@geraldmaron/construct 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -4
- package/agents/prompts/cx-accessibility.md +3 -3
- package/agents/prompts/cx-ai-engineer.md +7 -7
- package/agents/prompts/cx-architect.md +6 -6
- package/agents/prompts/cx-business-strategist.md +6 -6
- package/agents/prompts/cx-data-analyst.md +7 -7
- package/agents/prompts/cx-data-engineer.md +3 -3
- package/agents/prompts/cx-debugger.md +6 -6
- package/agents/prompts/cx-designer.md +5 -5
- package/agents/prompts/cx-devil-advocate.md +4 -4
- package/agents/prompts/cx-docs-keeper.md +5 -5
- package/agents/prompts/cx-engineer.md +5 -5
- package/agents/prompts/cx-evaluator.md +2 -2
- package/agents/prompts/cx-explorer.md +8 -8
- package/agents/prompts/cx-legal-compliance.md +2 -2
- package/agents/prompts/cx-operations.md +5 -5
- package/agents/prompts/cx-orchestrator.md +10 -10
- package/agents/prompts/cx-platform-engineer.md +5 -5
- package/agents/prompts/cx-product-manager.md +4 -4
- package/agents/prompts/cx-qa.md +8 -8
- package/agents/prompts/cx-rd-lead.md +9 -9
- package/agents/prompts/cx-release-manager.md +5 -5
- package/agents/prompts/cx-researcher.md +22 -22
- package/agents/prompts/cx-reviewer.md +7 -7
- package/agents/prompts/cx-security.md +10 -10
- package/agents/prompts/cx-sre.md +7 -7
- package/agents/prompts/cx-test-automation.md +3 -3
- package/agents/prompts/cx-trace-reviewer.md +8 -8
- package/agents/prompts/cx-ux-researcher.md +3 -3
- package/bin/construct +235 -21
- package/commands/build/feature.md +4 -4
- package/commands/build/fix.md +8 -8
- package/commands/design/access.md +3 -3
- package/commands/design/flow.md +3 -3
- package/commands/design/ui.md +4 -4
- package/commands/measure/experiment.md +5 -5
- package/commands/measure/metrics.md +3 -3
- package/commands/measure/results.md +4 -4
- package/commands/plan/api.md +3 -3
- package/commands/plan/challenge.md +3 -3
- package/commands/plan/decide.md +3 -3
- package/commands/plan/feature.md +7 -7
- package/commands/plan/requirements.md +3 -3
- package/commands/remember/context.md +5 -5
- package/commands/remember/handoff.md +3 -3
- package/commands/remember/runbook.md +3 -3
- package/commands/review/code.md +8 -8
- package/commands/review/quality.md +4 -4
- package/commands/review/security.md +3 -3
- package/commands/ship/ready.md +3 -3
- package/commands/ship/release.md +3 -3
- package/commands/ship/status.md +4 -4
- package/commands/understand/docs.md +3 -3
- package/commands/understand/this.md +4 -4
- package/commands/understand/why.md +8 -8
- package/commands/work/clean.md +14 -14
- package/commands/work/drive.md +10 -10
- package/commands/work/optimize-prompts.md +9 -9
- package/commands/work/parallel-review.md +8 -8
- package/db/schema/006_graph.sql +24 -0
- package/examples/provider-plugin/README.md +7 -7
- package/examples/seed-observations/README.md +6 -6
- package/examples/seed-observations/anti-patterns.md +14 -14
- package/examples/seed-observations/decisions.md +4 -4
- package/examples/seed-observations/patterns.md +14 -14
- package/lib/auto-docs.mjs +8 -3
- package/lib/cli-commands.mjs +2 -2
- package/lib/flavors/loader.mjs +1 -1
- package/lib/knowledge/graph.mjs +213 -0
- package/lib/mcp/server.mjs +187 -1
- package/lib/mcp/tools/profile.mjs +270 -0
- package/package.json +1 -1
- package/platforms/claude/CLAUDE.md +6 -6
- package/rules/common/agents.md +2 -2
