npm - @aicgen/aicgen - Versions diffs - 1.0.0-beta.1 - Mend

@aicgen/aicgen 1.0.0-beta.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (287) hide show

package/.claude/agents/architecture-reviewer.md +88 -0
package/.claude/agents/guideline-checker.md +73 -0
package/.claude/agents/security-auditor.md +108 -0
package/.claude/guidelines/api-design.md +645 -0
package/.claude/guidelines/architecture.md +2503 -0
package/.claude/guidelines/best-practices.md +618 -0
package/.claude/guidelines/code-style.md +304 -0
package/.claude/guidelines/design-patterns.md +573 -0
package/.claude/guidelines/devops.md +226 -0
package/.claude/guidelines/error-handling.md +413 -0
package/.claude/guidelines/language.md +782 -0
package/.claude/guidelines/performance.md +706 -0
package/.claude/guidelines/security.md +583 -0
package/.claude/guidelines/testing.md +568 -0
package/.claude/settings.json +98 -0
package/.claude/settings.local.json +8 -0
package/.env.example +23 -0
package/.eslintrc.json +28 -0
package/.github/workflows/release.yml +180 -0
package/.github/workflows/test.yml +81 -0
package/.gitmodules +3 -0
package/.vs/ProjectSettings.json +3 -0
package/.vs/VSWorkspaceState.json +16 -0
package/.vs/aicgen.slnx/FileContentIndex/5f0ce2a3-fd68-4863-9e23-e428cf1794e3.vsidx +0 -0
package/.vs/aicgen.slnx/v18/.wsuo +0 -0
package/.vs/aicgen.slnx/v18/DocumentLayout.json +54 -0
package/.vs/slnx.sqlite +0 -0
package/AGENTS.md +121 -0
package/CLAUDE.md +36 -0
package/CONTRIBUTING.md +821 -0
package/LICENSE +21 -0
package/README.md +199 -0
package/assets/icon.svg +34 -0
package/assets/logo.svg +41 -0
package/bun.lock +848 -0
package/data/LICENSE +21 -0
package/data/README.md +203 -0
package/data/api/basics.md +292 -0
package/data/api/index.md +8 -0
package/data/api/pagination.md +142 -0
package/data/api/rest.md +137 -0
package/data/api/versioning.md +60 -0
package/data/architecture/clean-architecture/index.md +7 -0
package/data/architecture/clean-architecture/layers.md +111 -0
package/data/architecture/ddd/index.md +8 -0
package/data/architecture/ddd/strategic.md +89 -0
package/data/architecture/ddd/tactical.md +132 -0
package/data/architecture/event-driven/index.md +7 -0
package/data/architecture/event-driven/messaging.md +242 -0
package/data/architecture/event-driven/patterns.md +129 -0
package/data/architecture/feature-toggles/index.md +7 -0
package/data/architecture/feature-toggles/patterns.md +73 -0
package/data/architecture/gui/index.md +7 -0
package/data/architecture/gui/patterns.md +132 -0
package/data/architecture/hexagonal/ports-adapters.md +132 -0
package/data/architecture/index.md +12 -0
package/data/architecture/layered/index.md +7 -0
package/data/architecture/layered/layers.md +100 -0
package/data/architecture/microservices/api-gateway.md +56 -0
package/data/architecture/microservices/boundaries.md +80 -0
package/data/architecture/microservices/communication.md +97 -0
package/data/architecture/microservices/data.md +92 -0
package/data/architecture/microservices/index.md +11 -0
package/data/architecture/microservices/resilience.md +111 -0
package/data/architecture/modular-monolith/boundaries.md +133 -0
package/data/architecture/modular-monolith/structure.md +131 -0
package/data/architecture/serverless/best-practices.md +322 -0
package/data/architecture/serverless/index.md +7 -0
package/data/architecture/serverless/patterns.md +80 -0
package/data/architecture/solid/index.md +7 -0
package/data/architecture/solid/principles.md +187 -0
package/data/database/basics.md +365 -0
package/data/database/design-patterns.md +68 -0
package/data/database/index.md +8 -0
package/data/database/indexing.md +136 -0
package/data/database/nosql.md +223 -0
package/data/database/schema.md +137 -0
package/data/devops/ci-cd.md +66 -0
package/data/devops/index.md +8 -0
package/data/devops/observability.md +73 -0
package/data/devops/practices.md +77 -0
package/data/error-handling/basics.md +222 -0
package/data/error-handling/index.md +7 -0
package/data/error-handling/strategy.md +185 -0
package/data/guideline-mappings.yml +1077 -0
package/data/index.md +3 -0
package/data/language/csharp/basics.md +210 -0
package/data/language/csharp/testing.md +252 -0
package/data/language/go/basics.md +158 -0
package/data/language/go/testing.md +192 -0
package/data/language/index.md +14 -0
package/data/language/java/basics.md +184 -0
