@geraldmaron/construct 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +69 -0
- package/LICENSE +21 -0
- package/README.md +344 -0
- package/agents/prompts/cx-accessibility.md +29 -0
- package/agents/prompts/cx-ai-engineer.md +31 -0
- package/agents/prompts/cx-architect.md +40 -0
- package/agents/prompts/cx-business-strategist.md +25 -0
- package/agents/prompts/cx-data-analyst.md +30 -0
- package/agents/prompts/cx-data-engineer.md +32 -0
- package/agents/prompts/cx-debugger.md +27 -0
- package/agents/prompts/cx-designer.md +33 -0
- package/agents/prompts/cx-devil-advocate.md +36 -0
- package/agents/prompts/cx-docs-keeper.md +50 -0
- package/agents/prompts/cx-engineer.md +36 -0
- package/agents/prompts/cx-evaluator.md +26 -0
- package/agents/prompts/cx-explorer.md +38 -0
- package/agents/prompts/cx-legal-compliance.md +25 -0
- package/agents/prompts/cx-operations.md +28 -0
- package/agents/prompts/cx-orchestrator.md +30 -0
- package/agents/prompts/cx-platform-engineer.md +25 -0
- package/agents/prompts/cx-product-manager.md +30 -0
- package/agents/prompts/cx-qa.md +42 -0
- package/agents/prompts/cx-rd-lead.md +25 -0
- package/agents/prompts/cx-release-manager.md +31 -0
- package/agents/prompts/cx-researcher.md +31 -0
- package/agents/prompts/cx-reviewer.md +36 -0
- package/agents/prompts/cx-security.md +37 -0
- package/agents/prompts/cx-sre.md +26 -0
- package/agents/prompts/cx-test-automation.md +35 -0
- package/agents/prompts/cx-trace-reviewer.md +76 -0
- package/agents/prompts/cx-ux-researcher.md +30 -0
- package/agents/registry.json +879 -0
- package/agents/teams.json +94 -0
- package/bin/construct +613 -0
- package/commands/build/feature.md +21 -0
- package/commands/build/fix.md +20 -0
- package/commands/design/access.md +19 -0
- package/commands/design/flow.md +16 -0
- package/commands/design/ui.md +18 -0
- package/commands/measure/experiment.md +18 -0
- package/commands/measure/metrics.md +18 -0
- package/commands/measure/results.md +18 -0
- package/commands/plan/api.md +19 -0
- package/commands/plan/challenge.md +18 -0
- package/commands/plan/decide.md +20 -0
- package/commands/plan/feature.md +49 -0
- package/commands/plan/requirements.md +24 -0
- package/commands/remember/context.md +26 -0
- package/commands/remember/handoff.md +19 -0
- package/commands/remember/runbook.md +20 -0
- package/commands/review/code.md +21 -0
- package/commands/review/quality.md +19 -0
- package/commands/review/security.md +16 -0
- package/commands/ship/ready.md +19 -0
- package/commands/ship/release.md +19 -0
- package/commands/ship/status.md +18 -0
- package/commands/understand/docs.md +22 -0
- package/commands/understand/research.md +22 -0
- package/commands/understand/this.md +23 -0
- package/commands/understand/why.md +18 -0
- package/commands/work/clean.md +32 -0
- package/commands/work/drive.md +69 -0
- package/commands/work/optimize-prompts.md +46 -0
- package/commands/work/parallel-review.md +40 -0
- package/db/migrations/001_init.sql +38 -0
- package/langfuse/docker-compose.yml +82 -0
- package/lib/audit-skills.mjs +118 -0
- package/lib/auto-docs.mjs +293 -0
- package/lib/cli-commands.mjs +409 -0
- package/lib/codex-config.mjs +114 -0
- package/lib/comment-lint.mjs +191 -0
- package/lib/completions.mjs +170 -0
- package/lib/context-state.mjs +99 -0
- package/lib/cost.mjs +213 -0
- package/lib/distill.mjs +403 -0
- package/lib/efficiency.mjs +139 -0
- package/lib/env-config.mjs +53 -0
- package/lib/eval-harness.mjs +59 -0
- package/lib/features.mjs +209 -0
- package/lib/headhunt.mjs +597 -0
- package/lib/hooks/adaptive-lint.mjs +112 -0
- package/lib/hooks/agent-tracker.mjs +50 -0
- package/lib/hooks/bootstrap-guard.mjs +90 -0
- package/lib/hooks/comment-lint.mjs +26 -0
- package/lib/hooks/config-protection.mjs +52 -0
- package/lib/hooks/console-warn.mjs +43 -0
- package/lib/hooks/context-window-recovery.mjs +90 -0
- package/lib/hooks/continuation-enforcer.mjs +72 -0
- package/lib/hooks/dep-audit.mjs +155 -0
- package/lib/hooks/drive-guard.mjs +89 -0
- package/lib/hooks/edit-accumulator.mjs +36 -0
- package/lib/hooks/edit-error-recovery.mjs +46 -0
- package/lib/hooks/edit-guard.mjs +109 -0
- package/lib/hooks/env-check.mjs +80 -0
- package/lib/hooks/guard-bash.mjs +83 -0
- package/lib/hooks/mcp-audit.mjs +57 -0
- package/lib/hooks/mcp-health-check.mjs +51 -0
- package/lib/hooks/mcp-task-scope.mjs +47 -0
- package/lib/hooks/model-fallback.mjs +105 -0
- package/lib/hooks/pre-compact.mjs +212 -0
- package/lib/hooks/pre-push-gate.mjs +129 -0
- package/lib/hooks/read-tracker.mjs +129 -0
- package/lib/hooks/registry-sync.mjs +23 -0
- package/lib/hooks/scan-secrets.mjs +76 -0
- package/lib/hooks/session-start.mjs +95 -0
- package/lib/hooks/stop-notify.mjs +191 -0
- package/lib/hooks/stop-typecheck.mjs +83 -0
- package/lib/hooks/task-completed-guard.mjs +43 -0
- package/lib/hooks/teammate-idle-guard.mjs +54 -0
- package/lib/hooks/workflow-guard.mjs +62 -0
- package/lib/host-capabilities.mjs +123 -0
- package/lib/init-docs.mjs +382 -0
- package/lib/mcp/server.mjs +1123 -0
- package/lib/mcp-catalog.json +243 -0
- package/lib/mcp-manager.mjs +433 -0
- package/lib/mcp-platform-config.mjs +104 -0
- package/lib/model-router.mjs +810 -0
- package/lib/opencode-config.mjs +44 -0
- package/lib/opencode-runtime-plugin.mjs +909 -0
- package/lib/opencode-telemetry.mjs +433 -0
- package/lib/orchestration-policy.mjs +258 -0
- package/lib/prompt-composer.mjs +196 -0
- package/lib/prompt-metadata.mjs +68 -0
- package/lib/review.mjs +429 -0
- package/lib/role-preload.mjs +52 -0
- package/lib/schemas/decision.json +50 -0
- package/lib/schemas/implementation.json +51 -0
- package/lib/schemas/review-report.json +32 -0
- package/lib/schemas/test-report.json +43 -0
