@coralai/sps-cli 0.41.2 → 0.43.0

package/skills/qa-tester/SKILL.md

@@ -0,0 +1,186 @@
+---
+name: qa-tester
+description: Persona skill — think like a QA engineer. Test the edges, write regression tests from bugs, treat flaky as a bug. Overlay on top of language / end skills. For test patterns, see each language's `testing.md`.
+origin: agency-agents-fork + original (https://github.com/msitarzewski/agency-agents, MIT)
+---
+
+# QA Tester
+
+Hunt bugs before users do. Treat every fix as a missed test. This is a **mindset overlay** — for runner-specific patterns, see the language skill's `testing.md`.
+
+## When to load
+
+- Writing or reviewing tests
+- Thinking about what edges a feature has
+- Triaging a bug report and reproducing it
+- Reviewing a PR for test coverage
+- Deciding what to include in a release's test pass
+
+## The posture
+
+1. **Tests document behaviour.** Code says what; tests say why and under what conditions.
+2. **Test the edges first.** The happy path rarely breaks. Empty input, boundary values, concurrent access — that's where bugs live.
+3. **Every bug is a missing test.** Reproduce first (failing test), then fix.
+4. **Flaky = broken.** Intermittent failure is a bug in the test or the code. Don't normalize "retry."
+5. **Measure what the user experiences.** Not implementation internals.
+6. **Prefer fakes over mocks.** A fake that actually works is cheaper to maintain than a mock setup that grows with every method.
+7. **Coverage is a floor, not a target.** 100% coverage with weak assertions is still untested.
+
+## The edge catalog — what you always try
+
+### Inputs
+
+- Empty string / empty array / null / undefined / missing field.
+- Very long (max + 1).
+- Unicode, emoji, RTL text, zero-width joiners.
+- Whitespace variations (leading, trailing, tabs, newlines).
+- Numbers: 0, -1, max int, min int, float precision.
+- Dates: epoch, far future, timezone boundaries, DST transitions.
+- Case: UPPER, lower, MiXeD.
+- Format violations: invalid JSON, malformed URLs, bad UUIDs.
+
+### States
+
+- Fresh user vs. existing user.
+- Empty collection vs. one item vs. many.
+- Pagination: first page, last page, out-of-range page.
+- Session just started vs. about to expire vs. expired.
+- Flag on vs. off vs. transitioning.
+
+### Concurrency
+
+- Two users edit the same resource.
+- Double-submit.
+- Slow network + rapid clicks.
+- Cancellation / back button mid-request.
+- Retry after partial failure.
+
+### Permissions
+
+- Anonymous / authenticated / admin paths.
+- Cross-tenant: can A see B's data?
+- Revoked session mid-request.
+
+### Failures
+
+- DB down / slow.
+- Dependency 500 / 429 / timeout.
+- Queue full.
+- Disk full.
+- Clock skew.
+
+### Environment
+
+- Small screen, large screen, landscape.
+- Slow network (3G profile), offline.
+- Browsers: latest + one old + one mobile.
+- Locales: different decimal separators, date formats, text direction.
+
+## The test-writing loop
+
+1. **Define the behaviour** you're testing, in plain words.
+2. **Write a failing test** that demonstrates it.
+3. **Make it pass** with the smallest change.
+4. **Add edge cases** one at a time.
+5. **Check that failures read clearly** — `"expected active=true, got false"` > `"assertion failed"`.
+
+## Reproducing bugs
+
+```
+Bug report: "Submitting the form sometimes fails"
+```
+
+Don't trust the report. Translate to a test:
+
+1. Reproduce locally. If you can't reproduce, the bug may be the report.
+2. Minimize the reproduction. One test, one symptom.
+3. Write the test so it fails on current code.
+4. Fix the code so the test passes.
+5. Commit test + fix together.
+
+The test is the guarantee that the bug doesn't silently come back.
+
+## The test-pyramid discipline
+
+```
+      ▲
+      │  E2E         ← few, critical flows, slow
+      │  Integration ← moderate, real deps
+      │  Unit        ← many, fast, focused
+      ▼
+```
+
+For every feature:
+- Unit tests for pure logic.
+- Integration tests where interesting edges cross boundaries (DB, queue, HTTP).
+- E2E tests for the few flows where "the button sends you home" really matters.
+
+Inverting the pyramid (all-E2E) gives slow CI and brittle tests.
