal metadata (extreme turn_count, high thinking_blocks, zero turn_duration).
cost-breakdown
Break down Claude Code costs using the Agent Monitor pricing engine. Shows per-model costs (input, output, cache_read, cache_write at $/Mtok rates), per-session costs, daily trends, and compaction baseline token recovery. Use when analyzing spending, comparing model costs, or planning budgets.
hook-diagnostics
Diagnose Claude Code hook installation, delivery, and ingestion issues. Checks hook configuration, connectivity, event flow, and identifies common problems. Use when events are not appearing in the dashboard.
optimization-suggest
Suggest concrete optimizations for Claude Code usage based on historical session data. Covers cost reduction, speed improvement, error prevention, and workflow efficiency. Use for data-driven optimization planning.
pattern-detect
Detect recurring patterns using the Agent Monitor's workflow intelligence — toolFlow transitions (tool A → B frequency matrices), recurring workflow patterns, agent co-occurrence pairs, model delegation habits, error propagation paths by agent depth, and compaction triggers. Use to discover habitual usage patterns and anti-patterns.
productivity-score
Calculate a productivity score using actual Agent Monitor metrics — session completion rates, cache efficiency (cache_read vs input), compaction pressure (baseline tokens), turn velocity (turn_count / total_turn_duration_ms), tool success ratio (PreToolUse vs PostToolUse), and the workflow intelligence API's complexity and effectiveness scores.
session-compare
Compare two sessions side-by-side using Agent Monitor data — per-model token usage (input/output/cache_read/cache_write + compaction baselines), pricing engine cost breakdowns, workflow intelligence (complexity scores, tool flow transitions, subagent effectiveness), session metadata (thinking_blocks, turn_count, turn_duration_ms, usage_extras), and full event timelines with all 10+ event types.
session-debug
Debug a specific session by inspecting its full event chain (PreToolUse, PostToolUse, Stop, SubagentStop, Compaction, APIError, TurnDuration, Notification events), agent hierarchy (recursive parent/child tree with subagent_type and depth), token usage with compaction baselines, workflow intelligence data (orchestration DAG, error propagation by depth), and session metadata (thinking_blocks, turn_count, total_turn_duration_ms).
session-report
Generate a comprehensive session report with per-model token usage (input, output, cache_read, cache_write including compaction baselines), cost breakdown via the pricing engine, tool invocations, agent hierarchy, compaction events, API errors, turn durations, and thinking block counts. Use when reviewing a specific session or summarizing activity over a date range.
sprint-summary
Summarize a sprint's worth of Claude Code activity ��� sessions grouped by project (cwd), per-model cost breakdown, token efficiency (cache hit rate, compaction baselines), subagent effectiveness from workflow API, velocity metrics (turn_count, turn_duration_ms), and tool diversity across the sprint.
usage-trends
Analyze Claude Code usage trends over time using the Agent Monitor's analytics API — daily session counts, daily event counts, token volumes by type, model distribution, tool usage rankings, and agent/event type distributions across 365-day retention windows.
weekly-report
Compile a weekly productivity report using Agent Monitor data — daily_sessions and daily_events trends, per-session costs from pricing engine, token volumes (input/output/cache_read/cache_write + baselines), tool usage top 20, session completion rates by status, and workflow intelligence metrics.
workflow-optimizer
Analyze workflow patterns using the Agent Monitor's workflow intelligence API — orchestration DAGs, tool flow transitions, subagent effectiveness, model delegation patterns, error propagation by depth, concurrency lanes, compaction impact, and agent co-occurrence. Produces prioritized optimization recommendations with quantified impact.
health-check
Run comprehensive health checks on the Claude Code Agent Monitor system. Validates dashboard API, database, WebSocket, hooks, and disk usage. Use to verify the monitoring setup is working correctly.
error-handling-architecture
When designing how a system recovers from and reports failures.
authentication-setup
Design and implement authentication and authorization systems. Use when setting up user login, JWT tokens, OAuth, session management, or role-based access control. Handles password security, token management, SSO integration.
azure-web-pubsub-ts
Build real-time messaging applications using Azure Web PubSub SDKs for JavaScript (@azure/web-pubsub, @azure/web-pubsub-client). Use when implementing WebSocket-based real-time features, pub/sub messaging, group chat, or live notifications.
backend-testing
Write comprehensive backend tests including unit tests, integration tests, and API tests. Use when testing REST APIs, database operations, authentication flows, or business logic. Handles Jest, Pytest, Mocha, testing strategies, mocking, and test coverage.
