@fprad0/skill-master-mcp 0.0.12 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (331) hide show
  1. package/CHANGELOG.md +96 -90
  2. package/README.md +472 -472
  3. package/VERSION.md +9 -9
  4. package/bin/lib/bootstrap-global-core.mjs +34 -0
  5. package/bin/lib/client-config.mjs +293 -293
  6. package/bin/lib/doctor-core.mjs +202 -0
  7. package/bin/lib/menu-core.mjs +1629 -1522
  8. package/bin/lib/operation-result.mjs +59 -0
  9. package/bin/lib/register-clients-core.mjs +247 -0
  10. package/bin/lib/skill-installation.mjs +215 -215
  11. package/bin/lib/update-cli-core.mjs +117 -0
  12. package/bin/skill-master-activation.mjs +163 -163
  13. package/bin/skill-master-bootstrap-global.mjs +61 -49
  14. package/bin/skill-master-configure-private-registry.mjs +3 -3
  15. package/bin/skill-master-doctor.mjs +239 -228
  16. package/bin/skill-master-eval-activation.mjs +32 -32
  17. package/bin/skill-master-install-global-skills.mjs +59 -59
  18. package/bin/skill-master-install-project-skills.mjs +97 -97
  19. package/bin/skill-master-menu.mjs +406 -405
  20. package/bin/skill-master-register-clients.mjs +232 -153
  21. package/bin/skill-master-success-skills.mjs +307 -307
  22. package/bin/skill-master-update.mjs +121 -72
  23. package/bin/skill-master.mjs +3 -3
  24. package/dist/activation.d.ts.map +1 -1
  25. package/dist/activation.js +12 -0
  26. package/dist/activation.js.map +1 -1
  27. package/dist/prompt-router.d.ts.map +1 -1
  28. package/dist/prompt-router.js +19 -0
  29. package/dist/prompt-router.js.map +1 -1
  30. package/dist/recommender.d.ts.map +1 -1
  31. package/dist/recommender.js +4 -1
  32. package/dist/recommender.js.map +1 -1
  33. package/docs/architecture/APRENDIZADO_DE_IMPLEMENTACOES_BEM_SUCEDIDAS.md +125 -125
  34. package/docs/architecture/ARQUITETURA_AUTO_UPDATE.md +9 -9
  35. package/docs/architecture/PLANO_MASTER_ACIONAMENTO_AUTOMATICO_E_APRENDIZADO.md +341 -341
  36. package/docs/architecture/REDE_SEGURA_DE_SKILLS.md +148 -148
  37. package/docs/operations/GUIA_MULTI_COMPUTADOR.md +262 -262
  38. package/docs/operations/GUIA_NPM_PRIVADO.md +294 -294
  39. package/docs/operations/GUIA_NPM_PUBLICO.md +147 -147
  40. package/docs/operations/MENU_VISUAL_EVIDENCE_2026-06-28.md +66 -66
  41. package/docs/operations/assets/menu-frame-compact.html +75 -75
  42. package/docs/operations/assets/menu-frame-large.html +83 -83
  43. package/docs/operations/assets/menu-frame-running.html +79 -79
  44. package/docs/operations/cross-platform-auth-transfer/ANALISE_COMPATIBILIDADE_MCP_2026-06-28.md +140 -140
  45. package/docs/operations/cross-platform-auth-transfer/README_TRANSFERENCIA.md +85 -85
  46. package/docs/operations/reborn-menu-cyberpunk-transfer/ANALISE_MENU_REBORN_CYBERPUNK_2026-06-28.md +174 -174
  47. package/docs/operations/reborn-menu-cyberpunk-transfer/HANDOFF_IMPLEMENTACAO_REBORN_CYBERPUNK_2026-06-28.md +119 -119
  48. package/docs/operations/reborn-menu-cyberpunk-transfer/ORDEM_DE_EXECUCAO_MENU_REBORN_CYBERPUNK.md +134 -134
  49. package/docs/operations/reborn-menu-cyberpunk-transfer/README_TRANSFERENCIA.md +84 -84
  50. package/docs/operations/reborn-menu-cyberpunk-transfer/README_TRANSFERENCIA_REBORN_PACKAGE.md +56 -56
  51. package/docs/operations/token-economy-transfer/ANALISE_AVANCADA_ECONOMIA_TOKENS_2026-06-30.md +141 -0
  52. package/docs/operations/token-economy-transfer/PLANO_DEV_SENIOR_MASTER_TOKEN_ECONOMY_2026-06-30.md +171 -0
  53. package/docs/operations/token-economy-transfer/README_TRANSFERENCIA_TOKEN_ECONOMY.md +31 -0
  54. package/docs/planning/MENU_RUNTIME_CORRECTION_PLAN_2026-06-30.md +551 -0
  55. package/docs/planning/V0_0_9_APROVACAO_CRITICA_MENSAGENS_DE_VENDA.md +85 -85
  56. package/docs/planning/V0_0_9_FONTES_E_CRITERIOS_DE_AUTORIDADE.md +139 -139
  57. package/docs/planning/V0_0_9_MATRIZ_SKILLS_MULTIDISCIPLINARES.md +105 -105
  58. package/docs/planning/V0_0_9_POLITICA_MORAL_CATOLICA_PARA_IA.md +181 -181
  59. package/docs/planning/V0_0_9_PROMPTS_EXECUCAO.md +59 -59
  60. package/docs/planning/V0_0_9_ROADMAP_DISCERNIMENTO_E_CONHECIMENTO_AMPLO.md +181 -181
  61. package/docs/prompt-tasks/PROMPT_TASK_001_BOOTSTRAP_SKILL_MASTER_MCP.md +6 -6
  62. package/docs/prompt-tasks/PROMPT_TASK_002_AUTO_UPDATE_LAUNCHER.md +6 -6
  63. package/docs/prompt-tasks/PROMPT_TASK_003_REMOTE_MANIFEST_AND_RELEASES.md +6 -6
  64. package/docs/prompt-tasks/PROMPT_TASK_004_MULTI_USER_DISTRIBUTION.md +6 -6
  65. package/docs/prompt-tasks/PROMPT_TASK_005_SECURITY_AND_QUALITY_GATE.md +6 -6
  66. package/docs/prompt-tasks/PROMPT_TASK_006_MASTER_ACIONAMENTO_APRENDIZADO.md +83 -83
  67. package/docs/prompt-tasks/PROMPT_TASK_007_PERSONA_ORQUESTRADORA.md +88 -88
  68. package/docs/prompt-tasks/PROMPT_TASK_008_PROMPT_ROUTER_MODOS_ATIVACAO.md +156 -156
  69. package/docs/prompt-tasks/PROMPT_TASK_009_PIPELINE_APRENDIZADO_SUCESSO.md +105 -105
  70. package/docs/prompt-tasks/PROMPT_TASK_010_EVALS_GOVERNANCA_ATIVACAO.md +119 -119
  71. package/docs/prompt-tasks/PROMPT_TASK_011_MENU_NOTIFICACOES_NOTION.md +120 -120
  72. package/docs/prompt-tasks/PROMPT_TASK_012_MENU_CYBERPUNK_PIXEL_FRAME.md +123 -123
  73. package/docs/prompt-tasks/PROMPT_TASK_013_MENU_FLUID_DNA_ANIMATION.md +114 -114
  74. package/docs/prompt-tasks/PROMPT_TASK_014_MENU_FUNCTIONAL_PARITY_QA.md +157 -157
  75. package/docs/prompt-tasks/PROMPT_TASK_015_TRANSFER_RELEASE_HANDOFF.md +127 -127
  76. package/docs/prompt-tasks/PROMPT_TASK_016_CROSS_PLATFORM_MCP_AUTH_REGISTRATION.md +107 -107
  77. package/docs/prompt-tasks/PROMPT_TASK_018_NPM_PUBLISH_2FA_SETUP.md +80 -80
  78. package/docs/prompt-tasks/PROMPT_TASK_019_TOKEN_ECONOMY_GLOBAL_SKILLS.md +56 -0
  79. package/docs/prompt-tasks/PROMPT_TASK_MASTER_EXECUTOR.md +6 -6
  80. package/docs/skill-candidates/v0.0.10/cli-creator/LICENSE.txt +201 -201
  81. package/docs/skill-candidates/v0.0.10/cli-creator/SKILL.md +160 -160
  82. package/docs/skill-candidates/v0.0.10/cli-creator/agents/openai.yaml +4 -4
  83. package/docs/skill-candidates/v0.0.10/cli-creator/references/agent-cli-patterns.md +154 -154
  84. package/docs/skill-candidates/v0.0.10/developer-workstation-ops/SKILL.md +32 -32
  85. package/docs/skill-candidates/v0.0.10/figma/LICENSE.txt +1 -1
  86. package/docs/skill-candidates/v0.0.10/figma/SKILL.md +42 -42
  87. package/docs/skill-candidates/v0.0.10/figma/agents/openai.yaml +14 -14
  88. package/docs/skill-candidates/v0.0.10/figma/assets/figma-small.svg +3 -3
  89. package/docs/skill-candidates/v0.0.10/figma/assets/icon.svg +28 -28
  90. package/docs/skill-candidates/v0.0.10/figma/references/figma-mcp-config.md +35 -35
  91. package/docs/skill-candidates/v0.0.10/figma/references/figma-tools-and-prompts.md +34 -34
  92. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/LICENSE.TXT +1 -1
  93. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/SKILL.md +349 -349
  94. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/agents/openai.yaml +14 -14
  95. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/assets/figma-small.svg +3 -3
  96. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/assets/icon.svg +28 -28
  97. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/references/mapping-checklist.md +7 -7
  98. package/docs/skill-candidates/v0.0.10/figma-code-connect-components/scripts/normalize_node_id.py +25 -25
  99. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/LICENSE.TXT +1 -1
  100. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/SKILL.md +537 -537
  101. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/agents/openai.yaml +14 -14
  102. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/assets/figma-small.svg +3 -3
  103. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/assets/icon.svg +28 -28
  104. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/references/rule-template.md +15 -15
  105. package/docs/skill-candidates/v0.0.10/figma-create-design-system-rules/scripts/check_agents_md.sh +9 -9
  106. package/docs/skill-candidates/v0.0.10/figma-generate-design/LICENSE.TXT +1 -1
  107. package/docs/skill-candidates/v0.0.10/figma-generate-design/SKILL.md +341 -341
  108. package/docs/skill-candidates/v0.0.10/figma-generate-design/agents/openai.yaml +14 -14
  109. package/docs/skill-candidates/v0.0.10/figma-generate-design/assets/figma-small.svg +3 -3
  110. package/docs/skill-candidates/v0.0.10/figma-generate-design/assets/icon.svg +28 -28
  111. package/docs/skill-candidates/v0.0.10/figma-generate-design/maintainers.yml +1 -1
  112. package/docs/skill-candidates/v0.0.10/figma-generate-library/LICENSE.TXT +1 -1
  113. package/docs/skill-candidates/v0.0.10/figma-generate-library/SKILL.md +314 -314
  114. package/docs/skill-candidates/v0.0.10/figma-generate-library/agents/openai.yaml +14 -14
  115. package/docs/skill-candidates/v0.0.10/figma-generate-library/assets/figma-small.svg +3 -3
  116. package/docs/skill-candidates/v0.0.10/figma-generate-library/assets/icon.svg +28 -28
  117. package/docs/skill-candidates/v0.0.10/figma-generate-library/maintainers.yml +3 -3
  118. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/code-connect-setup.md +260 -260
  119. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/component-creation.md +1014 -1014
  120. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/discovery-phase.md +518 -518
  121. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/documentation-creation.md +834 -834
  122. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/error-recovery.md +540 -540
  123. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/naming-conventions.md +527 -527
  124. package/docs/skill-candidates/v0.0.10/figma-generate-library/references/token-creation.md +962 -962
  125. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/bindVariablesToComponent.js +110 -110
  126. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/cleanupOrphans.js +127 -127
  127. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createComponentWithVariants.js +148 -148
  128. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createDocumentationPage.js +139 -139
  129. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createSemanticTokens.js +108 -108
  130. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/createVariableCollection.js +49 -49
  131. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/inspectFileStructure.js +121 -121
  132. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/rehydrateState.js +92 -92
  133. package/docs/skill-candidates/v0.0.10/figma-generate-library/scripts/validateCreation.js +83 -83
  134. package/docs/skill-candidates/v0.0.10/figma-implement-design/LICENSE.txt +1 -1
  135. package/docs/skill-candidates/v0.0.10/figma-implement-design/SKILL.md +258 -258
  136. package/docs/skill-candidates/v0.0.10/figma-implement-design/agents/openai.yaml +14 -14
  137. package/docs/skill-candidates/v0.0.10/figma-implement-design/assets/figma-small.svg +3 -3
  138. package/docs/skill-candidates/v0.0.10/figma-implement-design/assets/icon.svg +28 -28
  139. package/docs/skill-candidates/v0.0.10/figma-use/LICENSE.TXT +1 -1
  140. package/docs/skill-candidates/v0.0.10/figma-use/SKILL.md +233 -233
  141. package/docs/skill-candidates/v0.0.10/figma-use/agents/openai.yaml +14 -14
  142. package/docs/skill-candidates/v0.0.10/figma-use/assets/figma-small.svg +3 -3
  143. package/docs/skill-candidates/v0.0.10/figma-use/assets/icon.svg +28 -28
  144. package/docs/skill-candidates/v0.0.10/figma-use/maintainers.yml +1 -1
  145. package/docs/skill-candidates/v0.0.10/figma-use/references/api-reference.md +301 -301
  146. package/docs/skill-candidates/v0.0.10/figma-use/references/common-patterns.md +512 -512
  147. package/docs/skill-candidates/v0.0.10/figma-use/references/component-patterns.md +488 -488
