@geraldmaron/construct 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (352) hide show
  1. package/.env.example +69 -0
  2. package/LICENSE +21 -0
  3. package/README.md +344 -0
  4. package/agents/prompts/cx-accessibility.md +29 -0
  5. package/agents/prompts/cx-ai-engineer.md +31 -0
  6. package/agents/prompts/cx-architect.md +40 -0
  7. package/agents/prompts/cx-business-strategist.md +25 -0
  8. package/agents/prompts/cx-data-analyst.md +30 -0
  9. package/agents/prompts/cx-data-engineer.md +32 -0
  10. package/agents/prompts/cx-debugger.md +27 -0
  11. package/agents/prompts/cx-designer.md +33 -0
  12. package/agents/prompts/cx-devil-advocate.md +36 -0
  13. package/agents/prompts/cx-docs-keeper.md +50 -0
  14. package/agents/prompts/cx-engineer.md +36 -0
  15. package/agents/prompts/cx-evaluator.md +26 -0
  16. package/agents/prompts/cx-explorer.md +38 -0
  17. package/agents/prompts/cx-legal-compliance.md +25 -0
  18. package/agents/prompts/cx-operations.md +28 -0
  19. package/agents/prompts/cx-orchestrator.md +30 -0
  20. package/agents/prompts/cx-platform-engineer.md +25 -0
  21. package/agents/prompts/cx-product-manager.md +30 -0
  22. package/agents/prompts/cx-qa.md +42 -0
  23. package/agents/prompts/cx-rd-lead.md +25 -0
  24. package/agents/prompts/cx-release-manager.md +31 -0
  25. package/agents/prompts/cx-researcher.md +31 -0
  26. package/agents/prompts/cx-reviewer.md +36 -0
  27. package/agents/prompts/cx-security.md +37 -0
  28. package/agents/prompts/cx-sre.md +26 -0
  29. package/agents/prompts/cx-test-automation.md +35 -0
  30. package/agents/prompts/cx-trace-reviewer.md +76 -0
  31. package/agents/prompts/cx-ux-researcher.md +30 -0
  32. package/agents/registry.json +879 -0
  33. package/agents/teams.json +94 -0
  34. package/bin/construct +613 -0
  35. package/commands/build/feature.md +21 -0
  36. package/commands/build/fix.md +20 -0
  37. package/commands/design/access.md +19 -0
  38. package/commands/design/flow.md +16 -0
  39. package/commands/design/ui.md +18 -0
  40. package/commands/measure/experiment.md +18 -0
  41. package/commands/measure/metrics.md +18 -0
  42. package/commands/measure/results.md +18 -0
  43. package/commands/plan/api.md +19 -0
  44. package/commands/plan/challenge.md +18 -0
  45. package/commands/plan/decide.md +20 -0
  46. package/commands/plan/feature.md +49 -0
  47. package/commands/plan/requirements.md +24 -0
  48. package/commands/remember/context.md +26 -0
  49. package/commands/remember/handoff.md +19 -0
  50. package/commands/remember/runbook.md +20 -0
  51. package/commands/review/code.md +21 -0
  52. package/commands/review/quality.md +19 -0
  53. package/commands/review/security.md +16 -0
  54. package/commands/ship/ready.md +19 -0
  55. package/commands/ship/release.md +19 -0
  56. package/commands/ship/status.md +18 -0
  57. package/commands/understand/docs.md +22 -0
  58. package/commands/understand/research.md +22 -0
  59. package/commands/understand/this.md +23 -0
  60. package/commands/understand/why.md +18 -0
  61. package/commands/work/clean.md +32 -0
  62. package/commands/work/drive.md +69 -0
  63. package/commands/work/optimize-prompts.md +46 -0
  64. package/commands/work/parallel-review.md +40 -0
  65. package/db/migrations/001_init.sql +38 -0
  66. package/langfuse/docker-compose.yml +82 -0
  67. package/lib/audit-skills.mjs +118 -0
  68. package/lib/auto-docs.mjs +293 -0
  69. package/lib/cli-commands.mjs +409 -0
  70. package/lib/codex-config.mjs +114 -0
  71. package/lib/comment-lint.mjs +191 -0
  72. package/lib/completions.mjs +170 -0
  73. package/lib/context-state.mjs +99 -0
  74. package/lib/cost.mjs +213 -0
  75. package/lib/distill.mjs +403 -0
  76. package/lib/efficiency.mjs +139 -0
  77. package/lib/env-config.mjs +53 -0
  78. package/lib/eval-harness.mjs +59 -0
  79. package/lib/features.mjs +209 -0
  80. package/lib/headhunt.mjs +597 -0
  81. package/lib/hooks/adaptive-lint.mjs +112 -0
  82. package/lib/hooks/agent-tracker.mjs +50 -0
  83. package/lib/hooks/bootstrap-guard.mjs +90 -0
  84. package/lib/hooks/comment-lint.mjs +26 -0
  85. package/lib/hooks/config-protection.mjs +52 -0
  86. package/lib/hooks/console-warn.mjs +43 -0
  87. package/lib/hooks/context-window-recovery.mjs +90 -0
  88. package/lib/hooks/continuation-enforcer.mjs +72 -0
  89. package/lib/hooks/dep-audit.mjs +155 -0
  90. package/lib/hooks/drive-guard.mjs +89 -0
  91. package/lib/hooks/edit-accumulator.mjs +36 -0
  92. package/lib/hooks/edit-error-recovery.mjs +46 -0
  93. package/lib/hooks/edit-guard.mjs +109 -0
  94. package/lib/hooks/env-check.mjs +80 -0
  95. package/lib/hooks/guard-bash.mjs +83 -0
  96. package/lib/hooks/mcp-audit.mjs +57 -0
  97. package/lib/hooks/mcp-health-check.mjs +51 -0
  98. package/lib/hooks/mcp-task-scope.mjs +47 -0
  99. package/lib/hooks/model-fallback.mjs +105 -0
  100. package/lib/hooks/pre-compact.mjs +212 -0
  101. package/lib/hooks/pre-push-gate.mjs +129 -0
  102. package/lib/hooks/read-tracker.mjs +129 -0
  103. package/lib/hooks/registry-sync.mjs +23 -0
  104. package/lib/hooks/scan-secrets.mjs +76 -0
  105. package/lib/hooks/session-start.mjs +95 -0
  106. package/lib/hooks/stop-notify.mjs +191 -0
  107. package/lib/hooks/stop-typecheck.mjs +83 -0
  108. package/lib/hooks/task-completed-guard.mjs +43 -0
  109. package/lib/hooks/teammate-idle-guard.mjs +54 -0
  110. package/lib/hooks/workflow-guard.mjs +62 -0
  111. package/lib/host-capabilities.mjs +123 -0
  112. package/lib/init-docs.mjs +382 -0
  113. package/lib/mcp/server.mjs +1123 -0
  114. package/lib/mcp-catalog.json +243 -0
  115. package/lib/mcp-manager.mjs +433 -0