package/data/language/java/testing.md +273 -0
package/data/language/javascript/basics.md +217 -0
package/data/language/javascript/testing.md +269 -0
package/data/language/python/async.md +100 -0
package/data/language/python/basics.md +100 -0
package/data/language/python/index.md +10 -0
package/data/language/python/testing.md +125 -0
package/data/language/python/types.md +99 -0
package/data/language/ruby/basics.md +227 -0
package/data/language/ruby/testing.md +267 -0
package/data/language/rust/basics.md +175 -0
package/data/language/rust/testing.md +219 -0
package/data/language/typescript/async.md +103 -0
package/data/language/typescript/basics.md +87 -0
package/data/language/typescript/config.md +95 -0
package/data/language/typescript/error-handling.md +98 -0
package/data/language/typescript/generics.md +85 -0
package/data/language/typescript/index.md +14 -0
package/data/language/typescript/interfaces-types.md +83 -0
package/data/language/typescript/performance.md +103 -0
package/data/language/typescript/testing.md +98 -0
package/data/patterns/base-patterns.md +105 -0
package/data/patterns/concurrency.md +87 -0
package/data/patterns/data-access.md +83 -0
package/data/patterns/distribution.md +86 -0
package/data/patterns/domain-logic.md +81 -0
package/data/patterns/gof.md +109 -0
package/data/patterns/index.md +12 -0
package/data/performance/async.md +148 -0
package/data/performance/basics.md +324 -0
package/data/performance/caching-strategies.md +68 -0
package/data/performance/caching.md +152 -0
package/data/performance/index.md +8 -0
package/data/practices/code-review.md +52 -0
package/data/practices/documentation.md +260 -0
package/data/practices/index.md +11 -0
package/data/practices/planning.md +142 -0
package/data/practices/refactoring.md +91 -0
package/data/practices/version-control.md +55 -0
package/data/security/auth-jwt.md +159 -0
package/data/security/headers.md +143 -0
package/data/security/index.md +10 -0
package/data/security/injection.md +119 -0
package/data/security/secrets.md +148 -0
package/data/style/index.md +8 -0
package/data/style/naming.md +136 -0
package/data/style/organization.md +162 -0
package/data/templates/agents/architecture-reviewer.md +88 -0
package/data/templates/agents/guideline-checker.md +73 -0
package/data/templates/agents/security-auditor.md +108 -0
package/data/templates/antigravity/rules/architecture.md.hbs +5 -0
package/data/templates/antigravity/rules/code-style.md.hbs +5 -0
package/data/templates/antigravity/rules/language.md.hbs +5 -0
package/data/templates/antigravity/rules/performance.md.hbs +5 -0
package/data/templates/antigravity/rules/security.md.hbs +5 -0
package/data/templates/antigravity/rules/testing.md.hbs +5 -0
package/data/templates/antigravity/workflows/add-documentation.md.hbs +23 -0
package/data/templates/antigravity/workflows/generate-integration-tests.md.hbs +17 -0
package/data/templates/antigravity/workflows/generate-unit-tests.md.hbs +20 -0
package/data/templates/antigravity/workflows/performance-audit.md.hbs +24 -0
package/data/templates/antigravity/workflows/refactor-extract-module.md.hbs +17 -0
package/data/templates/antigravity/workflows/security-audit.md.hbs +20 -0
package/data/templates/hooks/formatting.json +26 -0
package/data/templates/hooks/security.json +35 -0
package/data/templates/hooks/testing.json +17 -0
package/data/testing/basics.md +151 -0
package/data/testing/index.md +9 -0
package/data/testing/integration.md +159 -0
package/data/testing/unit-fundamentals.md +128 -0
package/data/testing/unit-mocking.md +116 -0
package/data/version.json +49 -0
package/dist/commands/init.d.ts +8 -0
package/dist/commands/init.d.ts.map +1 -0
package/dist/commands/init.js +46 -0
package/dist/commands/init.js.map +1 -0
package/dist/config/profiles.d.ts +4 -0
package/dist/config/profiles.d.ts.map +1 -0
package/dist/config/profiles.js +30 -0
package/dist/config/profiles.js.map +1 -0
package/dist/config/settings.d.ts +7 -0
package/dist/config/settings.d.ts.map +1 -0
package/dist/config/settings.js +7 -0
package/dist/config/settings.js.map +1 -0
package/dist/index.d.ts +3 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +58489 -0
package/dist/index.js.map +1 -0
package/dist/models/guideline.d.ts +15 -0
package/dist/models/guideline.d.ts.map +1 -0
package/dist/models/guideline.js +2 -0
package/dist/models/guideline.js.map +1 -0