- package/lib/server/index.mjs +334 -0
- package/lib/server/static/app.js +841 -0
- package/lib/server/static/index.html +820 -0
- package/lib/service-manager.mjs +225 -0
- package/lib/setup.mjs +319 -0
- package/lib/status.mjs +707 -0
- package/lib/storage/backend.mjs +44 -0
- package/lib/storage/embeddings.mjs +70 -0
- package/lib/storage/hybrid-query.mjs +184 -0
- package/lib/storage/sql-store.mjs +55 -0
- package/lib/storage/state-source.mjs +101 -0
- package/lib/storage/sync.mjs +164 -0
- package/lib/storage/vector-store.mjs +59 -0
- package/lib/telemetry/backends/langfuse.mjs +58 -0
- package/lib/telemetry/backends/noop.mjs +16 -0
- package/lib/telemetry/langfuse-ingest.mjs +108 -0
- package/lib/telemetry/langfuse-model-sync.mjs +270 -0
- package/lib/telemetry/team-rollup.mjs +143 -0
- package/lib/toolkit-env.mjs +30 -0
- package/lib/validator.mjs +181 -0
- package/lib/workflow-state.mjs +794 -0
- package/package.json +53 -0
- package/personas/construct.md +94 -0
- package/platforms/claude/CLAUDE.md +30 -0
- package/platforms/claude/settings.template.json +472 -0
- package/platforms/opencode/config.template.json +65 -0
- package/platforms/opencode/plugins/construct-fallback.js +5 -0
- package/platforms/opencode/sync-config.mjs +69 -0
- package/rules/common/agents.md +55 -0
- package/rules/common/code-review.md +129 -0
- package/rules/common/coding-style.md +95 -0
- package/rules/common/comments.md +139 -0
- package/rules/common/cx-agent-routing.md +61 -0
- package/rules/common/cx-skill-routing.md +11 -0
- package/rules/common/development-workflow.md +49 -0
- package/rules/common/git-workflow.md +29 -0
- package/rules/common/hooks.md +35 -0
- package/rules/common/patterns.md +36 -0
- package/rules/common/performance.md +71 -0
- package/rules/common/security.md +34 -0
- package/rules/common/testing.md +62 -0
- package/rules/golang/coding-style.md +37 -0
- package/rules/golang/hooks.md +22 -0
- package/rules/golang/patterns.md +50 -0
- package/rules/golang/security.md +39 -0
- package/rules/golang/testing.md +36 -0
- package/rules/python/coding-style.md +47 -0
- package/rules/python/hooks.md +24 -0
- package/rules/python/patterns.md +44 -0
- package/rules/python/security.md +35 -0
- package/rules/python/testing.md +43 -0
- package/rules/swift/coding-style.md +52 -0
- package/rules/swift/hooks.md +25 -0
- package/rules/swift/patterns.md +71 -0
- package/rules/swift/security.md +38 -0
- package/rules/swift/testing.md +50 -0
- package/rules/typescript/coding-style.md +204 -0
- package/rules/typescript/hooks.md +27 -0
- package/rules/typescript/patterns.md +57 -0
- package/rules/typescript/security.md +33 -0
- package/rules/typescript/testing.md +23 -0
- package/rules/web/coding-style.md +101 -0
- package/rules/web/design-quality.md +68 -0
- package/rules/web/hooks.md +125 -0
- package/rules/web/patterns.md +84 -0
- package/rules/web/performance.md +69 -0
- package/rules/web/security.md +62 -0
- package/rules/web/testing.md +60 -0
- package/rules/zh/README.md +113 -0
- package/rules/zh/agents.md +55 -0
- package/rules/zh/code-review.md +129 -0
- package/rules/zh/coding-style.md +53 -0
- package/rules/zh/development-workflow.md +49 -0
- package/rules/zh/git-workflow.md +29 -0
- package/rules/zh/hooks.md +35 -0
- package/rules/zh/patterns.md +36 -0
- package/rules/zh/performance.md +60 -0
- package/rules/zh/security.md +34 -0
- package/rules/zh/testing.md +34 -0
- package/skills/ai/agent-dev.md +102 -0
- package/skills/ai/llm-security.md +105 -0
- package/skills/ai/ml-ops.md +169 -0
- package/skills/ai/orchestration-workflow.md +87 -0
- package/skills/ai/prompt-and-eval.md +114 -0
- package/skills/ai/prompt-optimizer.md +114 -0
- package/skills/ai/rag-system.md +104 -0
- package/skills/architecture/api-design.md +100 -0
- package/skills/architecture/caching.md +101 -0
- package/skills/architecture/cloud-native.md +97 -0
- package/skills/architecture/message-queue.md +100 -0
- package/skills/architecture/security-arch.md +105 -0
- package/skills/development/cpp.md +127 -0
- package/skills/development/go.md +129 -0
- package/skills/development/java.md +134 -0
- package/skills/development/kotlin.md +140 -0
- package/skills/development/mobile-crossplatform.md +144 -0
- package/skills/development/python.md +109 -0
- package/skills/development/rust.md +127 -0
- package/skills/development/shell.md +127 -0
- package/skills/development/swift.md +129 -0
- package/skills/development/typescript.md +129 -0
- package/skills/devops/ci-cd.md +108 -0
- package/skills/devops/containerization.md +106 -0
- package/skills/devops/cost-optimization.md +105 -0
- package/skills/devops/data-engineering.md +181 -0
- package/skills/devops/database.md +95 -0
- package/skills/devops/dependency-management.md +91 -0
- package/skills/devops/devsecops.md +96 -0
- package/skills/devops/git-workflow.md +100 -0
- package/skills/devops/incident-response.md +167 -0
- package/skills/devops/monorepo.md +87 -0
- package/skills/devops/observability.md +103 -0
- package/skills/devops/performance.md +104 -0
- package/skills/devops/testing.md +104 -0
- package/skills/docs/adr-workflow.md +32 -0
- package/skills/docs/backlog-proposal-workflow.md +19 -0
- package/skills/docs/customer-profile-workflow.md +22 -0
- package/skills/docs/evidence-ingest-workflow.md +23 -0
- package/skills/docs/init-docs.md +160 -0
- package/skills/docs/init-project.md +50 -0
- package/skills/docs/prd-workflow.md +57 -0
- package/skills/docs/prfaq-workflow.md +25 -0
- package/skills/docs/product-intelligence-review.md +22 -0
- package/skills/docs/product-intelligence-workflow.md +62 -0
- package/skills/docs/product-signal-workflow.md +27 -0
- package/skills/docs/research-workflow.md +28 -0