  116. package/lib/mcp-platform-config.mjs +104 -0
  117. package/lib/model-router.mjs +810 -0
  118. package/lib/opencode-config.mjs +44 -0
  119. package/lib/opencode-runtime-plugin.mjs +909 -0
  120. package/lib/opencode-telemetry.mjs +433 -0
  121. package/lib/orchestration-policy.mjs +258 -0
  122. package/lib/prompt-composer.mjs +196 -0
  123. package/lib/prompt-metadata.mjs +68 -0
  124. package/lib/review.mjs +429 -0
  125. package/lib/role-preload.mjs +52 -0
  126. package/lib/schemas/decision.json +50 -0
  127. package/lib/schemas/implementation.json +51 -0
  128. package/lib/schemas/review-report.json +32 -0
  129. package/lib/schemas/test-report.json +43 -0
  130. package/lib/server/index.mjs +334 -0
  131. package/lib/server/static/app.js +841 -0
  132. package/lib/server/static/index.html +820 -0
  133. package/lib/service-manager.mjs +225 -0
  134. package/lib/setup.mjs +319 -0
  135. package/lib/status.mjs +707 -0
  136. package/lib/storage/backend.mjs +44 -0
  137. package/lib/storage/embeddings.mjs +70 -0
  138. package/lib/storage/hybrid-query.mjs +184 -0
  139. package/lib/storage/sql-store.mjs +55 -0
  140. package/lib/storage/state-source.mjs +101 -0
  141. package/lib/storage/sync.mjs +164 -0
  142. package/lib/storage/vector-store.mjs +59 -0
  143. package/lib/telemetry/backends/langfuse.mjs +58 -0
  144. package/lib/telemetry/backends/noop.mjs +16 -0
  145. package/lib/telemetry/langfuse-ingest.mjs +108 -0
  146. package/lib/telemetry/langfuse-model-sync.mjs +270 -0
  147. package/lib/telemetry/team-rollup.mjs +143 -0
  148. package/lib/toolkit-env.mjs +30 -0
  149. package/lib/validator.mjs +181 -0
  150. package/lib/workflow-state.mjs +794 -0
  151. package/package.json +53 -0
  152. package/personas/construct.md +94 -0
  153. package/platforms/claude/CLAUDE.md +30 -0
  154. package/platforms/claude/settings.template.json +472 -0
  155. package/platforms/opencode/config.template.json +65 -0
  156. package/platforms/opencode/plugins/construct-fallback.js +5 -0
  157. package/platforms/opencode/sync-config.mjs +69 -0
  158. package/rules/common/agents.md +55 -0
  159. package/rules/common/code-review.md +129 -0
  160. package/rules/common/coding-style.md +95 -0
  161. package/rules/common/comments.md +139 -0
  162. package/rules/common/cx-agent-routing.md +61 -0
  163. package/rules/common/cx-skill-routing.md +11 -0
  164. package/rules/common/development-workflow.md +49 -0
  165. package/rules/common/git-workflow.md +29 -0
  166. package/rules/common/hooks.md +35 -0
  167. package/rules/common/patterns.md +36 -0
  168. package/rules/common/performance.md +71 -0
  169. package/rules/common/security.md +34 -0
  170. package/rules/common/testing.md +62 -0
  171. package/rules/golang/coding-style.md +37 -0
  172. package/rules/golang/hooks.md +22 -0
  173. package/rules/golang/patterns.md +50 -0
  174. package/rules/golang/security.md +39 -0
  175. package/rules/golang/testing.md +36 -0
  176. package/rules/python/coding-style.md +47 -0
  177. package/rules/python/hooks.md +24 -0
  178. package/rules/python/patterns.md +44 -0
  179. package/rules/python/security.md +35 -0
  180. package/rules/python/testing.md +43 -0
  181. package/rules/swift/coding-style.md +52 -0
  182. package/rules/swift/hooks.md +25 -0
  183. package/rules/swift/patterns.md +71 -0
  184. package/rules/swift/security.md +38 -0
  185. package/rules/swift/testing.md +50 -0
  186. package/rules/typescript/coding-style.md +204 -0
  187. package/rules/typescript/hooks.md +27 -0
  188. package/rules/typescript/patterns.md +57 -0
  189. package/rules/typescript/security.md +33 -0
  190. package/rules/typescript/testing.md +23 -0
  191. package/rules/web/coding-style.md +101 -0
  192. package/rules/web/design-quality.md +68 -0
  193. package/rules/web/hooks.md +125 -0
  194. package/rules/web/patterns.md +84 -0
  195. package/rules/web/performance.md +69 -0
  196. package/rules/web/security.md +62 -0
  197. package/rules/web/testing.md +60 -0
  198. package/rules/zh/README.md +113 -0
  199. package/rules/zh/agents.md +55 -0
  200. package/rules/zh/code-review.md +129 -0
  201. package/rules/zh/coding-style.md +53 -0
  202. package/rules/zh/development-workflow.md +49 -0
  203. package/rules/zh/git-workflow.md +29 -0
  204. package/rules/zh/hooks.md +35 -0
  205. package/rules/zh/patterns.md +36 -0
  206. package/rules/zh/performance.md +60 -0
  207. package/rules/zh/security.md +34 -0
  208. package/rules/zh/testing.md +34 -0
  209. package/skills/ai/agent-dev.md +102 -0
  210. package/skills/ai/llm-security.md +105 -0
  211. package/skills/ai/ml-ops.md +169 -0
  212. package/skills/ai/orchestration-workflow.md +87 -0
  213. package/skills/ai/prompt-and-eval.md +114 -0
  214. package/skills/ai/prompt-optimizer.md +114 -0
  215. package/skills/ai/rag-system.md +104 -0
  216. package/skills/architecture/api-design.md +100 -0
  217. package/skills/architecture/caching.md +101 -0
  218. package/skills/architecture/cloud-native.md +97 -0
  219. package/skills/architecture/message-queue.md +100 -0
  220. package/skills/architecture/security-arch.md +105 -0
  221. package/skills/development/cpp.md +127 -0
  222. package/skills/development/go.md +129 -0
  223. package/skills/development/java.md +134 -0
  224. package/skills/development/kotlin.md +140 -0
  225. package/skills/development/mobile-crossplatform.md +144 -0
  226. package/skills/development/python.md +109 -0
  227. package/skills/development/rust.md +127 -0
  228. package/skills/development/shell.md +127 -0
  229. package/skills/development/swift.md +129 -0
  230. package/skills/development/typescript.md +129 -0
  231. package/skills/devops/ci-cd.md +108 -0
