@bleedingdev/modern-js-sandpack-react 3.2.0-ultramodern.118 → 3.2.0-ultramodern.119
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -33,24 +33,24 @@ __webpack_require__.d(__webpack_exports__, {
|
|
|
33
33
|
const external_common_js_namespaceObject = require("./common.js");
|
|
34
34
|
const MWAFiles = {
|
|
35
35
|
...external_common_js_namespaceObject.commonFiles,
|
|
36
|
-
".mise.toml": "[tools]\npnpm = \"11.5.2\"\n",
|
|
37
36
|
".gitignore": "node_modules/\ndist/\nbuild/\n.modernjs/cache/\n.modernjs/agent-reference-repos-tmp/\n",
|
|
38
|
-
"
|
|
39
|
-
"
|
|
37
|
+
".mise.toml": "[tools]\npnpm = \"11.5.2\"\n",
|
|
38
|
+
"AGENTS.md": "# UltraModern Agent Contract\n\nThis workspace is generated as an agent-ready UltraModern.js SuperApp shell.\nAgents should treat the files under `.agents/skills` as local project\ninstructions, not optional reading.\n\n## Quality Gates\n\n- `pnpm lint` runs Oxlint with the Ultracite preset.\n- `pnpm format` runs oxfmt.\n- `pnpm typecheck` runs effect-tsgo as the TypeScript checker.\n- `pnpm i18n:boundaries` verifies workspace source boundaries through `@modern-js/code-tools`.\n- `pnpm contract:check` verifies the generated workspace contract.\n- `pnpm mf:types` verifies Module Federation type outputs after builds.\n- `pnpm check` is a local convenience aggregate for the primitive gates.\n- Generated CI runs primitive gates as separate matrix jobs instead of calling `pnpm check`.\n- Generated Codex stop hooks and subagent-stop hooks run `pnpm format && pnpm lint:fix && pnpm check`.\n- `postinstall` formats the generated tree, initializes Git when needed, prepares agent skills and reference repos, then installs `lefthook`. Generated `lefthook.yml` runs separate format and lint-fix commands on pre-commit; pre-push runs read-only primitive gates in parallel.\n\n## Localized Routes\n\nGenerated apps keep locale-prefixed entry routes under `src/routes/[lang]`,\nstatic language links, and canonical plus `hreflang` metadata. A new workspace\nstarts shell-only; `create <domain> --vertical` adds route-owned metadata,\nlocalized resources, and Effect BFF surfaces for that domain. Runtime i18n is\nnot enabled in the starter because the current React 19 + Module Federation\nstreaming SSR stack must render predictably first. Production builds fail unless\n`MODERN_PUBLIC_SITE_URL` is set per deployed app, so canonical URLs always use\nthe production origin.\n\n## Required Skill Baseline\n\nUse these skills when the task touches the matching subsystem:\n\n- `rsbuild-best-practices`: Modern.js app build configuration, Rsbuild options, assets, type checking, and build debugging.\n- `rspack-best-practices`: Rspack-level bundling, CSS, assets, profiling, and production build behavior.\n- `rspack-tracing`: Rspack build failures, slow builds, crash localization, and trace analysis.\n- `rsdoctor-analysis`: Evidence-based bundle analysis from `rsdoctor-data.json`, including duplicate packages, large chunks, and retained modules.\n- `rslib-best-practices`: Shared packages, generated libraries, declaration output, and Rslib configuration.\n- `rslib-modern-package`: Package contracts for shared libraries, exports, side effects, dependency placement, README, and release readiness.\n- `rstest-best-practices`: Rstest configuration, test writing, mocking, snapshots, coverage, and CI test behavior.\n- `mf`: Module Federation docs, Modern.js integration, DTS/type checks, shared dependency checks, runtime errors, and observability troubleshooting.\n\nThe public `module-federation/agent-skills` repository is installed during `pnpm install` and `pnpm skills:install`. Postinstall mode skips unavailable clone sources instead of blocking dependency installation; `pnpm skills:install` remains strict for required public skills. Use `ULTRAMODERN_SKIP_AGENT_SKILLS=1` when an install must avoid external skill repositories completely. `pnpm skills:check` fails when the required public `mf` skill is missing unless that skip flag is set.\n\n## Private Skills\n\nScriptedAlchemy/TechsioCZ skills are private and are cloned only when the current developer is authorized for `TechsioCZ/skills`.\n\n```bash\npnpm skills:install\n```\n\nThe installer copies only the pinned private skills from `.agents/skills-lock.json`: `plan-graph`, `dag`, `subagent-graph`, `helm`, and `debugger-mode`.\n\n## Agent Reference Repositories\n\nThe workspace installs read-only source references under `repos/` by default during `pnpm install` using `git subtree add --squash`. These repositories are reference material for coding agents, not application source:\n\n- `repos/effect` from `Effect-TS/effect`.\n- `repos/ultramodern.js` from `BleedingDev/ultramodern.js`.\n\nAgents may read files under `repos/` to understand upstream patterns, APIs, and project conventions. Do not edit files under `repos/`, import from them, or make production code depend on them. To skip this setup, run installs with `ULTRAMODERN_SKIP_AGENT_REPOS=1`.\n\n## Project Priorities\n\n- Keep `presetUltramodern` as the single preset.\n- Keep the initial workspace shell-only unless a user explicitly asks for a\n starter vertical.\n- Use `create <domain> --vertical` as the growth path for real business\n MicroVerticals.\n- Prefer Effect for BFF code.\n- Prefer TanStack Router for app routing.\n- Keep UI-kit or design-system code as ordinary vertical or shared package code, not a special core path.\n- Keep generated packages explicit and publishable: stable `exports`, correct declarations, small public APIs, and clear ownership metadata.\n- Do not add migration tooling or codemods unless the project owner explicitly asks for migration work.\n\n## Skill Provenance\n\nThe vendored Rstack skills, public Module Federation skill, and private TechsioCZ skill set are pinned in `.agents/skills-lock.json`. Do not update, remove, or replace them casually. If a skill needs updating, update the lock file and run the affected primitive gate plus `pnpm check`.\n",
|
|
39
|
+
"README.md": "# modern-app\n\nGenerated UltraModern SuperApp workspace.\n\nThis workspace keeps `presetUltramodern(...)` as the single public\nUltraModern.js 3.0 SuperApp surface and starts with an explicit shell:\n\n- `apps/shell-super-app` owns shell route assembly, Module Federation host\n wiring, shared SSR/i18n runtime setup, and the boundary debugger.\n- `packages/shared-*` provide placeholders for cross-workspace contracts,\n design tokens, and Effect API sharing.\n- `verticals/*` is intentionally empty until a real business domain is added.\n\nAdd a full-stack MicroVertical when the product needs one:\n\n```bash\npnpm dlx @bleedingdev/modern-js-create transportation --vertical\npnpm dlx @bleedingdev/modern-js-create payments --vertical\n```\n\nEach added vertical owns its UI/routes, browser-safe Module Federation exposes,\nprivate-first route metadata, localized URLs, public-route opt-ins, CSS prefix,\nEffect BFF handlers, local API contract, and typed client surface. Server\nhandlers and Effect client/contract modules stay out of browser exposes.\n\n## Private-First Public Surfaces\n\nGenerated app routes are private and non-indexable by default. Private app,\nauth, tenant, dashboard, and internal routes publish no discovery output unless\nroute metadata explicitly marks them `public && indexable`. The default scaffold\ntherefore emits only a disallowing `robots.txt`; sitemap, web manifest,\n`llms.txt`, API catalog, security.txt, and JSON-LD output stay omitted until a\nsafe public route or public docs/help/product surface exists.\n\nRun the scaffold validator before adding business code and after every\n`--vertical` mutation:\n\n```bash\nmise install\npnpm install\npnpm check\npnpm build\n```\n\nGenerated CI does not call the local aggregate. It runs format, lint,\ntypecheck, skills, i18n boundary validation, contract validation, and build as\nseparate matrix jobs so failures are isolated and parallelizable.\n\nBy default, `pnpm install` also prepares read-only agent reference repositories\nunder `repos/` for Effect and UltraModern.js source lookup using squashed git\nsubtrees. Disable this setup with\n`ULTRAMODERN_SKIP_AGENT_REPOS=1 pnpm install`, or rerun it\nexplicitly with `pnpm agents:refs:install`.\n\nAgent skills are prepared during `pnpm install` as a developer convenience.\nExternal skill repository failures do not block postinstall; strict installation\nis available with `pnpm skills:install`. Use\n`ULTRAMODERN_SKIP_AGENT_SKILLS=1` for a dependency install that avoids external\nskill repositories completely.\n\nThe topology and ownership metadata are generated under `topology/`. The\nworkspace also ships `.github/workflows/ultramodern-workspace-gates.yml` and\n`.github/renovate.json` with read-only workflow permissions, commit-pinned\nactions, frozen installs, StepSecurity audit-mode runner hardening, dependency\ndashboard review, one-day release age, grouped updates, and manual approval for\nmajor upgrades.\n\nPackage source metadata is generated at\n`.modernjs/ultramodern-package-source.json`. The default strategy keeps\nUltraModern.js runtime and tooling packages on `workspace:*` for monorepo\ndevelopment. To create a workspace that can install those packages outside the\nmonorepo, generate with `--ultramodern-package-source install`; generated shared\npackages still use `workspace:*` because they are part of this workspace.\n\n## Cloudflare Proof\n\nDeploy the generated apps, then pass each deployed app's generated public URL\nenv key into the proof step. A shell-only workspace only needs the shell URL;\nadded verticals use the same `ULTRAMODERN_PUBLIC_URL_<APP_ID>` pattern with\nhyphens converted to underscores and uppercased.\n\n```bash\npnpm cloudflare:deploy\nULTRAMODERN_PUBLIC_URL_SHELL_SUPER_APP=https://shell-super-app.example.workers.dev \\\npnpm cloudflare:proof -- --require-public-urls\n```\n\n## Troubleshooting\n\n| Symptom | Current check | Owner |\n| --- | --- | --- |\n| Package cohort mismatch | Regenerate with one package source strategy, run `mise install`, then rerun `pnpm install` from the activated shell. | Generated workspace package source metadata |\n| Install failure | Check the active Node/pnpm from `mise install`; rerun `pnpm install` after the shell sees the pinned versions. | Toolchain setup |\n| Build failure | Run the matching primitive gate (`pnpm lint`, `pnpm typecheck`, `pnpm i18n:boundaries`, `pnpm contract:check`) before `pnpm build`; fix the owning failure first. | Owning package or generated contract |\n| Missing public URL | Set the env key from `.modernjs/ultramodern-generated-contract.json`, for example `ULTRAMODERN_PUBLIC_URL_SHELL_SUPER_APP`. | Deployment operator |\n| Cloudflare credentials | Confirm Wrangler credentials before `pnpm cloudflare:deploy`; local checks do not prove live Worker access. | Deployment operator |\n| Asset or CSS 404 | Rebuild with `pnpm build` or `pnpm cloudflare:deploy` and inspect emitted Modern/Rspack asset paths instead of hardcoding CSS URLs. | Framework/runtime asset pipeline |\n| Federation manifest failure | Run the shell and vertical build scripts, then check each deployed `/mf-manifest.json` URL used by the shell. | Module Federation owner |\n",
|
|
40
40
|
"lefthook.yml": "pre-commit:\n commands:\n format:\n run: pnpm format\n stage_fixed: true\n lint-fix:\n run: pnpm lint:fix\n stage_fixed: true\n\npre-push:\n parallel: true\n commands:\n format:\n run: pnpm format:check\n lint:\n run: pnpm lint\n typecheck:\n run: pnpm typecheck\n skills:\n run: pnpm skills:check\n i18n-boundaries:\n run: pnpm i18n:boundaries\n contract:\n run: pnpm contract:check\n",
|
|
41
41
|
"oxfmt.config.ts": "import { defineConfig } from 'oxfmt';\nimport ultracite from 'ultracite/oxfmt';\n\nexport default defineConfig({\n extends: [ultracite],\n ignorePatterns: [\n '.agents',\n '**/*.json',\n 'dist',\n 'node_modules',\n 'repos/**',\n '.modern',\n '.modernjs',\n '**/routeTree.gen.ts',\n ],\n singleQuote: true,\n});\n",
|
|
42
42
|
"oxlint.config.ts": "import { defineConfig } from 'oxlint';\nimport core from 'ultracite/oxlint/core';\nimport react from 'ultracite/oxlint/react';\n\nexport default defineConfig({\n env: {\n browser: true,\n node: true,\n },\n extends: [core, react],\n ignorePatterns: [\n '.agents',\n 'dist',\n 'node_modules',\n 'repos/**',\n '.modern',\n '.modernjs',\n '**/routeTree.gen.ts',\n ],\n});\n",
|
|
43
43
|
"pnpm-workspace.yaml": "packages:\n - apps/*\n - verticals/*\n - packages/*\n\nminimumReleaseAge: 1440\nminimumReleaseAgeStrict: true\nminimumReleaseAgeIgnoreMissingTime: false\nminimumReleaseAgeExclude:\n - '@bleedingdev/modern-js-*'\n - '@tanstack/react-router'\n - '@tanstack/router-core'\n - '@typescript/native-preview'\n - '@typescript/native-preview-*'\n - '@types/react'\ntrustPolicy: no-downgrade\ntrustPolicyIgnoreAfter: 1440\nblockExoticSubdeps: true\nengineStrict: true\npmOnFail: error\nverifyDepsBeforeRun: error\nstrictDepBuilds: true\n\npeerDependencyRules:\n allowedVersions:\n react: '>=19.0.0'\n typescript: '>=6.0.0'\n\noverrides:\n '@tanstack/react-router': 1.170.15\n node-fetch: '^3.3.2'\n\nallowBuilds:\n '@swc/core': true\n core-js: true\n esbuild: true\n lefthook: true\n msgpackr-extract: true\n sharp: true\n workerd: true\n",
|
|
44
44
|
".codex/hooks.json": "{\n \"Stop\": [\n {\n \"command\": \"pnpm format && pnpm lint:fix && pnpm check\",\n \"timeout\": 600000,\n \"statusMessage\": \"Running UltraModern quality gates\"\n }\n ],\n \"SubagentStop\": [\n {\n \"command\": \"pnpm format && pnpm lint:fix && pnpm check\",\n \"timeout\": 600000,\n \"statusMessage\": \"Running UltraModern quality gates\"\n }\n ]\n}\n",
|
|
45
|
-
"scripts/bootstrap-agent-skills.mjs": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst lockPath = path.join(root, '.agents/skills-lock.json');\nconst checkOnly = process.argv.includes('--check');\nconst force = process.argv.includes('--force');\n\nconst readJson = filePath => JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n\nconst run = (command, args, options = {}) =>\n execFileSync(command, args, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n });\n\nconst commandExists = command => {\n try {\n run(command, ['--version'], { stdio: 'ignore' });\n return true;\n } catch {\n return false;\n }\n};\n\nconst runShell = script =>\n run('sh', ['-lc', script], {\n stdio: 'inherit',\n });\n\nconst installGit = () => {\n if (commandExists('git')) {\n return;\n }\n\n if (commandExists('brew')) {\n run('brew', ['install', 'git'], { stdio: 'inherit' });\n } else if (process.platform === 'linux' && commandExists('apt-get')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}apt-get update && ${sudo}apt-get install -y git`);\n } else if (process.platform === 'linux' && commandExists('dnf')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}dnf install -y git`);\n } else if (process.platform === 'linux' && commandExists('yum')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}yum install -y git`);\n } else if (process.platform === 'linux' && commandExists('apk')) {\n runShell('apk add --no-cache git');\n }\n\n if (!commandExists('git')) {\n throw new Error(\n 'Git is required for UltraModern setup. Install git and run pnpm skills:install again.',\n );\n }\n};\n\nconst isInsideGitWorkTree = () => {\n try {\n return run('git', ['rev-parse', '--is-inside-work-tree']).trim() === 'true';\n } catch {\n return false;\n }\n};\n\nconst initializeGitRepository = () => {\n if (isInsideGitWorkTree()) {\n return;\n }\n\n try {\n run('git', ['init', '-b', 'main'], { stdio: 'inherit' });\n } catch {\n run('git', ['init'], { stdio: 'inherit' });\n run('git', ['branch', '-M', 'main'], { stdio: 'inherit' });\n }\n};\n\nconst installLefthook = () => {\n try {\n run('lefthook', ['install'], { stdio: 'inherit' });\n } catch (error) {\n console.warn(`Unable to install lefthook hooks: ${error.message}`);\n }\n};\n\nconst removeTree = dir =>\n fs.rmSync(dir, {\n force: true,\n maxRetries: 5,\n recursive: true,\n retryDelay: 100,\n });\n\nconst cloneSource = (source, targetDir) => {\n if (source.commit) {\n run('git', ['init', targetDir]);\n run('git', ['remote', 'add', 'origin', source.repository], {\n cwd: targetDir,\n });\n run('git', ['fetch', '--depth', '1', '--quiet', 'origin', source.commit], {\n cwd: targetDir,\n });\n run(\n 'git',\n [\n '-c',\n 'advice.detachedHead=false',\n 'checkout',\n '--detach',\n '--quiet',\n 'FETCH_HEAD',\n ],\n { cwd: targetDir },\n );\n return;\n }\n\n const repo = source.repository.replace(/^https:\\/\\/github.com\\//u, '');\n try {\n run(
|
|
45
|
+
"scripts/bootstrap-agent-skills.mjs": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst lockPath = path.join(root, '.agents/skills-lock.json');\nconst checkOnly = process.argv.includes('--check');\nconst force = process.argv.includes('--force');\nconst postinstall = process.argv.includes('--postinstall');\nconst truthy = value => /^(1|true|yes|on)$/i.test(String(value ?? ''));\nconst falsy = value => /^(0|false|no|off)$/i.test(String(value ?? ''));\nconst skipRequested =\n truthy(process.env.ULTRAMODERN_SKIP_AGENT_SKILLS) ||\n falsy(process.env.ULTRAMODERN_AGENT_SKILLS);\nconst cloneTimeoutMs = Number.parseInt(\n process.env.ULTRAMODERN_AGENT_SKILLS_CLONE_TIMEOUT_MS ?? '60000',\n 10,\n);\n\nconst readJson = filePath => JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n\nconst run = (command, args, options = {}) =>\n execFileSync(command, args, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n timeout: options.timeout,\n });\n\nconst commandExists = command => {\n try {\n run(command, ['--version'], { stdio: 'ignore' });\n return true;\n } catch {\n return false;\n }\n};\n\nconst runShell = script =>\n run('sh', ['-lc', script], {\n stdio: 'inherit',\n });\n\nconst installGit = () => {\n if (commandExists('git')) {\n return;\n }\n\n if (commandExists('brew')) {\n run('brew', ['install', 'git'], { stdio: 'inherit' });\n } else if (process.platform === 'linux' && commandExists('apt-get')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}apt-get update && ${sudo}apt-get install -y git`);\n } else if (process.platform === 'linux' && commandExists('dnf')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}dnf install -y git`);\n } else if (process.platform === 'linux' && commandExists('yum')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}yum install -y git`);\n } else if (process.platform === 'linux' && commandExists('apk')) {\n runShell('apk add --no-cache git');\n }\n\n if (!commandExists('git')) {\n throw new Error(\n 'Git is required for UltraModern setup. Install git and run pnpm skills:install again.',\n );\n }\n};\n\nconst isInsideGitWorkTree = () => {\n try {\n return run('git', ['rev-parse', '--is-inside-work-tree']).trim() === 'true';\n } catch {\n return false;\n }\n};\n\nconst initializeGitRepository = () => {\n if (isInsideGitWorkTree()) {\n return;\n }\n\n try {\n run('git', ['init', '-b', 'main'], { stdio: 'inherit' });\n } catch {\n run('git', ['init'], { stdio: 'inherit' });\n run('git', ['branch', '-M', 'main'], { stdio: 'inherit' });\n }\n};\n\nconst installLefthook = () => {\n try {\n run('lefthook', ['install'], { stdio: 'inherit' });\n } catch (error) {\n console.warn(`Unable to install lefthook hooks: ${error.message}`);\n }\n};\n\nconst removeTree = dir =>\n fs.rmSync(dir, {\n force: true,\n maxRetries: 5,\n recursive: true,\n retryDelay: 100,\n });\n\nconst cloneSource = (source, targetDir) => {\n if (source.commit) {\n run('git', ['init', targetDir], { timeout: 30000 });\n run('git', ['remote', 'add', 'origin', source.repository], {\n cwd: targetDir,\n timeout: 30000,\n });\n run('git', ['fetch', '--depth', '1', '--quiet', 'origin', source.commit], {\n cwd: targetDir,\n timeout: cloneTimeoutMs,\n });\n run(\n 'git',\n [\n '-c',\n 'advice.detachedHead=false',\n 'checkout',\n '--detach',\n '--quiet',\n 'FETCH_HEAD',\n ],\n { cwd: targetDir, timeout: 30000 },\n );\n return;\n }\n\n const repo = source.repository.replace(/^https:\\/\\/github.com\\//u, '');\n try {\n run(\n 'gh',\n ['repo', 'clone', repo, targetDir, '--', '--depth', '1', '--quiet'],\n { timeout: cloneTimeoutMs },\n );\n } catch {\n run(\n 'git',\n ['clone', '--depth', '1', '--quiet', source.repository, targetDir],\n { timeout: cloneTimeoutMs },\n );\n }\n};\n\nconst resolveSkillDir = (sourceRoot, skillName) => {\n const candidates = [\n path.join(sourceRoot, skillName),\n path.join(sourceRoot, 'skills', skillName),\n path.join(sourceRoot, 'skills', 'engineering', skillName),\n path.join(sourceRoot, 'skills', 'productivity', skillName),\n ];\n return candidates.find(candidate =>\n fs.existsSync(path.join(candidate, 'SKILL.md')),\n );\n};\n\nif (!fs.existsSync(lockPath)) {\n console.error('Missing .agents/skills-lock.json');\n process.exit(1);\n}\n\nconst lock = readJson(lockPath);\nconst installDir = path.join(root, lock.installDir ?? '.agents/skills');\nconst sources = lock.sources ?? [];\nconst requiredCloneSources = sources.filter(\n source => source.install === 'clone',\n);\nconst optionalCloneSources = sources.filter(\n source => source.install === 'clone-if-authorized',\n);\nconst requiredSkills = [\n ...(lock.baseline ?? []),\n ...requiredCloneSources.flatMap(source => source.baseline ?? []),\n].filter(\n (skill, index, skills) =>\n skills.findIndex(candidate => candidate.name === skill.name) === index,\n);\n\nif (skipRequested) {\n const reason = 'agent skills bootstrap skipped by environment';\n if (checkOnly) {\n console.log(reason);\n process.exit(0);\n }\n console.log(reason);\n installLefthook();\n process.exit(0);\n}\n\nif (checkOnly) {\n const missingRequired = requiredSkills\n .map(skill => skill.name)\n .filter(\n skillName => !fs.existsSync(path.join(installDir, skillName, 'SKILL.md')),\n );\n const missingOptional = optionalCloneSources.flatMap(source =>\n (source.baseline ?? [])\n .map(skill => skill.name)\n .filter(\n skillName =>\n !fs.existsSync(path.join(installDir, skillName, 'SKILL.md')),\n ),\n );\n\n if (missingRequired.length > 0) {\n console.error(\n `Required agent skills not installed: ${missingRequired.join(', ')}. Run pnpm skills:install.`,\n );\n process.exit(1);\n }\n\n if (missingOptional.length > 0) {\n console.warn(\n `Private skills not installed: ${missingOptional.join(', ')}. Run pnpm skills:install if you have access.`,\n );\n } else {\n console.log('Required and private agent skills are installed.');\n process.exit(0);\n }\n console.log('Required agent skills are installed.');\n process.exit(0);\n}\n\nfs.mkdirSync(installDir, { recursive: true });\ninstallGit();\ninitializeGitRepository();\n\nfor (const source of [...requiredCloneSources, ...optionalCloneSources]) {\n const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ultramodern-skills-'));\n try {\n try {\n cloneSource(source, tempDir);\n } catch (error) {\n if (source.install === 'clone-if-authorized' || postinstall) {\n console.warn(`Skipping ${source.repository}; ${error.message}`);\n continue;\n }\n throw error;\n }\n for (const skill of source.baseline ?? []) {\n const sourceSkillDir = resolveSkillDir(tempDir, skill.name);\n if (!sourceSkillDir) {\n throw new Error(\n `Skill ${skill.name} not found in ${source.repository}`,\n );\n }\n const targetSkillDir = path.join(installDir, skill.name);\n if (fs.existsSync(targetSkillDir)) {\n if (!force) {\n console.log(`Skipping existing ${skill.name}`);\n continue;\n }\n removeTree(targetSkillDir);\n }\n fs.cpSync(sourceSkillDir, targetSkillDir, { recursive: true });\n console.log(`Installed ${skill.name}`);\n }\n } finally {\n removeTree(tempDir);\n }\n}\n\ninstallLefthook();\n",
|
|
46
46
|
