Spring
BackendCommonly used with
Skills using Spring (213)
java-pro
Master Java 21+ with modern features like virtual threads, pattern matching, and Spring Boot 3.x. Expert in the latest Java ecosystem including GraalVM, Project Loom, and cloud-native patterns.
file-to-code
Generates production-ready code from file specifications such as CSV files, JSON schemas, SQL DDL, protobuf definitions, or requirements documents. Use when the user wants to convert a data file or specification into working code. Trigger with phrases like "generate code from this CSV", "create an API from this schema", "build a parser for this file", or "turn this spec into code".
generating-rest-apis
Generate complete REST API implementations from OpenAPI specifications or database schemas. Use when generating RESTful API implementations. Trigger with phrases like "generate REST API", "create RESTful API", or "build REST endpoints".
handling-api-errors
Implement standardized error handling with proper HTTP status codes and error responses. Use when implementing standardized error handling. Trigger with phrases like "add error handling", "standardize errors", or "implement error responses".
throttling-apis
Implement API throttling policies to protect backend services from overload. Use when controlling API request rates. Trigger with phrases like "throttle API", "control request rate", or "add throttling".
faf-expert
Advanced .faf (Foundational AI-context Format) specialist. IANA-registered format, MCP server config, championship scoring, bi-directional sync.
java-pro
Master Java 21+ with modern features like virtual threads, pattern matching, and Spring Boot 3.x. Expert in the latest Java ecosystem including GraalVM, Project Loom, and cloud-native patterns.
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
development
开发语言能力索引。Python、Go、Rust、TypeScript、Java、C++、Shell。当用户提到编程、开发、代码、语言时路由到此。
implementing-api-rate-limiting-and-throttling
Implements API rate limiting and throttling controls using token bucket, sliding window, and fixed window algorithms to protect against brute force attacks, credential stuffing, resource exhaustion, and API abuse. The engineer configures per-user, per-IP, and per-endpoint rate limits using Redis-backed counters, API gateway plugins, or application middleware, and implements proper HTTP 429 responses with Retry-After headers. Activates for requests involving rate limiting implementation, API throttling setup, request quota management, or API abuse prevention.
implementing-runtime-application-self-protection
Deploy Runtime Application Self-Protection (RASP) agents to detect and block attacks from within application runtime, covering OpenRASP integration, attack pattern detection, and security policy configuration for Java and Python web applications.
framework-compatibility-checker
Check codebase compatibility with target framework versions and generate migration paths
springboot-verification
Spring Boot项目验证循环:构建、静态分析、测试覆盖、安全扫描,以及发布或PR前的差异审查。
java-architect
Use when building, configuring, or debugging enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke to implement WebFlux endpoints, optimize JPA queries and database performance, configure Spring Security with OAuth2/JWT, or resolve authentication issues and async processing challenges in cloud-native Spring applications.
spring-boot-engineer
Generates Spring Boot 3.x configurations, creates REST controllers, implements Spring Security 6 authentication flows, sets up Spring Data JPA repositories, and configures reactive WebFlux endpoints. Use when building Spring Boot 3.x applications, microservices, or reactive Java applications; invoke for Spring Data JPA, Spring Security 6, WebFlux, Spring Cloud integration, Java REST API design, or Microservices Java architecture.
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
java-coding-standards
Spring Bootサービス向けのJavaコーディング標準:命名、不変性、Optional使用、ストリーム、例外、ジェネリクス、プロジェクトレイアウト。
jpa-patterns
JPA/Hibernate patterns for entity design, relationships, query optimization, transactions, auditing, indexing, pagination, and pooling in Spring Boot.
springboot-patterns
Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
springboot-tdd
Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.
github-copilot-starter
Set up complete GitHub Copilot configuration for a new project based on technology stack
java-add-graalvm-native-image-support
GraalVM Native Image expert that adds native image support to Java applications, builds the project, analyzes build errors, applies fixes, and iterates until successful compilation using Oracle best practices.
java-mcp-server-generator
Generate a complete Model Context Protocol server project in Java using the official MCP Java SDK with reactive streams and optional Spring Boot integration.
java-springboot
Get best practices for developing applications with Spring Boot.
kotlin-springboot
Get best practices for developing applications with Spring Boot and Kotlin.
spring-boot-testing
Expert Spring Boot 4 testing specialist that selects the best Spring Boot testing techniques for your situation with Junit 6 and AssertJ.
114-java-maven-search
Covers Maven Central search (Search API, maven-metadata.xml, artifact URLs) and project-local update reports via versions-maven-plugin (display-property-updates, display-dependency-updates, display-plugin-updates). Use when finding or verifying coordinates, browsing Central, or checking what newer versions apply to the user’s pom.xml. This should trigger for requests such as Search Maven Central; Find Maven dependency; Maven coordinates; groupId artifactId version. Part of cursor-rules-java project
133-java-testing-acceptance-tests
Use when you need to implement acceptance tests from a Gherkin .feature file for framework-agnostic Java (no Spring Boot, Quarkus, Micronaut) — finding @acceptance scenarios, happy path with RestAssured, Testcontainers for DB/Kafka, WireMock for external REST. Requires .feature file in context. This should trigger for requests such as Review Java code for acceptance tests; Apply best practices for acceptance tests in Java code. Part of cursor-rules-java project
301-frameworks-spring-boot-core
Use when you need to review, improve, or build Spring Boot 4.0.x applications — including proper usage of @SpringBootApplication, component annotations (@Controller, @Service, @Repository), bean definition and scoping, configuration classes and @ConfigurationProperties (with @Validated), component scanning, conditional configuration and profiles, constructor injection, @Primary and @Qualifier for multiple beans of the same type, bean minimization, graceful shutdown, virtual threads, Jakarta EE namespace consistency, and scheduled tasks. This should trigger for requests such as Review Java code for Spring Boot application; Apply best practices for Spring Boot application in Java code. Part of cursor-rules-java project
302-frameworks-spring-boot-rest
Use when you need to design, review, or improve REST APIs with Spring Boot — including HTTP methods, resource URIs, status codes, DTOs, versioning, deprecation and sunset headers, content negotiation (JSON and vendor media types), ISO-8601 instants in DTOs, pagination/sorting/filtering, Bean Validation at the boundary, idempotency, ETag concurrency, HTTP caching, error handling, security, contract-first OpenAPI (OpenAPI Generator), controller advice, and problem details for errors. This should trigger for requests such as Review Java code for Spring Boot REST API; Apply best practices for Spring Boot REST API in Java code. Part of cursor-rules-java project
303-frameworks-spring-boot-validation
Use when you need to design, review, or improve validation in Spring Boot applications — including Bean Validation on request DTOs, @Valid/@Validated at API boundaries, constraint groups, custom constraints, @ConfigurationProperties validation, nested DTO validation, and consistent validation error handling. This should trigger for requests such as Add validation support in Spring Boot; Review Spring Boot validation rules; Improve request validation in Spring Boot REST APIs; Add custom Bean Validation constraints in Spring Boot; Validate configuration properties in Spring Boot. Part of cursor-rules-java project
304-frameworks-spring-boot-security
Use when you need to design, review, or improve security in Spring Boot applications — including SecurityFilterChain, OAuth2/JWT resource server patterns, form login basics, method security (@PreAuthorize), CSRF and CORS for APIs, session fixation, security headers, exception handling, password encoding, and sensitive-data-safe logging. This should trigger for requests such as Add Spring Boot security support; Review Spring Boot security configuration; Improve API authorization in Spring Boot; Add JWT resource server security in Spring Boot; Harden Spring Boot security headers and CSRF settings. Part of cursor-rules-java project
311-frameworks-spring-jdbc
Use when you need to write or review programmatic JDBC with Spring — including JdbcClient (Spring Framework 7+) as the default API, JdbcTemplate only where batch/streaming APIs require JdbcOperations, NamedParameterJdbcTemplate for legacy named-param code, parameterized SQL, RowMapper mapping to records, batch operations, transactions, safe handling of generated keys, DataAccessException handling, read-only transactions, streaming large result sets, and @JdbcTest slice testing. This should trigger for requests such as Review Java code for Spring JDBC (JdbcTemplate, JdbcClient, NamedParameterJdbcTemplate); Apply best practices for Spring JDBC data access in Java code; Detect and fix SQL injection risks in JDBC code; Improve transaction boundaries or exception handling for JDBC operations. Part of cursor-rules-java project
323-frameworks-spring-boot-testing-acceptance-tests
Use when you need to implement acceptance tests from a Gherkin .feature file for Spring Boot applications — including finding scenarios tagged @acceptance, implementing happy path tests with TestRestTemplate, @SpringBootTest, Testcontainers with @ServiceConnection for DB/Kafka, and WireMock for external REST stubs. Requires .feature file in context. Part of the skills-for-java project
702-technologies-wiremock
Use when you need framework-agnostic WireMock guidance — stub design, JSON or programmatic mappings, precise request matching, response bodies and faults, classpath fixtures, isolation and reset between tests, verification of calls, dynamic ports and base URLs, and avoiding flaky stubs — without choosing Spring Boot, Quarkus, or Micronaut. Part of the skills-for-java project
java-patterns
Java: Spring Boot, CompletableFuture, records, sealed types, JPA/Hibernate, virtual threads. Triggers: Java, Spring, JPA, Hibernate, Maven, Gradle, virtual thread, sealed class.
