@ahumandev/autocode 0.0.1

package/dist/skills/code-java/SKILL.md

@@ -0,0 +1,345 @@
+---
+name: code-java
+description: Java Standards - Use this skill to learn how to update Java code. This is the Java coding standard that you MUST apply to all your Java code or when you update `.java` files. 
+---
+
+# Java Coding Standard
+
+## Core Enforcements
+
+### Annotations (@Override, @Deprecated)
+
+**@Override** mandatory for ALL overridden methods:
+```java
+@Override
+public String toString() {
+    return "User{id=" + id + ", name='" + name + '\'' + '}';
+}
+
+@Override
+public boolean equals(Object o) {
+    if (this == o) return true;
+    if (!(o instanceof User)) return false;
+    User user = (User) o;
+    return Objects.equals(id, user.id) && Objects.equals(name, user.name);
+}
+```
+
+**@Deprecated** with Javadoc and replacement:
+```java
+/**
+ * @deprecated Use {@link #newMethod()} instead. Removed in v2.0.
+ */
+@Deprecated(since = "1.5", forRemoval = true)
+public void oldMethod() {
+    newMethod();
+}
+```
+
+### Exception Handling
+
+**Rules:** Catch specific exceptions, never generic `Exception`. NO empty catch blocks. ALWAYS log or rethrow with context.
+
+```java
+// ✅ CORRECT
+try {
+    fileReader.readFile(filename);
+} catch (FileNotFoundException e) {
+    logger.error("Config file not found: {}", filename, e);
+    throw new ConfigurationException("Missing config", e);
+} catch (IOException e) {
+    logger.error("IO error reading: {}", filename, e);
+    throw new ApplicationException("Unable to read", e);
+}
+
+// ❌ WRONG: Catches everything, empty, or swallows exceptions
+try { fileReader.readFile(filename); } 
+catch (Exception e) { }  // Masks real issues
+```
+
+### Static Member Access
+
+Access via class name, never instance variable:
+```java
+// ✅ CORRECT
+String version = ApplicationConstants.APP_VERSION;
+
+// ❌ WRONG
+ApplicationConstants instance = new ApplicationConstants();
+String version = instance.APP_VERSION;
+```
+
+### Resource Management
+
+Use try-with-resources or Spring lifecycle (@PostConstruct/@PreDestroy):
+```java
+// ✅ Try-with-resources
+try (Connection conn = dataSource.getConnection();
+     Statement stmt = conn.createStatement()) {
+    ResultSet rs = stmt.executeQuery(sql);
+} catch (SQLException e) {
+    logger.error("Database error: {}", sql, e);
+    throw e;
+}
+
+// ✅ Spring lifecycle
+@Component
+public class DatabaseManager {
+    @PostConstruct
+    public void initialize() { logger.info("Initializing"); }
+    
+    @PreDestroy
+    public void cleanup() { logger.info("Cleaning up"); }
+}
+```
+
+### Null Checking & Optional
+
+Prefer Optional for chains; null checks only when necessary:
+```java
+// ✅ Optional pattern
+findByEmail(email)
+    .map(User::getName)
+    .orElse("Unknown");
+
+// ✅ Null check when needed
+if (user != null && user.isActive()) {
+    process(user);
+}
+
+// ❌ NPE risk
+String name = user.getName();  // No null check
+```
+
+---
+
+## Javadoc Requirements (Mandatory)
+
+ALL public classes and methods REQUIRE Javadoc with complete tags:
+
+```java
+/**
+ * Authenticates user with credentials.
+ * Validates username/password against auth service.
+ * Generates and stores session token on success.
+ * 
+ * @param username login name (non-null, non-empty)
+ * @param password password (non-null, non-empty)
+ * @return true if auth successful, false if invalid
+ * @throws AuthenticationException if service unavailable
+ * @throws IllegalArgumentException if username/password null/empty
+ * @since 1.0
+ */
+public boolean authenticate(String username, String password) 
+    throws AuthenticationException { }
+```
+
+**Mandatory Tags:** @param (all params), @return (if not void), @throws (checked exceptions), @deprecated (with replacement), @since (version)
+
+---
+
+## SonarQube Critical Rules (Enforced)
+
+**S1161:** Missing @Override annotation
+```java
+// ❌ WRONG
+class Child extends Parent {
+    public String toString() { return "child"; }
+}
+
+// ✅ CORRECT
+class Child extends Parent {
+    @Override
+    public String toString() { return "child"; }
+}
+```
+
+**S2097:** Unsafe equals() - missing instanceof check
+```java
+// ❌ WRONG
+@Override
+public boolean equals(Object obj) {
+    User user = (User) obj;  // No type check!