  232. package/skills/devops/containerization.md +106 -0
  233. package/skills/devops/cost-optimization.md +105 -0
  234. package/skills/devops/data-engineering.md +181 -0
  235. package/skills/devops/database.md +95 -0
  236. package/skills/devops/dependency-management.md +91 -0
  237. package/skills/devops/devsecops.md +96 -0
  238. package/skills/devops/git-workflow.md +100 -0
  239. package/skills/devops/incident-response.md +167 -0
  240. package/skills/devops/monorepo.md +87 -0
  241. package/skills/devops/observability.md +103 -0
  242. package/skills/devops/performance.md +104 -0
  243. package/skills/devops/testing.md +104 -0
  244. package/skills/docs/adr-workflow.md +32 -0
  245. package/skills/docs/backlog-proposal-workflow.md +19 -0
  246. package/skills/docs/customer-profile-workflow.md +22 -0
  247. package/skills/docs/evidence-ingest-workflow.md +23 -0
  248. package/skills/docs/init-docs.md +160 -0
  249. package/skills/docs/init-project.md +50 -0
  250. package/skills/docs/prd-workflow.md +57 -0
  251. package/skills/docs/prfaq-workflow.md +25 -0
  252. package/skills/docs/product-intelligence-review.md +22 -0
  253. package/skills/docs/product-intelligence-workflow.md +62 -0
  254. package/skills/docs/product-signal-workflow.md +27 -0
  255. package/skills/docs/research-workflow.md +28 -0
  256. package/skills/docs/runbook-workflow.md +24 -0
  257. package/skills/exploration/repo-map.md +297 -0
  258. package/skills/frameworks/django.md +159 -0
  259. package/skills/frameworks/nextjs.md +148 -0
  260. package/skills/frameworks/react.md +132 -0
  261. package/skills/frameworks/spring-boot.md +165 -0
  262. package/skills/frontend-design/accessibility.md +153 -0
  263. package/skills/frontend-design/component-patterns.md +111 -0
  264. package/skills/frontend-design/engineering.md +122 -0
  265. package/skills/frontend-design/state-management.md +118 -0
  266. package/skills/frontend-design/ui-aesthetics.md +102 -0
  267. package/skills/frontend-design/ux-principles.md +126 -0
  268. package/skills/quality-gates/review-work.md +90 -0
  269. package/skills/quality-gates/verify-change.md +94 -0
  270. package/skills/quality-gates/verify-module.md +96 -0
  271. package/skills/quality-gates/verify-quality.md +93 -0
  272. package/skills/quality-gates/verify-security.md +95 -0
  273. package/skills/roles/architect.ai-systems.md +37 -0
  274. package/skills/roles/architect.data.md +37 -0
  275. package/skills/roles/architect.enterprise.md +37 -0
  276. package/skills/roles/architect.integration.md +37 -0
  277. package/skills/roles/architect.md +68 -0
  278. package/skills/roles/architect.platform.md +37 -0
  279. package/skills/roles/data-analyst.experiment.md +37 -0
  280. package/skills/roles/data-analyst.md +68 -0
  281. package/skills/roles/data-analyst.product-intelligence.md +37 -0
  282. package/skills/roles/data-analyst.product.md +37 -0
  283. package/skills/roles/data-analyst.telemetry.md +37 -0
  284. package/skills/roles/data-engineer.pipeline.md +37 -0
  285. package/skills/roles/data-engineer.vector-retrieval.md +37 -0
  286. package/skills/roles/data-engineer.warehouse.md +37 -0
  287. package/skills/roles/debugger.md +68 -0
  288. package/skills/roles/designer.accessibility.md +43 -0
  289. package/skills/roles/designer.md +68 -0
  290. package/skills/roles/engineer.ai.md +49 -0
  291. package/skills/roles/engineer.data.md +49 -0
  292. package/skills/roles/engineer.md +85 -0
  293. package/skills/roles/engineer.platform.md +49 -0
  294. package/skills/roles/operator.docs.md +43 -0
  295. package/skills/roles/operator.md +68 -0
  296. package/skills/roles/operator.release.md +43 -0
  297. package/skills/roles/operator.sre.md +43 -0
  298. package/skills/roles/orchestrator.md +66 -0
  299. package/skills/roles/product-manager.ai-product.md +37 -0
  300. package/skills/roles/product-manager.business-strategy.md +43 -0
  301. package/skills/roles/product-manager.enterprise.md +37 -0
  302. package/skills/roles/product-manager.growth.md +37 -0
  303. package/skills/roles/product-manager.md +67 -0
  304. package/skills/roles/product-manager.platform.md +37 -0
  305. package/skills/roles/product-manager.product.md +37 -0
  306. package/skills/roles/qa.ai-eval.md +37 -0
  307. package/skills/roles/qa.api-contract.md +37 -0
  308. package/skills/roles/qa.data-pipeline.md +37 -0
  309. package/skills/roles/qa.md +68 -0
  310. package/skills/roles/qa.test-automation.md +49 -0
  311. package/skills/roles/qa.web-ui.md +37 -0
  312. package/skills/roles/researcher.explorer.md +43 -0
  313. package/skills/roles/researcher.md +68 -0
  314. package/skills/roles/researcher.ux.md +43 -0
  315. package/skills/roles/reviewer.devil-advocate.md +43 -0
  316. package/skills/roles/reviewer.evaluator.md +43 -0
  317. package/skills/roles/reviewer.md +68 -0
  318. package/skills/roles/reviewer.trace.md +43 -0
  319. package/skills/roles/security.ai.md +37 -0
  320. package/skills/roles/security.appsec.md +37 -0
  321. package/skills/roles/security.cloud.md +37 -0
  322. package/skills/roles/security.legal-compliance.md +49 -0
  323. package/skills/roles/security.md +68 -0
  324. package/skills/roles/security.privacy.md +37 -0
  325. package/skills/roles/security.supply-chain.md +37 -0
  326. package/skills/routing.md +139 -0
  327. package/skills/security/blue-team.md +83 -0
  328. package/skills/security/code-audit.md +94 -0
  329. package/skills/security/pentest.md +84 -0
  330. package/skills/security/red-team.md +81 -0
  331. package/skills/security/threat-intel.md +89 -0
  332. package/skills/security/vuln-research.md +87 -0
