npm - @cubis/foundry - Versions diffs - 0.3.70 → 0.3.72 - Mend

@cubis/foundry 0.3.70 → 0.3.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (304) hide show

package/workflows/powers/ruby-pro/references/ruby-concurrency-and-testing.md ADDED Viewed

@@ -0,0 +1,190 @@
+# Ruby Concurrency and Testing
+## Ractor patterns (Ruby 3.0+)
+### Basic Ractor usage
+```ruby
+# CPU-bound parallel computation
+ractors = 4.times.map do |i|
+  Ractor.new(i) do |id|
+    # Each Ractor has its own isolated memory
+    heavy_computation(id)
+  end
+end
+results = ractors.map(&:take) # Collect results
+```
+- Ractors provide true parallelism by isolating memory between execution contexts.
+- Only shareable objects can be sent between Ractors: frozen objects, `Ractor.make_shareable(obj)`.
+- Use `Ractor.yield` / `Ractor.receive` for message-passing between Ractors.
+### Ractor constraints
+| Allowed                          | Not allowed                                   |
+| -------------------------------- | --------------------------------------------- |
+| Frozen strings, numbers, symbols | Mutable strings, arrays, hashes               |
+| `Ractor.make_shareable(obj)`     | Class variables shared across Ractors         |
+| `Ractor::MovedObject` transfer   | Global variables (`$stdout` is special-cased) |
+- Most gems are NOT Ractor-safe. Test thoroughly before using Ractors with external libraries.
+- Prefer Ractors for compute-heavy, isolated work (parsing, image processing, data transformation).
+## Fiber and Async patterns
+### Fiber-based concurrency
+```ruby
+require 'async'
+Async do |task|
+  # I/O-bound concurrent operations
+  response1 = task.async { HTTP.get("https://api.example.com/users") }
+  response2 = task.async { HTTP.get("https://api.example.com/posts") }
+  users = response1.wait
+  posts = response2.wait
+end
+```
+- Fibers run on a single thread — no thread-safety concerns for shared state.
+- Use the `async` gem for production fiber-based I/O concurrency.
+- Ideal for I/O-bound work: HTTP requests, database queries, file operations.
+- Not suitable for CPU-bound work — use Ractors or process-based parallelism instead.
+### Thread safety primitives
+```ruby
+mutex = Mutex.new
+counter = 0
+threads = 10.times.map do
+  Thread.new do
+    mutex.synchronize { counter += 1 }
+  end
+end
+threads.each(&:join)
+```
+- Use `Mutex#synchronize` for critical sections. Never call `lock`/`unlock` manually.
+- Use `Queue` for thread-safe producer/consumer patterns.
+- Use `Monitor` when you need reentrant locking (same thread can re-acquire the lock).
+- Prefer `Concurrent::Map` (from concurrent-ruby) over `Hash` with manual locking.
+## Background job patterns
+### Sidekiq best practices
+```ruby
+class UserNotificationJob
+  include Sidekiq::Job
+  sidekiq_options queue: :default, retry: 3
+  def perform(user_id, event_type)
+    user = User.find(user_id)
+    NotificationService.new(user).send(event_type)
+  end
+end
+```
+- Pass only primitive arguments (IDs, strings). Never pass ActiveRecord objects — they can't be serialized safely.
+- Set explicit retry counts. Use dead-letter queues for permanently failed jobs.
+- Keep jobs idempotent — they may run more than once due to retries.
+- Use separate queues for different priority levels (`:critical`, `:default`, `:low`).
+## Testing strategy
+### RSpec structure
+```ruby
+RSpec.describe UserService do
+  describe "#create" do
+    subject(:result) { described_class.new(repo:).create(params) }
+    let(:repo) { instance_double(UserRepository) }
+    let(:params) { { name: "Alice", email: "alice@example.com" } }
+    context "with valid params" do
+      before { allow(repo).to receive(:save).and_return(user) }
+      let(:user) { build(:user, **params) }
+      it { is_expected.to be_success }
+      it { expect(result.value).to have_attributes(name: "Alice") }
+    end
+    context "with duplicate email" do
+      before { allow(repo).to receive(:save).and_raise(UniqueViolation) }
+      it { is_expected.to be_failure }
+      it { expect(result.error).to include("already exists") }
+    end
+  end
+end
+```
+- Use `describe` for the class/method, `context` for scenarios, `it` for assertions.