android-kotlin
Use this skill when building Android applications with Kotlin. Triggers on Jetpack Compose UI, Room database, Kotlin coroutines, Play Store publishing, MVVM/MVI architecture, ViewModel, StateFlow, Hilt dependency injection, Navigation Compose, Material 3, APK/AAB builds, ProGuard, and Android app lifecycle management. Covers modern Android development with declarative UI, reactive state, structured concurrency, and production release workflows.
create-spring-boot-java-project
Create Spring Boot Java Project Skeleton
create-spring-boot-kotlin-project
Create Spring Boot Kotlin Project Skeleton
aws-rds-spring-boot-integration
Provides patterns to configure AWS RDS (Aurora, MySQL, PostgreSQL) with Spring Boot applications. Configures HikariCP connection pools, implements read/write splitting, sets up IAM database authentication, enables SSL connections, and integrates with AWS Secrets Manager. Use when setting up RDS connections in Spring Boot, configuring connection pooling, or managing database credentials securely.
aws-sdk-java-v2-bedrock
Provides Amazon Bedrock patterns using AWS SDK for Java 2.x. Invokes foundation models (Claude, Llama, Titan), generates text and images, creates embeddings for RAG, streams real-time responses, and configures Spring Boot integration. Use when asking about Bedrock integration, Java SDK for AI models, AWS generative AI, Claude/Llama invocation, embeddings for RAG, or Spring Boot AI setup.
aws-sdk-java-v2-core
Provides AWS SDK for Java 2.x client configuration, credential resolution, HTTP client tuning, timeout, retry, and testing patterns. Use when creating or hardening AWS service clients, wiring Spring Boot beans, debugging auth or region issues, or choosing sync vs async SDK usage.
aws-sdk-java-v2-dynamodb
Provides Amazon DynamoDB patterns using AWS SDK for Java 2.x. Use when creating, querying, scanning, or performing CRUD operations on DynamoDB tables, working with indexes, batch operations, transactions, or integrating with Spring Boot applications.
aws-sdk-java-v2-kms
Provides AWS Key Management Service (KMS) patterns using AWS SDK for Java 2.x. Use when creating/managing encryption keys, encrypting/decrypting data, generating data keys, digital signing, key rotation, or integrating encryption into Spring Boot applications.
aws-sdk-java-v2-lambda
Provides AWS Lambda patterns using AWS SDK for Java 2.x. Use when invoking Lambda functions, creating/updating functions, managing function configurations, working with Lambda layers, or integrating Lambda with Spring Boot applications.
aws-sdk-java-v2-messaging
Provides AWS messaging patterns using AWS SDK for Java 2.x for SQS queues and SNS topics. Handles sending/receiving messages, FIFO queues, DLQ, subscriptions, and pub/sub patterns. Use when implementing messaging with SQS or SNS.
aws-sdk-java-v2-s3
Provides Amazon S3 patterns and examples using AWS SDK for Java 2.x. Use when working with S3 buckets, uploading/downloading objects, multipart uploads, presigned URLs, S3 Transfer Manager, object operations, or S3-specific configurations.
aws-sdk-java-v2-secrets-manager
Provides AWS Secrets Manager patterns for AWS SDK for Java 2.x, including secret retrieval, caching, rotation-aware access, and Spring Boot integration. Use when storing or reading secrets in Java services, replacing hardcoded credentials, or wiring secret-backed configuration into applications.
graalvm-native-image
Provides expert guidance for building GraalVM Native Image executables from Java applications. Use when converting JVM applications to native binaries, optimizing cold start times, reducing memory footprint, configuring native build tools for Maven or Gradle, resolving reflection and resource issues in native builds, or implementing framework-specific native support for Spring Boot, Quarkus, and Micronaut. Triggers include "graalvm native image", "native executable java", "java cold start optimization", "native build tools", "ahead of time compilation java", "reflection config graalvm", "native image build failure".
langchain4j-mcp-server-patterns
Provides LangChain4j patterns for implementing MCP (Model Context Protocol) servers, creating Java AI tools, exposing tool calling capabilities, and integrating MCP clients with AI services. Use when building a Java MCP server, implementing tool calling in Java, connecting LangChain4j to external MCP servers, or securing tool exposure for agent workflows.
langchain4j-rag-implementation-patterns
Provides Retrieval-Augmented Generation (RAG) implementation patterns with LangChain4j for Java. Generates document ingestion pipelines, embedding stores, vector search, and semantic search capabilities. Use when building chat-with-documents systems, document Q&A over PDFs or text files, AI assistants with knowledge bases, semantic search over document repositories, or knowledge-enhanced AI applications with source attribution.
langchain4j-spring-boot-integration
Provides integration patterns for LangChain4j with Spring Boot. Configures AI model beans, sets up chat memory with Spring context, integrates RAG pipelines with Spring Data, and handles auto-configuration, dependency injection, and Spring ecosystem integration. Use when embedding LangChain4j into Spring Boot applications, building Java LLM applications with @Bean configuration, or setting up Spring AI patterns.
qdrant
Provides Qdrant vector database integration patterns with LangChain4j. Handles embedding storage, similarity search, and vector management for Java applications. Use when implementing vector-based retrieval for RAG systems, semantic search, or recommendation engines.
spring-ai-mcp-server-patterns
Provides Spring Boot MCP server patterns that create Model Context Protocol servers with Spring AI by defining tool handlers, exposing resources, configuring prompt templates, and setting up transports for AI function calling and tool calling. Use when building MCP servers to extend AI capabilities with Spring's official AI framework, implementing AI tools, custom function calling, or MCP client integration.
spring-boot-actuator
Provides patterns to configure Spring Boot Actuator for production-grade monitoring, health probes, secured management endpoints, and Micrometer metrics across JVM services. Use when setting up monitoring, health checks, or metrics for Spring Boot applications.
spring-boot-cache
Provides patterns for implementing Spring Boot caching: configures Redis/Caffeine/EhCache providers with TTL and eviction policies, applies @Cacheable/@CacheEvict/@CachePut annotations, validates cache hit/miss behavior, and exposes metrics via Actuator. Use when adding caching to Spring Boot services, configuring cache expiration, evicting stale data, or diagnosing cache misses.
spring-boot-crud-patterns
Provides and generates complete CRUD workflows for Spring Boot 3 services. Creates feature-focused architecture with Spring Data JPA aggregates, repositories, DTOs, controllers, and REST APIs. Validates domain invariants and transaction boundaries. Use when modeling Java backend services, REST API endpoints, database operations, web service patterns, or JPA entities for Spring Boot applications.