- package/rules/common/beads-hygiene.md +11 -11
- package/rules/common/code-review.md +1 -1
- package/rules/common/coding-style.md +1 -1
- package/rules/common/comments.md +8 -8
- package/rules/common/commit-approval.md +4 -4
- package/rules/common/cx-agent-routing.md +2 -2
- package/rules/common/cx-skill-routing.md +2 -2
- package/rules/common/development-workflow.md +1 -1
- package/rules/common/doc-ownership.md +2 -2
- package/rules/common/efficiency.md +3 -3
- package/rules/common/framing.md +1 -1
- package/rules/common/git-workflow.md +1 -1
- package/rules/common/patterns.md +1 -1
- package/rules/common/performance.md +1 -1
- package/rules/common/release-gates.md +7 -7
- package/rules/common/research.md +4 -4
- package/rules/common/security.md +1 -1
- package/rules/common/skill-composition.md +8 -8
- package/rules/common/testing.md +1 -1
- package/rules/golang/coding-style.md +2 -2
- package/rules/golang/hooks.md +1 -1
- package/rules/golang/patterns.md +1 -1
- package/rules/golang/security.md +1 -1
- package/rules/golang/testing.md +1 -1
- package/rules/python/coding-style.md +1 -1
- package/rules/python/hooks.md +1 -1
- package/rules/python/patterns.md +1 -1
- package/rules/python/security.md +1 -1
- package/rules/python/testing.md +1 -1
- package/rules/swift/coding-style.md +3 -3
- package/rules/swift/hooks.md +2 -2
- package/rules/swift/patterns.md +2 -2
- package/rules/swift/security.md +4 -4
- package/rules/swift/testing.md +2 -2
- package/rules/typescript/coding-style.md +1 -1
- package/rules/typescript/hooks.md +1 -1
- package/rules/typescript/patterns.md +1 -1
- package/rules/typescript/security.md +1 -1
- package/rules/typescript/testing.md +1 -1
- package/rules/web/coding-style.md +1 -1
- package/rules/web/design-quality.md +1 -1
- package/rules/web/hooks.md +1 -1
- package/rules/web/patterns.md +1 -1
- package/rules/web/performance.md +1 -1
- package/rules/web/security.md +1 -1
- package/rules/web/testing.md +1 -1
- package/skills/ai/agent-dev.md +1 -1
- package/skills/ai/llm-security.md +1 -1
- package/skills/ai/ml-ops.md +6 -6
- package/skills/ai/orchestration-workflow.md +1 -1
- package/skills/ai/prompt-and-eval.md +1 -1
- package/skills/ai/prompt-optimizer.md +13 -13
- package/skills/ai/rag-system.md +1 -1
- package/skills/architecture/api-design.md +1 -1
- package/skills/architecture/caching.md +1 -1
- package/skills/architecture/cloud-native.md +1 -1
- package/skills/architecture/message-queue.md +1 -1
- package/skills/architecture/security-arch.md +1 -1
- package/skills/compliance/ai-disclosure.md +1 -1
- package/skills/compliance/data-privacy.md +1 -1
- package/skills/compliance/license-audit.md +2 -2
- package/skills/compliance/regulatory-review.md +1 -1
- package/skills/development/cpp.md +1 -1
- package/skills/development/go.md +1 -1
- package/skills/development/java.md +1 -1
- package/skills/development/kotlin.md +9 -9
- package/skills/development/mobile-crossplatform.md +13 -13
- package/skills/development/python.md +1 -1
- package/skills/development/rust.md +1 -1
- package/skills/development/shell.md +1 -1
- package/skills/development/swift.md +6 -6
- package/skills/development/typescript.md +1 -1
- package/skills/devops/ci-cd.md +5 -5
- package/skills/devops/containerization.md +9 -9
- package/skills/devops/cost-optimization.md +1 -1
- package/skills/devops/data-engineering.md +2 -2
- package/skills/devops/database.md +1 -1
