@deftai/directive-content 0.55.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/deft/SKILL.md +6 -0
- package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
- package/.agents/skills/deft-directive-build/SKILL.md +10 -0
- package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
- package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
- package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
- package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
- package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
- package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
- package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
- package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
- package/.agents/skills/deft-directive-release/SKILL.md +12 -0
- package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
- package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
- package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
- package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
- package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
- package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
- package/LICENSE.md +22 -0
- package/QUICK-START.md +167 -0
- package/UPGRADING.md +517 -0
- package/coding/build-output.md +28 -0
- package/coding/coding.md +235 -0
- package/coding/debugging.md +110 -0
- package/coding/holzmann.md +96 -0
- package/coding/hygiene.md +127 -0
- package/coding/security.md +158 -0
- package/coding/testing.md +162 -0
- package/coding/toolchain.md +44 -0
- package/commands.md +300 -0
- package/context/context.md +57 -0
- package/context/deterministic-split.md +67 -0
- package/context/examples.md +26 -0
- package/context/fractal-summaries.md +69 -0
- package/context/long-horizon.md +46 -0
- package/context/spec-deltas.md +177 -0
- package/context/tool-design.md +34 -0
- package/context/working-memory.md +62 -0
- package/contracts/boundary-maps.md +65 -0
- package/contracts/deterministic-questions.md +59 -0
- package/contracts/hierarchy.md +77 -0
- package/conventions/content-manifest.json +399 -0
- package/conventions/machine-generated-banner.md +130 -0
- package/conventions/references.md +120 -0
- package/conventions/rule-ownership.json +382 -0
- package/conventions/task-caching.md +43 -0
- package/conventions/vbrief-filenames.md +70 -0
- package/deployments/README.md +37 -0
- package/deployments/agentuity/README.md +138 -0
- package/deployments/agentuity/via-cli.md +380 -0
- package/deployments/agentuity/via-cloud.md +425 -0
- package/deployments/agentuity/via-github-actions.md +664 -0
- package/deployments/agentuity/via-gravity-network.md +606 -0
- package/deployments/agentuity/via-vpc.md +607 -0
- package/deployments/aws/README.md +38 -0
- package/deployments/aws/via-app-runner.md +612 -0
- package/deployments/aws/via-ecs-fargate.md +561 -0
- package/deployments/aws/via-elastic-beanstalk.md +628 -0
- package/deployments/aws/via-lambda.md +649 -0
- package/deployments/azure/README.md +37 -0
- package/deployments/azure/via-aks.md +390 -0
- package/deployments/azure/via-app-service.md +564 -0
- package/deployments/azure/via-container-apps.md +599 -0
- package/deployments/azure/via-functions.md +552 -0
- package/deployments/cloud-gov/README.md +63 -0
- package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
- package/deployments/cloud-gov/agents.md +39 -0
- package/deployments/cloud-gov/cicd.md +64 -0
- package/deployments/cloud-gov/deployment.md +150 -0
- package/deployments/cloud-gov/logging.md +43 -0
- package/deployments/cloud-gov/manifest.md +121 -0
- package/deployments/cloud-gov/overview.md +58 -0
- package/deployments/cloud-gov/security.md +46 -0
- package/deployments/cloud-gov/services.md +72 -0
- package/deployments/cloud-gov/upstream/README.md +18 -0
- package/deployments/cloudflare/README.md +33 -0
- package/deployments/cloudflare/via-dashboard.md +83 -0
- package/deployments/cloudflare/via-git.md +90 -0
- package/deployments/cloudflare/via-github-actions.md +185 -0
- package/deployments/cloudflare/via-terraform.md +157 -0
- package/deployments/cloudflare/via-wrangler.md +165 -0
- package/deployments/fly-io/README.md +37 -0
- package/deployments/fly-io/via-dockerfile.md +648 -0
- package/deployments/fly-io/via-flyctl.md +653 -0
- package/deployments/fly-io/via-github-actions.md +695 -0
- package/deployments/fly-io/via-multi-region.md +598 -0
- package/deployments/google/README.md +34 -0
- package/deployments/google/via-app-engine.md +42 -0
- package/deployments/google/via-cloud-functions.md +23 -0
- package/deployments/google/via-cloud-run.md +330 -0
- package/deployments/google/via-gke.md +23 -0
- package/deployments/netlify/README.md +99 -0
- package/deployments/netlify/via-cli.md +17 -0
- package/deployments/netlify/via-functions.md +19 -0
- package/deployments/netlify/via-git.md +25 -0
- package/deployments/vercel/README.md +90 -0
- package/deployments/vercel/via-api.md +16 -0
- package/deployments/vercel/via-cli.md +17 -0
- package/deployments/vercel/via-git.md +24 -0
- package/docs/BROWNFIELD.md +179 -0
- package/docs/getting-started.md +137 -0
- package/docs/good-agents-md.md +137 -0
- package/events/README.md +89 -0
- package/events/event-record.schema.json +26 -0
- package/events/registry.json +166 -0
- package/events/registry.schema.json +71 -0
- package/glossary.md +145 -0
- package/incidents/README.md +81 -0
- package/incidents/_template.md +38 -0
- package/interfaces/cli.md +104 -0
- package/interfaces/rest.md +212 -0
- package/interfaces/tui.md +242 -0
- package/interfaces/web.md +123 -0
- package/languages/6502-DASM.md +132 -0
- package/languages/c.md +235 -0
- package/languages/commands.md +23 -0
- package/languages/cpp.md +132 -0
- package/languages/csharp.md +259 -0
- package/languages/dart.md +183 -0
- package/languages/delphi.md +218 -0
- package/languages/elixir.md +208 -0
- package/languages/go.md +78 -0
