Enforce TDD workflow for C++. Write GoogleTest tests first, then implement. Verify coverage with gcov/lcov.

Unified database management command supporting migrations, schema operations, and type generation.

Enforce TDD workflow for Go. Write table-driven tests first, then implement. Verify 80%+ coverage with go test -cover.

Enforce TDD workflow for Rust. Write tests first, then implement. Verify 80%+ coverage with cargo-llvm-cov.

REST and GraphQL API design specialist for resource modeling, versioning, pagination, and contract-first development. Covers OpenAPI 3.1 specs, JSON:API, HATEOAS, status codes (RFC 7231/9457), idempotency keys, cursor vs offset pagination, sparse fieldsets, rate limiting (RFC 6585), API versioning strategies (URL/header/content negotiation), GraphQL schema design (Federation, Relay connections), DataLoader patterns, error envelopes (problem+json), webhook signing (HMAC), and API gateways (Kong, Apigee, AWS API Gateway). Use when designing a new API, reviewing endpoint signatures, drafting OpenAPI specs, or evolving an existing API safely.

Blockchain and smart contract specialist for the EVM ecosystem. Covers Solidity 0.8.x with security patterns (ReentrancyGuard, AccessControl, OpenZeppelin libraries), Hardhat 3 with defineConfig and viem toolbox, testing with viem + node:test, multi-chain deployment (Ethereum, Polygon, Arbitrum, Optimism, Base), gas optimization, and audit-ready code. Use when writing smart contracts, ERC-20/721/1155 tokens, DeFi protocols, NFT collections, or working with Solidity, Hardhat, Foundry, or any Web3 development.

CI/CD pipeline construction and optimization specialist for GitHub Actions, GitLab CI, Azure Pipelines, CircleCI, and Jenkins. Covers reusable workflows and composite actions, matrix builds, caching strategies (npm/pip/cargo/maven), artifact management, secrets management with OIDC (no long-lived tokens), pipeline parallelization, blue-green and canary deployments, environment promotion (dev → staging → prod), required status checks, branch protection, and pipeline observability. Expert in pipeline cost optimization, runner selection (self-hosted vs cloud), and merge queue setup. Use when designing or fixing CI/CD pipelines, accelerating slow builds, or migrating between CI providers.

Data engineering specialist for ETL/ELT pipelines, data warehousing, and analytical infrastructure. Covers Apache Airflow (DAGs, sensors, operators), dbt (models, tests, docs, snapshots), Spark (PySpark, SparkSQL, structured streaming), Kafka and Kafka Streams, ClickHouse and DuckDB for analytics, Snowflake and BigQuery patterns, data lake formats (Iceberg, Delta Lake, Hudi), CDC with Debezium, Great Expectations for data quality, schema evolution, partitioning strategies, and incremental processing. Use when building data pipelines, designing warehouse schemas, optimizing ETL jobs, or working with streaming data.

Use this agent when you need to analyze slow queries, optimize database performance across multiple systems, or implement indexing strategies to improve query execution. Specifically:\n\n<example>\nContext: A web application is experiencing slow queries on its main user profile lookup, taking 1.2 seconds despite having moderate data volumes, and indexes appear suboptimal.\nuser: "Our user profile queries are taking over a second. Can you analyze the execution plans and suggest optimizations?"\nassistant: "I'll analyze the execution plans, identify missing or inefficient indexes, review table statistics, and test query rewrites. Let me benchmark the current performance and implement strategic indexing and query optimization."\n<commentary>\nUse the database-optimizer agent when you have specific slow queries or performance issues in existing databases. This agent excels at execution plan analysis, index design, and query rewriting across PostgreSQL, MySQL, MongoDB, and other systems.\n</commentary>\n</example>\n\n<example>\nContext: A data analytics platform processes millions of records and query response times have degraded from 500ms to 5 seconds as data volume increased, requiring optimization across multiple tables.\nuser: "Our analytics queries have gotten 10x slower as our data grew. What optimizations can help us scale?"\nassistant: "I'll profile slow queries, analyze join patterns, review index coverage, assess partitioning strategies, and optimize aggregations. I can design covering indexes, implement table partitioning, and tune database configuration for analytical workloads."\n<commentary>\nInvoke the database-optimizer for performance degradation issues related to data growth, complex join operations, or aggregation bottlenecks. This agent specializes in scaling database performance through indexing, partitioning, and query restructuring.\n</commentary>\n</example>\n\n<example>\nContext: A company manages multiple database systems (PostgreSQL, MySQL, MongoDB) and wants to audit database performance across all systems and implement consistent optimization patterns.\nuser: "We have several databases in production. How do we ensure all are optimized and performing well?"\nassistant: "I'll assess performance across all systems, identify common bottlenecks, design database-specific optimization strategies, and establish performance baselines. I can implement indexing strategies suited to each system and create monitoring to prevent future degradation."\n<commentary>\nUse the database-optimizer when you need cross-platform database optimization covering multiple systems. This agent provides holistic performance analysis and can tailor optimizations for PostgreSQL, MySQL, MongoDB, Cassandra, Elasticsearch, and other databases.\n</commentary>\n</example>