"scripts/setup-agent-reference-repos.mjs": "import { spawnSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst args = new Set(process.argv.slice(2));\nconst checkOnly = args.has('--check');\nconst configPath = path.join(root, '.agents', 'agent-reference-repos.json');\nconst manifestPath = path.join(root, '.modernjs', 'agent-reference-repos.json');\n\nconst truthy = value => /^(1|true|yes|on)$/i.test(String(value ?? ''));\nconst falsy = value => /^(0|false|no|off)$/i.test(String(value ?? ''));\n\nconst skipRequested =\n truthy(process.env.ULTRAMODERN_SKIP_AGENT_REPOS) ||\n falsy(process.env.ULTRAMODERN_AGENT_REPOS);\nconst required = truthy(process.env.ULTRAMODERN_AGENT_REPOS_REQUIRED);\nconst refresh = truthy(process.env.ULTRAMODERN_AGENT_REPOS_REFRESH);\n\nconst gitIdentityEnv = {\n GIT_AUTHOR_NAME:\n process.env.GIT_AUTHOR_NAME || 'UltraModern Agent Reference Setup',\n GIT_AUTHOR_EMAIL:\n process.env.GIT_AUTHOR_EMAIL || 'ultramodern-agent-refs@local',\n GIT_COMMITTER_NAME:\n process.env.GIT_COMMITTER_NAME || 'UltraModern Agent Reference Setup',\n GIT_COMMITTER_EMAIL:\n process.env.GIT_COMMITTER_EMAIL || 'ultramodern-agent-refs@local',\n};\n\nconst log = message => console.log(`[agent-reference-repos] ${message}`);\nconst warn = message => console.warn(`[agent-reference-repos] ${message}`);\n\nfunction fail(message) {\n if (required || checkOnly) {\n throw new Error(message);\n }\n warn(message);\n}\n\nfunction readJson(filePath) {\n return JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n}\n\nfunction run(command, commandArgs, options = {}) {\n const result = spawnSync(command, commandArgs, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n env: {\n ...process.env,\n ...gitIdentityEnv,\n ...(options.env ?? {}),\n },\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n timeout: options.timeout ?? 120000,\n });\n\n if (result.error) {\n throw result.error;\n }\n if (result.status !== 0) {\n const stderr = result.stderr?.trim();\n throw new Error(\n `${command} ${commandArgs.join(' ')} failed${\n stderr ? `: ${stderr}` : ''\n }`,\n );\n }\n return result.stdout?.trim() ?? '';\n}\n\nfunction assertSafeRepoPath(relativePath) {\n if (\n typeof relativePath !== 'string' ||\n relativePath.length === 0 ||\n path.isAbsolute(relativePath) ||\n relativePath.split(/[\\\\/]+/).includes('..') ||\n !relativePath.startsWith('repos/')\n ) {\n throw new Error(`Unsafe reference repository path: ${relativePath}`);\n }\n}\n\nfunction hasGit() {\n const result = spawnSync('git', ['--version'], {\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0;\n}\n\nfunction hasGitSubtree() {\n const result = spawnSync('git', ['subtree', '-h'], {\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return (\n (result.status === 0 || result.status === 129) &&\n result.stdout.includes('usage: git subtree')\n );\n}\n\nfunction isGitWorkTree() {\n const result = spawnSync('git', ['rev-parse', '--is-inside-work-tree'], {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0 && result.stdout.trim() === 'true';\n}\n\nfunction hasCommits() {\n const result = spawnSync('git', ['rev-parse', '--verify', 'HEAD'], {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0;\n}\n\nfunction porcelainStatus() {\n return run('git', ['status', '--porcelain'], { timeout: 30000 });\n}\n\nfunction commitInstallerChanges(message) {\n run('git', ['commit', '--no-verify', '-m', message], {\n timeout: 120000,\n });\n}\n\nfunction ensureGitRepository() {\n if (!isGitWorkTree()) {\n if (checkOnly) {\n fail('workspace is not a git repository');\n return false;\n }\n log('initializing git repository for agent reference subtrees');\n run('git', ['init'], { timeout: 30000 });\n }\n\n if (!hasCommits()) {\n if (checkOnly) {\n fail('workspace has no initial git commit');\n return false;\n }\n log('creating initial workspace commit before adding reference subtrees');\n run('git', ['add', '-A'], { timeout: 30000 });\n commitInstallerChanges('Initialize UltraModern workspace');\n return true;\n }\n\n const status = porcelainStatus();\n if (status) {\n fail(\n 'workspace has uncommitted changes; commit or stash them before installing reference subtrees',\n );\n return false;\n }\n\n return true;\n}\n\nfunction remoteCommit(repo) {\n let output = run('git', ['ls-remote', repo.url, `refs/heads/${repo.ref}`], {\n timeout: 120000,\n });\n if (!output) {\n output = run('git', ['ls-remote', repo.url, repo.ref], {\n timeout: 120000,\n });\n }\n const [commit] = output.split(/\\s+/);\n if (!/^[a-f0-9]{40}$/i.test(commit ?? '')) {\n throw new Error(`Could not resolve ${repo.url}#${repo.ref}`);\n }\n return commit;\n}\n\nfunction subtreeCommitExists(repo) {\n const result = spawnSync(\n 'git',\n [\n 'log',\n '--grep',\n `git-subtree-dir: ${repo.path}`,\n '--format=%H',\n '-n',\n '1',\n ],\n {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n },\n );\n return result.status === 0 && result.stdout.trim().length > 0;\n}\n\nfunction installedManifestEntry(repo) {\n if (!fs.existsSync(manifestPath)) {\n return undefined;\n }\n try {\n const manifest = readJson(manifestPath);\n return manifest.repositories?.find(entry => entry.id === repo.id);\n } catch {\n return undefined;\n }\n}\n\nfunction assertSubtreePresent(repo) {\n assertSafeRepoPath(repo.path);\n const targetPath = path.join(root, repo.path);\n if (!fs.existsSync(targetPath)) {\n fail(`${repo.path} is missing`);\n return undefined;\n }\n if (!subtreeCommitExists(repo)) {\n fail(`${repo.path} is present but has no git-subtree commit evidence`);\n return undefined;\n }\n return (\n installedManifestEntry(repo) ?? {\n id: repo.id,\n name: repo.name,\n url: repo.url,\n ref: repo.ref,\n path: repo.path,\n readOnly: repo.readOnly !== false,\n status: 'present',\n strategy: 'git-subtree-squash',\n }\n );\n}\n\nfunction addSubtree(repo) {\n assertSafeRepoPath(repo.path);\n const targetPath = path.join(root, repo.path);\n const existing = fs.existsSync(targetPath);\n\n if (existing && !refresh) {\n return assertSubtreePresent(repo);\n }\n\n if (existing && refresh) {\n fail(\n `${repo.path} already exists; refresh for subtree references is intentionally manual`,\n );\n return undefined;\n }\n\n if (checkOnly) {\n fail(`${repo.path} is missing`);\n return undefined;\n }\n\n const commit = remoteCommit(repo);\n log(`adding ${repo.name} as git subtree at ${repo.path} (${commit})`);\n run('git', ['fetch', '--depth', '1', repo.url, repo.ref], {\n timeout: 300000,\n });\n run(\n 'git',\n [\n 'subtree',\n 'add',\n '--prefix',\n repo.path,\n 'FETCH_HEAD',\n '--squash',\n '-m',\n `Add ${repo.name} agent reference repo`,\n ],\n { timeout: 600000 },\n );\n\n return {\n schemaVersion: 1,\n id: repo.id,\n name: repo.name,\n url: repo.url,\n ref: repo.ref,\n commit,\n path: repo.path,\n readOnly: repo.readOnly !== false,\n strategy: 'git-subtree-squash',\n status: 'installed',\n installedAt: new Date().toISOString(),\n };\n}\n\nfunction writeManifest(entries) {\n fs.mkdirSync(path.dirname(manifestPath), { recursive: true });\n fs.writeFileSync(\n manifestPath,\n `${JSON.stringify(\n {\n schemaVersion: 1,\n generatedAt: new Date().toISOString(),\n strategy: 'git-subtree-squash',\n installDir: 'repos',\n repositories: entries,\n },\n null,\n 2,\n )}\\n`,\n );\n}\n\nfunction commitManifestIfChanged() {\n const status = run('git', ['status', '--porcelain', '--', manifestPath], {\n timeout: 30000,\n });\n if (!status) {\n return;\n }\n run('git', ['add', manifestPath], { timeout: 30000 });\n commitInstallerChanges('Record agent reference repo manifest');\n}\n\nfunction main() {\n if (!fs.existsSync(configPath)) {\n fail('Missing .agents/agent-reference-repos.json');\n return;\n }\n\n const config = readJson(configPath);\n const enabled = config.defaultEnabled !== false && !skipRequested;\n\n if (!enabled) {\n log('setup skipped; set ULTRAMODERN_SKIP_AGENT_REPOS=0 to enable it again');\n return;\n }\n\n if (!hasGit()) {\n fail('git is required to install agent reference repositories');\n return;\n }\n if (!hasGitSubtree()) {\n fail('git subtree is required to install agent reference repositories');\n return;\n }\n if (!ensureGitRepository()) {\n return;\n }\n\n const entries = [];\n for (const repo of config.repositories ?? []) {\n const result = checkOnly ? assertSubtreePresent(repo) : addSubtree(repo);\n if (result) {\n entries.push(result);\n }\n }\n\n if (!checkOnly) {\n writeManifest(entries);\n commitManifestIfChanged();\n }\n}\n\ntry {\n main();\n} catch (error) {\n if (required || checkOnly) {\n console.error(`[agent-reference-repos] ${error.message}`);\n process.exitCode = 1;\n } else {\n warn(error.message);\n }\n}\n",
|
|
47
47
|
".github/renovate.json": "{\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\"config:recommended\", \"helpers:pinGitHubActionDigests\"],\n \"dependencyDashboard\": true,\n \"minimumReleaseAge\": \"1 day\",\n \"prConcurrentLimit\": 5,\n \"prHourlyLimit\": 2,\n \"rangeStrategy\": \"bump\",\n \"schedule\": [\"before 5am on monday\"],\n \"timezone\": \"Etc/UTC\",\n \"packageRules\": [\n {\n \"matchManagers\": [\"github-actions\"],\n \"groupName\": \"github-actions\",\n \"labels\": [\"dependencies\", \"github-actions\", \"security\"]\n },\n {\n \"matchManagers\": [\"npm\"],\n \"matchUpdateTypes\": [\"patch\", \"minor\"],\n \"groupName\": \"npm minor and patch updates\",\n \"labels\": [\"dependencies\", \"npm\"]\n },\n {\n \"matchUpdateTypes\": [\"major\"],\n \"dependencyDashboardApproval\": true,\n \"labels\": [\"dependencies\", \"major\"]\n }\n ]\n}\n",
|
|
48
48
|
".github/workflows/ultramodern-workspace-gates.yml": "name: Ultramodern Workspace Gates\n\non:\n push:\n pull_request:\n\npermissions:\n contents: read\n\ndefaults:\n run:\n shell: bash\n\nenv:\n FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true\n\nconcurrency:\n group: ultramodern-workspace-gates-${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n workspace-gate:\n name: ${{ matrix.name }}\n runs-on: ubuntu-latest\n timeout-minutes: 30\n strategy:\n fail-fast: false\n matrix:\n include:\n - name: Format\n command: pnpm format:check\n - name: Lint\n command: pnpm lint\n - name: Typecheck\n command: pnpm typecheck\n - name: Skills\n command: pnpm skills:check\n - name: I18n Boundaries\n command: pnpm i18n:boundaries\n - name: Contract\n command: pnpm contract:check\n - name: Build\n command: pnpm build\n steps:\n - name: Harden Runner\n uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2\n with:\n egress-policy: audit\n\n - name: Checkout\n uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n fetch-depth: 1\n persist-credentials: false\n\n - name: Setup Node.js\n uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0\n with:\n node-version: 24\n\n - name: Setup mise\n uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0\n\n - name: Install Dependencies\n run: mise exec -- pnpm install --frozen-lockfile\n\n - name: Run ${{ matrix.name }}\n env:\n MODERN_PUBLIC_SITE_URL: http://localhost:8080\n run: mise exec -- ${{ matrix.command }}\n",
|
|
49
49
|
".agents/agent-reference-repos.json": "{\n \"schemaVersion\": 1,\n \"defaultEnabled\": true,\n \"strategy\": \"git-subtree-squash\",\n \"installDir\": \"repos\",\n \"repositories\": [\n {\n \"id\": \"effect\",\n \"name\": \"Effect\",\n \"url\": \"https://github.com/Effect-TS/effect.git\",\n \"ref\": \"main\",\n \"path\": \"repos/effect\",\n \"readOnly\": true\n },\n {\n \"id\": \"ultramodern-js\",\n \"name\": \"UltraModern.js\",\n \"url\": \"https://github.com/BleedingDev/ultramodern.js.git\",\n \"ref\": \"main-ultramodern\",\n \"path\": \"repos/ultramodern.js\",\n \"readOnly\": true\n }\n ]\n}\n",
|
|
50
|
-
".agents/skills-lock.json": "{\n \"schemaVersion\": 1,\n \"source\": {\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\"\n },\n \"installDir\": \".agents/skills\",\n \"sources\": [\n {\n \"id\": \"rstack-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\",\n \"install\": \"vendored\"\n },\n {\n \"id\": \"module-federation-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/module-federation/agent-skills\",\n \"commit\": \"07bb5b6c43ad457609e00c081b72d4c42508ec76\",\n \"install\": \"clone\",\n \"baseline\": [\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ]\n },\n {\n \"id\": \"techsiocz-private\",\n \"visibility\": \"private\",\n \"repository\": \"https://github.com/TechsioCZ/skills\",\n \"install\": \"clone-if-authorized\",\n \"baseline\": [\n {\n \"name\": \"plan-graph\",\n \"reason\": \"Build and validate DAGs from .plan.md files\"\n },\n {\n \"name\": \"dag\",\n \"reason\": \"Inspect current plan frontiers and blocked lanes\"\n },\n {\n \"name\": \"subagent-graph\",\n \"reason\": \"Design dependency-aware multi-agent launch graphs\"\n },\n {\n \"name\": \"helm\",\n \"reason\": \"Steer already-running multi-agent work\"\n },\n {\n \"name\": \"debugger-mode\",\n \"reason\": \"Run hypothesis-driven debugging with runtime evidence\"\n }\n ]\n }\n ],\n \"baseline\": [\n {\n \"name\": \"rsbuild-best-practices\",\n \"path\": \".agents/skills/rsbuild-best-practices\",\n \"reason\": \"Modern.js application build configuration and Rsbuild troubleshooting\"\n },\n {\n \"name\": \"rspack-best-practices\",\n \"path\": \".agents/skills/rspack-best-practices\",\n \"reason\": \"Rspack bundling, CSS, asset, profiling, and production behavior\"\n },\n {\n \"name\": \"rspack-tracing\",\n \"path\": \".agents/skills/rspack-tracing\",\n \"reason\": \"Trace-backed Rspack failure and performance debugging\"\n },\n {\n \"name\": \"rsdoctor-analysis\",\n \"path\": \".agents/skills/rsdoctor-analysis\",\n \"reason\": \"Evidence-backed bundle composition, duplication, and retained-module analysis\"\n },\n {\n \"name\": \"rslib-best-practices\",\n \"path\": \".agents/skills/rslib-best-practices\",\n \"reason\": \"Rslib shared package and design-system library authoring\"\n },\n {\n \"name\": \"rslib-modern-package\",\n \"path\": \".agents/skills/rslib-modern-package\",\n \"reason\": \"Modern package contracts, exports, declarations, side effects, and release readiness\"\n },\n {\n \"name\": \"rstest-best-practices\",\n \"path\": \".agents/skills/rstest-best-practices\",\n \"reason\": \"Rstest configuration, test writing, mocking, snapshots, coverage, and CI behavior\"\n },\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ],\n \"excludedByDefault\": [\n \"migrate-to-rsbuild\",\n \"migrate-to-rslib\",\n \"migrate-to-rslint\",\n \"migrate-to-rstest\",\n \"rsbuild-v2-upgrade\",\n \"rspack-v2-upgrade\",\n \"rspress-v2-upgrade\"\n ]\n}\n",
|
|
51
50
|
".agents/rstackjs-agent-skills-LICENSE": "MIT License\n\nCopyright (c) 2026 RstackJS Contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n",
|
|
52
|
-
".agents/skills
|
|
51
|
+
".agents/skills-lock.json": "{\n \"schemaVersion\": 1,\n \"source\": {\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\"\n },\n \"installDir\": \".agents/skills\",\n \"sources\": [\n {\n \"id\": \"rstack-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\",\n \"install\": \"vendored\"\n },\n {\n \"id\": \"module-federation-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/module-federation/agent-skills\",\n \"commit\": \"07bb5b6c43ad457609e00c081b72d4c42508ec76\",\n \"install\": \"clone\",\n \"baseline\": [\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ]\n },\n {\n \"id\": \"techsiocz-private\",\n \"visibility\": \"private\",\n \"repository\": \"https://github.com/TechsioCZ/skills\",\n \"install\": \"clone-if-authorized\",\n \"baseline\": [\n {\n \"name\": \"plan-graph\",\n \"reason\": \"Build and validate DAGs from .plan.md files\"\n },\n {\n \"name\": \"dag\",\n \"reason\": \"Inspect current plan frontiers and blocked lanes\"\n },\n {\n \"name\": \"subagent-graph\",\n \"reason\": \"Design dependency-aware multi-agent launch graphs\"\n },\n {\n \"name\": \"helm\",\n \"reason\": \"Steer already-running multi-agent work\"\n },\n {\n \"name\": \"debugger-mode\",\n \"reason\": \"Run hypothesis-driven debugging with runtime evidence\"\n }\n ]\n }\n ],\n \"baseline\": [\n {\n \"name\": \"rsbuild-best-practices\",\n \"path\": \".agents/skills/rsbuild-best-practices\",\n \"reason\": \"Modern.js application build configuration and Rsbuild troubleshooting\"\n },\n {\n \"name\": \"rspack-best-practices\",\n \"path\": \".agents/skills/rspack-best-practices\",\n \"reason\": \"Rspack bundling, CSS, asset, profiling, and production behavior\"\n },\n {\n \"name\": \"rspack-tracing\",\n \"path\": \".agents/skills/rspack-tracing\",\n \"reason\": \"Trace-backed Rspack failure and performance debugging\"\n },\n {\n \"name\": \"rsdoctor-analysis\",\n \"path\": \".agents/skills/rsdoctor-analysis\",\n \"reason\": \"Evidence-backed bundle composition, duplication, and retained-module analysis\"\n },\n {\n \"name\": \"rslib-best-practices\",\n \"path\": \".agents/skills/rslib-best-practices\",\n \"reason\": \"Rslib shared package and design-system library authoring\"\n },\n {\n \"name\": \"rslib-modern-package\",\n \"path\": \".agents/skills/rslib-modern-package\",\n \"reason\": \"Modern package contracts, exports, declarations, side effects, and release readiness\"\n },\n {\n \"name\": \"rstest-best-practices\",\n \"path\": \".agents/skills/rstest-best-practices\",\n \"reason\": \"Rstest configuration, test writing, mocking, snapshots, coverage, and CI behavior\"\n },\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ],\n \"excludedByDefault\": [\n \"migrate-to-rsbuild\",\n \"migrate-to-rslib\",\n \"migrate-to-rslint\",\n \"migrate-to-rstest\",\n \"rsbuild-v2-upgrade\",\n \"rspack-v2-upgrade\",\n \"rspress-v2-upgrade\"\n ]\n}\n",
|
|
53
52
|
".agents/skills/rslib-best-practices/SKILL.md": '---\nname: rslib-best-practices\ndescription: Rslib best practices for config, CLI workflow, output, declaration files, dependency handling, build optimization and toolchain integration. Use when writing, reviewing, or troubleshooting Rslib projects.\n---\n\n# Rslib Best Practices\n\nApply these rules when writing or reviewing Rslib library projects.\n\n## Configuration\n\n- Use `rslib.config.ts` and `defineConfig`\n- Check Rslib-specific configurations first (e.g., `lib.*`), and also leverage Rsbuild configurations (e.g., `source.*`, `output.*`, `tools.*`) as needed\n- For deep-level or advanced configuration needs, use `tools.rspack` or `tools.bundlerChain` to access Rspack\'s native configurations\n- In TypeScript projects, prefer `tsconfig.json` path aliases\n\n## CLI\n\n- Use `rslib` to build\n- Use `rslib --watch` to build in watch mode for local development\n- Use `rslib inspect` to inspect final Rslib/Rsbuild/Rspack configs\n\n## Output\n\n- Prefer to build pure-ESM package with `"type": "module"` in `package.json`\n- Prefer to use bundleless mode with `output.target` set to `\'web\'` when building component libraries\n- Prefer to use bundle mode when building Node.js utility libraries\n- Ensure `exports` field in `package.json` is correctly configured and matches the actual JavaScript output and declaration files output of different formats (ESM, CJS, etc.)\n\n## Declaration files\n\n- Prefer to enable declaration file generation with `lib.dts: true` or detailed configurations\n- For faster type generation, enable `lib.dts.tsgo` experimental feature with `@typescript/native-preview` installed\n\n## Dependencies\n\n- Prefer to place dependencies to be bundled in `devDependencies` in bundle mode and dependencies in `dependencies` and `peerDependencies` will be automatically externalized (not bundled) by default\n- Verify the build output and dependency specifiers in `package.json` carefully to ensure no missing dependency errors occur when consumers install and use this package\n\n## Build optimization\n\n- Keep syntax target in `lib.syntax` aligned with real compatibility requirements to enable better optimizations\n- Avoid format-specific APIs in source code for better compatibility with different output formats\n- Prefer lightweight dependencies to reduce bundle size\n\n## Toolchain integration\n\n- Prefer to use Rstest with `@rstest/adapter-rslib` for writing tests\n- Prefer to use Rspress for writing library documentation, with `@rspress/plugin-preview` and `@rspress/plugin-api-docgen` for component previews and API docs\n\n## Debugging\n\n- Run with `DEBUG=rsbuild` when diagnosing config resolution or plugin behavior\n- Read generated files in `dist/.rsbuild` to confirm final Rsbuild/Rspack config, not assumed config\n\n## Documentation\n\n- For the latest Rslib docs, read https://rslib.rs/llms.txt\n',
|
|
53
|
+
".agents/skills/rsbuild-best-practices/SKILL.md": "---\nname: rsbuild-best-practices\ndescription: Rsbuild best practices for config, CLI workflow, type checking, bundle optimization, assets, and debugging. Use when writing, reviewing, or troubleshooting Rsbuild projects.\n---\n\n# Rsbuild Best Practices\n\nApply these rules when writing or reviewing Rsbuild projects.\n\n## Configuration\n\n- Use `rsbuild.config.ts` and `defineConfig`\n- Use `tools.rspack` or `tools.bundlerChain` only when no first-class Rsbuild option exists\n- Define explicit `source.entry` values for multi-page applications\n- In TypeScript projects, prefer `tsconfig.json` path aliases first\n\n## CLI\n\n- Use `rsbuild` for local development\n- Use `rsbuild build` for production build\n- Use `rsbuild preview` only for local production preview\n- Use `rsbuild inspect` to inspect final Rsbuild/Rspack configs\n\n## Type checking\n\n- Use `@rsbuild/plugin-type-check` for integrated dev/build type checks\n- Or run `tsc --noEmit`/`vue-tsc --noEmit` as an explicit script step\n\n## Bundle size optimization\n\n- Prefer dynamic `import()` for non-critical code paths\n- Prefer lightweight libraries where possible\n- Keep browserslist aligned with real compatibility requirements\n\n## Asset management\n\n- Import source-managed assets from project source directories, not from `public`\n- Reference `public` files by absolute URL path\n\n## Security\n\n- Do not publish `.map` files to public servers/CDNs when production source maps are enabled\n\n## Debugging\n\n- Run with `DEBUG=rsbuild` when diagnosing config resolution or plugin behavior\n- Read generated files in `dist/.rsbuild` to confirm final config, not assumed config\n\n## Profiling\n\n- Use Node CPU profiling (`--cpu-prof`) when JavaScript-side overhead is suspected\n- Use `RSPACK_PROFILE=OVERVIEW` and analyze trace output for compiler-phase bottlenecks\n\n## Documentation\n\n- For the latest (v2) docs, read http://rsbuild.rs/llms.txt\n- For Rsbuild v1 docs, read http://v1.rsbuild.rs/llms.txt\n",
|
|
54
54
|
".agents/skills/rslib-modern-package/SKILL.md": '---\nname: rslib-modern-package\ndescription: Opinionated Rslib recommendations for modern JS/TS npm package design covering pure ESM, strict TypeScript, explicit exports, small stable APIs, pragmatic dependencies, accurate sideEffects, correct declarations, package validation, provenance, README.md, and AGENTS.md. Use when the user wants to make a JS/TS package more modern, check whether the current package setup is healthy, review package.json/exports/types/dependencies/docs/release readiness, or apply a modern library baseline.\n---\n\n# Rslib Modern Package\n\nUse this skill when creating a new Rslib library, modernizing an existing JS/TS package, or reviewing a package against an opinionated modern library standard.\n\nThis skill is opinionated: it describes a recommended modern package contract and may suggest breaking changes when they make the package simpler, safer, and easier for modern consumers.\n\n## Standard\n\nDefault recommendation for new JS/TS libraries:\n\n- ESM-first, preferably pure ESM.\n- Strict TypeScript and correct declaration files.\n- Explicit public API through `package.json#exports`.\n- Small named-export API surface.\n- Few runtime dependencies, without treating zero dependencies as a religion.\n- Small, tree-shakeable output with accurate `sideEffects`.\n- Clear dependency placement: runtime dependencies, peer dependencies, optional dependencies, and dev dependencies are not interchangeable.\n- Published package is tested as an artifact, not just as source files.\n- Release flow is automated, traceable, and SemVer-aware.\n- README.md explains usage for humans; AGENTS.md preserves package invariants for future agents.\n\n## Workflow\n\n1. **Inspect the package contract first**\n - Read `package.json`, lockfile/package manager, `rslib.config.*`, `tsconfig*`, CI/release config, README.md, AGENTS.md, and existing `dist` output.\n - Identify package kind: Node utility, browser library, isomorphic utility, CLI, UI/component library, framework plugin, SDK, or adapter.\n - List supported runtimes, current entry points, deep imports, runtime dependencies, peer dependencies, optional integrations, files with side effects, and published files.\n - Run `npm pack --dry-run` early when changing package shape so the real tarball contents guide the review.\n\n2. **Define target environments explicitly**\n - Do not say "supports modern environments" without defining them.\n - Verify the current Node.js release schedule before choosing `engines`.\n - As of May 9, 2026, Node.js 22 and 24 are LTS, and Node.js 20 is EOL. For new Node-facing packages, recommend `engines.node >=22` unless real consumers need an older runtime.\n - Browser packages should state whether they require native ESM, a bundler, Workers support, SSR compatibility, DOM APIs, CSS processing, or specific browser baselines.\n - Compatibility drops are breaking changes: old Node/browser versions, undocumented deep imports, default/named export shape, bundled vs external dependency behavior, and import side effects.\n\n3. **Prefer pure ESM, but explain compatibility cost**\n - New packages should use `"type": "module"` and ESM source/output.\n - Rslib\'s default format is ESM; keep that default unless there is a clear reason to add another format.\n - Evaluate compatibility from real consumers and supported runtimes instead of assuming every historical module format is required.\n - Modern Node.js can load synchronous ESM from CommonJS via `require(esm)`; do not assume CJS consumers always require a separate CJS build.\n - If you rely on `require(esm)` compatibility, document and test its constraints: supported Node versions, no top-level `await` in the loaded graph, namespace-object return shape, default export behavior, and CJS/ESM cycle limits.\n - Prefer Node built-in specifiers such as `node:fs/promises`.\n\n4. **Make `exports` the public API**\n - Treat `package.json#exports` as the product contract.\n - Export only paths users are meant to import.\n - Do not allow imports like `pkg/dist/foo.js` by exporting `./dist/*`. That makes the generated output layout part of the public API and turns internal file moves into breaking changes.\n - Instead, expose only intentional public paths such as `pkg` and `pkg/foo.js`, mapped to the actual files in `dist`.\n - Keep subpath style consistent: either all with extensions such as `./foo.js`, or all without extensions. Prefer paths with extensions when browser import maps matter.\n - Keep `"types"` first inside conditional exports.\n - Adding `exports` to an older package can be breaking because undeclared deep imports stop working.\n - Add `./package.json` only when consumers legitimately need package metadata.\n\n5. **Design a small API surface**\n - Prefer named exports for multi-API packages.\n - Avoid default-export objects that gather every function into one object.\n - Public functions should be few, stable, well-named, and semver-maintained.\n - Keep internal types, caches, helper functions, adapter details, and error internals private unless they are part of the contract.\n - Avoid top-level work during import: file scans, network calls, timers, process mutation, global registration, DOM access, prototype mutation, or environment detection with side effects.\n - Async APIs that may be canceled should accept `AbortSignal`.\n - Prefer stable error classes, error codes, or typed error shapes over string matching.\n\n6. **Use Rslib as the implementation path, not the whole standard**\n - For detailed Rslib configuration guidance, use the `rslib-best-practices` skill.\n - In this skill, only check whether Rslib output, declarations, `package.json#exports`, `files`, dependencies, and docs agree with the modern package contract.\n - Keep Rslib configuration small and intentional; avoid adding build complexity that does not improve the package contract.\n\n7. **Keep dependencies small and intentional**\n - Start from platform APIs, not from dependency search.\n - Prefer built-ins when the runtime supports them: `URL`, `URLSearchParams`, `Intl`, `fetch`, `AbortController`, `structuredClone`, `crypto.randomUUID`, Web Streams, `TextEncoder`, `TextDecoder`, `node:fs/promises`, and `node:crypto`.\n - Small runtime dependencies are fine when they reduce maintenance risk or implementation complexity.\n - Avoid large utility packages for one or two helpers.\n - Evaluate dependencies for ESM support, `exports`, types, transitive dependency count, package size, license, maintenance activity, security history, install scripts, side effects, native install fragility, and granular imports.\n - Put required runtime packages in `dependencies`.\n - Put host-owned frameworks and toolchains in `peerDependencies`, such as React, Vue, Svelte, Rspack, Rsbuild, webpack, TypeScript, and framework runtimes.\n - Keep peer ranges reasonably broad; do not pin peers to a patch version unless required.\n - Put build tools, test tools, type tools, docs tools, and Rsbuild/Rspack plugins in `devDependencies`.