- package/languages/java.md +278 -0
- package/languages/javascript.md +163 -0
- package/languages/julia.md +175 -0
- package/languages/kotlin.md +193 -0
- package/languages/markdown.md +168 -0
- package/languages/mermaid.md +146 -0
- package/languages/officejs.md +392 -0
- package/languages/python.md +209 -0
- package/languages/r.md +163 -0
- package/languages/rust.md +216 -0
- package/languages/sql.md +216 -0
- package/languages/swift.md +153 -0
- package/languages/typescript.md +132 -0
- package/languages/vba.md +279 -0
- package/languages/vhdl.md +180 -0
- package/languages/visual-basic.md +151 -0
- package/languages/zig.md +196 -0
- package/meta/SOUL.md +27 -0
- package/meta/code-field.md +44 -0
- package/meta/morals.md +40 -0
- package/meta/philosophy.md +39 -0
- package/meta/project.md +49 -0
- package/meta/ralph.md +223 -0
- package/meta/security.md +80 -0
- package/meta/versioning.md +326 -0
- package/package.json +22 -0
- package/packs/lessons/lessons-pack-0.1.json +553 -0
- package/packs/patterns/patterns-pack-0.1.json +57 -0
- package/packs/rules/rules-pack-0.1.json +4767 -0
- package/packs/skills/skills-pack-0.1.json +262 -0
- package/packs/strategies/strategies-pack-0.1.json +167 -0
- package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
- package/patterns/executor-layer-credentials.md +227 -0
- package/patterns/llm-app.md +156 -0
- package/patterns/multi-agent.md +278 -0
- package/patterns/prompt-assembly-layer-ordering.md +154 -0
- package/patterns/role-as-overlay.md +179 -0
- package/platforms/2600.md +137 -0
- package/platforms/unity.md +329 -0
- package/references/composer-skill-porting.md +152 -0
- package/references/cost-models.md +163 -0
- package/references/ip-risk.md +246 -0
- package/references/plain-english-ux.md +275 -0
- package/resilience/context-pruning.md +67 -0
- package/resilience/continue-here.md +62 -0
- package/scm/changelog.md +276 -0
- package/scm/git.md +139 -0
- package/scm/github.md +265 -0
- package/secrets/.gitkeep +0 -0
- package/skills/deft-build/SKILL.md +20 -0
- package/skills/deft-directive-article-review/SKILL.md +156 -0
- package/skills/deft-directive-build/SKILL.md +302 -0
- package/skills/deft-directive-cost/SKILL.md +201 -0
- package/skills/deft-directive-debug/SKILL.md +140 -0
- package/skills/deft-directive-decompose/SKILL.md +96 -0
- package/skills/deft-directive-gh-arch/SKILL.md +160 -0
- package/skills/deft-directive-gh-slice/SKILL.md +199 -0
- package/skills/deft-directive-glossary/SKILL.md +118 -0
- package/skills/deft-directive-interview/SKILL.md +528 -0
- package/skills/deft-directive-pre-pr/SKILL.md +131 -0
- package/skills/deft-directive-probe/SKILL.md +127 -0
- package/skills/deft-directive-refinement/SKILL.md +403 -0
- package/skills/deft-directive-release/SKILL.md +266 -0
- package/skills/deft-directive-review-cycle/SKILL.md +401 -0
- package/skills/deft-directive-setup/SKILL.md +717 -0
- package/skills/deft-directive-swarm/SKILL.md +989 -0
- package/skills/deft-directive-sync/SKILL.md +288 -0
- package/skills/deft-directive-triage/SKILL.md +137 -0
- package/skills/deft-directive-write-skill/SKILL.md +169 -0
- package/skills/deft-interview/SKILL.md +16 -0
- package/skills/deft-pre-pr/SKILL.md +16 -0
- package/skills/deft-review-cycle/SKILL.md +16 -0
- package/skills/deft-roadmap-refresh/SKILL.md +16 -0
- package/skills/deft-setup/SKILL.md +20 -0
- package/skills/deft-swarm/SKILL.md +16 -0
- package/skills/deft-sync/SKILL.md +16 -0
- package/strategies/README.md +83 -0
- package/strategies/artifact-guards.md +85 -0
- package/strategies/bdd.md +115 -0
- package/strategies/brownfield.md +7 -0
- package/strategies/discuss.md +129 -0
- package/strategies/emit-hints.md +69 -0
- package/strategies/enterprise.md +193 -0
- package/strategies/interview.md +551 -0
- package/strategies/map.md +179 -0
- package/strategies/probe.md +151 -0
- package/strategies/rapid.md +155 -0
- package/strategies/research.md +155 -0
- package/strategies/roadmap.md +9 -0
- package/strategies/speckit.md +437 -0
- package/strategies/v0-20-contract.md +134 -0
- package/strategies/yolo.md +169 -0
- package/swarm/swarm.md +300 -0
- package/templates/COST-ESTIMATE.md +114 -0
- package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
- package/templates/agent-prompt-preamble.md +409 -0
- package/templates/agents-entry.md +211 -0
- package/templates/agents-entry.placeholders.md +75 -0
- package/templates/embed.go +20 -0
- package/templates/embed_test.go +36 -0
- package/templates/make-spec-example.md +9 -0
- package/templates/make-spec.md +246 -0
- package/templates/project.md.template +52 -0
- package/templates/specification.md +1 -0
- package/templates/swarm-greptile-poller-prompt.md +556 -0
- package/templates/user.md.template +31 -0
- package/tools/RWLDL.md +80 -0
- package/tools/greptile.md +141 -0
- package/tools/installer.md +23 -0
- package/tools/taskfile-migration.md +32 -0
- package/tools/taskfile.md +185 -0
- package/tools/telemetry.md +285 -0
- package/vbrief/schemas/cache-meta.schema.json +137 -0
- package/vbrief/schemas/candidates.schema.json +130 -0
- package/vbrief/schemas/codebase-map.schema.json +213 -0
- package/vbrief/schemas/lessons-pack.schema.json +134 -0
- package/vbrief/schemas/patterns-pack.schema.json +84 -0
- package/vbrief/schemas/rules-pack.schema.json +105 -0
- package/vbrief/schemas/skills-pack.schema.json +94 -0
- package/vbrief/schemas/slices.schema.json +87 -0
- package/vbrief/schemas/strategies-pack.schema.json +89 -0
- package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
- package/vbrief/schemas/vbrief-core.schema.json +1022 -0
- package/vbrief/vbrief.md +684 -0
- package/verification/integration.md +76 -0
- package/verification/plan-checking.md +85 -0
- package/verification/uat.md +60 -0
- package/verification/verification.md +117 -0
|
@@ -0,0 +1,212 @@
|
|
|
1
|
+
# REST API Design
|
|
2
|
+
|
|
3
|
+
Resource-based, stateless, standard HTTP methods, JSON by default.
