@db-ux/core-foundations 3.0.1 → 3.0.2-copilot2-e7bf98b

package/agent/_instructions.md

@@ -0,0 +1,15 @@
+## CSS
+
+- If you use CSS follow these rules:
+    - use for `variables` like, sizing, spacing, elevation, border, container-size the file **agent-path**/css/Variables.md
+
+## SCSS
+
+- If you use SCSS follow these rules:
+    - use for `variables` like, sizing, spacing, elevation, border, container-size the file **agent-path**/scss/Variables.md
+
+## Tailwind
+
+- If you use Tailwind follow these rules:
+    - use for `variables` like, sizing, spacing, elevation, border, container-size the file **agent-path**/tailwind/Variables.md
+    - Always stick with the variables don't use something like `p-4` or `m-[16px]` use `p-fix-xs` or `m-fix-md` instead.

package/agent/css/Variables.md

@@ -0,0 +1,130 @@
+```css
+.my-component {
+	inline-size: var(--db-sizing-md); /* Use sizing for fixed widths */
+	block-size: var(--db-sizing-lg); /* Use sizing for fixed heights */
+	padding: var(--db-spacing-fixed-sm); /* Use fixed spacing for paddings */
+	margin: var(
+		--db-spacing-responsive-md
+	); /* Use responsive spacing for margins */
+	border-radius: var(--db-border-radius-md); /* Use border radius */
+	transition-duration: var(
+		--db-transition-duration-medium
+	); /* Use transition duration */
+	border-width: var(--db-border-width-md); /* Use border width */
+}
+```
+
+## CSS Variables List
+
+Use sizing's for fixed heights/widths e.g. the db-button has always a fixed height
+
+- `--db-sizing-3xs`
+- `--db-sizing-2xs`
+- `--db-sizing-xs`
+- `--db-sizing-sm`
+- `--db-sizing-md`
+- `--db-sizing-lg`
+- `--db-sizing-xl`
+- `--db-sizing-2xl`
+- `--db-sizing-3xl`
+
+Use fixed spacings for all kind of distances (margin, padding, ...)
+
+- `--db-spacing-fixed-3xs`
+- `--db-spacing-fixed-2xs`
+- `--db-spacing-fixed-xs`
+- `--db-spacing-fixed-sm`
+- `--db-spacing-fixed-md`
+- `--db-spacing-fixed-lg`
+- `--db-spacing-fixed-xl`
+- `--db-spacing-fixed-2xl`
+- `--db-spacing-fixed-3xl`
+
+The primary use-case for responsive spacings are paddings/gaps in an application e.g. the <main> should have a responsive padding.
+
+- `--db-spacing-responsive-3xs`
+- `--db-spacing-responsive-2xs`
+- `--db-spacing-responsive-xs`
+- `--db-spacing-responsive-sm`
+- `--db-spacing-responsive-md`
+- `--db-spacing-responsive-lg`
+- `--db-spacing-responsive-xl`
+- `--db-spacing-responsive-2xl`
+- `--db-spacing-responsive-3xl`
+
+Elevation
+
+- `--db-elevation-sm`
+- `--db-elevation-md`
+- `--db-elevation-lg`
+
+Border
+
+- `--db-border-width-3xs`
+- `--db-border-width-2xs`
+- `--db-border-width-xs`
+- `--db-border-width-sm`
+- `--db-border-width-md`
+- `--db-border-width-lg`
+- `--db-border-width-xl`
+- `--db-border-width-2xl`
+- `--db-border-width-3xl`
+- `--db-border-radius-3xs`
+- `--db-border-radius-2xs`
+- `--db-border-radius-xs`
+- `--db-border-radius-sm`
+- `--db-border-radius-md`
+- `--db-border-radius-lg`
+- `--db-border-radius-xl`
+- `--db-border-radius-2xl`
+- `--db-border-radius-3xl`
+- `--db-border-radius-full`
+
+Opacity
+
+- `--db-opacity-3xs`
+- `--db-opacity-2xs`
+- `--db-opacity-xs`
+- `--db-opacity-sm`
+- `--db-opacity-md`
+- `--db-opacity-lg`
+- `--db-opacity-xl`
+- `--db-opacity-2xl`
+- `--db-opacity-3xl`
+- `--db-opacity-full`
+
+Transitions
+
+- `--db-transition-duration-extra-slow`
+- `--db-transition-duration-slow`
+- `--db-transition-duration-medium`
+- `--db-transition-duration-fast`
+- `--db-transition-duration-extra-fast`
+- `--db-transition-timing-emotional`
+- `--db-transition-timing-functional`
+- `--db-transition-timing-show`
+- `--db-transition-timing-hide`
+- `--db-transition-straight-emotional`
+- `--db-transition-straight-functional`
+- `--db-transition-straight-show`
+- `--db-transition-straight-hide`
+
+Screen sizes
+
+- `--db-screen-xs`
+- `--db-screen-sm`
+- `--db-screen-md`
+- `--db-screen-lg`
+- `--db-screen-xl`
+
+Container sizes
+
+- `--db-container-3xs`
+- `--db-container-2xs`
+- `--db-container-xs`
+- `--db-container-sm`
+- `--db-container-md`
+- `--db-container-lg`
+- `--db-container-xl`
+- `--db-container-2xl`
+- `--db-container-3xl`