- package/skills/devops/dependency-management.md +3 -3
- package/skills/devops/devsecops.md +1 -1
- package/skills/devops/git-workflow.md +1 -1
- package/skills/devops/incident-response.md +18 -18
- package/skills/devops/monorepo.md +5 -5
- package/skills/devops/observability.md +1 -1
- package/skills/devops/performance.md +1 -1
- package/skills/devops/testing.md +1 -1
- package/skills/docs/adr-workflow.md +2 -2
- package/skills/docs/backlog-proposal-workflow.md +1 -1
- package/skills/docs/customer-profile-workflow.md +1 -1
- package/skills/docs/document-ingest-workflow.md +1 -1
- package/skills/docs/evidence-ingest-workflow.md +1 -1
- package/skills/docs/init-docs.md +15 -15
- package/skills/docs/init-project.md +1 -1
- package/skills/docs/prd-workflow.md +3 -3
- package/skills/docs/prfaq-workflow.md +1 -1
- package/skills/docs/product-intelligence-review.md +1 -1
- package/skills/docs/product-intelligence-workflow.md +1 -1
- package/skills/docs/product-signal-workflow.md +9 -9
- package/skills/docs/research-workflow.md +10 -10
- package/skills/docs/runbook-workflow.md +2 -2
- package/skills/docs/strategy-workflow.md +3 -3
- package/skills/exploration/repo-map.md +11 -11
- package/skills/frameworks/django.md +15 -15
- package/skills/frameworks/nextjs.md +16 -16
- package/skills/frameworks/react.md +12 -12
- package/skills/frameworks/spring-boot.md +12 -12
- package/skills/frontend-design/accessibility.md +6 -6
- package/skills/frontend-design/component-patterns.md +1 -1
- package/skills/frontend-design/engineering.md +1 -1
- package/skills/frontend-design/state-management.md +1 -1
- package/skills/frontend-design/ui-aesthetics.md +1 -1
- package/skills/frontend-design/ux-principles.md +1 -1
- package/skills/operating/orchestration-reference.md +27 -27
- package/skills/quality-gates/review-work.md +3 -3
- package/skills/quality-gates/verify-change.md +1 -1
- package/skills/quality-gates/verify-module.md +1 -1
- package/skills/quality-gates/verify-quality.md +1 -1
- package/skills/quality-gates/verify-security.md +1 -1
- package/skills/routing.md +14 -14
- package/skills/security/blue-team.md +1 -1
- package/skills/security/code-audit.md +1 -1
- package/skills/security/pentest.md +1 -1
- package/skills/security/red-team.md +1 -1
- package/skills/security/threat-intel.md +1 -1
- package/skills/security/vuln-research.md +1 -1
- package/skills/utility/clean-code.md +2 -2
- package/templates/docs/changelog-entry.md +1 -1
- package/templates/docs/construct_guide.md +13 -13
- package/templates/docs/meta-prd.md +16 -16
- package/templates/docs/one-pager.md +1 -1
- package/templates/docs/prd-business.md +1 -1
- package/templates/docs/prd-platform.md +1 -1
- package/templates/docs/prd.md +17 -17
- package/templates/docs/research-brief.md +8 -8
- package/templates/docs/rfc.md +1 -1
- package/templates/docs/strategy.md +1 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/kotlin.md
|
|
2
|
+
skills/development/kotlin.md (Kotlin / Android Development) | Scope | Use when |
|
|
3
3
|
|
|
4
4
|
## Coroutines & Flows ### Coroutine scope discipline
|
|
5
5
|
-->
|
|
@@ -14,7 +14,7 @@ skills/development/kotlin.md — Kotlin / Android Development — | Scope | Use
|
|
|
14
14
|
| `viewModelScope` | ViewModel-bound work; auto-cancelled on clear |
|
|
15
15
|
| `lifecycleScope` | Fragment/Activity-bound; cancelled on destroy |
|
|
16
16
|