- package/skills/docs/runbook-workflow.md +24 -0
- package/skills/exploration/repo-map.md +297 -0
- package/skills/frameworks/django.md +159 -0
- package/skills/frameworks/nextjs.md +148 -0
- package/skills/frameworks/react.md +132 -0
- package/skills/frameworks/spring-boot.md +165 -0
- package/skills/frontend-design/accessibility.md +153 -0
- package/skills/frontend-design/component-patterns.md +111 -0
- package/skills/frontend-design/engineering.md +122 -0
- package/skills/frontend-design/state-management.md +118 -0
- package/skills/frontend-design/ui-aesthetics.md +102 -0
- package/skills/frontend-design/ux-principles.md +126 -0
- package/skills/quality-gates/review-work.md +90 -0
- package/skills/quality-gates/verify-change.md +94 -0
- package/skills/quality-gates/verify-module.md +96 -0
- package/skills/quality-gates/verify-quality.md +93 -0
- package/skills/quality-gates/verify-security.md +95 -0
- package/skills/roles/architect.ai-systems.md +37 -0
- package/skills/roles/architect.data.md +37 -0
- package/skills/roles/architect.enterprise.md +37 -0
- package/skills/roles/architect.integration.md +37 -0
- package/skills/roles/architect.md +68 -0
- package/skills/roles/architect.platform.md +37 -0
- package/skills/roles/data-analyst.experiment.md +37 -0
- package/skills/roles/data-analyst.md +68 -0
- package/skills/roles/data-analyst.product-intelligence.md +37 -0
- package/skills/roles/data-analyst.product.md +37 -0
- package/skills/roles/data-analyst.telemetry.md +37 -0
- package/skills/roles/data-engineer.pipeline.md +37 -0
- package/skills/roles/data-engineer.vector-retrieval.md +37 -0
- package/skills/roles/data-engineer.warehouse.md +37 -0
- package/skills/roles/debugger.md +68 -0
- package/skills/roles/designer.accessibility.md +43 -0
- package/skills/roles/designer.md +68 -0
- package/skills/roles/engineer.ai.md +49 -0
- package/skills/roles/engineer.data.md +49 -0
- package/skills/roles/engineer.md +85 -0
- package/skills/roles/engineer.platform.md +49 -0
- package/skills/roles/operator.docs.md +43 -0
- package/skills/roles/operator.md +68 -0
- package/skills/roles/operator.release.md +43 -0
- package/skills/roles/operator.sre.md +43 -0
- package/skills/roles/orchestrator.md +66 -0
- package/skills/roles/product-manager.ai-product.md +37 -0
- package/skills/roles/product-manager.business-strategy.md +43 -0
- package/skills/roles/product-manager.enterprise.md +37 -0
- package/skills/roles/product-manager.growth.md +37 -0
- package/skills/roles/product-manager.md +67 -0
- package/skills/roles/product-manager.platform.md +37 -0
- package/skills/roles/product-manager.product.md +37 -0
- package/skills/roles/qa.ai-eval.md +37 -0
- package/skills/roles/qa.api-contract.md +37 -0
- package/skills/roles/qa.data-pipeline.md +37 -0
- package/skills/roles/qa.md +68 -0
- package/skills/roles/qa.test-automation.md +49 -0
- package/skills/roles/qa.web-ui.md +37 -0
- package/skills/roles/researcher.explorer.md +43 -0
- package/skills/roles/researcher.md +68 -0
- package/skills/roles/researcher.ux.md +43 -0
- package/skills/roles/reviewer.devil-advocate.md +43 -0
- package/skills/roles/reviewer.evaluator.md +43 -0
- package/skills/roles/reviewer.md +68 -0
- package/skills/roles/reviewer.trace.md +43 -0
- package/skills/roles/security.ai.md +37 -0
- package/skills/roles/security.appsec.md +37 -0
- package/skills/roles/security.cloud.md +37 -0
- package/skills/roles/security.legal-compliance.md +49 -0
- package/skills/roles/security.md +68 -0
- package/skills/roles/security.privacy.md +37 -0
- package/skills/roles/security.supply-chain.md +37 -0
- package/skills/routing.md +139 -0
- package/skills/security/blue-team.md +83 -0
- package/skills/security/code-audit.md +94 -0
- package/skills/security/pentest.md +84 -0
- package/skills/security/red-team.md +81 -0
- package/skills/security/threat-intel.md +89 -0
- package/skills/security/vuln-research.md +87 -0
- package/skills/utility/clean-code.md +165 -0
- package/sync-agents.mjs +899 -0
- package/templates/docs/adr.md +27 -0
- package/templates/docs/backlog-proposal.md +26 -0
- package/templates/docs/customer-profile.md +34 -0
- package/templates/docs/evidence-brief.md +37 -0
- package/templates/docs/incident-report.md +46 -0
- package/templates/docs/memo.md +27 -0
- package/templates/docs/meta-prd.md +56 -0
- package/templates/docs/one-pager.md +24 -0
- package/templates/docs/prd-business.md +61 -0
- package/templates/docs/prd-platform.md +62 -0
- package/templates/docs/prd.md +47 -0
- package/templates/docs/prfaq.md +31 -0
- package/templates/docs/product-intelligence-report.md +31 -0
- package/templates/docs/research-brief.md +29 -0
- package/templates/docs/rfc-platform.md +60 -0
- package/templates/docs/rfc.md +46 -0
- package/templates/docs/runbook.md +33 -0
- package/templates/docs/signal-brief.md +25 -0
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/architecture/caching.md — Caching — Use this skill when designing caching strategies for applications, APIs, or infr
|
|
3
|
+
|
|
4
|
+
Use this skill when designing caching strategies for applications, APIs, or infrastructure. ## Cache Layers
|
|
5
|
+
-->
|
|
6
|
+
# Caching
|
|
7
|
+
|
|
8
|
+
Use this skill when designing caching strategies for applications, APIs, or infrastructure.
|
|
9
|
+
|
|
10
|
+
## Cache Layers
|
|
11
|
+
|
|
12
|
+
| Layer | Tool | Latency | Use Case |
|
|
13
|
+
|---|---|---|---|
|
|
14
|
+
| In-process | HashMap, LRU cache | <1ms | Hot config, computed values |
|
|
15
|
+
| Distributed | Redis, Memcached | 1-5ms | Session data, query results |
|
|
16
|
+
| CDN | Cloudflare, CloudFront | 10-50ms | Static assets, public API responses |
|
|
17
|
+
| Browser | Cache-Control headers | 0ms | Assets, API responses for single user |