+- Use `instance_double` for strict mocking — fails if the mocked method doesn't exist.
+- Use `let` for lazy setup, `let!` for eager setup, `before` for side effects.
+### Factory patterns
+```ruby
+FactoryBot.define do
+  factory :user do
+    name { Faker::Name.name }
+    email { Faker::Internet.email }
+    role { :member }
+    trait :admin do
+      role { :admin }
+    end
+    trait :with_posts do
+      after(:create) do |user|
+        create_list(:post, 3, author: user)
+      end
+    end
+  end
+end
+```
+- Use traits for variations instead of separate factories.
+- Prefer `build` (in-memory) over `create` (persisted) in unit tests for speed.
+- Use `build_stubbed` for the fastest option when persistence behavior isn't under test.
+## Gem dependency audit
+### Bundler security workflow
+```bash
+# Check for known vulnerabilities
+bundle audit check --update
+# List outdated gems (direct dependencies only)
+bundle outdated --only-explicit
+# Generate dependency graph
+bundle viz --format=svg
+```
+- Run `bundle audit` in CI. Block deploys on critical findings.
+- Update gems in small batches: `bundle update gem_name` + run full test suite.
+- Review changelogs before major version bumps — breaking changes often affect behavior silently.
+- Use `Gemfile` groups (`:development`, `:test`) to keep production dependencies minimal.
+### Type checking with Sorbet
+```ruby
+# typed: strict
+extend T::Sig
+sig { params(name: String, age: Integer).returns(User) }
+def create_user(name, age)
+  User.new(name:, age:)
+end
+```
+- Use `typed: strict` for new files, `typed: true` as a minimum for existing files.
+- Generate RBI files for gems: `tapioca gem` for type stubs.
+- Run `srb tc` in CI alongside tests.

package/workflows/powers/ruby-pro/references/testing-and-rspec.md ADDED Viewed

@@ -0,0 +1,236 @@
+# Testing and RSpec Patterns
+## RSpec Structure
+```ruby
+# spec/services/create_order_spec.rb
+RSpec.describe CreateOrder do
+  subject(:service) { described_class.new(order_repo:, pricing:, notifier:) }
+  let(:order_repo) { instance_double(OrderRepository) }
+  let(:pricing) { instance_double(PricingService) }
+  let(:notifier) { instance_double(EmailNotifier) }
+  before do
+    allow(order_repo).to receive(:save)
+    allow(notifier).to receive(:order_created)
+  end
+  describe "#call" do
+    context "with valid items" do
+      let(:items) { [build(:line_item, quantity: 2)] }
+      before do
+        allow(pricing).to receive(:calculate).and_return(Money.new(amount: 1999, currency: "USD"))
+      end
+      it "creates an order" do
+        result = service.call(customer: build(:user), items:)
+        expect(result).to be_success
+        expect(result.value).to be_a(Order)
+        expect(result.value.total.amount).to eq(1999)
+      end
+      it "saves to repository" do
+        service.call(customer: build(:user), items:)
+        expect(order_repo).to have_received(:save).once
+      end
+      it "notifies customer" do
+        service.call(customer: build(:user), items:)
+        expect(notifier).to have_received(:order_created).once
+      end
+    end
+    context "with empty items" do
+      it "returns failure" do
+        result = service.call(customer: build(:user), items: [])
+        expect(result).to be_failure
+        expect(result.error).to include("empty")
+      end
+    end
+  end
+end
+```
+## Shared Examples
+```ruby
+# spec/support/shared_examples/authenticatable.rb
+RSpec.shared_examples "authenticatable" do
+  describe "#authenticate" do
+    it "returns true for correct password" do
+      subject.password = "secret123"
+      expect(subject.authenticate("secret123")).to be true
+    end
+    it "returns false for wrong password" do
+      subject.password = "secret123"
+      expect(subject.authenticate("wrong")).to be false
+    end
+  end
+end
+# Usage in specs
+RSpec.describe User do
+  subject { build(:user) }
+  it_behaves_like "authenticatable"
+end
+RSpec.describe AdminUser do