+    return Objects.equals(id, user.id);
+}
+
+// ✅ CORRECT
+@Override
+public boolean equals(Object obj) {
+    if (!(obj instanceof User)) return false;
+    User user = (User) obj;
+    return Objects.equals(id, user.id);
+}
+```
+
+**S2737:** Catch doing nothing but rethrowing
+```java
+// ❌ WRONG - catch should do more
+try {
+    operation();
+} catch (IOException e) {
+    throw e;
+}
+
+// ✅ CORRECT
+try {
+    operation();
+} catch (IOException e) {
+    logger.error("IO operation failed", e);
+    throw new ApplicationException("Operation failed", e);
+}
+```
+
+### Spring-Specific Critical Rules
+
+**S6829/S6818:** Single constructor injection, @Autowired not needed
+```java
+// ✅ CORRECT
+@Service
+public class UserService {
+    private final UserRepository repository;
+    
+    public UserService(UserRepository repository) {
+        this.repository = repository;
+    }
+}
+```
+
+**S6838:** @Bean methods must inject dependencies, not call directly
+```java
+// ❌ WRONG
+@Bean
+public Component component() {
+    return new Component(service1());  // Direct call
+}
+
+// ✅ CORRECT
+@Bean
+public Component component(Service service1) {  // Inject via parameter
+    return new Component(service1);
+}
+```
+
+**S7184:** @Scheduled methods must have no arguments
+```java
+// ✅ CORRECT
+@Scheduled(fixedRate = 5000)
+public void scheduledTask() { }
+```
+
+### SonarQube Quality Gates
+
+| Metric | Threshold | Action |
+|--------|-----------|--------|
+| Critical Bugs | 0 | Block deployment |
+| Security Vulnerabilities | 0 | Block deployment |
+| Cyclomatic Complexity | ≤ 5 per method | Refactor if exceeded |
+
+---
+
+## Spring Patterns
+
+### Service Layer
+```java
+@Service
+@Transactional
+public class UserService {
+    private static final Logger logger = LoggerFactory.getLogger(UserService.class);
+    private final UserRepository repository;
+    
+    public UserService(UserRepository repository) {
+        this.repository = repository;
+    }
+    
+    /**
+     * Creates new user account.
+     * @param userDTO user data (non-null)
+     * @return created user
+     * @throws ValidationException if data invalid
+     */
+    public User createUser(UserDTO userDTO) {
+        if (userDTO == null || userDTO.getEmail() == null) {
+            throw new ValidationException("Invalid user data");
+        }
+        User user = new User();
+        user.setEmail(userDTO.getEmail());
+        repository.save(user);
+        logger.info("User created: {}", user.getId());
+        return user;
+    }
+    
+    public Optional<User> getUserById(Long userId) {
+        return repository.findById(userId);
+    }
+}
+```
+
+### Controller Layer
+```java
+@RestController
+@RequestMapping("/api/v1/users")
+public class UserController {
+    private final UserService userService;
+    
+    public UserController(UserService userService) {
+        this.userService = userService;
+    }
+    
+    @GetMapping("/{id}")
+    public ResponseEntity<UserDTO> getUserById(@PathVariable Long id) {
+        return userService.getUserById(id)
+            .map(user -> ResponseEntity.ok(mapToDTO(user)))
+            .orElse(ResponseEntity.notFound().build());
+    }
+    
+    @PostMapping
+    public ResponseEntity<UserDTO> createUser(@RequestBody UserDTO userDTO) {
+        User created = userService.createUser(userDTO);
+        return ResponseEntity.status(HttpStatus.CREATED).body(mapToDTO(created));
+    }
+    
+    private UserDTO mapToDTO(User user) {
+        UserDTO dto = new UserDTO();
+        dto.setId(user.getId());
+        dto.setEmail(user.getEmail());
+        return dto;
+    }
+}
+```
+
+---
+
+## Code Review Checklist
+
+- [ ] All overridden methods have @Override
+- [ ] All deprecated methods documented with replacement
+- [ ] Exception handling: specific exceptions, no generic Exception, no empty catch blocks
+- [ ] All exceptions logged or rethrown with context
+- [ ] Javadoc on all public classes/methods with @param, @return, @throws
+- [ ] Static members accessed via class name, not instance
+- [ ] Resources use try-with-resources or Spring lifecycle
+- [ ] Null-safe: Optional for chains, null checks for single values
+- [ ] SonarQube warnings addressed (S1161, S2097, S2737, S6829, S6838, S7184)
+- [ ] No duplicate code
+- [ ] Cyclomatic complexity ≤ 5 per method
+
+---
+
+## Key Takeaways
+
+1. **@Override** mandatory for every overridden method