  333. package/skills/utility/clean-code.md +165 -0
  334. package/sync-agents.mjs +899 -0
  335. package/templates/docs/adr.md +27 -0
  336. package/templates/docs/backlog-proposal.md +26 -0
  337. package/templates/docs/customer-profile.md +34 -0
  338. package/templates/docs/evidence-brief.md +37 -0
  339. package/templates/docs/incident-report.md +46 -0
  340. package/templates/docs/memo.md +27 -0
  341. package/templates/docs/meta-prd.md +56 -0
  342. package/templates/docs/one-pager.md +24 -0
  343. package/templates/docs/prd-business.md +61 -0
  344. package/templates/docs/prd-platform.md +62 -0
  345. package/templates/docs/prd.md +47 -0
  346. package/templates/docs/prfaq.md +31 -0
  347. package/templates/docs/product-intelligence-report.md +31 -0
  348. package/templates/docs/research-brief.md +29 -0
  349. package/templates/docs/rfc-platform.md +60 -0
  350. package/templates/docs/rfc.md +46 -0
  351. package/templates/docs/runbook.md +33 -0
  352. package/templates/docs/signal-brief.md +25 -0
@@ -0,0 +1,101 @@
1
+ <!--
2
+ skills/architecture/caching.md — Caching — Use this skill when designing caching strategies for applications, APIs, or infr
3
+
4
+ Use this skill when designing caching strategies for applications, APIs, or infrastructure. ## Cache Layers
5
+ -->
6
+ # Caching
7
+
8
+ Use this skill when designing caching strategies for applications, APIs, or infrastructure.
9
+
10
+ ## Cache Layers
11
+
12
+ | Layer | Tool | Latency | Use Case |
13
+ |---|---|---|---|
14
+ | In-process | HashMap, LRU cache | <1ms | Hot config, computed values |
15
+ | Distributed | Redis, Memcached | 1-5ms | Session data, query results |
16
+ | CDN | Cloudflare, CloudFront | 10-50ms | Static assets, public API responses |
17
+ | Browser | Cache-Control headers | 0ms | Assets, API responses for single user |
18
+
19
+ ## Cache Strategies
20
+
21
+ ### Cache-Aside (Lazy Loading)
22
+ 1. Check cache. If hit, return.
23
+ 2. If miss, read from database.
24
+ 3. Write result to cache with TTL.
25
+ - Best for: read-heavy workloads with tolerant staleness
26
+ - Risk: thundering herd on cache miss for hot keys
27
+
28
+ ### Write-Through
29
+ 1. Write to cache and database simultaneously.
30
+ - Best for: data that must be fresh immediately after write
31
+ - Risk: higher write latency
32
+
33
+ ### Write-Behind (Write-Back)
34
+ 1. Write to cache immediately.
35
+ 2. Asynchronously flush to database.
36
+ - Best for: high write throughput with acceptable durability risk
37
+ - Risk: data loss if cache fails before flush
38
+
39
+ ### Read-Through
40
+ 1. Cache itself fetches from database on miss.
41
+ - Best for: simplifying application code
42
+ - Requires a cache library that supports origin fetch
43
+
44
+ ## Cache Invalidation
45
+
46
+ - **TTL-based**: set expiry on every key; simplest, but data can be stale up to TTL
47
+ - **Event-based**: invalidate on write events; lowest staleness, requires pub/sub
48
+ - **Version-based**: include version in cache key; new version = automatic miss
49
+ - **Tag-based**: group related keys by tag; invalidate all keys with a tag at once
50
+
51
+ ### Thundering Herd Mitigation
52
+ - Lock on miss: only one request fetches, others wait
53
+ - Stale-while-revalidate: serve stale data while background refresh runs
54
+ - Early expiry jitter: randomize TTL to avoid synchronized expiry
55
+
56
+ ## Redis Patterns
57
+
58
+ - Use appropriate data structures: strings for simple values, hashes for objects, sorted sets for leaderboards
59
+ - Set `maxmemory-policy` to `allkeys-lru` or `volatile-lru`
60
+ - Use pipelining for batch operations
61
+ - Monitor hit rate: target >90% for hot paths
62
+ - Use Redis Cluster for horizontal scaling
63
+ - Avoid large keys (>1MB) and hot keys (>10K ops/sec on single key)
64
+
65
+ ## CDN Configuration
66
+
67
+ - Cache static assets with long TTL (1 year) and content-hash filenames
68
+ - Cache public API responses with short TTL (30-300s)
69
+ - Use `Vary` header correctly for content negotiation
70
+ - Purge on deploy for assets without content hashing
71
+ - Use edge functions for personalization at the CDN layer
72
+
73
+ ## HTTP Cache Headers
74
+
75
+ ```
76
+ Cache-Control: public, max-age=31536000, immutable # hashed assets
77
+ Cache-Control: private, no-cache # user-specific
78
+ Cache-Control: public, s-maxage=60, stale-while-revalidate=300
79
+ ETag: "abc123" # conditional requests
80
+ ```
81
+
82
+ - `no-cache` means revalidate, not no caching
83
+ - `no-store` means truly do not cache
84
+ - Use `ETag` + `If-None-Match` for conditional requests
85
+
86
+ ## Monitoring
87
+
88
+ - Cache hit rate per key prefix
89
+ - Eviction rate and memory usage
90
+ - Latency percentiles: p50, p95, p99
91
+ - Cache size growth over time
92
+ - Staleness: time between data change and cache update
93
+ - Alert on hit rate drop below threshold (e.g., <80%)
94
+
95
+ ## Anti-Patterns
96
+
97
+ - Caching without TTL (unbounded growth)
98
+ - Caching errors or empty results without short TTL
99
+ - Cache key collisions from insufficient namespacing
100
+ - Serializing large objects when only a field is needed
101
+ - Using cache as primary data store without durability plan
@@ -0,0 +1,97 @@
1
+ <!--
2
+ skills/architecture/cloud-native.md — Cloud-Native Architecture — Use this skill when designing containerized, orchestrated, or microservice-based
3
+
4
+ Use this skill when designing containerized, orchestrated, or microservice-based systems. ## Container Best Practices
5
+ -->
6
+ # Cloud-Native Architecture
7
+
8
+ Use this skill when designing containerized, orchestrated, or microservice-based systems.