\n - Use `optionalDependencies` or optional peers via `peerDependenciesMeta` for optional integrations.\n\n8. **Make TypeScript strict and package-oriented**\n - Prefer TypeScript source for TS libraries; otherwise use high-quality JSDoc plus generated declarations.\n - With TypeScript 6 or tsgo-era defaults, strict checking may already be enabled; preserve that default and do not turn it off. For older TypeScript versions or inherited configs, set `strict: true` explicitly.\n - In Rslib projects, consider enabling `lib.dts.tsgo` to speed up declaration generation when the project can use tsgo.\n - Keep `module` and `moduleResolution` aligned with how declarations are emitted and how consumers resolve the package; NodeNext and bundler-style resolution are both valid in the right toolchain.\n - Use `verbatimModuleSyntax` so type-only imports/exports are explicit.\n - Use `isolatedDeclarations` when practical so exported APIs are explicit enough for declaration-oriented tooling.\n - Emit declarations; use declaration maps when editor navigation matters.\n - Use `import type` and `export type` for type-only dependencies.\n - Do not rely on consumers setting `skipLibCheck` to hide broken package types.\n - Test declarations as consumers see them, especially when using subpath exports.\n\n9. **Keep `sideEffects` accurate**\n - Use `sideEffects: false` only when importing package files has no top-level side effects.\n - If CSS, polyfills, registrations, global listeners, prototype changes, or other import-time mutations exist, list the files with side effects instead.\n - Do not set `sideEffects: false` just to improve bundle size; incorrect values can remove required CSS or setup code.\n - Do not change globals just because a file is imported. If setup is required, expose an explicit `setup()` or `install()` function and let users call it themselves.\n\n10. **Make `package.json` authoritative**\n - Required modern shape: `"type": "module"`, explicit `exports`, correct declarations, `files` allowlist, accurate `sideEffects`, sensible `engines`, and release scripts.\n - Include README.md, AGENTS.md, and LICENSE in `files` when they exist.\n - `files` should prevent tests, fixtures, private docs, build caches, local configs, and large generated artifacts from leaking into the tarball.\n - Avoid stale `main`/`module` fields unless compatibility evidence requires them; if kept, they must agree with `exports`.\n - Keep runtime dependency fields accurate. A package that works locally only because a runtime dependency is in `devDependencies` is broken.\n\n11. **Validate the published artifact**\n - Run normal lint, typecheck, tests, and `rslib build`.\n - Smoke test built ESM output.\n - Run type-level tests when the public API is type-heavy.\n - Run `npm pack --dry-run` and inspect included files.\n - In Rslib, prefer `rsbuild-plugin-publint` to run publint after build; use `npx publint` as a CLI fallback.\n - In Rslib, prefer `rsbuild-plugin-arethetypeswrong` to run Are The Types Wrong after build when declarations are shipped; use `npx --yes @arethetypeswrong/cli --pack .` as a CLI fallback.\n - Install the packed tarball into clean consumer fixtures for important packages.\n - Test ESM import, bundler import for browser/component libraries, CLI execution for `bin` packages, and every public subpath export.\n\n12. **Prepare README.md and AGENTS.md before publishing**\n - Always check whether both files exist before publishing or modernizing a package.\n - If either file is missing, recommend adding it; for implementation tasks, create a concise version unless the user asks not to.\n - README.md should include: package name, one-sentence purpose, install/usage, key features or API links, supported environments, docs/related links, changelog or contribution link, and license.\n - AGENTS.md should include: stack, package contract, common commands, source layout, code style, validation commands, and release checklist.\n - Keep both files synchronized with `package.json#exports`, supported runtimes, and actual Rslib output.\n\n13. **Publish with supply-chain hygiene**\n - Follow SemVer and document breaking changes.\n - Maintain a changelog for user-visible changes.\n - Use prerelease versions and dist-tags for beta/next channels.\n - Prefer CI publishing with npm provenance or trusted publishing.\n - Avoid long-lived publish tokens where trusted publishing is available.\n - Remember that a published package name/version pair cannot be reused safely.\n\n## Review Red Flags\n\n- `exports` is missing, points to files not emitted by Rslib, or allows public imports such as `pkg/dist/foo.js`.\n- `module`/`main` fields disagree with `exports`.\n- Type declarations do not match runtime entry points.\n- Runtime dependency is accidentally listed only in `devDependencies`.\n- React/Vue/Svelte/Rspack/Rsbuild/webpack/TypeScript is bundled or placed in `dependencies` when it should be a peer.\n- `sideEffects: false` is set while importing CSS, polyfills, global registrations, global listeners, or prototype changes.\n- Package has install scripts without a strong reason.\n- Top-level import reads user files, starts timers, touches the network, mutates globals, or assumes `window`/`process`.\n- Published tarball contains private source maps, tests/fixtures that are not useful to consumers, large generated docs, local config secrets, or build caches.\n\n## Checklist\n\n- [ ] Supported environments are explicit.\n- [ ] Package is ESM-first, preferably pure ESM.\n- [ ] `package.json` has `"type": "module"`.\n- [ ] Public entry points are declared in `exports`.\n- [ ] No accidental reliance on undeclared deep imports.\n- [ ] Rslib output, declarations, `exports`, and `files` agree.\n- [ ] TypeScript strict mode is enabled.\n- [ ] Declarations are emitted and validated.\n- [ ] Runtime dependencies are justified and small.\n- [ ] Host frameworks/toolchains are peers.\n- [ ] Build/test/type/docs tools are dev dependencies.\n- [ ] `sideEffects` is accurate.\n- [ ] `npm pack --dry-run` has been inspected.\n- [ ] `publint` passes.\n- [ ] Are The Types Wrong check passes when declarations are shipped.\n- [ ] Built ESM smoke test passes.\n- [ ] README.md exists.\n- [ ] AGENTS.md exists.\n- [ ] Release flow uses SemVer, changelog, and provenance/trusted publishing when available.\n\n## Documentation\n\n- For the latest Rslib docs, read https://rslib.rs/llms.txt\n- Shipping ESM for CommonJS consumers: https://nodejs.github.io/package-examples/04-cjs-esm-interop/shipping-esm-for-cjs/\n',
|
|
55
55
|
".agents/skills/rspack-best-practices/SKILL.md": "---\nname: rspack-best-practices\ndescription: Rspack best practices for config, CLI workflow, type checking, CSS, bundle optimization, assets and profiling. Use when writing, reviewing, or troubleshooting Rspack projects.\n---\n\n# Rspack Best Practices\n\nApply these rules when writing or reviewing Rspack projects.\n\n## Configuration\n\n- Use `rspack.config.ts` and `defineConfig`\n- Define explicit `entry` values for multi-page applications\n- Keep one main config and branch by `process.env.NODE_ENV` only when needed\n- Keep rule conditions narrow and explicit (`test`, `include`, `exclude`, `resourceQuery`)\n- Prefer built-in Rspack plugins/loaders over community JS alternatives when equivalent features exist\n\n## CLI\n\nIf `@rspack/cli` is installed:\n\n- Use `rspack dev` for local development\n- Use `rspack build` for production build\n- Use `rspack preview` only for local production preview\n\n## Type checking\n\n- Use `ts-checker-rspack-plugin` for integrated dev/build type checks\n- Or run `tsc --noEmit`/`vue-tsc --noEmit` as an explicit script step\n\n## CSS\n\nChoose one strategy:\n\n- Built-in CSS (`type: 'css' | 'css/auto' | 'css/module'`) for modern setups\n- `css-loader` + `CssExtractRspackPlugin` for webpack migration compatibility\n- `style-loader` for pure style-in-JS runtime injection scenarios\n\nOptional:\n\n- Use `builtin:lightningcss-loader` when goals are syntax downgrade + vendor prefixing\n- Use `sass-loader`/`less-loader` for preprocessing Sass/Less files\n- Use `@tailwindcss/webpack` for Tailwind CSS integration\n\n## Bundle size optimization\n\n- Prefer dynamic `import()` for non-critical code paths\n- Prefer lightweight libraries where possible\n- Keep `target` aligned with real compatibility requirements\n\n## Asset management\n\n- Import source-managed assets from project source directories, not from `public`\n- Reference `public` files by absolute URL path\n- Prefer asset modules (`asset`, `asset/resource`, `asset/inline`, `asset/source`) over legacy `file-loader`/`url-loader`/`raw-loader`\n\n## Profiling\n\n- Use Node CPU profiling (`--cpu-prof`) when JavaScript-side overhead is suspected\n- Use `RSPACK_PROFILE=OVERVIEW` and analyze trace output for compiler-phase bottlenecks\n- Replace known slow stacks first (`babel-loader`, PostCSS, terser) with Rspack built-ins when feasible\n\n## Security\n\n- Do not publish `.map` files to public servers/CDNs when production source maps are enabled\n\n## Documentation\n\n- For the latest (v2) docs, read http://rspack.rs/llms.txt\n- For Rspack v1 docs, read http://v1.rspack.rs/llms.txt\n",
|
|
56
56
|
".agents/skills/rstest-best-practices/SKILL.md": "---\nname: rstest-best-practices\ndescription: Rstest best practices for config, CLI workflow, test writing, mocking, snapshot testing, DOM testing, coverage, multi-project setup, CI integration, performance and debugging. Use when writing, reviewing, or troubleshooting Rstest test projects.\n---\n\n# Rstest Best Practices\n\nApply these rules when writing or reviewing Rstest test projects.\n\n## Configuration\n\n- Use `rstest.config.ts` and `defineConfig` from `@rstest/core`\n- Prefer explicit imports `import { test, expect, describe } from '@rstest/core'` over `globals: true`\n- For Rsbuild projects, use `@rstest/adapter-rsbuild` with `extends: withRsbuildConfig()` to reuse build config\n- For Rslib projects, use `@rstest/adapter-rslib` with `extends: withRslibConfig()` to reuse build config\n- Use `setupFiles` for shared test setup (e.g., custom matchers, cleanup hooks)\n- When using Rsbuild plugins (e.g., `@rsbuild/plugin-react`), add them via the `plugins` field\n- For deep-level or advanced build configuration needs, use `tools.rspack` or `tools.bundlerChain`\n\n## CLI\n\n- Use `rstest` or `rstest run` to run tests (`run` disables watch mode, suitable for CI)\n- Use `rstest --watch` or `rstest watch` for local development with file watching\n- Use `rstest list` to list all test files and test names\n- Use `rstest -u` to update snapshots\n- Use `--reporter=verbose` when debugging test failures for detailed output\n- Use `--config` (`-c`) to specify a custom config file path\n\n## Test writing\n\n- Import test APIs from `@rstest/core`: `test`, `describe`, `expect`, `beforeEach`, `afterEach`, etc.\n- Use `test` or `it` for test cases; use `describe` for grouping related tests\n- Use `.only` to focus on specific tests during development, but never commit `.only` to the codebase\n- Use `.skip` or `.todo` to mark incomplete or temporarily skipped tests\n- Prefer small, focused test cases that test a single behavior\n- For async error paths, prefer `await expect(fn()).rejects.toThrow(ErrorClass)` (or `.rejects.toMatchObject({ ... })`) over `try/catch` with `expect.fail` or `.catch(e => e)` patterns — the matcher form fails clearly if the promise unexpectedly resolves, keeps the assertion in one chain, and avoids forgetting to assert the throw at all\n- For async happy paths, use `await expect(fn()).resolves.toEqual(...)` for the same reason\n- Use `includeSource` for in-source testing of small utility functions (Rust-style `import.meta.rstest`)\n- For in-source tests, wrap test code in `if (import.meta.rstest) { ... }` and define `import.meta.rstest` as `false` in production build config\n\n## Test environment\n\n- Use `testEnvironment: 'node'` (default) for Node.js / server-side code\n- Use `testEnvironment: 'jsdom'` or `testEnvironment: 'happy-dom'` for DOM / browser API testing\n- Install `jsdom` or `happy-dom` as a dev dependency when using DOM environments\n- Prefer `happy-dom` for faster DOM testing; use `jsdom` when better browser API compatibility is needed\n- For real browser testing, use `@rstest/browser` with Playwright\n- Use inline project configs to run different test environments within one project (e.g., `node` and `jsdom` projects)\n\n## React / Vue testing\n\n- For React: use `@rsbuild/plugin-react` plugin and `@testing-library/react` for component testing\n- For Vue: use `@rsbuild/plugin-vue` plugin and `@testing-library/vue` for component testing\n- Create a `rstest.setup.ts` with `expect.extend(jestDomMatchers)` and `afterEach(() => cleanup())` for Testing Library\n- Add the setup file to `setupFiles` in config\n- For SSR testing, use `testEnvironment: 'node'` and test with `react-dom/server` or framework-specific SSR APIs\n\n## Mocking\n\n- Use `rs.mock('./module')` to mock modules\n- Use `rs.fn()` to create mock functions\n- Use `rs.spyOn(object, 'method')` to spy on methods\n- Prefer `clearMocks`, `resetMocks`, or `restoreMocks` config options to automatically clean up mocks between tests\n- Use factory functions in `rs.mock('./module', () => ({ ... }))` to provide mock implementations\n\n## Snapshot testing\n\n- Use `toMatchSnapshot()` for general snapshot testing\n- Use `toMatchInlineSnapshot()` for small, readable inline snapshots\n- Use `toMatchFileSnapshot()` for large or structured outputs (e.g., HTML, generated code)\n- Keep snapshots concise — only include relevant data, avoid timestamps and session IDs\n- Use `expect.addSnapshotSerializer()` to mask paths or sensitive data in snapshots\n- Use `path-serializer` to normalize file paths across platforms\n- Review snapshot changes carefully in code review\n\n## Coverage\n\n- Enable coverage with `--coverage` CLI flag or `coverage.enabled: true` in config\n- Install `@rstest/coverage-istanbul` for the Istanbul coverage provider\n- Use `coverage.include` to specify source files for coverage (e.g., `['src/**/*.{js,ts,tsx}']`)\n- Use `coverage.thresholds` to enforce minimum coverage requirements\n- Use `coverage.reporters` to generate reports in different formats (e.g., `text`, `lcov`, `html`)\n\n## Multi-project testing\n\n- Use `projects` field in root config to define multiple test projects\n- For monorepos, use glob patterns like `'packages/*'` to auto-discover sub-projects\n- Use `defineProject` helper in sub-project configs\n- Extract shared config and use `mergeRstestConfig` to compose project configs\n- Global options (`reporters`, `pool`, `isolate`, `coverage`, `bail`) must be set at the root level, not in projects\n\n## CI integration\n\n- Use `rstest run` (not `rstest watch`) in CI\n- Use `--shard` for parallel test execution across CI machines (e.g., `--shard 1/3`)\n- Use `--reporter=blob` with `rstest merge-reports` to combine sharded results\n- Use `--reporter=junit` with `outputPath` for CI report integration\n- The `github-actions` reporter is auto-enabled in GitHub Actions for inline error annotations\n- Use `--bail` to stop early on first failure when appropriate\n\n## Performance\n\n- Disable `isolate` (`--no-isolate`) when tests have no side effects for faster execution via module cache reuse\n- Use `pool.maxWorkers` to control parallelism based on available resources\n- Keep test build fast by avoiding unnecessary Rspack plugins in test config\n- Use test filtering (`rstest <pattern>` or `-t <name>`) to run only relevant tests during development\n- Leverage watch mode's incremental re-runs for fast local feedback\n\n## Debugging\n\n- Run with `DEBUG=rstest` to enable debug mode, which writes final configs and build outputs to disk\n- Read generated files in `dist/.rstest-temp/.rsbuild/` to confirm final Rstest/Rsbuild/Rspack config\n- Use VS Code's JavaScript Debug Terminal to run `rstest` with breakpoints\n- Use `--reporter=verbose` for detailed per-test output\n- Use `--printConsoleTrace` to trace console calls to their source\n- Add VS Code launch config for debugging specific test files with `@rstest/core/bin/rstest.js`\n\n## Profiling\n\n- Use Rsdoctor with `RSDOCTOR=true rstest run` to analyze test build performance\n- Use `samply` for native profiling of both main and worker processes\n- Use Node.js `--heap-prof` for memory profiling\n\n## Toolchain integration\n\n- Use the official VS Code extension (`rstack.rstest`) for in-editor test running and debugging\n- For Rslib libraries, use `@rstest/adapter-rslib` for config reuse\n- For Rsbuild apps, use `@rstest/adapter-rsbuild` for config reuse\n- Use `process.env.RSTEST` to detect test environment and apply test-specific config\n\n## Documentation\n\n- For the latest Rstest docs, read https://rstest.rs/llms.txt\n",
|
|
@@ -1,24 +1,24 @@
|
|
|
1
1
|
import { commonFiles } from "./common.mjs";
|
|
2
2
|
const MWAFiles = {
|
|
3
3
|
...commonFiles,
|
|
4
|
-
".mise.toml": "[tools]\npnpm = \"11.5.2\"\n",
|
|
5
4
|
".gitignore": "node_modules/\ndist/\nbuild/\n.modernjs/cache/\n.modernjs/agent-reference-repos-tmp/\n",
|
|
6
|
-
"
|
|
7
|
-
"
|
|
5
|
+
".mise.toml": "[tools]\npnpm = \"11.5.2\"\n",
|
|
6
|
+
"AGENTS.md": "# UltraModern Agent Contract\n\nThis workspace is generated as an agent-ready UltraModern.js SuperApp shell.\nAgents should treat the files under `.agents/skills` as local project\ninstructions, not optional reading.\n\n## Quality Gates\n\n- `pnpm lint` runs Oxlint with the Ultracite preset.\n- `pnpm format` runs oxfmt.\n- `pnpm typecheck` runs effect-tsgo as the TypeScript checker.\n- `pnpm i18n:boundaries` verifies workspace source boundaries through `@modern-js/code-tools`.\n- `pnpm contract:check` verifies the generated workspace contract.\n- `pnpm mf:types` verifies Module Federation type outputs after builds.\n- `pnpm check` is a local convenience aggregate for the primitive gates.\n- Generated CI runs primitive gates as separate matrix jobs instead of calling `pnpm check`.\n- Generated Codex stop hooks and subagent-stop hooks run `pnpm format && pnpm lint:fix && pnpm check`.\n- `postinstall` formats the generated tree, initializes Git when needed, prepares agent skills and reference repos, then installs `lefthook`. Generated `lefthook.yml` runs separate format and lint-fix commands on pre-commit; pre-push runs read-only primitive gates in parallel.\n\n## Localized Routes\n\nGenerated apps keep locale-prefixed entry routes under `src/routes/[lang]`,\nstatic language links, and canonical plus `hreflang` metadata. A new workspace\nstarts shell-only; `create <domain> --vertical` adds route-owned metadata,\nlocalized resources, and Effect BFF surfaces for that domain. Runtime i18n is\nnot enabled in the starter because the current React 19 + Module Federation\nstreaming SSR stack must render predictably first. Production builds fail unless\n`MODERN_PUBLIC_SITE_URL` is set per deployed app, so canonical URLs always use\nthe production origin.\n\n## Required Skill Baseline\n\nUse these skills when the task touches the matching subsystem:\n\n- `rsbuild-best-practices`: Modern.js app build configuration, Rsbuild options, assets, type checking, and build debugging.\n- `rspack-best-practices`: Rspack-level bundling, CSS, assets, profiling, and production build behavior.\n- `rspack-tracing`: Rspack build failures, slow builds, crash localization, and trace analysis.\n- `rsdoctor-analysis`: Evidence-based bundle analysis from `rsdoctor-data.json`, including duplicate packages, large chunks, and retained modules.\n- `rslib-best-practices`: Shared packages, generated libraries, declaration output, and Rslib configuration.\n- `rslib-modern-package`: Package contracts for shared libraries, exports, side effects, dependency placement, README, and release readiness.\n- `rstest-best-practices`: Rstest configuration, test writing, mocking, snapshots, coverage, and CI test behavior.\n- `mf`: Module Federation docs, Modern.js integration, DTS/type checks, shared dependency checks, runtime errors, and observability troubleshooting.\n\nThe public `module-federation/agent-skills` repository is installed during `pnpm install` and `pnpm skills:install`. Postinstall mode skips unavailable clone sources instead of blocking dependency installation; `pnpm skills:install` remains strict for required public skills. Use `ULTRAMODERN_SKIP_AGENT_SKILLS=1` when an install must avoid external skill repositories completely. `pnpm skills:check` fails when the required public `mf` skill is missing unless that skip flag is set.\n\n## Private Skills\n\nScriptedAlchemy/TechsioCZ skills are private and are cloned only when the current developer is authorized for `TechsioCZ/skills`.\n\n```bash\npnpm skills:install\n```\n\nThe installer copies only the pinned private skills from `.agents/skills-lock.json`: `plan-graph`, `dag`, `subagent-graph`, `helm`, and `debugger-mode`.\n\n## Agent Reference Repositories\n\nThe workspace installs read-only source references under `repos/` by default during `pnpm install` using `git subtree add --squash`. These repositories are reference material for coding agents, not application source:\n\n- `repos/effect` from `Effect-TS/effect`.\n- `repos/ultramodern.js` from `BleedingDev/ultramodern.js`.\n\nAgents may read files under `repos/` to understand upstream patterns, APIs, and project conventions. Do not edit files under `repos/`, import from them, or make production code depend on them. To skip this setup, run installs with `ULTRAMODERN_SKIP_AGENT_REPOS=1`.\n\n## Project Priorities\n\n- Keep `presetUltramodern` as the single preset.\n- Keep the initial workspace shell-only unless a user explicitly asks for a\n starter vertical.\n- Use `create <domain> --vertical` as the growth path for real business\n MicroVerticals.\n- Prefer Effect for BFF code.\n- Prefer TanStack Router for app routing.\n- Keep UI-kit or design-system code as ordinary vertical or shared package code, not a special core path.\n- Keep generated packages explicit and publishable: stable `exports`, correct declarations, small public APIs, and clear ownership metadata.\n- Do not add migration tooling or codemods unless the project owner explicitly asks for migration work.\n\n## Skill Provenance\n\nThe vendored Rstack skills, public Module Federation skill, and private TechsioCZ skill set are pinned in `.agents/skills-lock.json`. Do not update, remove, or replace them casually. If a skill needs updating, update the lock file and run the affected primitive gate plus `pnpm check`.\n",
|
|
7
|
+
"README.md": "# modern-app\n\nGenerated UltraModern SuperApp workspace.\n\nThis workspace keeps `presetUltramodern(...)` as the single public\nUltraModern.js 3.0 SuperApp surface and starts with an explicit shell:\n\n- `apps/shell-super-app` owns shell route assembly, Module Federation host\n wiring, shared SSR/i18n runtime setup, and the boundary debugger.\n- `packages/shared-*` provide placeholders for cross-workspace contracts,\n design tokens, and Effect API sharing.\n- `verticals/*` is intentionally empty until a real business domain is added.\n\nAdd a full-stack MicroVertical when the product needs one:\n\n```bash\npnpm dlx @bleedingdev/modern-js-create transportation --vertical\npnpm dlx @bleedingdev/modern-js-create payments --vertical\n```\n\nEach added vertical owns its UI/routes, browser-safe Module Federation exposes,\nprivate-first route metadata, localized URLs, public-route opt-ins, CSS prefix,\nEffect BFF handlers, local API contract, and typed client surface. Server\nhandlers and Effect client/contract modules stay out of browser exposes.\n\n## Private-First Public Surfaces\n\nGenerated app routes are private and non-indexable by default. Private app,\nauth, tenant, dashboard, and internal routes publish no discovery output unless\nroute metadata explicitly marks them `public && indexable`. The default scaffold\ntherefore emits only a disallowing `robots.txt`; sitemap, web manifest,\n`llms.txt`, API catalog, security.txt, and JSON-LD output stay omitted until a\nsafe public route or public docs/help/product surface exists.\n\nRun the scaffold validator before adding business code and after every\n`--vertical` mutation:\n\n```bash\nmise install\npnpm install\npnpm check\npnpm build\n```\n\nGenerated CI does not call the local aggregate. It runs format, lint,\ntypecheck, skills, i18n boundary validation, contract validation, and build as\nseparate matrix jobs so failures are isolated and parallelizable.\n\nBy default, `pnpm install` also prepares read-only agent reference repositories\nunder `repos/` for Effect and UltraModern.js source lookup using squashed git\nsubtrees. Disable this setup with\n`ULTRAMODERN_SKIP_AGENT_REPOS=1 pnpm install`, or rerun it\nexplicitly with `pnpm agents:refs:install`.\n\nAgent skills are prepared during `pnpm install` as a developer convenience.\nExternal skill repository failures do not block postinstall; strict installation\nis available with `pnpm skills:install`. Use\n`ULTRAMODERN_SKIP_AGENT_SKILLS=1` for a dependency install that avoids external\nskill repositories completely.\n\nThe topology and ownership metadata are generated under `topology/`. The\nworkspace also ships `.github/workflows/ultramodern-workspace-gates.yml` and\n`.github/renovate.json` with read-only workflow permissions, commit-pinned\nactions, frozen installs, StepSecurity audit-mode runner hardening, dependency\ndashboard review, one-day release age, grouped updates, and manual approval for\nmajor upgrades.\n\nPackage source metadata is generated at\n`.modernjs/ultramodern-package-source.json`. The default strategy keeps\nUltraModern.js runtime and tooling packages on `workspace:*` for monorepo\ndevelopment. To create a workspace that can install those packages outside the\nmonorepo, generate with `--ultramodern-package-source install`; generated shared\npackages still use `workspace:*` because they are part of this workspace.\n\n## Cloudflare Proof\n\nDeploy the generated apps, then pass each deployed app's generated public URL\nenv key into the proof step. A shell-only workspace only needs the shell URL;\nadded verticals use the same `ULTRAMODERN_PUBLIC_URL_<APP_ID>` pattern with\nhyphens converted to underscores and uppercased.\n\n```bash\npnpm cloudflare:deploy\nULTRAMODERN_PUBLIC_URL_SHELL_SUPER_APP=https://shell-super-app.example.workers.dev \\\npnpm cloudflare:proof -- --require-public-urls\n```\n\n## Troubleshooting\n\n| Symptom | Current check | Owner |\n| --- | --- | --- |\n| Package cohort mismatch | Regenerate with one package source strategy, run `mise install`, then rerun `pnpm install` from the activated shell. | Generated workspace package source metadata |\n| Install failure | Check the active Node/pnpm from `mise install`; rerun `pnpm install` after the shell sees the pinned versions. | Toolchain setup |\n| Build failure | Run the matching primitive gate (`pnpm lint`, `pnpm typecheck`, `pnpm i18n:boundaries`, `pnpm contract:check`) before `pnpm build`; fix the owning failure first. | Owning package or generated contract |\n| Missing public URL | Set the env key from `.modernjs/ultramodern-generated-contract.json`, for example `ULTRAMODERN_PUBLIC_URL_SHELL_SUPER_APP`. | Deployment operator |\n| Cloudflare credentials | Confirm Wrangler credentials before `pnpm cloudflare:deploy`; local checks do not prove live Worker access. | Deployment operator |\n| Asset or CSS 404 | Rebuild with `pnpm build` or `pnpm cloudflare:deploy` and inspect emitted Modern/Rspack asset paths instead of hardcoding CSS URLs. | Framework/runtime asset pipeline |\n| Federation manifest failure | Run the shell and vertical build scripts, then check each deployed `/mf-manifest.json` URL used by the shell. | Module Federation owner |\n",