+  subject { build(:admin_user) }
+  it_behaves_like "authenticatable"
+end
+```
+## Request Specs (API Testing)
+```ruby
+RSpec.describe "Orders API", type: :request do
+  let(:user) { create(:user) }
+  let(:headers) { { "Authorization" => "Bearer #{user.auth_token}" } }
+  describe "POST /api/orders" do
+    let(:valid_params) do
+      {
+        order: {
+          items: [{ product_id: create(:product).id, quantity: 2 }],
+        },
+      }
+    end
+    context "with valid params" do
+      it "creates order and returns 201" do
+        post "/api/orders", params: valid_params, headers:, as: :json
+        expect(response).to have_http_status(:created)
+        expect(json_response["order"]["id"]).to be_present
+        expect(Order.count).to eq(1)
+      end
+    end
+    context "without auth" do
+      it "returns 401" do
+        post "/api/orders", params: valid_params, as: :json
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+    context "with invalid params" do
+      it "returns 422 with errors" do
+        post "/api/orders", params: { order: { items: [] } }, headers:, as: :json
+        expect(response).to have_http_status(:unprocessable_entity)
+        expect(json_response["errors"]).to include("items")
+      end
+    end
+  end
+end
+# Helper
+def json_response
+  JSON.parse(response.body)
+end
+```
+## FactoryBot Strategies
+```ruby
+# spec/factories/users.rb
+FactoryBot.define do
+  factory :user do
+    sequence(:email) { |n| "user#{n}@example.com" }
+    name { Faker::Name.name }
+    role { :viewer }
+    password { "password123" }
+    trait :admin do
+      role { :admin }
+    end
+    trait :with_orders do
+      transient do
+        order_count { 3 }
+      end
+      after(:create) do |user, evaluator|
+        create_list(:order, evaluator.order_count, customer: user)
+      end
+    end
+  end
+end
+# Usage
+build(:user)                          # in-memory, no DB
+create(:user, :admin)                 # persisted admin
+create(:user, :with_orders, order_count: 5)  # with associated orders
+attributes_for(:user)                 # hash of attributes
+```
+## Test Doubles
+```ruby
+# instance_double — verifies methods exist on the real class
+repo = instance_double(OrderRepository)
+allow(repo).to receive(:find_by_id).with(1).and_return(order)
+allow(repo).to receive(:save).and_return(true)
+# class_double
+api_class = class_double(ExternalApi, fetch: response)
+# spy — record calls, verify after
+notifier = spy("notifier")
+service.call(notifier:)
+expect(notifier).to have_received(:notify).with(hash_including(type: :order_created))
+# Stub chain
+allow(User).to receive_message_chain(:active, :where, :order).and_return(users)
+# Prefer extracting a query object over long stub chains
+```
+## SimpleCov Configuration
+```ruby
+# spec/spec_helper.rb (must be at the very top)
+require "simplecov"
+SimpleCov.start do
+  add_filter "/spec/"
+  add_filter "/config/"
+  add_filter "/vendor/"
+  add_group "Services", "app/services"
+  add_group "Models", "app/models"
+  add_group "Controllers", "app/controllers"
+  minimum_coverage 80
+  minimum_coverage_by_file 50
+end
+# CI integration
+if ENV["CI"]
+  require "simplecov-cobertura"
+  SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
+end
+```
+## CI Test Pipeline
+```bash
+# Gemfile
+group :test do
+  gem "rspec-rails"
+  gem "factory_bot_rails"
+  gem "faker"
+  gem "simplecov"
+  gem "webmock"        # stub external HTTP
+  gem "vcr"            # record/replay HTTP
+  gem "rubocop-rspec"  # RSpec-specific linting
+end
+# CI script
+bundle exec rubocop --parallel           # lint
+bundle exec rspec --format documentation # tests
+bundle audit check                       # vulnerability scan
+```

package/workflows/powers/rust-pro/POWER.md CHANGED Viewed

@@ -2,51 +2,65 @@
 ---
 inclusion: manual
 name: "rust-pro"
-description: "Use for modern Rust systems/services with stable 1.91-era patterns, async correctness, and performance-focused design."