9
+
10
+ ## Container Best Practices
11
+
12
+ - One process per container
13
+ - Use multi-stage builds to minimize image size
14
+ - Pin base image versions with digest, not just tag
15
+ - Run as non-root user
16
+ - No secrets in image layers; use runtime injection
17
+ - Health check endpoint in every container
18
+ - Graceful shutdown: handle SIGTERM, drain connections, exit cleanly
19
+
20
+ ## Kubernetes Patterns
21
+
22
+ ### Resource Management
23
+ - Set CPU and memory requests and limits on every pod
24
+ - Use Horizontal Pod Autoscaler based on CPU, memory, or custom metrics
25
+ - Use PodDisruptionBudget to maintain availability during rollouts
26
+ - Namespace per environment or team
27
+
28
+ ### Networking
29
+ - Use Services for internal communication
30
+ - Use Ingress or Gateway API for external traffic
31
+ - NetworkPolicy to restrict pod-to-pod communication
32
+ - DNS-based service discovery within the cluster
33
+
34
+ ### Configuration
35
+ - ConfigMaps for non-sensitive configuration
36
+ - Secrets for sensitive values (encrypted at rest with KMS)
37
+ - Environment variables or volume mounts, not baked into images
38
+ - External config: Vault, AWS Secrets Manager, or equivalent
39
+
40
+ ### Deployment Strategies
41
+ - Rolling update: default, zero-downtime with readiness probes
42
+ - Blue-green: instant switchover, requires double capacity
43
+ - Canary: gradual traffic shift, best for risk-sensitive changes
44
+ - Use readiness and liveness probes; do not conflate them
45
+
46
+ ## Microservice Design
47
+
48
+ ### Boundaries
49
+ - One service per bounded context
50
+ - Services own their data; no shared databases
51
+ - Communicate via APIs or events, never direct database access
52
+ - Keep services independently deployable
53
+
54
+ ### Communication
55
+ - Synchronous: REST or gRPC for request-response
56
+ - Asynchronous: message queues for events and commands
57
+ - Use circuit breakers for synchronous calls (Hystrix pattern)
58
+ - Set timeouts and retries with exponential backoff and jitter
59
+ - Implement idempotency keys for retry-safe operations
60
+
61
+ ### Data Management
62
+ - Database per service
63
+ - Saga pattern for distributed transactions
64
+ - Event sourcing when audit trail matters
65
+ - CQRS when read and write patterns diverge significantly
66
+ - Eventual consistency is acceptable for most cross-service data
67
+
68
+ ## Service Mesh
69
+
70
+ - Sidecar proxy (Envoy, Linkerd) for mTLS, observability, traffic control
71
+ - Retry, timeout, and circuit breaker policies in mesh config
72
+ - Traffic splitting for canary deployments
73
+ - Distributed tracing via mesh-injected headers
74
+ - Evaluate mesh overhead; not every system needs one
75
+
76
+ ## Twelve-Factor Compliance
77
+
78
+ 1. Codebase: one repo per service
79
+ 2. Dependencies: explicitly declared and isolated
80
+ 3. Config: stored in environment, not code
81
+ 4. Backing services: attached resources via config
82
+ 5. Build/release/run: strict separation
83
+ 6. Processes: stateless; persist state in backing services
84
+ 7. Port binding: self-contained, export via port
85
+ 8. Concurrency: scale via process model
86
+ 9. Disposability: fast startup, graceful shutdown
87
+ 10. Dev/prod parity: keep environments as similar as possible
88
+ 11. Logs: emit to stdout, aggregate externally
89
+ 12. Admin processes: run as one-off tasks
90
+
91
+ ## Resilience Patterns
92
+
93
+ - Retry with exponential backoff and jitter
94
+ - Circuit breaker: open after N failures, half-open after cooldown
95
+ - Bulkhead: isolate failures to prevent cascade
96
+ - Timeout: every external call has a deadline
97
+ - Fallback: degrade gracefully when dependencies are unavailable
@@ -0,0 +1,100 @@
1
+ <!--
2
+ skills/architecture/message-queue.md — Message Queues and Event-Driven Architecture — Use this skill when designing asynchronous communication, event-driven systems,
3
+
4
+ Use this skill when designing asynchronous communication, event-driven systems, or message-based integrations. ## When to Use Message Queues
5
+ -->
6
+ # Message Queues and Event-Driven Architecture
7
+
8
+ Use this skill when designing asynchronous communication, event-driven systems, or message-based integrations.