DevOps and infrastructure specialist for containerization, CI/CD, Infrastructure-as-Code, and cloud orchestration. Covers Docker (multi-stage builds, Compose, security), Kubernetes (Deployments, HPA, Helm, RBAC, network policies), Terraform and Pulumi (modules, state, drift), GitHub Actions and GitLab CI pipelines (reusable workflows, matrix builds, blue-green/canary deploys), AWS/GCP/Azure cloud services, and observability stack (Prometheus, Grafana). Use when designing infrastructure, writing Dockerfiles, Kubernetes manifests, Terraform modules, CI/CD pipelines, or troubleshooting deployments.

Firebase platform expert — Authentication (Email/Google/Apple/Phone, custom claims, MFA), Cloud Firestore (real-time NoSQL document store with security rules and offline persistence), Realtime Database (legacy JSON tree for low-latency sync), Cloud Functions Gen 2 (TypeScript/Python on Cloud Run with HTTPS callables, Firestore triggers, scheduled jobs), Cloud Storage (security rules, signed URLs, image transforms), Hosting (preview channels, edge cache, dynamic content via Cloud Functions), Remote Config (feature flags with conditional rollout), Cloud Messaging FCM (push for iOS / Android / web), App Check (App Attest, Play Integrity, reCAPTCHA Enterprise), Crashlytics, Performance Monitoring, A/B Testing, and Vertex AI Firebase extensions. Use for any Firebase project: schema design with Firestore security rules, migrating from Realtime DB to Firestore, implementing real-time chat / collaborative apps, building mobile backends without managing servers, integrating Auth into web / iOS / Android, scaffolding Cloud Functions, or auditing security rules. Has access to the official `firebase` MCP server (npx firebase-tools@latest mcp) for direct project introspection, deployment, and management. Differentiates from a generic backend-patterns approach by deep platform expertise and security-rules-first design (Firestore rules are the only line of defense against malicious clients, since Firestore is queried directly by browsers/apps).

Geospatial and GIS specialist for spatial data, mapping, and location-based services. Covers PostGIS (geometry/geography types, spatial indexes GIST/SP-GIST, ST_* functions), coordinate reference systems (WGS84, Web Mercator EPSG:3857, UTM zones), spatial joins and analysis, raster data, GeoJSON / TopoJSON / KML / Shapefile formats, OpenStreetMap and Overpass API, Mapbox GL JS and MapLibre, Leaflet, vector tiles (MVT), tippecanoe, routing engines (OSRM, Valhalla, GraphHopper), reverse geocoding, isochrones, and spatial clustering. Use when designing maps, querying geospatial databases, building location features, or working with .shp/.geojson/.gpx files.

Real-time networking specialist for games and web applications. Covers WebSocket and Socket.io (rooms, namespaces, Redis scaling), game networking with Colyseus and Netcode for GameObjects (authoritative server, client-side prediction, lag compensation, delta state sync), WebRTC (peer-to-peer, DataChannel, STUN/TURN, signaling), Server-Sent Events for unidirectional streaming, gRPC and Protocol Buffers for typed RPC. Use when designing multiplayer game architecture, real-time web apps, chat systems, live dashboards, or any low-latency networked communication.