+2. **Exception handling** specific, logged, never empty
+3. **Javadoc** with @param, @return, @throws required for all public APIs
+4. **Optional** for null-safe chains; null checks for single values
+5. **Resources** managed via try-with-resources or Spring lifecycle
+6. **SonarQube** blocks deployment on critical bugs (S1161, S2097, S2737)
+7. **Spring rules** enforce proper @Bean invocation, @Scheduled args, single constructor injection
+8. **Static** members accessed via class name
+9. **Cyclomatic complexity** ≤ 5 per method
+10. **Code review** checklist used on every pull request
+
+---
+
+**Document Status:** BMW Java Coding Standard  
+**Last Updated:** Current  
+**Audience:** BMW Java Developers, Backend Engineers

package/dist/skills/code-rest/SKILL.md

@@ -0,0 +1,82 @@
+---
+name: code-rest
+description: Apply `code-rest` skill before design-review REST API or OpenAPI specifications
+---
+
+## Naming Conventions
+
+| Element | Convention | Example |
+|---------|-----------|---------|
+| Path segments | lowercase with hyphens | `/vehicle-images/123` |
+| Resources | lowercase, plural, nouns | `/orders`, `/users` |
+| Query parameters | snake_case | `?max_results=10&sort=+id` |
+| Properties | camelCase | `"lifeTimeList"`, `"customerId"` |
+| Enum names | UpperCamelCase | `"DeliverMethods"` |
+| Enum values | UPPER_SNAKE_CASE | `"DELIVER_METHODS_UNSPECIFIED"` |
+| Custom HTTP headers | Hyphenated-Pascal-Case with `BMW-` prefix | `BMW-CV-Transaction-ID` |
+
+- MUST avoid trailing slashes in paths.
+- MUST declare resources as nouns — never use verbs in resource paths (use `/orders`, not `/create-orders`).
+- First enum value SHOULD be `<ENUM_TYPE>_UNSPECIFIED`.
+
+## HTTP Methods and Safety/Idempotency
+
+| Method | Safe | Idempotent | Primary Use |
+|--------|------|------------|-------------|
+| GET | Yes | Yes | Read resources; MUST NOT have request body |
+| HEAD | Yes | Yes | Retrieve headers only |
+| POST | No | No | Create resources on collections or execute procedures |
+| PUT | No | Yes | Create or fully replace a resource |
+| PATCH | No | No | Partial update of a resource |
+| DELETE | No | Yes | Delete a resource |
+| OPTIONS | Yes | Yes | Inspect available operations; support CORS |
+
+- MUST distinguish between **resources** (nouns, CRUD via standard methods) and **procedures** (actions via POST).
+
+## HTTP Status Codes
+
+### MUST declare (when relevant)
+
+- **200** OK — success for GET, PUT, POST
+- **201** Created — new resource created (POST)
+- **204** No Content — success with no body (DELETE)
+- **400** Bad Request — invalid structure/types/missing data
+- **401** Unauthorized — missing or invalid credentials
+- **403** Forbidden — authenticated but insufficient permissions
+- **404** Not Found — resource does not exist
+- **500** Internal Server Error — unexpected server failure
+- **503** Service Unavailable — set `Retry-After` header when possible
+
+Do not declare other 4xx/5xx codes unless there is a strong justification. Use **422** only for business logic errors.
+
+For 401/403 responses, return no body content.
+
+## Versioning
+
+- MUST use Semantic Versioning (`MAJOR.MINOR.PATCH`) in `/info/version`.
+- MUST include major version in URL path: `/<service-id>/<api-path>/v1/...`
+- Do not put version segments in individual paths — only in the server/basePath.
+
+## Compatibility
+
+- Add only optional fields — never mandatory ones.
+- Never change field semantics.
+- Use `x-extensible-enum` instead of closed `enum` for output values that may grow.
+- Clients MUST tolerate unknown fields and new enum values.
+- Use the `deprecated` property, `Sunset` HTTP header, and client notification for deprecation.
+
+## Data Format
+
+- MUST use JSON (`application/json`) for structured data.
+- MUST return JSON objects (not arrays) as top-level response structures.
+- MUST accept unknown properties in models (forward compatibility).
+- MUST use RFC 3339 for dates (`2024-01-15`) and date-times (`2024-01-15T14:07:17.123Z`), stored in UTC.
+- SHOULD use ISO 8601 for durations and intervals.
+- MUST use ISO standards for country (3166-1-alpha2), language (639-1/BCP-47), and currency (4217) codes.
+- MUST use International System of Units (metres, kelvin).
+
+## Performance
+
+- SHOULD omit null property values from responses.
+- SHOULD paginate lists > 50 items (offset/limit or token-based).
+- SHOULD support `fields` parameter for partial responses on large payloads.