|
|
4
|
+
|
|
5
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
6
|
+
|
|
7
|
+
## Core Architecture
|
|
8
|
+
|
|
9
|
+
REST APIs are resource-based, stateless, and use standard HTTP methods with JSON as the default format. Design resources as nouns, use HTTP verbs for operations, and maintain strict statelessness with token-based authentication.
|
|
10
|
+
|
|
11
|
+
## URIs
|
|
12
|
+
|
|
13
|
+
- ! Use nouns, ⊗ use verbs (`/products` not `/getProducts`)
|
|
14
|
+
- ~ Use plural nouns for collections (`/users` not `/user`)
|
|
15
|
+
- ! Lowercase with hyphens (⊗ underscores)
|
|
16
|
+
- ~ Limit nesting to 1-2 levels; beyond that use query params
|
|
17
|
+
- ! Use reserved chars correctly: `/` hierarchy, `?` queries, `#` fragments
|
|
18
|
+
|
|
19
|
+
```
|
|
20
|
+
GET /products # Collection
|
|
21
|
+
GET /products/123 # Single resource
|
|
22
|
+
GET /products/123/reviews # Nested (max 2 levels)
|
|
23
|
+
GET /products?category=electronics&sort=price # Filtering/sorting
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
## HTTP Methods
|
|
27
|
+
|
|
28
|
+
! Use methods per RFC 7231/9110 semantics:
|
|
29
|
+
|
|
30
|
+
- **GET**: Retrieve (idempotent, safe, cacheable)
|
|
31
|
+
- **POST**: Create (not idempotent)
|
|
32
|
+
- **PUT**: Replace entire resource (idempotent)
|
|
33
|
+
- **PATCH**: Partial update (not idempotent)
|
|
34
|
+
- **DELETE**: Remove (idempotent)
|
|
35
|
+
- **HEAD**: Headers only (idempotent, safe, cacheable)
|
|
36
|
+
- **OPTIONS**: Allowed methods (idempotent, safe)
|
|
37
|
+
|
|
38
|
+
```
|
|
39
|
+
GET /users/123 # Retrieve
|
|
40
|
+
POST /users # Create
|
|
41
|
+
PUT /users/123 # Replace
|
|
42
|
+
PATCH /users/123 # Update fields
|
|
43
|
+
DELETE /users/123 # Remove
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
## Status Codes
|
|
47
|
+
|
|
48
|
+
! Use standard HTTP status codes (RFC 7231):
|
|
49
|
+
|
|
50
|
+
**2xx Success**:
|
|
51
|
+
- ! `200 OK` for successful GET/PUT/PATCH
|
|
52
|
+
- ! `201 Created` for POST; ~ include Location header
|
|
53
|
+
- ~ `204 No Content` for DELETE or PUT with no body
|
|
54
|
+
|
|
55
|
+
**3xx Redirection**:
|
|
56
|
+
- ? `301 Moved Permanently`, `304 Not Modified` as appropriate
|
|
57
|
+
|
|
58
|
+
**4xx Client Error**:
|
|
59
|
+
- ! `400 Bad Request` for malformed/validation errors
|
|
60
|
+
- ! `401 Unauthorized` for missing/invalid auth
|
|
61
|
+
- ! `403 Forbidden` for authenticated but not authorized
|
|
62
|
+
- ! `404 Not Found` for nonexistent resource
|
|
63
|
+
- ? `422 Unprocessable Entity` for semantic errors
|
|
64
|
+
|
|
65
|
+
**5xx Server Error**:
|
|
66
|
+
- ~ `500 Internal Server Error` for generic errors
|
|
67
|
+
- ~ `502 Bad Gateway` for upstream failure
|
|
68
|
+
- ! `503 Service Unavailable` for temporary unavailability
|
|
69
|
+
|
|
70
|
+
## Request/Response
|
|
71
|
+
|
|
72
|
+
- ! Use JSON (`application/json`) by default
|
|
73
|
+
- ? Support other formats via content negotiation
|
|
74
|
+
|
|
75
|
+
```http
|
|
76
|
+
POST /users
|
|
77
|
+
Content-Type: application/json
|
|
78
|
+
{"name": "Alice", "email": "alice@example.com"}
|
|
79
|
+
|
|
80
|
+
HTTP/1.1 201 Created
|
|
81
|
+
Location: /users/456
|
|
82
|
+
{"id": 456, "name": "Alice", "email": "alice@example.com"}
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
**Error format**:
|
|
86
|
+
```json
|
|
87
|
+
{"error": {"code": "VALIDATION_ERROR", "message": "...", "details": [...]}}
|
|
88
|
+
```
|
|
89
|
+
|
|
90
|
+
## Statelessness
|
|
91
|
+
|
|
92
|
+
- ! Be stateless; each request contains all needed info
|
|
93
|
+
- ⊗ Maintain client session state on server
|
|
94
|
+
- ! Use token auth in headers: `Authorization: Bearer <token>`
|
|
95
|
+
- ! Client manages its own state
|
|
96
|
+
- ⊗ Use session cookies for state
|
|
97
|
+
|
|
98
|
+
## Collections
|
|
99
|
+
|
|
100
|
+
~ Support filtering, sorting, pagination for collections:
|
|
101
|
+
|
|
102
|
+
- **Filtering**: `?category=electronics&brand=apple`
|
|
103
|
+
- **Sorting**: `?sort=price` (asc), `?sort=-price` (desc)