+
+## What makes a test good
+
+| Property | Why |
+|---|---|
+| Fast | You run it often. Slow = skipped = useless. |
+| Isolated | No dependency on execution order. |
+| Repeatable | Same outcome every run. No "ran it again, passed." |
+| Self-verifying | Pass/fail is automatic, not "the log looks right." |
+| Behaviour-named | `rejects_empty_email` > `test_1`. |
+
+Flaky tests fail these and poison the suite.
+
+## Test review checklist (on someone else's PR)
+
+- [ ] Is there a test for the change? For non-trivial changes, no test = push back.
+- [ ] Does the test fail without the fix? (You can mentally run it.)
+- [ ] Are edge cases covered, not just happy path?
+- [ ] Any sleeps, real timeouts, or order-dependent state?
+- [ ] Do error messages point you at the right place?
+- [ ] Do the test names describe behaviour clearly?
+- [ ] Any commented-out or skipped tests?
+- [ ] Any assertions with no signal (`assertTrue(true)`, `toEqual(x, x)`)?
+- [ ] Fixtures are small + scoped; no shared mutable globals.
+
+## What you push back on
+
+- **"It's just a small change, no test needed."** It's the small changes that break things silently.
+- **Retry / skip to fix flakiness.** That's hiding the bug; fix the root.
+- **Snapshot tests without review discipline.** Change accepted without reading = loss of signal.
+- **Over-mocking (10 mocks for 20 LOC).** The unit is poorly shaped; refactor.
+- **Coverage for coverage's sake.** Tests that hit lines without asserting behaviour.
+- **UI tests that "look at" rather than "act on"** (assert on CSS classes rather than observable effects).
+
+## What you let go
+
+- **Testing framework internals.** They have their own tests.
+- **Testing trivial getters / setters.** No risk, no signal.
+- **Testing the framework's routing / DI.** Integration test, not unit.
+- **100% coverage.** Aim for meaningful coverage, not the number.
+
+## Standard categories of bug you always look for
+
+- **Off-by-one** — boundary errors in loops, pagination, limits.
+- **Null / undefined / empty** — every access, every field.
+- **Locale / TZ** — dates, numbers, sorting, text direction.
+- **Race / ordering** — in async code, check concurrent interleavings.
+- **Integer overflow / float precision** — money in float, counters that wrap.
+- **Trust boundary** — input that skipped validation, state that leaked privilege.
+- **Idempotency** — retry of any write.
+- **Resource leaks** — connections, file handles, timers.
+
+## Forbidden patterns
+
+- Tests that sleep (real time) to wait for async
+- Test names like `test1`, `test_foo2`
+- `it.only` / `describe.only` committed to main
+- Shared global state not reset between tests
+- Snapshot tests for output containing dates / UUIDs / random IDs (without redaction)
+- Production credentials / real emails in tests
+- Tests that call the real external API in unit suite
+- Disabled tests without a tracking issue and a deletion date
+
+## Pair with
+
+- The language's `testing.md` reference for runner specifics.
+- [`coding-standards/references/tdd.md`](../coding-standards/references/tdd.md) — the cycle.
+- [`debugging-workflow`](../debugging-workflow/SKILL.md) — when a test reveals a deeper bug.

package/skills/rust/SKILL.md

@@ -0,0 +1,50 @@
+---
+name: rust
+description: Rust language skill — ownership, traits, errors, async, testing. Pair with end skills (`backend`, `devops`) and with `coding-standards` for cross-language principles.
+origin: original
+---
+
+# Rust
+
+Ownership, lifetimes, traits, errors, async. **Language-focused**. Architecture → end skills. General principles (TDD, naming, error strategy) → `coding-standards`.
+
+## When to load
+
+- Project primary language is Rust
+- Reviewing Rust code
+- Designing types, traits, error hierarchies
+- Async with `tokio` / `async-std`
+
+## Core principles
+
+1. **Make invalid states unrepresentable.** Use the type system — enums, newtypes, bounds — before runtime checks.
+2. **`Result` for expected failure, `panic!` only for bugs / invariant violations.**
+3. **Prefer owned types at API boundaries; `&str` / `&[T]` inside.** Callers decide the allocation policy.
+4. **Small traits, defined at the call site.** Don't pre-abstract.
+5. **`#[must_use]` on types that ignore-means-bug** (`Result`, builders, guards).
+6. **No `unwrap()` / `expect()` outside tests and `main`.** The compiler enforces error handling; don't opt out.