|
|
8
8
|
"lefthook.yml": "pre-commit:\n commands:\n format:\n run: pnpm format\n stage_fixed: true\n lint-fix:\n run: pnpm lint:fix\n stage_fixed: true\n\npre-push:\n parallel: true\n commands:\n format:\n run: pnpm format:check\n lint:\n run: pnpm lint\n typecheck:\n run: pnpm typecheck\n skills:\n run: pnpm skills:check\n i18n-boundaries:\n run: pnpm i18n:boundaries\n contract:\n run: pnpm contract:check\n",
|
|
9
9
|
"oxfmt.config.ts": "import { defineConfig } from 'oxfmt';\nimport ultracite from 'ultracite/oxfmt';\n\nexport default defineConfig({\n extends: [ultracite],\n ignorePatterns: [\n '.agents',\n '**/*.json',\n 'dist',\n 'node_modules',\n 'repos/**',\n '.modern',\n '.modernjs',\n '**/routeTree.gen.ts',\n ],\n singleQuote: true,\n});\n",
|
|
10
10
|
"oxlint.config.ts": "import { defineConfig } from 'oxlint';\nimport core from 'ultracite/oxlint/core';\nimport react from 'ultracite/oxlint/react';\n\nexport default defineConfig({\n env: {\n browser: true,\n node: true,\n },\n extends: [core, react],\n ignorePatterns: [\n '.agents',\n 'dist',\n 'node_modules',\n 'repos/**',\n '.modern',\n '.modernjs',\n '**/routeTree.gen.ts',\n ],\n});\n",
|
|
11
11
|
"pnpm-workspace.yaml": "packages:\n - apps/*\n - verticals/*\n - packages/*\n\nminimumReleaseAge: 1440\nminimumReleaseAgeStrict: true\nminimumReleaseAgeIgnoreMissingTime: false\nminimumReleaseAgeExclude:\n - '@bleedingdev/modern-js-*'\n - '@tanstack/react-router'\n - '@tanstack/router-core'\n - '@typescript/native-preview'\n - '@typescript/native-preview-*'\n - '@types/react'\ntrustPolicy: no-downgrade\ntrustPolicyIgnoreAfter: 1440\nblockExoticSubdeps: true\nengineStrict: true\npmOnFail: error\nverifyDepsBeforeRun: error\nstrictDepBuilds: true\n\npeerDependencyRules:\n allowedVersions:\n react: '>=19.0.0'\n typescript: '>=6.0.0'\n\noverrides:\n '@tanstack/react-router': 1.170.15\n node-fetch: '^3.3.2'\n\nallowBuilds:\n '@swc/core': true\n core-js: true\n esbuild: true\n lefthook: true\n msgpackr-extract: true\n sharp: true\n workerd: true\n",
|
|
12
12
|
".codex/hooks.json": "{\n \"Stop\": [\n {\n \"command\": \"pnpm format && pnpm lint:fix && pnpm check\",\n \"timeout\": 600000,\n \"statusMessage\": \"Running UltraModern quality gates\"\n }\n ],\n \"SubagentStop\": [\n {\n \"command\": \"pnpm format && pnpm lint:fix && pnpm check\",\n \"timeout\": 600000,\n \"statusMessage\": \"Running UltraModern quality gates\"\n }\n ]\n}\n",
|
|
13
|
-
"scripts/bootstrap-agent-skills.mjs": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst lockPath = path.join(root, '.agents/skills-lock.json');\nconst checkOnly = process.argv.includes('--check');\nconst force = process.argv.includes('--force');\n\nconst readJson = filePath => JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n\nconst run = (command, args, options = {}) =>\n execFileSync(command, args, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n });\n\nconst commandExists = command => {\n try {\n run(command, ['--version'], { stdio: 'ignore' });\n return true;\n } catch {\n return false;\n }\n};\n\nconst runShell = script =>\n run('sh', ['-lc', script], {\n stdio: 'inherit',\n });\n\nconst installGit = () => {\n if (commandExists('git')) {\n return;\n }\n\n if (commandExists('brew')) {\n run('brew', ['install', 'git'], { stdio: 'inherit' });\n } else if (process.platform === 'linux' && commandExists('apt-get')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}apt-get update && ${sudo}apt-get install -y git`);\n } else if (process.platform === 'linux' && commandExists('dnf')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}dnf install -y git`);\n } else if (process.platform === 'linux' && commandExists('yum')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}yum install -y git`);\n } else if (process.platform === 'linux' && commandExists('apk')) {\n runShell('apk add --no-cache git');\n }\n\n if (!commandExists('git')) {\n throw new Error(\n 'Git is required for UltraModern setup. Install git and run pnpm skills:install again.',\n );\n }\n};\n\nconst isInsideGitWorkTree = () => {\n try {\n return run('git', ['rev-parse', '--is-inside-work-tree']).trim() === 'true';\n } catch {\n return false;\n }\n};\n\nconst initializeGitRepository = () => {\n if (isInsideGitWorkTree()) {\n return;\n }\n\n try {\n run('git', ['init', '-b', 'main'], { stdio: 'inherit' });\n } catch {\n run('git', ['init'], { stdio: 'inherit' });\n run('git', ['branch', '-M', 'main'], { stdio: 'inherit' });\n }\n};\n\nconst installLefthook = () => {\n try {\n run('lefthook', ['install'], { stdio: 'inherit' });\n } catch (error) {\n console.warn(`Unable to install lefthook hooks: ${error.message}`);\n }\n};\n\nconst removeTree = dir =>\n fs.rmSync(dir, {\n force: true,\n maxRetries: 5,\n recursive: true,\n retryDelay: 100,\n });\n\nconst cloneSource = (source, targetDir) => {\n if (source.commit) {\n run('git', ['init', targetDir]);\n run('git', ['remote', 'add', 'origin', source.repository], {\n cwd: targetDir,\n });\n run('git', ['fetch', '--depth', '1', '--quiet', 'origin', source.commit], {\n cwd: targetDir,\n });\n run(\n 'git',\n [\n '-c',\n 'advice.detachedHead=false',\n 'checkout',\n '--detach',\n '--quiet',\n 'FETCH_HEAD',\n ],\n { cwd: targetDir },\n );\n return;\n }\n\n const repo = source.repository.replace(/^https:\\/\\/github.com\\//u, '');\n try {\n run(
|
|
13
|
+
"scripts/bootstrap-agent-skills.mjs": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst lockPath = path.join(root, '.agents/skills-lock.json');\nconst checkOnly = process.argv.includes('--check');\nconst force = process.argv.includes('--force');\nconst postinstall = process.argv.includes('--postinstall');\nconst truthy = value => /^(1|true|yes|on)$/i.test(String(value ?? ''));\nconst falsy = value => /^(0|false|no|off)$/i.test(String(value ?? ''));\nconst skipRequested =\n truthy(process.env.ULTRAMODERN_SKIP_AGENT_SKILLS) ||\n falsy(process.env.ULTRAMODERN_AGENT_SKILLS);\nconst cloneTimeoutMs = Number.parseInt(\n process.env.ULTRAMODERN_AGENT_SKILLS_CLONE_TIMEOUT_MS ?? '60000',\n 10,\n);\n\nconst readJson = filePath => JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n\nconst run = (command, args, options = {}) =>\n execFileSync(command, args, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n timeout: options.timeout,\n });\n\nconst commandExists = command => {\n try {\n run(command, ['--version'], { stdio: 'ignore' });\n return true;\n } catch {\n return false;\n }\n};\n\nconst runShell = script =>\n run('sh', ['-lc', script], {\n stdio: 'inherit',\n });\n\nconst installGit = () => {\n if (commandExists('git')) {\n return;\n }\n\n if (commandExists('brew')) {\n run('brew', ['install', 'git'], { stdio: 'inherit' });\n } else if (process.platform === 'linux' && commandExists('apt-get')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}apt-get update && ${sudo}apt-get install -y git`);\n } else if (process.platform === 'linux' && commandExists('dnf')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}dnf install -y git`);\n } else if (process.platform === 'linux' && commandExists('yum')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}yum install -y git`);\n } else if (process.platform === 'linux' && commandExists('apk')) {\n runShell('apk add --no-cache git');\n }\n\n if (!commandExists('git')) {\n throw new Error(\n 'Git is required for UltraModern setup. Install git and run pnpm skills:install again.',\n );\n }\n};\n\nconst isInsideGitWorkTree = () => {\n try {\n return run('git', ['rev-parse', '--is-inside-work-tree']).trim() === 'true';\n } catch {\n return false;\n }\n};\n\nconst initializeGitRepository = () => {\n if (isInsideGitWorkTree()) {\n return;\n }\n\n try {\n run('git', ['init', '-b', 'main'], { stdio: 'inherit' });\n } catch {\n run('git', ['init'], { stdio: 'inherit' });\n run('git', ['branch', '-M', 'main'], { stdio: 'inherit' });\n }\n};\n\nconst installLefthook = () => {\n try {\n run('lefthook', ['install'], { stdio: 'inherit' });\n } catch (error) {\n console.warn(`Unable to install lefthook hooks: ${error.message}`);\n }\n};\n\nconst removeTree = dir =>\n fs.rmSync(dir, {\n force: true,\n maxRetries: 5,\n recursive: true,\n retryDelay: 100,\n });\n\nconst cloneSource = (source, targetDir) => {\n if (source.commit) {\n run('git', ['init', targetDir], { timeout: 30000 });\n run('git', ['remote', 'add', 'origin', source.repository], {\n cwd: targetDir,\n timeout: 30000,\n });\n run('git', ['fetch', '--depth', '1', '--quiet', 'origin', source.commit], {\n cwd: targetDir,\n timeout: cloneTimeoutMs,\n });\n run(\n 'git',\n [\n '-c',\n 'advice.detachedHead=false',\n 'checkout',\n '--detach',\n '--quiet',\n 'FETCH_HEAD',\n ],\n { cwd: targetDir, timeout: 30000 },\n );\n return;\n }\n\n const repo = source.repository.replace(/^https:\\/\\/github.com\\//u, '');\n try {\n run(\n 'gh',\n ['repo', 'clone', repo, targetDir, '--', '--depth', '1', '--quiet'],\n { timeout: cloneTimeoutMs },\n );\n } catch {\n run(\n 'git',\n ['clone', '--depth', '1', '--quiet', source.repository, targetDir],\n { timeout: cloneTimeoutMs },\n );\n }\n};\n\nconst resolveSkillDir = (sourceRoot, skillName) => {\n const candidates = [\n path.join(sourceRoot, skillName),\n path.join(sourceRoot, 'skills', skillName),\n path.join(sourceRoot, 'skills', 'engineering', skillName),\n path.join(sourceRoot, 'skills', 'productivity', skillName),\n ];\n return candidates.find(candidate =>\n fs.existsSync(path.join(candidate, 'SKILL.md')),\n );\n};\n\nif (!fs.existsSync(lockPath)) {\n console.error('Missing .agents/skills-lock.json');\n process.exit(1);\n}\n\nconst lock = readJson(lockPath);\nconst installDir = path.join(root, lock.installDir ?? '.agents/skills');\nconst sources = lock.sources ?? [];\nconst requiredCloneSources = sources.filter(\n source => source.install === 'clone',\n);\nconst optionalCloneSources = sources.filter(\n source => source.install === 'clone-if-authorized',\n);\nconst requiredSkills = [\n ...(lock.baseline ?? []),\n ...requiredCloneSources.flatMap(source => source.baseline ?? []),\n].filter(\n (skill, index, skills) =>\n skills.findIndex(candidate => candidate.name === skill.name) === index,\n);\n\nif (skipRequested) {\n const reason = 'agent skills bootstrap skipped by environment';\n if (checkOnly) {\n console.log(reason);\n process.exit(0);\n }\n console.log(reason);\n installLefthook();\n process.exit(0);\n}\n\nif (checkOnly) {\n const missingRequired = requiredSkills\n .map(skill => skill.name)\n .filter(\n skillName => !fs.existsSync(path.join(installDir, skillName, 'SKILL.md')),\n );\n const missingOptional = optionalCloneSources.flatMap(source =>\n (source.baseline ?? [])\n .map(skill => skill.name)\n .filter(\n skillName =>\n !fs.existsSync(path.join(installDir, skillName, 'SKILL.md')),\n ),\n );\n\n if (missingRequired.length > 0) {\n console.error(\n `Required agent skills not installed: ${missingRequired.join(', ')}. Run pnpm skills:install.`,\n );\n process.exit(1);\n }\n\n if (missingOptional.length > 0) {\n console.warn(\n `Private skills not installed: ${missingOptional.join(', ')}. Run pnpm skills:install if you have access.`,\n );\n } else {\n console.log('Required and private agent skills are installed.');\n process.exit(0);\n }\n console.log('Required agent skills are installed.');\n process.exit(0);\n}\n\nfs.mkdirSync(installDir, { recursive: true });\ninstallGit();\ninitializeGitRepository();\n\nfor (const source of [...requiredCloneSources, ...optionalCloneSources]) {\n const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ultramodern-skills-'));\n try {\n try {\n cloneSource(source, tempDir);\n } catch (error) {\n if (source.install === 'clone-if-authorized' || postinstall) {\n console.warn(`Skipping ${source.repository}; ${error.message}`);\n continue;\n }\n throw error;\n }\n for (const skill of source.baseline ?? []) {\n const sourceSkillDir = resolveSkillDir(tempDir, skill.name);\n if (!sourceSkillDir) {\n throw new Error(\n `Skill ${skill.name} not found in ${source.repository}`,\n );\n }\n const targetSkillDir = path.join(installDir, skill.name);\n if (fs.existsSync(targetSkillDir)) {\n if (!force) {\n console.log(`Skipping existing ${skill.name}`);\n continue;\n }\n removeTree(targetSkillDir);\n }\n fs.cpSync(sourceSkillDir, targetSkillDir, { recursive: true });\n console.log(`Installed ${skill.name}`);\n }\n } finally {\n removeTree(tempDir);\n }\n}\n\ninstallLefthook();\n",
|
|
14
14
|
"scripts/setup-agent-reference-repos.mjs": "import { spawnSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst args = new Set(process.argv.slice(2));\nconst checkOnly = args.has('--check');\nconst configPath = path.join(root, '.agents', 'agent-reference-repos.json');\nconst manifestPath = path.join(root, '.modernjs', 'agent-reference-repos.json');\n\nconst truthy = value => /^(1|true|yes|on)$/i.test(String(value ?? ''));\nconst falsy = value => /^(0|false|no|off)$/i.test(String(value ?? ''));\n\nconst skipRequested =\n truthy(process.env.ULTRAMODERN_SKIP_AGENT_REPOS) ||\n falsy(process.env.ULTRAMODERN_AGENT_REPOS);\nconst required = truthy(process.env.ULTRAMODERN_AGENT_REPOS_REQUIRED);\nconst refresh = truthy(process.env.ULTRAMODERN_AGENT_REPOS_REFRESH);\n\nconst gitIdentityEnv = {\n GIT_AUTHOR_NAME:\n process.env.GIT_AUTHOR_NAME || 'UltraModern Agent Reference Setup',\n GIT_AUTHOR_EMAIL:\n process.env.GIT_AUTHOR_EMAIL || 'ultramodern-agent-refs@local',\n GIT_COMMITTER_NAME:\n process.env.GIT_COMMITTER_NAME || 'UltraModern Agent Reference Setup',\n GIT_COMMITTER_EMAIL:\n process.env.GIT_COMMITTER_EMAIL || 'ultramodern-agent-refs@local',\n};\n\nconst log = message => console.log(`[agent-reference-repos] ${message}`);\nconst warn = message => console.warn(`[agent-reference-repos] ${message}`);\n\nfunction fail(message) {\n if (required || checkOnly) {\n throw new Error(message);\n }\n warn(message);\n}\n\nfunction readJson(filePath) {\n return JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n}\n\nfunction run(command, commandArgs, options = {}) {\n const result = spawnSync(command, commandArgs, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n env: {\n ...process.env,\n ...gitIdentityEnv,\n ...(options.env ?? {}),\n },\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n timeout: options.timeout ?? 120000,\n });\n\n if (result.error) {\n throw result.error;\n }\n if (result.status !== 0) {\n const stderr = result.stderr?.trim();\n throw new Error(\n `${command} ${commandArgs.join(' ')} failed${\n stderr ? `: ${stderr}` : ''\n }`,\n );\n }\n return result.stdout?.trim() ?? '';\n}\n\nfunction assertSafeRepoPath(relativePath) {\n if (\n typeof relativePath !== 'string' ||\n relativePath.length === 0 ||\n path.isAbsolute(relativePath) ||\n relativePath.split(/[\\\\/]+/).includes('..') ||\n !relativePath.startsWith('repos/')\n ) {\n throw new Error(`Unsafe reference repository path: ${relativePath}`);\n }\n}\n\nfunction hasGit() {\n const result = spawnSync('git', ['--version'], {\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0;\n}\n\nfunction hasGitSubtree() {\n const result = spawnSync('git', ['subtree', '-h'], {\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return (\n (result.status === 0 || result.status === 129) &&\n result.stdout.includes('usage: git subtree')\n );\n}\n\nfunction isGitWorkTree() {\n const result = spawnSync('git', ['rev-parse', '--is-inside-work-tree'], {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0 && result.stdout.trim() === 'true';\n}\n\nfunction hasCommits() {\n const result = spawnSync('git', ['rev-parse', '--verify', 'HEAD'], {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0;\n}\n\nfunction porcelainStatus() {\n return run('git', ['status', '--porcelain'], { timeout: 30000 });\n}\n\nfunction commitInstallerChanges(message) {\n run('git', ['commit', '--no-verify', '-m', message], {\n timeout: 120000,\n });\n}\n\nfunction ensureGitRepository() {\n if (!isGitWorkTree()) {\n if (checkOnly) {\n fail('workspace is not a git repository');\n return false;\n }\n log('initializing git repository for agent reference subtrees');\n run('git', ['init'], { timeout: 30000 });\n }\n\n if (!hasCommits()) {\n if (checkOnly) {\n fail('workspace has no initial git commit');\n return false;\n }\n log('creating initial workspace commit before adding reference subtrees');\n run('git', ['add', '-A'], { timeout: 30000 });\n commitInstallerChanges('Initialize UltraModern workspace');\n return true;\n }\n\n const status = porcelainStatus();\n if (status) {\n fail(\n 'workspace has uncommitted changes; commit or stash them before installing reference subtrees',\n );\n return false;\n }\n\n return true;\n}\n\nfunction remoteCommit(repo) {\n let output = run('git', ['ls-remote', repo.url, `refs/heads/${repo.ref}`], {\n timeout: 120000,\n });\n if (!output) {\n output = run('git', ['ls-remote', repo.url, repo.ref], {\n timeout: 120000,\n });\n }\n const [commit] = output.split(/\\s+/);\n if (!/^[a-f0-9]{40}$/i.test(commit ?? '')) {\n throw new Error(`Could not resolve ${repo.url}#${repo.ref}`);\n }\n return commit;\n}\n\nfunction subtreeCommitExists(repo) {\n const result = spawnSync(\n 'git',\n [\n 'log',\n '--grep',\n `git-subtree-dir: ${repo.path}`,\n '--format=%H',\n '-n',\n '1',\n ],\n {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n },\n );\n return result.status === 0 && result.stdout.trim().length > 0;\n}\n\nfunction installedManifestEntry(repo) {\n if (!fs.existsSync(manifestPath)) {\n return undefined;\n }\n try {\n const manifest = readJson(manifestPath);\n return manifest.repositories?.find(entry => entry.id === repo.id);\n } catch {\n return undefined;\n }\n}\n\nfunction assertSubtreePresent(repo) {\n assertSafeRepoPath(repo.path);\n const targetPath = path.join(root, repo.path);\n if (!fs.existsSync(targetPath)) {\n fail(`${repo.path} is missing`);\n return undefined;\n }\n if (!subtreeCommitExists(repo)) {\n fail(`${repo.path} is present but has no git-subtree commit evidence`);\n return undefined;\n }\n return (\n installedManifestEntry(repo) ?? {\n id: repo.id,\n name: repo.name,\n url: repo.url,\n ref: repo.ref,\n path: repo.path,\n readOnly: repo.readOnly !== false,\n status: 'present',\n strategy: 'git-subtree-squash',\n }\n );\n}\n\nfunction addSubtree(repo) {\n assertSafeRepoPath(repo.path);\n const targetPath = path.join(root, repo.path);\n const existing = fs.existsSync(targetPath);\n\n if (existing && !refresh) {\n return assertSubtreePresent(repo);\n }\n\n if (existing && refresh) {\n fail(\n `${repo.path} already exists; refresh for subtree references is intentionally manual`,\n );\n return undefined;\n }\n\n if (checkOnly) {\n fail(`${repo.path} is missing`);\n return undefined;\n }\n\n const commit = remoteCommit(repo);\n log(`adding ${repo.name} as git subtree at ${repo.path} (${commit})`);\n run('git', ['fetch', '--depth', '1', repo.url, repo.ref], {\n timeout: 300000,\n });\n run(\n 'git',\n [\n 'subtree',\n 'add',\n '--prefix',\n repo.path,\n 'FETCH_HEAD',\n '--squash',\n '-m',\n `Add ${repo.name} agent reference repo`,\n ],\n { timeout: 600000 },\n );\n\n return {\n schemaVersion: 1,\n id: repo.id,\n name: repo.name,\n url: repo.url,\n ref: repo.ref,\n commit,\n path: repo.path,\n readOnly: repo.readOnly !== false,\n strategy: 'git-subtree-squash',\n status: 'installed',\n installedAt: new Date().toISOString(),\n };\n}\n\nfunction writeManifest(entries) {\n fs.mkdirSync(path.dirname(manifestPath), { recursive: true });\n fs.writeFileSync(\n manifestPath,\n `${JSON.stringify(\n {\n schemaVersion: 1,\n generatedAt: new Date().toISOString(),\n strategy: 'git-subtree-squash',\n installDir: 'repos',\n repositories: entries,\n },\n null,\n 2,\n )}\\n`,\n );\n}\n\nfunction commitManifestIfChanged() {\n const status = run('git', ['status', '--porcelain', '--', manifestPath], {\n timeout: 30000,\n });\n if (!status) {\n return;\n }\n run('git', ['add', manifestPath], { timeout: 30000 });\n commitInstallerChanges('Record agent reference repo manifest');\n}\n\nfunction main() {\n if (!fs.existsSync(configPath)) {\n fail('Missing .agents/agent-reference-repos.json');\n return;\n }\n\n const config = readJson(configPath);\n const enabled = config.defaultEnabled !== false && !skipRequested;\n\n if (!enabled) {\n log('setup skipped; set ULTRAMODERN_SKIP_AGENT_REPOS=0 to enable it again');\n return;\n }\n\n if (!hasGit()) {\n fail('git is required to install agent reference repositories');\n return;\n }\n if (!hasGitSubtree()) {\n fail('git subtree is required to install agent reference repositories');\n return;\n }\n if (!ensureGitRepository()) {\n return;\n }\n\n const entries = [];\n for (const repo of config.repositories ?? []) {\n const result = checkOnly ? assertSubtreePresent(repo) : addSubtree(repo);\n if (result) {\n entries.push(result);\n }\n }\n\n if (!checkOnly) {\n writeManifest(entries);\n commitManifestIfChanged();\n }\n}\n\ntry {\n main();\n} catch (error) {\n if (required || checkOnly) {\n console.error(`[agent-reference-repos] ${error.message}`);\n process.exitCode = 1;\n } else {\n warn(error.message);\n }\n}\n",
|
|
15
15
|
".github/renovate.json": "{\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\"config:recommended\", \"helpers:pinGitHubActionDigests\"],\n \"dependencyDashboard\": true,\n \"minimumReleaseAge\": \"1 day\",\n \"prConcurrentLimit\": 5,\n \"prHourlyLimit\": 2,\n \"rangeStrategy\": \"bump\",\n \"schedule\": [\"before 5am on monday\"],\n \"timezone\": \"Etc/UTC\",\n \"packageRules\": [\n {\n \"matchManagers\": [\"github-actions\"],\n \"groupName\": \"github-actions\",\n \"labels\": [\"dependencies\", \"github-actions\", \"security\"]\n },\n {\n \"matchManagers\": [\"npm\"],\n \"matchUpdateTypes\": [\"patch\", \"minor\"],\n \"groupName\": \"npm minor and patch updates\",\n \"labels\": [\"dependencies\", \"npm\"]\n },\n {\n \"matchUpdateTypes\": [\"major\"],\n \"dependencyDashboardApproval\": true,\n \"labels\": [\"dependencies\", \"major\"]\n }\n ]\n}\n",
|
|
16
16
|
".github/workflows/ultramodern-workspace-gates.yml": "name: Ultramodern Workspace Gates\n\non:\n push:\n pull_request:\n\npermissions:\n contents: read\n\ndefaults:\n run:\n shell: bash\n\nenv:\n FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true\n\nconcurrency:\n group: ultramodern-workspace-gates-${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n workspace-gate:\n name: ${{ matrix.name }}\n runs-on: ubuntu-latest\n timeout-minutes: 30\n strategy:\n fail-fast: false\n matrix:\n include:\n - name: Format\n command: pnpm format:check\n - name: Lint\n command: pnpm lint\n - name: Typecheck\n command: pnpm typecheck\n - name: Skills\n command: pnpm skills:check\n - name: I18n Boundaries\n command: pnpm i18n:boundaries\n - name: Contract\n command: pnpm contract:check\n - name: Build\n command: pnpm build\n steps:\n - name: Harden Runner\n uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2\n with:\n egress-policy: audit\n\n - name: Checkout\n uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n fetch-depth: 1\n persist-credentials: false\n\n - name: Setup Node.js\n uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0\n with:\n node-version: 24\n\n - name: Setup mise\n uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0\n\n - name: Install Dependencies\n run: mise exec -- pnpm install --frozen-lockfile\n\n - name: Run ${{ matrix.name }}\n env:\n MODERN_PUBLIC_SITE_URL: http://localhost:8080\n run: mise exec -- ${{ matrix.command }}\n",
|
|
17
17
|
".agents/agent-reference-repos.json": "{\n \"schemaVersion\": 1,\n \"defaultEnabled\": true,\n \"strategy\": \"git-subtree-squash\",\n \"installDir\": \"repos\",\n \"repositories\": [\n {\n \"id\": \"effect\",\n \"name\": \"Effect\",\n \"url\": \"https://github.com/Effect-TS/effect.git\",\n \"ref\": \"main\",\n \"path\": \"repos/effect\",\n \"readOnly\": true\n },\n {\n \"id\": \"ultramodern-js\",\n \"name\": \"UltraModern.js\",\n \"url\": \"https://github.com/BleedingDev/ultramodern.js.git\",\n \"ref\": \"main-ultramodern\",\n \"path\": \"repos/ultramodern.js\",\n \"readOnly\": true\n }\n ]\n}\n",
|
|
18
|
-
".agents/skills-lock.json": "{\n \"schemaVersion\": 1,\n \"source\": {\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\"\n },\n \"installDir\": \".agents/skills\",\n \"sources\": [\n {\n \"id\": \"rstack-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\",\n \"install\": \"vendored\"\n },\n {\n \"id\": \"module-federation-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/module-federation/agent-skills\",\n \"commit\": \"07bb5b6c43ad457609e00c081b72d4c42508ec76\",\n \"install\": \"clone\",\n \"baseline\": [\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ]\n },\n {\n \"id\": \"techsiocz-private\",\n \"visibility\": \"private\",\n \"repository\": \"https://github.com/TechsioCZ/skills\",\n \"install\": \"clone-if-authorized\",\n \"baseline\": [\n {\n \"name\": \"plan-graph\",\n \"reason\": \"Build and validate DAGs from .plan.md files\"\n },\n {\n \"name\": \"dag\",\n \"reason\": \"Inspect current plan frontiers and blocked lanes\"\n },\n {\n \"name\": \"subagent-graph\",\n \"reason\": \"Design dependency-aware multi-agent launch graphs\"\n },\n {\n \"name\": \"helm\",\n \"reason\": \"Steer already-running multi-agent work\"\n },\n {\n \"name\": \"debugger-mode\",\n \"reason\": \"Run hypothesis-driven debugging with runtime evidence\"\n }\n ]\n }\n ],\n \"baseline\": [\n {\n \"name\": \"rsbuild-best-practices\",\n \"path\": \".agents/skills/rsbuild-best-practices\",\n \"reason\": \"Modern.js application build configuration and Rsbuild troubleshooting\"\n },\n {\n \"name\": \"rspack-best-practices\",\n \"path\": \".agents/skills/rspack-best-practices\",\n \"reason\": \"Rspack bundling, CSS, asset, profiling, and production behavior\"\n },\n {\n \"name\": \"rspack-tracing\",\n \"path\": \".agents/skills/rspack-tracing\",\n \"reason\": \"Trace-backed Rspack failure and performance debugging\"\n },\n {\n \"name\": \"rsdoctor-analysis\",\n \"path\": \".agents/skills/rsdoctor-analysis\",\n \"reason\": \"Evidence-backed bundle composition, duplication, and retained-module analysis\"\n },\n {\n \"name\": \"rslib-best-practices\",\n \"path\": \".agents/skills/rslib-best-practices\",\n \"reason\": \"Rslib shared package and design-system library authoring\"\n },\n {\n \"name\": \"rslib-modern-package\",\n \"path\": \".agents/skills/rslib-modern-package\",\n \"reason\": \"Modern package contracts, exports, declarations, side effects, and release readiness\"\n },\n {\n \"name\": \"rstest-best-practices\",\n \"path\": \".agents/skills/rstest-best-practices\",\n \"reason\": \"Rstest configuration, test writing, mocking, snapshots, coverage, and CI behavior\"\n },\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ],\n \"excludedByDefault\": [\n \"migrate-to-rsbuild\",\n \"migrate-to-rslib\",\n \"migrate-to-rslint\",\n \"migrate-to-rstest\",\n \"rsbuild-v2-upgrade\",\n \"rspack-v2-upgrade\",\n \"rspress-v2-upgrade\"\n ]\n}\n",