|
|
104
|
+
- **Pagination**: `?page=2&size=20` (~ page-based; offset-based optional)
|
|
105
|
+
- ~ Include metadata: `{"data": [...], "page": 2, "total": 450, "links": {...}}`
|
|
106
|
+
|
|
107
|
+
## Versioning
|
|
108
|
+
|
|
109
|
+
- ! Implement versioning from day one
|
|
110
|
+
- URI: `/v1/products` (most common)
|
|
111
|
+
- Header: `API-Version: 2` (cleaner)
|
|
112
|
+
- Content negotiation: `Accept: application/vnd.example.v2+json` (purist)
|
|
113
|
+
- ~ Follow semantic versioning: vMAJOR.MINOR.PATCH
|
|
114
|
+
- ! Give 6-12 months deprecation notice; ! document migration path
|
|
115
|
+
|
|
116
|
+
## Caching
|
|
117
|
+
|
|
118
|
+
~ Use HTTP cache headers (RFC 9111) for cacheable resources:
|
|
119
|
+
|
|
120
|
+
- **Cache-Control**: `Cache-Control: public, max-age=3600, must-revalidate`
|
|
121
|
+
- **ETag**: `ETag: "abc123"` + conditional `If-None-Match` → `304 Not Modified`
|
|
122
|
+
- **Last-Modified**: `Last-Modified` + conditional `If-Modified-Since`
|
|
123
|
+
- Only GET/HEAD may be cached; ⊗ cache POST/PUT/DELETE
|
|
124
|
+
|
|
125
|
+
## Security
|
|
126
|
+
|
|
127
|
+
**Transport**:
|
|
128
|
+
- ! Public APIs use HTTPS; local/internal APIs may use HTTP
|
|
129
|
+
|
|
130
|
+
**Authentication**:
|
|
131
|
+
- ! Public APIs implement auth; ~ local APIs implement auth; prototypes may defer initially
|
|
132
|
+
- ~ OAuth 2.0 for user auth, JWT for stateless, API keys for service-to-service
|
|
133
|
+
|
|
134
|
+
**Authorization**:
|
|
135
|
+
- ~ Implement RBAC
|
|
136
|
+
|
|
137
|
+
**Security Headers**:
|
|
138
|
+
- ~ Include: `Strict-Transport-Security`, `Content-Security-Policy`, `X-Content-Type-Options`, `X-Frame-Options`
|
|
139
|
+
|
|
140
|
+
**Input Validation**:
|
|
141
|
+
- ! Validate all inputs (type, format, range)
|
|
142
|
+
- ! Sanitize to prevent SQL injection, XSS
|
|
143
|
+
- ~ Use allow-lists; ≉ rely on deny-lists alone
|
|
144
|
+
|
|
145
|
+
**Rate Limiting** (~ implement):
|
|
146
|
+
- `X-RateLimit-*` headers; ~ sliding window; ! return `429 Too Many Requests`
|
|
147
|
+
|
|
148
|
+
## Performance
|
|
149
|
+
|
|
150
|
+
- ~ Support compression: `Accept-Encoding: gzip, brotli`
|
|
151
|
+
- ? Support sparse fieldsets: `?fields=id,name,email`
|
|
152
|
+
- ~ Large resources support Range requests: `206 Partial Content`
|
|
153
|
+
- ~ Long-running tasks use async pattern: POST → `201` + Location → GET status
|
|
154
|
+
|
|
155
|
+
## Documentation
|
|
156
|
+
|
|
157
|
+
- ! Provide comprehensive documentation; ~ use OpenAPI/Swagger
|
|
158
|
+
- ! Include: all endpoints, schemas, auth methods, error codes, rate limits, versioning, changelog
|
|
159
|
+
- ? Use tools: Swagger UI, ReDoc, or Postman
|
|
160
|
+
|
|
161
|
+
## HATEOAS
|
|
162
|
+
|
|
163
|
+
? Implement HATEOAS (hypermedia links guide navigation):
|
|
164
|
+
|
|
165
|
+
```json
|
|
166
|
+
{"id": 123, "links": [
|
|
167
|
+
{"rel": "self", "href": "/products/123"},
|
|
168
|
+
{"rel": "reviews", "href": "/products/123/reviews"}
|
|
169
|
+
]}
|
|
170
|
+
```
|
|
171
|
+
|
|
172
|
+
Trade-off: flexibility vs response size
|
|
173
|
+
|
|
174
|
+
## Testing
|
|
175
|
+
|
|
176
|
+
See [testing.md](../coding/testing.md) for universal requirements.
|
|
177
|
+
|
|
178
|
+
- ! Unit tests: individual endpoints, edge cases
|
|
179
|
+
- ! Integration tests: full workflows, realistic scenarios
|
|
180
|
+
- ~ Load tests: JMeter, Gatling, k6
|
|
181
|
+
- ! Security tests: SQL injection, XSS, auth bypass (OWASP ZAP, Burp Suite)
|
|
182
|
+
|
|
183
|
+
## Monitoring
|
|
184
|
+
|
|
185
|
+
- ! Implement monitoring; ~ track: uptime, response times, error rates, request volume, rate limits, auth failures
|
|
186
|
+
- ~ Use correlation IDs (`X-Request-ID`) for tracing
|
|
187
|
+
|
|
188
|
+
## Anti-patterns
|
|
189
|
+
|
|
190
|
+
- ⊗ Verbs in URIs (`/getUsers`)
|
|
191
|
+
- ⊗ Non-standard status codes (`200 OK` with error in body)
|
|
192
|
+
- ⊗ Session state on server
|
|
193
|
+
- ⊗ Different data types from same endpoint
|
|
194
|
+
- ⊗ Deep nesting (`/a/1/b/2/c/3/d/4`)