package/agent/scss/Variables.md

@@ -0,0 +1,131 @@
+```scss
+@use "@db-ux/core-foundations/build/styles/variables";
+
+.my-component {
+	inline-size: variables.$db-sizing-md; // Use sizing for fixed widths
+	block-size: variables.$db-sizing-lg; // Use sizing for fixed heights
+	padding: variables.$db-spacing-fixed-sm; // Use fixed spacing for paddings
+	margin: variables.$db-spacing-responsive-md; // Use responsive spacing for margins
+	border-radius: variables.$db-border-radius-md; // Use border radius
+	transition-duration: variables.$db-transition-duration-medium; // Use transition duration
+	border-width: variables.$db-border-width-md; // Use border width
+}
+```
+
+### SCSS Variables List
+
+Use sizing's for fixed heights/widths e.g. the db-button has always a fixed height
+
+- `$db-sizing-3xs`
+- `$db-sizing-2xs`
+- `$db-sizing-xs`
+- `$db-sizing-sm`
+- `$db-sizing-md`
+- `$db-sizing-lg`
+- `$db-sizing-xl`
+- `$db-sizing-2xl`
+- `$db-sizing-3xl`
+
+Use fixed spacings for all kind of distances (margin, padding, ...)
+
+- `$db-spacing-fixed-3xs`
+- `$db-spacing-fixed-2xs`
+- `$db-spacing-fixed-xs`
+- `$db-spacing-fixed-sm`
+- `$db-spacing-fixed-md`
+- `$db-spacing-fixed-lg`
+- `$db-spacing-fixed-xl`
+- `$db-spacing-fixed-2xl`
+- `$db-spacing-fixed-3xl`
+
+The primary use-case for responsive spacings are paddings/gaps in an application e.g. the <main> should have a responsive padding.
+
+- `$db-spacing-responsive-3xs`
+- `$db-spacing-responsive-2xs`
+- `$db-spacing-responsive-xs`
+- `$db-spacing-responsive-sm`
+- `$db-spacing-responsive-md`
+- `$db-spacing-responsive-lg`
+- `$db-spacing-responsive-xl`
+- `$db-spacing-responsive-2xl`
+- `$db-spacing-responsive-3xl`
+
+Use elevation for shadows
+
+- `$db-elevation-sm`
+- `$db-elevation-md`
+- `$db-elevation-lg`
+
+### Use border widths for borders
+
+- `$db-border-width-3xs`
+- `$db-border-width-2xs`
+- `$db-border-width-xs`
+- `$db-border-width-sm`
+- `$db-border-width-md`
+- `$db-border-width-lg`
+- `$db-border-width-xl`
+- `$db-border-width-2xl`
+- `$db-border-width-3xl`
+
+Use border radius for rounded corners
+
+- `$db-border-radius-3xs`
+- `$db-border-radius-2xs`
+- `$db-border-radius-xs`
+- `$db-border-radius-sm`
+- `$db-border-radius-md`
+- `$db-border-radius-lg`
+- `$db-border-radius-xl`
+- `$db-border-radius-2xl`
+- `$db-border-radius-3xl`
+- `$db-border-radius-full`
+
+Use opacity for transparency effects
+
+- `$db-opacity-3xs`
+- `$db-opacity-2xs`
+- `$db-opacity-xs`
+- `$db-opacity-sm`
+- `$db-opacity-md`
+- `$db-opacity-lg`
+- `$db-opacity-xl`
+- `$db-opacity-2xl`
+- `$db-opacity-3xl`
+- `$db-opacity-full`
+
+Use transition durations for animations
+
+- `$db-transition-duration-extra-slow`
+- `$db-transition-duration-slow`
+- `$db-transition-duration-medium`
+- `$db-transition-duration-fast`
+- `$db-transition-duration-extra-fast`
+- `$db-transition-timing-emotional`
+- `$db-transition-timing-functional`
+- `$db-transition-timing-show`
+- `$db-transition-timing-hide`
+- `$db-transition-straight-emotional`
+- `$db-transition-straight-functional`
+- `$db-transition-straight-show`
+- `$db-transition-straight-hide`
+
+Use screen sizes for responsive design breakpoints
+
+- `$db-screen-xs`
+- `$db-screen-sm`
+- `$db-screen-md`
+- `$db-screen-lg`
+- `$db-screen-xl`
+
+Use container sizes for fixed containers
+
+- `$db-container-3xs`
+- `$db-container-2xs`
+- `$db-container-xs`
+- `$db-container-sm`
+- `$db-container-md`
+- `$db-container-lg`
+- `$db-container-xl`
+- `$db-container-2xl`
+- `$db-container-3xl`