NoSQL database specialist — MongoDB 7+ (document store with aggregation pipeline, Atlas Search, Vector Search, sharding), Redis 7+ (in-memory data structures, streams, pub/sub, caching, rate limiting, distributed locks), DynamoDB (AWS serverless key-value with single-table design, GSI, partition keys, DynamoDB Streams), Cassandra / ScyllaDB (wide-column with tunable consistency), Elasticsearch / OpenSearch (full-text + analytics), and Firebase Firestore (real-time document store for mobile and web). Use for any NoSQL database work: schema design, query optimization, migration between stores, choosing the right NoSQL for a use case, or debugging performance issues. Orchestrates the specialized skills (mongodb-patterns, redis-patterns) from this plugin and provides cross-database comparisons so projects pick the right tool instead of defaulting to what's familiar. Differentiates from generic backend-patterns by deep expertise in document / key-value / wide-column / search models that cannot be modeled directly in a relational schema.

Backend performance optimization specialist for profiling, bottleneck analysis, and scaling. Covers CPU profiling (perf, py-spy, async-profiler, pprof), memory profiling (heap dumps, leak detection, allocation tracking), database query optimization (EXPLAIN, indexing, N+1 detection), caching strategies (Redis, Memcached, CDN, application-level, HTTP cache headers), connection pooling, async I/O patterns, batch processing, lazy loading, denormalization tradeoffs, and load testing (k6, Locust, JMeter, wrk). Expert in identifying p50/p95/p99 latency issues, memory leaks, and throughput bottlenecks. Use when API endpoints are slow, memory grows unbounded, or scaling is needed.

Real-time systems engineer — designs and builds low-latency bidirectional applications using WebSocket (native ws, Socket.IO with Redis adapter), Server-Sent Events (for one-way streams), WebRTC (for peer-to-peer audio/video/data), Cloudflare Durable Objects (stateful edge), and managed services (Pusher, Ably, Supabase Realtime, LiveKit, PubNub). Covers connection lifecycle (heartbeat, reconnection with exponential backoff, presence tracking), auth patterns (JWT subprotocol, cookie-based, query token), message routing (rooms, channels, namespaces, topic-based pub/sub), horizontal scaling (Redis pub/sub adapter, sticky sessions on load balancer), and distributed state management. Use for any real-time feature: chat apps, collaborative editors, live dashboards, multiplayer games, notification systems, live sports/trading tickers, or video conferencing. Differentiates from backend-patterns generalists by deep expertise in connection management at scale (10k+ concurrent connections), latency optimization, and the trade-offs between each real-time technology (WebSocket vs SSE vs WebRTC vs polling). Leverages the realtime-websocket skill in this plugin as its primary pattern library.

Supabase platform architect — Postgres-as-a-service with full Postgres power (extensions: pgvector for embeddings, PostGIS for geo, pg_cron for scheduled jobs, pg_net for outbound HTTP, pg_graphql), Auth (Email/OTP/Magic link/OAuth/Anonymous, JWT in Postgres rules, MFA TOTP), Row Level Security policies (the security model — every table is locked-down by default and access is granted via RLS USING/WITH CHECK clauses), Realtime (Postgres CDC streaming changes via WebSocket, Broadcast for ad-hoc pub/sub, Presence for online tracking), Storage (S3-compatible object storage with RLS policies and image transforms), Edge Functions (Deno runtime on Cloudflare Workers — TypeScript, low cold-start), Database Webhooks, Foreign Data Wrappers (FDW for cross-database queries), Vault for secrets, branching for preview environments, and self-hosting via docker-compose. Use for any Supabase project: schema design with RLS, migrating from Firebase to Postgres, building real-time apps with CDC, scaffolding Edge Functions, integrating Auth into web/mobile, RAG implementation with pgvector, or auditing RLS policies. Has access to the official `supabase` MCP server (HTTP at https://mcp.supabase.com/mcp) for direct project introspection, schema migrations, and edge function deployment. Differentiates from a generic backend-patterns approach by deep platform expertise and RLS-first design (RLS is the only line of defense between the browser and Postgres, since the JS client connects directly via PostgREST).

Set up and use the 1Password CLI (op) to securely read, inject, and run secrets within development workflows. Use when you need to access credentials, API keys, or any sensitive values stored in 1Password vaults.

REST API design patterns including resource naming, status codes, pagination, filtering, error responses, versioning, and rate limiting for production APIs.