|
|
195
|
+
- ⊗ Ignoring HTTP method semantics
|
|
196
|
+
- ⊗ No versioning from start
|
|
197
|
+
- ⊗ Exposing internal DB structure directly
|
|
198
|
+
|
|
199
|
+
## Summary
|
|
200
|
+
|
|
201
|
+
1. ! Resources as nouns, HTTP methods as verbs
|
|
202
|
+
2. ! JSON for requests/responses
|
|
203
|
+
3. ! Stateless with token auth
|
|
204
|
+
4. ! Standard HTTP status codes
|
|
205
|
+
5. ! Version from day one
|
|
206
|
+
6. ~ Filter, sort, paginate collections
|
|
207
|
+
7. ~ Cache with ETags/Cache-Control
|
|
208
|
+
8. ! HTTPS for public APIs
|
|
209
|
+
9. ~ Rate limit
|
|
210
|
+
10. ! Document with OpenAPI
|
|
211
|
+
11. ! Test: unit, integration, security
|
|
212
|
+
12. ! Monitor health, performance, usage
|
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
# TUI Agent Guidelines
|
|
2
|
+
|
|
3
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
4
|
+
|
|
5
|
+
**Scope:** Terminal User Interfaces (TUIs) with interactive components, event handling, layout management.
|
|
6
|
+
|
|
7
|
+
## Framework Selection
|
|
8
|
+
|
|
9
|
+
**Python Projects:**
|
|
10
|
+
- ! Use Textual (https://textual.textualize.io/)
|
|
11
|
+
- Rich integration, reactive system, CSS-like styling, component model
|
|
12
|
+
- Examples: process monitors, log viewers, configuration tools, dev dashboards
|
|
13
|
+
|
|
14
|
+
**TypeScript/JavaScript Projects:**
|
|
15
|
+
- ! Use ink (https://github.com/vadimdemedes/ink)
|
|
16
|
+
- React-like component model, hooks, JSX/TSX support
|
|
17
|
+
- Examples: CLI installers, build watchers, interactive prompts
|
|
18
|
+
|
|
19
|
+
**Other Languages:**
|
|
20
|
+
- Rust: ratatui + crossterm
|
|
21
|
+
- Go: bubbletea + lipgloss
|
|
22
|
+
|
|
23
|
+
## Core Architecture
|
|
24
|
+
|
|
25
|
+
**Component Structure:**
|
|
26
|
+
- ! Single responsibility per component
|
|
27
|
+
- ! Composable widgets (App → Screens → Widgets → Primitives)
|
|
28
|
+
- ! Clear separation: UI logic vs business logic
|
|
29
|
+
- ~ Keep components <150 lines; split if larger
|
|
30
|
+
|
|
31
|
+
**State Management:**
|
|
32
|
+
- ! Reactive data binding (Textual reactive properties, ink useState/useReducer)
|
|
33
|
+
- ! Centralized state for shared data
|
|
34
|
+
- ! Immutable updates (return new state, don't mutate)
|
|
35
|
+
- ⊗ Global mutable state outside framework
|
|
36
|
+
|
|
37
|
+
**Event Handling:**
|
|
38
|
+
- ! Framework event system (Textual `on_*` methods, ink hooks)
|
|
39
|
+
- ! Async event handlers for I/O operations
|
|
40
|
+
- ! Debounce high-frequency events (key repeats, resize)
|
|
41
|
+
- ~ Command pattern for complex actions
|
|
42
|
+
|
|
43
|
+
## Textual-Specific (Python)
|
|
44
|
+
|
|
45
|
+
**Components:**
|
|
46
|
+
- ! Inherit from `Widget`, `Screen`, or primitives (`Static`, `Button`, `Input`, `DataTable`, etc.)
|
|
47
|
+
- ! Use `reactive` for reactive properties: `count = reactive(0)`
|
|
48
|
+
- ! Implement lifecycle methods: `compose()`, `on_mount()`, `on_show()`
|
|
49
|
+
|
|
50
|
+
**Styling:**
|
|
51
|
+
- ! CSS-like styling in `*.tcss` files or inline
|
|
52
|
+
- ! Use design tokens for consistency: `$primary`, `$surface`, etc.
|
|
53
|
+
- ! Responsive layouts: `grid`, `horizontal`, `vertical` containers
|
|
54
|
+
- ~ Dark/light theme support via CSS variables
|
|
55
|
+
|
|
56
|
+
**Async Patterns:**
|
|
57
|
+
- ! Use `async def` for I/O operations
|
|
58
|
+
- ! Workers for background tasks: `self.run_worker(task, exclusive=True)`
|
|
59
|
+
- ! Timers for periodic updates: `self.set_interval(1.0, self.update)`
|
|
60
|
+
- ⊗ Blocking operations in event handlers
|
|
61
|
+
|
|
62
|
+
**Key Bindings:**
|
|
63
|
+
```python
|
|
64
|
+
BINDINGS = [
|
|
65
|
+
Binding("q", "quit", "Quit"),
|
|
66
|
+
Binding("ctrl+c", "quit", "Quit", show=False),
|
|
67
|
+
]
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
## ink-Specific (TypeScript)
|
|
71
|
+
|
|
72
|
+
**Components:**
|
|
73
|
+
- ! Functional components with hooks
|
|
74
|
+
- ! `useState` for local state, `useReducer` for complex state
|
|
75
|
+
- ! `useEffect` for side effects (cleanup on unmount)
|
|
76
|
+
- ! `useInput` for key handling
|
|
77
|
+
|
|
78
|
+
**Layout:**
|
|
79
|
+
- ! Flexbox-based layout via `<Box>` component
|
|
80
|
+
- ! Props: `flexDirection`, `justifyContent`, `alignItems`, `padding`, `margin`
|
|
81
|
+
- ! `<Text>` for content, `<Newline>` for line breaks
|
|
82
|
+
- ~ Use `<Static>` for non-interactive output above interactive UI
|
|
83
|
+
|
|
84
|
+
**Hooks Pattern:**
|
|
85
|
+
```typescript
|
|
86
|
+
const [state, setState] = useState(initialState);
|
|
87
|
+
useEffect(() => { /* setup */ return () => { /* cleanup */ }; }, [deps]);
|
|
88
|
+
useInput((input, key) => { if (key.escape) process.exit(0); });
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
**Rendering:**
|
|
92
|
+
- ! Use `render(<App />)` from ink
|
|
93
|
+
- ! `waitUntilExit()` for async CLIs
|
|
94
|
+
- ⊗ Multiple render calls to same stdout
|
|
95
|
+
|
|
96
|
+
## Performance
|
|
97
|
+
|
|
98
|
+
**Rendering:**
|
|
99
|
+
- ! Throttle updates (max 30-60 FPS): `@throttle(0.033)` (Textual) or debounce (ink)
|
|
100
|
+
- ! Virtual scrolling for large lists (Textual `DataTable`, ink custom)
|
|
101
|
+
- ~ Lazy loading for expensive components
|
|
102
|
+
- ⊗ Re-render entire tree on every state change
|
|
103
|
+
|
|
104
|
+
**Data Handling:**
|
|
105
|
+
- ! Paginate or stream large datasets
|
|
106
|
+
- ! Background workers for heavy computation
|
|
107
|
+
- ~ Memoize expensive calculations (ink `useMemo`)
|
|
108
|
+
- ⊗ Load unbounded data into memory
|
|
109
|
+
|
|
110
|
+
## Testing
|
|
111
|
+
|
|
112
|
+
See testing.md for universal requirements (! ≥85% coverage, fuzzing, integration tests).