package/agent/tailwind/Variables.md

@@ -0,0 +1,75 @@
+```html
+<div class="flex flex-col gap-md">
+	<div class="grid grid-cols-2 md:grid-cols-3 gap-xs">
+		<div class="w-siz-md h-siz-lg p-fix-md m-res-sm border-sm radius-md">
+			Example
+		</div>
+	</div>
+</div>
+```
+
+## Available Variables
+
+```css
+--spacing-fix-3xs: var(--db-spacing-fixed-3xs);
+--spacing-fix-2xs: var(--db-spacing-fixed-2xs);
+--spacing-fix-xs: var(--db-spacing-fixed-xs);
+--spacing-fix-sm: var(--db-spacing-fixed-sm);
+--spacing-fix-md: var(--db-spacing-fixed-md);
+--spacing-fix-lg: var(--db-spacing-fixed-lg);
+--spacing-fix-xl: var(--db-spacing-fixed-xl);
+--spacing-fix-2xl: var(--db-spacing-fixed-2xl);
+--spacing-fix-3xl: var(--db-spacing-fixed-3xl);
+--spacing-res-3xs: var(--db-spacing-responsive-3xs);
+--spacing-res-2xs: var(--db-spacing-responsive-2xs);
+--spacing-res-xs: var(--db-spacing-responsive-xs);
+--spacing-res-sm: var(--db-spacing-responsive-sm);
+--spacing-res-md: var(--db-spacing-responsive-md);
+--spacing-res-lg: var(--db-spacing-responsive-lg);
+--spacing-res-xl: var(--db-spacing-responsive-xl);
+--spacing-res-2xl: var(--db-spacing-responsive-2xl);
+--spacing-res-3xl: var(--db-spacing-responsive-3xl);
+--spacing-siz-3xs: var(--db-sizing-3xs);
+--spacing-siz-2xs: var(--db-sizing-2xs);
+--spacing-siz-xs: var(--db-sizing-xs);
+--spacing-siz-sm: var(--db-sizing-sm);
+--spacing-siz-md: var(--db-sizing-md);
+--spacing-siz-lg: var(--db-sizing-lg);
+--spacing-siz-xl: var(--db-sizing-xl);
+--spacing-siz-2xl: var(--db-sizing-2xl);
+--spacing-siz-3xl: var(--db-sizing-3xl);
+--gap-3xs: var(--db-spacing-fixed-3xs);
+--gap-2xs: var(--db-spacing-fixed-2xs);
+--gap-xs: var(--db-spacing-fixed-xs);
+--gap-sm: var(--db-spacing-fixed-sm);
+--gap-md: var(--db-spacing-fixed-md);
+--gap-lg: var(--db-spacing-fixed-lg);
+--gap-xl: var(--db-spacing-fixed-xl);
+--gap-2xl: var(--db-spacing-fixed-2xl);
+--gap-3xl: var(--db-spacing-fixed-3xl);
+--border: var(--db-border-width-3xs);
+--border-3xs: var(--db-border-width-3xs);
+--border-2xs: var(--db-border-width-2xs);
+--border-xs: var(--db-border-width-xs);
+--border-sm: var(--db-border-width-sm);
+--border-md: var(--db-border-width-md);
+--border-lg: var(--db-border-width-lg);
+--border-xl: var(--db-border-width-xl);
+--border-2xl: var(--db-border-width-2xl);
+--border-3xl: var(--db-border-width-3xl);
+--radius: var(--db-border-radius-xs);
+--radius-3xs: var(--db-border-radius-3xs);
+--radius-2xs: var(--db-border-radius-2xs);
+--radius-xs: var(--db-border-radius-xs);
+--radius-sm: var(--db-border-radius-sm);
+--radius-md: var(--db-border-radius-md);
+--radius-lg: var(--db-border-radius-lg);
+--radius-xl: var(--db-border-radius-xl);
+--radius-2xl: var(--db-border-radius-2xl);
+--radius-3xl: var(--db-border-radius-3xl);
+--radius-full: var(--db-border-radius-full);
+--shadow: var(--db-elevation-md);
+--shadow-sm: var(--db-elevation-sm);
+--shadow-md: var(--db-elevation-md);
+--shadow-lg: var(--db-elevation-lg);
+```