package/dist/models/preference.d.ts +9 -0
package/dist/models/preference.d.ts.map +1 -0
package/dist/models/preference.js +2 -0
package/dist/models/preference.js.map +1 -0
package/dist/models/profile.d.ts +9 -0
package/dist/models/profile.d.ts.map +1 -0
package/dist/models/profile.js +2 -0
package/dist/models/profile.js.map +1 -0
package/dist/models/project.d.ts +13 -0
package/dist/models/project.d.ts.map +1 -0
package/dist/models/project.js +2 -0
package/dist/models/project.js.map +1 -0
package/dist/services/ai/anthropic.d.ts +7 -0
package/dist/services/ai/anthropic.d.ts.map +1 -0
package/dist/services/ai/anthropic.js +39 -0
package/dist/services/ai/anthropic.js.map +1 -0
package/dist/services/generator.d.ts +2 -0
package/dist/services/generator.d.ts.map +1 -0
package/dist/services/generator.js +4 -0
package/dist/services/generator.js.map +1 -0
package/dist/services/learner.d.ts +2 -0
package/dist/services/learner.d.ts.map +1 -0
package/dist/services/learner.js +4 -0
package/dist/services/learner.js.map +1 -0
package/dist/services/scanner.d.ts +3 -0
package/dist/services/scanner.d.ts.map +1 -0
package/dist/services/scanner.js +54 -0
package/dist/services/scanner.js.map +1 -0
package/dist/utils/errors.d.ts +15 -0
package/dist/utils/errors.d.ts.map +1 -0
package/dist/utils/errors.js +27 -0
package/dist/utils/errors.js.map +1 -0
package/dist/utils/file.d.ts +7 -0
package/dist/utils/file.d.ts.map +1 -0
package/dist/utils/file.js +32 -0
package/dist/utils/file.js.map +1 -0
package/dist/utils/logger.d.ts +6 -0
package/dist/utils/logger.d.ts.map +1 -0
package/dist/utils/logger.js +17 -0
package/dist/utils/logger.js.map +1 -0
package/dist/utils/path.d.ts +6 -0
package/dist/utils/path.d.ts.map +1 -0
package/dist/utils/path.js +14 -0
package/dist/utils/path.js.map +1 -0
package/docs/planning/memory-lane.md +83 -0
package/package.json +64 -0
package/packaging/linux/aicgen.spec +23 -0
package/packaging/linux/control +9 -0
package/packaging/macos/scripts/postinstall +12 -0
package/packaging/windows/setup.nsi +92 -0
package/planning/BRANDING-SUMMARY.md +194 -0
package/planning/BRANDING.md +174 -0
package/planning/BUILD.md +186 -0
package/planning/CHUNK-IMPLEMENTATION-PLAN.md +87 -0
package/planning/CHUNK-TAXONOMY.md +375 -0
package/planning/CHUNKS-COMPLETE.md +382 -0
package/planning/DESIGN.md +313 -0
package/planning/DYNAMIC-GUIDELINES-DESIGN.md +265 -0
package/planning/ENTERPRISE-UX-COMPLETE.md +281 -0
package/planning/IMPLEMENTATION-PLAN.md +20 -0
package/planning/PHASE1-COMPLETE.md +211 -0
package/planning/PHASE2-COMPLETE.md +350 -0
package/planning/PHASE3-COMPLETE.md +399 -0
package/planning/PHASE4-COMPLETE.md +361 -0
package/planning/PHASE4.5-CHUNKS.md +462 -0
package/planning/STRUCTURE.md +170 -0
package/scripts/add-categories.ts +87 -0
package/scripts/build-binary.ts +46 -0
package/scripts/embed-data.ts +105 -0
package/scripts/generate-version.ts +150 -0
package/scripts/test-decompress.ts +27 -0
package/scripts/test-extract.ts +31 -0
package/src/__tests__/services/assistant-file-writer.test.ts +400 -0
package/src/__tests__/services/guideline-loader.test.ts +281 -0
package/src/__tests__/services/tarball-extraction.test.ts +125 -0
package/src/commands/add-guideline.ts +296 -0
package/src/commands/clear.ts +61 -0
package/src/commands/guideline-selector.ts +123 -0
package/src/commands/init.ts +645 -0
package/src/commands/quick-add.ts +586 -0
package/src/commands/remove-guideline.ts +152 -0
package/src/commands/stats.ts +49 -0
package/src/commands/update.ts +240 -0
package/src/config.ts +82 -0
package/src/embedded-data.ts +1492 -0
package/src/index.ts +67 -0
package/src/models/profile.ts +24 -0
package/src/models/project.ts +43 -0
package/src/services/assistant-file-writer.ts +612 -0
package/src/services/config-generator.ts +150 -0
package/src/services/config-manager.ts +70 -0
package/src/services/data-source.ts +248 -0
package/src/services/first-run-init.ts +148 -0
package/src/services/guideline-loader.ts +311 -0
package/src/services/hook-generator.ts +178 -0
package/src/services/subagent-generator.ts +310 -0
package/src/utils/banner.ts +66 -0
package/src/utils/errors.ts +27 -0
package/src/utils/file.ts +67 -0
package/src/utils/formatting.ts +172 -0
package/src/utils/logger.ts +89 -0
package/src/utils/path.ts +17 -0
package/src/utils/wizard-state.ts +132 -0
package/tsconfig.json +25 -0