9
+
10
+ ## When to Use Message Queues
11
+
12
+ - Decouple producers from consumers
13
+ - Buffer spikes in traffic or processing load
14
+ - Enable async processing of long-running tasks
15
+ - Fan out events to multiple consumers
16
+ - Guarantee delivery when consumers may be temporarily unavailable
17
+
18
+ ## Messaging Patterns
19
+
20
+ ### Point-to-Point (Queue)
21
+ - One producer, one consumer per message
22
+ - Work distribution across multiple consumer instances
23
+ - Use for: task queues, job processing, command dispatch
24
+
25
+ ### Publish-Subscribe (Topic)
26
+ - One producer, many consumers per message
27
+ - Each subscriber gets a copy
28
+ - Use for: event notification, real-time updates, audit logging
29
+
30
+ ### Request-Reply
31
+ - Producer sends a message with a reply-to address
32
+ - Consumer processes and responds
33
+ - Use for: async RPC, distributed computation
34
+ - Include correlation ID for matching responses
35
+
36
+ ## Technology Selection
37
+
38
+ | System | Strength | Best For |
39
+ |---|---|---|
40
+ | Kafka | High throughput, replay, ordering | Event streaming, log aggregation, CDC |
41
+ | RabbitMQ | Flexible routing, low latency | Task queues, RPC, complex routing |
42
+ | SQS | Managed, simple, scales to zero | AWS-native task queues |
43
+ | NATS | Ultra-low latency, lightweight | Microservice communication |
44
+ | Pulsar | Multi-tenancy, tiered storage | Large-scale streaming |
45
+
46
+ ## Message Design
47
+
48
+ - Include: event type, timestamp, correlation ID, source, schema version, payload
49
+ - Use a schema registry for payload evolution (Avro, Protobuf, JSON Schema)
50
+ - Keep messages self-contained; avoid requiring lookups to interpret
51
+ - Small messages (<1MB); use references for large blobs
52
+ - Version schemas; consumers must handle unknown fields gracefully
53
+
54
+ ## Delivery Guarantees
55
+
56
+ ### At-Most-Once
57
+ - Fire and forget; fastest but may lose messages
58
+ - Use for: metrics, non-critical notifications
59
+
60
+ ### At-Least-Once
61
+ - Retry until acknowledged; may duplicate
62
+ - Consumers must be idempotent
63
+ - Use for: most business events
64
+
65
+ ### Exactly-Once
66
+ - Requires idempotent consumers or transactional outbox
67
+ - Expensive; only when business rules demand it
68
+ - Use for: financial transactions, inventory updates
69
+
70
+ ## Ordering
71
+
72
+ - Kafka: ordered within a partition; use partition key for related events
73
+ - RabbitMQ: ordered within a single queue with one consumer
74
+ - SQS FIFO: ordered by message group ID
75
+ - Design consumers to tolerate out-of-order delivery when possible
76
+
77
+ ## Error Handling
78
+
79
+ - Dead letter queue (DLQ) for messages that fail after max retries
80
+ - Exponential backoff between retries
81
+ - Poison message detection: log and skip after threshold
82
+ - Monitor DLQ depth; alert when non-empty
83
+ - Provide tooling to replay or reprocess DLQ messages
84
+
85
+ ## Transactional Outbox Pattern
86
+
87
+ 1. Write business data and outbox event in a single database transaction
88
+ 2. Background process polls outbox and publishes to message broker
89
+ 3. Mark outbox entry as published after broker acknowledgment
90
+ - Guarantees event publication if database write succeeds
91
+ - Alternative: change data capture (CDC) from the database log
92
+
93
+ ## Monitoring
94
+
95
+ - Queue depth and age of oldest message
96
+ - Consumer lag (Kafka: offset lag per partition)
97
+ - Message throughput: produced, consumed, failed per minute
98
+ - DLQ depth and growth rate
99
+ - Consumer processing latency percentiles
100
+ - Alert on: growing lag, DLQ growth, consumer crash loops
@@ -0,0 +1,105 @@
1
+ <!--
2
+ skills/architecture/security-arch.md — Security Architecture — Use this skill when designing authentication, authorization, network security, o
3
+
4
+ Use this skill when designing authentication, authorization, network security, or zero-trust architectures. ## Zero Trust Principles
5
+ -->
6
+ # Security Architecture
7
+
8
+ Use this skill when designing authentication, authorization, network security, or zero-trust architectures.
9
+
10
+ ## Zero Trust Principles
11
+
12
+ - Never trust, always verify: authenticate and authorize every request
13
+ - Least privilege: grant minimum permissions required for the task
14
+ - Assume breach: design as if the perimeter is already compromised
15
+ - Verify explicitly: use identity, device health, location, and behavior signals
16
+ - Micro-segmentation: limit blast radius of any single compromise
17
+
18
+ ## Identity and Access Management
19
+
20
+ ### Authentication
21
+ - Centralize authentication in an identity provider (IdP)
22
+ - Support MFA for all human users; enforce for privileged accounts
23
+ - Use short-lived tokens (15-60 min) with refresh token rotation
24
+ - Machine-to-machine: mTLS or signed JWTs with narrow scopes
25
+ - Federate identity across services; avoid per-service credential stores
26
+
27
+ ### Authorization
28
+ - RBAC for coarse-grained access (admin, editor, viewer)
29
+ - ABAC for fine-grained policies (resource owner, department, time)
30
+ - Policy-as-code: OPA/Rego, Cedar, or equivalent
31
+ - Evaluate authorization server-side on every request
32
+ - Audit all access decisions; log denials prominently
33
+
34
+ ### OAuth 2.0 / OIDC
35
+ - Use Authorization Code flow with PKCE for web and mobile
36
+ - Client Credentials for service-to-service
37
+ - Validate tokens server-side; do not trust client-side token claims
38
+ - Rotate client secrets regularly
39
+ - Restrict redirect URIs to exact match
40
+
41
+ ## Network Security
42
+
43
+ ### Segmentation
44
+ - Separate trust zones: public, DMZ, internal, sensitive data
45
+ - Network policies restrict traffic between zones
46
+ - Service-to-service communication over mTLS
47
+ - Egress filtering: allowlist outbound destinations
48
+
49
+ ### API Gateway
50
+ - Centralize authentication, rate limiting, and logging
51
+ - Terminate TLS at the gateway
52
+ - Input validation and request size limits at the edge
53
+ - IP allowlisting for admin and internal APIs
54
+
55
+ ### DNS Security
56
+ - DNSSEC for domain integrity
57
+ - DNS-over-HTTPS or DNS-over-TLS for privacy
58
+ - Monitor for subdomain takeover on deprovisioned infrastructure
59
+
60
+ ## Data Protection
61
+
62
+ ### Encryption
63
+ - TLS 1.2+ for all data in transit
64
+ - AES-256-GCM or ChaCha20-Poly1305 for data at rest
65
+ - Key management via HSM or cloud KMS; never store keys alongside data
66
+ - Rotate encryption keys on a schedule and on suspected compromise
67
+ - Envelope encryption for large data volumes
68
+
69
+ ### Classification
70
+ - Public: no restrictions
71
+ - Internal: accessible to authenticated employees
72
+ - Confidential: restricted to authorized roles
73
+ - Restricted: PII, financial, health data; strongest controls
74
+
75
+ ### Data Lifecycle
76
+ - Retention policies defined per data class
77
+ - Automated deletion at end of retention period
78
+ - Secure deletion: cryptographic erasure or verified overwrite
79
+ - Backup encryption with separately managed keys
80
+
81
+ ## Secrets Management
82
+
83
+ - Use a dedicated secrets manager (Vault, AWS Secrets Manager, etc.)