Apollo GraphQL pattern library — Apollo Server (the standard Node.js GraphQL server with pluggable data sources, batch loading via DataLoader, file uploads, subscriptions over WebSocket / SSE), Apollo Client (the leading TypeScript GraphQL client with normalized cache, optimistic updates, fragment colocation, query / mutation / subscription hooks for React / Vue / Angular / Svelte), Apollo Federation v2 (subgraphs + supergraph composition for microservices, entity resolution with @key directive, value types with @shareable, contextual constraints with @inaccessible / @tag), Apollo Router (Rust-based federation router replacing Apollo Gateway, query planning + caching + observability), Apollo Connectors for adding REST APIs to GraphQL without resolvers, schema design best practices (avoid n+1 with DataLoader, pagination via Relay cursor connections, errors as data via union types, nullable by default), security (depth limit, query complexity, persisted queries, CSRF prevention, rate limiting), schema first vs code first, codegen (graphql-codegen for TypeScript types), Apollo Studio for schema registry + metrics, Apollo MCP server for AI agents to introspect and query GraphQL APIs, and migration from REST to GraphQL. Use when building any GraphQL API or client with Apollo, federating multiple services, or migrating REST endpoints to GraphQL. Differentiates from generic api-design skill by Apollo-specific tooling and federation patterns.

Capture architectural decisions made during Claude Code sessions as structured ADRs. Auto-detects decision moments, records context, alternatives considered, and rationale. Maintains an ADR log so future developers understand why the codebase is shaped the way it is.

Backend architecture patterns, API design, database optimization, and server-side best practices for Node.js, Express, and Next.js API routes.

Design and execute chaos experiments, failure injection, and game day exercises in staging/dev environments ONLY. Scope: controlled resilience testing in non-production environments. Does NOT target production systems.

Structure software around the Dependency Rule: source code dependencies point inward from frameworks to use cases to entities. Use when the user mentions "architecture layers", "dependency rule", "ports and adapters", "hexagonal architecture", or "use case boundary". Covers component principles, boundaries, and SOLID.

ClickHouse database patterns, query optimization, analytics, and data engineering best practices for high-performance analytical workloads.

C++ coding standards based on the C++ Core Guidelines (isocpp.github.io). Use when writing, reviewing, or refactoring C++ code to enforce modern, safe, and idiomatic practices.

Use only when writing/updating/fixing C++ tests, configuring GoogleTest/CTest, diagnosing failing or flaky tests, or adding coverage/sanitizers.

Database migration best practices for schema changes, data migrations, rollbacks, and zero-downtime deployments across PostgreSQL, MySQL, and common ORMs (Prisma, Drizzle, Django, TypeORM, golang-migrate).

Design data systems by understanding storage engines, replication, partitioning, transactions, and consistency models. Use when the user mentions "database choice", "replication lag", "partitioning strategy", "consistency vs availability", or "stream processing". Covers data models, batch/stream processing, and distributed consensus.

Deployment workflows, CI/CD pipeline patterns, Docker containerization, health checks, rollback strategies, and production readiness checklists for web applications.

Django architecture patterns, REST API design with DRF, ORM best practices, caching, signals, middleware, and production-grade Django apps.

Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.

Django testing strategies with pytest-django, TDD methodology, factory_boy, mocking, coverage, and testing Django REST Framework APIs.

Verification loop for Django projects: migrations, linting, tests with coverage, security scans, and deployment readiness checks before release or PR.

Docker and Docker Compose patterns for local development, container security, networking, volume strategies, and multi-service orchestration.

Model software around the business domain using bounded contexts, aggregates, and ubiquitous language. Use when the user mentions "domain modeling", "bounded context", "aggregate root", "ubiquitous language", or "anti-corruption layer". Covers entities vs value objects, domain events, and context mapping strategies.