|
|
19
18
|
".agents/rstackjs-agent-skills-LICENSE": "MIT License\n\nCopyright (c) 2026 RstackJS Contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n",
|
|
20
|
-
".agents/skills
|
|
19
|
+
".agents/skills-lock.json": "{\n \"schemaVersion\": 1,\n \"source\": {\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\"\n },\n \"installDir\": \".agents/skills\",\n \"sources\": [\n {\n \"id\": \"rstack-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\",\n \"install\": \"vendored\"\n },\n {\n \"id\": \"module-federation-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/module-federation/agent-skills\",\n \"commit\": \"07bb5b6c43ad457609e00c081b72d4c42508ec76\",\n \"install\": \"clone\",\n \"baseline\": [\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ]\n },\n {\n \"id\": \"techsiocz-private\",\n \"visibility\": \"private\",\n \"repository\": \"https://github.com/TechsioCZ/skills\",\n \"install\": \"clone-if-authorized\",\n \"baseline\": [\n {\n \"name\": \"plan-graph\",\n \"reason\": \"Build and validate DAGs from .plan.md files\"\n },\n {\n \"name\": \"dag\",\n \"reason\": \"Inspect current plan frontiers and blocked lanes\"\n },\n {\n \"name\": \"subagent-graph\",\n \"reason\": \"Design dependency-aware multi-agent launch graphs\"\n },\n {\n \"name\": \"helm\",\n \"reason\": \"Steer already-running multi-agent work\"\n },\n {\n \"name\": \"debugger-mode\",\n \"reason\": \"Run hypothesis-driven debugging with runtime evidence\"\n }\n ]\n }\n ],\n \"baseline\": [\n {\n \"name\": \"rsbuild-best-practices\",\n \"path\": \".agents/skills/rsbuild-best-practices\",\n \"reason\": \"Modern.js application build configuration and Rsbuild troubleshooting\"\n },\n {\n \"name\": \"rspack-best-practices\",\n \"path\": \".agents/skills/rspack-best-practices\",\n \"reason\": \"Rspack bundling, CSS, asset, profiling, and production behavior\"\n },\n {\n \"name\": \"rspack-tracing\",\n \"path\": \".agents/skills/rspack-tracing\",\n \"reason\": \"Trace-backed Rspack failure and performance debugging\"\n },\n {\n \"name\": \"rsdoctor-analysis\",\n \"path\": \".agents/skills/rsdoctor-analysis\",\n \"reason\": \"Evidence-backed bundle composition, duplication, and retained-module analysis\"\n },\n {\n \"name\": \"rslib-best-practices\",\n \"path\": \".agents/skills/rslib-best-practices\",\n \"reason\": \"Rslib shared package and design-system library authoring\"\n },\n {\n \"name\": \"rslib-modern-package\",\n \"path\": \".agents/skills/rslib-modern-package\",\n \"reason\": \"Modern package contracts, exports, declarations, side effects, and release readiness\"\n },\n {\n \"name\": \"rstest-best-practices\",\n \"path\": \".agents/skills/rstest-best-practices\",\n \"reason\": \"Rstest configuration, test writing, mocking, snapshots, coverage, and CI behavior\"\n },\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ],\n \"excludedByDefault\": [\n \"migrate-to-rsbuild\",\n \"migrate-to-rslib\",\n \"migrate-to-rslint\",\n \"migrate-to-rstest\",\n \"rsbuild-v2-upgrade\",\n \"rspack-v2-upgrade\",\n \"rspress-v2-upgrade\"\n ]\n}\n",
|
|
21
20
|
".agents/skills/rslib-best-practices/SKILL.md": '---\nname: rslib-best-practices\ndescription: Rslib best practices for config, CLI workflow, output, declaration files, dependency handling, build optimization and toolchain integration. Use when writing, reviewing, or troubleshooting Rslib projects.\n---\n\n# Rslib Best Practices\n\nApply these rules when writing or reviewing Rslib library projects.\n\n## Configuration\n\n- Use `rslib.config.ts` and `defineConfig`\n- Check Rslib-specific configurations first (e.g., `lib.*`), and also leverage Rsbuild configurations (e.g., `source.*`, `output.*`, `tools.*`) as needed\n- For deep-level or advanced configuration needs, use `tools.rspack` or `tools.bundlerChain` to access Rspack\'s native configurations\n- In TypeScript projects, prefer `tsconfig.json` path aliases\n\n## CLI\n\n- Use `rslib` to build\n- Use `rslib --watch` to build in watch mode for local development\n- Use `rslib inspect` to inspect final Rslib/Rsbuild/Rspack configs\n\n## Output\n\n- Prefer to build pure-ESM package with `"type": "module"` in `package.json`\n- Prefer to use bundleless mode with `output.target` set to `\'web\'` when building component libraries\n- Prefer to use bundle mode when building Node.js utility libraries\n- Ensure `exports` field in `package.json` is correctly configured and matches the actual JavaScript output and declaration files output of different formats (ESM, CJS, etc.)\n\n## Declaration files\n\n- Prefer to enable declaration file generation with `lib.dts: true` or detailed configurations\n- For faster type generation, enable `lib.dts.tsgo` experimental feature with `@typescript/native-preview` installed\n\n## Dependencies\n\n- Prefer to place dependencies to be bundled in `devDependencies` in bundle mode and dependencies in `dependencies` and `peerDependencies` will be automatically externalized (not bundled) by default\n- Verify the build output and dependency specifiers in `package.json` carefully to ensure no missing dependency errors occur when consumers install and use this package\n\n## Build optimization\n\n- Keep syntax target in `lib.syntax` aligned with real compatibility requirements to enable better optimizations\n- Avoid format-specific APIs in source code for better compatibility with different output formats\n- Prefer lightweight dependencies to reduce bundle size\n\n## Toolchain integration\n\n- Prefer to use Rstest with `@rstest/adapter-rslib` for writing tests\n- Prefer to use Rspress for writing library documentation, with `@rspress/plugin-preview` and `@rspress/plugin-api-docgen` for component previews and API docs\n\n## Debugging\n\n- Run with `DEBUG=rsbuild` when diagnosing config resolution or plugin behavior\n- Read generated files in `dist/.rsbuild` to confirm final Rsbuild/Rspack config, not assumed config\n\n## Documentation\n\n- For the latest Rslib docs, read https://rslib.rs/llms.txt\n',
|
|
21
|
+
".agents/skills/rsbuild-best-practices/SKILL.md": "---\nname: rsbuild-best-practices\ndescription: Rsbuild best practices for config, CLI workflow, type checking, bundle optimization, assets, and debugging. Use when writing, reviewing, or troubleshooting Rsbuild projects.\n---\n\n# Rsbuild Best Practices\n\nApply these rules when writing or reviewing Rsbuild projects.\n\n## Configuration\n\n- Use `rsbuild.config.ts` and `defineConfig`\n- Use `tools.rspack` or `tools.bundlerChain` only when no first-class Rsbuild option exists\n- Define explicit `source.entry` values for multi-page applications\n- In TypeScript projects, prefer `tsconfig.json` path aliases first\n\n## CLI\n\n- Use `rsbuild` for local development\n- Use `rsbuild build` for production build\n- Use `rsbuild preview` only for local production preview\n- Use `rsbuild inspect` to inspect final Rsbuild/Rspack configs\n\n## Type checking\n\n- Use `@rsbuild/plugin-type-check` for integrated dev/build type checks\n- Or run `tsc --noEmit`/`vue-tsc --noEmit` as an explicit script step\n\n## Bundle size optimization\n\n- Prefer dynamic `import()` for non-critical code paths\n- Prefer lightweight libraries where possible\n- Keep browserslist aligned with real compatibility requirements\n\n## Asset management\n\n- Import source-managed assets from project source directories, not from `public`\n- Reference `public` files by absolute URL path\n\n## Security\n\n- Do not publish `.map` files to public servers/CDNs when production source maps are enabled\n\n## Debugging\n\n- Run with `DEBUG=rsbuild` when diagnosing config resolution or plugin behavior\n- Read generated files in `dist/.rsbuild` to confirm final config, not assumed config\n\n## Profiling\n\n- Use Node CPU profiling (`--cpu-prof`) when JavaScript-side overhead is suspected\n- Use `RSPACK_PROFILE=OVERVIEW` and analyze trace output for compiler-phase bottlenecks\n\n## Documentation\n\n- For the latest (v2) docs, read http://rsbuild.rs/llms.txt\n- For Rsbuild v1 docs, read http://v1.rsbuild.rs/llms.txt\n",
|
|
22
22
|
".agents/skills/rslib-modern-package/SKILL.md": '---\nname: rslib-modern-package\ndescription: Opinionated Rslib recommendations for modern JS/TS npm package design covering pure ESM, strict TypeScript, explicit exports, small stable APIs, pragmatic dependencies, accurate sideEffects, correct declarations, package validation, provenance, README.md, and AGENTS.md. Use when the user wants to make a JS/TS package more modern, check whether the current package setup is healthy, review package.json/exports/types/dependencies/docs/release readiness, or apply a modern library baseline.\n---\n\n# Rslib Modern Package\n\nUse this skill when creating a new Rslib library, modernizing an existing JS/TS package, or reviewing a package against an opinionated modern library standard.\n\nThis skill is opinionated: it describes a recommended modern package contract and may suggest breaking changes when they make the package simpler, safer, and easier for modern consumers.\n\n## Standard\n\nDefault recommendation for new JS/TS libraries:\n\n- ESM-first, preferably pure ESM.\n- Strict TypeScript and correct declaration files.\n- Explicit public API through `package.json#exports`.\n- Small named-export API surface.\n- Few runtime dependencies, without treating zero dependencies as a religion.\n- Small, tree-shakeable output with accurate `sideEffects`.\n- Clear dependency placement: runtime dependencies, peer dependencies, optional dependencies, and dev dependencies are not interchangeable.\n- Published package is tested as an artifact, not just as source files.\n- Release flow is automated, traceable, and SemVer-aware.\n- README.md explains usage for humans; AGENTS.md preserves package invariants for future agents.\n\n## Workflow\n\n1. **Inspect the package contract first**\n - Read `package.json`, lockfile/package manager, `rslib.config.*`, `tsconfig*`, CI/release config, README.md, AGENTS.md, and existing `dist` output.\n - Identify package kind: Node utility, browser library, isomorphic utility, CLI, UI/component library, framework plugin, SDK, or adapter.\n - List supported runtimes, current entry points, deep imports, runtime dependencies, peer dependencies, optional integrations, files with side effects, and published files.\n - Run `npm pack --dry-run` early when changing package shape so the real tarball contents guide the review.\n\n2. **Define target environments explicitly**\n - Do not say "supports modern environments" without defining them.\n - Verify the current Node.js release schedule before choosing `engines`.\n - As of May 9, 2026, Node.js 22 and 24 are LTS, and Node.js 20 is EOL. For new Node-facing packages, recommend `engines.node >=22` unless real consumers need an older runtime.\n - Browser packages should state whether they require native ESM, a bundler, Workers support, SSR compatibility, DOM APIs, CSS processing, or specific browser baselines.\n - Compatibility drops are breaking changes: old Node/browser versions, undocumented deep imports, default/named export shape, bundled vs external dependency behavior, and import side effects.\n\n3. **Prefer pure ESM, but explain compatibility cost**\n - New packages should use `"type": "module"` and ESM source/output.\n - Rslib\'s default format is ESM; keep that default unless there is a clear reason to add another format.\n - Evaluate compatibility from real consumers and supported runtimes instead of assuming every historical module format is required.\n - Modern Node.js can load synchronous ESM from CommonJS via `require(esm)`; do not assume CJS consumers always require a separate CJS build.\n - If you rely on `require(esm)` compatibility, document and test its constraints: supported Node versions, no top-level `await` in the loaded graph, namespace-object return shape, default export behavior, and CJS/ESM cycle limits.\n - Prefer Node built-in specifiers such as `node:fs/promises`.\n\n4. **Make `exports` the public API**\n - Treat `package.json#exports` as the product contract.\n - Export only paths users are meant to import.\n - Do not allow imports like `pkg/dist/foo.js` by exporting `./dist/*`. That makes the generated output layout part of the public API and turns internal file moves into breaking changes.\n - Instead, expose only intentional public paths such as `pkg` and `pkg/foo.js`, mapped to the actual files in `dist`.\n - Keep subpath style consistent: either all with extensions such as `./foo.js`, or all without extensions. Prefer paths with extensions when browser import maps matter.\n - Keep `"types"` first inside conditional exports.\n - Adding `exports` to an older package can be breaking because undeclared deep imports stop working.\n - Add `./package.json` only when consumers legitimately need package metadata.\n\n5. **Design a small API surface**\n - Prefer named exports for multi-API packages.\n - Avoid default-export objects that gather every function into one object.\n - Public functions should be few, stable, well-named, and semver-maintained.\n - Keep internal types, caches, helper functions, adapter details, and error internals private unless they are part of the contract.\n - Avoid top-level work during import: file scans, network calls, timers, process mutation, global registration, DOM access, prototype mutation, or environment detection with side effects.\n - Async APIs that may be canceled should accept `AbortSignal`.\n - Prefer stable error classes, error codes, or typed error shapes over string matching.\n\n6. **Use Rslib as the implementation path, not the whole standard**\n - For detailed Rslib configuration guidance, use the `rslib-best-practices` skill.\n - In this skill, only check whether Rslib output, declarations, `package.json#exports`, `files`, dependencies, and docs agree with the modern package contract.\n - Keep Rslib configuration small and intentional; avoid adding build complexity that does not improve the package contract.\n\n7. **Keep dependencies small and intentional**\n - Start from platform APIs, not from dependency search.\n - Prefer built-ins when the runtime supports them: `URL`, `URLSearchParams`, `Intl`, `fetch`, `AbortController`, `structuredClone`, `crypto.randomUUID`, Web Streams, `TextEncoder`, `TextDecoder`, `node:fs/promises`, and `node:crypto`.\n - Small runtime dependencies are fine when they reduce maintenance risk or implementation complexity.\n - Avoid large utility packages for one or two helpers.\n - Evaluate dependencies for ESM support, `exports`, types, transitive dependency count, package size, license, maintenance activity, security history, install scripts, side effects, native install fragility, and granular imports.\n - Put required runtime packages in `dependencies`.\n - Put host-owned frameworks and toolchains in `peerDependencies`, such as React, Vue, Svelte, Rspack, Rsbuild, webpack, TypeScript, and framework runtimes.\n - Keep peer ranges reasonably broad; do not pin peers to a patch version unless required.\n - Put build tools, test tools, type tools, docs tools, and Rsbuild/Rspack plugins in `devDependencies`.\n - Use `optionalDependencies` or optional peers via `peerDependenciesMeta` for optional integrations.\n\n8. **Make TypeScript strict and package-oriented**\n - Prefer TypeScript source for TS libraries; otherwise use high-quality JSDoc plus generated declarations.\n - With TypeScript 6 or tsgo-era defaults, strict checking may already be enabled; preserve that default and do not turn it off. For older TypeScript versions or inherited configs, set `strict: true` explicitly.\n - In Rslib projects, consider enabling `lib.dts.tsgo` to speed up declaration generation when the project can use tsgo.\n - Keep `module` and `moduleResolution` aligned with how declarations are emitted and how consumers resolve the package; NodeNext and bundler-style resolution are both valid in the right toolchain.\n - Use `verbatimModuleSyntax` so type-only imports/exports are explicit.\n - Use `isolatedDeclarations` when practical so exported APIs are explicit enough for declaration-oriented tooling.\n - Emit declarations; use declaration maps when editor navigation matters.\n - Use `import type` and `export type` for type-only dependencies.\n - Do not rely on consumers setting `skipLibCheck` to hide broken package types.\n - Test declarations as consumers see them, especially when using subpath exports.\n\n9. **Keep `sideEffects` accurate**\n - Use `sideEffects: false` only when importing package files has no top-level side effects.\n - If CSS, polyfills, registrations, global listeners, prototype changes, or other import-time mutations exist, list the files with side effects instead.\n - Do not set `sideEffects: false` just to improve bundle size; incorrect values can remove required CSS or setup code.\n - Do not change globals just because a file is imported. If setup is required, expose an explicit `setup()` or `install()` function and let users call it themselves.\n\n10. **Make `package.json` authoritative**\n - Required modern shape: `"type": "module"`, explicit `exports`, correct declarations, `files` allowlist, accurate `sideEffects`, sensible `engines`, and release scripts.\n - Include README.md, AGENTS.md, and LICENSE in `files` when they exist.\n - `files` should prevent tests, fixtures, private docs, build caches, local configs, and large generated artifacts from leaking into the tarball.\n - Avoid stale `main`/`module` fields unless compatibility evidence requires them; if kept, they must agree with `exports`.\n - Keep runtime dependency fields accurate. A package that works locally only because a runtime dependency is in `devDependencies` is broken.\n\n11. **Validate the published artifact**\n - Run normal lint, typecheck, tests, and `rslib build`.\n - Smoke test built ESM output.\n - Run type-level tests when the public API is type-heavy.\n - Run `npm pack --dry-run` and inspect included files.\n - In Rslib, prefer `rsbuild-plugin-publint` to run publint after build; use `npx publint` as a CLI fallback.\n - In Rslib, prefer `rsbuild-plugin-arethetypeswrong` to run Are The Types Wrong after build when declarations are shipped; use `npx --yes @arethetypeswrong/cli --pack .` as a CLI fallback.\n - Install the packed tarball into clean consumer fixtures for important packages.\n - Test ESM import, bundler import for browser/component libraries, CLI execution for `bin` packages, and every public subpath export.\n\n12. **Prepare README.md and AGENTS.md before publishing**\n - Always check whether both files exist before publishing or modernizing a package.\n - If either file is missing, recommend adding it; for implementation tasks, create a concise version unless the user asks not to.\n - README.md should include: package name, one-sentence purpose, install/usage, key features or API links, supported environments, docs/related links, changelog or contribution link, and license.\n - AGENTS.md should include: stack, package contract, common commands, source layout, code style, validation commands, and release checklist.\n - Keep both files synchronized with `package.json#exports`, supported runtimes, and actual Rslib output.\n\n13. **Publish with supply-chain hygiene**\n - Follow SemVer and document breaking changes.\n - Maintain a changelog for user-visible changes.\n - Use prerelease versions and dist-tags for beta/next channels.\n - Prefer CI publishing with npm provenance or trusted publishing.\n - Avoid long-lived publish tokens where trusted publishing is available.\n - Remember that a published package name/version pair cannot be reused safely.\n\n## Review Red Flags\n\n- `exports` is missing, points to files not emitted by Rslib, or allows public imports such as `pkg/dist/foo.js`.\n- `module`/`main` fields disagree with `exports`.\n- Type declarations do not match runtime entry points.\n- Runtime dependency is accidentally listed only in `devDependencies`.\n- React/Vue/Svelte/Rspack/Rsbuild/webpack/TypeScript is bundled or placed in `dependencies` when it should be a peer.\n- `sideEffects: false` is set while importing CSS, polyfills, global registrations, global listeners, or prototype changes.\n- Package has install scripts without a strong reason.\n- Top-level import reads user files, starts timers, touches the network, mutates globals, or assumes `window`/`process`.\n- Published tarball contains private source maps, tests/fixtures that are not useful to consumers, large generated docs, local config secrets, or build caches.\n\n## Checklist\n\n- [ ] Supported environments are explicit.\n- [ ] Package is ESM-first, preferably pure ESM.\n- [ ] `package.json` has `"type": "module"`.\n- [ ] Public entry points are declared in `exports`.\n- [ ] No accidental reliance on undeclared deep imports.\n- [ ] Rslib output, declarations, `exports`, and `files` agree.\n- [ ] TypeScript strict mode is enabled.\n- [ ] Declarations are emitted and validated.\n- [ ] Runtime dependencies are justified and small.\n- [ ] Host frameworks/toolchains are peers.\n- [ ] Build/test/type/docs tools are dev dependencies.\n- [ ] `sideEffects` is accurate.\n- [ ] `npm pack --dry-run` has been inspected.\n- [ ] `publint` passes.\n- [ ] Are The Types Wrong check passes when declarations are shipped.\n- [ ] Built ESM smoke test passes.\n- [ ] README.md exists.\n- [ ] AGENTS.md exists.\n- [ ] Release flow uses SemVer, changelog, and provenance/trusted publishing when available.\n\n## Documentation\n\n- For the latest Rslib docs, read https://rslib.rs/llms.txt\n- Shipping ESM for CommonJS consumers: https://nodejs.github.io/package-examples/04-cjs-esm-interop/shipping-esm-for-cjs/\n',
|
|
23
23
|
".agents/skills/rspack-best-practices/SKILL.md": "---\nname: rspack-best-practices\ndescription: Rspack best practices for config, CLI workflow, type checking, CSS, bundle optimization, assets and profiling. Use when writing, reviewing, or troubleshooting Rspack projects.\n---\n\n# Rspack Best Practices\n\nApply these rules when writing or reviewing Rspack projects.\n\n## Configuration\n\n- Use `rspack.config.ts` and `defineConfig`\n- Define explicit `entry` values for multi-page applications\n- Keep one main config and branch by `process.env.NODE_ENV` only when needed\n- Keep rule conditions narrow and explicit (`test`, `include`, `exclude`, `resourceQuery`)\n- Prefer built-in Rspack plugins/loaders over community JS alternatives when equivalent features exist\n\n## CLI\n\nIf `@rspack/cli` is installed:\n\n- Use `rspack dev` for local development\n- Use `rspack build` for production build\n- Use `rspack preview` only for local production preview\n\n## Type checking\n\n- Use `ts-checker-rspack-plugin` for integrated dev/build type checks\n- Or run `tsc --noEmit`/`vue-tsc --noEmit` as an explicit script step\n\n## CSS\n\nChoose one strategy:\n\n- Built-in CSS (`type: 'css' | 'css/auto' | 'css/module'`) for modern setups\n- `css-loader` + `CssExtractRspackPlugin` for webpack migration compatibility\n- `style-loader` for pure style-in-JS runtime injection scenarios\n\nOptional:\n\n- Use `builtin:lightningcss-loader` when goals are syntax downgrade + vendor prefixing\n- Use `sass-loader`/`less-loader` for preprocessing Sass/Less files\n- Use `@tailwindcss/webpack` for Tailwind CSS integration\n\n## Bundle size optimization\n\n- Prefer dynamic `import()` for non-critical code paths\n- Prefer lightweight libraries where possible\n- Keep `target` aligned with real compatibility requirements\n\n## Asset management\n\n- Import source-managed assets from project source directories, not from `public`\n- Reference `public` files by absolute URL path\n- Prefer asset modules (`asset`, `asset/resource`, `asset/inline`, `asset/source`) over legacy `file-loader`/`url-loader`/`raw-loader`\n\n## Profiling\n\n- Use Node CPU profiling (`--cpu-prof`) when JavaScript-side overhead is suspected\n- Use `RSPACK_PROFILE=OVERVIEW` and analyze trace output for compiler-phase bottlenecks\n- Replace known slow stacks first (`babel-loader`, PostCSS, terser) with Rspack built-ins when feasible\n\n## Security\n\n- Do not publish `.map` files to public servers/CDNs when production source maps are enabled\n\n## Documentation\n\n- For the latest (v2) docs, read http://rspack.rs/llms.txt\n- For Rspack v1 docs, read http://v1.rspack.rs/llms.txt\n",
|
|
24
24
|
