@folpe/loom 0.1.0 → 0.3.0

package/data/skills/resend-email/SKILL.md

@@ -0,0 +1,181 @@
+---
+name: resend-email
+description: "Email sending patterns with Resend and React Email templates. Use when implementing transactional emails, creating email templates, or adding i18n email support."
+---
+
+# Resend Email Patterns
+
+## Critical Rules
+
+- **Emails via service layer** — never send directly from routes.
+- **React Email for templates** — type-safe, previewable components.
+- **I18n support** — every email must support multiple locales.
+- **Inline styles only** — CSS classes don't work in most email clients.
+- **Handle delivery webhooks** — bounces and complaints must be processed.
+- **Preview emails locally** — use `email dev` command during development.
+
+## Setup
+
+```ts
+// src/lib/resend.ts
+import { Resend } from "resend";
+
+export const resend = new Resend(process.env.RESEND_API_KEY);
+```
+
+## Email Service Layer
+
+- Emails are sent from a dedicated service — never from routes or components directly.
+- Located in `src/services/email.service.ts`.
+
+```ts
+// src/services/email.service.ts
+import { resend } from "@/lib/resend";
+import { WelcomeEmail } from "@/emails/welcome";
+import { InviteEmail } from "@/emails/invite";
+
+const FROM = "App Name <noreply@yourdomain.com>";
+
+export async function sendWelcomeEmail(to: string, name: string, locale: string) {
+  return resend.emails.send({
+    from: FROM,
+    to,
+    subject: getSubject("welcome", locale),
+    react: WelcomeEmail({ name, locale }),
+  });
+}
+
+export async function sendInviteEmail(
+  to: string,
+  inviterName: string,
+  orgName: string,
+  inviteUrl: string,
+  locale: string
+) {
+  return resend.emails.send({
+    from: FROM,
+    to,
+    subject: getSubject("invite", locale, { orgName }),
+    react: InviteEmail({ inviterName, orgName, inviteUrl, locale }),
+  });
+}
+```
+
+## React Email Templates
+
+```tsx
+// src/emails/welcome.tsx
+import {
+  Html, Head, Body, Container, Section, Text, Button, Hr,
+} from "@react-email/components";
+import { getEmailTranslations } from "@/lib/email-i18n";
+
+interface WelcomeEmailProps {
+  name: string;
+  locale: string;
+}
+
+export function WelcomeEmail({ name, locale }: WelcomeEmailProps) {
+  const t = getEmailTranslations(locale, "welcome");
+
+  return (
+    <Html>
+      <Head />
+      <Body style={body}>
+        <Container style={container}>
+          <Text style={heading}>{t("title", { name })}</Text>
+          <Text style={paragraph}>{t("description")}</Text>
+          <Section style={buttonSection}>
+            <Button style={button} href="https://app.yourdomain.com/dashboard">
+              {t("cta")}
+            </Button>
+          </Section>
+          <Hr style={hr} />
+          <Text style={footer}>{t("footer")}</Text>
+        </Container>
+      </Body>
+    </Html>
+  );
+}
+
+// Inline styles for email compatibility
+const body = { backgroundColor: "#f6f9fc", fontFamily: "sans-serif" };
+const container = { margin: "0 auto", padding: "40px 20px", maxWidth: "560px" };
+const heading = { fontSize: "24px", fontWeight: "bold", marginBottom: "16px" };
+const paragraph = { fontSize: "16px", lineHeight: "1.5", color: "#333" };
+const buttonSection = { textAlign: "center" as const, margin: "32px 0" };
+const button = {
+  backgroundColor: "#000", color: "#fff", padding: "12px 24px",
+  borderRadius: "6px", fontSize: "16px", textDecoration: "none",
+};
+const hr = { borderColor: "#e6ebf1", margin: "32px 0" };
+const footer = { fontSize: "12px", color: "#8898aa" };
+```
+
+## I18n for Emails
+
+```ts
+// src/lib/email-i18n.ts
+const emailMessages: Record<string, Record<string, Record<string, string>>> = {
+  en: {
+    welcome: {
+      title: "Welcome, {name}!",
+      description: "We're excited to have you on board.",
+      cta: "Go to Dashboard",
