giuseppe-trisciuoglio/nestjs
plugins/developer-kit-typescript/skills/nestjs/SKILL.md
Provides comprehensive NestJS framework patterns with Drizzle ORM integration for building scalable server-side applications. Generates REST/GraphQL APIs, implements authentication guards, creates database schemas, and sets up microservices. Use when building NestJS applications, setting up APIs, implementing authentication, working with databases, or integrating Drizzle ORM.
$ install --global
skillsauthnpx skillsauth add giuseppe-trisciuoglio/developer-kit nestjsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 5, 2026, 1:24 PM6.1s8 files scanned
SKILL.md
- name:
- nestjs
- description:
- Provides comprehensive NestJS framework patterns with Drizzle ORM integration for building scalable server-side applications. Generates REST/GraphQL APIs, implements authentication guards, creates database schemas, and sets up microservices. Use when building NestJS applications, setting up APIs, implementing authentication, working with databases, or integrating Drizzle ORM.
- allowed-tools:
- Read, Write, Edit, Glob, Grep, Bash
NestJS Framework with Drizzle ORM
Overview
Provides NestJS patterns with Drizzle ORM for building production-ready server-side applications. Covers CRUD modules, JWT authentication, database operations, migrations, testing, microservices, and GraphQL integration.
When to Use
- Building REST APIs or GraphQL servers with NestJS
- Setting up authentication and authorization with JWT
- Implementing database operations with Drizzle ORM
- Creating microservices with TCP/Redis transport
- Writing unit and integration tests
- Running database migrations with drizzle-kit
Instructions
- Install dependencies:
npm i drizzle-orm pg && npm i -D drizzle-kit tsx - Define schema: Create
src/db/schema.tswith Drizzle table definitions - Create DatabaseService: Inject Drizzle client as a NestJS provider
- Build CRUD module: Controller → Service → Repository pattern
- Add validation: Use class-validator DTOs with ValidationPipe
- Implement guards: Create JWT/Roles guards for route protection
- Write tests: Use
@nestjs/testingwith mocked repositories - Run migrations:
npx drizzle-kit generate→ Verify SQL →npx drizzle-kit migrate
Examples
Complete CRUD Module with Drizzle
// src/db/schema.ts
export const users = pgTable('users', {
id: serial('id').primaryKey(),
name: text('name').notNull(),
email: text('email').notNull().unique(),
createdAt: timestamp('created_at').defaultNow(),
});
// src/users/dto/create-user.dto.ts
export class CreateUserDto {
@IsString() @IsNotEmpty() name: string;
@IsEmail() email: string;
}
// src/users/user.repository.ts
@Injectable()
export class UserRepository {
constructor(private db: DatabaseService) {}
async findAll() {
return this.db.database.select().from(users);
}
async create(data: typeof users.$inferInsert) {
return this.db.database.insert(users).values(data).returning();
}
}
// src/users/users.service.ts
@Injectable()
export class UsersService {
constructor(private repo: UserRepository) {}
async create(dto: CreateUserDto) {
return this.repo.create(dto);
}
}
// src/users/users.controller.ts
@Controller('users')
export class UsersController {
constructor(private service: UsersService) {}
@Post()
create(@Body() dto: CreateUserDto) {
return this.service.create(dto);
}
}
// src/users/users.module.ts
@Module({
controllers: [UsersController],
providers: [UsersService, UserRepository, DatabaseService],
exports: [UsersService],
})
export class UsersModule {}
JWT Authentication Guard
@Injectable()
export class JwtAuthGuard implements CanActivate {
constructor(private jwtService: JwtService) {}
canActivate(context: ExecutionContext) {
const token = context.switchToHttp().getRequest()
.headers.authorization?.split(' ')[1];
if (!token) return false;
try {
const decoded = this.jwtService.verify(token);
context.switchToHttp().getRequest().user = decoded;
return true;
} catch {
return false;
}
}
}
Database Transactions
async transferFunds(fromId: number, toId: number, amount: number) {
return this.db.database.transaction(async (tx) => {
await tx.update(accounts)
.set({ balance: sql`${accounts.balance} - ${amount}` })
