kvokov/nestjs
skills/nestjs/SKILL.md
NestJS (Nest.js) production patterns for modules, controllers, providers, guards, interceptors, pipes, middleware, JWT, ValidationPipe, microservices, GraphQL, Bull queues, Prisma, and TypeORM. Triggers: NestJS, Nest.js, Nest module, dependency injection, class-validator DTO, exception filter, testing module, GraphQL resolver, Bull queue, microservice client. Uses: Read, Grep, Glob, Bash, WebSearch. Outputs: tier-ordered review checklists and/or concrete code edits with cited rule filenames. Do NOT use for: non-Nest backends (Express/Fastify only with no Nest integration), frontend-only frameworks, generating AGENTS.md, or toolchain setup unrelated to Nest.
$ install --global
skillsauthnpx skillsauth add kvokov/oh-my-ai nestjsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 1, 2026, 2:19 AM132.8s44 files scanned
SKILL.md
- name:
- nestjs
- description:
- NestJS (Nest.js) production patterns for modules, controllers, providers, guards, interceptors, pipes, middleware, JWT, ValidationPipe, microservices, GraphQL, Bull queues, Prisma, and TypeORM. Triggers: NestJS, Nest.js, Nest module, dependency injection, class-validator DTO, exception filter, testing module, GraphQL resolver, Bull queue, microservice client. Uses: Read, Grep, Glob, Bash, WebSearch. Outputs: tier-ordered review checklists and/or concrete code edits with cited rule filenames. Do NOT use for: non-Nest backends (Express/Fastify only with no Nest integration), frontend-only frameworks, generating AGENTS.md, or toolchain setup unrelated to Nest.
- version:
- 1.0.1
- tags:
- nestjs, backend, nest, dependency-injection, security, validation, api, microservices
NestJS
Follow the tier workflow below, then deepen with files under rules/ and the section map in rules/_sections.md.
Non-negotiables
rules/<prefix>-*.mdfor anything beyond this file (transactions, serialization, queues, graceful shutdown).- No invented Nest APIs, decorators, guards, or env keys — verify in the repo or current Nest docs.
- Constructor injection and explicit
Modulewiring; DTOs +ValidationPipeon inputs unless the project documents otherwise. - Deliverables match the ask (checklist vs patch) and cite
rules/<slug>.md.
Rules map (# = workflow priority; anchor = first file for tiers 1–4)
| # | Prefix | Focus | Anchor |
| - | ------ | ----- | ------ |
| 1 | arch- | Architecture | arch-avoid-circular-deps.md |
| 2 | di- | Dependency injection | di-prefer-constructor-injection.md |
| 3 | error- | Error handling | error-use-exception-filters.md |
| 4 | security- | Security | security-validate-all-input.md, security-use-guards.md |
| 5 | perf- | Performance | — |
| 6 | test- | Testing | — |
| 7 | db- | Database / ORM | — |
| 8 | api- | API design | — |
| 9 | micro- | Microservices | — |
| 10 | devops- | DevOps / deploy | — |
Full list (40+ slugs) and new-rule skeleton: rules/_sections.md, rules/_template.md.
Refactoring and review workflow
Apply rules in this order; stop reranking within a tier unless a higher tier introduces new breakage. After each tier, run nest build and automated tests when the toolchain is available before moving downward.
- CRITICAL — Architecture: resolve circular dependencies, validate feature-module boundaries, verify
imports/exports/providerscorrectness. - CRITICAL — Dependency injection: enforce constructor injection, correct provider scopes, remove service-locator patterns.
- HIGH — Error handling: consolidate exception translation; replace raw opaque errors where HTTP semantics matter.
- HIGH — Security: global validation, authentication/authorization guards, rate limiting when exposed publicly.
- HIGH — Performance: caching hotspots, ORM N+1 risks, lazy loading where documented in rules.
- MEDIUM-HIGH and below: testing harnesses, migrations/transactions, API shape, microservice boundaries, deployment concerns.
Where to read next
rules/_sections.md (ordering), rules/<slug>.md (detail), rules/_template.md (blank rule).
Code snippets — common patterns
DTO with class-validator and global ValidationPipe
// create-order.dto.ts
import { IsString, IsInt, Min } from 'class-validator';
export class CreateOrderDto {
@IsString()
sku: string;
@IsInt()
@Min(1)
qty: number;
}
// main.ts — register once globally
async function bootstrap() {
const app = await NestFactory.create(AppModule);
app.useGlobalPipes(
new ValidationPipe({ whitelist: true, forbidNonWhitelisted: true }),
);
await app.listen(3000);
}
Applying a JWT guard to a route
// orders.controller.ts
import { Controller, Post, Body, UseGuards } from '@nestjs/common';
import { JwtAuthGuard } from '../auth/jwt-auth.guard';
import { CreateOrderDto } from './dto/create-order.dto';
import { OrdersService } from './orders.service';
@Controller('orders')
export class OrdersController {
constructor(private readonly ordersService: OrdersService) {}
@Post()
@UseGuards(JwtAuthGuard)
create(@Body() dto: CreateOrderDto) {
return this.ordersService.create(dto);
}
}
Integrated example
Prompt: POST /orders body { sku, qty }, login required.