package/data/security/headers.md ADDED Viewed

@@ -0,0 +1,143 @@
+# Security Headers
+## Essential Headers with Helmet
+```typescript
+import helmet from 'helmet';
+// ✅ Apply security headers with sensible defaults
+app.use(helmet());
+// ✅ Custom configuration
+app.use(helmet({
+  contentSecurityPolicy: {
+    directives: {
+      defaultSrc: ["'self'"],
+      scriptSrc: ["'self'", "'unsafe-inline'"],
+      styleSrc: ["'self'", "'unsafe-inline'"],
+      imgSrc: ["'self'", "data:", "https:"],
+    }
+  },
+  hsts: {
+    maxAge: 31536000,
+    includeSubDomains: true,
+    preload: true
+  }
+}));
+```
+## Manual Header Configuration
+```typescript
+app.use((req, res, next) => {
+  // Prevent MIME sniffing
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  // Prevent clickjacking
+  res.setHeader('X-Frame-Options', 'DENY');
+  // XSS protection
+  res.setHeader('X-XSS-Protection', '1; mode=block');
+  // Force HTTPS
+  res.setHeader('Strict-Transport-Security', 'max-age=31536000; includeSubDomains');
+  // Referrer policy
+  res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+  // Permissions policy
+  res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
+  next();
+});
+```
+## Content Security Policy (CSP)
+```typescript
+// ✅ Strict CSP for maximum protection
+res.setHeader('Content-Security-Policy', [
+  "default-src 'self'",
+  "script-src 'self'",
+  "style-src 'self' 'unsafe-inline'",
+  "img-src 'self' data: https:",
+  "font-src 'self'",
+  "connect-src 'self' https://api.example.com",
+  "frame-ancestors 'none'",
+  "form-action 'self'"
+].join('; '));
+// For APIs that don't serve HTML
+res.setHeader('Content-Security-Policy', "default-src 'none'");
+```
+## CORS Configuration
+```typescript
+import cors from 'cors';
+// ✅ Configure CORS properly
+app.use(cors({
+  origin: ['https://example.com', 'https://app.example.com'],
+  methods: ['GET', 'POST', 'PUT', 'DELETE'],
+  allowedHeaders: ['Content-Type', 'Authorization'],
+  credentials: true,
+  maxAge: 86400 // Cache preflight for 24 hours
+}));
+// ❌ Never use in production
+app.use(cors({ origin: '*' })); // Allows any origin
+```
+## HTTPS Enforcement
+```typescript
+// ✅ Redirect HTTP to HTTPS
+app.use((req, res, next) => {
+  if (!req.secure && req.get('x-forwarded-proto') !== 'https') {
+    return res.redirect(301, `https://${req.hostname}${req.url}`);
+  }
+  next();
+});
+// ✅ HSTS header (included in helmet)
+res.setHeader(
+  'Strict-Transport-Security',
+  'max-age=31536000; includeSubDomains; preload'
+);
+```
+## Cookie Security
+```typescript
+// ✅ Secure cookie settings
+app.use(session({
+  cookie: {
+    secure: true,        // Only send over HTTPS
+    httpOnly: true,      // Not accessible via JavaScript
+    sameSite: 'strict',  // CSRF protection
+    maxAge: 30 * 60 * 1000
+  }
+}));
+// ✅ Set secure cookies manually
+res.cookie('token', value, {
+  httpOnly: true,
+  secure: process.env.NODE_ENV === 'production',
+  sameSite: 'strict',
+  maxAge: 3600000
+});
+```
+## Header Checklist
+```
+✅ X-Content-Type-Options: nosniff
+✅ X-Frame-Options: DENY
+✅ X-XSS-Protection: 1; mode=block
+✅ Strict-Transport-Security: max-age=31536000
+✅ Content-Security-Policy: (appropriate policy)
+✅ Referrer-Policy: strict-origin-when-cross-origin
+✅ Permissions-Policy: restrict unused features
+✅ Secure, HttpOnly, SameSite cookies
+```