".agents/skills/rstest-best-practices/SKILL.md": "---\nname: rstest-best-practices\ndescription: Rstest best practices for config, CLI workflow, test writing, mocking, snapshot testing, DOM testing, coverage, multi-project setup, CI integration, performance and debugging. Use when writing, reviewing, or troubleshooting Rstest test projects.\n---\n\n# Rstest Best Practices\n\nApply these rules when writing or reviewing Rstest test projects.\n\n## Configuration\n\n- Use `rstest.config.ts` and `defineConfig` from `@rstest/core`\n- Prefer explicit imports `import { test, expect, describe } from '@rstest/core'` over `globals: true`\n- For Rsbuild projects, use `@rstest/adapter-rsbuild` with `extends: withRsbuildConfig()` to reuse build config\n- For Rslib projects, use `@rstest/adapter-rslib` with `extends: withRslibConfig()` to reuse build config\n- Use `setupFiles` for shared test setup (e.g., custom matchers, cleanup hooks)\n- When using Rsbuild plugins (e.g., `@rsbuild/plugin-react`), add them via the `plugins` field\n- For deep-level or advanced build configuration needs, use `tools.rspack` or `tools.bundlerChain`\n\n## CLI\n\n- Use `rstest` or `rstest run` to run tests (`run` disables watch mode, suitable for CI)\n- Use `rstest --watch` or `rstest watch` for local development with file watching\n- Use `rstest list` to list all test files and test names\n- Use `rstest -u` to update snapshots\n- Use `--reporter=verbose` when debugging test failures for detailed output\n- Use `--config` (`-c`) to specify a custom config file path\n\n## Test writing\n\n- Import test APIs from `@rstest/core`: `test`, `describe`, `expect`, `beforeEach`, `afterEach`, etc.\n- Use `test` or `it` for test cases; use `describe` for grouping related tests\n- Use `.only` to focus on specific tests during development, but never commit `.only` to the codebase\n- Use `.skip` or `.todo` to mark incomplete or temporarily skipped tests\n- Prefer small, focused test cases that test a single behavior\n- For async error paths, prefer `await expect(fn()).rejects.toThrow(ErrorClass)` (or `.rejects.toMatchObject({ ... })`) over `try/catch` with `expect.fail` or `.catch(e => e)` patterns — the matcher form fails clearly if the promise unexpectedly resolves, keeps the assertion in one chain, and avoids forgetting to assert the throw at all\n- For async happy paths, use `await expect(fn()).resolves.toEqual(...)` for the same reason\n- Use `includeSource` for in-source testing of small utility functions (Rust-style `import.meta.rstest`)\n- For in-source tests, wrap test code in `if (import.meta.rstest) { ... }` and define `import.meta.rstest` as `false` in production build config\n\n## Test environment\n\n- Use `testEnvironment: 'node'` (default) for Node.js / server-side code\n- Use `testEnvironment: 'jsdom'` or `testEnvironment: 'happy-dom'` for DOM / browser API testing\n- Install `jsdom` or `happy-dom` as a dev dependency when using DOM environments\n- Prefer `happy-dom` for faster DOM testing; use `jsdom` when better browser API compatibility is needed\n- For real browser testing, use `@rstest/browser` with Playwright\n- Use inline project configs to run different test environments within one project (e.g., `node` and `jsdom` projects)\n\n## React / Vue testing\n\n- For React: use `@rsbuild/plugin-react` plugin and `@testing-library/react` for component testing\n- For Vue: use `@rsbuild/plugin-vue` plugin and `@testing-library/vue` for component testing\n- Create a `rstest.setup.ts` with `expect.extend(jestDomMatchers)` and `afterEach(() => cleanup())` for Testing Library\n- Add the setup file to `setupFiles` in config\n- For SSR testing, use `testEnvironment: 'node'` and test with `react-dom/server` or framework-specific SSR APIs\n\n## Mocking\n\n- Use `rs.mock('./module')` to mock modules\n- Use `rs.fn()` to create mock functions\n- Use `rs.spyOn(object, 'method')` to spy on methods\n- Prefer `clearMocks`, `resetMocks`, or `restoreMocks` config options to automatically clean up mocks between tests\n- Use factory functions in `rs.mock('./module', () => ({ ... }))` to provide mock implementations\n\n## Snapshot testing\n\n- Use `toMatchSnapshot()` for general snapshot testing\n- Use `toMatchInlineSnapshot()` for small, readable inline snapshots\n- Use `toMatchFileSnapshot()` for large or structured outputs (e.g., HTML, generated code)\n- Keep snapshots concise — only include relevant data, avoid timestamps and session IDs\n- Use `expect.addSnapshotSerializer()` to mask paths or sensitive data in snapshots\n- Use `path-serializer` to normalize file paths across platforms\n- Review snapshot changes carefully in code review\n\n## Coverage\n\n- Enable coverage with `--coverage` CLI flag or `coverage.enabled: true` in config\n- Install `@rstest/coverage-istanbul` for the Istanbul coverage provider\n- Use `coverage.include` to specify source files for coverage (e.g., `['src/**/*.{js,ts,tsx}']`)\n- Use `coverage.thresholds` to enforce minimum coverage requirements\n- Use `coverage.reporters` to generate reports in different formats (e.g., `text`, `lcov`, `html`)\n\n## Multi-project testing\n\n- Use `projects` field in root config to define multiple test projects\n- For monorepos, use glob patterns like `'packages/*'` to auto-discover sub-projects\n- Use `defineProject` helper in sub-project configs\n- Extract shared config and use `mergeRstestConfig` to compose project configs\n- Global options (`reporters`, `pool`, `isolate`, `coverage`, `bail`) must be set at the root level, not in projects\n\n## CI integration\n\n- Use `rstest run` (not `rstest watch`) in CI\n- Use `--shard` for parallel test execution across CI machines (e.g., `--shard 1/3`)\n- Use `--reporter=blob` with `rstest merge-reports` to combine sharded results\n- Use `--reporter=junit` with `outputPath` for CI report integration\n- The `github-actions` reporter is auto-enabled in GitHub Actions for inline error annotations\n- Use `--bail` to stop early on first failure when appropriate\n\n## Performance\n\n- Disable `isolate` (`--no-isolate`) when tests have no side effects for faster execution via module cache reuse\n- Use `pool.maxWorkers` to control parallelism based on available resources\n- Keep test build fast by avoiding unnecessary Rspack plugins in test config\n- Use test filtering (`rstest <pattern>` or `-t <name>`) to run only relevant tests during development\n- Leverage watch mode's incremental re-runs for fast local feedback\n\n## Debugging\n\n- Run with `DEBUG=rstest` to enable debug mode, which writes final configs and build outputs to disk\n- Read generated files in `dist/.rstest-temp/.rsbuild/` to confirm final Rstest/Rsbuild/Rspack config\n- Use VS Code's JavaScript Debug Terminal to run `rstest` with breakpoints\n- Use `--reporter=verbose` for detailed per-test output\n- Use `--printConsoleTrace` to trace console calls to their source\n- Add VS Code launch config for debugging specific test files with `@rstest/core/bin/rstest.js`\n\n## Profiling\n\n- Use Rsdoctor with `RSDOCTOR=true rstest run` to analyze test build performance\n- Use `samply` for native profiling of both main and worker processes\n- Use Node.js `--heap-prof` for memory profiling\n\n## Toolchain integration\n\n- Use the official VS Code extension (`rstack.rstest`) for in-editor test running and debugging\n- For Rslib libraries, use `@rstest/adapter-rslib` for config reuse\n- For Rsbuild apps, use `@rstest/adapter-rsbuild` for config reuse\n- Use `process.env.RSTEST` to detect test environment and apply test-specific config\n\n## Documentation\n\n- For the latest Rstest docs, read https://rstest.rs/llms.txt\n",
|
|
@@ -2,24 +2,24 @@ import "node:module";
|
|
|
2
2
|
import { commonFiles } from "./common.mjs";
|
|
3
3
|
const MWAFiles = {
|
|
4
4
|
...commonFiles,
|
|
5
|
-
".mise.toml": "[tools]\npnpm = \"11.5.2\"\n",
|
|
6
5
|
".gitignore": "node_modules/\ndist/\nbuild/\n.modernjs/cache/\n.modernjs/agent-reference-repos-tmp/\n",
|
|
7
|
-
"
|
|
8
|
-
"
|
|
6
|
+
".mise.toml": "[tools]\npnpm = \"11.5.2\"\n",
|
|
7
|
+
"AGENTS.md": "# UltraModern Agent Contract\n\nThis workspace is generated as an agent-ready UltraModern.js SuperApp shell.\nAgents should treat the files under `.agents/skills` as local project\ninstructions, not optional reading.\n\n## Quality Gates\n\n- `pnpm lint` runs Oxlint with the Ultracite preset.\n- `pnpm format` runs oxfmt.\n- `pnpm typecheck` runs effect-tsgo as the TypeScript checker.\n- `pnpm i18n:boundaries` verifies workspace source boundaries through `@modern-js/code-tools`.\n- `pnpm contract:check` verifies the generated workspace contract.\n- `pnpm mf:types` verifies Module Federation type outputs after builds.\n- `pnpm check` is a local convenience aggregate for the primitive gates.\n- Generated CI runs primitive gates as separate matrix jobs instead of calling `pnpm check`.\n- Generated Codex stop hooks and subagent-stop hooks run `pnpm format && pnpm lint:fix && pnpm check`.\n- `postinstall` formats the generated tree, initializes Git when needed, prepares agent skills and reference repos, then installs `lefthook`. Generated `lefthook.yml` runs separate format and lint-fix commands on pre-commit; pre-push runs read-only primitive gates in parallel.\n\n## Localized Routes\n\nGenerated apps keep locale-prefixed entry routes under `src/routes/[lang]`,\nstatic language links, and canonical plus `hreflang` metadata. A new workspace\nstarts shell-only; `create <domain> --vertical` adds route-owned metadata,\nlocalized resources, and Effect BFF surfaces for that domain. Runtime i18n is\nnot enabled in the starter because the current React 19 + Module Federation\nstreaming SSR stack must render predictably first. Production builds fail unless\n`MODERN_PUBLIC_SITE_URL` is set per deployed app, so canonical URLs always use\nthe production origin.\n\n## Required Skill Baseline\n\nUse these skills when the task touches the matching subsystem:\n\n- `rsbuild-best-practices`: Modern.js app build configuration, Rsbuild options, assets, type checking, and build debugging.\n- `rspack-best-practices`: Rspack-level bundling, CSS, assets, profiling, and production build behavior.\n- `rspack-tracing`: Rspack build failures, slow builds, crash localization, and trace analysis.\n- `rsdoctor-analysis`: Evidence-based bundle analysis from `rsdoctor-data.json`, including duplicate packages, large chunks, and retained modules.\n- `rslib-best-practices`: Shared packages, generated libraries, declaration output, and Rslib configuration.\n- `rslib-modern-package`: Package contracts for shared libraries, exports, side effects, dependency placement, README, and release readiness.\n- `rstest-best-practices`: Rstest configuration, test writing, mocking, snapshots, coverage, and CI test behavior.\n- `mf`: Module Federation docs, Modern.js integration, DTS/type checks, shared dependency checks, runtime errors, and observability troubleshooting.\n\nThe public `module-federation/agent-skills` repository is installed during `pnpm install` and `pnpm skills:install`. Postinstall mode skips unavailable clone sources instead of blocking dependency installation; `pnpm skills:install` remains strict for required public skills. Use `ULTRAMODERN_SKIP_AGENT_SKILLS=1` when an install must avoid external skill repositories completely. `pnpm skills:check` fails when the required public `mf` skill is missing unless that skip flag is set.\n\n## Private Skills\n\nScriptedAlchemy/TechsioCZ skills are private and are cloned only when the current developer is authorized for `TechsioCZ/skills`.\n\n```bash\npnpm skills:install\n```\n\nThe installer copies only the pinned private skills from `.agents/skills-lock.json`: `plan-graph`, `dag`, `subagent-graph`, `helm`, and `debugger-mode`.\n\n## Agent Reference Repositories\n\nThe workspace installs read-only source references under `repos/` by default during `pnpm install` using `git subtree add --squash`. These repositories are reference material for coding agents, not application source:\n\n- `repos/effect` from `Effect-TS/effect`.\n- `repos/ultramodern.js` from `BleedingDev/ultramodern.js`.\n\nAgents may read files under `repos/` to understand upstream patterns, APIs, and project conventions. Do not edit files under `repos/`, import from them, or make production code depend on them. To skip this setup, run installs with `ULTRAMODERN_SKIP_AGENT_REPOS=1`.\n\n## Project Priorities\n\n- Keep `presetUltramodern` as the single preset.\n- Keep the initial workspace shell-only unless a user explicitly asks for a\n starter vertical.\n- Use `create <domain> --vertical` as the growth path for real business\n MicroVerticals.\n- Prefer Effect for BFF code.\n- Prefer TanStack Router for app routing.\n- Keep UI-kit or design-system code as ordinary vertical or shared package code, not a special core path.\n- Keep generated packages explicit and publishable: stable `exports`, correct declarations, small public APIs, and clear ownership metadata.\n- Do not add migration tooling or codemods unless the project owner explicitly asks for migration work.\n\n## Skill Provenance\n\nThe vendored Rstack skills, public Module Federation skill, and private TechsioCZ skill set are pinned in `.agents/skills-lock.json`. Do not update, remove, or replace them casually. If a skill needs updating, update the lock file and run the affected primitive gate plus `pnpm check`.\n",
|
|
8
|
+
"README.md": "# modern-app\n\nGenerated UltraModern SuperApp workspace.\n\nThis workspace keeps `presetUltramodern(...)` as the single public\nUltraModern.js 3.0 SuperApp surface and starts with an explicit shell:\n\n- `apps/shell-super-app` owns shell route assembly, Module Federation host\n wiring, shared SSR/i18n runtime setup, and the boundary debugger.\n- `packages/shared-*` provide placeholders for cross-workspace contracts,\n design tokens, and Effect API sharing.\n- `verticals/*` is intentionally empty until a real business domain is added.\n\nAdd a full-stack MicroVertical when the product needs one:\n\n```bash\npnpm dlx @bleedingdev/modern-js-create transportation --vertical\npnpm dlx @bleedingdev/modern-js-create payments --vertical\n```\n\nEach added vertical owns its UI/routes, browser-safe Module Federation exposes,\nprivate-first route metadata, localized URLs, public-route opt-ins, CSS prefix,\nEffect BFF handlers, local API contract, and typed client surface. Server\nhandlers and Effect client/contract modules stay out of browser exposes.\n\n## Private-First Public Surfaces\n\nGenerated app routes are private and non-indexable by default. Private app,\nauth, tenant, dashboard, and internal routes publish no discovery output unless\nroute metadata explicitly marks them `public && indexable`. The default scaffold\ntherefore emits only a disallowing `robots.txt`; sitemap, web manifest,\n`llms.txt`, API catalog, security.txt, and JSON-LD output stay omitted until a\nsafe public route or public docs/help/product surface exists.\n\nRun the scaffold validator before adding business code and after every\n`--vertical` mutation:\n\n```bash\nmise install\npnpm install\npnpm check\npnpm build\n```\n\nGenerated CI does not call the local aggregate. It runs format, lint,\ntypecheck, skills, i18n boundary validation, contract validation, and build as\nseparate matrix jobs so failures are isolated and parallelizable.\n\nBy default, `pnpm install` also prepares read-only agent reference repositories\nunder `repos/` for Effect and UltraModern.js source lookup using squashed git\nsubtrees. Disable this setup with\n`ULTRAMODERN_SKIP_AGENT_REPOS=1 pnpm install`, or rerun it\nexplicitly with `pnpm agents:refs:install`.\n\nAgent skills are prepared during `pnpm install` as a developer convenience.\nExternal skill repository failures do not block postinstall; strict installation\nis available with `pnpm skills:install`. Use\n`ULTRAMODERN_SKIP_AGENT_SKILLS=1` for a dependency install that avoids external\nskill repositories completely.\n\nThe topology and ownership metadata are generated under `topology/`. The\nworkspace also ships `.github/workflows/ultramodern-workspace-gates.yml` and\n`.github/renovate.json` with read-only workflow permissions, commit-pinned\nactions, frozen installs, StepSecurity audit-mode runner hardening, dependency\ndashboard review, one-day release age, grouped updates, and manual approval for\nmajor upgrades.\n\nPackage source metadata is generated at\n`.modernjs/ultramodern-package-source.json`. The default strategy keeps\nUltraModern.js runtime and tooling packages on `workspace:*` for monorepo\ndevelopment. To create a workspace that can install those packages outside the\nmonorepo, generate with `--ultramodern-package-source install`; generated shared\npackages still use `workspace:*` because they are part of this workspace.\n\n## Cloudflare Proof\n\nDeploy the generated apps, then pass each deployed app's generated public URL\nenv key into the proof step. A shell-only workspace only needs the shell URL;\nadded verticals use the same `ULTRAMODERN_PUBLIC_URL_<APP_ID>` pattern with\nhyphens converted to underscores and uppercased.\n\n```bash\npnpm cloudflare:deploy\nULTRAMODERN_PUBLIC_URL_SHELL_SUPER_APP=https://shell-super-app.example.workers.dev \\\npnpm cloudflare:proof -- --require-public-urls\n```\n\n## Troubleshooting\n\n| Symptom | Current check | Owner |\n| --- | --- | --- |\n| Package cohort mismatch | Regenerate with one package source strategy, run `mise install`, then rerun `pnpm install` from the activated shell. | Generated workspace package source metadata |\n| Install failure | Check the active Node/pnpm from `mise install`; rerun `pnpm install` after the shell sees the pinned versions. | Toolchain setup |\n| Build failure | Run the matching primitive gate (`pnpm lint`, `pnpm typecheck`, `pnpm i18n:boundaries`, `pnpm contract:check`) before `pnpm build`; fix the owning failure first. | Owning package or generated contract |\n| Missing public URL | Set the env key from `.modernjs/ultramodern-generated-contract.json`, for example `ULTRAMODERN_PUBLIC_URL_SHELL_SUPER_APP`. | Deployment operator |\n| Cloudflare credentials | Confirm Wrangler credentials before `pnpm cloudflare:deploy`; local checks do not prove live Worker access. | Deployment operator |\n| Asset or CSS 404 | Rebuild with `pnpm build` or `pnpm cloudflare:deploy` and inspect emitted Modern/Rspack asset paths instead of hardcoding CSS URLs. | Framework/runtime asset pipeline |\n| Federation manifest failure | Run the shell and vertical build scripts, then check each deployed `/mf-manifest.json` URL used by the shell. | Module Federation owner |\n",
|
|
9
9
|
"lefthook.yml": "pre-commit:\n commands:\n format:\n run: pnpm format\n stage_fixed: true\n lint-fix:\n run: pnpm lint:fix\n stage_fixed: true\n\npre-push:\n parallel: true\n commands:\n format:\n run: pnpm format:check\n lint:\n run: pnpm lint\n typecheck:\n run: pnpm typecheck\n skills:\n run: pnpm skills:check\n i18n-boundaries:\n run: pnpm i18n:boundaries\n contract:\n run: pnpm contract:check\n",
|
|
10
10
|
"oxfmt.config.ts": "import { defineConfig } from 'oxfmt';\nimport ultracite from 'ultracite/oxfmt';\n\nexport default defineConfig({\n extends: [ultracite],\n ignorePatterns: [\n '.agents',\n '**/*.json',\n 'dist',\n 'node_modules',\n 'repos/**',\n '.modern',\n '.modernjs',\n '**/routeTree.gen.ts',\n ],\n singleQuote: true,\n});\n",
|
|
11
11
|
"oxlint.config.ts": "import { defineConfig } from 'oxlint';\nimport core from 'ultracite/oxlint/core';\nimport react from 'ultracite/oxlint/react';\n\nexport default defineConfig({\n env: {\n browser: true,\n node: true,\n },\n extends: [core, react],\n ignorePatterns: [\n '.agents',\n 'dist',\n 'node_modules',\n 'repos/**',\n '.modern',\n '.modernjs',\n '**/routeTree.gen.ts',\n ],\n});\n",
|
|
12
12
|
"pnpm-workspace.yaml": "packages:\n - apps/*\n - verticals/*\n - packages/*\n\nminimumReleaseAge: 1440\nminimumReleaseAgeStrict: true\nminimumReleaseAgeIgnoreMissingTime: false\nminimumReleaseAgeExclude:\n - '@bleedingdev/modern-js-*'\n - '@tanstack/react-router'\n - '@tanstack/router-core'\n - '@typescript/native-preview'\n - '@typescript/native-preview-*'\n - '@types/react'\ntrustPolicy: no-downgrade\ntrustPolicyIgnoreAfter: 1440\nblockExoticSubdeps: true\nengineStrict: true\npmOnFail: error\nverifyDepsBeforeRun: error\nstrictDepBuilds: true\n\npeerDependencyRules:\n allowedVersions:\n react: '>=19.0.0'\n typescript: '>=6.0.0'\n\noverrides:\n '@tanstack/react-router': 1.170.15\n node-fetch: '^3.3.2'\n\nallowBuilds:\n '@swc/core': true\n core-js: true\n esbuild: true\n lefthook: true\n msgpackr-extract: true\n sharp: true\n workerd: true\n",
|
|
13
13
|
".codex/hooks.json": "{\n \"Stop\": [\n {\n \"command\": \"pnpm format && pnpm lint:fix && pnpm check\",\n \"timeout\": 600000,\n \"statusMessage\": \"Running UltraModern quality gates\"\n }\n ],\n \"SubagentStop\": [\n {\n \"command\": \"pnpm format && pnpm lint:fix && pnpm check\",\n \"timeout\": 600000,\n \"statusMessage\": \"Running UltraModern quality gates\"\n }\n ]\n}\n",
|
|
14
|
-
"scripts/bootstrap-agent-skills.mjs": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst lockPath = path.join(root, '.agents/skills-lock.json');\nconst checkOnly = process.argv.includes('--check');\nconst force = process.argv.includes('--force');\n\nconst readJson = filePath => JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n\nconst run = (command, args, options = {}) =>\n execFileSync(command, args, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n });\n\nconst commandExists = command => {\n try {\n run(command, ['--version'], { stdio: 'ignore' });\n return true;\n } catch {\n return false;\n }\n};\n\nconst runShell = script =>\n run('sh', ['-lc', script], {\n stdio: 'inherit',\n });\n\nconst installGit = () => {\n if (commandExists('git')) {\n return;\n }\n\n if (commandExists('brew')) {\n run('brew', ['install', 'git'], { stdio: 'inherit' });\n } else if (process.platform === 'linux' && commandExists('apt-get')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}apt-get update && ${sudo}apt-get install -y git`);\n } else if (process.platform === 'linux' && commandExists('dnf')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}dnf install -y git`);\n } else if (process.platform === 'linux' && commandExists('yum')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}yum install -y git`);\n } else if (process.platform === 'linux' && commandExists('apk')) {\n runShell('apk add --no-cache git');\n }\n\n if (!commandExists('git')) {\n throw new Error(\n 'Git is required for UltraModern setup. Install git and run pnpm skills:install again.',\n );\n }\n};\n\nconst isInsideGitWorkTree = () => {\n try {\n return run('git', ['rev-parse', '--is-inside-work-tree']).trim() === 'true';\n } catch {\n return false;\n }\n};\n\nconst initializeGitRepository = () => {\n if (isInsideGitWorkTree()) {\n return;\n }\n\n try {\n run('git', ['init', '-b', 'main'], { stdio: 'inherit' });\n } catch {\n run('git', ['init'], { stdio: 'inherit' });\n run('git', ['branch', '-M', 'main'], { stdio: 'inherit' });\n }\n};\n\nconst installLefthook = () => {\n try {\n run('lefthook', ['install'], { stdio: 'inherit' });\n } catch (error) {\n console.warn(`Unable to install lefthook hooks: ${error.message}`);\n }\n};\n\nconst removeTree = dir =>\n fs.rmSync(dir, {\n force: true,\n maxRetries: 5,\n recursive: true,\n retryDelay: 100,\n });\n\nconst cloneSource = (source, targetDir) => {\n if (source.commit) {\n run('git', ['init', targetDir]);\n run('git', ['remote', 'add', 'origin', source.repository], {\n cwd: targetDir,\n });\n run('git', ['fetch', '--depth', '1', '--quiet', 'origin', source.commit], {\n cwd: targetDir,\n });\n run(\n 'git',\n [\n '-c',\n 'advice.detachedHead=false',\n 'checkout',\n '--detach',\n '--quiet',\n 'FETCH_HEAD',\n ],\n { cwd: targetDir },\n );\n return;\n }\n\n const repo = source.repository.replace(/^https:\\/\\/github.com\\//u, '');\n try {\n run(
|
|
14
|
+