Elixir / Phoenix / OTP pattern library — Elixir 1.16+ functional language on the BEAM virtual machine (Erlang VM) for fault-tolerant distributed systems, OTP behaviours (GenServer for stateful processes, Supervisor for fault tolerance trees, Application for app structure, Task for async work, Agent for simple state, Registry for process discovery), Phoenix 1.7+ web framework (router, controllers, contexts as bounded subdomains, Ecto for database with multi schema + multi tenant + transactions + multi step transactions, channels for WebSocket pub/sub, presence for online tracking), Phoenix LiveView (server-rendered reactive UI without JavaScript, replacing SPAs for many use cases, with hooks for client-side interop and JS commands), Phoenix Components + Function Components, Tailwind + Heroicons integration, AshFramework for declarative resources (alternative to Ecto contexts), Broadway for data ingestion pipelines, Oban for background jobs (Postgres-backed, replacing Sidekiq for Elixir), Tesla for HTTP clients with middleware, mix tasks + releases for production deployment, distillery legacy vs mix release modern, hot code upgrades, telemetry + telemetry_metrics + telemetry_poller for observability, ExUnit for testing with property-based PropCheck / StreamData, Dialyzer for static analysis, and the Tidewave MCP server for Phoenix introspection by Claude Code. Use when developing real-time applications, fault-tolerant systems, IoT backends, chat / collab tools, or anything that benefits from the BEAM VM model. Differentiates from generic backend patterns by Elixir-specific concurrency model (lightweight processes, message passing) and Phoenix LiveView server-rendered reactive paradigm.

Transactional email delivery pattern library for backend services — Resend (developer-friendly, React Email integration), Postmark (best deliverability, fast support), SendGrid (enterprise, complex but powerful), Mailgun (API-first, good EU compliance), Amazon SES (cheapest at scale, requires reputation management), Brevo (formerly Sendinblue, EU-based), Loops (product-led growth focus). Covers domain authentication (SPF, DKIM, DMARC), dedicated IPs vs shared pools, bounce and complaint handling, suppression lists, webhook events (delivered / opened / clicked / bounced / complained), rate limiting, retry strategies with exponential backoff, template management (inline vs stored templates), and test email flows. Use when sending transactional emails from a backend: password resets, order confirmations, notifications, welcome emails, magic links, invoices. Differentiates from marketing email (newsletters via Ghost, Mailchimp, ConvertKit) by focusing on 1-to-1 triggered emails with deliverability-critical SLAs.

Firebase implementation pattern library — Firestore data modeling (subcollections, denormalization, fan-out, counter sharding for high-write counters), Firestore Security Rules DSL with rules emulator testing, Cloud Functions Gen 2 idempotency patterns + cold start mitigation + secret management via Cloud Secret Manager, Auth flows (Email/Google/Apple/Phone with custom claims for RBAC, MFA TOTP, Anonymous auth + linking), Cloud Storage rules with image transforms, FCM push notifications (token management, topics, conditional sends), App Check enforcement (App Attest / Play Integrity / reCAPTCHA), Remote Config feature flags with conditional rollout, and Vertex AI in Firebase for direct Gemini calls from clients. Use when scaffolding a Firebase project, designing Firestore schemas, writing security rules, or hardening an existing Firebase backend. Mentions the official `firebase` MCP server (npx firebase-tools@latest mcp) declared in this plugin's .mcp.json — Claude Code can use it to introspect and deploy live projects. Differentiates from generic NoSQL patterns by Firebase-specific cost models (per-read pricing) and security-rules-first architecture.

Idiomatic Go patterns, best practices, and conventions for building robust, efficient, and maintainable Go applications.

Go testing patterns including table-driven tests, subtests, benchmarks, fuzzing, and test coverage. Follows TDD methodology with idiomatic Go practices.

Java coding standards for Spring Boot services: naming, immutability, Optional usage, streams, exceptions, generics, and project layout.

JPA/Hibernate patterns for entity design, relationships, query optimization, transactions, auditing, indexing, pagination, and pooling in Spring Boot.

Laravel Boost MCP integration guide — Laravel Boost is the official Laravel package that exposes a Model Context Protocol (MCP) server via `php artisan boost:mcp`, allowing AI agents to introspect a live Laravel application's routes, Eloquent models with relationships and attributes, queues, events, middleware stack, configuration, environment, and migrations. Covers installation (composer require laravel/boost), configuration (publishing the config + ensuring artisan command is available), security model (the MCP runs locally and exposes app metadata + read access to selected resources — no production secrets if .env is gitignored), invocation patterns (Claude Code with the .mcp.json declaring laravel-boost), use cases (scaffolding new code that respects existing models + conventions, generating idiomatic controllers / form requests / policies / resources, debugging route definitions, exploring queue / event / listener wiring), and the differences vs writing static Laravel patterns from memory. Use when working on any Laravel project where the .mcp.json declares laravel-boost — Claude Code can directly query the live app instead of guessing. Differentiates from generic laravel-patterns by being live-introspection-driven rather than pattern-template-driven.