  148. package/docs/skill-candidates/v0.0.10/figma-use/references/effect-style-patterns.md +123 -123
  149. package/docs/skill-candidates/v0.0.10/figma-use/references/gotchas.md +599 -599
  150. package/docs/skill-candidates/v0.0.10/figma-use/references/maintainers.yml +12 -12
  151. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-patterns.md +513 -513
  152. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-standalone.d.ts +11293 -11293
  153. package/docs/skill-candidates/v0.0.10/figma-use/references/plugin-api-standalone.index.md +441 -441
  154. package/docs/skill-candidates/v0.0.10/figma-use/references/text-style-patterns.md +203 -203
  155. package/docs/skill-candidates/v0.0.10/figma-use/references/validation-and-recovery.md +109 -109
  156. package/docs/skill-candidates/v0.0.10/figma-use/references/variable-patterns.md +354 -354
  157. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/maintainers.yml +9 -9
  158. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components--creating.md +17 -17
  159. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components--using.md +17 -17
  160. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-components.md +50 -50
  161. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-effect-styles.md +52 -52
  162. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-text-styles.md +90 -90
  163. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables--creating.md +13 -13
  164. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables--using.md +13 -13
  165. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds-variables.md +64 -64
  166. package/docs/skill-candidates/v0.0.10/figma-use/references/working-with-design-systems/wwds.md +41 -41
  167. package/docs/skill-candidates/v0.0.10/frontend-design/LICENSE.txt +177 -177
  168. package/docs/skill-candidates/v0.0.10/frontend-design/SKILL.md +55 -55
  169. package/docs/skill-candidates/v0.0.10/frontend-ui-ux-systems/SKILL.md +32 -32
  170. package/docs/skill-candidates/v0.0.10/github/SKILL.md +74 -74
  171. package/docs/skill-candidates/v0.0.10/github/agents/openai.yaml +6 -6
  172. package/docs/skill-candidates/v0.0.10/github/assets/github-small.svg +3 -3
  173. package/docs/skill-candidates/v0.0.10/image-graphic-design-rendering/SKILL.md +28 -28
  174. package/docs/skill-candidates/v0.0.10/language-quality-pt-en-fr-it-ru/SKILL.md +28 -28
  175. package/docs/skill-candidates/v0.0.10/math-physics-reasoning/SKILL.md +28 -28
  176. package/docs/skill-candidates/v0.0.10/mcp-builder/LICENSE.txt +201 -201
  177. package/docs/skill-candidates/v0.0.10/mcp-builder/SKILL.md +236 -236
  178. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/evaluation.md +601 -601
  179. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/mcp_best_practices.md +249 -249
  180. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/node_mcp_server.md +969 -969
  181. package/docs/skill-candidates/v0.0.10/mcp-builder/reference/python_mcp_server.md +718 -718
  182. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/connections.py +151 -151
  183. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/evaluation.py +373 -373
  184. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/example_evaluation.xml +22 -22
  185. package/docs/skill-candidates/v0.0.10/mcp-builder/scripts/requirements.txt +2 -2
  186. package/docs/skill-candidates/v0.0.10/mcp-client-readiness/SKILL.md +31 -31
  187. package/docs/skill-candidates/v0.0.10/openai-docs/LICENSE.txt +201 -201
  188. package/docs/skill-candidates/v0.0.10/openai-docs/SKILL.md +161 -161
  189. package/docs/skill-candidates/v0.0.10/openai-docs/agents/openai.yaml +14 -14
  190. package/docs/skill-candidates/v0.0.10/openai-docs/assets/openai-small.svg +3 -3
  191. package/docs/skill-candidates/v0.0.10/openai-docs/references/latest-model.md +37 -37
  192. package/docs/skill-candidates/v0.0.10/openai-docs/references/prompting-guide.md +244 -244
  193. package/docs/skill-candidates/v0.0.10/openai-docs/references/upgrade-guide.md +181 -181
  194. package/docs/skill-candidates/v0.0.10/openai-docs/scripts/fetch-codex-manual.mjs +598 -598
  195. package/docs/skill-candidates/v0.0.10/openai-docs/scripts/resolve-latest-model-info.js +147 -147
  196. package/docs/skill-candidates/v0.0.10/playwright/NOTICE.txt +14 -14
  197. package/docs/skill-candidates/v0.0.10/playwright/SKILL.md +147 -147
  198. package/docs/skill-candidates/v0.0.10/playwright/agents/openai.yaml +6 -6
  199. package/docs/skill-candidates/v0.0.10/playwright/assets/playwright-small.svg +3 -3
  200. package/docs/skill-candidates/v0.0.10/playwright/references/cli.md +116 -116
  201. package/docs/skill-candidates/v0.0.10/playwright/references/workflows.md +95 -95
  202. package/docs/skill-candidates/v0.0.10/playwright/scripts/playwright_cli.sh +25 -25
  203. package/docs/skill-candidates/v0.0.10/polyglot-backend-engineering/SKILL.md +32 -32
  204. package/docs/skill-candidates/v0.0.10/screenshot/LICENSE.txt +201 -201
  205. package/docs/skill-candidates/v0.0.10/screenshot/SKILL.md +267 -267
  206. package/docs/skill-candidates/v0.0.10/screenshot/agents/openai.yaml +6 -6
  207. package/docs/skill-candidates/v0.0.10/screenshot/assets/screenshot-small.svg +5 -5
  208. package/docs/skill-candidates/v0.0.10/screenshot/scripts/ensure_macos_permissions.sh +54 -54
  209. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_display_info.swift +22 -22
  210. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_permissions.swift +40 -40
  211. package/docs/skill-candidates/v0.0.10/screenshot/scripts/macos_window_info.swift +126 -126
  212. package/docs/skill-candidates/v0.0.10/screenshot/scripts/take_screenshot.ps1 +163 -163
  213. package/docs/skill-candidates/v0.0.10/screenshot/scripts/take_screenshot.py +585 -585
  214. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/SKILL.md +62 -62
  215. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/agents/openai.yaml +4 -4
  216. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/activation-policy.md +77 -77
  217. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/human-approval-policy.md +83 -83
  218. package/docs/skill-candidates/v0.0.10/skill-master-orchestrator/references/persona-dev-senior-master.md +46 -46
  219. package/docs/skill-candidates/v0.0.10/terminal-menu-operations/SKILL.md +30 -30
  220. package/docs/skill-candidates/v0.0.10/terminal-pixel-art-tui/SKILL.md +43 -43
  221. package/docs/skill-candidates/v0.0.10/webapp-testing/LICENSE.txt +201 -201
  222. package/docs/skill-candidates/v0.0.10/webapp-testing/SKILL.md +95 -95
  223. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/console_logging.py +34 -34
  224. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/element_discovery.py +39 -39
  225. package/docs/skill-candidates/v0.0.10/webapp-testing/examples/static_html_automation.py +32 -32
  226. package/docs/skill-candidates/v0.0.10/webapp-testing/scripts/with_server.py +105 -105
  227. package/docs/skill-candidates/v0.0.10/winui-app/LICENSE.txt +201 -201
  228. package/docs/skill-candidates/v0.0.10/winui-app/SKILL.md +94 -94
  229. package/docs/skill-candidates/v0.0.10/winui-app/agents/openai.yaml +5 -5
  230. package/docs/skill-candidates/v0.0.10/winui-app/config.yaml +50 -50
  231. package/docs/skill-candidates/v0.0.10/winui-app/references/_sections.md +96 -96
  232. package/docs/skill-candidates/v0.0.10/winui-app/references/accessibility-input-and-localization.md +51 -51
  233. package/docs/skill-candidates/v0.0.10/winui-app/references/build-run-and-launch-verification.md +72 -72
  234. package/docs/skill-candidates/v0.0.10/winui-app/references/community-toolkit-controls-and-helpers.md +57 -57
  235. package/docs/skill-candidates/v0.0.10/winui-app/references/controls-layout-and-adaptive-ui.md +84 -84
  236. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-environment-audit-and-remediation.md +82 -82
  237. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-setup-and-project-selection.md +67 -67
  238. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-template-first-recovery.md +62 -62
  239. package/docs/skill-candidates/v0.0.10/winui-app/references/foundation-winui-app-structure.md +62 -62
  240. package/docs/skill-candidates/v0.0.10/winui-app/references/motion-animations-and-polish.md +45 -45
  241. package/docs/skill-candidates/v0.0.10/winui-app/references/performance-diagnostics-and-responsiveness.md +46 -46
  242. package/docs/skill-candidates/v0.0.10/winui-app/references/sample-source-map.md +37 -37
  243. package/docs/skill-candidates/v0.0.10/winui-app/references/shell-navigation-and-windowing.md +67 -67
  244. package/docs/skill-candidates/v0.0.10/winui-app/references/styling-theming-materials-and-icons.md +71 -71
  245. package/docs/skill-candidates/v0.0.10/winui-app/references/testing-debugging-and-review-checklists.md +77 -77
  246. package/docs/skill-candidates/v0.0.10/winui-app/references/windows-app-sdk-lifecycle-notifications-and-deployment.md +52 -52
  247. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/SKILL.md +398 -398
  248. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/common-patterns.md +330 -330
  249. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/complete-examples.md +871 -871
  250. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/component-patterns.md +501 -501
  251. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/data-fetching.md +766 -766
  252. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/file-organization.md +501 -501
  253. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/loading-and-error-states.md +500 -500
  254. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/performance.md +405 -405
  255. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/routing-guide.md +363 -363
  256. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/styling-guide.md +427 -427
  257. package/docs/skill-candidates/v0.0.11/frontend-dev-guidelines/resources/typescript-standards.md +417 -417
  258. package/docs/skill-candidates/v0.0.11/git-version-control-ops/SKILL.md +34 -34
  259. package/docs/skill-candidates/v0.0.11/go-engineering/SKILL.md +34 -34
  260. package/docs/skill-candidates/v0.0.11/java-engineering/SKILL.md +34 -34
  261. package/docs/skill-candidates/v0.0.11/javascript-engineering/SKILL.md +34 -34
  262. package/docs/skill-candidates/v0.0.11/json-contract-design/SKILL.md +34 -34
  263. package/docs/skill-candidates/v0.0.11/multi-client-mcp-ops/SKILL.md +36 -36
  264. package/docs/skill-candidates/v0.0.11/nextjs/SKILL.md +745 -745
  265. package/docs/skill-candidates/v0.0.11/nextjs/agents/openai.yaml +3 -3
  266. package/docs/skill-candidates/v0.0.11/nextjs/references/app-router-files.md +94 -94
  267. package/docs/skill-candidates/v0.0.11/python-engineering/SKILL.md +34 -34
  268. package/docs/skill-candidates/v0.0.11/ruby-engineering/SKILL.md +34 -34
  269. package/docs/skill-candidates/v0.0.11/senior-fullstack/SKILL.md +209 -209
  270. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/architecture_patterns.md +103 -103
  271. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/development_workflows.md +103 -103
  272. package/docs/skill-candidates/v0.0.11/senior-fullstack/references/tech_stack_guide.md +103 -103
  273. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/code_quality_analyzer.py +114 -114
  274. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/fullstack_scaffolder.py +114 -114
  275. package/docs/skill-candidates/v0.0.11/senior-fullstack/scripts/project_scaffolder.py +114 -114
  276. package/docs/skill-candidates/v0.0.11/shadcn/SKILL.md +573 -573
  277. package/docs/skill-candidates/v0.0.11/shadcn/agents/openai.yaml +3 -3