- Modules — avoid cycles (
arch-feature-modules,arch-module-sharing). - Input —
CreateOrderDto+ appValidationPipe(security-validate-all-input). - Auth / errors — JWT (
security-use-guards,security-auth-jwt); HTTP errors + filters (error-throw-http-exceptions,error-use-exception-filters). - Output — code diff vs checklist per ask; cite slugs.
Anti-patterns (reject in reviews)
- Using
forwardRefas the primary fix without first extracting shared boundaries or domain events (arch-avoid-circular-deps). @Body()typed asanyor primitives without pipes where the codebase uses DTO validation elsewhere.- Scattered
try/catchreturning ad-hoc JSON instead of centralized exception mapping. - Property injection solely to avoid constructor parameters.
- Recommending Prisma/Bull/microservice patterns without opening the relevant
rules/db-*,rules/micro-*files when specifics matter.
Related Skills
kvokov/uiux
development
VerifiedTrustedCommunity
Professional UI/UX design skill for React, Next.js, Tailwind CSS, React Native, and Flutter. Use when the user asks to create or polish UI components (modals, forms, tables, charts, navbars, sidebars, cards), design landing pages, build dashboards or admin panels, set up SaaS or mobile app screens, review or fix layout and accessibility issues, configure dark mode or responsive breakpoints, or establish a design system with tokens and component specs. Capabilities include: creating design-system token files and MASTER.md artifacts, generating responsive Tailwind layouts, scaffolding page-level component hierarchies, reviewing and fixing UI accessibility (a11y, WCAG), implementing React Native safe-area screens, and configuring Flutter ThemeData. Outputs design-system files (MASTER, page overrides, tokens, component specs) plus stack-faithful code. Do NOT use for: pure backend-only work with no UI impact, or inventing branding assets you do not have rights to use.
3SKILL.mdUpdated Apr 23, 2026
kvokov/skill-maker
tools
VerifiedTrustedCommunity
Use this skill any time someone wants to create, scaffold, build, fix, improve, benchmark, or optimize a Tessl/Claude skill — even if they don't say 'tessl' explicitly. If the request involves making a new skill ('create a skill for X', 'build me a skill that does Y', 'scaffold a skill called Z'), fixing or completing an existing one (missing tile.json, broken repo integration, low eval scores, description not triggering), or running and iterating on evals, invoke this skill. The full workflow covers: structured interview → SKILL.md + tile.json + rules/ scaffolding → README/CI repo integration → tessl tile lint → optional Tessl CLI pipeline (skill review, scenario generate/download, eval run) → hand-authored evals or LLM-as-judge fallback → benchmark logging. Do NOT use for: editing application code, debugging, refactoring, writing general documentation, or creating presentations.
3SKILL.mdUpdated Apr 23, 2026
kvokov/reading-synthesis
tools
VerifiedTrustedCommunity
Rigorous thirteen-part synthesis of a text or talk: deep summary, insights, structure, critique, framework rebuild, and CEO-level takeaways. Triggers: reading synthesis, synthesize this, deep dive, rigorous analysis, deconstruct, book analysis, article analysis, essay breakdown, intellectual synthesis, multi-dimensional analysis, executive summary of ideas, framework extraction. Uses: Read (and related file tools) for attached sources; WebSearch or WebFetch when comparands are missing or context is thin. Outputs: single structured markdown message with fixed section headers per rules/output-sections.md.
3SKILL.mdUpdated Apr 23, 2026
kvokov/llm-wiki
development
VerifiedTrustedCommunity
Compiles and maintains a persistent LLM-written markdown wiki between immutable raw sources and answers—the Karpathy LLM Knowledge Base pattern. The agent writes and maintains the wiki; the human curates sources and reads it. Knowledge compounds instead of being re-derived each query. Triggers: llm wiki, persistent wiki, personal knowledge base, wiki maintenance, ingest sources, compound knowledge, index.md, log.md, Obsidian wiki, cross-references, Karpathy wiki pattern, compile wiki, knowledge base. Uses: Read, Glob, Grep, file edits, optional WebSearch, AskUserQuestion when schema or goals are ambiguous. Outputs: updated wiki pages, index, append-only log, citations on query, filed answers, visual outputs. Do NOT use for: mutating raw sources, one-off chat answers with no wiki artifact, or replacing a user-defined wiki schema without reading it first.
3SKILL.mdUpdated Apr 23, 2026