"scripts/bootstrap-agent-skills.mjs": "import { execFileSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport os from 'node:os';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst lockPath = path.join(root, '.agents/skills-lock.json');\nconst checkOnly = process.argv.includes('--check');\nconst force = process.argv.includes('--force');\nconst postinstall = process.argv.includes('--postinstall');\nconst truthy = value => /^(1|true|yes|on)$/i.test(String(value ?? ''));\nconst falsy = value => /^(0|false|no|off)$/i.test(String(value ?? ''));\nconst skipRequested =\n truthy(process.env.ULTRAMODERN_SKIP_AGENT_SKILLS) ||\n falsy(process.env.ULTRAMODERN_AGENT_SKILLS);\nconst cloneTimeoutMs = Number.parseInt(\n process.env.ULTRAMODERN_AGENT_SKILLS_CLONE_TIMEOUT_MS ?? '60000',\n 10,\n);\n\nconst readJson = filePath => JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n\nconst run = (command, args, options = {}) =>\n execFileSync(command, args, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n timeout: options.timeout,\n });\n\nconst commandExists = command => {\n try {\n run(command, ['--version'], { stdio: 'ignore' });\n return true;\n } catch {\n return false;\n }\n};\n\nconst runShell = script =>\n run('sh', ['-lc', script], {\n stdio: 'inherit',\n });\n\nconst installGit = () => {\n if (commandExists('git')) {\n return;\n }\n\n if (commandExists('brew')) {\n run('brew', ['install', 'git'], { stdio: 'inherit' });\n } else if (process.platform === 'linux' && commandExists('apt-get')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}apt-get update && ${sudo}apt-get install -y git`);\n } else if (process.platform === 'linux' && commandExists('dnf')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}dnf install -y git`);\n } else if (process.platform === 'linux' && commandExists('yum')) {\n const sudo =\n typeof process.getuid === 'function' && process.getuid() === 0\n ? ''\n : 'sudo ';\n runShell(`${sudo}yum install -y git`);\n } else if (process.platform === 'linux' && commandExists('apk')) {\n runShell('apk add --no-cache git');\n }\n\n if (!commandExists('git')) {\n throw new Error(\n 'Git is required for UltraModern setup. Install git and run pnpm skills:install again.',\n );\n }\n};\n\nconst isInsideGitWorkTree = () => {\n try {\n return run('git', ['rev-parse', '--is-inside-work-tree']).trim() === 'true';\n } catch {\n return false;\n }\n};\n\nconst initializeGitRepository = () => {\n if (isInsideGitWorkTree()) {\n return;\n }\n\n try {\n run('git', ['init', '-b', 'main'], { stdio: 'inherit' });\n } catch {\n run('git', ['init'], { stdio: 'inherit' });\n run('git', ['branch', '-M', 'main'], { stdio: 'inherit' });\n }\n};\n\nconst installLefthook = () => {\n try {\n run('lefthook', ['install'], { stdio: 'inherit' });\n } catch (error) {\n console.warn(`Unable to install lefthook hooks: ${error.message}`);\n }\n};\n\nconst removeTree = dir =>\n fs.rmSync(dir, {\n force: true,\n maxRetries: 5,\n recursive: true,\n retryDelay: 100,\n });\n\nconst cloneSource = (source, targetDir) => {\n if (source.commit) {\n run('git', ['init', targetDir], { timeout: 30000 });\n run('git', ['remote', 'add', 'origin', source.repository], {\n cwd: targetDir,\n timeout: 30000,\n });\n run('git', ['fetch', '--depth', '1', '--quiet', 'origin', source.commit], {\n cwd: targetDir,\n timeout: cloneTimeoutMs,\n });\n run(\n 'git',\n [\n '-c',\n 'advice.detachedHead=false',\n 'checkout',\n '--detach',\n '--quiet',\n 'FETCH_HEAD',\n ],\n { cwd: targetDir, timeout: 30000 },\n );\n return;\n }\n\n const repo = source.repository.replace(/^https:\\/\\/github.com\\//u, '');\n try {\n run(\n 'gh',\n ['repo', 'clone', repo, targetDir, '--', '--depth', '1', '--quiet'],\n { timeout: cloneTimeoutMs },\n );\n } catch {\n run(\n 'git',\n ['clone', '--depth', '1', '--quiet', source.repository, targetDir],\n { timeout: cloneTimeoutMs },\n );\n }\n};\n\nconst resolveSkillDir = (sourceRoot, skillName) => {\n const candidates = [\n path.join(sourceRoot, skillName),\n path.join(sourceRoot, 'skills', skillName),\n path.join(sourceRoot, 'skills', 'engineering', skillName),\n path.join(sourceRoot, 'skills', 'productivity', skillName),\n ];\n return candidates.find(candidate =>\n fs.existsSync(path.join(candidate, 'SKILL.md')),\n );\n};\n\nif (!fs.existsSync(lockPath)) {\n console.error('Missing .agents/skills-lock.json');\n process.exit(1);\n}\n\nconst lock = readJson(lockPath);\nconst installDir = path.join(root, lock.installDir ?? '.agents/skills');\nconst sources = lock.sources ?? [];\nconst requiredCloneSources = sources.filter(\n source => source.install === 'clone',\n);\nconst optionalCloneSources = sources.filter(\n source => source.install === 'clone-if-authorized',\n);\nconst requiredSkills = [\n ...(lock.baseline ?? []),\n ...requiredCloneSources.flatMap(source => source.baseline ?? []),\n].filter(\n (skill, index, skills) =>\n skills.findIndex(candidate => candidate.name === skill.name) === index,\n);\n\nif (skipRequested) {\n const reason = 'agent skills bootstrap skipped by environment';\n if (checkOnly) {\n console.log(reason);\n process.exit(0);\n }\n console.log(reason);\n installLefthook();\n process.exit(0);\n}\n\nif (checkOnly) {\n const missingRequired = requiredSkills\n .map(skill => skill.name)\n .filter(\n skillName => !fs.existsSync(path.join(installDir, skillName, 'SKILL.md')),\n );\n const missingOptional = optionalCloneSources.flatMap(source =>\n (source.baseline ?? [])\n .map(skill => skill.name)\n .filter(\n skillName =>\n !fs.existsSync(path.join(installDir, skillName, 'SKILL.md')),\n ),\n );\n\n if (missingRequired.length > 0) {\n console.error(\n `Required agent skills not installed: ${missingRequired.join(', ')}. Run pnpm skills:install.`,\n );\n process.exit(1);\n }\n\n if (missingOptional.length > 0) {\n console.warn(\n `Private skills not installed: ${missingOptional.join(', ')}. Run pnpm skills:install if you have access.`,\n );\n } else {\n console.log('Required and private agent skills are installed.');\n process.exit(0);\n }\n console.log('Required agent skills are installed.');\n process.exit(0);\n}\n\nfs.mkdirSync(installDir, { recursive: true });\ninstallGit();\ninitializeGitRepository();\n\nfor (const source of [...requiredCloneSources, ...optionalCloneSources]) {\n const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'ultramodern-skills-'));\n try {\n try {\n cloneSource(source, tempDir);\n } catch (error) {\n if (source.install === 'clone-if-authorized' || postinstall) {\n console.warn(`Skipping ${source.repository}; ${error.message}`);\n continue;\n }\n throw error;\n }\n for (const skill of source.baseline ?? []) {\n const sourceSkillDir = resolveSkillDir(tempDir, skill.name);\n if (!sourceSkillDir) {\n throw new Error(\n `Skill ${skill.name} not found in ${source.repository}`,\n );\n }\n const targetSkillDir = path.join(installDir, skill.name);\n if (fs.existsSync(targetSkillDir)) {\n if (!force) {\n console.log(`Skipping existing ${skill.name}`);\n continue;\n }\n removeTree(targetSkillDir);\n }\n fs.cpSync(sourceSkillDir, targetSkillDir, { recursive: true });\n console.log(`Installed ${skill.name}`);\n }\n } finally {\n removeTree(tempDir);\n }\n}\n\ninstallLefthook();\n",
|
|
15
15
|
"scripts/setup-agent-reference-repos.mjs": "import { spawnSync } from 'node:child_process';\nimport fs from 'node:fs';\nimport path from 'node:path';\n\nconst root = process.cwd();\nconst args = new Set(process.argv.slice(2));\nconst checkOnly = args.has('--check');\nconst configPath = path.join(root, '.agents', 'agent-reference-repos.json');\nconst manifestPath = path.join(root, '.modernjs', 'agent-reference-repos.json');\n\nconst truthy = value => /^(1|true|yes|on)$/i.test(String(value ?? ''));\nconst falsy = value => /^(0|false|no|off)$/i.test(String(value ?? ''));\n\nconst skipRequested =\n truthy(process.env.ULTRAMODERN_SKIP_AGENT_REPOS) ||\n falsy(process.env.ULTRAMODERN_AGENT_REPOS);\nconst required = truthy(process.env.ULTRAMODERN_AGENT_REPOS_REQUIRED);\nconst refresh = truthy(process.env.ULTRAMODERN_AGENT_REPOS_REFRESH);\n\nconst gitIdentityEnv = {\n GIT_AUTHOR_NAME:\n process.env.GIT_AUTHOR_NAME || 'UltraModern Agent Reference Setup',\n GIT_AUTHOR_EMAIL:\n process.env.GIT_AUTHOR_EMAIL || 'ultramodern-agent-refs@local',\n GIT_COMMITTER_NAME:\n process.env.GIT_COMMITTER_NAME || 'UltraModern Agent Reference Setup',\n GIT_COMMITTER_EMAIL:\n process.env.GIT_COMMITTER_EMAIL || 'ultramodern-agent-refs@local',\n};\n\nconst log = message => console.log(`[agent-reference-repos] ${message}`);\nconst warn = message => console.warn(`[agent-reference-repos] ${message}`);\n\nfunction fail(message) {\n if (required || checkOnly) {\n throw new Error(message);\n }\n warn(message);\n}\n\nfunction readJson(filePath) {\n return JSON.parse(fs.readFileSync(filePath, 'utf-8'));\n}\n\nfunction run(command, commandArgs, options = {}) {\n const result = spawnSync(command, commandArgs, {\n cwd: options.cwd ?? root,\n encoding: 'utf-8',\n env: {\n ...process.env,\n ...gitIdentityEnv,\n ...(options.env ?? {}),\n },\n stdio: options.stdio ?? ['ignore', 'pipe', 'pipe'],\n timeout: options.timeout ?? 120000,\n });\n\n if (result.error) {\n throw result.error;\n }\n if (result.status !== 0) {\n const stderr = result.stderr?.trim();\n throw new Error(\n `${command} ${commandArgs.join(' ')} failed${\n stderr ? `: ${stderr}` : ''\n }`,\n );\n }\n return result.stdout?.trim() ?? '';\n}\n\nfunction assertSafeRepoPath(relativePath) {\n if (\n typeof relativePath !== 'string' ||\n relativePath.length === 0 ||\n path.isAbsolute(relativePath) ||\n relativePath.split(/[\\\\/]+/).includes('..') ||\n !relativePath.startsWith('repos/')\n ) {\n throw new Error(`Unsafe reference repository path: ${relativePath}`);\n }\n}\n\nfunction hasGit() {\n const result = spawnSync('git', ['--version'], {\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0;\n}\n\nfunction hasGitSubtree() {\n const result = spawnSync('git', ['subtree', '-h'], {\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return (\n (result.status === 0 || result.status === 129) &&\n result.stdout.includes('usage: git subtree')\n );\n}\n\nfunction isGitWorkTree() {\n const result = spawnSync('git', ['rev-parse', '--is-inside-work-tree'], {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0 && result.stdout.trim() === 'true';\n}\n\nfunction hasCommits() {\n const result = spawnSync('git', ['rev-parse', '--verify', 'HEAD'], {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n });\n return result.status === 0;\n}\n\nfunction porcelainStatus() {\n return run('git', ['status', '--porcelain'], { timeout: 30000 });\n}\n\nfunction commitInstallerChanges(message) {\n run('git', ['commit', '--no-verify', '-m', message], {\n timeout: 120000,\n });\n}\n\nfunction ensureGitRepository() {\n if (!isGitWorkTree()) {\n if (checkOnly) {\n fail('workspace is not a git repository');\n return false;\n }\n log('initializing git repository for agent reference subtrees');\n run('git', ['init'], { timeout: 30000 });\n }\n\n if (!hasCommits()) {\n if (checkOnly) {\n fail('workspace has no initial git commit');\n return false;\n }\n log('creating initial workspace commit before adding reference subtrees');\n run('git', ['add', '-A'], { timeout: 30000 });\n commitInstallerChanges('Initialize UltraModern workspace');\n return true;\n }\n\n const status = porcelainStatus();\n if (status) {\n fail(\n 'workspace has uncommitted changes; commit or stash them before installing reference subtrees',\n );\n return false;\n }\n\n return true;\n}\n\nfunction remoteCommit(repo) {\n let output = run('git', ['ls-remote', repo.url, `refs/heads/${repo.ref}`], {\n timeout: 120000,\n });\n if (!output) {\n output = run('git', ['ls-remote', repo.url, repo.ref], {\n timeout: 120000,\n });\n }\n const [commit] = output.split(/\\s+/);\n if (!/^[a-f0-9]{40}$/i.test(commit ?? '')) {\n throw new Error(`Could not resolve ${repo.url}#${repo.ref}`);\n }\n return commit;\n}\n\nfunction subtreeCommitExists(repo) {\n const result = spawnSync(\n 'git',\n [\n 'log',\n '--grep',\n `git-subtree-dir: ${repo.path}`,\n '--format=%H',\n '-n',\n '1',\n ],\n {\n cwd: root,\n encoding: 'utf-8',\n stdio: ['ignore', 'pipe', 'pipe'],\n },\n );\n return result.status === 0 && result.stdout.trim().length > 0;\n}\n\nfunction installedManifestEntry(repo) {\n if (!fs.existsSync(manifestPath)) {\n return undefined;\n }\n try {\n const manifest = readJson(manifestPath);\n return manifest.repositories?.find(entry => entry.id === repo.id);\n } catch {\n return undefined;\n }\n}\n\nfunction assertSubtreePresent(repo) {\n assertSafeRepoPath(repo.path);\n const targetPath = path.join(root, repo.path);\n if (!fs.existsSync(targetPath)) {\n fail(`${repo.path} is missing`);\n return undefined;\n }\n if (!subtreeCommitExists(repo)) {\n fail(`${repo.path} is present but has no git-subtree commit evidence`);\n return undefined;\n }\n return (\n installedManifestEntry(repo) ?? {\n id: repo.id,\n name: repo.name,\n url: repo.url,\n ref: repo.ref,\n path: repo.path,\n readOnly: repo.readOnly !== false,\n status: 'present',\n strategy: 'git-subtree-squash',\n }\n );\n}\n\nfunction addSubtree(repo) {\n assertSafeRepoPath(repo.path);\n const targetPath = path.join(root, repo.path);\n const existing = fs.existsSync(targetPath);\n\n if (existing && !refresh) {\n return assertSubtreePresent(repo);\n }\n\n if (existing && refresh) {\n fail(\n `${repo.path} already exists; refresh for subtree references is intentionally manual`,\n );\n return undefined;\n }\n\n if (checkOnly) {\n fail(`${repo.path} is missing`);\n return undefined;\n }\n\n const commit = remoteCommit(repo);\n log(`adding ${repo.name} as git subtree at ${repo.path} (${commit})`);\n run('git', ['fetch', '--depth', '1', repo.url, repo.ref], {\n timeout: 300000,\n });\n run(\n 'git',\n [\n 'subtree',\n 'add',\n '--prefix',\n repo.path,\n 'FETCH_HEAD',\n '--squash',\n '-m',\n `Add ${repo.name} agent reference repo`,\n ],\n { timeout: 600000 },\n );\n\n return {\n schemaVersion: 1,\n id: repo.id,\n name: repo.name,\n url: repo.url,\n ref: repo.ref,\n commit,\n path: repo.path,\n readOnly: repo.readOnly !== false,\n strategy: 'git-subtree-squash',\n status: 'installed',\n installedAt: new Date().toISOString(),\n };\n}\n\nfunction writeManifest(entries) {\n fs.mkdirSync(path.dirname(manifestPath), { recursive: true });\n fs.writeFileSync(\n manifestPath,\n `${JSON.stringify(\n {\n schemaVersion: 1,\n generatedAt: new Date().toISOString(),\n strategy: 'git-subtree-squash',\n installDir: 'repos',\n repositories: entries,\n },\n null,\n 2,\n )}\\n`,\n );\n}\n\nfunction commitManifestIfChanged() {\n const status = run('git', ['status', '--porcelain', '--', manifestPath], {\n timeout: 30000,\n });\n if (!status) {\n return;\n }\n run('git', ['add', manifestPath], { timeout: 30000 });\n commitInstallerChanges('Record agent reference repo manifest');\n}\n\nfunction main() {\n if (!fs.existsSync(configPath)) {\n fail('Missing .agents/agent-reference-repos.json');\n return;\n }\n\n const config = readJson(configPath);\n const enabled = config.defaultEnabled !== false && !skipRequested;\n\n if (!enabled) {\n log('setup skipped; set ULTRAMODERN_SKIP_AGENT_REPOS=0 to enable it again');\n return;\n }\n\n if (!hasGit()) {\n fail('git is required to install agent reference repositories');\n return;\n }\n if (!hasGitSubtree()) {\n fail('git subtree is required to install agent reference repositories');\n return;\n }\n if (!ensureGitRepository()) {\n return;\n }\n\n const entries = [];\n for (const repo of config.repositories ?? []) {\n const result = checkOnly ? assertSubtreePresent(repo) : addSubtree(repo);\n if (result) {\n entries.push(result);\n }\n }\n\n if (!checkOnly) {\n writeManifest(entries);\n commitManifestIfChanged();\n }\n}\n\ntry {\n main();\n} catch (error) {\n if (required || checkOnly) {\n console.error(`[agent-reference-repos] ${error.message}`);\n process.exitCode = 1;\n } else {\n warn(error.message);\n }\n}\n",
|
|
16
16
|
".github/renovate.json": "{\n \"$schema\": \"https://docs.renovatebot.com/renovate-schema.json\",\n \"extends\": [\"config:recommended\", \"helpers:pinGitHubActionDigests\"],\n \"dependencyDashboard\": true,\n \"minimumReleaseAge\": \"1 day\",\n \"prConcurrentLimit\": 5,\n \"prHourlyLimit\": 2,\n \"rangeStrategy\": \"bump\",\n \"schedule\": [\"before 5am on monday\"],\n \"timezone\": \"Etc/UTC\",\n \"packageRules\": [\n {\n \"matchManagers\": [\"github-actions\"],\n \"groupName\": \"github-actions\",\n \"labels\": [\"dependencies\", \"github-actions\", \"security\"]\n },\n {\n \"matchManagers\": [\"npm\"],\n \"matchUpdateTypes\": [\"patch\", \"minor\"],\n \"groupName\": \"npm minor and patch updates\",\n \"labels\": [\"dependencies\", \"npm\"]\n },\n {\n \"matchUpdateTypes\": [\"major\"],\n \"dependencyDashboardApproval\": true,\n \"labels\": [\"dependencies\", \"major\"]\n }\n ]\n}\n",
|
|
17
17
|
".github/workflows/ultramodern-workspace-gates.yml": "name: Ultramodern Workspace Gates\n\non:\n push:\n pull_request:\n\npermissions:\n contents: read\n\ndefaults:\n run:\n shell: bash\n\nenv:\n FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true\n\nconcurrency:\n group: ultramodern-workspace-gates-${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: true\n\njobs:\n workspace-gate:\n name: ${{ matrix.name }}\n runs-on: ubuntu-latest\n timeout-minutes: 30\n strategy:\n fail-fast: false\n matrix:\n include:\n - name: Format\n command: pnpm format:check\n - name: Lint\n command: pnpm lint\n - name: Typecheck\n command: pnpm typecheck\n - name: Skills\n command: pnpm skills:check\n - name: I18n Boundaries\n command: pnpm i18n:boundaries\n - name: Contract\n command: pnpm contract:check\n - name: Build\n command: pnpm build\n steps:\n - name: Harden Runner\n uses: step-security/harden-runner@ab7a9404c0f3da075243ca237b5fac12c98deaa5 # v2\n with:\n egress-policy: audit\n\n - name: Checkout\n uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2\n with:\n fetch-depth: 1\n persist-credentials: false\n\n - name: Setup Node.js\n uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0\n with:\n node-version: 24\n\n - name: Setup mise\n uses: jdx/mise-action@5ac50f778e26fac95da98d50503682459e86d566 # v3.2.0\n\n - name: Install Dependencies\n run: mise exec -- pnpm install --frozen-lockfile\n\n - name: Run ${{ matrix.name }}\n env:\n MODERN_PUBLIC_SITE_URL: http://localhost:8080\n run: mise exec -- ${{ matrix.command }}\n",
|
|
18
18
|
".agents/agent-reference-repos.json": "{\n \"schemaVersion\": 1,\n \"defaultEnabled\": true,\n \"strategy\": \"git-subtree-squash\",\n \"installDir\": \"repos\",\n \"repositories\": [\n {\n \"id\": \"effect\",\n \"name\": \"Effect\",\n \"url\": \"https://github.com/Effect-TS/effect.git\",\n \"ref\": \"main\",\n \"path\": \"repos/effect\",\n \"readOnly\": true\n },\n {\n \"id\": \"ultramodern-js\",\n \"name\": \"UltraModern.js\",\n \"url\": \"https://github.com/BleedingDev/ultramodern.js.git\",\n \"ref\": \"main-ultramodern\",\n \"path\": \"repos/ultramodern.js\",\n \"readOnly\": true\n }\n ]\n}\n",
|
|
19
|
-
".agents/skills-lock.json": "{\n \"schemaVersion\": 1,\n \"source\": {\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\"\n },\n \"installDir\": \".agents/skills\",\n \"sources\": [\n {\n \"id\": \"rstack-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\",\n \"install\": \"vendored\"\n },\n {\n \"id\": \"module-federation-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/module-federation/agent-skills\",\n \"commit\": \"07bb5b6c43ad457609e00c081b72d4c42508ec76\",\n \"install\": \"clone\",\n \"baseline\": [\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ]\n },\n {\n \"id\": \"techsiocz-private\",\n \"visibility\": \"private\",\n \"repository\": \"https://github.com/TechsioCZ/skills\",\n \"install\": \"clone-if-authorized\",\n \"baseline\": [\n {\n \"name\": \"plan-graph\",\n \"reason\": \"Build and validate DAGs from .plan.md files\"\n },\n {\n \"name\": \"dag\",\n \"reason\": \"Inspect current plan frontiers and blocked lanes\"\n },\n {\n \"name\": \"subagent-graph\",\n \"reason\": \"Design dependency-aware multi-agent launch graphs\"\n },\n {\n \"name\": \"helm\",\n \"reason\": \"Steer already-running multi-agent work\"\n },\n {\n \"name\": \"debugger-mode\",\n \"reason\": \"Run hypothesis-driven debugging with runtime evidence\"\n }\n ]\n }\n ],\n \"baseline\": [\n {\n \"name\": \"rsbuild-best-practices\",\n \"path\": \".agents/skills/rsbuild-best-practices\",\n \"reason\": \"Modern.js application build configuration and Rsbuild troubleshooting\"\n },\n {\n \"name\": \"rspack-best-practices\",\n \"path\": \".agents/skills/rspack-best-practices\",\n \"reason\": \"Rspack bundling, CSS, asset, profiling, and production behavior\"\n },\n {\n \"name\": \"rspack-tracing\",\n \"path\": \".agents/skills/rspack-tracing\",\n \"reason\": \"Trace-backed Rspack failure and performance debugging\"\n },\n {\n \"name\": \"rsdoctor-analysis\",\n \"path\": \".agents/skills/rsdoctor-analysis\",\n \"reason\": \"Evidence-backed bundle composition, duplication, and retained-module analysis\"\n },\n {\n \"name\": \"rslib-best-practices\",\n \"path\": \".agents/skills/rslib-best-practices\",\n \"reason\": \"Rslib shared package and design-system library authoring\"\n },\n {\n \"name\": \"rslib-modern-package\",\n \"path\": \".agents/skills/rslib-modern-package\",\n \"reason\": \"Modern package contracts, exports, declarations, side effects, and release readiness\"\n },\n {\n \"name\": \"rstest-best-practices\",\n \"path\": \".agents/skills/rstest-best-practices\",\n \"reason\": \"Rstest configuration, test writing, mocking, snapshots, coverage, and CI behavior\"\n },\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ],\n \"excludedByDefault\": [\n \"migrate-to-rsbuild\",\n \"migrate-to-rslib\",\n \"migrate-to-rslint\",\n \"migrate-to-rstest\",\n \"rsbuild-v2-upgrade\",\n \"rspack-v2-upgrade\",\n \"rspress-v2-upgrade\"\n ]\n}\n",
|
|
20
19
|
".agents/rstackjs-agent-skills-LICENSE": "MIT License\n\nCopyright (c) 2026 RstackJS Contributors\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof this software and associated documentation files (the \"Software\"), to deal\nin the Software without restriction, including without limitation the rights\nto use, copy, modify, merge, publish, distribute, sublicense, and/or sell\ncopies of the Software, and to permit persons to whom the Software is\nfurnished to do so, subject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\nFITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\nAUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\nLIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\nOUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE\nSOFTWARE.\n",
|
|
21
|
-
".agents/skills
|
|
20
|
+
".agents/skills-lock.json": "{\n \"schemaVersion\": 1,\n \"source\": {\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\"\n },\n \"installDir\": \".agents/skills\",\n \"sources\": [\n {\n \"id\": \"rstack-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/rstackjs/agent-skills\",\n \"commit\": \"61c948b42512e223bad44b83af4080eba48b2677\",\n \"license\": \"MIT\",\n \"licensePath\": \".agents/rstackjs-agent-skills-LICENSE\",\n \"install\": \"vendored\"\n },\n {\n \"id\": \"module-federation-agent-skills\",\n \"visibility\": \"public\",\n \"repository\": \"https://github.com/module-federation/agent-skills\",\n \"commit\": \"07bb5b6c43ad457609e00c081b72d4c42508ec76\",\n \"install\": \"clone\",\n \"baseline\": [\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ]\n },\n {\n \"id\": \"techsiocz-private\",\n \"visibility\": \"private\",\n \"repository\": \"https://github.com/TechsioCZ/skills\",\n \"install\": \"clone-if-authorized\",\n \"baseline\": [\n {\n \"name\": \"plan-graph\",\n \"reason\": \"Build and validate DAGs from .plan.md files\"\n },\n {\n \"name\": \"dag\",\n \"reason\": \"Inspect current plan frontiers and blocked lanes\"\n },\n {\n \"name\": \"subagent-graph\",\n \"reason\": \"Design dependency-aware multi-agent launch graphs\"\n },\n {\n \"name\": \"helm\",\n \"reason\": \"Steer already-running multi-agent work\"\n },\n {\n \"name\": \"debugger-mode\",\n \"reason\": \"Run hypothesis-driven debugging with runtime evidence\"\n }\n ]\n }\n ],\n \"baseline\": [\n {\n \"name\": \"rsbuild-best-practices\",\n \"path\": \".agents/skills/rsbuild-best-practices\",\n \"reason\": \"Modern.js application build configuration and Rsbuild troubleshooting\"\n },\n {\n \"name\": \"rspack-best-practices\",\n \"path\": \".agents/skills/rspack-best-practices\",\n \"reason\": \"Rspack bundling, CSS, asset, profiling, and production behavior\"\n },\n {\n \"name\": \"rspack-tracing\",\n \"path\": \".agents/skills/rspack-tracing\",\n \"reason\": \"Trace-backed Rspack failure and performance debugging\"\n },\n {\n \"name\": \"rsdoctor-analysis\",\n \"path\": \".agents/skills/rsdoctor-analysis\",\n \"reason\": \"Evidence-backed bundle composition, duplication, and retained-module analysis\"\n },\n {\n \"name\": \"rslib-best-practices\",\n \"path\": \".agents/skills/rslib-best-practices\",\n \"reason\": \"Rslib shared package and design-system library authoring\"\n },\n {\n \"name\": \"rslib-modern-package\",\n \"path\": \".agents/skills/rslib-modern-package\",\n \"reason\": \"Modern package contracts, exports, declarations, side effects, and release readiness\"\n },\n {\n \"name\": \"rstest-best-practices\",\n \"path\": \".agents/skills/rstest-best-practices\",\n \"reason\": \"Rstest configuration, test writing, mocking, snapshots, coverage, and CI behavior\"\n },\n {\n \"name\": \"mf\",\n \"path\": \".agents/skills/mf\",\n \"reason\": \"Module Federation docs, config inspection, type checking, shared dependency checks, and observability troubleshooting\"\n }\n ],\n \"excludedByDefault\": [\n \"migrate-to-rsbuild\",\n \"migrate-to-rslib\",\n \"migrate-to-rslint\",\n \"migrate-to-rstest\",\n \"rsbuild-v2-upgrade\",\n \"rspack-v2-upgrade\",\n \"rspress-v2-upgrade\"\n ]\n}\n",
|
|
22
21
|
".agents/skills/rslib-best-practices/SKILL.md": '---\nname: rslib-best-practices\ndescription: Rslib best practices for config, CLI workflow, output, declaration files, dependency handling, build optimization and toolchain integration. Use when writing, reviewing, or troubleshooting Rslib projects.\n---\n\n# Rslib Best Practices\n\nApply these rules when writing or reviewing Rslib library projects.\n\n## Configuration\n\n- Use `rslib.config.ts` and `defineConfig`\n- Check Rslib-specific configurations first (e.g., `lib.*`), and also leverage Rsbuild configurations (e.g., `source.*`, `output.*`, `tools.*`) as needed\n- For deep-level or advanced configuration needs, use `tools.rspack` or `tools.bundlerChain` to access Rspack\'s native configurations\n- In TypeScript projects, prefer `tsconfig.json` path aliases\n\n## CLI\n\n- Use `rslib` to build\n- Use `rslib --watch` to build in watch mode for local development\n- Use `rslib inspect` to inspect final Rslib/Rsbuild/Rspack configs\n\n## Output\n\n- Prefer to build pure-ESM package with `"type": "module"` in `package.json`\n- Prefer to use bundleless mode with `output.target` set to `\'web\'` when building component libraries\n- Prefer to use bundle mode when building Node.js utility libraries\n- Ensure `exports` field in `package.json` is correctly configured and matches the actual JavaScript output and declaration files output of different formats (ESM, CJS, etc.)\n\n## Declaration files\n\n- Prefer to enable declaration file generation with `lib.dts: true` or detailed configurations\n- For faster type generation, enable `lib.dts.tsgo` experimental feature with `@typescript/native-preview` installed\n\n## Dependencies\n\n- Prefer to place dependencies to be bundled in `devDependencies` in bundle mode and dependencies in `dependencies` and `peerDependencies` will be automatically externalized (not bundled) by default\n- Verify the build output and dependency specifiers in `package.json` carefully to ensure no missing dependency errors occur when consumers install and use this package\n\n## Build optimization\n\n- Keep syntax target in `lib.syntax` aligned with real compatibility requirements to enable better optimizations\n- Avoid format-specific APIs in source code for better compatibility with different output formats\n- Prefer lightweight dependencies to reduce bundle size\n\n## Toolchain integration\n\n- Prefer to use Rstest with `@rstest/adapter-rslib` for writing tests\n- Prefer to use Rspress for writing library documentation, with `@rspress/plugin-preview` and `@rspress/plugin-api-docgen` for component previews and API docs\n\n## Debugging\n\n- Run with `DEBUG=rsbuild` when diagnosing config resolution or plugin behavior\n- Read generated files in `dist/.rsbuild` to confirm final Rsbuild/Rspack config, not assumed config\n\n## Documentation\n\n- For the latest Rslib docs, read https://rslib.rs/llms.txt\n',
|
|
22
|
+
".agents/skills/rsbuild-best-practices/SKILL.md": "---\nname: rsbuild-best-practices\ndescription: Rsbuild best practices for config, CLI workflow, type checking, bundle optimization, assets, and debugging. Use when writing, reviewing, or troubleshooting Rsbuild projects.\n---\n\n# Rsbuild Best Practices\n\nApply these rules when writing or reviewing Rsbuild projects.\n\n## Configuration\n\n- Use `rsbuild.config.ts` and `defineConfig`\n- Use `tools.rspack` or `tools.bundlerChain` only when no first-class Rsbuild option exists\n- Define explicit `source.entry` values for multi-page applications\n- In TypeScript projects, prefer `tsconfig.json` path aliases first\n\n## CLI\n\n- Use `rsbuild` for local development\n- Use `rsbuild build` for production build\n- Use `rsbuild preview` only for local production preview\n- Use `rsbuild inspect` to inspect final Rsbuild/Rspack configs\n\n## Type checking\n\n- Use `@rsbuild/plugin-type-check` for integrated dev/build type checks\n- Or run `tsc --noEmit`/`vue-tsc --noEmit` as an explicit script step\n\n## Bundle size optimization\n\n- Prefer dynamic `import()` for non-critical code paths\n- Prefer lightweight libraries where possible\n- Keep browserslist aligned with real compatibility requirements\n\n## Asset management\n\n- Import source-managed assets from project source directories, not from `public`\n- Reference `public` files by absolute URL path\n\n## Security\n\n- Do not publish `.map` files to public servers/CDNs when production source maps are enabled\n\n## Debugging\n\n- Run with `DEBUG=rsbuild` when diagnosing config resolution or plugin behavior\n- Read generated files in `dist/.rsbuild` to confirm final config, not assumed config\n\n## Profiling\n\n- Use Node CPU profiling (`--cpu-prof`) when JavaScript-side overhead is suspected\n- Use `RSPACK_PROFILE=OVERVIEW` and analyze trace output for compiler-phase bottlenecks\n\n## Documentation\n\n- For the latest (v2) docs, read http://rsbuild.rs/llms.txt\n- For Rsbuild v1 docs, read http://v1.rsbuild.rs/llms.txt\n",