  278. package/docs/skill-candidates/v0.0.11/sql-postgresql-engineering/SKILL.md +34 -34
  279. package/docs/skill-candidates/v0.0.11/terminal-shell-ops/SKILL.md +34 -34
  280. package/docs/skill-candidates/v0.0.11/typescript-expert/SKILL.md +429 -429
  281. package/docs/skill-candidates/v0.0.11/typescript-expert/references/tsconfig-strict.json +91 -91
  282. package/docs/skill-candidates/v0.0.11/typescript-expert/references/typescript-cheatsheet.md +383 -383
  283. package/docs/skill-candidates/v0.0.11/typescript-expert/references/utility-types.ts +335 -335
  284. package/docs/skill-candidates/v0.0.11/typescript-expert/scripts/ts_diagnostic.py +203 -203
  285. package/docs/skill-candidates/v0.0.11/ui-component-primitives/SKILL.md +34 -34
  286. package/docs/skill-candidates/v0.0.11/web-mobile-design-systems/SKILL.md +34 -34
  287. package/docs/skill-candidates/v0.0.11/windows-linux-platform-ops/SKILL.md +34 -34
  288. package/docs/skill-candidates/v0.0.12/context-compression-handoff/SKILL.md +47 -0
  289. package/docs/skill-candidates/v0.0.12/csharp-senior-master-engineering/SKILL.md +32 -32
  290. package/docs/skill-candidates/v0.0.12/css-senior-master-engineering/SKILL.md +32 -32
  291. package/docs/skill-candidates/v0.0.12/go-senior-master-engineering/SKILL.md +32 -32
  292. package/docs/skill-candidates/v0.0.12/html-senior-master-engineering/SKILL.md +32 -32
  293. package/docs/skill-candidates/v0.0.12/javascript-senior-master-engineering/SKILL.md +32 -32
  294. package/docs/skill-candidates/v0.0.12/json-senior-master-engineering/SKILL.md +32 -32
  295. package/docs/skill-candidates/v0.0.12/prompt-budget-gate/SKILL.md +46 -0
  296. package/docs/skill-candidates/v0.0.12/python-senior-master-engineering/SKILL.md +32 -32
  297. package/docs/skill-candidates/v0.0.12/react-senior-master-engineering/SKILL.md +32 -32
  298. package/docs/skill-candidates/v0.0.12/ruby-senior-master-engineering/SKILL.md +32 -32
  299. package/docs/skill-candidates/v0.0.12/senior-master-code-optimizer/SKILL.md +48 -48
  300. package/docs/skill-candidates/v0.0.12/sql-senior-master-engineering/SKILL.md +31 -31
  301. package/docs/skill-candidates/v0.0.12/token-economy-orchestrator/SKILL.md +38 -0
  302. package/docs/skill-candidates/v0.0.12/typescript-senior-master-engineering/SKILL.md +35 -35
  303. package/docs/skill-candidates/v0.0.9/ai-ethics-human-dignity/SKILL.md +32 -32
  304. package/docs/skill-candidates/v0.0.9/broad-domain-router/SKILL.md +41 -41
  305. package/docs/skill-candidates/v0.0.9/catholic-moral-discernment/SKILL.md +31 -31
  306. package/docs/skill-candidates/v0.0.9/engineering-systems-master/SKILL.md +31 -31
  307. package/docs/skill-candidates/v0.0.9/language-quality-pt-en-fr/SKILL.md +28 -28
  308. package/docs/skill-candidates/v0.0.9/math-science-reasoning/SKILL.md +29 -29
  309. package/docs/skill-candidates/v0.0.9/philosophy-sociology-discernment/SKILL.md +28 -28
  310. package/docs/skill-candidates/v0.0.9/professional-boundary-triage/SKILL.md +40 -40
  311. package/docs/skill-candidates/v0.0.9/release-ethics-gate/SKILL.md +32 -32
  312. package/docs/skill-candidates/v0.0.9/source-authority-reviewer/SKILL.md +31 -31
  313. package/examples/client-configs/claude-code.commands.md +21 -21
  314. package/examples/client-configs/claude-code.project.mcp.json +18 -18
  315. package/examples/client-configs/claude-desktop.macos.json +18 -18
  316. package/examples/client-configs/claude-desktop.windows.json +20 -20
  317. package/examples/client-configs/codex.windows.toml +11 -11
  318. package/examples/client-configs/gemini-code-assist.intellij.mcp.json +18 -18
  319. package/examples/client-configs/gemini.linux.settings.json +21 -21
  320. package/examples/client-configs/gemini.windows.settings.json +23 -23
  321. package/examples/client-configs/generic-stdio.json +16 -16
  322. package/manifests/channels/beta.json +26 -26
  323. package/manifests/channels/stable.json +27 -27
  324. package/network/approved-skills.json +54 -54
  325. package/network/unapproved-skill-candidates.json +110 -110
  326. package/package.json +87 -86
  327. package/scripts/configure-private-registry.mjs +208 -208
  328. package/scripts/lib/private-registry.mjs +97 -97
  329. package/scripts/render-menu-evidence.mjs +130 -130
  330. package/scripts/verify-menu-actions.mjs +117 -117
  331. package/sources.json +11 -11
@@ -1,745 +1,745 @@
1
- ---
2
- name: nextjs
3
- description: Next.js App Router expert guidance. Use when building, debugging, or architecting Next.js applications — routing, Server Components, Server Actions, Cache Components, layouts, middleware/proxy, data fetching, rendering strategies, and deployment on Vercel.
4
- metadata:
5
- priority: 5
6
- docs:
7
- - "https://nextjs.org/docs"
8
- - "https://nextjs.org/docs/app"
9
- sitemap: "https://nextjs.org/sitemap.xml"
10
- pathPatterns:
11
- - 'next.config.*'
12
- - 'next-env.d.ts'
13
- - 'app/**'
14
- - 'pages/**'
15
- - 'src/app/**'
16
- - 'src/pages/**'
17
- - 'tailwind.config.*'
18
- - 'postcss.config.*'
19
- - 'tsconfig.json'
20
- - 'tsconfig.*.json'
21
- - 'apps/*/app/**'
22
- - 'apps/*/pages/**'
23
- - 'apps/*/src/app/**'
24
- - 'apps/*/src/pages/**'
25
- - 'apps/*/next.config.*'
26
- bashPatterns:
27
- - '\bnext\s+(dev|build|start|lint)\b'
28
- - '\bnext\s+experimental-analyze\b'
29
- - '\bnpx\s+create-next-app\b'
30
- - '\bbunx\s+create-next-app\b'
31
- - '\bnpm\s+run\s+(dev|build|start)\b'
32
- - '\bpnpm\s+(dev|build)\b'
33
- - '\bbun\s+run\s+(dev|build)\b'
34
- promptSignals:
35
- phrases:
36
- - "next.js"
37
- - "nextjs"
38
- - "app router"
39
- - "server component"
40
- - "server action"
41
- allOf:
42
- - [middleware, next]
43
- - [layout, route]
44
- anyOf:
45
- - "pages router"
46
- - "getserversideprops"
47
- - "use server"
48
- noneOf: []
49
- minScore: 6
50
- ---
51
-
52
- # Next.js (v16+) — App Router
53
-
54
- You are an expert in Next.js 16 with the App Router. Always prefer the App Router over the legacy Pages Router unless the user's project explicitly uses Pages Router.
55
-
56
- ## Critical Pattern: Lazy Initialization for Build-Safe Modules
57
-
58
- Never initialize database clients (Neon, Drizzle), Redis (Upstash), or service SDKs (Resend, Slack) at module scope.
59
-
60
- During `next build`, static generation can evaluate modules before runtime env vars are present, which causes startup crashes. Always initialize these clients lazily inside getter functions.
61
-
62
- ```ts
63
- import { drizzle } from 'drizzle-orm/neon-http'
64
- import { neon } from '@neondatabase/serverless'
65
-
66
- let _db: ReturnType<typeof drizzle> | null = null
67
-
68
- export function getDb() {
69
- if (!_db) _db = drizzle(neon(process.env.DATABASE_URL!))
70
- return _db
71
- }
72
- ```
73
-
74
- Apply the same lazy singleton pattern to Redis and SDK clients (`getRedis()`, `getResend()`, `getSlackClient()`) instead of creating them at import time.
75
-
76
- ## Scaffolding
77
-
78
- When running `create-next-app`, **always** pass `--yes` to skip interactive prompts (React Compiler, import alias) that hang in non-interactive shells:
79
-
80
- ```bash
81
- npx create-next-app@latest my-app --yes --typescript --tailwind --eslint --app --src-dir --import-alias "@/*" --turbopack --use-npm
82
- ```
83
-
84
- **If the target directory contains ANY non-Next.js files** (`.git/`, config files, etc.), you **MUST** add `--force`. Without it, `create-next-app` will fail with "The directory contains files that could conflict" and block scaffolding. **Check the directory first** — if it has anything in it, use `--force`:
85
-
86
- ```bash
87
- npx create-next-app@latest . --yes --force --typescript --tailwind --eslint --app --src-dir --import-alias "@/*" --turbopack --use-npm
88
- ```
89
-
90
- ### Geist Font Fix (Tailwind v4 + shadcn)
91
-
92
- `shadcn init` rewrites `globals.css` with `--font-sans: var(--font-sans)` in `@theme inline` — a circular reference that falls back to Times/serif. Even `var(--font-geist-sans)` doesn't work because Tailwind v4's `@theme inline` resolves at **CSS parse time**, not runtime.
93
-
94
- **Two fixes required after `create-next-app` + `shadcn init`:**
95
-
96
- 1. **Use literal font names in `globals.css`** (not CSS variable references):
97
-
98
- ```css
99
- @theme inline {
100
- /* CORRECT — literal names that @theme can resolve at parse time */
101
- --font-sans: "Geist", "Geist Fallback", ui-sans-serif, system-ui, sans-serif;
102
- --font-mono: "Geist Mono", "Geist Mono Fallback", ui-monospace, monospace;
103
- }
104
- ```
105
-
106
- 2. **Move font variable classNames from `<body>` to `<html>`** in layout.tsx:
107
-
108
- ```tsx
109
- // app/layout.tsx — CORRECT
110
- <html lang="en" className={`${geistSans.variable} ${geistMono.variable}`}>
111
- <body className="antialiased">
112
- ```
113
-
114
- ```tsx
115
- // app/layout.tsx — WRONG (default scaffold output)
116
- <html lang="en">
117
- <body className={`${geistSans.variable} ${geistMono.variable} antialiased`}>
118
- ```
119
-
120
- **Always apply both fixes** after running `create-next-app` + `shadcn init` with Tailwind v4.
121
-
122
- ## UI Defaults for App Router Pages
123
-
124
- When building pages, layouts, and route-level UI in this stack, default to shadcn/ui + Geist instead of raw Tailwind scaffolding.
125
- - Start from theme tokens: `bg-background text-foreground`, not ad-hoc palette classes.
126
- - Use Geist Sans for interface text and Geist Mono for code, metrics, IDs, timestamps.
127
- - Reach for shadcn primitives first: Button, Input, Textarea, Card, Tabs, Table, Dialog, AlertDialog, Sheet, DropdownMenu, Badge, Separator, Skeleton.
128
- - For product, admin, and AI surfaces, default to dark mode with restrained accents and designed empty/loading/error states.
129
- - Common route compositions: Settings route (Tabs+Card+form), Dashboard route (filter bar+Card+Table), Mobile nav (Sheet+Button).
130
-
131
- ## Key Architecture
132
-
133
- Next.js 16 uses React 19.2 features and the App Router (file-system routing under `app/`). Ensure React **19.2.4+** for security patches (see CVE section below).
134
-
135
- ### File Conventions
136
- - `layout.tsx` — Persistent wrapper, preserves state across navigations
137
- - `page.tsx` — Unique UI for a route, makes route publicly accessible
138
- - `loading.tsx` — Suspense fallback shown while segment loads
139
- - `error.tsx` — Error boundary for a segment
140
- - `not-found.tsx` — 404 UI for a segment
141
- - `route.ts` — API endpoint (Route Handler)
142
- - `template.tsx` — Like layout but re-mounts on navigation
143
- - `default.tsx` — Fallback for parallel routes
144
-
145
- ### Routing
146
- - Dynamic segments: `[id]`, catch-all: `[...slug]`, optional catch-all: `[[...slug]]`
147
- - Route groups: `(group)` — organize without affecting URL
148
- - Parallel routes: `@slot` — render multiple pages in same layout
149
- - Intercepting routes: `(.)`, `(..)`, `(...)`, `(..)(..)` — modal patterns
150
-
151
- ## Server Components (Default)
152
-
153
- All components in the App Router are Server Components by default. They:
154
- - Run on the server only, ship zero JavaScript to the client
155
- - Can directly `await` data (fetch, DB queries, file system)
156
- - Cannot use `useState`, `useEffect`, or browser APIs
157
- - Cannot use event handlers (`onClick`, `onChange`)
158
-
159
- ```tsx
160
- // app/users/page.tsx — Server Component (default)
161
- export default async function UsersPage() {
162
- const users = await db.query('SELECT * FROM users')
163
- return <UserList users={users} />
164
- }
165
- ```
166
-
167
- ## Client Components
168
-
169
- Add `'use client'` at the top of the file when you need interactivity or browser APIs.