+      footer: "You received this email because you created an account.",
+    },
+    invite: {
+      title: "{inviterName} invited you to {orgName}",
+      description: "Click below to accept the invitation.",
+      cta: "Accept Invitation",
+    },
+  },
+  fr: {
+    welcome: {
+      title: "Bienvenue, {name} !",
+      description: "Nous sommes ravis de vous compter parmi nous.",
+      cta: "Aller au tableau de bord",
+      footer: "Vous avez reçu cet e-mail car vous avez créé un compte.",
+    },
+  },
+};
+
+export function getEmailTranslations(locale: string, namespace: string) {
+  const messages = emailMessages[locale]?.[namespace] ?? emailMessages.en[namespace];
+
+  return (key: string, params?: Record<string, string>) => {
+    let message = messages[key] ?? key;
+    if (params) {
+      for (const [k, v] of Object.entries(params)) {
+        message = message.replace(`{${k}}`, v);
+      }
+    }
+    return message;
+  };
+}
+```
+
+## Webhook for Delivery Status
+
+```ts
+// src/app/api/webhook/resend/route.ts
+import { NextResponse } from "next/server";
+
+export async function POST(request: Request) {
+  const payload = await request.json();
+
+  switch (payload.type) {
+    case "email.delivered":
+      // Log successful delivery
+      break;
+    case "email.bounced":
+      // Mark email as bounced, disable future sends
+      break;
+    case "email.complained":
+      // Unsubscribe user
+      break;
+  }
+
+  return NextResponse.json({ received: true });
+}
+```

package/data/skills/seo-optimization/SKILL.md

@@ -0,0 +1,106 @@
+---
+name: seo-optimization
+description: "SEO best practices for structured data, meta tags, Core Web Vitals, and indexing. Use when building landing pages, optimizing page metadata, adding JSON-LD structured data, generating sitemaps, or improving search engine performance."
+---
+
+# SEO Optimization
+
+## Critical Rules
+
+- **Every page must have unique `title` and `description`** — never duplicate meta tags.
+- **One `<h1>` per page** — use proper heading hierarchy `h1` -> `h2` -> `h3`.
+- **Use semantic HTML** — `<main>`, `<article>`, `<section>`, `<nav>`, `<aside>`, `<footer>`.
+- **All images must have `alt` text** — descriptive, not keyword-stuffed.
+- **Target Core Web Vitals** — LCP < 2.5s, INP < 200ms, CLS < 0.1.
+- **Generate `sitemap.xml` and `robots.txt`** — never leave them missing on public sites.
+
+## Meta Tags
+
+- Every page must have unique `title` and `description` meta tags:
+  ```ts
+  export const metadata: Metadata = {
+    title: 'Product Name — Clear Value Proposition',
+    description: 'Compelling 150-160 char description with primary keyword and call to action.',
+  }
+  ```
+- Title format: `Page Title — Brand Name` (50-60 characters).
+- Description: 150-160 characters, include primary keyword, end with CTA or benefit.
+- Use `generateMetadata()` for dynamic routes to generate unique meta per page.
+
+## Open Graph & Social
+
+- Include Open Graph tags for social sharing:
+  ```ts
+  openGraph: {
+    title: 'Page Title',
+    description: 'Social description',
+    images: [{ url: '/og-image.png', width: 1200, height: 630 }],
+    type: 'website',
+  }
+  ```
+- Create a dedicated OG image for each important page (1200x630px).
+- Add Twitter card meta: `twitter: { card: 'summary_large_image' }`.
+
+## Structured Data (JSON-LD)
+
+- Add JSON-LD structured data for rich search results:
+  ```tsx
+  <script type="application/ld+json" dangerouslySetInnerHTML={{ __html: JSON.stringify({
+    '@context': 'https://schema.org',
+    '@type': 'Product',
+    name: product.name,
+    description: product.description,
+    offers: { '@type': 'Offer', price: product.price, priceCurrency: 'EUR' }
+  }) }} />
+  ```
+- Use appropriate schema types: `Organization`, `Product`, `Article`, `FAQPage`, `BreadcrumbList`.