+7. **`clippy::pedantic` in CI.** Treat warnings as errors.
+8. **`cargo fmt` and `cargo clippy` — never argue style.**
+
+## How to use references
+
+| Reference | When to load |
+|---|---|
+| [`references/ownership.md`](references/ownership.md) | Borrowing, lifetimes, move vs. copy, `Rc`/`Arc`, interior mutability |
+| [`references/errors.md`](references/errors.md) | `Result`, `?`, `thiserror`, `anyhow`, error enums, chaining |
+| [`references/traits.md`](references/traits.md) | Traits, generics, `impl Trait`, associated types, trait objects |
+| [`references/async.md`](references/async.md) | `async fn`, futures, `tokio`, cancellation, `select!`, pinning |
+| [`references/testing.md`](references/testing.md) | `#[test]`, integration tests, `cargo test`, property testing |
+
+## Forbidden patterns (auto-reject)
+
+- `unwrap()` / `expect()` in non-test, non-`main` code without a comment explaining why it's unreachable
+- `panic!` as control flow
+- `unsafe` without a `// SAFETY:` comment listing every invariant the caller must uphold
+- `.clone()` in a hot loop when a borrow would suffice
+- `Rc<RefCell<T>>` without a thread-sharing story (single-threaded only; use `Arc<Mutex<T>>` if it crosses threads)
+- Blocking calls inside an `async fn` (`std::thread::sleep`, `std::fs::*` in tokio)
+- `#[allow(clippy::...)]` without a nearby comment justifying it
+- Overlarge error enums (40+ variants); split by module
+- Returning `Vec<String>` from a parse when `&str` views into the input would work
+- Ignoring `#[must_use]` on `Result` (compiler warns; treat as error)

package/skills/rust/references/async.md

@@ -0,0 +1,224 @@
+# Rust — Async
+
+`async fn`, futures, `tokio`, cancellation, `select!`, pinning traps.
+
+## `async fn` basics
+
+```rust
+async fn fetch(url: &str) -> Result<String, reqwest::Error> {
+    reqwest::get(url).await?.text().await
+}
+```
+
+`async fn` returns a `Future`. The future does nothing until awaited.
+
+```rust
+// ❌ nothing runs
+let f = fetch("https://x.com");
+
+// ✅
+let body = fetch("https://x.com").await?;
+```
+
+## Runtimes
+
+Rust doesn't ship a runtime. Pick one:
+
+- **tokio** — de facto standard; multi-threaded; huge ecosystem
+- **async-std** — simpler, fewer features; smaller
+- **smol** — lightweight; good for embedded / minimal binaries
+
+Most production code is tokio. Mixing runtimes in one process is painful — pick early.
+
+```rust
+#[tokio::main]
+async fn main() -> anyhow::Result<()> {
+    run().await
+}
+```
+
+## `.await` is a suspension point
+
+Every `.await` can be where another task takes over. Anything you hold across `.await` must be `Send` if the runtime moves tasks between threads.
+
+```rust
+// ❌ std::sync::MutexGuard isn't Send; holding across .await breaks
+let g = mu.lock().unwrap();
+do_something().await;            // compile error on tokio multi-threaded
+g.push(x);
+
+// ✅ tokio::sync::Mutex is async-aware
+let mut g = mu.lock().await;
+do_something().await;
+g.push(x);
+
+// ✅ or drop the guard first
+{
+    let mut g = mu.lock().unwrap();
+    g.push(x);
+}
+do_something().await;
+```
+
+## Concurrency primitives
+
+### `tokio::spawn` — fire a task
+
+```rust
+let handle = tokio::spawn(async move {
+    work().await
+});
+let result = handle.await??;         // first ? for JoinError, second for inner Result
+```
+
+`spawn` requires `Send + 'static`. For local-only (non-`Send`) work on the current thread, use `tokio::task::spawn_local` inside a `LocalSet`.
+
+### `join!` — run futures in parallel, wait for all
+
+```rust
+let (u, o) = tokio::join!(get_user(id), get_orders(id));
+```
+
+Same task; no threads involved. All futures must be awaitable concurrently.