| `rememberCoroutineScope()` | Compose-scoped; cancelled on composition exit |
|
|
17
|
-
| `GlobalScope` | Never
|
|
17
|
+
| `GlobalScope` | Never: uncontrolled lifetime |
|
|
18
18
|
|
|
19
19
|
```kotlin
|
|
20
20
|
class ItemViewModel(private val repo: ItemRepository) : ViewModel() {
|
|
@@ -31,7 +31,7 @@ class ItemViewModel(private val repo: ItemRepository) : ViewModel() {
|
|
|
31
31
|
|
|
32
32
|
### Flow operators
|
|
33
33
|
|
|
34
|
-
- `stateIn(scope, SharingStarted.WhileSubscribed(5_000), initial)
|
|
34
|
+
- `stateIn(scope, SharingStarted.WhileSubscribed(5_000), initial)`: converts cold flow to hot StateFlow for UI consumption
|
|
35
35
|
- `map`, `filter`, `distinctUntilChanged`, `debounce` for transform chains
|
|
36
36
|
- `combine` for merging multiple flows
|
|
37
37
|
- Use `flowOn(Dispatchers.IO)` for upstream CPU/IO work; do not switch dispatchers in the collector
|
|
@@ -43,7 +43,7 @@ class ItemViewModel(private val repo: ItemRepository) : ViewModel() {
|
|
|
43
43
|
| `Dispatchers.Main` | UI updates |
|
|
44
44
|
| `Dispatchers.IO` | Network, disk, database |
|
|
45
45
|
| `Dispatchers.Default` | CPU-intensive work |
|
|
46
|
-
| `Dispatchers.Unconfined` | Rarely
|
|
46
|
+
| `Dispatchers.Unconfined` | Rarely: only in tests |
|
|
47
47
|
|
|
48
48
|
## Jetpack Compose
|
|
49
49
|
|
|
@@ -69,7 +69,7 @@ fun ItemList(items: List<Item>, onDelete: (Item) -> Unit) { ... }
|
|
|
69
69
|
|
|
70
70
|
- `remember` expensive computations with stable keys
|
|
71
71
|
- `key(id) { ... }` in lazy lists to preserve item identity
|
|
72
|
-
- Avoid unstable lambdas
|
|
72
|
+
- Avoid unstable lambdas: use `remember { { ... } }` or stable function references
|
|
73
73
|
- Enable Compose compiler metrics to detect recomposition hot spots
|
|
74
74
|
- Prefer `LazyColumn` over `Column` for variable-length lists
|
|
75
75
|
|
|
@@ -134,7 +134,7 @@ Scoping: `@Singleton` for app-scoped, `@ActivityRetainedScoped` for ViewModel-li
|
|
|
134
134
|
|
|
135
135
|
## Common Pitfalls
|
|
136
136
|
|
|
137
|
-
- `collect` in `Fragment.onViewCreated` without `repeatOnLifecycle(STARTED)
|
|
138
|
-
- `StateFlow.value` reads in tests without collecting
|
|
139
|
-
- Leaking `Activity` context into long-lived objects
|
|
140
|
-
- `LazyColumn` with `items(list)` where `list` is `State<List<...>>` causing full recomposition
|
|
137
|
+
- `collect` in `Fragment.onViewCreated` without `repeatOnLifecycle(STARTED)`: causes collection after view destruction
|
|
138
|
+
- `StateFlow.value` reads in tests without collecting: use `turbine` or `runTest { first() }`
|
|
139
|
+
- Leaking `Activity` context into long-lived objects: use `applicationContext`
|
|
140
|
+
- `LazyColumn` with `items(list)` where `list` is `State<List<...>>` causing full recomposition: use `key` param
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/mobile-crossplatform.md
|
|
2
|
+
skills/development/mobile-crossplatform.md (Mobile Cross-Platform Development) Before choosing a framework, answer:
|
|
3
3
|
|
|
4
4
|
## Decision Framework: Native vs Cross-Platform Before choosing a framework, answer:
|
|
5
5
|
-->
|
|
@@ -13,11 +13,11 @@ Before choosing a framework, answer:
|
|
|
13
13
|
|---|---|---|
|
|
14
14
|
| Platform-specific APIs needed (ARKit, Health, NFC)? | Yes | No |
|
|
15
15
|
| Animation fidelity is a differentiator? | Yes | Partial |
|
|
16
|
-
| Single team, both platforms?