|
|
23
23
|
".agents/skills/rslib-modern-package/SKILL.md": '---\nname: rslib-modern-package\ndescription: Opinionated Rslib recommendations for modern JS/TS npm package design covering pure ESM, strict TypeScript, explicit exports, small stable APIs, pragmatic dependencies, accurate sideEffects, correct declarations, package validation, provenance, README.md, and AGENTS.md. Use when the user wants to make a JS/TS package more modern, check whether the current package setup is healthy, review package.json/exports/types/dependencies/docs/release readiness, or apply a modern library baseline.\n---\n\n# Rslib Modern Package\n\nUse this skill when creating a new Rslib library, modernizing an existing JS/TS package, or reviewing a package against an opinionated modern library standard.\n\nThis skill is opinionated: it describes a recommended modern package contract and may suggest breaking changes when they make the package simpler, safer, and easier for modern consumers.\n\n## Standard\n\nDefault recommendation for new JS/TS libraries:\n\n- ESM-first, preferably pure ESM.\n- Strict TypeScript and correct declaration files.\n- Explicit public API through `package.json#exports`.\n- Small named-export API surface.\n- Few runtime dependencies, without treating zero dependencies as a religion.\n- Small, tree-shakeable output with accurate `sideEffects`.\n- Clear dependency placement: runtime dependencies, peer dependencies, optional dependencies, and dev dependencies are not interchangeable.\n- Published package is tested as an artifact, not just as source files.\n- Release flow is automated, traceable, and SemVer-aware.\n- README.md explains usage for humans; AGENTS.md preserves package invariants for future agents.\n\n## Workflow\n\n1. **Inspect the package contract first**\n - Read `package.json`, lockfile/package manager, `rslib.config.*`, `tsconfig*`, CI/release config, README.md, AGENTS.md, and existing `dist` output.\n - Identify package kind: Node utility, browser library, isomorphic utility, CLI, UI/component library, framework plugin, SDK, or adapter.\n - List supported runtimes, current entry points, deep imports, runtime dependencies, peer dependencies, optional integrations, files with side effects, and published files.\n - Run `npm pack --dry-run` early when changing package shape so the real tarball contents guide the review.\n\n2. **Define target environments explicitly**\n - Do not say "supports modern environments" without defining them.\n - Verify the current Node.js release schedule before choosing `engines`.\n - As of May 9, 2026, Node.js 22 and 24 are LTS, and Node.js 20 is EOL. For new Node-facing packages, recommend `engines.node >=22` unless real consumers need an older runtime.\n - Browser packages should state whether they require native ESM, a bundler, Workers support, SSR compatibility, DOM APIs, CSS processing, or specific browser baselines.\n - Compatibility drops are breaking changes: old Node/browser versions, undocumented deep imports, default/named export shape, bundled vs external dependency behavior, and import side effects.\n\n3. **Prefer pure ESM, but explain compatibility cost**\n - New packages should use `"type": "module"` and ESM source/output.\n - Rslib\'s default format is ESM; keep that default unless there is a clear reason to add another format.\n - Evaluate compatibility from real consumers and supported runtimes instead of assuming every historical module format is required.\n - Modern Node.js can load synchronous ESM from CommonJS via `require(esm)`; do not assume CJS consumers always require a separate CJS build.\n - If you rely on `require(esm)` compatibility, document and test its constraints: supported Node versions, no top-level `await` in the loaded graph, namespace-object return shape, default export behavior, and CJS/ESM cycle limits.\n - Prefer Node built-in specifiers such as `node:fs/promises`.\n\n4. **Make `exports` the public API**\n - Treat `package.json#exports` as the product contract.\n - Export only paths users are meant to import.\n - Do not allow imports like `pkg/dist/foo.js` by exporting `./dist/*`. That makes the generated output layout part of the public API and turns internal file moves into breaking changes.\n - Instead, expose only intentional public paths such as `pkg` and `pkg/foo.js`, mapped to the actual files in `dist`.\n - Keep subpath style consistent: either all with extensions such as `./foo.js`, or all without extensions. Prefer paths with extensions when browser import maps matter.\n - Keep `"types"` first inside conditional exports.\n - Adding `exports` to an older package can be breaking because undeclared deep imports stop working.\n - Add `./package.json` only when consumers legitimately need package metadata.\n\n5. **Design a small API surface**\n - Prefer named exports for multi-API packages.\n - Avoid default-export objects that gather every function into one object.\n - Public functions should be few, stable, well-named, and semver-maintained.\n - Keep internal types, caches, helper functions, adapter details, and error internals private unless they are part of the contract.\n - Avoid top-level work during import: file scans, network calls, timers, process mutation, global registration, DOM access, prototype mutation, or environment detection with side effects.\n - Async APIs that may be canceled should accept `AbortSignal`.\n - Prefer stable error classes, error codes, or typed error shapes over string matching.\n\n6. **Use Rslib as the implementation path, not the whole standard**\n - For detailed Rslib configuration guidance, use the `rslib-best-practices` skill.\n - In this skill, only check whether Rslib output, declarations, `package.json#exports`, `files`, dependencies, and docs agree with the modern package contract.\n - Keep Rslib configuration small and intentional; avoid adding build complexity that does not improve the package contract.\n\n7. **Keep dependencies small and intentional**\n - Start from platform APIs, not from dependency search.\n - Prefer built-ins when the runtime supports them: `URL`, `URLSearchParams`, `Intl`, `fetch`, `AbortController`, `structuredClone`, `crypto.randomUUID`, Web Streams, `TextEncoder`, `TextDecoder`, `node:fs/promises`, and `node:crypto`.\n - Small runtime dependencies are fine when they reduce maintenance risk or implementation complexity.\n - Avoid large utility packages for one or two helpers.\n - Evaluate dependencies for ESM support, `exports`, types, transitive dependency count, package size, license, maintenance activity, security history, install scripts, side effects, native install fragility, and granular imports.\n - Put required runtime packages in `dependencies`.\n - Put host-owned frameworks and toolchains in `peerDependencies`, such as React, Vue, Svelte, Rspack, Rsbuild, webpack, TypeScript, and framework runtimes.\n - Keep peer ranges reasonably broad; do not pin peers to a patch version unless required.\n - Put build tools, test tools, type tools, docs tools, and Rsbuild/Rspack plugins in `devDependencies`.\n - Use `optionalDependencies` or optional peers via `peerDependenciesMeta` for optional integrations.\n\n8. **Make TypeScript strict and package-oriented**\n - Prefer TypeScript source for TS libraries; otherwise use high-quality JSDoc plus generated declarations.\n - With TypeScript 6 or tsgo-era defaults, strict checking may already be enabled; preserve that default and do not turn it off. For older TypeScript versions or inherited configs, set `strict: true` explicitly.\n - In Rslib projects, consider enabling `lib.dts.tsgo` to speed up declaration generation when the project can use tsgo.\n - Keep `module` and `moduleResolution` aligned with how declarations are emitted and how consumers resolve the package; NodeNext and bundler-style resolution are both valid in the right toolchain.\n - Use `verbatimModuleSyntax` so type-only imports/exports are explicit.\n - Use `isolatedDeclarations` when practical so exported APIs are explicit enough for declaration-oriented tooling.\n - Emit declarations; use declaration maps when editor navigation matters.\n - Use `import type` and `export type` for type-only dependencies.\n - Do not rely on consumers setting `skipLibCheck` to hide broken package types.\n - Test declarations as consumers see them, especially when using subpath exports.\n\n9. **Keep `sideEffects` accurate**\n - Use `sideEffects: false` only when importing package files has no top-level side effects.\n - If CSS, polyfills, registrations, global listeners, prototype changes, or other import-time mutations exist, list the files with side effects instead.\n - Do not set `sideEffects: false` just to improve bundle size; incorrect values can remove required CSS or setup code.\n - Do not change globals just because a file is imported. If setup is required, expose an explicit `setup()` or `install()` function and let users call it themselves.\n\n10. **Make `package.json` authoritative**\n - Required modern shape: `"type": "module"`, explicit `exports`, correct declarations, `files` allowlist, accurate `sideEffects`, sensible `engines`, and release scripts.\n - Include README.md, AGENTS.md, and LICENSE in `files` when they exist.\n - `files` should prevent tests, fixtures, private docs, build caches, local configs, and large generated artifacts from leaking into the tarball.\n - Avoid stale `main`/`module` fields unless compatibility evidence requires them; if kept, they must agree with `exports`.\n - Keep runtime dependency fields accurate. A package that works locally only because a runtime dependency is in `devDependencies` is broken.\n\n11. **Validate the published artifact**\n - Run normal lint, typecheck, tests, and `rslib build`.\n - Smoke test built ESM output.\n - Run type-level tests when the public API is type-heavy.\n - Run `npm pack --dry-run` and inspect included files.\n - In Rslib, prefer `rsbuild-plugin-publint` to run publint after build; use `npx publint` as a CLI fallback.\n - In Rslib, prefer `rsbuild-plugin-arethetypeswrong` to run Are The Types Wrong after build when declarations are shipped; use `npx --yes @arethetypeswrong/cli --pack .` as a CLI fallback.\n - Install the packed tarball into clean consumer fixtures for important packages.\n - Test ESM import, bundler import for browser/component libraries, CLI execution for `bin` packages, and every public subpath export.\n\n12. **Prepare README.md and AGENTS.md before publishing**\n - Always check whether both files exist before publishing or modernizing a package.\n - If either file is missing, recommend adding it; for implementation tasks, create a concise version unless the user asks not to.\n - README.md should include: package name, one-sentence purpose, install/usage, key features or API links, supported environments, docs/related links, changelog or contribution link, and license.\n - AGENTS.md should include: stack, package contract, common commands, source layout, code style, validation commands, and release checklist.\n - Keep both files synchronized with `package.json#exports`, supported runtimes, and actual Rslib output.\n\n13. **Publish with supply-chain hygiene**\n - Follow SemVer and document breaking changes.\n - Maintain a changelog for user-visible changes.\n - Use prerelease versions and dist-tags for beta/next channels.\n - Prefer CI publishing with npm provenance or trusted publishing.\n - Avoid long-lived publish tokens where trusted publishing is available.\n - Remember that a published package name/version pair cannot be reused safely.\n\n## Review Red Flags\n\n- `exports` is missing, points to files not emitted by Rslib, or allows public imports such as `pkg/dist/foo.js`.\n- `module`/`main` fields disagree with `exports`.\n- Type declarations do not match runtime entry points.\n- Runtime dependency is accidentally listed only in `devDependencies`.\n- React/Vue/Svelte/Rspack/Rsbuild/webpack/TypeScript is bundled or placed in `dependencies` when it should be a peer.\n- `sideEffects: false` is set while importing CSS, polyfills, global registrations, global listeners, or prototype changes.\n- Package has install scripts without a strong reason.\n- Top-level import reads user files, starts timers, touches the network, mutates globals, or assumes `window`/`process`.\n- Published tarball contains private source maps, tests/fixtures that are not useful to consumers, large generated docs, local config secrets, or build caches.\n\n## Checklist\n\n- [ ] Supported environments are explicit.\n- [ ] Package is ESM-first, preferably pure ESM.\n- [ ] `package.json` has `"type": "module"`.\n- [ ] Public entry points are declared in `exports`.\n- [ ] No accidental reliance on undeclared deep imports.\n- [ ] Rslib output, declarations, `exports`, and `files` agree.\n- [ ] TypeScript strict mode is enabled.\n- [ ] Declarations are emitted and validated.\n- [ ] Runtime dependencies are justified and small.\n- [ ] Host frameworks/toolchains are peers.\n- [ ] Build/test/type/docs tools are dev dependencies.\n- [ ] `sideEffects` is accurate.\n- [ ] `npm pack --dry-run` has been inspected.\n- [ ] `publint` passes.\n- [ ] Are The Types Wrong check passes when declarations are shipped.\n- [ ] Built ESM smoke test passes.\n- [ ] README.md exists.\n- [ ] AGENTS.md exists.\n- [ ] Release flow uses SemVer, changelog, and provenance/trusted publishing when available.\n\n## Documentation\n\n- For the latest Rslib docs, read https://rslib.rs/llms.txt\n- Shipping ESM for CommonJS consumers: https://nodejs.github.io/package-examples/04-cjs-esm-interop/shipping-esm-for-cjs/\n',
|
|
24
24
|
".agents/skills/rspack-best-practices/SKILL.md": "---\nname: rspack-best-practices\ndescription: Rspack best practices for config, CLI workflow, type checking, CSS, bundle optimization, assets and profiling. Use when writing, reviewing, or troubleshooting Rspack projects.\n---\n\n# Rspack Best Practices\n\nApply these rules when writing or reviewing Rspack projects.\n\n## Configuration\n\n- Use `rspack.config.ts` and `defineConfig`\n- Define explicit `entry` values for multi-page applications\n- Keep one main config and branch by `process.env.NODE_ENV` only when needed\n- Keep rule conditions narrow and explicit (`test`, `include`, `exclude`, `resourceQuery`)\n- Prefer built-in Rspack plugins/loaders over community JS alternatives when equivalent features exist\n\n## CLI\n\nIf `@rspack/cli` is installed:\n\n- Use `rspack dev` for local development\n- Use `rspack build` for production build\n- Use `rspack preview` only for local production preview\n\n## Type checking\n\n- Use `ts-checker-rspack-plugin` for integrated dev/build type checks\n- Or run `tsc --noEmit`/`vue-tsc --noEmit` as an explicit script step\n\n## CSS\n\nChoose one strategy:\n\n- Built-in CSS (`type: 'css' | 'css/auto' | 'css/module'`) for modern setups\n- `css-loader` + `CssExtractRspackPlugin` for webpack migration compatibility\n- `style-loader` for pure style-in-JS runtime injection scenarios\n\nOptional:\n\n- Use `builtin:lightningcss-loader` when goals are syntax downgrade + vendor prefixing\n- Use `sass-loader`/`less-loader` for preprocessing Sass/Less files\n- Use `@tailwindcss/webpack` for Tailwind CSS integration\n\n## Bundle size optimization\n\n- Prefer dynamic `import()` for non-critical code paths\n- Prefer lightweight libraries where possible\n- Keep `target` aligned with real compatibility requirements\n\n## Asset management\n\n- Import source-managed assets from project source directories, not from `public`\n- Reference `public` files by absolute URL path\n- Prefer asset modules (`asset`, `asset/resource`, `asset/inline`, `asset/source`) over legacy `file-loader`/`url-loader`/`raw-loader`\n\n## Profiling\n\n- Use Node CPU profiling (`--cpu-prof`) when JavaScript-side overhead is suspected\n- Use `RSPACK_PROFILE=OVERVIEW` and analyze trace output for compiler-phase bottlenecks\n- Replace known slow stacks first (`babel-loader`, PostCSS, terser) with Rspack built-ins when feasible\n\n## Security\n\n- Do not publish `.map` files to public servers/CDNs when production source maps are enabled\n\n## Documentation\n\n- For the latest (v2) docs, read http://rspack.rs/llms.txt\n- For Rspack v1 docs, read http://v1.rspack.rs/llms.txt\n",
|
|
25
25
|
".agents/skills/rstest-best-practices/SKILL.md": "---\nname: rstest-best-practices\ndescription: Rstest best practices for config, CLI workflow, test writing, mocking, snapshot testing, DOM testing, coverage, multi-project setup, CI integration, performance and debugging. Use when writing, reviewing, or troubleshooting Rstest test projects.\n---\n\n# Rstest Best Practices\n\nApply these rules when writing or reviewing Rstest test projects.\n\n## Configuration\n\n- Use `rstest.config.ts` and `defineConfig` from `@rstest/core`\n- Prefer explicit imports `import { test, expect, describe } from '@rstest/core'` over `globals: true`\n- For Rsbuild projects, use `@rstest/adapter-rsbuild` with `extends: withRsbuildConfig()` to reuse build config\n- For Rslib projects, use `@rstest/adapter-rslib` with `extends: withRslibConfig()` to reuse build config\n- Use `setupFiles` for shared test setup (e.g., custom matchers, cleanup hooks)\n- When using Rsbuild plugins (e.g., `@rsbuild/plugin-react`), add them via the `plugins` field\n- For deep-level or advanced build configuration needs, use `tools.rspack` or `tools.bundlerChain`\n\n## CLI\n\n- Use `rstest` or `rstest run` to run tests (`run` disables watch mode, suitable for CI)\n- Use `rstest --watch` or `rstest watch` for local development with file watching\n- Use `rstest list` to list all test files and test names\n- Use `rstest -u` to update snapshots\n- Use `--reporter=verbose` when debugging test failures for detailed output\n- Use `--config` (`-c`) to specify a custom config file path\n\n## Test writing\n\n- Import test APIs from `@rstest/core`: `test`, `describe`, `expect`, `beforeEach`, `afterEach`, etc.\n- Use `test` or `it` for test cases; use `describe` for grouping related tests\n- Use `.only` to focus on specific tests during development, but never commit `.only` to the codebase\n- Use `.skip` or `.todo` to mark incomplete or temporarily skipped tests\n- Prefer small, focused test cases that test a single behavior\n- For async error paths, prefer `await expect(fn()).rejects.toThrow(ErrorClass)` (or `.rejects.toMatchObject({ ... })`) over `try/catch` with `expect.fail` or `.catch(e => e)` patterns — the matcher form fails clearly if the promise unexpectedly resolves, keeps the assertion in one chain, and avoids forgetting to assert the throw at all\n- For async happy paths, use `await expect(fn()).resolves.toEqual(...)` for the same reason\n- Use `includeSource` for in-source testing of small utility functions (Rust-style `import.meta.rstest`)\n- For in-source tests, wrap test code in `if (import.meta.rstest) { ... }` and define `import.meta.rstest` as `false` in production build config\n\n## Test environment\n\n- Use `testEnvironment: 'node'` (default) for Node.js / server-side code\n- Use `testEnvironment: 'jsdom'` or `testEnvironment: 'happy-dom'` for DOM / browser API testing\n- Install `jsdom` or `happy-dom` as a dev dependency when using DOM environments\n- Prefer `happy-dom` for faster DOM testing; use `jsdom` when better browser API compatibility is needed\n- For real browser testing, use `@rstest/browser` with Playwright\n- Use inline project configs to run different test environments within one project (e.g., `node` and `jsdom` projects)\n\n## React / Vue testing\n\n- For React: use `@rsbuild/plugin-react` plugin and `@testing-library/react` for component testing\n- For Vue: use `@rsbuild/plugin-vue` plugin and `@testing-library/vue` for component testing\n- Create a `rstest.setup.ts` with `expect.extend(jestDomMatchers)` and `afterEach(() => cleanup())` for Testing Library\n- Add the setup file to `setupFiles` in config\n- For SSR testing, use `testEnvironment: 'node'` and test with `react-dom/server` or framework-specific SSR APIs\n\n## Mocking\n\n- Use `rs.mock('./module')` to mock modules\n- Use `rs.fn()` to create mock functions\n- Use `rs.spyOn(object, 'method')` to spy on methods\n- Prefer `clearMocks`, `resetMocks`, or `restoreMocks` config options to automatically clean up mocks between tests\n- Use factory functions in `rs.mock('./module', () => ({ ... }))` to provide mock implementations\n\n## Snapshot testing\n\n- Use `toMatchSnapshot()` for general snapshot testing\n- Use `toMatchInlineSnapshot()` for small, readable inline snapshots\n- Use `toMatchFileSnapshot()` for large or structured outputs (e.g., HTML, generated code)\n- Keep snapshots concise — only include relevant data, avoid timestamps and session IDs\n- Use `expect.addSnapshotSerializer()` to mask paths or sensitive data in snapshots\n- Use `path-serializer` to normalize file paths across platforms\n- Review snapshot changes carefully in code review\n\n## Coverage\n\n- Enable coverage with `--coverage` CLI flag or `coverage.enabled: true` in config\n- Install `@rstest/coverage-istanbul` for the Istanbul coverage provider\n- Use `coverage.include` to specify source files for coverage (e.g., `['src/**/*.{js,ts,tsx}']`)\n- Use `coverage.thresholds` to enforce minimum coverage requirements\n- Use `coverage.reporters` to generate reports in different formats (e.g., `text`, `lcov`, `html`)\n\n## Multi-project testing\n\n- Use `projects` field in root config to define multiple test projects\n- For monorepos, use glob patterns like `'packages/*'` to auto-discover sub-projects\n- Use `defineProject` helper in sub-project configs\n- Extract shared config and use `mergeRstestConfig` to compose project configs\n- Global options (`reporters`, `pool`, `isolate`, `coverage`, `bail`) must be set at the root level, not in projects\n\n## CI integration\n\n- Use `rstest run` (not `rstest watch`) in CI\n- Use `--shard` for parallel test execution across CI machines (e.g., `--shard 1/3`)\n- Use `--reporter=blob` with `rstest merge-reports` to combine sharded results\n- Use `--reporter=junit` with `outputPath` for CI report integration\n- The `github-actions` reporter is auto-enabled in GitHub Actions for inline error annotations\n- Use `--bail` to stop early on first failure when appropriate\n\n## Performance\n\n- Disable `isolate` (`--no-isolate`) when tests have no side effects for faster execution via module cache reuse\n- Use `pool.maxWorkers` to control parallelism based on available resources\n- Keep test build fast by avoiding unnecessary Rspack plugins in test config\n- Use test filtering (`rstest <pattern>` or `-t <name>`) to run only relevant tests during development\n- Leverage watch mode's incremental re-runs for fast local feedback\n\n## Debugging\n\n- Run with `DEBUG=rstest` to enable debug mode, which writes final configs and build outputs to disk\n- Read generated files in `dist/.rstest-temp/.rsbuild/` to confirm final Rstest/Rsbuild/Rspack config\n- Use VS Code's JavaScript Debug Terminal to run `rstest` with breakpoints\n- Use `--reporter=verbose` for detailed per-test output\n- Use `--printConsoleTrace` to trace console calls to their source\n- Add VS Code launch config for debugging specific test files with `@rstest/core/bin/rstest.js`\n\n## Profiling\n\n- Use Rsdoctor with `RSDOCTOR=true rstest run` to analyze test build performance\n- Use `samply` for native profiling of both main and worker processes\n- Use Node.js `--heap-prof` for memory profiling\n\n## Toolchain integration\n\n- Use the official VS Code extension (`rstack.rstest`) for in-editor test running and debugging\n- For Rslib libraries, use `@rstest/adapter-rslib` for config reuse\n- For Rsbuild apps, use `@rstest/adapter-rsbuild` for config reuse\n- Use `process.env.RSTEST` to detect test environment and apply test-specific config\n\n## Documentation\n\n- For the latest Rstest docs, read https://rstest.rs/llms.txt\n",
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
export declare const MWAFiles: {
|
|
2
2
|
".codesandbox/environment.json": string;
|
|
3
3
|
".codesandbox/tasks.json": string;
|
|
4
|
-
".mise.toml": string;
|
|
5
4
|
".gitignore": string;
|
|
5
|
+
".mise.toml": string;
|
|
6
6
|
"AGENTS.md": string;
|
|
7
7
|
"README.md": string;
|
|
8
8
|
"lefthook.yml": string;
|
|
@@ -15,10 +15,10 @@ export declare const MWAFiles: {
|
|
|
15
15
|
".github/renovate.json": string;
|
|
16
16
|
".github/workflows/ultramodern-workspace-gates.yml": string;
|
|
17
17
|
".agents/agent-reference-repos.json": string;
|
|
18
|
-
".agents/skills-lock.json": string;
|
|
19
18
|
".agents/rstackjs-agent-skills-LICENSE": string;
|
|
20
|
-
".agents/skills
|
|
19
|
+
".agents/skills-lock.json": string;
|
|
21
20
|
".agents/skills/rslib-best-practices/SKILL.md": string;
|
|
21
|
+
".agents/skills/rsbuild-best-practices/SKILL.md": string;
|
|
22
22
|
".agents/skills/rslib-modern-package/SKILL.md": string;
|
|
23
23
|
".agents/skills/rspack-best-practices/SKILL.md": string;
|
|
24
24
|
".agents/skills/rstest-best-practices/SKILL.md": string;
|
package/package.json
CHANGED
|
@@ -17,7 +17,7 @@
|
|
|
17
17
|
"modern",
|
|
18
18
|
"modern.js"
|
|
19
19
|
],
|
|
20
|
-
"version": "3.2.0-ultramodern.
|
|
20
|
+
"version": "3.2.0-ultramodern.119",
|
|
21
21
|
"types": "./dist/types/index.d.ts",
|
|
22
22
|
"main": "./dist/cjs/index.js",
|
|
23
23
|
"module": "./dist/esm/index.mjs",
|
|
@@ -48,7 +48,7 @@
|
|
|
48
48
|
"@types/recursive-readdir": "^2.2.4",
|
|
49
49
|
"@typescript/native-preview": "7.0.0-dev.20260606.1",
|
|
50
50
|
"recursive-readdir": "^2.2.3",
|
|
51
|
-
"@modern-js/create": "npm:@bleedingdev/modern-js-create@3.2.0-ultramodern.
|
|
51
|
+
"@modern-js/create": "npm:@bleedingdev/modern-js-create@3.2.0-ultramodern.119"
|
|
52
52
|
},
|
|
53
53
|
"sideEffects": false,
|
|
54
54
|
"publishConfig": {
|