spring-boot-dependency-injection
Provides dependency injection patterns for Spring Boot projects, including constructor-first design, optional collaborator handling, bean selection, and wiring validation. Use when creating services and configurations, replacing field injection, or troubleshooting ambiguous or fragile Spring wiring.
spring-boot-event-driven-patterns
Provides Event-Driven Architecture (EDA) patterns for Spring Boot — creates domain events, configures ApplicationEvent and @TransactionalEventListener, sets up Kafka producers and consumers, and implements the transactional outbox pattern for reliable distributed messaging. Use when implementing event-driven systems in Spring Boot, setting up async messaging with Kafka, publishing domain events from DDD aggregates, or needing reliable event publishing with the outbox pattern.
spring-boot-openapi-documentation
Provides patterns to generate comprehensive REST API documentation using SpringDoc OpenAPI 3.0 and Swagger UI in Spring Boot 3.x applications. Use when setting up API documentation, configuring Swagger UI, adding OpenAPI annotations, implementing security documentation, or enhancing REST endpoints with examples and schemas.
spring-boot-project-creator
Creates and scaffolds a new Spring Boot project (3.x or 4.x) by downloading from Spring Initializr, generating package structure (DDD or Layered architecture), configuring JPA, SpringDoc OpenAPI, and Docker Compose services (PostgreSQL, Redis, MongoDB). Use when creating a new Java Spring Boot project from scratch, bootstrapping a microservice, or initializing a backend application.
spring-boot-resilience4j
Provides fault tolerance patterns for Spring Boot 3.x using Resilience4j. Use when implementing circuit breakers, handling service failures, adding retry logic with exponential backoff, configuring rate limiters, or protecting services from cascading failures. Generates circuit breaker, retry, rate limiter, bulkhead, time limiter, and fallback implementations. Validates resilience configurations through Actuator endpoints.
spring-boot-rest-api-standards
Provides REST API design standards and best practices for Spring Boot projects. Use when creating or reviewing REST endpoints, DTOs, error handling, pagination, security headers, HATEOAS and architecture patterns.
spring-boot-saga-pattern
Provides distributed transaction patterns using the Saga Pattern for Spring Boot microservices. Use when implementing distributed transactions across services, handling compensating transactions, ensuring eventual consistency, or building choreography or orchestration-based sagas with Kafka, RabbitMQ, or Axon Framework.
spring-boot-security-jwt
Provides JWT authentication and authorization patterns for Spring Boot 3.5.x covering token generation with JJWT, Bearer/cookie authentication, database/OAuth2 integration, and RBAC/permission-based access control using Spring Security 6.x. Use when implementing authentication or authorization in Spring Boot applications.
spring-boot-test-patterns
Provides comprehensive testing patterns for Spring Boot applications covering unit, integration, slice, and container-based testing with JUnit 5, Mockito, Testcontainers, and performance optimization. Use when writing tests, @Test methods, @MockBean mocks, or implementing test suites for Spring Boot applications.
spring-data-neo4j
Provides Spring Data Neo4j integration patterns for Spring Boot applications. Use when you need to work with a graph database, Neo4j nodes and relationships, Cypher queries, or Spring Data Neo4j. Creates node entities with @Node annotation, defines relationships with @Relationship, writes Cypher queries using @Query, configures imperative and reactive Neo4j repositories, implements graph traversal patterns, and sets up testing with embedded databases.
unit-test-application-events
Provides patterns for unit testing Spring application events. Validates event publishing with ApplicationEventPublisher, tests @EventListener annotation behavior, and verifies async event handling. Use when writing tests for event listeners, mocking application events, or verifying events were published in your Spring Boot services.
unit-test-bean-validation
Provides patterns for unit testing Jakarta Bean Validation (JSR-380), including @Valid, @NotNull, @Min, @Max, @Email constraints with Hibernate Validator. Generates custom validator tests, constraint violation assertions, validation groups, and parameterized validation tests. Validates data integrity logic without Spring context. Use when writing validation tests, bean validation tests, or testing custom constraint validators.
unit-test-caching
Provides patterns for unit testing Spring Cache annotations (@Cacheable, @CachePut, @CacheEvict). Generates test code that mocks cache managers, verifies cache hit/miss behavior, tests cache key generation with SpEL expressions, validates eviction strategies, and checks conditional caching scenarios. Triggers: caching tests, test Spring cache, mock cache, Spring Boot caching, cache hit/miss verification, @Cacheable testing.
unit-test-config-properties
Provides patterns for unit testing `@ConfigurationProperties` classes with `@ConfigurationPropertiesTest`. Validates property binding, tests validation constraints, verifies default values, checks type conversions, and mocks property sources for Spring Boot configuration properties. Use when testing application configuration binding, validating YAML or application.properties files, verifying environment-specific settings, or testing nested property structures.
unit-test-controller-layer
Provides patterns for unit testing REST controllers using MockMvc and @WebMvcTest. Generates controller tests that validates request/response mapping, validation, exception handling, and HTTP status codes. Use when testing web layer endpoints in isolation for API endpoint testing, Spring MVC tests, mock HTTP requests, or controller layer unit tests.
unit-test-exception-handler
Provides patterns for unit testing `@ExceptionHandler` and `@ControllerAdvice` in Spring Boot applications. Validates error response formatting, mocks exceptions, verifies HTTP status codes, tests field-level validation errors, and asserts custom error payloads. Use when writing Spring exception handler tests, REST API error tests, or mocking controller advice.
unit-test-json-serialization
Provides patterns for unit testing JSON serialization/deserialization with Jackson and `@JsonTest`. Validates JSON mapping, custom serializers, date formats, and polymorphic types. Use when testing JSON serialization, validating custom serializers, or writing JSON unit tests in Spring Boot applications.
313-frameworks-spring-db-migrations-flyway
Use when you need to add or review Flyway database migrations in a Spring Boot application — Maven dependencies, db/migration scripts, spring.flyway.* configuration, baseline and validation, and alignment with JDBC or Spring Data JDBC. Part of the skills-for-java project
321-frameworks-spring-boot-testing-unit-tests
Use when you need to write unit tests for Spring Boot applications — including pure unit tests with @ExtendWith(MockitoExtension.class) for @Service/@Component, slice tests with @WebMvcTest and @MockitoBean for controllers, @JsonTest for JSON serialization, parameterized tests with @CsvSource/@MethodSource, test profiles, and @TestConfiguration. For framework-agnostic Java use @131-java-testing-unit-testing. For integration tests use @322-frameworks-spring-boot-testing-integration-tests. Part of the skills-for-java project
322-frameworks-spring-boot-testing-integration-tests
Use when you need to write or improve integration tests — including Testcontainers with @ServiceConnection, @DataJdbcTest persistence slices, TestRestTemplate or MockMvcTester for HTTP, data isolation, and container lifecycle management for Spring Boot 4.0.x. Part of the skills-for-java project
701-technologies-openapi
Use when you need framework-agnostic OpenAPI 3.x guidance — spec structure, metadata and versioning, paths and operations, reusable schemas, security schemes, examples, documentation quality, contract validation (e.g. Spectral), breaking-change awareness, and handoffs to codegen — without choosing Spring Boot, Quarkus, or Micronaut. Part of the skills-for-java project
jpa-patterns
JPA/Hibernate patterns for entity design, relationships, query optimization, transactions, auditing, indexing, pagination, and pooling in Spring Boot.
springboot-patterns
Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.
springboot-security
Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.
springboot-tdd
Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.