+- Validate with Google's Rich Results Test.
+
+## Semantic HTML
+
+- Use proper heading hierarchy: one `<h1>` per page, then `<h2>`, `<h3>`, etc.
+- Use semantic elements: `<main>`, `<article>`, `<section>`, `<nav>`, `<aside>`, `<footer>`.
+- Add `alt` text to all images — descriptive, not keyword-stuffed.
+- Use `<a>` with descriptive anchor text — avoid "click here".
+
+## Performance (Core Web Vitals)
+
+- Target scores: LCP < 2.5s, INP < 200ms, CLS < 0.1.
+- Optimize images with `next/image`: proper sizing, modern formats (WebP/AVIF), lazy loading.
+- Minimize render-blocking resources: defer non-critical CSS/JS.
+- Use `next/font` to prevent FOUT/FOIT.
+- Preload critical assets: hero images, above-the-fold fonts.
+
+## Technical SEO
+
+- Generate `sitemap.xml` dynamically:
+  ```ts
+  // src/app/sitemap.ts
+  export default async function sitemap(): Promise<MetadataRoute.Sitemap> {
+    return [
+      { url: 'https://example.com', lastModified: new Date(), changeFrequency: 'weekly', priority: 1 },
+    ]
+  }
+  ```
+- Create `robots.txt`:
+  ```ts
+  // src/app/robots.ts
+  export default function robots(): MetadataRoute.Robots {
+    return { rules: { userAgent: '*', allow: '/' }, sitemap: 'https://example.com/sitemap.xml' }
+  }
+  ```
+- Use canonical URLs to prevent duplicate content issues.
+- Implement proper redirects (301) for moved pages — never soft 404s.
+
+## Content
+
+- Place primary keyword in the first 100 words of page content.
+- Use internal links between related pages to distribute page authority.
+- Add breadcrumb navigation with `BreadcrumbList` schema.
+- Ensure all pages are reachable within 3 clicks from the homepage.
+
+## Internationalization
+
+- Use `hreflang` tags for multi-language sites.
+- Use `lang` attribute on `<html>` element.
+- Create dedicated URLs per language: `/en/about`, `/fr/about`.

package/data/skills/server-actions-patterns/SKILL.md

@@ -0,0 +1,156 @@
+---
+name: server-actions-patterns
+description: "Next.js Server Actions with safe wrappers, validation, and error handling. Use when implementing mutations, creating form handlers, or building 'use server' functions."
+---
+
+# Server Actions Patterns
+
+## Critical Rules
+
+- **Always validate inputs** — never trust client data.
+- **Always check auth** — every action must verify the user session.
+- **Never expose internal errors** — return generic messages to the client.
+- **Revalidate after mutations** — stale UI is a bug.
+- **Keep actions thin** — delegate to facades/services for business logic.
+- **One action per mutation** — avoid multi-purpose actions.
+- **Never import server-only code in client files** — pass actions via props or use wrappers.
+
+## File Organization
+
+- Server Actions are defined in `src/actions/` directory.
+- One file per domain entity: `src/actions/{entity}.actions.ts`.
+- Every action file starts with `"use server"` directive at the top.