|
|
113
|
+
|
|
114
|
+
**Textual Testing:**
|
|
115
|
+
```python
|
|
116
|
+
async def test_app():
|
|
117
|
+
app = MyApp()
|
|
118
|
+
async with app.run_test() as pilot:
|
|
119
|
+
await pilot.press("j", "j", "k") # Simulate keys
|
|
120
|
+
assert app.query_one("#status").renderable == "Expected"
|
|
121
|
+
await pilot.click("#button")
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
**ink Testing:**
|
|
125
|
+
- Use `ink-testing-library` or snapshot tests
|
|
126
|
+
- Render component, check output string, simulate stdin
|
|
127
|
+
```typescript
|
|
128
|
+
const {lastFrame, stdin} = render(<App />);
|
|
129
|
+
expect(lastFrame()).toContain("Welcome");
|
|
130
|
+
stdin.write("j"); // Simulate keypress
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
**Integration:**
|
|
134
|
+
- ! Test full user workflows (navigation, input, output)
|
|
135
|
+
- ! Test error states (network failures, invalid input)
|
|
136
|
+
- ~ Snapshot tests for layout regression detection
|
|
137
|
+
- ⊗ Unit test UI without framework test harness
|
|
138
|
+
|
|
139
|
+
## Error Handling
|
|
140
|
+
|
|
141
|
+
**Display:**
|
|
142
|
+
- ! User-friendly error messages in UI (modal, notification, status bar)
|
|
143
|
+
- ! Log technical details to file (don't dump stack traces in TUI)
|
|
144
|
+
- ! Recoverable errors: show message, continue
|
|
145
|
+
- ! Fatal errors: show message, wait for keypress, exit gracefully
|
|
146
|
+
|
|
147
|
+
**Patterns:**
|
|
148
|
+
```python
|
|
149
|
+
# Textual
|
|
150
|
+
try:
|
|
151
|
+
await risky_operation()
|
|
152
|
+
except Exception as e:
|
|
153
|
+
self.notify(f"Error: {e}", severity="error")
|
|
154
|
+
log.exception("Detailed error")
|
|
155
|
+
```
|
|
156
|
+
```typescript
|
|
157
|
+
// ink
|
|
158
|
+
try {
|
|
159
|
+
await riskyOperation();
|
|
160
|
+
} catch (error) {
|
|
161
|
+
setError(error.message); // Display in UI
|
|
162
|
+
console.error(error); // Log to stderr
|
|
163
|
+
}
|
|
164
|
+
```
|
|
165
|
+
|
|
166
|
+
## Accessibility
|
|
167
|
+
|
|
168
|
+
- ! Keyboard navigation for all interactive elements
|
|
169
|
+
- ! Clear focus indicators (highlight, border change)
|
|
170
|
+
- ! ARIA-like labels for screen reader compatibility (Textual has some support)
|
|
171
|
+
- ~ Support standard shortcuts: Tab (next), Shift+Tab (prev), Enter (activate), Esc (cancel)
|
|
172
|
+
- ~ Configurable key bindings
|
|
173
|
+
|
|
174
|
+
## Commands & Tasks
|
|
175
|
+
|
|
176
|
+
```bash
|
|
177
|
+
task tui:dev # ! Dev mode with hot reload
|
|
178
|
+
task tui:run # Run TUI app
|
|
179
|
+
task tui:test # Run TUI tests (≥85% coverage)
|
|
180
|
+
task tui:console # Console for debugging (Python/Textual only)
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
## Best Practices
|
|
184
|
+
|
|
185
|
+
**Design:**
|
|
186
|
+
- ! Responsive to terminal resize events
|
|
187
|
+
- ! Graceful degradation for small terminals (min width/height checks)
|
|
188
|
+
- ~ Consistent color scheme (use theme/design tokens)
|
|
189
|
+
- ~ Status bar for context (current mode, help hints)
|
|
190
|
+
- ≉ Assume 80x24 terminal without checking
|
|
191
|
+
|
|
192
|
+
**User Experience:**
|
|
193
|
+
- ! Instant visual feedback for user actions
|
|
194
|
+
- ! Loading indicators for async operations
|
|
195
|
+
- ! Help screen (show key bindings, context-sensitive help)
|
|
196
|
+
- ~ Exit confirmation for destructive actions
|
|
197
|
+
- ⊗ Silent failures (always show feedback)
|
|
198
|
+
|
|
199
|
+
**Code Organization:**
|
|
200
|
+
```
|
|
201
|
+
src/
|
|
202
|
+
├── app.py|tsx # Main app component
|
|
203
|
+
├── screens/ # Top-level screens
|
|
204
|
+
├── widgets/ # Reusable widgets
|
|
205
|
+
├── styles.tcss # Textual styles (Python)
|
|
206
|
+
├── theme.ts # Theme constants (TypeScript)
|
|
207
|
+
└── __tests__/ # Tests
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
## Anti-Patterns
|
|
211
|
+
|
|
212
|
+
⊗ Blocking I/O in render or event handlers → use async/workers
|
|
213
|
+
⊗ Direct terminal manipulation (print, ANSI codes) → use framework