84
+ - Inject secrets at runtime, never at build time
85
+ - Audit secret access with who, when, and from where
86
+ - Rotate secrets on schedule and immediately on suspected exposure
87
+ - Detect and alert on secret sprawl (secrets in repos, configs, logs)
88
+
89
+ ## Defense in Depth
90
+
91
+ Layer controls so that no single failure compromises the system:
92
+
93
+ 1. **Perimeter**: WAF, DDoS protection, edge rate limiting
94
+ 2. **Network**: segmentation, firewall rules, mTLS
95
+ 3. **Application**: input validation, output encoding, auth checks
96
+ 4. **Data**: encryption, access control, audit logging
97
+ 5. **Monitoring**: anomaly detection, alerting, incident response
98
+
99
+ ## Compliance Considerations
100
+
101
+ - Map controls to relevant frameworks: SOC 2, ISO 27001, PCI-DSS, HIPAA
102
+ - Maintain evidence of control effectiveness
103
+ - Automate compliance checks where possible
104
+ - Review and update controls quarterly
105
+ - Document accepted risks with business justification and owner
@@ -0,0 +1,127 @@
1
+ <!--
2
+ skills/development/cpp.md — C/C++ Best Practices — Use this skill when writing, reviewing, or debugging C or C++ code.
3
+
4
+ Use this skill when writing, reviewing, or debugging C or C++ code. ## Project Structure
5
+ -->
6
+ # C/C++ Best Practices
7
+
8
+ Use this skill when writing, reviewing, or debugging C or C++ code.
9
+
10
+ ## Project Structure
11
+
12
+ ```
13
+ include/
14
+ project/
15
+ module.h
16
+ src/
17
+ module.cpp
18
+ main.cpp
19
+ tests/
20
+ test_module.cpp
21
+ CMakeLists.txt
22
+ ```
23
+
24
+ - Separate headers (public API) from implementation
25
+ - CMake as the build system; `CMakeLists.txt` per directory
26
+ - Keep header dependencies minimal; forward-declare when possible
27
+ - One class or module per header/source pair
28
+
29
+ ## Tooling
30
+
31
+ | Tool | Purpose |
32
+ |---|---|
33
+ | clang-format | Formatting |
34
+ | clang-tidy | Static analysis and modernization |
35
+ | AddressSanitizer (ASan) | Memory error detection |
36
+ | UndefinedBehaviorSanitizer (UBSan) | Undefined behavior detection |
37
+ | Valgrind | Memory leak detection |
38
+ | GoogleTest / Catch2 | Testing |
39
+ | gcov / llvm-cov | Coverage |
40
+ | cppcheck | Additional static analysis |
41
+
42
+ ## Modern C++ (C++17/20/23)
43
+
44
+ - `std::string_view` over `const std::string&` for read-only string parameters
45
+ - `std::optional<T>` for values that may be absent
46
+ - `std::variant` for type-safe unions
47
+ - Structured bindings: `auto [key, value] = pair;`
48
+ - `if constexpr` for compile-time branching
49
+ - `std::span` for non-owning views of contiguous data
50
+ - Range-based for loops; `<ranges>` for composable transformations
51
+
52
+ ## Memory Management
53
+
54
+ ### RAII (Resource Acquisition Is Initialization)
55
+ - Every resource (memory, file handle, lock, socket) owned by an object
56
+ - Acquisition in constructor; release in destructor
57
+ - No manual `new`/`delete` in application code
58
+
59
+ ### Smart Pointers
60
+ - `std::unique_ptr`: single ownership, zero overhead
61
+ - `std::shared_ptr`: shared ownership when genuinely needed (rare)
62
+ - `std::weak_ptr`: breaking cycles in shared ownership
63
+ - Raw pointers only for non-owning observation; never manage lifetime
64
+
65
+ ### Containers
66
+ - `std::vector` as the default container
67
+ - `std::array` for fixed-size collections
68
+ - `std::unordered_map` for fast lookup; `std::map` when order matters
69
+ - Reserve capacity when the size is known: `vec.reserve(n)`
70
+
71
+ ## Error Handling
72
+
73
+ - Exceptions for C++: throw on failure, catch at boundaries
74
+ - `std::expected<T, E>` (C++23) or equivalent library for value-or-error returns
75
+ - `noexcept` on functions that do not throw (move constructors, destructors)
76
+ - Never throw from destructors
77
+ - C: return error codes; check every return value; use `errno` correctly
78
+
79
+ ## Concurrency
80
+
81
+ - `std::thread` with `std::jthread` (C++20) for automatic join
82
+ - `std::mutex` and `std::lock_guard` / `std::scoped_lock` for synchronization
83
+ - `std::atomic` for lock-free operations on simple types
84
+ - `std::async` and `std::future` for task-based parallelism
85
+ - Avoid data races: either protect with mutex or use atomics
86
+ - Thread sanitizer (`-fsanitize=thread`) in CI
87
+
88
+ ## Testing
89
+
90
+ - GoogleTest or Catch2 for unit and integration tests
91
+ - `TEST` macros for test definition; `EXPECT_*` / `REQUIRE` for assertions
92
+ - CTest for test orchestration via CMake
93
+ - Run with sanitizers enabled in CI
94
+ - Fuzz testing with libFuzzer or AFL++ for input-handling code
95
+
96
+ ## Performance
97
+
98
+ - Profile first: `perf`, `Instruments`, `VTune`
99
+ - Minimize allocations: stack allocation > pool allocation > heap allocation
100
+ - Cache-friendly data layout: struct-of-arrays over array-of-structs when iterating
101
+ - Avoid virtual dispatch in hot paths when static polymorphism suffices (CRTP)
102
+ - `constexpr` for compile-time computation
103
+ - Link-time optimization (`-flto`) for cross-unit inlining
104
+
105
+ ## Build System
106
+
107
+ - CMake with modern targets: `target_link_libraries`, `target_include_directories`
108
+ - Compile with warnings: `-Wall -Wextra -Wpedantic -Werror`
109
+ - Enable sanitizers in debug/CI builds
110
+ - Use `FetchContent` or `vcpkg`/`conan` for dependency management
111
+ - Separate build directories for debug and release
112
+
113
+ ## Security
114
+
115
+ - Bounds-checked alternatives: `std::span`, `std::string_view`, `at()` over `[]`
116
+ - Stack buffer overflow: use `std::array` or `std::vector` instead of C arrays
117
+ - Format string safety: never pass user input as a format string
118
+ - Integer overflow: use safe integer libraries or explicit checks
119
+ - Run ASan, UBSan, and thread sanitizer in CI
120
+
121
+ ## Anti-Patterns
122
+
123
+ - Manual `new`/`delete` without RAII wrappers
124
+ - `void*` and C-style casts in C++ code
125
+ - Macros for constants or functions (use `constexpr` and templates)
126
+ - Header-only libraries for large codebases (compile time explosion)
127
+ - Premature optimization with `inline` or manual memory management
@@ -0,0 +1,129 @@
1
+ <!--
2
+ skills/development/go.md — Go Best Practices — Use this skill when writing, reviewing, or debugging Go code.