.where(eq(accounts.id, fromId));
await tx.update(accounts)
.set({ balance: sql`${accounts.balance} + ${amount}` })
.where(eq(accounts.id, toId));
});
}
Unit Testing with Mocks
describe('UsersService', () => {
let service: UsersService;
let repo: jest.Mocked<UserRepository>;
beforeEach(async () => {
const module = await Test.createTestingModule({
providers: [
UsersService,
{ provide: UserRepository, useValue: { findAll: jest.fn(), create: jest.fn() } },
],
}).compile();
service = module.get(UsersService);
repo = module.get(UserRepository);
});
it('should create user', async () => {
const dto = { name: 'John', email: '[email protected]' };
repo.create.mockResolvedValue({ id: 1, ...dto, createdAt: new Date() });
expect(await service.create(dto)).toMatchObject(dto);
});
});
Constraints and Warnings
- DTOs required: Always use DTOs with class-validator, never accept raw objects
- Transactions: Keep transactions short; avoid nested transactions
- Guards order: JWT guard must run before Roles guard
- Environment variables: Never hardcode DATABASE_URL or JWT_SECRET
- Migrations: Run
drizzle-kit generateafter schema changes before deploying - Circular dependencies: Use
forwardRef()carefully; prefer module restructuring
Best Practices
- Validate all inputs with global
ValidationPipe - Use transactions for multi-table operations
- Document APIs with OpenAPI/Swagger decorators
References
Advanced patterns and detailed examples available in:
references/reference.md- Core patterns, guards, interceptors, microservices, GraphQLreferences/drizzle-reference.md- Drizzle ORM installation, configuration, queriesreferences/workflow-optimization.md- Development workflows, parallel execution strategies
Related Skills
giuseppe-trisciuoglio/specs-code-cleanup
development
VerifiedTrustedCommunity
Provides final code cleanup after task review approval. Removes debug logs, temporary comments, dead code, optimizes imports, and improves readability. Use when asked to clean up code, polish, finalize, tidy up, remove technical debt, or prepare code for completion after review. Not for refactoring logic or fixing bugs—focused solely on cosmetic and hygiene cleanup.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/ralph-loop
tools
VerifiedTrustedCommunity
Ralph Wiggum-inspired automation loop for specification-driven development. Orchestrates task implementation, review, cleanup, and synchronization using a Python script. Use when: user runs /loop command, user asks to automate task implementation, user wants to iterate through spec tasks step-by-step, or user wants to run development workflow automation with context window management. One step per invocation. State machine: init → choose_task → implementation → review → fix → cleanup → sync → update_done. Supports --from-task and --to-task for task range filtering. State persisted in fix_plan.json.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/constitution
testing
VerifiedTrustedCommunity
Creates, updates, validates, and displays the architectural DNA of a project through two shared documents: docs/specs/architecture.md (technology stack, architectural rules, security constraints, AI guardrails) and docs/specs/ontology.md (domain glossary / Ubiquitous Language). Use BEFORE brainstorm as a project setup step, or at any point in the SDD lifecycle to validate specs/tasks against architecture principles. Triggers on 'create constitution', 'update constitution', 'constitution check', 'validate against constitution', 'project principles', 'architectural guardrails', 'setup project architecture', 'define ontology'.
250SKILL.mdUpdated May 5, 2026
giuseppe-trisciuoglio/qwen-coder
tools
VerifiedTrustedCommunity
Provides Qwen Coder CLI delegation workflows for coding tasks using Qwen2.5-Coder and QwQ models, including English prompt formulation, execution flags, and safe result handling. Use when the user explicitly asks to use Qwen for tasks such as code generation, refactoring, debugging, or architectural analysis. Triggers on "use qwen", "use qwen coder", "delegate to qwen", "ask qwen", "second opinion from qwen", "qwen opinion", "continue with qwen", "qwen session".
237SKILL.mdUpdated May 5, 2026