+description: "Use for modern Rust systems/services with stable 1.94-era patterns, async correctness, and performance-focused design."
 license: MIT
 metadata:
-  version: "2.0.0"
-  domain: "language"
-  role: "specialist"
-  stack: "rust"
-  baseline: "Rust stable 1.91"
+  author: cubis-foundry
+  version: "2.0"
+compatibility: Claude Code, Codex, GitHub Copilot
 ---
 # Rust Pro
-## When to use
+## Purpose
-- Building high-reliability services, CLIs, and systems components.
-- Solving ownership/lifetime design problems.
+Expert-level guidance for modern Rust development covering high-reliability services, CLIs, and systems components. Focuses on ownership and lifetime design, async correctness with cancellation safety, explicit error modeling, and performance optimization through profiling discipline.
+## When to Use
+- Building high-reliability services, CLIs, and systems components in Rust.
+- Solving ownership, lifetime, and borrowing design problems.
 - Optimizing memory safety and runtime performance together.
-## Core workflow
+## Instructions
+1. **Define ownership and error model first** — design data flow so each value has one clear owner. Clone only when shared ownership is genuinely required. Keep borrow scopes tight. Use `Cow<'_, T>` when a function sometimes needs to allocate and sometimes can borrow. Avoid lifetime annotations in public APIs unless the caller truly controls the borrowed data's scope.
+2. **Choose async runtime and crates intentionally** — use `tokio` as the default async runtime. Pin to a specific runtime version in `Cargo.lock`. Make every async function cancellation-safe: dropping a future must not corrupt state. Use `tokio::select!` with care because the unselected branch is dropped and state mutations before `.await` are lost.
+3. **Model errors as enums with context** — use `thiserror` for library error enums exposed in public APIs; `anyhow` for application-level error propagation. Use `?` for propagation with `.context()` / `.with_context()` at layer boundaries. Map foreign errors into domain types at crate boundaries. Do not use `.unwrap()` or `.expect()` outside tests and provably-infallible paths because they cause panics in production. Do not leak dependency error types across crate boundaries because it couples consumers to transitive dependencies.
+4. **Design traits and types for the problem** — model closed variant sets with enums and exhaustive `match`. Use trait objects (`dyn Trait`) only at plugin or boundary points. Implement `From`/`Into` for natural conversions, `TryFrom`/`TryInto` for fallible ones. Keep trait surfaces small. Use newtype wrappers (`struct UserId(u64)`) to prevent primitive type confusion.
+5. **Implement in small composable modules** — use `tokio`/`axum`/`tower` patterns for service work. Use `tower` middleware for timeouts, rate limits, and retries at the service boundary. Separate transport DTOs from domain types. Keep `Send + Sync` bounds explicit in trait objects and spawned tasks.
+6. **Keep `unsafe` minimal and documented** — document invariants for every `unsafe` block. Prefer safe abstractions. Do not use premature `unsafe` optimization because the compiler and optimizer handle most cases.
+7. **Verify with tests, clippy, and formatting** — maintain `rustfmt` + `clippy` clean in CI. Use `cargo test` and targeted benchmarks. Make task cancellation, retries, and error chains visible in `tracing` instrumentation. Prefer iterator/trait composition over macro-heavy complexity.
+8. **Profile before low-level optimization** — measure allocations, lock contention, and tail latency before unsafe or low-level tuning. Bound work queues and connection pools explicitly. Do not use unbounded `tokio::spawn` fan-out without backpressure because it exhausts resources. Do not use `Arc<Mutex<T>>` when a channel-based ownership transfer would be clearer because it adds unnecessary contention. Do not use global mutable state for request data because it creates race conditions.
+## Output Format
-1. Define ownership and error model first.
-2. Choose async/runtime crates intentionally.
-3. Implement small composable modules.
-4. Verify with tests, clippy, and formatting.
-5. Profile before low-level optimization.
+Produces Rust code with explicit ownership design, structured error enums, cancellation-safe async patterns, and bounded concurrency. Includes trait-based abstractions and newtype wrappers where applicable.
-## Baseline standards
+## References
-- `rustfmt` + `clippy` clean in CI.