170
-
171
- ```tsx
172
- 'use client'
173
- import { useState } from 'react'
174
-
175
- export function Counter() {
176
- const [count, setCount] = useState(0)
177
- return <button onClick={() => setCount(count + 1)}>{count}</button>
178
- }
179
- ```
180
-
181
- **Rule**: Push `'use client'` as far down the component tree as possible. Keep data fetching in Server Components and pass data down as props.
182
-
183
- ## Server Actions / Server Functions
184
-
185
- Async functions marked with `'use server'` that run on the server. Use for mutations.
186
-
187
- ```tsx
188
- // app/actions.ts
189
- 'use server'
190
-
191
- export async function createUser(formData: FormData) {
192
- const name = formData.get('name') as string
193
- await db.insert('users', { name })
194
- revalidatePath('/users')
195
- }
196
- ```
197
-
198
- Use Server Actions for:
199
- - Form submissions and data mutations
200
- - In-app mutations with `revalidatePath` / `revalidateTag`
201
-
202
- Use Route Handlers (`route.ts`) for:
203
- - Public APIs consumed by external clients
204
- - Webhooks
205
- - Large file uploads
206
- - Streaming responses
207
-
208
- ## Cache Components (Next.js 16)
209
-
210
- The `'use cache'` directive enables component and function-level caching.
211
-
212
- ```tsx
213
- 'use cache'
214
-
215
- export async function CachedUserList() {
216
- cacheLife('hours') // Configure cache duration
217
- cacheTag('users') // Tag for on-demand invalidation
218
- const users = await db.query('SELECT * FROM users')
219
- return <UserList users={users} />
220
- }
221
- ```
222
-
223
- ### Cache Scope Variants
224
-
225
- `'use cache'` supports scope modifiers that control where cached data is stored:
226
-
227
- ```tsx
228
- // Default — cached in the deployment's local data cache
229
- 'use cache'
230
-
231
- // Remote cache — shared across all deployments and regions (Vercel only)
232
- 'use cache: remote'
233
-
234
- // Private cache — per-request cache, never shared between users
235
- 'use cache: private'
236
- ```
237
-
238
- | Variant | Shared across deployments? | Shared across users? | Use case |
239
- |---------|---------------------------|---------------------|----------|
240
- | `'use cache'` | No (per-deployment) | Yes | Default, most use cases |
241
- | `'use cache: remote'` | Yes | Yes | Expensive computations shared globally |
242
- | `'use cache: private'` | No | No | User-specific cached data (e.g., profile) |
243
-
244
- ### Cache Handler Configuration
245
-
246
- Next.js 16 uses `cacheHandlers` (plural) to configure separate handlers for different cache types:
247
-
248
- ```ts
249
- // next.config.ts
250
- const nextConfig = {
251
- cacheHandlers: {
252
- default: require.resolve('./cache-handler-default.mjs'),
253
- remote: require.resolve('./cache-handler-remote.mjs'),
254
- fetch: require.resolve('./cache-handler-fetch.mjs'),
255
- },
256
- }
257
- ```
258
-
259
- **Important**: `cacheHandlers` (plural, Next.js 16+) replaces `cacheHandler` (singular, Next.js 15). The singular form configured one handler for all cache types. The plural form allows per-type handlers (`default`, `remote`, `fetch`). Using the old singular `cacheHandler` in Next.js 16 triggers a deprecation warning.
260
-
261
- ### Cache Invalidation
262
-
263
- Invalidate with `updateTag('users')` from a Server Action (immediate expiration, Server Actions only) or `revalidateTag('users', 'max')` for stale-while-revalidate from Server Actions or Route Handlers.
264
-
265
- **Important**: The single-argument `revalidateTag(tag)` is deprecated in Next.js 16. Always pass a `cacheLife` profile as the second argument (e.g., `'max'`, `'hours'`, `'days'`).
266
-
267
- | Function | Context | Behavior |
268
- |----------|---------|----------|
269
- | `updateTag(tag)` | Server Actions only | Immediate expiration, read-your-own-writes |
270
- | `revalidateTag(tag, 'max')` | Server Actions + Route Handlers | Stale-while-revalidate (recommended) |
271
- | `revalidateTag(tag, { expire: 0 })` | Route Handlers (webhooks) | Immediate expiration from external triggers |
272
-
273
- ## Proxy (formerly Middleware)
274
-
275
- In Next.js 16, `middleware.ts` is renamed to `proxy.ts`. It runs **exclusively on the Node.js runtime** — the Edge runtime is not supported in proxy and cannot be configured.
276
-
277
- **File location**: Place `proxy.ts` at the same level as your `app/` directory:
278
- - Standard project: `proxy.ts` at project root
279
- - With `--src-dir` (or `srcDir: true`): `src/proxy.ts` (inside `src/`, alongside `app/`)
280
-
281
- If you place `proxy.ts` in the wrong location, Next.js will silently ignore it and no request interception will occur.
282
-
283
- **Constraints**:
284
- - Proxy can only **rewrite**, **redirect**, or **modify headers** — it cannot return full response bodies. Use Route Handlers for that.
285
- - Config flags are renamed: `skipMiddlewareUrlNormalize` → `skipProxyUrlNormalize`.
286
- - Keep it light: use for high-level traffic control (e.g., redirecting users without a session cookie). Detailed auth should live in Server Components or Server Actions.
287
- - **OpenNext note**: OpenNext doesn't support `proxy.ts` yet — keep using `middleware.ts` if self-hosting with OpenNext.
288
-
289
- ```ts
290
- // proxy.ts (or src/proxy.ts if using src directory)
291
- import type { NextRequest } from 'next/server'
292
-
293
- export function proxy(request: NextRequest) {
294
- // Rewrite, redirect, set headers, etc.
295
- }
296
-
297
- export const config = { matcher: ['/dashboard/:path*'] }
298
- ```
299
-
300
- ## Upgrading
301
-
302
- Use the built-in upgrade command (available since 16.1.0):
303
-
304
- ```bash
305
- pnpm next upgrade # or npm/yarn/bun equivalent
306
- ```
307
-
308
- For versions before 16.1.0: `npx @next/codemod@canary upgrade latest`
309
-
310
- If your AI coding assistant supports MCP, the **Next.js DevTools MCP** can automate upgrade and migration tasks.
311
-
312
- ## What's New in Next.js 16.1
313
-
314
- Next.js 16.1 (December 2025, latest stable patch: 16.1.6) builds on 16.0 with developer experience improvements:
315
-
316
- 1. **Turbopack File System Caching (Stable)** — Compiler artifacts are now cached on disk between `next dev` restarts, delivering up to 14× faster startup on large projects. Enabled by default, no config needed. File system caching for `next build` is planned next.
317
- 2. **Bundle Analyzer (Experimental)** — New built-in bundle analyzer works with Turbopack. Offers route-specific filtering, import tracing, and RSC boundary analysis to identify bloated dependencies in both server and client bundles. Enable with `experimental.bundleAnalyzer: true` in `next.config`.
318
- 3. **`next dev --inspect`** — Debug your dev server without global `NODE_OPTIONS=--inspect`. Applies the inspector only to the relevant process.
319
- 4. **`next upgrade` command** — New CLI command to simplify version upgrades: `npx @next/codemod@canary upgrade latest`.
320
- 5. **Transitive External Dependencies** — Turbopack correctly resolves and externalizes transitive deps in `serverExternalPackages` without extra config.
321
- 6. **20 MB smaller installs** — Streamlined Turbopack caching layer reduces `node_modules` footprint.
322
-
323
- ## React 19.2 Features
324
-
325
- Next.js 16+ uses React 19.2. These features are available in App Router applications:
326
-
327
- ### `useEffectEvent` Hook
328
-
329
- Creates a stable function that always accesses the latest props and state without triggering effect re-runs. Use when your effect needs to read a value but shouldn't re-run when that value changes:
330
-
331
- ```tsx
332
- 'use client'
333
- import { useEffect, useEffectEvent } from 'react'
334
-
335
- function ChatRoom({ roomId, theme }: { roomId: string; theme: string }) {
336
- const onConnected = useEffectEvent(() => {
337
- showNotification(`Connected to ${roomId}`, theme) // reads latest theme
338
- })
339
-
340
- useEffect(() => {
341
- const connection = createConnection(roomId)
342
- connection.on('connected', onConnected)
343
- connection.connect()
344
- return () => connection.disconnect()
345
- }, [roomId]) // theme is NOT a dependency — onConnected reads it via useEffectEvent
346
- }
347
- ```
348
-
349
- Common use cases: logging with current state, notifications using current theme, callbacks that need fresh values but aren't the trigger for the effect.
350
-
351
- ### `<Activity>` Component
352
-
353
- Preserves component state when hiding and showing UI, without unmounting. Solves the classic tradeoff between unmounting (loses state) and CSS `display:none` (effects keep running):
354
-
355
- ```tsx
356
- 'use client'
357
- import { Activity, useState } from 'react'
358
-
359
- function TabContainer() {
360
- const [activeTab, setActiveTab] = useState('inbox')
361
-
362
- return (
363
- <div>
364
- <nav>
365
- <button onClick={() => setActiveTab('inbox')}>Inbox</button>
366
- <button onClick={() => setActiveTab('drafts')}>Drafts</button>
367
- </nav>
368
- <Activity mode={activeTab === 'inbox' ? 'visible' : 'hidden'}>
369
- <InboxPanel />
370
- </Activity>
371
- <Activity mode={activeTab === 'drafts' ? 'visible' : 'hidden'}>
372
- <DraftsPanel />
373
- </Activity>
374
- </div>
375
- )
376
- }
377
- ```
378
-
379
- Use for: tabbed interfaces, modals, sidebars, background tasks — anywhere you need to maintain component state without keeping everything actively rendered. When `mode="hidden"`, effects are suspended (not running in the background).
380
-
381
- ### View Transitions API
382
-
383
- React 19.2 supports the browser View Transitions API for animating elements across navigations. Next.js 16 has built-in support — elements can animate between route changes without manual transition logic.
384
-
385
- Key change: `useId` now generates IDs with `_r_` prefix (instead of `:r:`) to be valid for `view-transition-name` and XML 1.0 names.
386
-
387
- ## Layout Deduplication During Prefetching
388
-
389
- Next.js 16 deduplicates shared layouts during prefetching. When multiple `<Link>` components point to routes with a shared layout, the layout is downloaded **once** instead of separately for each link.
390
-
391
- **Impact**: A page with 50 product links that share a layout downloads ~198KB instead of ~2.4MB — a 92% reduction in prefetch network transfer.
392
-
393
- Combined with **incremental prefetching**, Next.js only fetches route segments not already in cache, cancels prefetch requests when links leave the viewport, re-prefetches on hover or viewport re-entry, and re-prefetches when data is invalidated.
394
-
395
- ## Bundle Analyzer (`next experimental-analyze`)
396
-
397
- Built-in bundle analyzer that works with Turbopack (available since Next.js 16.1):
398
-
399
- ```bash
400
- # Analyze and serve results in browser
401
- next experimental-analyze --serve
402
-
403
- # Analyze with custom port
404
- next experimental-analyze --serve --port 4001
405
-
406
- # Write analysis to .next/diagnostics/analyze (no server)
407
- next experimental-analyze
408
- ```
409
-
410
- Features:
411
- - Route-specific filtering between client and server bundles
412
- - Full import chain tracing — see exactly why a module is included
413
- - Traces imports across RSC boundaries and dynamic imports
414
- - No application build required — analyzes module graph directly
415
-
416
- Save output for comparison: `cp -r .next/diagnostics/analyze ./analyze-before-refactor`
417
-
418
- **Legacy**: For projects not using Turbopack, use `@next/bundle-analyzer` with `ANALYZE=true npm run build`.
419
-
420
- ## Next.js 16.2 (Canary)
421
-
422
- Next.js 16.2 is currently in canary (latest: 16.2.0-canary.84, March 2026). Key areas in development:
423
-
424
- 1. **Turbopack File System Caching for `next build`** — Extending the stable `next dev` FS cache to production builds for faster CI.
425
- 2. **Proxy refinements** — Continued iteration on `proxy.ts` (the Node.js-runtime replacement for `middleware.ts` introduced in 16.0). The proxy API is stabilizing with improved request context and streaming support.
426
- 3. **React Compiler optimizations** — Further automatic memoization improvements building on the stable React Compiler in 16.0.
427
-
428
- > **Note**: Canary releases are not recommended for production. Track progress at the [Next.js Changelog](https://next-changelog.vercel.app/) or [GitHub Releases](https://github.com/vercel/next.js/releases).
429
-
430
- ## DevTools MCP
431
-
432
- Next.js 16 includes **Next.js DevTools MCP**, a Model Context Protocol integration for AI-assisted debugging. It enables AI agents to diagnose issues, explain behavior, and suggest fixes within your development workflow. If your AI coding assistant supports MCP, DevTools MCP can also automate upgrade and migration tasks.