Laravel architecture patterns, routing/controllers, Eloquent ORM, service layers, queues, events, caching, and API resources for production apps.

Laravel security best practices for authn/authz, validation, CSRF, mass assignment, file uploads, secrets, rate limiting, and secure deployment.

Test-driven development for Laravel with PHPUnit and Pest, factories, database testing, fakes, and coverage targets.

Verification loop for Laravel projects: env checks, linting, static analysis, tests with coverage, security scans, and deployment readiness.

Load testing and performance benchmarking pattern library for backend services — k6 (Grafana's modern load tester with JavaScript scenarios, thresholds, cloud runs via k6 Cloud), Gatling (Scala-based high-throughput simulations with detailed reports), Locust (Python distributed load testing with web UI), Apache JMeter (legacy but still widely used for enterprise), Artillery (Node.js YAML-configured scenarios), and wrk (minimal CLI for quick benchmarks). Covers test planning (baseline / load / stress / spike / soak tests), virtual users modeling, ramp-up strategies, think time, custom metrics (latency percentiles p50/p95/p99, throughput RPS, error rate), SLO-based thresholds, CI integration (GitHub Actions with k6 + threshold-based pass/fail), and result interpretation (bottleneck identification CPU/memory/DB/network). Use when benchmarking a new API before launch, validating capacity planning, identifying performance bottlenecks, setting SLOs, or testing auto-scaling triggers. Differentiates from unit/integration tests by focusing on performance under concurrent load, not functional correctness.

MongoDB 7+ pattern library for Node.js and Python backends — schema design (embedded vs referenced documents, polymorphic patterns, attribute patterns, bucket pattern, computed pattern), indexes (single field, compound, multikey, text, geospatial, partial, TTL), aggregation pipeline ($match / $group / $lookup / $unwind / $project / $facet), transactions with session API (ACID multi-document since 4.0), change streams for CDC, official Node.js driver + Mongoose ODM (with TypeScript inference), Python via motor (async) + Beanie ODM, Atlas Search and Vector Search, sharding key selection, replica sets for HA, and backup strategies with mongodump + Atlas PITR. Use when designing or maintaining MongoDB schemas, optimizing slow queries, writing aggregations, implementing transactions, or migrating between relational and document models. Differentiates from postgres-patterns by covering document-oriented design patterns that don't apply to relational databases.

Conventions et patterns pour monorepos (Turborepo, Nx, pnpm workspaces). Use when project has turbo.json, nx.json, or workspace config.

Modern Perl 5.36+ idioms, best practices, and conventions for building robust, maintainable Perl applications.

Comprehensive Perl security covering taint mode, input validation, safe process execution, DBI parameterized queries, web security (XSS/SQLi/CSRF), and perlcritic security policies.

Perl testing patterns using Test2::V0, Test::More, prove runner, mocking, coverage with Devel::Cover, and TDD methodology.

PostgreSQL database patterns for query optimization, schema design, indexing, and security. Based on Supabase best practices.

Windows PowerShell scripting patterns and system administration. Use when working with registry operations, WMI/CIM queries, Windows services, firewall rules, scheduled tasks, Active Directory, or Windows-specific troubleshooting. Covers error handling with -ErrorAction, -WhatIf/-Confirm support, and proper Windows path handling.

Provides guidance for property-based testing across multiple languages and smart contracts. Use when writing tests, reviewing code with serialization/validation/parsing patterns, designing features, or when property-based testing would provide stronger coverage than example-based tests.

Pythonic idioms, PEP 8 standards, type hints, and best practices for building robust, efficient, and maintainable Python applications.

Python testing strategies using pytest, TDD methodology, fixtures, mocking, parametrization, and coverage requirements.