+
+```
+src/actions/
+  user.actions.ts
+  post.actions.ts
+  organization.actions.ts
+```
+
+## Safe Server Action Wrapper
+
+Use a `safeAction` wrapper for consistent validation, auth, and error handling:
+
+```ts
+// src/lib/safe-action.ts
+"use server";
+import { z } from "zod";
+import { getCurrentUser } from "@/lib/auth";
+
+type ActionResult<T> = { success: true; data: T } | { success: false; error: string };
+
+export function createSafeAction<TInput extends z.ZodType, TOutput>(
+  schema: TInput,
+  handler: (input: z.infer<TInput>, user: AuthUser) => Promise<TOutput>
+) {
+  return async (input: z.infer<TInput>): Promise<ActionResult<TOutput>> => {
+    try {
+      const user = await getCurrentUser();
+      if (!user) return { success: false, error: "Unauthorized" };
+
+      const parsed = schema.safeParse(input);
+      if (!parsed.success) {
+        return { success: false, error: parsed.error.errors[0].message };
+      }
+
+      const data = await handler(parsed.data, user);
+      return { success: true, data };
+    } catch (error) {
+      console.error("Action error:", error);
+      return { success: false, error: "An unexpected error occurred" };
+    }
+  };
+}
+```
+
+## Action Implementation
+
+```ts
+// src/actions/user.actions.ts
+"use server";
+
+import { z } from "zod";
+import { revalidatePath } from "next/cache";
+import { createSafeAction } from "@/lib/safe-action";
+import { updateUserProfile } from "@/facades/user.facade";
+
+const UpdateProfileSchema = z.object({
+  name: z.string().min(2).max(100),
+  bio: z.string().max(500).optional(),
+});
+
+export const updateProfile = createSafeAction(
+  UpdateProfileSchema,
+  async (input, user) => {
+    const result = await updateUserProfile(user.id, input);
+    revalidatePath("/profile");
+    return result;
+  }
+);
+```
+
+## Server-Only Modules
+
+- Mark server-only modules with the `server-only` package:
+```ts
+import "server-only";
+```
+- Use `"use server"` only in action files — never in utility or service files.
+
+## Integration with Forms
+
+### With useActionState (React 19)
+
+```tsx
+"use client";
+import { useActionState } from "react";
+import { updateProfile } from "@/actions/user.actions";
+
+export function ProfileForm() {
+  const [state, formAction, isPending] = useActionState(updateProfile, null);
+
+  return (
+    <form action={formAction}>
+      <input name="name" />
+      {state?.error && <p className="text-destructive">{state.error}</p>}
+      <button type="submit" disabled={isPending}>
+        {isPending ? "Saving..." : "Save"}
+      </button>
+    </form>
+  );
+}
+```
+
+### With react-hook-form
+
+```tsx
+"use client";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useTransition } from "react";
+import { updateProfile } from "@/actions/user.actions";
+import { toast } from "sonner";
+
+export function ProfileForm() {
+  const [isPending, startTransition] = useTransition();
+  const form = useForm({ resolver: zodResolver(UpdateProfileSchema) });
+
+  const onSubmit = form.handleSubmit((data) => {
+    startTransition(async () => {
+      const result = await updateProfile(data);
+      if (result.success) toast.success("Profile updated");
+      else toast.error(result.error);
+    });
+  });
+
+  return <form onSubmit={onSubmit}>{/* fields */}</form>;
+}
+```
+
+## Revalidation
+
+- Always call `revalidatePath()` or `revalidateTag()` after mutations.
+- Use path revalidation for simple cases: `revalidatePath("/users")`.
+- Use tag revalidation for granular cache control: `revalidateTag("user-list")`.
+- Redirect with `redirect()` after create operations when appropriate.

package/data/skills/shadcn-ui/SKILL.md

@@ -0,0 +1,126 @@
+---
+name: shadcn-ui
+description: "ShadCN UI component patterns, forms, data tables, and page layouts. Use when building interfaces with ShadCN components, creating forms with react-hook-form, tables with TanStack Table, or designing page layouts."
+---
+
+# ShadCN UI Patterns
+
+## Critical Rules
+
+- **Always use ShadCN primitives first** — before building custom components.
+- **Never rebuild keyboard or focus behavior** — use the component primitives.
+- **Never mix primitive systems** — don't combine Radix, Headless UI, React Aria in the same surface.
+- **Never use `h-screen`** — use `h-dvh` for correct mobile viewport.
+- **Empty states must have one clear next action** — never blank screens.
+- **No gradients or glow effects** unless explicitly requested.
+
+## Installation & Setup
+
+- Install components individually with `npx shadcn@latest add <component>` — never install all at once.
+- Components are copied to `src/components/ui/` — they are yours to customize.
+- Configure `components.json` for path aliases and styling preferences.
+- Use `cn()` from `src/lib/utils` for class merging (clsx + tailwind-merge).