|
|
214
|
+
⊗ Polling for state changes → use reactive/event-driven patterns
|
|
215
|
+
⊗ Hardcoded layouts → use flexible containers
|
|
216
|
+
⊗ Unhandled exceptions in UI code → wrap in try/catch, show errors
|
|
217
|
+
⊗ Testing by manual inspection only → automate with framework test tools
|
|
218
|
+
|
|
219
|
+
## Documentation
|
|
220
|
+
|
|
221
|
+
! Add to README.md:
|
|
222
|
+
- Framework choice (Textual or ink)
|
|
223
|
+
- `task tui:dev` for development
|
|
224
|
+
- `task tui:run` to launch
|
|
225
|
+
- Key bindings reference
|
|
226
|
+
- Screenshot or demo GIF
|
|
227
|
+
|
|
228
|
+
## References
|
|
229
|
+
|
|
230
|
+
**Textual:**
|
|
231
|
+
- Docs: https://textual.textualize.io/
|
|
232
|
+
- Widget reference: https://textual.textualize.io/widget_gallery/
|
|
233
|
+
- Tutorial: https://textual.textualize.io/tutorial/
|
|
234
|
+
|
|
235
|
+
**ink:**
|
|
236
|
+
- Docs: https://github.com/vadimdemedes/ink
|
|
237
|
+
- Components: https://github.com/vadimdemedes/ink#built-in-components
|
|
238
|
+
- Testing: https://github.com/vadimdemedes/ink-testing-library
|
|
239
|
+
|
|
240
|
+
**Examples:**
|
|
241
|
+
- Textual: https://github.com/Textualize/textual/tree/main/examples
|
|
242
|
+
- ink: https://github.com/vadimdemedes/ink/tree/master/examples
|
|
@@ -0,0 +1,123 @@
|
|
|
1
|
+
# UI Skills
|
|
2
|
+
|
|
3
|
+
Opinionated constraints for building better interfaces with agents.
|
|
4
|
+
|
|
5
|
+
Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
|
|
6
|
+
Tags: R+TW=React+Tailwind; htmx+BS=htmx+Bootstrap; CSS=plain CSS; JS=vanilla JS.
|
|
7
|
+
|
|
8
|
+
## Framework Selection
|
|
9
|
+
|
|
10
|
+
- ! Choose the stack that fits the project's complexity and team expertise
|
|
11
|
+
- ~ React + Tailwind for SPAs and complex interactive UIs
|
|
12
|
+
- ~ htmx + Bootstrap for server-rendered pages with progressive enhancement
|
|
13
|
+
- ~ Vanilla JS + CSS for simple pages or when frameworks are overkill
|
|
14
|
+
|
|
15
|
+
## Stack
|
|
16
|
+
|
|
17
|
+
- ! Start from platform defaults (spacing/radius/shadows) before custom. (R+TW: Tailwind defaults; htmx+BS: Bootstrap utilities before custom CSS)
|
|
18
|
+
- ! If JS animation is required, use established tooling. (React: motion/react (ex framer-motion); JS: Web Animations API or CSS transitions; htmx: CSS transitions or htmx swap animations)
|
|
19
|
+
- ~ Use entrance/micro-animation primitives. (R+TW: tw-animate-css; CSS: @keyframes + prefers-reduced-motion)
|
|
20
|
+
- ! Use class/style composition helpers. (React: cn=clsx+tailwind-merge; JS/htmx: templates/class builders)
|
|
21
|
+
|
|
22
|
+
## Components
|
|
23
|
+
|
|
24
|
+
- ! Use accessible primitives for keyboard/focus behavior. (React: Base UI / React Aria / Radix; JS/htmx: native HTML or ARIA-compliant custom elements)
|
|
25
|
+
- ! Prefer project primitives first.
|
|
26
|
+
- ⊗ Mix primitive systems within the same interaction surface.
|
|
27
|
+
- ~ Prefer well-maintained primitives if compatible. (React: Base UI for new primitives if it fits)
|
|
28
|
+
- ! Add `aria-label` to icon-only buttons.
|
|
29
|
+
- ⊗ Rebuild keyboard/focus behavior by hand unless explicitly requested.
|
|
30
|
+
|
|
31
|
+
## Interaction
|
|
32
|
+
|
|
33
|
+
- ! Confirm destructive/irreversible actions. (React: AlertDialog; htmx+BS: modal confirmation)
|
|
34
|
+
- ~ Use structural skeletons for loading (not spinners). (htmx: loading skeleton in placeholder)
|
|
35
|
+
- ! Respect viewport sizing. (R+TW: h-dvh not h-screen; CSS: use dvh for fixed heights)
|
|
36
|
+
- ! Respect safe-area-inset for fixed elements.
|
|
37
|
+
- ! Show errors next to where the action happens.
|
|
38
|
+
- ⊗ Block paste in input/textarea.
|
|
39
|
+
|
|
40
|
+
## Animation
|
|
41
|
+
|
|
42
|
+
- ⊗ Add animation unless explicitly requested.
|
|
43
|
+
- ! Animate compositor props only: transform, opacity. (React: motion/react; CSS: @keyframes on transform/opacity only)
|
|
44
|
+
- ⊗ Animate layout props: width, height, position, margin, padding.