+
+### `try_join!` — parallel, short-circuit on first error
+
+```rust
+let (u, o) = tokio::try_join!(get_user(id), get_orders(id))?;
+```
+
+### `select!` — wait on the first of several
+
+```rust
+tokio::select! {
+    r = fetch(url) => handle(r),
+    _ = tokio::time::sleep(Duration::from_secs(5)) => timeout(),
+    _ = ctx.cancelled() => cancelled(),
+}
+```
+
+`select!` drops the non-winning futures (cancellation). Anything side-effectful in the dropped branch must be cancellation-safe. **Many operations aren't** — databases mid-transaction, partial writes. Use `Pin<Box<...>>` + `futures::future::FutureExt::fuse` or structure with cancellation guards.
+
+## Cancellation
+
+In Rust async, cancellation = dropping the future. It happens:
+- When a `tokio::select!` branch loses.
+- When a `spawn`ed `JoinHandle` is aborted.
+- When the caller stops awaiting (e.g., `timeout` fires).
+
+**Cancellation-safety** is a property of individual futures. Not all are safe to drop mid-flight. Library docs usually say.
+
+Rule: critical writes should complete in a non-cancellable section. `tokio::spawn(async { ... }).await` insulates from caller cancellation (but the spawned task gets its own drop path).
+
+## Timeouts
+
+```rust
+use tokio::time::{timeout, Duration};
+
+match timeout(Duration::from_secs(5), fetch(url)).await {
+    Ok(Ok(body)) => ...,
+    Ok(Err(e))   => return Err(e.into()),
+    Err(_)       => return Err(anyhow!("timeout")),
+}
+```
+
+Budget timeouts across layers — inner < outer.
+
+## Bounded concurrency
+
+```rust
+use futures::stream::{StreamExt, iter};
+
+let results: Vec<_> = iter(urls)
+    .map(|u| fetch(u))
+    .buffer_unordered(10)           // 10 in flight
+    .collect()
+    .await;
+```
+
+`buffer_unordered` for order-insensitive; `buffered` preserves order.
+
+## Channels
+
+| Channel | Use |
+|---|---|
+| `tokio::sync::mpsc` | Multi-producer, single-consumer |
+| `tokio::sync::broadcast` | Multi-producer, multi-consumer (fan-out); bounded, drops if lagging |
+| `tokio::sync::watch` | Single-slot "latest value"; good for config / state updates |
+| `tokio::sync::oneshot` | One-shot; request → response |
+
+```rust
+let (tx, mut rx) = tokio::sync::mpsc::channel(100);
+tokio::spawn(async move {
+    while let Some(msg) = rx.recv().await {
+        process(msg).await;
+    }
+});
+tx.send(msg).await?;
+```
+
+Bounded channels = backpressure. Use unbounded sparingly; unbounded sends can run the receiver out of memory.
+
+## Avoid blocking the executor
+
+```rust
+// ❌ blocks the worker thread — starves other tasks
+std::thread::sleep(Duration::from_secs(1));
+std::fs::read_to_string("big.txt")?;
+
+// ✅
+tokio::time::sleep(Duration::from_secs(1)).await;
+tokio::fs::read_to_string("big.txt").await?;
+
+// ✅ offload CPU-bound / blocking I/O to a blocking-friendly pool
+tokio::task::spawn_blocking(|| do_cpu_work())
+    .await?;
+```
+
+A single blocking call on a worker thread pauses every async task on that worker.
+
+## Pinning — the big word, rare in application code
+
+Async state machines live in memory at addresses their own self-references assume are stable. `Pin<P<T>>` is how the language tells you "don't move this".
+
+You typically only care if you write your own `Future`. With `async fn` + `tokio`, pinning is handled for you. If you see a compile error about `Unpin`, `Pin::new_unchecked`, or "future cannot be unpinned" — that's when you read up. Day-to-day, ignore.
+
+## Structured concurrency — `JoinSet`
+
+```rust
+use tokio::task::JoinSet;
+
+let mut set = JoinSet::new();
+for url in urls {
+    set.spawn(fetch(url));
+}
+while let Some(res) = set.join_next().await {
+    match res {
+        Ok(Ok(body)) => use_body(body),
+        Ok(Err(e))   => log::warn!("fetch failed: {e}"),
+        Err(e) if e.is_panic() => log::error!("task panicked"),
+        Err(_) => {},
+    }
+}
+```
+
+Better than loose `spawn` + vector of handles — `JoinSet` cleans up on drop.
+
+## Debugging
+
+- **tokio-console** — live task inspector; shows stuck tasks, contention.
+- `RUST_LOG=debug` with `tracing-subscriber` for structured async logs.