chinese-documentation
中文技术文档写作规范——排版、术语、结构一步到位,告别机翻味
find-docs
Retrieves up-to-date documentation, API references, and code examples for any developer technology. Use this skill whenever the user asks about a specific library, framework, SDK, CLI tool, or cloud service -- even for well-known ones like React, Next.js, Prisma, Express, Tailwind, Django, or Spring Boot. Your training data may not reflect recent API changes or version updates. Always use for: API syntax questions, configuration options, version migration issues, "how do I" questions mentioning a library name, debugging that involves library-specific behavior, setup instructions, and CLI tool usage. Use even when you think you know the answer -- do not rely on training data for API details, signatures, or configuration options as they are frequently outdated. Always verify against current docs. Prefer this over web search for library documentation and API details.
developing-software
Software development knowledge reference covering Python, Go, Rust, TypeScript, Java, C++, and Shell. Use when writing code, debugging, or following language-specific best practices.
light-system-design
后端系统设计与数据库能力。当任务涉及系统架构、数据库设计、接口设计、权限/日志/异常/性能/部署时使用。设计 ER 图、数据表结构、接口文档、用户权限、数据流转、模块划分、API 规范、数据库索引、安全策略、部署方案,尤其适合科研系统、管理系统、数据分析平台、可视化平台、竞赛作品与软著项目。
light-tool-selection
工具选择与多工具协同。根据任务自动判断适合用什么工具——搜索、Python、R、MATLAB、LaTeX、Word、Excel、PowerPoint、Visio、Origin、数据库、Git、前端/后端框架、绘图工具、文献管理工具等(常驻,所有任务后台生效)。不盲目用工具,而是按实际任务选最高效、最稳定、最专业的实现方式。
backend
Backend development patterns for services, error handling, logging, caching. Use when building backend services, APIs, or microservices.
hunt-springboot
Hunt Spring Boot specific vulnerabilities — Actuator endpoints (heapdump, env, loggers, mappings, shutdown), Spring Expression Language (SpEL) injection → RCE, H2 console RCE, Jolokia JMX exposure, Spring4Shell (CVE-2022-22965), Spring Cloud Function SPEL (CVE-2022-22963), heap dump credential extraction. Use when target runs Spring Boot — detected via X-Application-Context header, /actuator, Whitelabel Error Page, or Java stack traces.
angular-spa
Angular 21.x SPA development skill with TailwindCSS 4.x and daisyUI 5.5.5. Use when building Angular standalone components, services, lazy-loaded routes, unit tests, or creating UI with TailwindCSS + daisyUI. Covers component scaffolding, UI/UX design, accessibility audits, and design systems.
strict-validation-setup
One-shot bootstrap of strict-mode tooling per ecosystem plus per-task GOALS.md scaffolding so an agentic loop can self-verify. Writes typechecker/linter/schema-validator config for TS (strict + noUncheckedIndexedAccess + exactOptionalPropertyTypes), Python (Pyright strict, Ruff strict), Rust (Clippy deny-correctness), Go (golangci-lint with staticcheck), OCaml (dune --release); establishes `.agent-tasks/<id>/GOALS.md` per-task convention distinct from project-stable AGENTS.md. C++/Java/Kotlin and framework specifics (Spring Boot, Nest, React-strict) are out of scope. Trigger on new project bootstrap, agentic-task setup, "make this self-verifying", "set the loop's goal", "scaffold goals for this issue". Pairs with `llm-self-loop` runtime.
pm-tech
Use when: 需要与技术团队对接技术方案、评估技术可行性、制定技术架构、评估第三方服务 Do NOT use when: 技术方案已由技术团队确定、仅需功能描述无需技术评估
spring-to-solon-skill
Expert guidance for migrating Java projects from Spring Boot / Spring Cloud to the Solon framework. Provides comprehensive annotation mapping, dependency replacement, architecture differences, and step-by-step migration strategies for each layer (IoC, Web, Data, Cloud, Testing).
authentication-setup
Design and implement authentication and authorization systems. Use when setting up user login, JWT tokens, OAuth, session management, or role-based access control. Handles password security, token management, SSO integration.
backend-testing
Write comprehensive backend tests including unit tests, integration tests, and API tests. Use when testing REST APIs, database operations, authentication flows, or business logic. Handles Jest, Pytest, Mocha, testing strategies, mocking, and test coverage.
java-pro
Master Java 21+ with modern features like virtual threads, pattern matching, and Spring Boot 3.x. Expert in the latest Java ecosystem including GraalVM, Project Loom, and cloud-native patterns. Use PROACTIVELY for Java development, microservices architecture, or performance optimization.
security-scanning-security-sast
Static Application Security Testing (SAST) for code vulnerability analysis across multiple languages and frameworks
mir-backend-jvm
Make It Right (JVM runtime tier). Java 21+ / Kotlin runtime reliability footguns shared across EVERY JVM backend framework (Spring Boot, Quarkus, Micronaut, Vert.x) — distinct from the generic backend gates and from any one framework's mechanics. Covers: thread-pool sizing and pool-exhaustion deadlock, blocking I/O on platform threads, Java 21 virtual threads and carrier-thread pinning inside synchronized/native calls, GC pause tuning (G1 vs ZGC/Shenandoah), container-aware heap sizing (-XX:MaxRAMPercentage vs hard -Xmx), cold-start / JIT warmup cost and mitigations (GraalVM native image, CRaC, AOT), shared-mutable-state visibility (happens-before, volatile, final, data races), and ThreadLocal leaks in pooled threads. TRIGGER when the backend runtime is Java or Kotlin — sits between mir-backend (generic gates) and the framework module (e.g. mir-backend-jvm-spring). SKIP for Python, Node, Go, Rust, .NET, Ruby, PHP, BEAM runtimes (each has its own mir-backend-<runtime> tier), and for framework-library mechanics
mir-backend-jvm-spring
Make It Right (Spring Boot module). Spring Boot + Spring Data JPA/Hibernate + Spring Security + Spring MVC/WebFlux reliability footguns specific to this framework stack. Covers: @Transactional self-invocation (same-bean call bypasses the proxy → no transaction), checked exceptions not rolling back by default, propagation/isolation pitfalls, JPA/Hibernate N+1 with lazy associations, LazyInitializationException outside the session, OPEN_IN_VIEW antipattern, singleton bean scope storing per-request state, @Async needing an explicit thread pool and swallowing exceptions, @Valid + DTOs against overposting, and Spring Security method-level authorization for object-level checks. Always loads TOGETHER WITH mir-backend (the gates) and mir-backend-jvm (JVM runtime concerns: thread pools, virtual threads, GC, container heap, cold start, JMM visibility, ThreadLocal hygiene); this module only adds Spring Boot / Spring Data library mechanics. TRIGGER only when the JVM backend stack is Spring Boot — building, reviewing, or
pdlc-bootstrap
AI 对话式项目初始化
android-kotlin
Use this skill when building Android applications with Kotlin. Triggers on Jetpack Compose UI, Room database, Kotlin coroutines, Play Store publishing, MVVM/MVI architecture, ViewModel, StateFlow, Hilt dependency injection, Navigation Compose, Material 3, APK/AAB builds, ProGuard, and Android app lifecycle management. Covers modern Android development with declarative UI, reactive state, structured concurrency, and production release workflows.
java-migration
Guide for upgrading Java projects between major versions (8→11→17→21→25). Use when user says "upgrade Java", "migrate to Java 25", "update Java version", or when modernizing legacy projects.
logging-patterns
Java logging best practices with SLF4J, structured logging (JSON), and MDC for request tracing. Includes AI-friendly log formats for Claude Code debugging. Use when user asks about logging, debugging application flow, or analyzing logs.
spring-boot-patterns
Spring Boot best practices and patterns. Use when creating controllers, services, repositories, or when user asks about Spring Boot architecture, REST APIs, exception handling, or JPA patterns.
java-architect
Use when building, configuring, or debugging enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke to implement WebFlux endpoints, optimize JPA queries and database performance, configure Spring Security with OAuth2/JWT, or resolve authentication issues and async processing challenges in cloud-native Spring applications.
development
开发语言能力索引(Python/Go/Rust/TypeScript/Java/C++/Shell)。
allra-api-design
Allra 백엔드 API 설계 및 패키지 구조 규칙. Use when creating REST APIs, DTOs, or organizing backend code structure.
allra-database-schema
Allra 데이터베이스 설계 및 QueryDSL 사용 규칙. Use when creating JPA entities, writing QueryDSL queries, or adding @Transactional annotations.
allra-test-writing
Allra 백엔드 테스트 작성 표준. Use when writing test code, choosing test helpers, generating test data with Fixture Monkey, or verifying test coverage.