-- Use explicit error types (`thiserror`/`anyhow` by layer).
-- Keep `unsafe` minimal and documented with invariants.
-- Prefer iterator/trait composition over macro-heavy complexity.
-- Make concurrency cancellation-safe and backpressure-aware.
+| File                                    | Load when                                                                                                  |
+| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
+| `references/ownership-and-borrowing.md` | Ownership transfer, borrow scope design, lifetime annotations, or `Cow`/`Arc` tradeoffs need detail.       |
+| `references/async-safety-patterns.md`   | Cancellation safety, `select!` pitfalls, structured concurrency, or runtime configuration need detail.     |
+| `references/error-handling-design.md`   | Error enum design, `thiserror`/`anyhow` layering, context chains, or foreign error mapping need detail.    |
+| `references/trait-design-patterns.md`   | Trait object vs enum dispatch, newtype patterns, `From`/`Into` design, or generic constraints need detail. |
+| `references/unsafe-and-ffi-guide.md`    | Unsafe blocks, FFI boundaries, raw pointer invariants, or soundness documentation need detail.             |
-## Implementation guidance
+## Scripts
-- Use `tokio`/`axum`/`tower` patterns for service work.
-- Model domain states with enums and exhaustive matching.
-- Use `Arc` + interior mutability only when ownership alternatives fail.
-- Keep borrow scopes tight to improve readability and compile times.
-- Separate transport DTOs from domain types.
+No helper scripts are required for this skill right now. Keep execution in `SKILL.md` and `references/` unless repeated automation becomes necessary.
-## Avoid
+## Examples
-- Premature `unsafe` optimization.
-- Silent `unwrap`/`expect` in non-test code paths.
-- Global mutable state for request data.
+- "Design the error type hierarchy for this multi-crate workspace with thiserror for libraries and anyhow at the application layer."
+- "Refactor this async handler to be cancellation-safe when using tokio::select! with shared state."
+- "Implement a bounded worker pool with backpressure using tokio channels and a semaphore."
 ````

package/workflows/powers/rust-pro/SKILL.md CHANGED Viewed

@@ -1,49 +1,63 @@
 ---
 name: "rust-pro"
-description: "Use for modern Rust systems/services with stable 1.91-era patterns, async correctness, and performance-focused design."
+description: "Use for modern Rust systems/services with stable 1.94-era patterns, async correctness, and performance-focused design."
 license: MIT
 metadata:
-  version: "2.0.0"
-  domain: "language"
-  role: "specialist"
-  stack: "rust"
-  baseline: "Rust stable 1.91"
+  author: cubis-foundry
+  version: "2.0"
+compatibility: Claude Code, Codex, GitHub Copilot
 ---
 # Rust Pro
-## When to use
+## Purpose
-- Building high-reliability services, CLIs, and systems components.
-- Solving ownership/lifetime design problems.
+Expert-level guidance for modern Rust development covering high-reliability services, CLIs, and systems components. Focuses on ownership and lifetime design, async correctness with cancellation safety, explicit error modeling, and performance optimization through profiling discipline.
+## When to Use
+- Building high-reliability services, CLIs, and systems components in Rust.
+- Solving ownership, lifetime, and borrowing design problems.
 - Optimizing memory safety and runtime performance together.
-## Core workflow
+## Instructions
+1. **Define ownership and error model first** — design data flow so each value has one clear owner. Clone only when shared ownership is genuinely required. Keep borrow scopes tight. Use `Cow<'_, T>` when a function sometimes needs to allocate and sometimes can borrow. Avoid lifetime annotations in public APIs unless the caller truly controls the borrowed data's scope.
+2. **Choose async runtime and crates intentionally** — use `tokio` as the default async runtime. Pin to a specific runtime version in `Cargo.lock`. Make every async function cancellation-safe: dropping a future must not corrupt state. Use `tokio::select!` with care because the unselected branch is dropped and state mutations before `.await` are lost.
+3. **Model errors as enums with context** — use `thiserror` for library error enums exposed in public APIs; `anyhow` for application-level error propagation. Use `?` for propagation with `.context()` / `.with_context()` at layer boundaries. Map foreign errors into domain types at crate boundaries. Do not use `.unwrap()` or `.expect()` outside tests and provably-infallible paths because they cause panics in production. Do not leak dependency error types across crate boundaries because it couples consumers to transitive dependencies.