package/data/security/index.md ADDED Viewed

@@ -0,0 +1,10 @@
+# Security Guidelines
+This directory contains security best practices.
+## Available Chunks
+- **injection.md** - SQL injection, NoSQL injection, command injection prevention
+- **auth-jwt.md** - Password storage, JWT, session management, authorization
+- **secrets.md** - Environment variables, secret generation, CI/CD secrets
+- **headers.md** - Security headers, CORS, HTTPS, CSP

package/data/security/injection.md ADDED Viewed

@@ -0,0 +1,119 @@
+# Injection Prevention
+## SQL Injection Prevention
+```typescript
+// ❌ DANGEROUS: String concatenation
+const getUserByEmail = async (email: string) => {
+  const query = `SELECT * FROM users WHERE email = '${email}'`;
+  // Input: ' OR '1'='1
+  // Result: SELECT * FROM users WHERE email = '' OR '1'='1'
+  return db.query(query);
+};
+// ✅ SAFE: Parameterized queries
+const getUserByEmail = async (email: string) => {
+  return db.query('SELECT * FROM users WHERE email = ?', [email]);
+};
+// ✅ SAFE: Using ORM
+const getUserByEmail = async (email: string) => {
+  return userRepository.findOne({ where: { email } });
+};
+// ✅ SAFE: Query builder
+const getUsers = async (minAge: number) => {
+  return db
+    .select('*')
+    .from('users')
+    .where('age', '>', minAge); // Automatically parameterized
+};
+```
+## NoSQL Injection Prevention
+```typescript
+// ❌ DANGEROUS: Accepting objects from user input
+app.post('/login', (req, res) => {
+  const { username, password } = req.body;
+  // If password = {$gt: ""}, it bypasses password check!
+  db.users.findOne({ username, password });
+});
+// ✅ SAFE: Validate input types
+app.post('/login', (req, res) => {
+  const { username, password } = req.body;
+  if (typeof username !== 'string' || typeof password !== 'string') {
+    throw new Error('Invalid input types');
+  }
+  db.users.findOne({ username, password });
+});
+```
+## Command Injection Prevention
+```typescript
+// ❌ DANGEROUS: Shell command with user input
+const convertImage = async (filename: string) => {
+  exec(`convert ${filename} output.jpg`);
+  // Input: "file.png; rm -rf /"
+};
+// ✅ SAFE: Use arrays, avoid shell
+import { execFile } from 'child_process';
+const convertImage = async (filename: string) => {
+  execFile('convert', [filename, 'output.jpg']);
+};
+// ✅ SAFE: Validate input against whitelist
+const allowedFilename = /^[a-zA-Z0-9_-]+\.(png|jpg|gif)$/;
+if (!allowedFilename.test(filename)) {
+  throw new Error('Invalid filename');
+}
+```
+## Path Traversal Prevention
+```typescript
+// ❌ DANGEROUS: Direct path usage
+app.get('/files/:filename', (req, res) => {
+  res.sendFile(`/uploads/${req.params.filename}`);
+  // Input: ../../etc/passwd
+});
+// ✅ SAFE: Validate and normalize path
+import path from 'path';
+app.get('/files/:filename', (req, res) => {
+  const safeName = path.basename(req.params.filename);
+  const filePath = path.join('/uploads', safeName);
+  const normalizedPath = path.normalize(filePath);
+  if (!normalizedPath.startsWith('/uploads/')) {
+    return res.status(400).json({ error: 'Invalid filename' });
+  }
+  res.sendFile(normalizedPath);
+});
+```
+## Input Validation
+```typescript
+// ✅ Whitelist validation
+import { z } from 'zod';
+const userSchema = z.object({
+  email: z.string().email(),
+  password: z.string().min(12).max(160),
+  age: z.number().int().min(0).max(150),
+  role: z.enum(['user', 'admin'])
+});
+const validateUser = (data: unknown) => {
+  return userSchema.parse(data);
+};
+```