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
develop-backend
Spring Boot/MyBatisによるバックエンド実装スキル - RESTful API設計、データベース設計(Flywayマイグレーション)、Controller/Service/Mapper層の実装、単体テスト作成を行います。DRY原則を徹底し、product.utilパッケージの既存実装やAOPによる自動ログ出力を活用します。未使用コード削除をIDE警告で確認し、./gradlew checkでLint/テスト/カバレッジ80%以上を保証します。サーバー起動による動作確認も必須です。
java-springboot
Get best practices for developing applications with Spring Boot.
project-scaffolding
IDE-grade project scaffolding wizard for creating new projects with comprehensive configuration. Supports 70+ project types: HTML/CSS websites, React, Next.js, Vue, Astro, Remix, React Native, Flutter, Expo, FastAPI, Django, Express, NestJS, Go/Gin, Rust/Axum, Spring Boot, Hono, Elysia, Chrome Extensions, VS Code Extensions, Tauri desktop apps, serverless functions, and more. Provides WebStorm/PyCharm-level project creation with interactive SDK selection, framework configuration, database setup, and DevOps tooling. Use when: creating a new project, setting up a framework application, initializing a codebase, scaffolding boilerplate, building extensions, creating mobile/desktop/web apps, setting up monorepos, or making static websites/landing pages.
pdlc-adopt
旧项目接入 PDLC
backend-developer
Backend Developer (/be, alias: James, /james) - Senior Backend Developer with 10+ years experience. Covers Java/Spring Boot (default), Kotlin, Python/FastAPI, PHP/Laravel, Quarkus, and Kafka/messaging - detects the project's stack and loads the matching reference. Use when implementing server features, REST APIs, business logic, persistence, messaging, or unit/integration tests in any of these stacks.
genesis-backend
Agente Backend do Genesis. Implementa a camada de API, serviços, repositórios e domínio. Adapta-se automaticamente à linguagem e framework escolhidos pelo architect: Python/FastAPI, Python/Django, Node/NestJS, Node/Express, Go/Gin, Java/Spring Boot, Ruby/Rails, PHP/Laravel. Segue os padrões do patterns.md do projeto.
docker-compose-generator
Generates multi-stage Dockerfiles and docker-compose configurations optimized for size, security, and development workflow. Covers common stacks including Node.js, Python, Java, and Go. Triggers on: "create Dockerfile", "docker-compose", "containerize", "docker setup".
ai-tools
Provides guidance for integrating AI tools and components into the Family Tree App, including knowledge graphs, computer vision, and natural language processing. Invoke when working on AI-related features or when needing AI integration advice.
java-architect
Use when building enterprise Java applications with Spring Boot 3.x, microservices, or reactive programming. Invoke for WebFlux, JPA optimization, Spring Security, cloud-native patterns.
profile-java-server-architecture
Opt-in profile. Opinionated Java server-side architecture conventions — Gradle on its latest stable version, latest stable Spring Boot, latest Java LTS, repositories return DTOs (never JPA entities) to upper layers, internal DTOs stay internal (API layer has its own request/response DTOs), and a strict Controller/Job → Facade → Service → Repository call chain with transactions owned by the facade. Only invoke when PROJECT_BRIEF.md's `## Profiles` section lists this skill by name. Do NOT auto-invoke on arbitrary Java or Spring work.
analyzing-projects
Analyzes codebases to understand structure, tech stack, patterns, and conventions. Use when onboarding to a new project, exploring unfamiliar code, or when asked "how does this work?" or "what's the architecture?"
azure-app-configuration
Expert knowledge for Azure App Configuration development including troubleshooting, best practices, decision making, limits & quotas, security, configuration, integrations & coding patterns, and deployment. Use when using feature flags, dynamic refresh, snapshots, Key Vault integration, or App Configuration REST APIs, and other Azure App Configuration related development tasks. Not for Azure App Service (use azure-app-service), Azure Key Vault (use azure-key-vault), Azure Automation (use azure-automation).
depgen-k8s
Generate a Dockerfile and Kubernetes manifests for an application targeting a single environment. Supports Spring Boot (Java), Laravel (PHP), and Node.js application stacks. Auto-detects the stack from project files (pom.xml, composer.json, package.json), reads CLAUDE.md dependencies, SPECIFICATION.md tech stack, and the application's externalized environment variables. Generates a Dockerfile in the application root folder and Kubernetes manifest YAML files directly in `<app_folder>/k8s/` (no per-environment subfolders — the k8s/ folder is gitignored, each machine maintains its own copy). Standardized input: application name (mandatory), environment (optional). Use this skill whenever the user asks to create deployment artifacts, Dockerfiles, Kubernetes manifests, or containerize an application. Also trigger when the user says things like "deploy this app", "containerize this", "create a Dockerfile", "generate k8s manifests", or any request for deployment-related artifacts.
specgen-spring-jpa-jtehtmx
Generate a detailed specification document for building a monolith Spring Boot 3 web application with server-rendered views (JTE), Tailwind CSS, Alpine.js, htmx, and Spring Modulith packaging. Database (MongoDB, PostgreSQL, MySQL, or none), authentication (Keycloak OAuth2 Client, Spring Security form login, or none), scheduling (Quartz + Spring Batch or none), messaging (RabbitMQ pub/sub or none), and internationalisation (multi-locale via Spring's native MessageSource, or none) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Spring Boot web application with server-side rendering. Also trigger when the user says things like "spec out a new web project", "design a Spring Boot web skeleton", "write a technical spec for my new web app", "scaffold spec for a monolith web app", or any request for a specification docu
specgen-spring-jpa-restapi
Generate a detailed specification document for building a Spring Boot 3 REST API application with Spring Modulith packaging. Database (MongoDB, PostgreSQL, MySQL, or none), authentication (Keycloak OAuth2 Resource Server, Spring Security JWT, or none), scheduling (Quartz + Spring Batch or none), and messaging (RabbitMQ pub/sub or none) are configurable based on user input. Standardized input: application name (mandatory), version (mandatory), module (optional). Use this skill whenever the user asks to create a spec, specification, blueprint, or technical design document for a new Spring Boot REST API application. Also trigger when the user says things like "spec out a new REST API project", "design a Spring Boot API skeleton", "write a technical spec for my new API", "scaffold spec for a REST API", or any request for a specification document describing a Spring Boot REST API application. Even if the user only mentions a subset of the stack (e.g., "Spring Boot API" or "Spring REST with MySQL" or "Spring Boot A
pdlc-add-service
添加新的微服务
pdlc-code-gen
代码脚手架生成
spring-skills
Spring Boot framework patterns, best practices, and implementation guides
faces-migrate
Migrate a Jakarta Faces project from one version to another (e.g. JSF 2.3 to Faces 4.1)
cover-letter
Generate a cover letter from a job description using Sukhrob's resume. Applies humanizer for natural tone.
deploy-checklist
Generate pre-deployment checklist based on project type. Trigger: user says "部署前检查"、"发版检查"、"deploy checklist"、"预发布检查" before release.
spring-boot-pr-review
Production-grade Java / Spring Boot / PostgreSQL backend code reviewer. Use whenever the user asks to review, audit, check, critique, or sanity-check Java backend code — including single files, multi-file pull requests, full unified diffs, GitHub PR URLs, or pasted snippets. Specializes in Spring Boot correctness (transaction boundaries, Spring proxy semantics, @Async, @TransactionalEventListener, @Cacheable), JPA/Hibernate pitfalls (N+1, LazyInitializationException, dirty checking, entity-as-DTO leaks), PostgreSQL query safety and migration hygiene, multi-tenant isolation, adversarial security review, and production readiness at multi-tenant scale (1000+ tenants). Triggers on any request involving Java services, repositories, controllers, entities, Flyway migrations, or Spring configuration. Reviews at full production severity — no "fine for now" deferrals.