|
|
16
|
+
| Single team, both platforms? |: | Yes |
|
|
17
17
|
| Heavy use of platform OS widgets? | Yes | No |
|
|
18
|
-
| App is primarily data-display / CRUD?
|
|
19
|
-
| Existing web team?
|
|
20
|
-
| Existing Kotlin/Swift team? | Native
|
|
18
|
+
| App is primarily data-display / CRUD? |: | Yes |
|
|
19
|
+
| Existing web team? |: | React Native |
|
|
20
|
+
| Existing Kotlin/Swift team? | Native |: |
|
|
21
21
|
|
|
22
22
|
---
|
|
23
23
|
|
|
@@ -42,7 +42,7 @@ Future<List<Item>> items(ItemsRef ref) async {
|
|
|
42
42
|
|
|
43
43
|
### Performance
|
|
44
44
|
|
|
45
|
-
- `const` constructors everywhere possible
|
|
45
|
+
- `const` constructors everywhere possible: eliminates widget rebuilds
|
|
46
46
|
- `RepaintBoundary` around independently-animated subtrees
|
|
47
47
|
- Profile with Flutter DevTools → CPU flame chart + widget rebuild tracker
|
|
48
48
|
- `ListView.builder` for lazy lists; never `ListView(children: [...])` for long lists
|
|
@@ -78,8 +78,8 @@ testWidgets('shows items on load', (tester) async {
|
|
|
78
78
|
### New Architecture (React Native 0.74+)
|
|
79
79
|
|
|
80
80
|
Enable the New Architecture by default on new projects. Key changes:
|
|
81
|
-
- JSI replaces the async bridge
|
|
82
|
-
- Fabric replaces the native renderer
|
|
81
|
+
- JSI replaces the async bridge: sync native calls
|
|
82
|
+
- Fabric replaces the native renderer: concurrent React features work correctly
|
|
83
83
|
- TurboModules replace native modules
|
|
84
84
|
|
|
85
85
|
### State & logic sharing with web
|
|
@@ -130,11 +130,11 @@ export default function ItemScreen() { ... }
|
|
|
130
130
|
|
|
131
131
|
## Common Pitfalls (both frameworks)
|
|
132
132
|
|
|
133
|
-
- **Deep linking not tested until late
|
|
134
|
-
- **Push notifications complexity
|
|
135
|
-
- **Over-the-air update strategy
|
|
136
|
-
- **Platform capability divergence
|
|
137
|
-
- **Code signing automation
|
|
133
|
+
- **Deep linking not tested until late**: set up universal links / app links in week 1
|
|
134
|
+
- **Push notifications complexity**: Expo Notifications or Firebase Cloud Messaging; plan for permission states
|
|
135
|
+
- **Over-the-air update strategy**: define what can be OTA vs what requires App Store review
|
|
136
|
+
- **Platform capability divergence**: features available on iOS 17+ may be absent on Android 12; maintain a capability matrix
|
|
137
|
+
- **Code signing automation**: `fastlane match` (iOS) and keystore management (Android) require upfront investment; do it early
|
|
138
138
|
|
|
139
139
|
## When to go native anyway
|
|
140
140
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/python.md
|
|
2
|
+
skills/development/python.md (Python Best Practices) Use this skill when writing, reviewing, or debugging Python code.
|
|
3
3
|
|
|
4
4
|
Use this skill when writing, reviewing, or debugging Python code. ## Project Structure
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/rust.md
|
|
2
|
+
skills/development/rust.md (Rust Best Practices) Use this skill when writing, reviewing, or debugging Rust code.