package/data/security/secrets.md ADDED Viewed

@@ -0,0 +1,148 @@
+# Secrets Management
+## Environment Variables
+```typescript
+// ❌ NEVER hardcode secrets
+const config = {
+  dbPassword: 'super_secret_password',
+  apiKey: 'sk-1234567890abcdef'
+};
+// ✅ Use environment variables
+import dotenv from 'dotenv';
+dotenv.config();
+const config = {
+  dbPassword: process.env.DB_PASSWORD,
+  apiKey: process.env.API_KEY,
+  sessionSecret: process.env.SESSION_SECRET
+};
+```
+## Validate Required Secrets
+```typescript
+// ✅ Fail fast if secrets missing
+const requiredEnvVars = [
+  'DB_PASSWORD',
+  'API_KEY',
+  'SESSION_SECRET',
+  'JWT_SECRET'
+];
+requiredEnvVars.forEach(varName => {
+  if (!process.env[varName]) {
+    throw new Error(`Missing required environment variable: ${varName}`);
+  }
+});
+// ✅ Type-safe config
+interface Config {
+  dbPassword: string;
+  apiKey: string;
+  sessionSecret: string;
+}
+function loadConfig(): Config {
+  const dbPassword = process.env.DB_PASSWORD;
+  if (!dbPassword) throw new Error('DB_PASSWORD required');
+  // ... validate all required vars
+  return { dbPassword, apiKey, sessionSecret };
+}
+```
+## Generate Strong Secrets
+```bash
+# Generate cryptographically secure secrets
+node -e "console.log(require('crypto').randomBytes(32).toString('base64'))"
+# Or using OpenSSL
+openssl rand -base64 32
+# Or using head
+head -c32 /dev/urandom | base64
+```
+## .gitignore Configuration
+```bash
+# .gitignore - NEVER commit secrets
+.env
+.env.local
+.env.*.local
+*.key
+*.pem
+secrets/
+credentials.json
+```
+## Environment Example File
+```bash
+# .env.example - commit this to show required variables
+DB_HOST=localhost
+DB_PORT=5432
+DB_NAME=myapp
+DB_USER=
+DB_PASSWORD=
+API_KEY=
+SESSION_SECRET=
+JWT_SECRET=
+# Copy to .env and fill in actual values
+```
+## Secrets in CI/CD
+```yaml
+# GitHub Actions
+- name: Deploy
+  env:
+    DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
+    API_KEY: ${{ secrets.API_KEY }}
+  run: ./deploy.sh
+# ❌ Never echo secrets in logs
+- name: Configure
+  run: |
+    echo "Configuring application..."
+    # echo "DB_PASSWORD=$DB_PASSWORD"  # NEVER do this!
+```
+## Secrets Rotation
+```typescript
+// ✅ Support for rotating secrets
+class SecretManager {
+  async getSecret(name: string): Promise<string> {
+    // Check for new secret first (during rotation)
+    const newSecret = process.env[`${name}_NEW`];
+    if (newSecret) {
+      return newSecret;
+    }
+    const secret = process.env[name];
+    if (!secret) {
+      throw new Error(`Secret ${name} not found`);
+    }
+    return secret;
+  }
+}
+// ✅ Accept multiple JWT signing keys during rotation
+function verifyToken(token: string) {
+  const keys = [process.env.JWT_SECRET, process.env.JWT_SECRET_OLD].filter(Boolean);
+  for (const key of keys) {
+    try {
+      return jwt.verify(token, key);
+    } catch {}
+  }
+  throw new Error('Invalid token');
+}
+```