Real-time messaging pattern library for backend services — native WebSocket (ws library for Node, FastAPI WebSocket for Python, Spring Boot STOMP for Java), Socket.IO (fallback for legacy clients + auto-reconnect + rooms + namespaces), Server-Sent Events (SSE for one-way server-to-client streams), WebRTC (peer-to-peer audio/video/data channels via simple-peer or livekit-server-sdk), managed real-time services (Pusher, Ably, PubNub, Supabase Realtime, LiveKit for video), and Cloudflare Durable Objects for stateful edge WebSocket. Covers connection lifecycle (connect, heartbeat, reconnect with exponential backoff), auth patterns (JWT in query param vs subprotocol, cookie-based), message routing (rooms, channels, presence), scaling (horizontal scaling with Redis pub/sub or NATS adapter), load balancing sticky sessions, and monitoring connection counts. Use when building chat, live notifications, collaborative editors, multiplayer games, live dashboards, or real-time updates in any backend.

Redis 7+ pattern library for backend services — data structures (strings, lists, sets, hashes, sorted sets, streams, bitmaps, hyperloglogs, geo, JSON via RedisJSON), caching patterns (cache-aside, write-through, write-behind, read-through), session storage, rate limiting (token bucket, fixed window, sliding window), distributed locks (SETNX + expiry, Redlock algorithm), pub/sub messaging, streams for event sourcing and message queues (XADD, XREAD, consumer groups), persistence strategies (RDB snapshots vs AOF append-only), Redis Cluster for sharding, Sentinel for HA, and modern clients (node-redis, ioredis for Node, redis-py for Python). Use when implementing caching, rate limiting, session storage, pub/sub, distributed locks, or leaderboards with Redis. Differentiates from mongodb-patterns and postgres-patterns by covering an in-memory data structure store used alongside a primary database, not as the primary data store.

Resilience patterns for backend code calling external services. Use when code makes API calls, DB queries, or network requests to external services.

Idiomatic Rust patterns, ownership, error handling, traits, concurrency, and best practices for building safe, performant applications.

Rust testing patterns including unit tests, integration tests, async testing, property-based testing, mocking, and coverage. Follows TDD methodology.

Smart contract security audit pattern library — SWC Registry vulnerabilities (reentrancy SWC-107, integer overflow SWC-101, access control SWC-115, unchecked call return SWC-104, denial of service SWC-113, weak randomness SWC-120, front-running SWC-114, timestamp dependence SWC-116, signature replay SWC-121), formal analysis tools (Slither static analyzer, Mythril symbolic execution, Certora Prover formal verification, Echidna property-based fuzzer, Manticore), MEV mitigation (commit-reveal schemes, batch auctions, private mempools Flashbots Protect), economic attack vectors (oracle manipulation via flash loans, sandwich attacks, JIT liquidity), upgrade safety (storage collisions, function selector clashes in proxies), and the pre-audit checklist (CEI pattern verification, reentrancy guards on every external interaction, custom errors review, access control matrix, integer arithmetic safety, gas griefing). Use when auditing existing contracts before mainnet deploy, hardening DeFi protocols, integrating Slither/Mythril into CI, or designing security-first contract architectures. Differentiates from generic security-reviewer by EVM-specific attack vectors (reentrancy, MEV, oracle manipulation, flash loan attacks) that don't exist in traditional web apps.

Solidity smart contract development pattern library — modern Solidity 0.8.x (built-in overflow checks, custom errors with Error(), events for off-chain indexing), Foundry toolchain (forge build/test/script with cheatcodes, fuzz tests, invariant tests, anvil local node, cast for chain interaction), Hardhat alternative (TypeScript scripting, plugin ecosystem), OpenZeppelin Contracts library (ERC-20, ERC-721, ERC-1155, AccessControl, ReentrancyGuard, Ownable, UUPS upgradeable proxies, Governor for DAOs), upgrade patterns (Transparent Proxy, UUPS, Beacon, Diamond EIP-2535), gas optimization techniques (storage packing, calldata vs memory, immutable vs constant, unchecked blocks for safe arithmetic), event-driven architecture (indexed parameters, The Graph subgraphs), and the canonical EVM contract patterns (CEI Checks-Effects-Interactions, Pull-over-Push payments, Withdrawal pattern). Use when writing Solidity contracts, designing token standards, implementing access control, auditing for gas optimization, or scaffolding a Foundry/Hardhat project. Differentiates from generic backend-patterns by EVM-specific constraints (immutable bytecode after deploy, gas costs per opcode, storage layout matters for upgrades).