433
-
434
- ## Breaking Changes in Next.js 16
435
-
436
- 1. **Async Request APIs**: `cookies()`, `headers()`, `params`, `searchParams` are all async — must `await` them
437
- 2. **Proxy replaces Middleware**: Rename `middleware.ts` → `proxy.ts`, runs on Node.js only (Edge not supported)
438
- 3. **Turbopack is top-level config**: Move from `experimental.turbopack` to `turbopack` in `next.config`
439
- 4. **View Transitions**: Built-in support for animating elements across navigations
440
- 5. **Node.js 20.9+ required**: Dropped support for Node 18
441
- 6. **TypeScript 5.1+ required**
442
-
443
- ## React 19 Gotchas
444
-
445
- ### `useRef()` Requires an Initial Value
446
-
447
- React 19 strict mode enforces that `useRef()` must be called with an explicit initial value. Omitting it causes a type error or runtime warning:
448
-
449
- ```tsx
450
- // WRONG — React 19 strict mode complains
451
- const ref = useRef() // ❌ missing initial value
452
- const ref = useRef<HTMLDivElement>() // ❌ still missing
453
-
454
- // CORRECT
455
- const ref = useRef<HTMLDivElement>(null) // ✅
456
- const ref = useRef(0) // ✅
457
- ```
458
-
459
- This affects all `useRef` calls in client components. The fix is always to pass an explicit initial value (usually `null` for DOM refs).
460
-
461
- ## Security: Critical CVEs
462
-
463
- Multiple vulnerabilities affect **all Next.js App Router applications** (13.4+, 14.x, 15.x, 16.x). Upgrade immediately.
464
-
465
- ### CVE-2025-66478 / CVE-2025-55182 — Remote Code Execution (CVSS 10.0, Critical)
466
-
467
- A deserialization vulnerability in the React Server Components (RSC) "Flight" protocol allows unauthenticated remote code execution via crafted HTTP requests. Near-100% exploit reliability against default configurations. **Actively exploited in the wild.** No workaround — upgrade is required. Rotate all application secrets after patching.
468
-
469
- - Affects: Next.js App Router applications (15.x, 16.x, 14.3.0-canary.77+)
470
- - Does NOT affect: Pages Router apps, Edge Runtime, Next.js 13.x, stable Next.js 14.x
471
-
472
- ### CVE-2025-55184 — Denial of Service (CVSS 7.5, High)
473
-
474
- Specially crafted HTTP requests cause the server process to hang indefinitely, consuming CPU and blocking legitimate users. No authentication required, low attack complexity.
475
-
476
- ### CVE-2025-55183 — Source Code Exposure (CVSS 5.3, Medium)
477
-
478
- Malformed HTTP requests can trick Server Actions into returning their compiled source code instead of the expected response. Environment variables are not exposed, but any hardcoded secrets in Server Action code can leak.
479
-
480
- ### CVE-2026-23864 — Denial of Service via Memory Exhaustion (CVSS 7.5, High)
481
-
482
- Disclosed January 26, 2026. The original DoS fix for CVE-2025-55184 was incomplete — additional vectors allow specially crafted HTTP requests to Server Function endpoints to crash the server via out-of-memory exceptions or excessive CPU usage. No authentication required.
483
-
484
- ### CVE-2025-29927 — Middleware Authorization Bypass (CVSS 9.1, Critical)
485
-
486
- An attacker can bypass middleware-based authorization by sending a crafted `x-middleware-subrequest` header, skipping all middleware logic. This affects any Next.js application that relies on `middleware.ts` (or `proxy.ts` in 16+) as the **sole** authorization gate. Patched in Next.js 14.2.25, 15.2.3, and all 16.x releases.
487
-
488
- **Mitigation**: Never rely on middleware/proxy as the only auth layer. Always re-validate authorization in Server Components, Server Actions, or Route Handlers. If you cannot patch immediately, block `x-middleware-subrequest` at your reverse proxy or WAF.
489
-
490
- ### Patched Versions
491
-
492
- | Release Line | Minimum Safe Version (all CVEs) |
493
- |---|---|
494
- | 14.x | `next@14.2.35` |
495
- | 15.0.x | `next@15.0.5` |
496
- | 15.1.x | `next@15.1.9` |
497
- | 15.2.x | `next@15.2.6` |
498
- | 15.3.x | `next@15.3.6` |
499
- | 15.4.x | `next@15.4.8` |
500
- | 15.5.x | `next@15.5.7` |
501
- | 16.0.x | `next@16.0.11` |
502
- | 16.1.x | `next@16.1.5` |
503
-
504
- Upgrade React to at least **19.0.1** / **19.1.2** / **19.2.1** for the RCE fix (CVE-2025-55182), and **19.2.4+** to fully address all DoS vectors (CVE-2025-55184, CVE-2025-67779, CVE-2026-23864).
505
-
506
- ```bash
507
- # Upgrade to latest patched versions
508
- npm install next@latest react@latest react-dom@latest
509
- ```
510
-
511
- Vercel deployed WAF rules automatically for hosted projects, but **WAF is defense-in-depth, not a substitute for patching**.
512
-
513
- ## Rendering Strategy Decision
514
-
515
- | Strategy | When to Use |
516
- |----------|-------------|
517
- | SSG (`generateStaticParams`) | Content rarely changes, maximum performance |
518
- | ISR (`revalidate: N`) | Content changes periodically, acceptable staleness |
519
- | SSR (Server Components) | Per-request fresh data, personalized content |
520
- | Cache Components (`'use cache'`) | Mix static shell with dynamic parts |
521
- | Client Components | Interactive UI, browser APIs needed |
522
- | Streaming (Suspense) | Show content progressively as data loads |
523
-
524
- ### Rendering Strategy Guidance
525
-
526
- ```
527
- Choosing a rendering strategy?
528
- ├─ Content changes less than once per day?
529
- │ ├─ Same for all users? → SSG (`generateStaticParams`)
530
- │ └─ Personalized? → SSG shell + client fetch for personalized parts
531
-
532
- ├─ Content changes frequently but can be slightly stale?
533
- │ ├─ Revalidate on schedule? → ISR with `revalidate: N` seconds
534
- │ └─ Revalidate on demand? → `revalidateTag()` or `revalidatePath()`
535
-
536
- ├─ Content must be fresh on every request?
537
- │ ├─ Cacheable per-request? → Cache Components (`'use cache'` + `cacheLife`)
538
- │ ├─ Personalized per-user? → SSR with Streaming (Suspense boundaries)
539
- │ └─ Real-time? → Client-side with SWR/React Query + SSR for initial load
540
-
541
- └─ Mostly static with one dynamic section?
542
- └─ Partial Prerendering: static shell + Suspense for dynamic island
543
- ```
544
-
545
- ### Caching Strategy Matrix
546
-
547
- | Data Type | Strategy | Implementation |
548
- |-----------|----------|----------------|
549
- | Static assets (JS, CSS, images) | Immutable cache | Automatic with Vercel (hashed filenames) |
550
- | API responses (shared) | Cache Components | `'use cache'` + `cacheLife('hours')` |
551
- | API responses (per-user) | No cache or short TTL | `cacheLife({ revalidate: 60 })` with user-scoped key |
552
- | Configuration data | Edge Config | `@vercel/edge-config` (< 5ms reads) |
553
- | Database queries | ISR + on-demand | `revalidateTag('products')` on write |
554
- | Full pages | SSG / ISR | `generateStaticParams` + `revalidate` |
555
- | Search results | Client-side + SWR | `useSWR` with stale-while-revalidate |
556
-
557
- ### Image Optimization Pattern
558
-
559
- ```tsx
560
- // BEFORE: Unoptimized, causes LCP & CLS issues
561
- <img src="/hero.jpg" />
562
-
563
- // AFTER: Optimized with next/image
564
- import Image from 'next/image';
565
- <Image src="/hero.jpg" width={1200} height={600} priority alt="Hero" />
566
- ```
567
-
568
- ### Font Loading Pattern
569
-
570
- ```tsx
571
- // BEFORE: External font causes CLS
572
- <link href="https://fonts.googleapis.com/css2?family=Inter" rel="stylesheet" />
573
-
574
- // AFTER: Zero-CLS with next/font
575
- import { Inter } from 'next/font/google';
576
- const inter = Inter({ subsets: ['latin'] });
577
- ```
578
-
579
- ### Cache Components Pattern
580
-
581
- ```tsx
582
- // BEFORE: Re-fetches on every request
583
- async function ProductList() {
584
- const products = await db.query('SELECT * FROM products');
585
- return <ul>{products.map(p => <li key={p.id}>{p.name}</li>)}</ul>;
586
- }
587
-
588
- // AFTER: Cached with automatic revalidation
589
- 'use cache';
590
- import { cacheLife } from 'next/cache';
591
-
592
- async function ProductList() {
593
- cacheLife('hours');
594
- const products = await db.query('SELECT * FROM products');
595
- return <ul>{products.map(p => <li key={p.id}>{p.name}</li>)}</ul>;
596
- }
597
- ```
598
-
599
- ### Optimistic UI Pattern
600
-
601
- ```tsx
602
- // Instant feedback while Server Action processes
603
- 'use client';
604
- import { useOptimistic } from 'react';
605
-
606
- function LikeButton({ count, onLike }) {
607
- const [optimisticCount, addOptimistic] = useOptimistic(count);
608
- return (
609
- <button onClick={() => { addOptimistic(count + 1); onLike(); }}>
610
- {optimisticCount} likes
611
- </button>
612
- );
613
- }
614
- ```
615
-
616
- ## OG Image Generation
617
-
618
- Next.js supports file-based OG image generation via `opengraph-image.tsx` and `twitter-image.tsx` special files. These use `@vercel/og` (built on Satori) to render JSX to images at the Edge runtime.
619
-
620
- ### File Convention
621
-
622
- Place an `opengraph-image.tsx` (or `twitter-image.tsx`) in any route segment to auto-generate social images for that route:
623
-
624
- ```tsx
625
- // app/blog/[slug]/opengraph-image.tsx
626
- import { ImageResponse } from 'next/og'
627
-
628
- export const runtime = 'edge'
629
- export const alt = 'Blog post'
630
- export const size = { width: 1200, height: 630 }
631
- export const contentType = 'image/png'
632
-
633
- export default async function Image({
634
- params,
635
- }: {
636
- params: Promise<{ slug: string }>
637
- }) {
638
- const { slug } = await params
639
- const post = await fetch(`https://api.example.com/posts/${slug}`).then(r => r.json())
640
-
641
- return new ImageResponse(
642
- (
643
- <div
644
- style={{
645
- fontSize: 48,
646
- background: 'linear-gradient(to bottom, #000, #111)',
647
- color: 'white',
648
- width: '100%',
649
- height: '100%',
650
- display: 'flex',
651
- alignItems: 'center',
652
- justifyContent: 'center',
653
- padding: 48,
654
- }}
655
- >
656
- {post.title}
657
- </div>
658
- ),
659
- { ...size }
660
- )
661
- }
662
- ```
663
-
664
- ### Key Points
665
-
666
- - **`ImageResponse`** — Import from `next/og` (re-exports `@vercel/og`). Renders JSX to PNG/SVG images.
667
- - **Edge runtime** — OG image routes run on the Edge runtime by default. Export `runtime = 'edge'` explicitly for clarity.
668
- - **Exports** — `alt`, `size`, and `contentType` configure the generated `<meta>` tags automatically.
669
- - **Static or dynamic** — Without params, the image is generated at build time. With dynamic segments, it generates per-request.
670
- - **Supported CSS** — Satori supports a Flexbox subset. Use inline `style` objects (no Tailwind). `display: 'flex'` is required on containers.
671
- - **Fonts** — Load custom fonts via `fetch` and pass to `ImageResponse` options: `{ fonts: [{ name, data, style, weight }] }`.
672
- - **Twitter fallback** — If no `twitter-image.tsx` exists, `opengraph-image.tsx` is used for Twitter cards too.