+
+## Component Usage
+
+- **Always use ShadCN primitives** before building custom components:
+  - `Button` for all clickable actions (with appropriate `variant` and `size`)
+  - `Card` for content containers
+  - `Dialog` for modal overlays
+  - `Sheet` for slide-out panels
+  - `DropdownMenu` for action menus
+  - `Select` for option picking
+  - `Table` for data display
+  - `Form` + `Input` + `Label` for forms
+  - `Badge` for tags and status indicators
+  - `Tabs` for content switching
+  - `Toast` / `Sonner` for notifications
+
+## Forms
+
+- Use `react-hook-form` + `zod` with ShadCN's `Form` component:
+  ```tsx
+  const form = useForm<z.infer<typeof schema>>({
+    resolver: zodResolver(schema),
+    defaultValues: { name: '' },
+  })
+  ```
+- Stack form fields with `space-y-4`.
+- Use `grid gap-4 md:grid-cols-2` for side-by-side fields on desktop.
+- Show validation errors inline with `FormMessage`.
+- Use `FormDescription` for helper text below fields.
+
+## Data Tables
+
+- Use ShadCN `DataTable` pattern with `@tanstack/react-table`:
+  - Define columns with type-safe `ColumnDef`.
+  - Support sorting, filtering, and pagination.
+  - Add row actions via `DropdownMenu`.
+- Use `tabular-nums` on numeric columns for alignment.
+- Add loading skeletons with ShadCN `Skeleton` for async data.
+- **Toolbar pattern**: search input + result counter + limit selector in every table.
+- Hide columns progressively by breakpoint: `hidden sm:table-cell`, `hidden md:table-cell`.
+
+## Dialogs & Alerts
+
+- Use `Dialog` for informational or form-based modals.
+- Use `AlertDialog` for destructive or irreversible actions — never a plain `Dialog`.
+- Keep dialog content focused — one primary action per dialog.
+- Always provide a way to dismiss (close button, escape key, outside click).
+
+## Page Layout Pattern
+
+Structure pages with Cards for consistent visual hierarchy:
+
+```tsx
+// Header → Cards → Footer pattern
+<div className="space-y-6">
+  <div className="flex items-center justify-between">
+    <h1 className="text-3xl font-bold tracking-tight">Page Title</h1>
+    <Button>Primary Action</Button>
+  </div>
+
+  <Card>
+    <CardHeader><CardTitle>Section</CardTitle></CardHeader>
+    <CardContent>{/* content */}</CardContent>
+  </Card>
+</div>
+```
+
+- Multi-Card forms: split complex forms into logical Card sections.
+- Use `CardHeader` + `CardTitle` + `CardDescription` for section context.
+
+## Charts
+
+- Use `ChartContainer` from ShadCN with Recharts for data visualization.
+- Wrap charts in a `Card` with descriptive `CardHeader`.
+- Always include a `ChartTooltip` for data point details.
+
+## File Upload
+
+- Use a `FileUpload` dropzone component with drag-and-drop support.
+- Show preview for images, file name + size for documents.
+- Validate file type and size client-side before upload.
+
+## Theming
+
+- Use CSS variables from the ShadCN theme system: `bg-background`, `text-foreground`, `bg-card`, `text-muted-foreground`, `bg-primary`, etc.
+- Never hardcode hex colors — always use semantic tokens.
+- Support dark mode via the `dark` class on `<html>` — CSS variables handle the switch.
+- Limit accent color usage to one per view.
+
+## Accessibility
+
+- All icon-only buttons must have `aria-label`.
+- Use `sr-only` class for screen-reader-only text.
+- Ensure all interactive elements have visible focus states (ShadCN handles this by default).
+- Use `role` and `aria-*` attributes when composing custom components.
+- Never block paste in `input` or `textarea` elements.
+
+## Animation
+
+- Never add animation unless explicitly requested.
+- Use `transition-colors` for hover/focus state changes.
+- Keep interaction feedback under 200ms.
+- Avoid animating layout properties (`width`, `height`, `margin`, `padding`) — use `transform` and `opacity` only.
+- Respect `prefers-reduced-motion` media query.

package/data/skills/stripe-integration/SKILL.md

@@ -0,0 +1,96 @@
+---
+name: stripe-integration
+description: "Stripe payment integration patterns for checkout, subscriptions, webhooks, and customer portal. Use when implementing payments, building SaaS billing, handling Stripe webhooks, creating checkout flows, or managing subscription lifecycle."