|
|
18
|
+
|
|
19
|
+
## Cache Strategies
|
|
20
|
+
|
|
21
|
+
### Cache-Aside (Lazy Loading)
|
|
22
|
+
1. Check cache. If hit, return.
|
|
23
|
+
2. If miss, read from database.
|
|
24
|
+
3. Write result to cache with TTL.
|
|
25
|
+
- Best for: read-heavy workloads with tolerant staleness
|
|
26
|
+
- Risk: thundering herd on cache miss for hot keys
|
|
27
|
+
|
|
28
|
+
### Write-Through
|
|
29
|
+
1. Write to cache and database simultaneously.
|
|
30
|
+
- Best for: data that must be fresh immediately after write
|
|
31
|
+
- Risk: higher write latency
|
|
32
|
+
|
|
33
|
+
### Write-Behind (Write-Back)
|
|
34
|
+
1. Write to cache immediately.
|
|
35
|
+
2. Asynchronously flush to database.
|
|
36
|
+
- Best for: high write throughput with acceptable durability risk
|
|
37
|
+
- Risk: data loss if cache fails before flush
|
|
38
|
+
|
|
39
|
+
### Read-Through
|
|
40
|
+
1. Cache itself fetches from database on miss.
|
|
41
|
+
- Best for: simplifying application code
|
|
42
|
+
- Requires a cache library that supports origin fetch
|
|
43
|
+
|
|
44
|
+
## Cache Invalidation
|
|
45
|
+
|
|
46
|
+
- **TTL-based**: set expiry on every key; simplest, but data can be stale up to TTL
|
|
47
|
+
- **Event-based**: invalidate on write events; lowest staleness, requires pub/sub
|
|
48
|
+
- **Version-based**: include version in cache key; new version = automatic miss
|
|
49
|
+
- **Tag-based**: group related keys by tag; invalidate all keys with a tag at once
|
|
50
|
+
|
|
51
|
+
### Thundering Herd Mitigation
|
|
52
|
+
- Lock on miss: only one request fetches, others wait
|
|
53
|
+
- Stale-while-revalidate: serve stale data while background refresh runs
|
|
54
|
+
- Early expiry jitter: randomize TTL to avoid synchronized expiry
|
|
55
|
+
|
|
56
|
+
## Redis Patterns
|
|
57
|
+
|
|
58
|
+
- Use appropriate data structures: strings for simple values, hashes for objects, sorted sets for leaderboards
|
|
59
|
+
- Set `maxmemory-policy` to `allkeys-lru` or `volatile-lru`
|
|
60
|
+
- Use pipelining for batch operations
|
|
61
|
+
- Monitor hit rate: target >90% for hot paths
|
|
62
|
+
- Use Redis Cluster for horizontal scaling
|
|
63
|
+
- Avoid large keys (>1MB) and hot keys (>10K ops/sec on single key)
|
|
64
|
+
|
|
65
|
+
## CDN Configuration
|
|
66
|
+
|
|
67
|
+
- Cache static assets with long TTL (1 year) and content-hash filenames
|
|
68
|
+
- Cache public API responses with short TTL (30-300s)
|
|
69
|
+
- Use `Vary` header correctly for content negotiation
|
|
70
|
+
- Purge on deploy for assets without content hashing
|
|
71
|
+
- Use edge functions for personalization at the CDN layer
|
|
72
|
+
|
|
73
|
+
## HTTP Cache Headers
|
|
74
|
+
|
|
75
|
+
```
|
|
76
|
+
Cache-Control: public, max-age=31536000, immutable # hashed assets
|
|
77
|
+
Cache-Control: private, no-cache # user-specific
|
|
78
|
+
Cache-Control: public, s-maxage=60, stale-while-revalidate=300
|
|
79
|
+
ETag: "abc123" # conditional requests
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
- `no-cache` means revalidate, not no caching
|
|
83
|
+
- `no-store` means truly do not cache
|
|
84
|
+
- Use `ETag` + `If-None-Match` for conditional requests
|
|
85
|
+
|
|
86
|
+
## Monitoring
|
|
87
|
+
|
|
88
|
+
- Cache hit rate per key prefix
|
|
89
|
+
- Eviction rate and memory usage
|
|
90
|
+
- Latency percentiles: p50, p95, p99
|
|
91
|
+
- Cache size growth over time
|
|
92
|
+
- Staleness: time between data change and cache update
|
|
93
|
+
- Alert on hit rate drop below threshold (e.g., <80%)
|
|
94
|
+
|
|
95
|
+
## Anti-Patterns
|
|
96
|
+
|
|
97
|
+
- Caching without TTL (unbounded growth)
|
|
98
|
+
- Caching errors or empty results without short TTL
|
|
99
|
+
- Cache key collisions from insufficient namespacing
|
|
100
|
+
- Serializing large objects when only a field is needed
|
|
101
|
+
- Using cache as primary data store without durability plan
|
|
@@ -0,0 +1,97 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/architecture/cloud-native.md — Cloud-Native Architecture — Use this skill when designing containerized, orchestrated, or microservice-based
|
|
3
|
+
|
|
4
|
+
Use this skill when designing containerized, orchestrated, or microservice-based systems. ## Container Best Practices
|
|
5
|
+
-->
|
|
6
|
+
# Cloud-Native Architecture
|
|
7
|
+
|
|
8
|
+
Use this skill when designing containerized, orchestrated, or microservice-based systems.
|
|
9
|
+
|
|
10
|
+
## Container Best Practices
|
|
11
|
+
|
|
12
|
+
- One process per container
|
|
13
|
+
- Use multi-stage builds to minimize image size
|
|
14
|
+
- Pin base image versions with digest, not just tag
|
|
15
|
+
- Run as non-root user
|
|
16
|
+
- No secrets in image layers; use runtime injection
|
|
17
|
+
- Health check endpoint in every container
|
|
18
|
+
- Graceful shutdown: handle SIGTERM, drain connections, exit cleanly
|
|
19
|
+
|
|
20
|
+
## Kubernetes Patterns
|
|
21
|
+
|
|
22
|
+
### Resource Management
|
|
23
|
+
- Set CPU and memory requests and limits on every pod
|
|
24
|
+
- Use Horizontal Pod Autoscaler based on CPU, memory, or custom metrics
|
|
25
|
+
- Use PodDisruptionBudget to maintain availability during rollouts
|
|
26
|
+
- Namespace per environment or team
|
|
27
|
+
|
|
28
|
+
### Networking
|
|
29
|
+
- Use Services for internal communication
|
|
30
|
+
- Use Ingress or Gateway API for external traffic
|
|
31
|
+
- NetworkPolicy to restrict pod-to-pod communication
|
|
32
|
+
- DNS-based service discovery within the cluster
|
|
33
|
+
|
|
34
|
+
### Configuration
|
|
35
|
+
- ConfigMaps for non-sensitive configuration
|
|
36
|
+
- Secrets for sensitive values (encrypted at rest with KMS)
|
|
37
|
+
- Environment variables or volume mounts, not baked into images
|
|
38
|
+
- External config: Vault, AWS Secrets Manager, or equivalent
|
|
39
|
+
|
|
40
|
+
### Deployment Strategies
|
|
41
|
+
- Rolling update: default, zero-downtime with readiness probes
|
|
42
|
+
- Blue-green: instant switchover, requires double capacity
|
|
43
|
+
- Canary: gradual traffic shift, best for risk-sensitive changes
|
|
44
|
+
- Use readiness and liveness probes; do not conflate them
|
|
45
|
+
|
|
46
|
+
## Microservice Design
|
|
47
|
+
|
|
48
|
+
### Boundaries
|
|
49
|
+
- One service per bounded context
|
|
50
|
+
- Services own their data; no shared databases
|
|
51
|
+
- Communicate via APIs or events, never direct database access
|
|
52
|
+
- Keep services independently deployable
|
|
53
|
+
|
|
54
|
+
### Communication
|
|
55
|
+
- Synchronous: REST or gRPC for request-response
|
|
56
|
+
- Asynchronous: message queues for events and commands
|
|
57
|
+
- Use circuit breakers for synchronous calls (Hystrix pattern)
|
|
58
|
+
- Set timeouts and retries with exponential backoff and jitter
|
|
59
|
+
- Implement idempotency keys for retry-safe operations
|
|
60
|
+
|
|
61
|
+
### Data Management
|
|
62
|
+
- Database per service
|
|
63
|
+
- Saga pattern for distributed transactions
|
|
64
|
+
- Event sourcing when audit trail matters
|