+- `#[tokio::main(flavor = "current_thread")]` temporarily for deterministic local repros.
+
+## Anti-patterns
+
+| Anti-pattern | Fix |
+|---|---|
+| `std::thread::sleep` / `std::fs::*` in async | Use `tokio::*` equivalents or `spawn_blocking` |
+| Holding `std::sync::MutexGuard` across `.await` | Drop before await or use `tokio::sync::Mutex` |
+| Unbounded channels everywhere | Use bounded; apply backpressure |
+| `async` on functions that do no awaiting | Drop `async`; callers shouldn't need to await |
+| `tokio::spawn` with captured `&` references | Move owned data; tasks are `'static` |
+| `.await` inside a loop that could be parallel | `buffer_unordered` or `JoinSet` |
+| `select!` over non-cancellation-safe futures | Read the docs; wrap in `spawn` if unsafe to drop |
+| Runtimes nested in runtimes (calling `Runtime::new().block_on(...)` inside an async fn) | Don't; `.await` or use `spawn_blocking` |

package/skills/rust/references/errors.md

@@ -0,0 +1,240 @@
+# Rust — Errors
+
+`Result`, `?`, `thiserror`, `anyhow`. For general strategy, see `coding-standards/references/error-strategy.md`.
+
+## `Result<T, E>` is the contract
+
+Expected failure → `Result`. Bugs / invariant violations → `panic!`.
+
+```rust
+fn parse_port(s: &str) -> Result<u16, ParseIntError> {
+    s.parse()
+}
+```
+
+`Result` is `#[must_use]`. The compiler warns if you ignore one. Treat warnings as errors.
+
+## The `?` operator
+
+Propagate errors with one character.
+
+```rust
+fn load() -> Result<Config, ConfigError> {
+    let raw = std::fs::read_to_string("config.yaml")?;    // io::Error -> ConfigError (via From)
+    let cfg: Config = serde_yaml::from_str(&raw)?;        // serde error -> ConfigError
+    Ok(cfg)
+}
+```
+
+`?` uses the `From` trait to convert the inner error to the function's error type. Implement `From<SubErr> for TopErr` to get conversion for free (or use `thiserror`).
+
+## Error enums with `thiserror`
+
+For library code where callers need to match on variants.
+
+```rust
+use thiserror::Error;
+
+#[derive(Debug, Error)]
+pub enum ConfigError {
+    #[error("read config file: {0}")]
+    Io(#[from] std::io::Error),
+
+    #[error("parse yaml: {0}")]
+    Parse(#[from] serde_yaml::Error),
+
+    #[error("missing field {field}")]
+    MissingField { field: String },
+
+    #[error("invalid value for {field}: {reason}")]
+    InvalidValue { field: String, reason: String },
+}
+```
+
+`#[from]` auto-generates `From<io::Error> for ConfigError`, so `?` just works.
+
+## `anyhow` for applications
+
+For `main`, CLI tools, glue code — anywhere callers only need "it failed, here's why".
+
+```rust
+use anyhow::{Context, Result};
+
+fn main() -> Result<()> {
+    let cfg = load_config("config.yaml")
+        .context("loading application config")?;
+    run(cfg).context("running application")?;
+    Ok(())
+}
+```
+
+`anyhow::Error` is a type-erased error with a chain. `.context()` adds breadcrumbs. The final message reads like:
+
+```
+Error: running application
+
+Caused by:
+    0: loading application config
+    1: parse yaml
+    2: missing field: database.url
+```
+
+**Rule**: libraries → `thiserror`; binaries → `anyhow`. Mixing both is fine — libraries use their typed errors; `anyhow::Error` wraps them at the edge.
+
+## Error sources & chaining
+
+Every error has a chain. Walk it when logging:
+
+```rust
+fn log_error(err: &dyn std::error::Error) {
+    eprintln!("error: {err}");
+    let mut source = err.source();
+    while let Some(s) = source {
+        eprintln!("  caused by: {s}");
+        source = s.source();
+    }
+}
+```
+
+`anyhow` formats the chain for you. With `thiserror`, implement `Display` to include context, and let callers walk `.source()`.
+
+## Avoid `Box<dyn Error>` in libraries
+
+`Box<dyn Error>` erases your error type. Callers lose the ability to match variants. Fine inside `main` or in examples; avoid in public API.