|
|
45
|
+
- ~ Avoid paint props (background, color) except small/local UI (text/icons).
|
|
46
|
+
- ~ Use ease-out on entrance.
|
|
47
|
+
- ⊗ Exceed 200ms for interaction feedback.
|
|
48
|
+
- ! Pause looping animations when off-screen. (React: whileInView; CSS/JS: Intersection Observer or animation-timeline)
|
|
49
|
+
- ! Respect prefers-reduced-motion. (React: useMediaQuery or CSS media query; CSS: @media (prefers-reduced-motion: reduce))
|
|
50
|
+
- ⊗ Introduce custom easing unless explicitly requested.
|
|
51
|
+
- ~ Avoid animating large assets or full-screen surfaces.
|
|
52
|
+
|
|
53
|
+
## Typography
|
|
54
|
+
|
|
55
|
+
- ! Headings: balance; body: pretty. (R+TW: text-balance/text-pretty; CSS: text-wrap: balance/pretty)
|
|
56
|
+
- ! Numeric data: tabular figures. (R+TW: tabular-nums; CSS: font-variant-numeric: tabular-nums)
|
|
57
|
+
- ~ Dense UI: truncate/clamp. (R+TW: truncate or line-clamp-\*; CSS: text-overflow: ellipsis or -webkit-line-clamp)
|
|
58
|
+
- ⊗ Modify letter-spacing unless explicitly requested.
|
|
59
|
+
|
|
60
|
+
## Layout
|
|
61
|
+
|
|
62
|
+
- ! Fixed z-index scale. (R+TW: z-0/10/20; no arbitrary z-\*; CSS: define scale in variables/tokens)
|
|
63
|
+
- ~ Square elements: use square utilities. (R+TW: size-_ not w-_+h-\*; CSS: aspect-ratio: 1 or paired width/height)
|
|
64
|
+
- ! Respect safe areas (notches/rounded corners).
|
|
65
|
+
|
|
66
|
+
## Performance
|
|
67
|
+
|
|
68
|
+
- ⊗ Animate heavy filters/backdrops. (React: avoid animating blur() or backdrop-filter)
|
|
69
|
+
- ⊗ Apply will-change outside an active animation. (React: remove will-change when animation completes)
|
|
70
|
+
- ⊗ Use side-effect hooks for logic expressible as render logic. (React: don't use useEffect when render logic works)
|
|
71
|
+
|
|
72
|
+
## Design
|
|
73
|
+
|
|
74
|
+
- ⊗ Use gradients unless explicitly requested.
|
|
75
|
+
- ⊗ Use overly decorative effects (glows) as primary affordances. (R+TW: no glow effects / shadow-glow as primary UI)
|
|
76
|
+
- ~ Use default shadow/spacing scales unless explicitly requested. (R+TW: Tailwind default shadow scale; CSS: system design shadow tokens)
|
|
77
|
+
- ~ Use SVG whenever possible for graphics.
|
|
78
|
+
- ! Empty states: one clear next action.
|
|
79
|
+
- ~ Limit accent color usage to one per view.
|
|
80
|
+
- ~ Use existing theme tokens before introducing new ones. (R+TW: use Tailwind/theme colors before new tokens)
|
|
81
|
+
|
|
82
|
+
## Authentication
|
|
83
|
+
|
|
84
|
+
- ! Support SSO. (OIDC/SAML based on tenant/provider needs)
|
|
85
|
+
- ! Support WebAuthn for either 2FA or passwordless authentication.
|
|
86
|
+
- ! Preserve and validate post-auth return paths so users return to intended destinations.
|
|
87
|
+
- ~ Keep authentication flows progressive and low-friction (minimal fields first, optional profile completion later).
|
|
88
|
+
- ~ Provide clear recovery options (passkey fallback, backup codes, account recovery) without dead ends.
|
|
89
|
+
- ! Enforce phishing-resistant MFA for privileged roles and high-risk actions.
|
|
90
|
+
- ! Rate-limit and lock out abusive auth attempts with anomaly detection and alerting.
|
|
91
|
+
- ! Use short-lived access tokens, rotate refresh tokens, and support immediate server-side session revocation.
|
|
92
|
+
|
|
93
|
+
## Theming
|
|
94
|
+
|
|
95
|
+
- ~ Web apps support theming.
|
|
96
|
+
- ! Web apps support dark and light modes.
|
|
97
|
+
- ! Respect system color-scheme preference on first visit; persist explicit user override.
|
|
98
|
+
- ~ Build themes from design tokens (color, spacing, typography) rather than per-component hardcoding.
|
|
99
|
+
|
|
100
|
+
---
|
|
101
|
+
|
|
102
|
+
## Testing
|
|
103
|
+
|
|
104
|
+
See [testing.md](../coding/testing.md) for universal requirements.
|
|
105
|
+
|
|
106
|
+
- ! Test component interactions and state changes
|
|
107
|
+
- ! Test accessibility (keyboard nav, screen readers)
|
|
108
|
+
- ~ Snapshot test UI components
|
|
109
|
+
- ~ Visual regression testing
|
|
110
|
+
|
|
111
|
+
**Browser Testing:**
|
|
112
|
+
- ~ Use chrome-devtools MCP server for development, debugging, integration tests
|
|
113
|
+
- Tools: click, evaluate_script, get_console_messages, take_screenshot, wait_for, list_pages, navigate_page, take_snapshot
|
|
114
|
+
|
|
115
|
+
**⚠️ IMPORTANT**: If chrome-devtools MCP is not installed, STRONGLY install it now:
|
|
116
|
+
```bash
|
|
117
|
+
npx @modelcontextprotocol/create-server chrome-devtools
|
|
118
|
+
```
|
|
119
|
+
This MCP provides 26 browser automation tools essential for effective web development and testing.
|
|
120
|
+
|
|
121
|
+
---
|
|
122
|
+
|
|
123
|
+
Adapted from https://www.ui-skills.com/
|