gcp-cloud-run
Specialized skill for building production-ready serverless applications on GCP. Covers Cloud Run services (containerized), Cloud Run Functions (event-driven), cold start optimization, and event-driven architecture with Pub/Sub.
security-best-practices
Implement security best practices for web applications and infrastructure. Use when securing APIs, preventing common vulnerabilities, or implementing security policies. Handles HTTPS, CORS, XSS, SQL Injection, CSRF, rate limiting, and OWASP Top 10.
daily-standup
Generate a daily standup summary from recent Claude Code sessions — completed work grouped by project (cwd), session costs from the pricing engine, tool invocations, error/compaction/APIError events, and turn velocity metrics from session metadata (turn_count, total_turn_duration_ms).
dashboard-status
Quick dashboard health and status overview — checks the Agent Monitor API (port 4820), reports session/agent/event counts from /api/stats, confirms WebSocket connectivity, validates hook configuration in ~/.claude/settings.json, and shows data freshness (last event timestamp). Use to verify the monitoring system is operational.
data-export
Export Claude Code session and analytics data in JSON, CSV, or Markdown formats. Supports exporting sessions, events, costs, and analytics for external analysis or reporting. Use for data backup or integration.
quick-stats
One-line summary of key Agent Monitor metrics — active sessions, total cost from the pricing engine, events today from daily_events, top tool from tool_usage, and current model from the most recent session. Use for a fast at-a-glance check without leaving the terminal.
nestjs-expert
Creates and configures NestJS modules, controllers, services, DTOs, guards, and interceptors for enterprise-grade TypeScript backend applications. Use when building NestJS REST APIs or GraphQL services, implementing dependency injection, scaffolding modular architecture, adding JWT/Passport authentication, integrating TypeORM or Prisma, or working with .module.ts, .controller.ts, and .service.ts files. Invoke for guards, interceptors, pipes, validation, Swagger documentation, and unit/E2E testing in NestJS projects.
api-generating
Generate API endpoint documentation from Express route files. Use when the user asks to generate, update, or review API docs for Express.js routes.
route-scanning
Scan Express.js source files to discover all API route definitions.
nodejs-backend-patterns
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures.
snippet-manager
Save, organize, search, and retrieve code snippets with tags, categories, and smart search capabi...
research
Focused research investigations. Converts questions into structured findings with confidence levels and source citations. Does not make decisions — produces information that informs the next step.
api-testing
HTTP API testing with Supertest (TS) and httpx/pytest (Python). Use when the user mentions API testing, Supertest, httpx, REST/GraphQL validation, or HTTP response errors.
nodejs-expert
Node.js gotchas and decision criteria. Covers async pitfalls, Express/NestJS patterns, and common mistakes.
mockgen-tailwind
Generate HTML mockup screens from PRD.md files for UI/UX human designer review. Creates a Node.js + Alpine.js + HTMX mockup server with admin dashboard layout (left sidebar navigation, header with logo/notifications/locale/user menu, footer with copyright/version) served as partials, organized by user role in a mockup/ folder. Input: application name (mandatory), version (mandatory), module (optional). Output: mockup/ folder in the application's context folder containing MOCKUP.html index page, server.js, package.json, partials/, and role-specific content subfolders. Trigger on keywords: "generate mockup", "generate mockups", "create mockup screens", "HTML mockup", "UI mockup from user stories", "mockup from PRD.md", "generate screens", "create UI screens". Accepts application name and version as input (e.g., `/mockgen-tailwind hub_middleware v1.0.3`). Optionally accepts a module name to limit generation to screens for that module only (e.g., `/mockgen-tailwind hub_middleware v1.0.3 module:Location Informatio
express
Express.js framework patterns including routing, middleware, request/response handling, and Express-specific APIs. Use when working with Express routes, middleware, or Express applications.
nodejs
Core Node.js backend patterns for TypeScript applications including async/await error handling, middleware concepts, configuration management, testing strategies, and layered architecture principles. Use when building Node.js backend services, APIs, or microservices.
backend
Servers, routes, APIs, and backend architecture. Activated when Claude creates server-side code, API routes, or Express/Fastify/Next.js API handlers.
auth-bypass
Detect authentication and authorization bypass vulnerabilities including missing auth middleware, JWT algorithm confusion, IDOR, and session fixation.