package/assets/fonts/generate-eu-fonts.ts

@@ -1,5 +1,5 @@
 import { glob } from 'glob';
-import { exec } from 'node:child_process';
+import { execFile } from 'node:child_process';
 import { promisify } from 'node:util';
 
 import { dirname } from 'path';
@@ -8,12 +8,16 @@ import { fileURLToPath } from 'url';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename).replaceAll('\\', '/');
 
-const execAsync = promisify(exec);
+// Security: Using execFile instead of exec to eliminate shell injection risks
+// execFile directly executes the binary without involving a shell
+const execFileAsync = promisify(execFile);
 
 const generateFonts = async () => {
 	console.log('Generating EU fonts...');
 	try {
-		await execAsync('pyftsubset --help');
+		// Security: Using array arguments instead of concatenated string
+		// This prevents shell interpretation of special characters
+		await execFileAsync('pyftsubset', ['--help']);
 	} catch (e) {
 		console.warn(
 			'You need to install pyftsubset. Check packages/foundations/assets/fonts/README.md for more information.'
@@ -22,19 +26,28 @@ const generateFonts = async () => {
 
 	try {
 		const files = await glob(`${__dirname}/*.ttf`);
-		const commands = files.map((file) =>
-			[
-				'pyftsubset',
+
+		for (const file of files) {
+			// Security: Validate that the file is within the expected directory
+			// and has the expected extension to prevent path traversal attacks
+			if (!file.startsWith(__dirname) || !file.endsWith('.ttf')) {
+				console.warn(`Skipping potentially unsafe file path: ${file}`);
+				continue;
+			}
+
+			// Security: Arguments are passed as separate array elements
+			// No shell concatenation means no risk of command injection
+			const args = [
 				file,
 				'--layout-features=*',
 				'--flavor=woff2',
 				`--unicodes-file=${__dirname}/unicode-eu.txt`,
 				`--output-file=${file.replace('.ttf', '-EU.woff2')}`
-			].join(' ')
-		);
+			];
 
-		for (const command of commands) {
-			const { stdout, stderr } = await execAsync(command);
+			// Security: execFile provides better performance and type safety
+			// as it doesn't spawn a shell process
+			const { stdout, stderr } = await execFileAsync('pyftsubset', args);
 			if (stdout) console.log(`stdout: ${stdout}`);
 			if (stderr) console.error(`stderr: ${stderr}`);
 		}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@db-ux/core-foundations",
-  "version": "3.0.1",
+  "version": "3.0.2-copilot2-e7bf98b",
   "type": "module",
   "description": "Provides basic tokens and assets based on DB UX Design System (Version 3).",
   "repository": {
@@ -12,6 +12,7 @@
   "types": "./build/index.d.ts",
   "module": "./build/index.js",
   "files": [
+    "agent",
     "assets",
     "build"
   ],
@@ -27,6 +28,7 @@
     "build:06_ts": "tsc",
     "clean": "rm --recursive --force build",
     "copy-build": "npm-run-all copy-build:*",
+    "copy-build:agent": "cpr agent ../../build-outputs/foundations/agent -o",
     "copy-build:assets": "cpr assets ../../build-outputs/foundations/assets --overwrite",
     "copy-build:package.json": "cpr package.json ../../build-outputs/foundations/package.json --overwrite",
     "copy-build:readme": "cpr README.md ../../build-outputs/foundations/README.md --overwrite",