673
-
674
- ### When to Use
675
-
676
- | Approach | When |
677
- |----------|------|
678
- | `opengraph-image.tsx` file | Dynamic per-route OG images with data fetching |
679
- | Static `opengraph-image.png` file | Same image for every page in a segment |
680
- | `generateMetadata` with `openGraph.images` | Point to an external image URL |
681
-
682
- ## Deployment on Vercel
683
-
684
- - Zero-config: Vercel auto-detects Next.js and optimizes
685
- - `vercel dev` for local development with Vercel features
686
- - Server Components → Serverless/Edge Functions automatically
687
- - Image optimization via `next/image` (automatic on Vercel)
688
- - Font optimization via `next/font` (automatic on Vercel)
689
-
690
- ## Common Patterns
691
-
692
- ### Data Fetching in Server Components
693
- ```tsx
694
- // Parallel data fetching
695
- const [users, posts] = await Promise.all([
696
- getUsers(),
697
- getPosts(),
698
- ])
699
- ```
700
-
701
- ### Streaming with Suspense
702
- ```tsx
703
- import { Suspense } from 'react'
704
-
705
- export default function Page() {
706
- return (
707
- <div>
708
- <h1>Dashboard</h1>
709
- <Suspense fallback={<Skeleton />}>
710
- <SlowDataComponent />
711
- </Suspense>
712
- </div>
713
- )
714
- }
715
- ```
716
-
717
- ### Error Handling
718
- ```tsx
719
- // app/dashboard/error.tsx
720
- 'use client'
721
-
722
- export default function Error({ error, reset }: {
723
- error: Error & { digest?: string }
724
- reset: () => void
725
- }) {
726
- return (
727
- <div>
728
- <h2>Something went wrong</h2>
729
- <button onClick={() => reset()}>Try again</button>
730
- </div>
731
- )
732
- }
733
- ```
734
-
735
- ## Official Documentation
736
-
737
- - [Next.js Documentation](https://nextjs.org/docs)
738
- - [App Router](https://nextjs.org/docs/app/getting-started)
739
- - [Routing](https://nextjs.org/docs/app/building-your-application/routing)
740
- - [Data Fetching](https://nextjs.org/docs/app/building-your-application/data-fetching)
741
- - [Rendering](https://nextjs.org/docs/app/building-your-application/rendering)
742
- - [Caching](https://nextjs.org/docs/app/building-your-application/caching)
743
- - [Deploying](https://nextjs.org/docs/app/getting-started/deploying)
744
- - [Upgrading](https://nextjs.org/docs/app/guides/upgrading)
745
- - [GitHub: Next.js](https://github.com/vercel/next.js)
1
+ ---
2
+ name: nextjs
3
+ description: Next.js App Router expert guidance. Use when building, debugging, or architecting Next.js applications — routing, Server Components, Server Actions, Cache Components, layouts, middleware/proxy, data fetching, rendering strategies, and deployment on Vercel.
4
+ metadata:
5
+ priority: 5
6
+ docs:
7
+ - "https://nextjs.org/docs"
8
+ - "https://nextjs.org/docs/app"
9
+ sitemap: "https://nextjs.org/sitemap.xml"
10
+ pathPatterns:
11
+ - 'next.config.*'
12
+ - 'next-env.d.ts'
13
+ - 'app/**'
14
+ - 'pages/**'
15
+ - 'src/app/**'
16
+ - 'src/pages/**'
17
+ - 'tailwind.config.*'
18
+ - 'postcss.config.*'
19
+ - 'tsconfig.json'
20
+ - 'tsconfig.*.json'
21
+ - 'apps/*/app/**'
22
+ - 'apps/*/pages/**'
23
+ - 'apps/*/src/app/**'
24
+ - 'apps/*/src/pages/**'
25
+ - 'apps/*/next.config.*'
26
+ bashPatterns:
27
+ - '\bnext\s+(dev|build|start|lint)\b'
28
+ - '\bnext\s+experimental-analyze\b'
29
+ - '\bnpx\s+create-next-app\b'
30
+ - '\bbunx\s+create-next-app\b'
31
+ - '\bnpm\s+run\s+(dev|build|start)\b'
32
+ - '\bpnpm\s+(dev|build)\b'
33
+ - '\bbun\s+run\s+(dev|build)\b'
34
+ promptSignals:
35
+ phrases:
36
+ - "next.js"
37
+ - "nextjs"
38
+ - "app router"
39
+ - "server component"
40
+ - "server action"
41
+ allOf:
42
+ - [middleware, next]
43
+ - [layout, route]
44
+ anyOf:
45
+ - "pages router"
46
+ - "getserversideprops"
47
+ - "use server"
48
+ noneOf: []
49
+ minScore: 6
50
+ ---
51
+
52
+ # Next.js (v16+) — App Router
53
+
54
+ You are an expert in Next.js 16 with the App Router. Always prefer the App Router over the legacy Pages Router unless the user's project explicitly uses Pages Router.
55
+
56
+ ## Critical Pattern: Lazy Initialization for Build-Safe Modules
57
+
58
+ Never initialize database clients (Neon, Drizzle), Redis (Upstash), or service SDKs (Resend, Slack) at module scope.
59
+
60
+ During `next build`, static generation can evaluate modules before runtime env vars are present, which causes startup crashes. Always initialize these clients lazily inside getter functions.
61
+
62
+ ```ts
63
+ import { drizzle } from 'drizzle-orm/neon-http'
64
+ import { neon } from '@neondatabase/serverless'
65
+
66
+ let _db: ReturnType<typeof drizzle> | null = null
67
+
68
+ export function getDb() {
69
+ if (!_db) _db = drizzle(neon(process.env.DATABASE_URL!))
70
+ return _db
71
+ }
72
+ ```
73
+
74
+ Apply the same lazy singleton pattern to Redis and SDK clients (`getRedis()`, `getResend()`, `getSlackClient()`) instead of creating them at import time.
75
+
76
+ ## Scaffolding
77
+
78
+ When running `create-next-app`, **always** pass `--yes` to skip interactive prompts (React Compiler, import alias) that hang in non-interactive shells:
79
+
80
+ ```bash
81
+ npx create-next-app@latest my-app --yes --typescript --tailwind --eslint --app --src-dir --import-alias "@/*" --turbopack --use-npm
82
+ ```
83
+
84
+ **If the target directory contains ANY non-Next.js files** (`.git/`, config files, etc.), you **MUST** add `--force`. Without it, `create-next-app` will fail with "The directory contains files that could conflict" and block scaffolding. **Check the directory first** — if it has anything in it, use `--force`:
85
+
86
+ ```bash
87
+ npx create-next-app@latest . --yes --force --typescript --tailwind --eslint --app --src-dir --import-alias "@/*" --turbopack --use-npm
88
+ ```
89
+
90
+ ### Geist Font Fix (Tailwind v4 + shadcn)
91
+
92
+ `shadcn init` rewrites `globals.css` with `--font-sans: var(--font-sans)` in `@theme inline` — a circular reference that falls back to Times/serif. Even `var(--font-geist-sans)` doesn't work because Tailwind v4's `@theme inline` resolves at **CSS parse time**, not runtime.
93
+
94
+ **Two fixes required after `create-next-app` + `shadcn init`:**
95
+
96
+ 1. **Use literal font names in `globals.css`** (not CSS variable references):
97
+
98
+ ```css
99
+ @theme inline {
100
+ /* CORRECT — literal names that @theme can resolve at parse time */
101
+ --font-sans: "Geist", "Geist Fallback", ui-sans-serif, system-ui, sans-serif;
102
+ --font-mono: "Geist Mono", "Geist Mono Fallback", ui-monospace, monospace;
103
+ }
104
+ ```
105
+
106
+ 2. **Move font variable classNames from `<body>` to `<html>`** in layout.tsx:
107
+
108
+ ```tsx
109
+ // app/layout.tsx — CORRECT
110
+ <html lang="en" className={`${geistSans.variable} ${geistMono.variable}`}>
111
+ <body className="antialiased">
112
+ ```
113
+
114
+ ```tsx
115
+ // app/layout.tsx — WRONG (default scaffold output)
116
+ <html lang="en">
117
+ <body className={`${geistSans.variable} ${geistMono.variable} antialiased`}>
118
+ ```
119
+
120
+ **Always apply both fixes** after running `create-next-app` + `shadcn init` with Tailwind v4.
121
+
122
+ ## UI Defaults for App Router Pages
123
+
124
+ When building pages, layouts, and route-level UI in this stack, default to shadcn/ui + Geist instead of raw Tailwind scaffolding.
125
+ - Start from theme tokens: `bg-background text-foreground`, not ad-hoc palette classes.
126
+ - Use Geist Sans for interface text and Geist Mono for code, metrics, IDs, timestamps.
127
+ - Reach for shadcn primitives first: Button, Input, Textarea, Card, Tabs, Table, Dialog, AlertDialog, Sheet, DropdownMenu, Badge, Separator, Skeleton.
128
+ - For product, admin, and AI surfaces, default to dark mode with restrained accents and designed empty/loading/error states.
129
+ - Common route compositions: Settings route (Tabs+Card+form), Dashboard route (filter bar+Card+Table), Mobile nav (Sheet+Button).
130
+
131
+ ## Key Architecture
132
+
133
+ Next.js 16 uses React 19.2 features and the App Router (file-system routing under `app/`). Ensure React **19.2.4+** for security patches (see CVE section below).
134
+
135
+ ### File Conventions
136
+ - `layout.tsx` — Persistent wrapper, preserves state across navigations
137
+ - `page.tsx` — Unique UI for a route, makes route publicly accessible
138
+ - `loading.tsx` — Suspense fallback shown while segment loads
139
+ - `error.tsx` — Error boundary for a segment
140
+ - `not-found.tsx` — 404 UI for a segment
141
+ - `route.ts` — API endpoint (Route Handler)
142
+ - `template.tsx` — Like layout but re-mounts on navigation
143
+ - `default.tsx` — Fallback for parallel routes
144
+
145
+ ### Routing
146
+ - Dynamic segments: `[id]`, catch-all: `[...slug]`, optional catch-all: `[[...slug]]`
147
+ - Route groups: `(group)` — organize without affecting URL
148
+ - Parallel routes: `@slot` — render multiple pages in same layout
149
+ - Intercepting routes: `(.)`, `(..)`, `(...)`, `(..)(..)` — modal patterns
150
+
151
+ ## Server Components (Default)
152
+
153
+ All components in the App Router are Server Components by default. They:
154
+ - Run on the server only, ship zero JavaScript to the client
155
+ - Can directly `await` data (fetch, DB queries, file system)
156
+ - Cannot use `useState`, `useEffect`, or browser APIs
157
+ - Cannot use event handlers (`onClick`, `onChange`)
158
+
159
+ ```tsx
160
+ // app/users/page.tsx — Server Component (default)
161
+ export default async function UsersPage() {
162
+ const users = await db.query('SELECT * FROM users')
163
+ return <UserList users={users} />
164
+ }
165
+ ```
166
+
167
+ ## Client Components
168
+
169
+ Add `'use client'` at the top of the file when you need interactivity or browser APIs.
170
+
171
+ ```tsx
172
+ 'use client'
173
+ import { useState } from 'react'
174
+
175
+ export function Counter() {
176
+ const [count, setCount] = useState(0)
177
+ return <button onClick={() => setCount(count + 1)}>{count}</button>
178
+ }
179
+ ```
180
+
181
+ **Rule**: Push `'use client'` as far down the component tree as possible. Keep data fetching in Server Components and pass data down as props.
182
+
183
+ ## Server Actions / Server Functions
184
+
185
+ Async functions marked with `'use server'` that run on the server. Use for mutations.
186
+
187
+ ```tsx
188
+ // app/actions.ts
189
+ 'use server'
190
+
191
+ export async function createUser(formData: FormData) {
192
+ const name = formData.get('name') as string
193
+ await db.insert('users', { name })
194
+ revalidatePath('/users')
195
+ }
196
+ ```
197
+
198
+ Use Server Actions for:
199
+ - Form submissions and data mutations
200
+ - In-app mutations with `revalidatePath` / `revalidateTag`
201
+
202
+ Use Route Handlers (`route.ts`) for:
203
+ - Public APIs consumed by external clients
204
+ - Webhooks
205
+ - Large file uploads
206
+ - Streaming responses
207
+
208
+ ## Cache Components (Next.js 16)
209
+
210
+ The `'use cache'` directive enables component and function-level caching.
211
+
212
+ ```tsx
213
+ 'use cache'
214
+
215
+ export async function CachedUserList() {
216
+ cacheLife('hours') // Configure cache duration
217
+ cacheTag('users') // Tag for on-demand invalidation
218
+ const users = await db.query('SELECT * FROM users')
219
+ return <UserList users={users} />
220
+ }
221
+ ```
222
+
223
+ ### Cache Scope Variants
224
+
225
+ `'use cache'` supports scope modifiers that control where cached data is stored:
226
+
227
+ ```tsx
228
+ // Default — cached in the deployment's local data cache
229
+ 'use cache'
230
+
231
+ // Remote cache — shared across all deployments and regions (Vercel only)
232
+ 'use cache: remote'
233
+
234
+ // Private cache — per-request cache, never shared between users
235
+ 'use cache: private'
236
+ ```
237
+
238
+ | Variant | Shared across deployments? | Shared across users? | Use case |
239
+ |---------|---------------------------|---------------------|----------|
240
+ | `'use cache'` | No (per-deployment) | Yes | Default, most use cases |
241
+ | `'use cache: remote'` | Yes | Yes | Expensive computations shared globally |
242
+ | `'use cache: private'` | No | No | User-specific cached data (e.g., profile) |
243
+
244
+ ### Cache Handler Configuration
245
+
246
+ Next.js 16 uses `cacheHandlers` (plural) to configure separate handlers for different cache types:
247
+
248
+ ```ts
249
+ // next.config.ts
250
+ const nextConfig = {
251
+ cacheHandlers: {
252
+ default: require.resolve('./cache-handler-default.mjs'),
253
+ remote: require.resolve('./cache-handler-remote.mjs'),
254
+ fetch: require.resolve('./cache-handler-fetch.mjs'),
255
+ },
256
+ }
257
+ ```
258
+
259
+ **Important**: `cacheHandlers` (plural, Next.js 16+) replaces `cacheHandler` (singular, Next.js 15). The singular form configured one handler for all cache types. The plural form allows per-type handlers (`default`, `remote`, `fetch`). Using the old singular `cacheHandler` in Next.js 16 triggers a deprecation warning.