backend-setup-stack
Bootstraps a local Node.js backend development stack with Docker, PostgreSQL, and an ORM (Prisma or Sequelize). Use this skill whenever the user wants to: initialize a new backend project, set up a Dockerized database locally, wire up an ORM with automated migrations, scaffold an Express server with a health endpoint, or repair a broken local dev environment involving Docker + Postgres. Also trigger when the user mentions any of: "set up backend", "docker postgres", "prisma setup", "sequelize setup", "local dev stack", "migrate my database", "scaffold express", or "backend boilerplate". If the user is starting any server-side Node.js project and hasn't mentioned a database setup, proactively suggest this skill.
auth0-android
Use when adding authentication to Android applications (Kotlin/Java) with Web Auth, biometric-protected credentials, and MFA - integrates com.auth0.android:auth0 SDK for native Android apps
nestjs
NestJS TypeScript backend development with enterprise patterns, dependency injection, modular architecture, and comprehensive testing support. Use when: (1) Project has @nestjs/core in package.json or nest-cli.json exists, (2) Creating modules, controllers, services, guards, pipes, interceptors, or filters, (3) Implementing JWT authentication or role-based authorization (RBAC/ABAC), (4) Integrating TypeORM, Prisma, or MikroORM for database operations, (5) Writing unit tests with Jest or E2E tests with supertest, (6) Setting up Swagger/OpenAPI documentation, (7) Implementing CQRS, event sourcing, or microservices patterns. Auto-detects: nest-cli.json, *.module.ts, *.controller.ts, *.service.ts, *.guard.ts, @nestjs/* packages in package.json, src/modules/ directory structure. NOT for: Pure Express.js without NestJS, frontend React/Vue/Angular code, non-TypeScript Node.js projects, Fastify without NestJS wrapper.
authos-backend-integration
Secure backend APIs with AuthOS-issued JWTs and the AuthOS Node server adapter. Use when building an API that must verify AuthOS bearer tokens, enforce JWT claims, add Express middleware, validate JWKS keys, or create a backend-owned session after a browser OAuth callback.
senior-backend
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
nodejs-backend-patterns
Build production-ready Node.js backend services with Express/Fastify, implementing middleware patterns, error handling, authentication, database integration, and API design best practices. Use when creating Node.js servers, REST APIs, GraphQL backends, or microservices architectures.
auth0-android
Use when adding authentication to Android applications (Kotlin/Java) with Web Auth, biometric-protected credentials, and MFA - integrates com.auth0.android:auth0 SDK for native Android apps
tdd-domain-layer
Strict TDD for Domain and Application layers in Clean Architecture TypeScript. Red-Green-Refactor with Vitest. Mocks ports, never hits a database.
express
Express.js REST API: routing, middleware chains, error handling, validation with Zod, authentication with JWT, and production patterns for Node.js services
fastify
Fastify REST API: schema-first validation, plugin architecture, hooks lifecycle, TypeScript, Pino logging, JWT auth, Swagger, and production patterns for high-throughput Node.js services
nodejs-express-security
Security audit for Node.js HTTP servers using Express, Koa, Hapi, or plain http/https — covering middleware ordering, body parser config, helmet usage, session management with express-session, CORS configuration, error handling, file upload patterns (multer/busboy), and common Node-specific vulnerabilities like prototype pollution, ReDoS, and event loop blocking. Use this skill whenever the user mentions Express, Koa, Hapi, express-session, helmet, multer, body-parser, Node.js server, npm packages with known CVEs, or asks "audit my Express app", "Node.js security review", "is my Express middleware safe", "Koa security". Trigger when the codebase contains `require('express')`, `from 'express'`, `express()`, `new Koa()`, or similar Node HTTP server patterns.
backend-development
バックエンド開発の基礎。API設計、データベース設計、認証・認可、エラーハンドリング、セキュリティなど、堅牢なバックエンドシステム構築のベストプラクティス。
senior-backend
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
senior-backend
Designs and implements backend systems including REST APIs, microservices, database architectures, authentication flows, and security hardening. Use when the user asks to "design REST APIs", "optimize database queries", "implement authentication", "build microservices", "review backend code", "set up GraphQL", "handle database migrations", or "load test APIs". Covers Node.js/Express/Fastify development, PostgreSQL optimization, API security, and backend architecture patterns.
auth0-android
Use when adding authentication to Android applications (Kotlin/Java) with Web Auth, biometric-protected credentials, and MFA - integrates com.auth0.android:auth0 SDK for native Android apps
clawid
ClawID is a universal identity and verification protocol for AI agents. Use this skill to register your agent, get a ClawID, verify other agents before interacting with them, and authenticate with ClawID-enabled services.
Integration detected automatically from skill content. Some results may be false positives.