perseus-logic
Business logic, race conditions, and AI security analysis
swe-programming-java
Java, Spring Framework, and Spring Boot coding standards from authoritative docs/explanation/ documentation
java-coding-standards
Java coding standards for Spring Boot and Quarkus services: naming, immutability, Optional usage, streams, exceptions, generics, CDI, reactive patterns, and project layout. Automatically applies framework-specific conventions.
api-surface
Maps the entire API surface of a codebase -- route definitions, middleware chains, auth requirements, request/response types, deprecated endpoints, orphaned endpoints, and cross-endpoint inconsistencies. USE THIS SKILL WHEN: - You need a complete inventory of all API endpoints in a project - Someone asks "what endpoints do we have?" or "what does our API look like?" - You are onboarding to a new backend codebase and need to understand its API - You need to find orphaned, undocumented, or deprecated endpoints - Someone asks about API inconsistencies (different response shapes, auth gaps) - You are preparing for an API review, documentation sprint, or versioning migration - You need to understand endpoint dependencies before refactoring - A project has no OpenAPI spec and you need to generate one from code - You suspect there are endpoints without authentication or rate limiting TRIGGER PHRASES: "API surface", "list all endpoints", "API inventory", "endpoint map", "orphaned endpoints", "API inconsistencies", "u
bump-java-version
Migrate a Maven or Gradle project from one Java LTS to the next (8->11, 11->17, 17->21, 21->25) so it still compiles under the new JDK and previously-passing tests still pass — by hand, using only standard tools (JDKs, Maven or Gradle, and OpenRewrite recipes from Maven Central; no project-specific scripts). Use when upgrading or bumping the Java version of a Maven or Gradle project, modernizing to a newer JDK or LTS, or performing the Spring Boot 1->2 / 2->3 and javax->jakarta migration that a Java upgrade requires.
find-docs
使用 Context7 CLI 获取任意开发技术的最新文档、API 参考和代码示例。 当用户询问具体的库、框架、SDK、CLI 工具或云服务时都应使用本 skill (包括 React、Next.js、Prisma、Express、Tailwind、Django、Spring Boot 等常见技术)。训练数据可能无法反映近期 API 变更或版本更新。 以下场景必须优先使用:API 语法问题、配置项问题、版本迁移问题、包含库名的 “如何实现”问题、涉及库特定行为的调试、安装/初始化说明、CLI 使用方式。 即使你认为自己知道答案,也不要直接依赖训练数据来回答 API 细节、函数签名 或配置项;这��内容经常过时。请始终以最新官方文档为准。对于库文档和 API 细节, 优先使用本 skill 而不是普通网页搜索。
intervy-questioner
Use to fire random language-specific deep-dive questions — either between rounds of a live coding interview, or standalone when the user wants a few quick Python or Spring Boot questions without starting a full interview.
intervy-technical
Use when the user wants to practice a round-table technical interview with a full panel of 7 interviewers. Triggered from intervy mode 4. Do not invoke directly — go through the intervy skill menu.
java-springboot-code-review
Perform deep, senior-engineer-level code reviews for Java and Spring Boot projects. Use this skill whenever the user shares Java code, Spring Boot classes, REST controllers, service layers, repositories, configuration files, or any backend Java code and asks for a review, feedback, analysis, or audit. Also trigger when the user asks things like "review my code", "check this PR", "what's wrong with this", "will this cause issues", "is this safe to deploy", "can this break anything", "impact analysis", or pastes any Java/Spring Boot snippet. This skill goes beyond syntax — it identifies business logic failures, cross-cutting impact, transaction risks, integration breakage, and hidden bugs that standard linters miss. Always use this skill for Java code review tasks, even if the user hasn't explicitly said "Spring Boot".
java-cache
Use when the user asks to add caching, configure Redis or Caffeine cache, use @Cacheable/@CacheEvict/@CachePut, optimize repeated database or API calls, or review existing Spring Boot cache configuration.
java-resilience
Use when the user asks to add resilience patterns, handle service failures, implement circuit breaker, retry, rate limiter, bulkhead, or timeout in a Spring Boot project using Resilience4J.
java-spring-ai
Use when the user asks to add AI features, integrate Spring AI or LangChain4J, build a chatbot, implement RAG (retrieval-augmented generation), use vector stores, stream LLM responses, or call AI tools/functions in a Spring Boot project.
api-doc-generator
Use when user wants to generate API documentation, create OpenAPI/Swagger specs, document REST or GraphQL endpoints, auto-generate docs from code, or produce interactive API reference pages
api-doc-writer
Use this skill when the user asks to generate, refine, or validate API documentation from backend routes, controllers, request and response models, or OpenAPI specifications.
java-code
Java development, JVM tuning, and enterprise patterns
chinese-documentation
中文文档排版参考——中英文空格、全半角标点、术语保留、链接格式、中文文案排版指北约定。仅在用户显式 /chinese-documentation 时调用,不要根据上下文自动触发。
spring-boot
Spring Boot REST API, JPA repositories, Spring Security JWT, @WebMvcTest, @SpringBootTest, Spring Cloud
api-design
REST API design patterns — resource modeling, HTTP methods, status codes, pagination, RFC 9457 errors, OpenAPI documentation, versioning. Use when user asks about API design, endpoints, error handling, or documentation.
data-access
Data access patterns with Spring Data JPA, Hibernate 7.1, Flyway migrations, HikariCP tuning, N+1 prevention, caching, and query optimization. Use when user mentions database, JPA, queries, migrations, N+1, or slow queries.
observability
Backend observability patterns — structured logging, Micrometer metrics, OpenTelemetry tracing, Spring Boot Actuator, Kubernetes health probes, alerting, and dashboards. Use when user mentions logging, metrics, tracing, monitoring, health checks, or Prometheus.
testing-patterns
Backend testing patterns with JUnit 6, Mockito 6, Testcontainers 2.0, Spring Boot slice tests, RestTestClient, and security testing. Use when user mentions testing, coverage, TDD, integration tests, or "write tests for".
lang-java-kotlin
Use when writing or reviewing Java (.java) or Kotlin (.kt) or Spring Boot code — idiomatic Java 21 / Kotlin style, Gradle/Maven, JUnit5, null-safety, and the top JVM/Spring security pitfalls. Triggers on build.gradle(.kts)/pom.xml, Spring, JPA/Hibernate, JdbcTemplate projects.
spring-boot-security
Security audit for Spring Boot Java/Kotlin applications including Spring Security configuration, @PreAuthorize/@Secured, JPA queries (@Query, JPQL injection), CSRF setup, CORS, actuator endpoints exposure, application.yml secrets, Jackson deserialization, and Spring-specific CVE awareness (Spring4Shell). Use this skill whenever the user mentions Spring Boot, Spring Security, @PreAuthorize, JpaRepository, application.yml/properties, actuator, @SpringBootApplication, or asks "audit my Spring app", "Spring Boot security review". Trigger when the codebase contains `pom.xml` or `build.gradle` with `spring-boot-starter`, or Java/Kotlin files with `@SpringBootApplication`.
api-security
API security review against OWASP API Top 10 2023. Covers auth (OAuth2/JWT/API-keys), object-level authorization (BOLA/IDOR), schema validation, rate-limiting, CORS, SSRF, and GraphQL-specific concerns (introspection, query depth, batching).
secure-coding
Language-agnostic secure-coding patterns — input validation, injection-safe APIs, authN/authZ, crypto, secrets, dependency hygiene. The default lens when no framework-specific skill applies.