260
+
261
+ ### Cache Invalidation
262
+
263
+ Invalidate with `updateTag('users')` from a Server Action (immediate expiration, Server Actions only) or `revalidateTag('users', 'max')` for stale-while-revalidate from Server Actions or Route Handlers.
264
+
265
+ **Important**: The single-argument `revalidateTag(tag)` is deprecated in Next.js 16. Always pass a `cacheLife` profile as the second argument (e.g., `'max'`, `'hours'`, `'days'`).
266
+
267
+ | Function | Context | Behavior |
268
+ |----------|---------|----------|
269
+ | `updateTag(tag)` | Server Actions only | Immediate expiration, read-your-own-writes |
270
+ | `revalidateTag(tag, 'max')` | Server Actions + Route Handlers | Stale-while-revalidate (recommended) |
271
+ | `revalidateTag(tag, { expire: 0 })` | Route Handlers (webhooks) | Immediate expiration from external triggers |
272
+
273
+ ## Proxy (formerly Middleware)
274
+
275
+ In Next.js 16, `middleware.ts` is renamed to `proxy.ts`. It runs **exclusively on the Node.js runtime** — the Edge runtime is not supported in proxy and cannot be configured.
276
+
277
+ **File location**: Place `proxy.ts` at the same level as your `app/` directory:
278
+ - Standard project: `proxy.ts` at project root
279
+ - With `--src-dir` (or `srcDir: true`): `src/proxy.ts` (inside `src/`, alongside `app/`)
280
+
281
+ If you place `proxy.ts` in the wrong location, Next.js will silently ignore it and no request interception will occur.
282
+
283
+ **Constraints**:
284
+ - Proxy can only **rewrite**, **redirect**, or **modify headers** — it cannot return full response bodies. Use Route Handlers for that.
285
+ - Config flags are renamed: `skipMiddlewareUrlNormalize` → `skipProxyUrlNormalize`.
286
+ - Keep it light: use for high-level traffic control (e.g., redirecting users without a session cookie). Detailed auth should live in Server Components or Server Actions.
287
+ - **OpenNext note**: OpenNext doesn't support `proxy.ts` yet — keep using `middleware.ts` if self-hosting with OpenNext.
288
+
289
+ ```ts
290
+ // proxy.ts (or src/proxy.ts if using src directory)
291
+ import type { NextRequest } from 'next/server'
292
+
293
+ export function proxy(request: NextRequest) {
294
+ // Rewrite, redirect, set headers, etc.
295
+ }
296
+
297
+ export const config = { matcher: ['/dashboard/:path*'] }
298
+ ```
299
+
300
+ ## Upgrading
301
+
302
+ Use the built-in upgrade command (available since 16.1.0):
303
+
304
+ ```bash
305
+ pnpm next upgrade # or npm/yarn/bun equivalent
306
+ ```
307
+
308
+ For versions before 16.1.0: `npx @next/codemod@canary upgrade latest`
309
+
310
+ If your AI coding assistant supports MCP, the **Next.js DevTools MCP** can automate upgrade and migration tasks.
311
+
312
+ ## What's New in Next.js 16.1
313
+
314
+ Next.js 16.1 (December 2025, latest stable patch: 16.1.6) builds on 16.0 with developer experience improvements:
315
+
316
+ 1. **Turbopack File System Caching (Stable)** — Compiler artifacts are now cached on disk between `next dev` restarts, delivering up to 14× faster startup on large projects. Enabled by default, no config needed. File system caching for `next build` is planned next.
317
+ 2. **Bundle Analyzer (Experimental)** — New built-in bundle analyzer works with Turbopack. Offers route-specific filtering, import tracing, and RSC boundary analysis to identify bloated dependencies in both server and client bundles. Enable with `experimental.bundleAnalyzer: true` in `next.config`.
318
+ 3. **`next dev --inspect`** — Debug your dev server without global `NODE_OPTIONS=--inspect`. Applies the inspector only to the relevant process.
319
+ 4. **`next upgrade` command** — New CLI command to simplify version upgrades: `npx @next/codemod@canary upgrade latest`.
320
+ 5. **Transitive External Dependencies** — Turbopack correctly resolves and externalizes transitive deps in `serverExternalPackages` without extra config.
321
+ 6. **20 MB smaller installs** — Streamlined Turbopack caching layer reduces `node_modules` footprint.
322
+
323
+ ## React 19.2 Features
324
+
325
+ Next.js 16+ uses React 19.2. These features are available in App Router applications:
326
+
327
+ ### `useEffectEvent` Hook
328
+
329
+ Creates a stable function that always accesses the latest props and state without triggering effect re-runs. Use when your effect needs to read a value but shouldn't re-run when that value changes:
330
+
331
+ ```tsx
332
+ 'use client'
333
+ import { useEffect, useEffectEvent } from 'react'
334
+
335
+ function ChatRoom({ roomId, theme }: { roomId: string; theme: string }) {
336
+ const onConnected = useEffectEvent(() => {
337
+ showNotification(`Connected to ${roomId}`, theme) // reads latest theme
338
+ })
339
+
340
+ useEffect(() => {
341
+ const connection = createConnection(roomId)
342
+ connection.on('connected', onConnected)
343
+ connection.connect()
344
+ return () => connection.disconnect()
345
+ }, [roomId]) // theme is NOT a dependency — onConnected reads it via useEffectEvent
346
+ }
347
+ ```
348
+
349
+ Common use cases: logging with current state, notifications using current theme, callbacks that need fresh values but aren't the trigger for the effect.
350
+
351
+ ### `<Activity>` Component
352
+
353
+ Preserves component state when hiding and showing UI, without unmounting. Solves the classic tradeoff between unmounting (loses state) and CSS `display:none` (effects keep running):
354
+
355
+ ```tsx
356
+ 'use client'
357
+ import { Activity, useState } from 'react'
358
+
359
+ function TabContainer() {
360
+ const [activeTab, setActiveTab] = useState('inbox')
361
+
362
+ return (
363
+ <div>
364
+ <nav>
365
+ <button onClick={() => setActiveTab('inbox')}>Inbox</button>
366
+ <button onClick={() => setActiveTab('drafts')}>Drafts</button>
367
+ </nav>
368
+ <Activity mode={activeTab === 'inbox' ? 'visible' : 'hidden'}>
369
+ <InboxPanel />
370
+ </Activity>
371
+ <Activity mode={activeTab === 'drafts' ? 'visible' : 'hidden'}>
372
+ <DraftsPanel />
373
+ </Activity>
374
+ </div>
375
+ )
376
+ }
377
+ ```
378
+
379
+ Use for: tabbed interfaces, modals, sidebars, background tasks — anywhere you need to maintain component state without keeping everything actively rendered. When `mode="hidden"`, effects are suspended (not running in the background).
380
+
381
+ ### View Transitions API
382
+
383
+ React 19.2 supports the browser View Transitions API for animating elements across navigations. Next.js 16 has built-in support — elements can animate between route changes without manual transition logic.
384
+
385
+ Key change: `useId` now generates IDs with `_r_` prefix (instead of `:r:`) to be valid for `view-transition-name` and XML 1.0 names.
386
+
387
+ ## Layout Deduplication During Prefetching
388
+
389
+ Next.js 16 deduplicates shared layouts during prefetching. When multiple `<Link>` components point to routes with a shared layout, the layout is downloaded **once** instead of separately for each link.
390
+
391
+ **Impact**: A page with 50 product links that share a layout downloads ~198KB instead of ~2.4MB — a 92% reduction in prefetch network transfer.
392
+
393
+ Combined with **incremental prefetching**, Next.js only fetches route segments not already in cache, cancels prefetch requests when links leave the viewport, re-prefetches on hover or viewport re-entry, and re-prefetches when data is invalidated.
394
+
395
+ ## Bundle Analyzer (`next experimental-analyze`)
396
+
397
+ Built-in bundle analyzer that works with Turbopack (available since Next.js 16.1):
398
+
399
+ ```bash
400
+ # Analyze and serve results in browser
401
+ next experimental-analyze --serve
402
+
403
+ # Analyze with custom port
404
+ next experimental-analyze --serve --port 4001
405
+
406
+ # Write analysis to .next/diagnostics/analyze (no server)
407
+ next experimental-analyze
408
+ ```
409
+
410
+ Features:
411
+ - Route-specific filtering between client and server bundles
412
+ - Full import chain tracing — see exactly why a module is included
413
+ - Traces imports across RSC boundaries and dynamic imports
414
+ - No application build required — analyzes module graph directly
415
+
416
+ Save output for comparison: `cp -r .next/diagnostics/analyze ./analyze-before-refactor`
417
+
418
+ **Legacy**: For projects not using Turbopack, use `@next/bundle-analyzer` with `ANALYZE=true npm run build`.
419
+
420
+ ## Next.js 16.2 (Canary)
421
+
422
+ Next.js 16.2 is currently in canary (latest: 16.2.0-canary.84, March 2026). Key areas in development:
423
+
424
+ 1. **Turbopack File System Caching for `next build`** — Extending the stable `next dev` FS cache to production builds for faster CI.
425
+ 2. **Proxy refinements** — Continued iteration on `proxy.ts` (the Node.js-runtime replacement for `middleware.ts` introduced in 16.0). The proxy API is stabilizing with improved request context and streaming support.
426
+ 3. **React Compiler optimizations** — Further automatic memoization improvements building on the stable React Compiler in 16.0.
427
+
428
+ > **Note**: Canary releases are not recommended for production. Track progress at the [Next.js Changelog](https://next-changelog.vercel.app/) or [GitHub Releases](https://github.com/vercel/next.js/releases).
429
+
430
+ ## DevTools MCP
431
+
432
+ Next.js 16 includes **Next.js DevTools MCP**, a Model Context Protocol integration for AI-assisted debugging. It enables AI agents to diagnose issues, explain behavior, and suggest fixes within your development workflow. If your AI coding assistant supports MCP, DevTools MCP can also automate upgrade and migration tasks.
433
+
434
+ ## Breaking Changes in Next.js 16
435
+
436
+ 1. **Async Request APIs**: `cookies()`, `headers()`, `params`, `searchParams` are all async — must `await` them
437
+ 2. **Proxy replaces Middleware**: Rename `middleware.ts` → `proxy.ts`, runs on Node.js only (Edge not supported)
438
+ 3. **Turbopack is top-level config**: Move from `experimental.turbopack` to `turbopack` in `next.config`
439
+ 4. **View Transitions**: Built-in support for animating elements across navigations
440
+ 5. **Node.js 20.9+ required**: Dropped support for Node 18
441
+ 6. **TypeScript 5.1+ required**
442
+
443
+ ## React 19 Gotchas
444
+
445
+ ### `useRef()` Requires an Initial Value
446
+
447
+ React 19 strict mode enforces that `useRef()` must be called with an explicit initial value. Omitting it causes a type error or runtime warning:
448
+
449
+ ```tsx
450
+ // WRONG — React 19 strict mode complains
451
+ const ref = useRef() // ❌ missing initial value
452
+ const ref = useRef<HTMLDivElement>() // ❌ still missing
453
+
454
+ // CORRECT
455
+ const ref = useRef<HTMLDivElement>(null) // ✅
456
+ const ref = useRef(0) // ✅
457
+ ```
458
+
459
+ This affects all `useRef` calls in client components. The fix is always to pass an explicit initial value (usually `null` for DOM refs).
460
+
461
+ ## Security: Critical CVEs
462
+
463
+ Multiple vulnerabilities affect **all Next.js App Router applications** (13.4+, 14.x, 15.x, 16.x). Upgrade immediately.
464
+
465
+ ### CVE-2025-66478 / CVE-2025-55182 — Remote Code Execution (CVSS 10.0, Critical)
466
+
467
+ A deserialization vulnerability in the React Server Components (RSC) "Flight" protocol allows unauthenticated remote code execution via crafted HTTP requests. Near-100% exploit reliability against default configurations. **Actively exploited in the wild.** No workaround — upgrade is required. Rotate all application secrets after patching.