|
65
|
+
- CQRS when read and write patterns diverge significantly
|
|
66
|
+
- Eventual consistency is acceptable for most cross-service data
|
|
67
|
+
|
|
68
|
+
## Service Mesh
|
|
69
|
+
|
|
70
|
+
- Sidecar proxy (Envoy, Linkerd) for mTLS, observability, traffic control
|
|
71
|
+
- Retry, timeout, and circuit breaker policies in mesh config
|
|
72
|
+
- Traffic splitting for canary deployments
|
|
73
|
+
- Distributed tracing via mesh-injected headers
|
|
74
|
+
- Evaluate mesh overhead; not every system needs one
|
|
75
|
+
|
|
76
|
+
## Twelve-Factor Compliance
|
|
77
|
+
|
|
78
|
+
1. Codebase: one repo per service
|
|
79
|
+
2. Dependencies: explicitly declared and isolated
|
|
80
|
+
3. Config: stored in environment, not code
|
|
81
|
+
4. Backing services: attached resources via config
|
|
82
|
+
5. Build/release/run: strict separation
|
|
83
|
+
6. Processes: stateless; persist state in backing services
|
|
84
|
+
7. Port binding: self-contained, export via port
|
|
85
|
+
8. Concurrency: scale via process model
|
|
86
|
+
9. Disposability: fast startup, graceful shutdown
|
|
87
|
+
10. Dev/prod parity: keep environments as similar as possible
|
|
88
|
+
11. Logs: emit to stdout, aggregate externally
|
|
89
|
+
12. Admin processes: run as one-off tasks
|
|
90
|
+
|
|
91
|
+
## Resilience Patterns
|
|
92
|
+
|
|
93
|
+
- Retry with exponential backoff and jitter
|
|
94
|
+
- Circuit breaker: open after N failures, half-open after cooldown
|
|
95
|
+
- Bulkhead: isolate failures to prevent cascade
|
|
96
|
+
- Timeout: every external call has a deadline
|
|
97
|
+
- Fallback: degrade gracefully when dependencies are unavailable
|
|
@@ -0,0 +1,100 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/architecture/message-queue.md — Message Queues and Event-Driven Architecture — Use this skill when designing asynchronous communication, event-driven systems,
|
|
3
|
+
|
|
4
|
+
Use this skill when designing asynchronous communication, event-driven systems, or message-based integrations. ## When to Use Message Queues
|
|
5
|
+
-->
|
|
6
|
+
# Message Queues and Event-Driven Architecture
|
|
7
|
+
|
|
8
|
+
Use this skill when designing asynchronous communication, event-driven systems, or message-based integrations.
|
|
9
|
+
|
|
10
|
+
## When to Use Message Queues
|
|
11
|
+
|
|
12
|
+
- Decouple producers from consumers
|
|
13
|
+
- Buffer spikes in traffic or processing load
|
|
14
|
+
- Enable async processing of long-running tasks
|
|
15
|
+
- Fan out events to multiple consumers
|
|
16
|
+
- Guarantee delivery when consumers may be temporarily unavailable
|
|
17
|
+
|
|
18
|
+
## Messaging Patterns
|
|
19
|
+
|
|
20
|
+
### Point-to-Point (Queue)
|
|
21
|
+
- One producer, one consumer per message
|
|
22
|
+
- Work distribution across multiple consumer instances
|
|
23
|
+
- Use for: task queues, job processing, command dispatch
|
|
24
|
+
|
|
25
|
+
### Publish-Subscribe (Topic)
|
|
26
|
+
- One producer, many consumers per message
|
|
27
|
+
- Each subscriber gets a copy
|
|
28
|
+
- Use for: event notification, real-time updates, audit logging
|
|
29
|
+
|
|
30
|
+
### Request-Reply
|
|
31
|
+
- Producer sends a message with a reply-to address
|
|
32
|
+
- Consumer processes and responds
|
|
33
|
+
- Use for: async RPC, distributed computation
|
|
34
|
+
- Include correlation ID for matching responses
|
|
35
|
+
|
|
36
|
+
## Technology Selection
|
|
37
|
+
|
|
38
|
+
| System | Strength | Best For |
|
|
39
|
+
|---|---|---|
|
|
40
|
+
| Kafka | High throughput, replay, ordering | Event streaming, log aggregation, CDC |
|
|
41
|
+
| RabbitMQ | Flexible routing, low latency | Task queues, RPC, complex routing |
|
|
42
|
+
| SQS | Managed, simple, scales to zero | AWS-native task queues |
|
|
43
|
+
| NATS | Ultra-low latency, lightweight | Microservice communication |
|
|
44
|
+
| Pulsar | Multi-tenancy, tiered storage | Large-scale streaming |
|
|
45
|
+
|
|
46
|
+
## Message Design
|
|
47
|
+
|
|
48
|
+
- Include: event type, timestamp, correlation ID, source, schema version, payload
|
|
49
|
+
- Use a schema registry for payload evolution (Avro, Protobuf, JSON Schema)
|
|
50
|
+
- Keep messages self-contained; avoid requiring lookups to interpret
|
|
51
|
+
- Small messages (<1MB); use references for large blobs
|
|
52
|
+
- Version schemas; consumers must handle unknown fields gracefully
|
|
53
|
+
|
|
54
|
+
## Delivery Guarantees
|
|
55
|
+
|
|
56
|
+
### At-Most-Once
|
|
57
|
+
- Fire and forget; fastest but may lose messages
|
|
58
|
+
- Use for: metrics, non-critical notifications
|
|
59
|
+
|
|
60
|
+
### At-Least-Once
|
|
61
|
+
- Retry until acknowledged; may duplicate
|
|
62
|
+
- Consumers must be idempotent
|
|
63
|
+
- Use for: most business events
|
|
64
|
+
|
|
65
|
+
### Exactly-Once
|
|
66
|
+
- Requires idempotent consumers or transactional outbox
|
|
67
|
+
- Expensive; only when business rules demand it
|
|
68
|
+
- Use for: financial transactions, inventory updates
|
|
69
|
+
|
|
70
|
+
## Ordering
|
|
71
|
+
|
|
72
|
+
- Kafka: ordered within a partition; use partition key for related events
|
|
73
|
+
- RabbitMQ: ordered within a single queue with one consumer
|
|
74
|
+
- SQS FIFO: ordered by message group ID
|
|
75
|
+
- Design consumers to tolerate out-of-order delivery when possible
|
|
76
|
+
|
|
77
|
+
## Error Handling
|
|
78
|
+
|
|
79
|
+
- Dead letter queue (DLQ) for messages that fail after max retries
|
|
80
|
+
- Exponential backoff between retries
|
|
81
|
+
- Poison message detection: log and skip after threshold
|
|
82
|
+
- Monitor DLQ depth; alert when non-empty
|
|
83
|
+
- Provide tooling to replay or reprocess DLQ messages
|
|
84
|
+
|
|
85
|
+
## Transactional Outbox Pattern
|
|
86
|
+
|
|
87
|
+
1. Write business data and outbox event in a single database transaction
|
|
88
|
+
2. Background process polls outbox and publishes to message broker
|
|
89
|
+
3. Mark outbox entry as published after broker acknowledgment
|
|
90
|
+
- Guarantees event publication if database write succeeds
|
|
91
|
+
- Alternative: change data capture (CDC) from the database log
|
|
92
|
+
|
|
93
|
+
## Monitoring
|
|
94
|
+
|
|
95
|
+
- Queue depth and age of oldest message
|
|
96
|
+
- Consumer lag (Kafka: offset lag per partition)
|
|
97
|
+
- Message throughput: produced, consumed, failed per minute
|
|
98
|
+
- DLQ depth and growth rate
|
|
99
|
+
- Consumer processing latency percentiles
|
|
100
|
+
- Alert on: growing lag, DLQ growth, consumer crash loops
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/architecture/security-arch.md — Security Architecture — Use this skill when designing authentication, authorization, network security, o
|
|
3
|
+
|
|
4
|
+
Use this skill when designing authentication, authorization, network security, or zero-trust architectures. ## Zero Trust Principles
|
|
5
|
+
-->
|
|
6
|
+
# Security Architecture
|
|
7
|
+
|
|
8
|
+
Use this skill when designing authentication, authorization, network security, or zero-trust architectures.