|
|
3
3
|
|
|
4
4
|
Use this skill when writing, reviewing, or debugging Rust code. ## Project Structure
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/shell.md
|
|
2
|
+
skills/development/shell.md (Shell Scripting Best Practices) Use this skill when writing, reviewing, or debugging Bash, Zsh, or POSIX shell s
|
|
3
3
|
|
|
4
4
|
Use this skill when writing, reviewing, or debugging Bash, Zsh, or POSIX shell scripts. ## Script Header
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/swift.md
|
|
2
|
+
skills/development/swift.md (Swift / iOS Development) Swift 6 enforces data-race safety at compile time. Annotate isolation boundary e
|
|
3
3
|
|
|
4
4
|
## Concurrency (Swift 6 Strict Concurrency) Swift 6 enforces data-race safety at compile time. Annotate isolation boundary explicitly:
|
|
5
5
|
-->
|
|
@@ -26,7 +26,7 @@ Key rules:
|
|
|
26
26
|
- `Sendable` conformance on types crossing isolation boundaries
|
|
27
27
|
- Prefer `async/await` over completion handlers; avoid mixing the two
|
|
28
28
|
|
|
29
|
-
Common pitfall: `Task { }` inherits the actor context of its caller
|
|
29
|
+
Common pitfall: `Task { }` inherits the actor context of its caller: do not assume it runs on a background thread.
|
|
30
30
|
|
|
31
31
|
## SwiftUI Patterns
|
|
32
32
|
|
|
@@ -80,7 +80,7 @@ func testFetchReturnsItems() async throws {
|
|
|
80
80
|
|
|
81
81
|
### UI tests
|
|
82
82
|
|
|
83
|
-
Prefer `XCUITest` for critical flows only
|
|
83
|
+
Prefer `XCUITest` for critical flows only: it is slow and flaky. Supplement with snapshot tests (`swift-snapshot-testing`) for visual regression.
|
|
84
84
|
|
|
85
85
|
### Test doubles
|
|
86
86
|
|
|
@@ -119,11 +119,11 @@ View → ViewModel (@MainActor) → Repository (actor) → Network/DB
|
|
|
119
119
|
|
|
120
120
|
### The Composable Architecture (TCA)
|
|
121
121
|
|
|
122
|
-
Use TCA when state fan-out is complex or testability of reducers is a priority. Adds boilerplate
|
|
122
|
+
Use TCA when state fan-out is complex or testability of reducers is a priority. Adds boilerplate: evaluate against team familiarity.
|
|
123
123
|
|
|
124
124
|
## Common Pitfalls
|
|
125
125
|
|
|
126
|
-
- Do not call `@MainActor` methods from synchronous non-main contexts
|
|
126
|
+
- Do not call `@MainActor` methods from synchronous non-main contexts: use `Task { @MainActor in ... }`
|
|
127
127
|
- Avoid `DispatchQueue.main.async` in new code; use `await MainActor.run { }` instead
|
|
128
|
-
- `@StateObject` vs `@ObservedObject` confusion causes double-initialization bugs
|
|
128
|
+
- `@StateObject` vs `@ObservedObject` confusion causes double-initialization bugs: `@StateObject` only at the owner
|
|
129
129
|
- `List` with large datasets: use `lazy` loading or pagination; do not load everything into `@State`
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/development/typescript.md
|
|
2
|
+
skills/development/typescript.md (TypeScript Best Practices) Use this skill when writing, reviewing, or debugging TypeScript or JavaScript co
|
|
3
3
|
|
|
4
4
|
Use this skill when writing, reviewing, or debugging TypeScript or JavaScript code. ## Project Structure
|
|
5
5
|
-->
|
package/skills/devops/ci-cd.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/ci-cd.md
|
|
2
|
+
skills/devops/ci-cd.md (CI/CD) Use this skill when designing, debugging, or optimizing CI/CD pipelines.