spring-security
Spring Boot security review — Spring Security config (SecurityFilterChain), OAuth2/OIDC client and resource-server, method-level @PreAuthorize, JWT validation, actuator endpoint lockdown, CSRF model for web vs API, and recent Spring CVE patterns (Spring4Shell, SpEL injection, authorization bypasses).
systematic-debug
Structured debugging protocol — reproduce → isolate (bisect) → root cause → test → fix. Used on-demand when a bug appears outside Phase Loop (e.g., user reports a failing test, prod incident). Slash-invoke /claudehut:debug <symptom>. Does not auto-trigger; user-controlled.
go
Expert Go programming skill authored by spf13 (former Go team lead, author of Cobra, Viper, Hugo, Afero). Covers idiomatic Go — package design, error handling, interfaces, concurrency, testing, and project layout. Use when writing, reviewing, or refactoring any Go code.
brainstorm
Phase 1 of ClaudeHut workflow — scan codebase + reuse-detection, draft a design document, run main-thread AskUserQuestion exchanges for any open decisions, converge on an approved design. Use when the user requests new functionality AND no task is active (phase=none), OR when explicitly invoked via /claudehut:brainstorm. Triggers on natural-language "add|implement|build|design|refactor|fix bug" with a noun (feature/endpoint/service/class/module/api).
build
Phase 4 of ClaudeHut workflow — execute the approved plan by dispatching each parallel group of tasks as concurrent builder subagents (each in its own git worktree), then merging results. Tasks within the same Parallel group run simultaneously; groups run in order. Strict TDD enforced per task. Use after Plan phase approval. Triggers when phase=build.
init
Scaffold the .claudehut/ directory in the current Java project (creates memory/, specs/, plans/, state/, rules/ subdirs and seeds template configs). Run via /claudehut:init when first enabling ClaudeHut on a project. One-time per project; refuses if directory already exists.
kafka-consumer
Spring Kafka consumer conventions — @KafkaListener, manual ack modes, DLT pattern, retry topic, idempotency via dedup store, JSON/Avro deserialization. Auto-loads when editing `**/*Listener*.java`, `**/*Consumer*.java` in projects with messaging=kafka.
learn
Phase 6 of ClaudeHut workflow — extract patterns, anti-patterns, decisions, and reusable snippets from the completed task, persist as memory in `.claudehut/memory/learnings.jsonl`, update `index.md`, optionally promote to global tier when threshold met. Use after Verify-Review passes. Triggers when phase=learn.
lombok
Project Lombok conventions for Java/Spring Boot 3.x. Auto-loads when a file uses Lombok annotations (@Data, @Value, @Builder, @SuperBuilder, @Slf4j, @RequiredArgsConstructor, etc.) or matches `**/*.java` in projects with lombok on the build classpath. Covers the safe-annotation matrix, the JPA-entity / Jackson / MapStruct interop traps, builder patterns with inheritance and defaults, and the recommended lombok.config. Invoke whenever Java source uses any `lombok.*` import or carries a Lombok annotation — even a one-line @Slf4j edit triggers this skill per the plugin's 1% rule.
plan
Phase 3 of ClaudeHut workflow — break an approved contract into a file-level task list with 2–5 minute chunks, exact paths, RED test commands, GREEN implementation steps, DAG dependencies, and risk callouts. Use immediately after Spec phase approval. Produces `.claudehut/plans/<id>-plan.md`. Triggers when phase=plan.
redis-cache
Spring Data Redis conventions — caching with @Cacheable, key strategy, TTL/eviction policies, Redisson distributed lock patterns. Auto-loads when editing `**/*Cache*.java` or files using @Cacheable. Covers RedisTemplate config + serialization.
reuse-scan
Quét codebase tìm impl tái sử dụng được trước khi tạo mới (Java backend). Detect plugin reuse ngoài đã cài (Understand-Anything, Graphify) rồi invoke trực tiếp slash command native + normalize output. Fallback grep + heuristic khi không plugin nào khả dụng. Auto-trigger Phase Brainstorm step 2 + `PreToolUse(Write)` cho file Java mới. Slash `/claudehut:reuse-scan <topic>`. Always invoke before allowing new class creation.
spec
Phase 2 of ClaudeHut workflow — convert an approved design document into a binary behavioral contract (Given/When/Then, API shape, edge cases, NFRs). Use immediately after Brainstorm phase approval. Produces `.claudehut/specs/<id>-contract.md`. Triggers when phase=spec.
spring-webflux
Spring WebFlux conventions for Java Spring Boot 3.x reactive stack. Auto-loads when editing `**/*Handler.java` or `**/*Controller.java` in projects with web_stack=webflux. Covers RouterFunctions + Handler pattern, schedulers, context propagation, StepVerifier testing, backpressure.
using-claudehut
ClaudeHut workflow + plugin-skill discovery contract for subagents. Preloaded into every dispatch-eligible agent via `skills:` frontmatter so the subagent receives, at startup, (a) the non-negotiable skill-invocation discipline and (b) the catalog of all plugin skills with trigger excerpts. Lets the subagent decide — natively, no hook injection — which skill(s) to invoke when its task touches a domain its preloaded skills do not cover (e.g. builder hitting Kafka, mapping, JPA, WebFlux, ...).
verify-review
Phase 5 of ClaudeHut workflow — run verify pipeline (build/tests/coverage/lint/static/security) via a gate-runner subagent, then the orchestrator fans out reviewer subagents in parallel, aggregates shards, and decides pass-or-refactor; bounded retry (max 3) then escalate. Use after Build phase completes. Triggers when phase=loop.
wiremock-stub
WireMock stub conventions for HTTP integration tests. Stub mapping JSON format, scenario-based stateful stubs, request matching strategies, fault injection. Auto-loads when editing `src/test/**/*Wiremock*.java` or `**/__stubs/*.json`.
agent-payment-x402
Add x402 payment execution to AI agents with per-task budgets, spending controls, and non-custodial wallets. Supports Base through agentwallet-sdk and X Layer through OKX Payments / OKX Agent Payments Protocol.
spring-boot-core
Spring Boot 4.0 + Java 25 development - auto-configuration, starters, Actuator, profiles, externalized config, security, and production patterns. Use when building backend apps, creating endpoints, configuring Spring, or asking "how do I set up X?"
springboot-verification
Load when running the Spring Boot quality pipeline — mvn test, JaCoCo coverage reporting (jacoco:report, jacoco:check with minimumRatio), Checkstyle or SpotBugs static analysis, OWASP dependency-check:check, Spring Cloud Contract verifier, or configuring GitHub Actions CI workflow to enforce quality gates (coverage threshold, zero-CVE policy) on pull requests.
arch-unit-check
Run ArchUnit tests if present in project to enforce package-layout/hexagonal/DDD rules. Used in Phase 5 verify stage. Optional — skips if ArchUnit not on classpath. Slash-invoke /claudehut:arch-unit-check for ad-hoc verification.
discover
Show ClaudeHut plugin status — active task, current phase, detected stack, loaded skills/agents/rules/hooks, integration backends (Understand-Anything, Graphify), and MCP server status. Run via /claudehut:discover when you need to know what the plugin is doing right now.
flyway-migration
Flyway migration conventions for PostgreSQL/MySQL — naming, online-safe DDL (CREATE INDEX CONCURRENTLY, expand-contract for renames), idempotency, backfill patterns. Auto-loads when editing `**/db/migration/V*.sql` or `R*.sql`.
jackson
Jackson serialization/deserialization conventions for Spring Boot 3.x. Auto-loads when editing `**/*Dto.java`, `**/*Request.java`, `**/*Response.java`, `**/ObjectMapper*.java`, `**/JsonConfig*.java`. Covers ObjectMapper config, polymorphic deserialization (subtype whitelist), JavaTimeModule, mixins, mass-assignment prevention.