|
|
9
|
+
|
|
10
|
+
## Zero Trust Principles
|
|
11
|
+
|
|
12
|
+
- Never trust, always verify: authenticate and authorize every request
|
|
13
|
+
- Least privilege: grant minimum permissions required for the task
|
|
14
|
+
- Assume breach: design as if the perimeter is already compromised
|
|
15
|
+
- Verify explicitly: use identity, device health, location, and behavior signals
|
|
16
|
+
- Micro-segmentation: limit blast radius of any single compromise
|
|
17
|
+
|
|
18
|
+
## Identity and Access Management
|
|
19
|
+
|
|
20
|
+
### Authentication
|
|
21
|
+
- Centralize authentication in an identity provider (IdP)
|
|
22
|
+
- Support MFA for all human users; enforce for privileged accounts
|
|
23
|
+
- Use short-lived tokens (15-60 min) with refresh token rotation
|
|
24
|
+
- Machine-to-machine: mTLS or signed JWTs with narrow scopes
|
|
25
|
+
- Federate identity across services; avoid per-service credential stores
|
|
26
|
+
|
|
27
|
+
### Authorization
|
|
28
|
+
- RBAC for coarse-grained access (admin, editor, viewer)
|
|
29
|
+
- ABAC for fine-grained policies (resource owner, department, time)
|
|
30
|
+
- Policy-as-code: OPA/Rego, Cedar, or equivalent
|
|
31
|
+
- Evaluate authorization server-side on every request
|
|
32
|
+
- Audit all access decisions; log denials prominently
|
|
33
|
+
|
|
34
|
+
### OAuth 2.0 / OIDC
|
|
35
|
+
- Use Authorization Code flow with PKCE for web and mobile
|
|
36
|
+
- Client Credentials for service-to-service
|
|
37
|
+
- Validate tokens server-side; do not trust client-side token claims
|
|
38
|
+
- Rotate client secrets regularly
|
|
39
|
+
- Restrict redirect URIs to exact match
|
|
40
|
+
|
|
41
|
+
## Network Security
|
|
42
|
+
|
|
43
|
+
### Segmentation
|
|
44
|
+
- Separate trust zones: public, DMZ, internal, sensitive data
|
|
45
|
+
- Network policies restrict traffic between zones
|
|
46
|
+
- Service-to-service communication over mTLS
|
|
47
|
+
- Egress filtering: allowlist outbound destinations
|
|
48
|
+
|
|
49
|
+
### API Gateway
|
|
50
|
+
- Centralize authentication, rate limiting, and logging
|
|
51
|
+
- Terminate TLS at the gateway
|
|
52
|
+
- Input validation and request size limits at the edge
|
|
53
|
+
- IP allowlisting for admin and internal APIs
|
|
54
|
+
|
|
55
|
+
### DNS Security
|
|
56
|
+
- DNSSEC for domain integrity
|
|
57
|
+
- DNS-over-HTTPS or DNS-over-TLS for privacy
|
|
58
|
+
- Monitor for subdomain takeover on deprovisioned infrastructure
|
|
59
|
+
|
|
60
|
+
## Data Protection
|
|
61
|
+
|
|
62
|
+
### Encryption
|
|
63
|
+
- TLS 1.2+ for all data in transit
|
|
64
|
+
- AES-256-GCM or ChaCha20-Poly1305 for data at rest
|
|
65
|
+
- Key management via HSM or cloud KMS; never store keys alongside data
|
|
66
|
+
- Rotate encryption keys on a schedule and on suspected compromise
|
|
67
|
+
- Envelope encryption for large data volumes
|
|
68
|
+
|
|
69
|
+
### Classification
|
|
70
|
+
- Public: no restrictions
|
|
71
|
+
- Internal: accessible to authenticated employees
|
|
72
|
+
- Confidential: restricted to authorized roles
|
|
73
|
+
- Restricted: PII, financial, health data; strongest controls
|
|
74
|
+
|
|
75
|
+
### Data Lifecycle
|
|
76
|
+
- Retention policies defined per data class
|
|
77
|
+
- Automated deletion at end of retention period
|
|
78
|
+
- Secure deletion: cryptographic erasure or verified overwrite
|
|
79
|
+
- Backup encryption with separately managed keys
|
|
80
|
+
|
|
81
|
+
## Secrets Management
|
|
82
|
+
|
|
83
|
+
- Use a dedicated secrets manager (Vault, AWS Secrets Manager, etc.)
|
|
84
|
+
- Inject secrets at runtime, never at build time
|
|
85
|
+
- Audit secret access with who, when, and from where
|
|
86
|
+
- Rotate secrets on schedule and immediately on suspected exposure
|
|
87
|
+
- Detect and alert on secret sprawl (secrets in repos, configs, logs)
|
|
88
|
+
|
|
89
|
+
## Defense in Depth
|
|
90
|
+
|
|
91
|
+
Layer controls so that no single failure compromises the system:
|
|
92
|
+
|
|
93
|
+
1. **Perimeter**: WAF, DDoS protection, edge rate limiting
|
|
94
|
+
2. **Network**: segmentation, firewall rules, mTLS
|
|
95
|
+
3. **Application**: input validation, output encoding, auth checks
|
|
96
|
+
4. **Data**: encryption, access control, audit logging
|
|
97
|
+
5. **Monitoring**: anomaly detection, alerting, incident response
|
|
98
|
+
|
|
99
|
+
## Compliance Considerations
|
|
100
|
+
|
|
101
|
+
- Map controls to relevant frameworks: SOC 2, ISO 27001, PCI-DSS, HIPAA
|
|
102
|
+
- Maintain evidence of control effectiveness
|
|
103
|
+
- Automate compliance checks where possible
|
|
104
|
+
- Review and update controls quarterly
|
|
105
|
+
- Document accepted risks with business justification and owner
|
|
@@ -0,0 +1,127 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/development/cpp.md — C/C++ Best Practices — Use this skill when writing, reviewing, or debugging C or C++ code.