package/data/style/index.md ADDED Viewed

@@ -0,0 +1,8 @@
+# Code Style Guidelines
+This directory contains coding style and organization patterns.
+## Available Chunks
+- **naming.md** - Variables, constants, classes, files, avoiding magic numbers
+- **organization.md** - Function length, nesting depth, file structure, SRP

package/data/style/naming.md ADDED Viewed

@@ -0,0 +1,136 @@
+# Naming Conventions
+## Variables and Functions
+```typescript
+// camelCase for variables and functions
+const userName = 'John';
+const isActive = true;
+const itemCount = 42;
+function calculateTotal(items: Item[]): number {
+  return items.reduce((sum, item) => sum + item.price, 0);
+}
+// Boolean variables: use is/has/can/should prefix
+const isValid = validate(input);
+const hasPermission = checkPermission(user);
+const canEdit = user.role === 'admin';
+const shouldRetry = error.code === 'TIMEOUT';
+// Collections: use plural names
+const users = getUsers();
+const activeOrders = orders.filter(o => o.status === 'active');
+```
+## Constants
+```typescript
+// UPPER_SNAKE_CASE for constants
+const MAX_RETRY_ATTEMPTS = 3;
+const DEFAULT_TIMEOUT_MS = 5000;
+const API_BASE_URL = 'https://api.example.com';
+// Enum-like objects
+const ORDER_STATUS = {
+  PENDING: 'pending',
+  PROCESSING: 'processing',
+  SHIPPED: 'shipped',
+  DELIVERED: 'delivered',
+  CANCELLED: 'cancelled'
+} as const;
+const HTTP_STATUS = {
+  OK: 200,
+  CREATED: 201,
+  BAD_REQUEST: 400,
+  NOT_FOUND: 404
+} as const;
+```
+## Classes and Types
+```typescript
+// PascalCase for classes and types
+class UserService {
+  constructor(private userRepository: UserRepository) {}
+}
+interface User {
+  id: string;
+  name: string;
+  email: string;
+}
+type UserRole = 'admin' | 'editor' | 'viewer';
+// Avoid prefixes
+// ❌ IUser, CUser, TUser
+// ✅ User
+```
+## Files and Modules
+```typescript
+// kebab-case for files
+user-service.ts
+order-repository.ts
+create-user.dto.ts
+// Match file name to primary export
+// user-service.ts exports UserService
+// order-repository.ts exports OrderRepository
+```
+## Avoid Bad Names
+```typescript
+// ❌ Bad - unclear
+const d = Date.now();
+const tmp = user.name;
+const data = fetchData();
+const flag = true;
+// ✅ Good - descriptive
+const currentDate = Date.now();
+const originalUserName = user.name;
+const customerOrders = fetchCustomerOrders();
+const isEmailVerified = true;
+```
+## Avoid Magic Numbers
+```typescript
+// ❌ Magic numbers
+if (user.age >= 18) { ... }
+if (items.length > 100) { ... }
+setTimeout(callback, 5000);
+// ✅ Named constants
+const LEGAL_AGE = 18;
+const MAX_BATCH_SIZE = 100;
+const DEFAULT_TIMEOUT_MS = 5000;
+if (user.age >= LEGAL_AGE) { ... }
+if (items.length > MAX_BATCH_SIZE) { ... }
+setTimeout(callback, DEFAULT_TIMEOUT_MS);
+```
+## Consistency
+```typescript
+// Pick ONE style and stick with it across the project
+// ✅ Consistent camelCase in APIs
+{
+  "userId": 123,
+  "firstName": "John",
+  "createdAt": "2024-01-01"
+}
+// ❌ Mixed styles
+{
+  "user_id": 123,      // snake_case
+  "firstName": "John", // camelCase - inconsistent!
+}
+```