+
+```rust
+// ❌ in a library
+pub fn load() -> Result<Config, Box<dyn Error>> { ... }
+
+// ✅
+pub fn load() -> Result<Config, ConfigError> { ... }
+```
+
+## `unwrap()` / `expect()` — when OK
+
+- **Tests** — panic on unexpected failure is fine.
+- **`main`** — as long as the panic message is actionable.
+- **"Statically known impossible"** — document with `.expect("invariant: X")`.
+
+```rust
+// ✅ truly impossible
+let re = Regex::new(r"^\d+$").expect("hardcoded regex is valid");
+
+// ❌ lazy
+let line = input.lines().next().unwrap();    // what if input is empty?
+```
+
+`.expect("msg")` is better than `.unwrap()` — the message tells the next reader why this was assumed safe.
+
+## `match` vs. `if let` vs. `?`
+
+```rust
+// ✅ handle both cases
+match parse(s) {
+    Ok(v) => use_v(v),
+    Err(e) => log::warn!("parse failed: {e}"),
+}
+
+// ✅ one case matters
+if let Ok(v) = parse(s) {
+    use_v(v);
+}
+
+// ✅ propagate
+let v = parse(s)?;
+```
+
+## Combining errors with `?` across types
+
+If two error types coexist in the function, implement `From` or let `anyhow` absorb both.
+
+```rust
+// Typed approach
+impl From<ReqError> for MyError { ... }
+impl From<ParseError> for MyError { ... }
+
+// Anyhow approach
+fn load() -> anyhow::Result<Config> {
+    let body = reqwest::blocking::get(url)?.text()?;
+    let cfg = serde_yaml::from_str(&body)?;
+    Ok(cfg)
+}
+```
+
+## Retries
+
+Retry only idempotent operations. No runtime hides bad idempotency.
+
+```rust
+fn with_retry<F, T, E>(mut f: F) -> Result<T, E>
+where F: FnMut() -> Result<T, E>, E: std::fmt::Debug
+{
+    let mut wait = 100;
+    for attempt in 0..3 {
+        match f() {
+            Ok(v) => return Ok(v),
+            Err(e) if attempt < 2 => {
+                log::warn!("attempt {attempt} failed: {e:?}");
+                std::thread::sleep(Duration::from_millis(wait));
+                wait *= 2;
+            }
+            Err(e) => return Err(e),
+        }
+    }
+    unreachable!()
+}
+```
+
+For real use, bring a crate (`backoff`, `tokio-retry`). See `backend/references/resilience.md` for when.
+
+## Domain-specific error granularity
+
+Keep error enums focused. One giant `AppError` with 40 variants is worse than five module-level error types.
+
+```rust
+// Module a/error.rs
+pub enum Error { /* a-specific */ }
+
+// Module b/error.rs
+pub enum Error { /* b-specific */ }
+
+// crate top-level (for public API or for anyhow consumers)
+pub enum Error {
+    #[error(transparent)] A(#[from] a::Error),
+    #[error(transparent)] B(#[from] b::Error),
+}
+```
+
+`#[error(transparent)]` + `#[from]` makes the outer enum forward the inner's message cleanly.
+
+## Panic → catch at the edge
+
+Panics in spawned threads or tasks need to be caught or your server silently degrades.
+
+```rust
+// Axum / tower middleware example — pseudo
+tokio::task::spawn(async move {
+    match tokio::task::spawn(async { handle(req).await }).await {
+        Ok(Ok(resp)) => resp,
+        Ok(Err(e))   => to_http_response(e),
+        Err(join_err) if join_err.is_panic() => {
+            log::error!("handler panicked");
+            http_500()
+        }
+        Err(_) => http_500(),
+    }
+});
+```
+
+## Anti-patterns
+
+| Anti-pattern | Fix |
+|---|---|
+| `unwrap()` in library code | Return `Result`, let the caller decide |
+| `panic!("bad input")` on user input | Return a validation error |
+| Stringly-typed errors (`Err("failed".to_string())`) | Typed enum |
+| One `Error::Other(String)` variant used for everything | Split by actual failure mode |
+| Catching every error with `?` and ignoring the chain in logs | Walk `.source()` or use `anyhow` formatting |
+| `Box<dyn Error>` in public lib API | `thiserror`-generated enum |
+| Using `anyhow` inside library code that users might match on | Define a typed error |
+| Silent `.ok()` / `.unwrap_or_default()` that swallows meaningful failures | Handle or propagate |