3
+
4
+ Use this skill when writing, reviewing, or debugging Go code. ## Project Structure
5
+ -->
6
+ # Go Best Practices
7
+
8
+ Use this skill when writing, reviewing, or debugging Go code.
9
+
10
+ ## Project Structure
11
+
12
+ ```
13
+ cmd/
14
+ server/
15
+ main.go
16
+ internal/
17
+ handler/
18
+ service/
19
+ repository/
20
+ model/
21
+ pkg/
22
+ shared-lib/
23
+ go.mod
24
+ go.sum
25
+ ```
26
+
27
+ - `cmd/` for entry points; `internal/` for private packages; `pkg/` for public libraries
28
+ - Keep `main.go` thin: parse config, wire dependencies, start server
29
+ - One package per directory; package name matches directory name
30
+
31
+ ## Tooling
32
+
33
+ | Tool | Purpose |
34
+ |---|---|
35
+ | gofmt / goimports | Formatting (non-negotiable) |
36
+ | golangci-lint | Comprehensive linting (replaces individual linters) |
37
+ | go vet | Static analysis |
38
+ | go test -race | Race condition detection |
39
+ | govulncheck | Vulnerability scanning |
40
+ | delve | Debugging |
41
+
42
+ ## Error Handling
43
+
44
+ - Return errors as the last return value
45
+ - Wrap errors with context: `fmt.Errorf("fetch user %d: %w", id, err)`
46
+ - Use `errors.Is` and `errors.As` for type-safe error checking
47
+ - Define sentinel errors for expected conditions: `var ErrNotFound = errors.New("not found")`
48
+ - Custom error types for structured error information
49
+ - Handle every returned error; never use `_` for errors without justification
50
+
51
+ ## Concurrency
52
+
53
+ ### Goroutines
54
+ - Always ensure goroutines can terminate (use context cancellation)
55
+ - Use `sync.WaitGroup` to wait for goroutine completion
56
+ - Prefer `errgroup.Group` for goroutines that return errors
57
+ - Limit goroutine count with semaphores or worker pools
58
+
59
+ ### Channels
60
+ - Prefer channels for communication; mutexes for protecting shared state
61
+ - Buffered channels for known producer-consumer rates
62
+ - Close channels from the sender side only
63
+ - Use `select` with `context.Done()` for cancellation
64
+
65
+ ### Context
66
+ - Pass `context.Context` as the first parameter to functions
67
+ - Use `context.WithTimeout` for all external calls
68
+ - Propagate context through the entire call chain
69
+ - Never store context in structs
70
+
71
+ ## Interfaces
72
+
73
+ - Define interfaces at the consumer, not the provider
74
+ - Keep interfaces small: 1-3 methods
75
+ - Accept interfaces, return structs
76
+ - Use interface embedding for composition
77
+ - Avoid premature abstraction; extract interfaces when a second implementation appears
78
+
79
+ ## Testing
80
+
81
+ - Table-driven tests for multiple cases
82
+ - `testing.T.Helper()` for test helper functions
83
+ - Use `testify` or standard library assertions
84
+ - `httptest` for HTTP handler testing
85
+ - Test with `-race` flag in CI
86
+ - Use `t.Parallel()` for independent tests
87
+ - `go test -coverprofile` for coverage analysis
88
+
89
+ ## Performance
90
+
91
+ - Profile with `pprof`: CPU, memory, goroutine, mutex
92
+ - Avoid allocations in hot paths; reuse buffers with `sync.Pool`
93
+ - Pre-allocate slices with `make([]T, 0, expectedCap)`
94
+ - Use `strings.Builder` for string concatenation
95
+ - Benchmark with `testing.B` before and after optimization
96
+ - Avoid reflection in performance-critical code
97
+
98
+ ## Patterns
99
+
100
+ ### Dependency Injection
101
+ - Constructor functions: `func NewService(repo Repository) *Service`
102
+ - Wire dependencies in `main.go` or with a DI tool (wire, fx)
103
+ - Interfaces for external dependencies enable testing with mocks
104
+
105
+ ### Options Pattern
106
+ - `func NewServer(opts ...Option)` for configurable constructors
107
+ - Each option is a function that modifies a config struct
108
+ - Provides good defaults with optional overrides
109
+
110
+ ### Middleware
111
+ - `func(http.Handler) http.Handler` for HTTP middleware
112
+ - Chain: logging, auth, rate limiting, recovery
113
+ - Keep middleware focused on cross-cutting concerns
114
+
115
+ ## Security
116
+
117
+ - Use `crypto/rand` for random values, never `math/rand` for security
118
+ - Validate all user input at handler boundaries
119
+ - Use parameterized queries; avoid string interpolation in SQL
120
+ - Set timeouts on HTTP servers and clients
121
+ - Use `gosec` and `govulncheck` in CI
122
+
123
+ ## Anti-Patterns
124
+
125
+ - `init()` functions for complex initialization (hard to test)
126
+ - Package-level mutable variables (hidden global state)
127
+ - Ignoring errors with `_`
128
+ - Goroutine leaks (no cancellation mechanism)
129
+ - Overusing `interface{}` / `any` when concrete types are known