Spring Boot architecture patterns, REST API design, layered services, data access, caching, async processing, and logging. Use for Java Spring Boot backend work.

Spring Security best practices for authn/authz, validation, CSRF, secrets, headers, rate limiting, and dependency security in Java Spring Boot services.

Test-driven development for Spring Boot using JUnit 5, Mockito, MockMvc, Testcontainers, and JaCoCo. Use when adding features, fixing bugs, or refactoring.

Verification loop for Spring Boot projects: build, static analysis, tests with coverage, security scans, and diff review before release or PR.

SRE philosophy, SLO/SLI definition, error budget management, blameless postmortems, toil reduction, and capacity planning. Scope: reliability engineering principles ONLY. Does NOT cover Prometheus/Grafana setup or monitoring tool configuration (use devops-expert agent for that).

Best practices for building Stripe integrations. Use when implementing payment processing, checkout flows, subscriptions, webhooks, Connect platforms, or any Stripe API integration.

Supabase implementation pattern library — RLS policies for multi-tenant SaaS (USING / WITH CHECK clauses, helper functions in auth schema, performance with indexes), Auth flows (Email / OAuth / Magic Link / Phone OTP / Anonymous + linking, custom JWT claims via Auth Hooks, MFA TOTP), Postgres schema migrations versionnées via Supabase CLI (supabase migration new + supabase db push), Edge Functions Deno (Hono framework, secrets via env, deployment), Realtime (Postgres CDC subscriptions filtered by RLS, Broadcast for ephemeral pub/sub, Presence for online tracking), Storage with S3 API + RLS policies + image transforms, pgvector for RAG with HNSW indexes, pg_cron for scheduled jobs, Database Webhooks for triggers to external services, branching for preview environments per PR, and the service_role security model (NEVER expose to clients). Use when scaffolding a Supabase project, designing RLS policies, writing migrations, building real-time features, or migrating from Firebase. Mentions the official `supabase` MCP server (HTTP at https://mcp.supabase.com/mcp) declared in this plugin's .mcp.json — Claude Code can use it to introspect the schema, deploy migrations, and manage Edge Functions live. Differentiates from generic Postgres patterns by Supabase-specific features (RLS as primary auth, Realtime, Edge Functions, branching).

Design scalable distributed systems using structured approaches for load balancing, caching, database scaling, and message queues. Use when the user mentions "system design", "scale this", "high availability", "rate limiter", or "design a URL shortener". Covers common system designs and back-of-the-envelope estimation.

Use this skill when writing new features, fixing bugs, or refactoring code. Enforces test-driven development with 80%+ coverage including unit, integration, and E2E tests.

Canonical TDD skill — write failing test first, then minimal code. Use when implementing any feature, bugfix, or refactoring. Enforces Red-Green-Refactor with 80%+ coverage.

Web3 frontend and off-chain integration pattern library — wallet connection (RainbowKit, Web3Modal v3, ConnectKit, Privy for embedded wallets, Dynamic, Coinbase Smart Wallet for Account Abstraction), wagmi v2 + viem (the modern TypeScript stack replacing ethers v6 in 2026), reading contracts (useReadContract, watch, multicall batching), writing transactions (useWriteContract, useWaitForTransactionReceipt, simulateContract for pre-flight checks), event listening (useWatchContractEvent, watchContractEvent), wallet state management (account, chain, balance hooks), chain switching, ENS resolution, IPFS metadata uploads (Pinata, web3.storage, Lighthouse), The Graph subgraph queries with @graphprotocol/graph-cli, Ethers.js v6 patterns for Node.js backends, JSON-RPC providers (Alchemy, Infura, QuickNode, public RPCs), private key management (NEVER in frontend, KMS / Vault / hardware wallet for signing), signed message verification (EIP-712 typed data, EIP-191 personal sign, SIWE Sign-In with Ethereum), and Account Abstraction ERC-4337 with Pimlico / Stackup bundlers + paymasters for gasless UX. Use when integrating wallet connect into a Next.js / Remix / Vue app, building a backend that interacts with smart contracts, indexing on-chain events, or implementing wallet-based authentication. Differentiates from generic frontend-patterns by Web3-specific UX (wallet rejection, gas estimation, chain switching, transaction pending states).