|
|
3
|
+
|
|
4
|
+
Use this skill when writing, reviewing, or debugging C or C++ code. ## Project Structure
|
|
5
|
+
-->
|
|
6
|
+
# C/C++ Best Practices
|
|
7
|
+
|
|
8
|
+
Use this skill when writing, reviewing, or debugging C or C++ code.
|
|
9
|
+
|
|
10
|
+
## Project Structure
|
|
11
|
+
|
|
12
|
+
```
|
|
13
|
+
include/
|
|
14
|
+
project/
|
|
15
|
+
module.h
|
|
16
|
+
src/
|
|
17
|
+
module.cpp
|
|
18
|
+
main.cpp
|
|
19
|
+
tests/
|
|
20
|
+
test_module.cpp
|
|
21
|
+
CMakeLists.txt
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
- Separate headers (public API) from implementation
|
|
25
|
+
- CMake as the build system; `CMakeLists.txt` per directory
|
|
26
|
+
- Keep header dependencies minimal; forward-declare when possible
|
|
27
|
+
- One class or module per header/source pair
|
|
28
|
+
|
|
29
|
+
## Tooling
|
|
30
|
+
|
|
31
|
+
| Tool | Purpose |
|
|
32
|
+
|---|---|
|
|
33
|
+
| clang-format | Formatting |
|
|
34
|
+
| clang-tidy | Static analysis and modernization |
|
|
35
|
+
| AddressSanitizer (ASan) | Memory error detection |
|
|
36
|
+
| UndefinedBehaviorSanitizer (UBSan) | Undefined behavior detection |
|
|
37
|
+
| Valgrind | Memory leak detection |
|
|
38
|
+
| GoogleTest / Catch2 | Testing |
|
|
39
|
+
| gcov / llvm-cov | Coverage |
|
|
40
|
+
| cppcheck | Additional static analysis |
|
|
41
|
+
|
|
42
|
+
## Modern C++ (C++17/20/23)
|
|
43
|
+
|
|
44
|
+
- `std::string_view` over `const std::string&` for read-only string parameters
|
|
45
|
+
- `std::optional<T>` for values that may be absent
|
|
46
|
+
- `std::variant` for type-safe unions
|
|
47
|
+
- Structured bindings: `auto [key, value] = pair;`
|
|
48
|
+
- `if constexpr` for compile-time branching
|
|
49
|
+
- `std::span` for non-owning views of contiguous data
|
|
50
|
+
- Range-based for loops; `<ranges>` for composable transformations
|
|
51
|
+
|
|
52
|
+
## Memory Management
|
|
53
|
+
|
|
54
|
+
### RAII (Resource Acquisition Is Initialization)
|
|
55
|
+
- Every resource (memory, file handle, lock, socket) owned by an object
|
|
56
|
+
- Acquisition in constructor; release in destructor
|
|
57
|
+
- No manual `new`/`delete` in application code
|
|
58
|
+
|
|
59
|
+
### Smart Pointers
|
|
60
|
+
- `std::unique_ptr`: single ownership, zero overhead
|
|
61
|
+
- `std::shared_ptr`: shared ownership when genuinely needed (rare)
|
|
62
|
+
- `std::weak_ptr`: breaking cycles in shared ownership
|
|
63
|
+
- Raw pointers only for non-owning observation; never manage lifetime
|
|
64
|
+
|
|
65
|
+
### Containers
|
|
66
|
+
- `std::vector` as the default container
|
|
67
|
+
- `std::array` for fixed-size collections
|
|
68
|
+
- `std::unordered_map` for fast lookup; `std::map` when order matters
|
|
69
|
+
- Reserve capacity when the size is known: `vec.reserve(n)`
|
|
70
|
+
|
|
71
|
+
## Error Handling
|
|
72
|
+
|
|
73
|
+
- Exceptions for C++: throw on failure, catch at boundaries
|
|
74
|
+
- `std::expected<T, E>` (C++23) or equivalent library for value-or-error returns
|
|
75
|
+
- `noexcept` on functions that do not throw (move constructors, destructors)
|
|
76
|
+
- Never throw from destructors
|
|
77
|
+
- C: return error codes; check every return value; use `errno` correctly
|
|
78
|
+
|
|
79
|
+
## Concurrency
|
|
80
|
+
|
|
81
|
+
- `std::thread` with `std::jthread` (C++20) for automatic join
|
|
82
|
+
- `std::mutex` and `std::lock_guard` / `std::scoped_lock` for synchronization
|
|
83
|
+
- `std::atomic` for lock-free operations on simple types
|
|
84
|
+
- `std::async` and `std::future` for task-based parallelism
|
|
85
|
+
- Avoid data races: either protect with mutex or use atomics
|
|
86
|
+
- Thread sanitizer (`-fsanitize=thread`) in CI
|
|
87
|
+
|
|
88
|
+
## Testing
|
|
89
|
+
|
|
90
|
+
- GoogleTest or Catch2 for unit and integration tests
|
|
91
|
+
- `TEST` macros for test definition; `EXPECT_*` / `REQUIRE` for assertions
|
|
92
|
+
- CTest for test orchestration via CMake
|
|
93
|
+
- Run with sanitizers enabled in CI
|
|
94
|
+
- Fuzz testing with libFuzzer or AFL++ for input-handling code
|
|
95
|
+
|
|
96
|
+
## Performance
|
|
97
|
+
|
|
98
|
+
- Profile first: `perf`, `Instruments`, `VTune`
|
|
99
|
+
- Minimize allocations: stack allocation > pool allocation > heap allocation
|
|
100
|
+
- Cache-friendly data layout: struct-of-arrays over array-of-structs when iterating
|
|
101
|
+
- Avoid virtual dispatch in hot paths when static polymorphism suffices (CRTP)
|
|
102
|
+
- `constexpr` for compile-time computation
|
|
103
|
+
- Link-time optimization (`-flto`) for cross-unit inlining
|
|
104
|
+
|
|
105
|
+
## Build System
|
|
106
|
+
|
|
107
|
+
- CMake with modern targets: `target_link_libraries`, `target_include_directories`
|
|
108
|
+
- Compile with warnings: `-Wall -Wextra -Wpedantic -Werror`
|
|
109
|
+
- Enable sanitizers in debug/CI builds
|
|
110
|
+
- Use `FetchContent` or `vcpkg`/`conan` for dependency management
|
|
111
|
+
- Separate build directories for debug and release
|
|
112
|
+
|
|
113
|
+
## Security
|
|
114
|
+
|
|
115
|
+
- Bounds-checked alternatives: `std::span`, `std::string_view`, `at()` over `[]`
|
|
116
|
+
- Stack buffer overflow: use `std::array` or `std::vector` instead of C arrays
|
|
117
|
+
- Format string safety: never pass user input as a format string
|
|
118
|
+
- Integer overflow: use safe integer libraries or explicit checks
|
|
119
|
+
- Run ASan, UBSan, and thread sanitizer in CI
|
|
120
|
+
|
|
121
|
+
## Anti-Patterns
|
|
122
|
+
|
|
123
|
+
- Manual `new`/`delete` without RAII wrappers
|
|
124
|
+
- `void*` and C-style casts in C++ code
|
|
125
|
+
- Macros for constants or functions (use `constexpr` and templates)
|
|
126
|
+
- Header-only libraries for large codebases (compile time explosion)
|
|
127
|
+
- Premature optimization with `inline` or manual memory management
|
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/development/go.md — Go Best Practices — Use this skill when writing, reviewing, or debugging Go code.