+---
+
+# Stripe Integration
+
+## Critical Rules
+
+- **Always use Stripe Checkout or Payment Elements** — never collect card details directly.
+- **Always verify webhook signatures** — never trust unverified payloads.
+- **Never expose `STRIPE_SECRET_KEY` to the client** — server-side only.
+- **Make webhook handlers idempotent** — the same event may arrive multiple times.
+- **Use `metadata` to link Stripe objects to database records** — always pass `userId`, `orderId`.
+- **Use `idempotencyKey` for critical operations** — prevent duplicate charges.
+
+## Setup
+
+- Install `stripe` (server) and `@stripe/stripe-js` + `@stripe/react-stripe-js` (client).
+- Store keys in environment variables:
+  - `STRIPE_SECRET_KEY` — server-side only, never expose to client
+  - `NEXT_PUBLIC_STRIPE_PUBLISHABLE_KEY` — safe for client-side
+  - `STRIPE_WEBHOOK_SECRET` — for verifying webhook signatures
+- Create a Stripe instance in `src/lib/stripe.ts`:
+  ```ts
+  import Stripe from 'stripe'
+  export const stripe = new Stripe(process.env.STRIPE_SECRET_KEY!)
+  ```
+
+## Checkout
+
+- Always use Stripe Checkout or Payment Elements — never collect card details directly.
+- Create a Checkout Session server-side, redirect client-side:
+  ```ts
+  const session = await stripe.checkout.sessions.create({
+    mode: 'payment', // or 'subscription'
+    line_items: [{ price: priceId, quantity: 1 }],
+    success_url: `${origin}/success?session_id={CHECKOUT_SESSION_ID}`,
+    cancel_url: `${origin}/cart`,
+    metadata: { userId, orderId },
+  })
+  ```
+- Use `metadata` to link Stripe objects back to your database records.
+- For subscriptions, use `mode: 'subscription'` with recurring prices.
+
+## Webhooks
+
+- Create a webhook endpoint at `/api/webhooks/stripe`:
+  ```ts
+  const sig = request.headers.get('stripe-signature')!
+  const event = stripe.webhooks.constructEvent(body, sig, process.env.STRIPE_WEBHOOK_SECRET!)
+  ```
+- Always verify webhook signatures. Never trust unverified payloads.
+- Handle these critical events:
+  - `checkout.session.completed` — fulfill the order
+  - `invoice.payment_succeeded` — extend subscription
+  - `invoice.payment_failed` — notify user, retry logic
+  - `customer.subscription.deleted` — revoke access
+- Make webhook handlers idempotent — the same event may arrive multiple times.
+- Return 200 quickly. Process heavy logic asynchronously if needed.
+
+## Products & Prices
+
+- Define products and prices in Stripe Dashboard for simplicity.
+- Use `price` IDs (not `product` IDs) when creating Checkout Sessions.
+- For multiple pricing tiers, create one product with multiple prices (monthly/yearly).
+- Sync product/price data to your database via webhooks or a scheduled job.
+
+## Customer Portal
+
+- Use Stripe Customer Portal for subscription management (upgrade, downgrade, cancel, update payment method).
+- Create a portal session and redirect:
+  ```ts
+  const portalSession = await stripe.billingPortal.sessions.create({
+    customer: customerId,
+    return_url: `${origin}/account`,
+  })
+  ```
+
+## Security
+
+- Never log or store raw card numbers, CVV, or full card details.
+- Use Stripe's PCI-compliant elements for all card input.
+- Validate amounts and currencies server-side before creating charges.
+- Use `idempotencyKey` for critical operations to prevent duplicate charges.
+- Restrict Stripe API key permissions in production (read-only where possible).
+
+## Testing
+
+- Use Stripe test mode keys during development.
+- Use test card numbers: `4242424242424242` (success), `4000000000000002` (decline).
+- Use Stripe CLI to forward webhooks to localhost:
+  ```bash
+  stripe listen --forward-to localhost:3000/api/webhooks/stripe
+  ```
+- Test all webhook event types, especially failure scenarios.