jpa-hibernate
JPA + Hibernate conventions for Spring Boot 3.x servlet stack. Auto-loads when editing `**/*Repository.java`, `**/*Entity.java` in projects with orm=jpa. Covers @Entity mapping, fetch strategies (N+1 prevention), @Transactional semantics, JPQL/Criteria, projection patterns.
kafka-producer
Spring Kafka producer conventions — idempotent producer config, transactional outbox pattern, Schema Registry integration, JSON/Avro serialization, retry + backoff. Auto-loads when editing `**/*Producer*.java`, `**/*Publisher*.java` in projects with messaging=kafka.
mapstruct
MapStruct mapper conventions for Java. Auto-loads when editing `**/*Mapper.java` files with @Mapper annotation. Covers @Mapping/@MappingTarget/@BeanMapping config, null strategies, Lombok interop, before/after mapping hooks, generated impl review.
nats
NATS / JetStream consumer + publisher conventions for Java (jnats). Auto-loads when editing `**/*NatsListener*.java`, `**/*NatsClient*.java` in projects with messaging=nats. Covers durable consumers, ack policies, JetStream streams + consumers, replay.
owasp-scan
Run OWASP dependency-check + custom Spring Security misconfig regex scans. Used in Phase 5 verify stage. Slash-invoke /claudehut:owasp-scan for on-demand scans. Outputs structured findings list; fails build on High/Critical.
r2dbc
Reactive R2DBC conventions for Spring Boot 3.x WebFlux stack. Auto-loads when editing `**/*Repository.java` in projects with orm=r2dbc. Covers ReactiveCrudRepository, R2dbcEntityTemplate, reactive transactions, converter setup, Testcontainers integration.
rabbitmq
Spring AMQP (RabbitMQ) conventions — exchange/queue/binding topology, manual ack, DLX (dead-letter exchange) pattern, retry policy, message TTL. Auto-loads when editing `**/*RabbitListener*.java` in projects with messaging=rabbitmq.
spring-mvc
Spring MVC REST controller conventions for Java Spring Boot 3.x. Auto-loads when editing `**/*Controller.java` files in projects with web_stack=mvc. Covers @RestController, validation, ResponseEntity, @ControllerAdvice exception handling, RFC 7807 ProblemDetail, JWT auth integration.
tdd-cycle
Enforce strict RED → GREEN → REFACTOR test-driven cycle for Java/Spring code. Required for every Build phase task. Detects and rejects common anti-patterns (prod-before-test, test-after, manual-test rationalization). Use during Phase 4 Build or whenever writing new logic. Auto-loads when test files in scope.
testcontainers
Testcontainers for Java integration tests — singleton vs per-class lifecycle, reuse flag, network sharing, Postgres/Kafka/Redis containers, dynamic Spring properties. Auto-loads when editing `**/*IT.java`, `src/integrationTest/**/*.java`.
write-skill
Scaffold a new ClaudeHut skill using the 3-bucket layout (SKILL.md + references/ + scripts/ + assets/). Validates frontmatter contract, applies naming conventions, generates skeleton with placeholders. Run via /claudehut:write-skill <skill-name>. Use when extending ClaudeHut with new domain expertise.
testcontainers-expert
Use when writing integration tests that require real infrastructure dependencies such as databases, message brokers, caches, cloud service emulators, or any Dockerized service. Invoke for container lifecycle management, reusable containers, network configuration, wait strategies, custom images, and Testcontainers modules for PostgreSQL, MySQL, Kafka, Redis, LocalStack, and more.
dev-builder
全栈开发工程师技能包,负责根据产品需求文档和原型图实现功能代码。涵盖技术栈选择、项目初始化、功能实现、代码质量控制和功能验证。
spring-microservices-architect
Production-grade governance agent for Spring Boot microservices. Scaffolds projects iteratively using capability-based layering, enforces coding standards, and validates against battle-tested reference patterns. Fully portable — works with any domain. USE FOR: microservice, Spring Boot, scaffold, Docker compose, kubernetes, helm, eureka, gateway, resilience4j, reactive, spring cloud, openapi, persistence, security, oauth, tracing, zipkin, monitoring, prometheus, grafana, native compilation, graalvm, code review, architecture review, quality gate, governance, spring cloud stream, rabbitmq, kafka, testcontainers, mapstruct, service discovery, edge server, config server, circuit breaker, distributed tracing, entity, entities, domain model, generate entity, persistence model, create entity, MongoDB document, JPA entity, MapStruct mapper, repository, test, verify, validate, TDD, test-driven, failing test, integration test, build check, regression test, quality check, security database, MFA, multi-factor, WebAuthn,
universal-enterprise-multi-agent-code-review--production-readine
Universal Enterprise Multi Agent Code Review & Production Readiness Skill
java-api-review
Reviews Java REST API design including HTTP methods, status codes, naming, and versioning. Use when user asks to "review my API", "check REST design", "is this good REST", "review endpoints", "API design review", "check my controller", or "review HTTP API".
java-crud
Generates a complete Spring Boot CRUD feature (entity, repository, service, controller, DTOs, tests) in an existing project. Use when user asks to "add CRUD for", "generate entity", "create a feature for", "add REST endpoints for", "scaffold a feature", or "build CRUD for".
java-health
Runs a holistic code health check scoring Security, Tests, Performance and Quality with A-F grades. Use when user asks to "check health", "score this project", "health check", "how good is this code", "overall assessment", or "code quality score".
java-jpa
Reviews Spring Data JPA for N+1 queries, fetch strategies, projections, and Specifications. Use when user asks to "review JPA", "check for N+1", "JPA performance", "review my entities", "check fetch strategy", or "review my repositories".
java-logging
Reviews Java logging for SLF4J best practices, MDC context, structured logging, and PII safety. Use when user asks to "review logging", "check my logs", "logging review", "is my logging correct", "MDC setup", or "check for PII in logs".
java-openapi
Generates or reviews OpenAPI / Swagger documentation for Spring Boot REST APIs — adds @Operation, @Schema, @ApiResponse annotations and configures Swagger UI. Use when user asks to "add Swagger", "document this API", "generate OpenAPI spec", "add @Operation annotations", "set up Swagger UI", or "document endpoints".
java-scaffold
Scaffolds a brand-new Spring Boot project from scratch — build file, package structure, and a starter feature. Use when user asks to "create a new Spring Boot project", "bootstrap a project", "start a new project", "generate a new app", or "scaffold a new service".
java-security
Reviews or implements Spring Security configuration — JWT authentication, OAuth2, method-level security, CORS, and CSRF. Use when user asks to "add authentication", "secure this API", "implement JWT", "configure Spring Security", "add OAuth2 login", "protect endpoints", or "review security config".
java-security-check
Quick OWASP security scan for injection risks, hardcoded secrets, weak crypto, and Spring Security misconfigs. Use when user asks to "security scan", "check for vulnerabilities", "any security issues", "OWASP check", "hardcoded secrets", or "is this secure".
java-test
Generates JUnit 5 and Mockito unit tests or Testcontainers integration tests, auto-detecting project setup. Use when user asks to "write tests", "generate tests", "add unit tests", "create test class", "test this service", or "write integration tests".
backend-achitecture-skill
backend achitecture skill
deployment-skill
Deployment skill
boxlang-deployment
Use this skill when deploying BoxLang applications: CommandBox server setup, Docker containers, AWS Lambda, GitHub Actions CI/CD, BoxLang Version Manager (BVM), boxlang.json runtime config, environment variables, or Spring Boot integration.
boxlang-runtime-spring-boot
Use this skill when integrating BoxLang with Spring Boot applications, including the starter dependency, MVC view resolution, template structure, accessing Spring Model attributes, configuration via application.properties, and returning BoxLang views from Spring controllers.
maven-build
Build, test and package Java Maven projects. Use for compiling, running tests, or packaging the application.
dev-builder
全栈开发工程师技能包,负责根据产品需求文档和原型图实现功能代码。涵盖技术栈选择、项目初始化、功能实现、代码质量控制和功能验证。
Integration detected automatically from skill content. Some results may be false positives.