|
|
3
|
+
|
|
4
|
+
Use this skill when writing, reviewing, or debugging Go code. ## Project Structure
|
|
5
|
+
-->
|
|
6
|
+
# Go Best Practices
|
|
7
|
+
|
|
8
|
+
Use this skill when writing, reviewing, or debugging Go code.
|
|
9
|
+
|
|
10
|
+
## Project Structure
|
|
11
|
+
|
|
12
|
+
```
|
|
13
|
+
cmd/
|
|
14
|
+
server/
|
|
15
|
+
main.go
|
|
16
|
+
internal/
|
|
17
|
+
handler/
|
|
18
|
+
service/
|
|
19
|
+
repository/
|
|
20
|
+
model/
|
|
21
|
+
pkg/
|
|
22
|
+
shared-lib/
|
|
23
|
+
go.mod
|
|
24
|
+
go.sum
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
- `cmd/` for entry points; `internal/` for private packages; `pkg/` for public libraries
|
|
28
|
+
- Keep `main.go` thin: parse config, wire dependencies, start server
|
|
29
|
+
- One package per directory; package name matches directory name
|
|
30
|
+
|
|
31
|
+
## Tooling
|
|
32
|
+
|
|
33
|
+
| Tool | Purpose |
|
|
34
|
+
|---|---|
|
|
35
|
+
| gofmt / goimports | Formatting (non-negotiable) |
|
|
36
|
+
| golangci-lint | Comprehensive linting (replaces individual linters) |
|
|
37
|
+
| go vet | Static analysis |
|
|
38
|
+
| go test -race | Race condition detection |
|
|
39
|
+
| govulncheck | Vulnerability scanning |
|
|
40
|
+
| delve | Debugging |
|
|
41
|
+
|
|
42
|
+
## Error Handling
|
|
43
|
+
|
|
44
|
+
- Return errors as the last return value
|
|
45
|
+
- Wrap errors with context: `fmt.Errorf("fetch user %d: %w", id, err)`
|
|
46
|
+
- Use `errors.Is` and `errors.As` for type-safe error checking
|
|
47
|
+
- Define sentinel errors for expected conditions: `var ErrNotFound = errors.New("not found")`
|
|
48
|
+
- Custom error types for structured error information
|
|
49
|
+
- Handle every returned error; never use `_` for errors without justification
|
|
50
|
+
|
|
51
|
+
## Concurrency
|
|
52
|
+
|
|
53
|
+
### Goroutines
|
|
54
|
+
- Always ensure goroutines can terminate (use context cancellation)
|
|
55
|
+
- Use `sync.WaitGroup` to wait for goroutine completion
|
|
56
|
+
- Prefer `errgroup.Group` for goroutines that return errors
|
|
57
|
+
- Limit goroutine count with semaphores or worker pools
|
|
58
|
+
|
|
59
|
+
### Channels
|
|
60
|
+
- Prefer channels for communication; mutexes for protecting shared state
|
|
61
|
+
- Buffered channels for known producer-consumer rates
|
|
62
|
+
- Close channels from the sender side only
|
|
63
|
+
- Use `select` with `context.Done()` for cancellation
|
|
64
|
+
|
|
65
|
+
### Context
|
|
66
|
+
- Pass `context.Context` as the first parameter to functions
|
|
67
|
+
- Use `context.WithTimeout` for all external calls
|
|
68
|
+
- Propagate context through the entire call chain
|
|
69
|
+
- Never store context in structs
|
|
70
|
+
|
|
71
|
+
## Interfaces
|
|
72
|
+
|
|
73
|
+
- Define interfaces at the consumer, not the provider
|
|
74
|
+
- Keep interfaces small: 1-3 methods
|
|
75
|
+
- Accept interfaces, return structs
|
|
76
|
+
- Use interface embedding for composition
|
|
77
|
+
- Avoid premature abstraction; extract interfaces when a second implementation appears
|
|
78
|
+
|
|
79
|
+
## Testing
|
|
80
|
+
|
|
81
|
+
- Table-driven tests for multiple cases
|
|
82
|
+
- `testing.T.Helper()` for test helper functions
|
|
83
|
+
- Use `testify` or standard library assertions
|
|
84
|
+
- `httptest` for HTTP handler testing
|
|
85
|
+
- Test with `-race` flag in CI
|
|
86
|
+
- Use `t.Parallel()` for independent tests
|
|
87
|
+
- `go test -coverprofile` for coverage analysis
|
|
88
|
+
|
|
89
|
+
## Performance
|
|
90
|
+
|
|
91
|
+
- Profile with `pprof`: CPU, memory, goroutine, mutex
|
|
92
|
+
- Avoid allocations in hot paths; reuse buffers with `sync.Pool`
|
|
93
|
+
- Pre-allocate slices with `make([]T, 0, expectedCap)`
|
|
94
|
+
- Use `strings.Builder` for string concatenation
|
|
95
|
+
- Benchmark with `testing.B` before and after optimization
|
|
96
|
+
- Avoid reflection in performance-critical code
|
|
97
|
+
|
|
98
|
+
## Patterns
|
|
99
|
+
|
|
100
|
+
### Dependency Injection
|
|
101
|
+
- Constructor functions: `func NewService(repo Repository) *Service`
|
|
102
|
+
- Wire dependencies in `main.go` or with a DI tool (wire, fx)
|
|
103
|
+
- Interfaces for external dependencies enable testing with mocks
|
|
104
|
+
|
|
105
|
+
### Options Pattern
|
|
106
|
+
- `func NewServer(opts ...Option)` for configurable constructors
|
|
107
|
+
- Each option is a function that modifies a config struct
|
|
108
|
+
- Provides good defaults with optional overrides
|
|
109
|
+
|
|
110
|
+
### Middleware
|
|
111
|
+
- `func(http.Handler) http.Handler` for HTTP middleware
|
|
112
|
+
- Chain: logging, auth, rate limiting, recovery
|
|
113
|
+
- Keep middleware focused on cross-cutting concerns
|
|
114
|
+
|
|
115
|
+
## Security
|
|
116
|
+
|
|
117
|
+
- Use `crypto/rand` for random values, never `math/rand` for security
|
|
118
|
+
- Validate all user input at handler boundaries
|
|
119
|
+
- Use parameterized queries; avoid string interpolation in SQL
|
|
120
|
+
- Set timeouts on HTTP servers and clients
|
|
121
|
+
- Use `gosec` and `govulncheck` in CI
|
|
122
|
+
|
|
123
|
+
## Anti-Patterns
|
|
124
|
+
|
|
125
|
+
- `init()` functions for complex initialization (hard to test)
|
|
126
|
+
- Package-level mutable variables (hidden global state)
|
|
127
|
+
- Ignoring errors with `_`
|
|
128
|
+
- Goroutine leaks (no cancellation mechanism)
|
|
129
|
+
- Overusing `interface{}` / `any` when concrete types are known
|