468
+
469
+ - Affects: Next.js App Router applications (15.x, 16.x, 14.3.0-canary.77+)
470
+ - Does NOT affect: Pages Router apps, Edge Runtime, Next.js 13.x, stable Next.js 14.x
471
+
472
+ ### CVE-2025-55184 — Denial of Service (CVSS 7.5, High)
473
+
474
+ Specially crafted HTTP requests cause the server process to hang indefinitely, consuming CPU and blocking legitimate users. No authentication required, low attack complexity.
475
+
476
+ ### CVE-2025-55183 — Source Code Exposure (CVSS 5.3, Medium)
477
+
478
+ Malformed HTTP requests can trick Server Actions into returning their compiled source code instead of the expected response. Environment variables are not exposed, but any hardcoded secrets in Server Action code can leak.
479
+
480
+ ### CVE-2026-23864 — Denial of Service via Memory Exhaustion (CVSS 7.5, High)
481
+
482
+ Disclosed January 26, 2026. The original DoS fix for CVE-2025-55184 was incomplete — additional vectors allow specially crafted HTTP requests to Server Function endpoints to crash the server via out-of-memory exceptions or excessive CPU usage. No authentication required.
483
+
484
+ ### CVE-2025-29927 — Middleware Authorization Bypass (CVSS 9.1, Critical)
485
+
486
+ An attacker can bypass middleware-based authorization by sending a crafted `x-middleware-subrequest` header, skipping all middleware logic. This affects any Next.js application that relies on `middleware.ts` (or `proxy.ts` in 16+) as the **sole** authorization gate. Patched in Next.js 14.2.25, 15.2.3, and all 16.x releases.
487
+
488
+ **Mitigation**: Never rely on middleware/proxy as the only auth layer. Always re-validate authorization in Server Components, Server Actions, or Route Handlers. If you cannot patch immediately, block `x-middleware-subrequest` at your reverse proxy or WAF.
489
+
490
+ ### Patched Versions
491
+
492
+ | Release Line | Minimum Safe Version (all CVEs) |
493
+ |---|---|
494
+ | 14.x | `next@14.2.35` |
495
+ | 15.0.x | `next@15.0.5` |
496
+ | 15.1.x | `next@15.1.9` |
497
+ | 15.2.x | `next@15.2.6` |
498
+ | 15.3.x | `next@15.3.6` |
499
+ | 15.4.x | `next@15.4.8` |
500
+ | 15.5.x | `next@15.5.7` |
501
+ | 16.0.x | `next@16.0.11` |
502
+ | 16.1.x | `next@16.1.5` |
503
+
504
+ Upgrade React to at least **19.0.1** / **19.1.2** / **19.2.1** for the RCE fix (CVE-2025-55182), and **19.2.4+** to fully address all DoS vectors (CVE-2025-55184, CVE-2025-67779, CVE-2026-23864).
505
+
506
+ ```bash
507
+ # Upgrade to latest patched versions
508
+ npm install next@latest react@latest react-dom@latest
509
+ ```
510
+
511
+ Vercel deployed WAF rules automatically for hosted projects, but **WAF is defense-in-depth, not a substitute for patching**.
512
+
513
+ ## Rendering Strategy Decision
514
+
515
+ | Strategy | When to Use |
516
+ |----------|-------------|
517
+ | SSG (`generateStaticParams`) | Content rarely changes, maximum performance |
518
+ | ISR (`revalidate: N`) | Content changes periodically, acceptable staleness |
519
+ | SSR (Server Components) | Per-request fresh data, personalized content |
520
+ | Cache Components (`'use cache'`) | Mix static shell with dynamic parts |
521
+ | Client Components | Interactive UI, browser APIs needed |
522
+ | Streaming (Suspense) | Show content progressively as data loads |
523
+
524
+ ### Rendering Strategy Guidance
525
+
526
+ ```
527
+ Choosing a rendering strategy?
528
+ ├─ Content changes less than once per day?
529
+ │ ├─ Same for all users? → SSG (`generateStaticParams`)
530
+ │ └─ Personalized? → SSG shell + client fetch for personalized parts
531
+
532
+ ├─ Content changes frequently but can be slightly stale?
533
+ │ ├─ Revalidate on schedule? → ISR with `revalidate: N` seconds
534
+ │ └─ Revalidate on demand? → `revalidateTag()` or `revalidatePath()`
535
+
536
+ ├─ Content must be fresh on every request?
537
+ │ ├─ Cacheable per-request? → Cache Components (`'use cache'` + `cacheLife`)
538
+ │ ├─ Personalized per-user? → SSR with Streaming (Suspense boundaries)
539
+ │ └─ Real-time? → Client-side with SWR/React Query + SSR for initial load
540
+
541
+ └─ Mostly static with one dynamic section?
542
+ └─ Partial Prerendering: static shell + Suspense for dynamic island
543
+ ```
544
+
545
+ ### Caching Strategy Matrix
546
+
547
+ | Data Type | Strategy | Implementation |
548
+ |-----------|----------|----------------|
549
+ | Static assets (JS, CSS, images) | Immutable cache | Automatic with Vercel (hashed filenames) |
550
+ | API responses (shared) | Cache Components | `'use cache'` + `cacheLife('hours')` |
551
+ | API responses (per-user) | No cache or short TTL | `cacheLife({ revalidate: 60 })` with user-scoped key |
552
+ | Configuration data | Edge Config | `@vercel/edge-config` (< 5ms reads) |
553
+ | Database queries | ISR + on-demand | `revalidateTag('products')` on write |
554
+ | Full pages | SSG / ISR | `generateStaticParams` + `revalidate` |
555
+ | Search results | Client-side + SWR | `useSWR` with stale-while-revalidate |
556
+
557
+ ### Image Optimization Pattern
558
+
559
+ ```tsx
560
+ // BEFORE: Unoptimized, causes LCP & CLS issues
561
+ <img src="/hero.jpg" />
562
+
563
+ // AFTER: Optimized with next/image
564
+ import Image from 'next/image';
565
+ <Image src="/hero.jpg" width={1200} height={600} priority alt="Hero" />
566
+ ```
567
+
568
+ ### Font Loading Pattern
569
+
570
+ ```tsx
571
+ // BEFORE: External font causes CLS
572
+ <link href="https://fonts.googleapis.com/css2?family=Inter" rel="stylesheet" />
573
+
574
+ // AFTER: Zero-CLS with next/font
575
+ import { Inter } from 'next/font/google';
576
+ const inter = Inter({ subsets: ['latin'] });
577
+ ```
578
+
579
+ ### Cache Components Pattern
580
+
581
+ ```tsx
582
+ // BEFORE: Re-fetches on every request
583
+ async function ProductList() {
584
+ const products = await db.query('SELECT * FROM products');
585
+ return <ul>{products.map(p => <li key={p.id}>{p.name}</li>)}</ul>;
586
+ }
587
+
588
+ // AFTER: Cached with automatic revalidation
589
+ 'use cache';
590
+ import { cacheLife } from 'next/cache';
591
+
592
+ async function ProductList() {
593
+ cacheLife('hours');
594
+ const products = await db.query('SELECT * FROM products');
595
+ return <ul>{products.map(p => <li key={p.id}>{p.name}</li>)}</ul>;
596
+ }
597
+ ```
598
+
599
+ ### Optimistic UI Pattern
600
+
601
+ ```tsx
602
+ // Instant feedback while Server Action processes
603
+ 'use client';
604
+ import { useOptimistic } from 'react';
605
+
606
+ function LikeButton({ count, onLike }) {
607
+ const [optimisticCount, addOptimistic] = useOptimistic(count);
608
+ return (
609
+ <button onClick={() => { addOptimistic(count + 1); onLike(); }}>
610
+ {optimisticCount} likes
611
+ </button>
612
+ );
613
+ }
614
+ ```
615
+
616
+ ## OG Image Generation
617
+
618
+ Next.js supports file-based OG image generation via `opengraph-image.tsx` and `twitter-image.tsx` special files. These use `@vercel/og` (built on Satori) to render JSX to images at the Edge runtime.
619
+
620
+ ### File Convention
621
+
622
+ Place an `opengraph-image.tsx` (or `twitter-image.tsx`) in any route segment to auto-generate social images for that route:
623
+
624
+ ```tsx
625
+ // app/blog/[slug]/opengraph-image.tsx
626
+ import { ImageResponse } from 'next/og'
627
+
628
+ export const runtime = 'edge'
629
+ export const alt = 'Blog post'
630
+ export const size = { width: 1200, height: 630 }
631
+ export const contentType = 'image/png'
632
+
633
+ export default async function Image({
634
+ params,
635
+ }: {
636
+ params: Promise<{ slug: string }>
637
+ }) {
638
+ const { slug } = await params
639
+ const post = await fetch(`https://api.example.com/posts/${slug}`).then(r => r.json())
640
+
641
+ return new ImageResponse(
642
+ (
643
+ <div
644
+ style={{
645
+ fontSize: 48,
646
+ background: 'linear-gradient(to bottom, #000, #111)',
647
+ color: 'white',
648
+ width: '100%',
649
+ height: '100%',
650
+ display: 'flex',
651
+ alignItems: 'center',
652
+ justifyContent: 'center',
653
+ padding: 48,
654
+ }}
655
+ >
656
+ {post.title}
657
+ </div>
658
+ ),
659
+ { ...size }
660
+ )
661
+ }
662
+ ```
663
+
664
+ ### Key Points
665
+
666
+ - **`ImageResponse`** — Import from `next/og` (re-exports `@vercel/og`). Renders JSX to PNG/SVG images.
667
+ - **Edge runtime** — OG image routes run on the Edge runtime by default. Export `runtime = 'edge'` explicitly for clarity.
668
+ - **Exports** — `alt`, `size`, and `contentType` configure the generated `<meta>` tags automatically.
669
+ - **Static or dynamic** — Without params, the image is generated at build time. With dynamic segments, it generates per-request.
670
+ - **Supported CSS** — Satori supports a Flexbox subset. Use inline `style` objects (no Tailwind). `display: 'flex'` is required on containers.
671
+ - **Fonts** — Load custom fonts via `fetch` and pass to `ImageResponse` options: `{ fonts: [{ name, data, style, weight }] }`.
672
+ - **Twitter fallback** — If no `twitter-image.tsx` exists, `opengraph-image.tsx` is used for Twitter cards too.
673
+
674
+ ### When to Use
675
+
676
+ | Approach | When |
677
+ |----------|------|
678
+ | `opengraph-image.tsx` file | Dynamic per-route OG images with data fetching |
679
+ | Static `opengraph-image.png` file | Same image for every page in a segment |
680
+ | `generateMetadata` with `openGraph.images` | Point to an external image URL |
681
+
682
+ ## Deployment on Vercel
683
+
684
+ - Zero-config: Vercel auto-detects Next.js and optimizes
685
+ - `vercel dev` for local development with Vercel features
686
+ - Server Components → Serverless/Edge Functions automatically
687
+ - Image optimization via `next/image` (automatic on Vercel)
688
+ - Font optimization via `next/font` (automatic on Vercel)
689
+
690
+ ## Common Patterns
691
+
692
+ ### Data Fetching in Server Components
693
+ ```tsx
694
+ // Parallel data fetching
695
+ const [users, posts] = await Promise.all([
696
+ getUsers(),
697
+ getPosts(),
698
+ ])
699
+ ```
700
+
701
+ ### Streaming with Suspense
702
+ ```tsx
703
+ import { Suspense } from 'react'
704
+
705
+ export default function Page() {
706
+ return (
707
+ <div>
708
+ <h1>Dashboard</h1>
709
+ <Suspense fallback={<Skeleton />}>
710
+ <SlowDataComponent />
711
+ </Suspense>
712
+ </div>
713
+ )
714
+ }
715
+ ```
716
+
717
+ ### Error Handling
718
+ ```tsx
719
+ // app/dashboard/error.tsx
720
+ 'use client'
721
+
722
+ export default function Error({ error, reset }: {
723
+ error: Error & { digest?: string }
724
+ reset: () => void
725
+ }) {
726
+ return (
727
+ <div>
728
+ <h2>Something went wrong</h2>
729
+ <button onClick={() => reset()}>Try again</button>
730
+ </div>
731
+ )
732
+ }
733
+ ```
734
+
735
+ ## Official Documentation
736
+
737
+ - [Next.js Documentation](https://nextjs.org/docs)
738
+ - [App Router](https://nextjs.org/docs/app/getting-started)
739
+ - [Routing](https://nextjs.org/docs/app/building-your-application/routing)
740
+ - [Data Fetching](https://nextjs.org/docs/app/building-your-application/data-fetching)
741
+ - [Rendering](https://nextjs.org/docs/app/building-your-application/rendering)
742
+ - [Caching](https://nextjs.org/docs/app/building-your-application/caching)
743
+ - [Deploying](https://nextjs.org/docs/app/getting-started/deploying)
744
+ - [Upgrading](https://nextjs.org/docs/app/guides/upgrading)
745
+ - [GitHub: Next.js](https://github.com/vercel/next.js)