+4. **Design traits and types for the problem** — model closed variant sets with enums and exhaustive `match`. Use trait objects (`dyn Trait`) only at plugin or boundary points. Implement `From`/`Into` for natural conversions, `TryFrom`/`TryInto` for fallible ones. Keep trait surfaces small. Use newtype wrappers (`struct UserId(u64)`) to prevent primitive type confusion.
+5. **Implement in small composable modules** — use `tokio`/`axum`/`tower` patterns for service work. Use `tower` middleware for timeouts, rate limits, and retries at the service boundary. Separate transport DTOs from domain types. Keep `Send + Sync` bounds explicit in trait objects and spawned tasks.
+6. **Keep `unsafe` minimal and documented** — document invariants for every `unsafe` block. Prefer safe abstractions. Do not use premature `unsafe` optimization because the compiler and optimizer handle most cases.
+7. **Verify with tests, clippy, and formatting** — maintain `rustfmt` + `clippy` clean in CI. Use `cargo test` and targeted benchmarks. Make task cancellation, retries, and error chains visible in `tracing` instrumentation. Prefer iterator/trait composition over macro-heavy complexity.
+8. **Profile before low-level optimization** — measure allocations, lock contention, and tail latency before unsafe or low-level tuning. Bound work queues and connection pools explicitly. Do not use unbounded `tokio::spawn` fan-out without backpressure because it exhausts resources. Do not use `Arc<Mutex<T>>` when a channel-based ownership transfer would be clearer because it adds unnecessary contention. Do not use global mutable state for request data because it creates race conditions.
+## Output Format
-1. Define ownership and error model first.
-2. Choose async/runtime crates intentionally.
-3. Implement small composable modules.
-4. Verify with tests, clippy, and formatting.
-5. Profile before low-level optimization.
+Produces Rust code with explicit ownership design, structured error enums, cancellation-safe async patterns, and bounded concurrency. Includes trait-based abstractions and newtype wrappers where applicable.
-## Baseline standards
+## References
-- `rustfmt` + `clippy` clean in CI.
-- Use explicit error types (`thiserror`/`anyhow` by layer).
-- Keep `unsafe` minimal and documented with invariants.
-- Prefer iterator/trait composition over macro-heavy complexity.
-- Make concurrency cancellation-safe and backpressure-aware.
+| File                                    | Load when                                                                                                  |
+| --------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
+| `references/ownership-and-borrowing.md` | Ownership transfer, borrow scope design, lifetime annotations, or `Cow`/`Arc` tradeoffs need detail.       |
+| `references/async-safety-patterns.md`   | Cancellation safety, `select!` pitfalls, structured concurrency, or runtime configuration need detail.     |
+| `references/error-handling-design.md`   | Error enum design, `thiserror`/`anyhow` layering, context chains, or foreign error mapping need detail.    |
+| `references/trait-design-patterns.md`   | Trait object vs enum dispatch, newtype patterns, `From`/`Into` design, or generic constraints need detail. |
+| `references/unsafe-and-ffi-guide.md`    | Unsafe blocks, FFI boundaries, raw pointer invariants, or soundness documentation need detail.             |
-## Implementation guidance
+## Scripts
-- Use `tokio`/`axum`/`tower` patterns for service work.
-- Model domain states with enums and exhaustive matching.
-- Use `Arc` + interior mutability only when ownership alternatives fail.
-- Keep borrow scopes tight to improve readability and compile times.
-- Separate transport DTOs from domain types.
+No helper scripts are required for this skill right now. Keep execution in `SKILL.md` and `references/` unless repeated automation becomes necessary.
-## Avoid
+## Examples
-- Premature `unsafe` optimization.
-- Silent `unwrap`/`expect` in non-test code paths.
-- Global mutable state for request data.
+- "Design the error type hierarchy for this multi-crate workspace with thiserror for libraries and anyhow at the application layer."
+- "Refactor this async handler to be cancellation-safe when using tokio::select! with shared state."
+- "Implement a bounded worker pool with backpressure using tokio channels and a semaphore."