|
|
3
3
|
|
|
4
4
|
Use this skill when designing, debugging, or optimizing CI/CD pipelines. ## Pipeline Stages
|
|
5
5
|
-->
|
|
@@ -11,12 +11,12 @@ Use this skill when designing, debugging, or optimizing CI/CD pipelines.
|
|
|
11
11
|
|
|
12
12
|
| Stage | Purpose | Tools | Failure Policy |
|
|
13
13
|
|---|---|---|---|
|
|
14
|
-
| Build | Compile, lint, typecheck | tsc, eslint, cargo check, go vet | Fail fast
|
|
14
|
+
| Build | Compile, lint, typecheck | tsc, eslint, cargo check, go vet | Fail fast: block all downstream stages |
|
|
15
15
|
| Test | Unit → integration → e2e | Jest, Pytest, go test, Playwright | Fail on any; parallelize within stage |
|
|
16
16
|
| Security Scan | SAST, dep audit, secrets detection | Semgrep, CodeQL, Trivy, gitleaks | Block on CRITICAL/HIGH; warn on MEDIUM |
|
|
17
17
|
| Deploy | Promote artifact through environments | GitHub Actions, ArgoCD, Helm | Gate on all prior stages passing |
|
|
18
18
|
|
|
19
|
-
Always run lint and typecheck before tests
|
|
19
|
+
Always run lint and typecheck before tests: they are faster and catch more errors per second of CI time.
|
|
20
20
|
|
|
21
21
|
## GitHub Actions
|
|
22
22
|
|
|
@@ -94,14 +94,14 @@ Never auto-deploy to production without a passing security scan and at least one
|
|
|
94
94
|
|
|
95
95
|
- Store secrets in the platform's encrypted secret store (GitHub Actions Secrets, GitLab CI Variables).
|
|
96
96
|
- Never hardcode secrets in workflow files or Dockerfiles.
|
|
97
|
-
- Mask secrets in logs
|
|
97
|
+
- Mask secrets in logs: CI platforms do this automatically for registered secrets; verify it works before relying on it.
|
|
98
98
|
- Rotate any secret immediately after a potential exposure; treat "may have leaked" the same as "did leak".
|
|
99
99
|
- Use OIDC-based short-lived tokens (GitHub OIDC → AWS/GCP/Azure) over long-lived service account keys wherever the cloud provider supports it.
|
|
100
100
|
|
|
101
101
|
## Speed Optimization
|
|
102
102
|
|
|
103
103
|
- Cache dependency layers keyed to lock file hash; a clean install on every run is a CI antipattern.
|
|
104
|
-
- Run lint and typecheck first
|
|
104
|
+
- Run lint and typecheck first: they fail fast and cost less than a full test suite.
|
|
105
105
|
- Split slow test suites across workers using matrix or `--shard` flags (Vitest, Jest, Playwright all support sharding).
|
|
106
106
|
- Parallelize independent test files; do not serialize unit tests.
|
|
107
107
|
- In monorepos, run only affected packages: `turbo run test --filter=[HEAD^1]` or `nx affected --target=test`.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/containerization.md
|
|
2
|
+
skills/devops/containerization.md (Containerization) Use this skill when writing Dockerfiles, optimizing image size, or securing cont
|
|
3
3
|
|
|
4
4
|
Use this skill when writing Dockerfiles, optimizing image size, or securing container builds. ## Multi-Stage Builds
|
|
5
5
|
-->
|
|
@@ -26,14 +26,14 @@ COPY --from=builder /app/node_modules ./node_modules
|
|
|
26
26
|
```
|
|
27
27
|
|
|
28
28
|
Runtime base image selection:
|
|
29
|
-
- `gcr.io/distroless/nodejs20-debian12
|
|
30
|
-
- `node:20-alpine
|
|
31
|
-
- `scratch
|
|
29
|
+
- `gcr.io/distroless/nodejs20-debian12`: no shell, no package manager, smallest attack surface for Node.
|
|
30
|
+
- `node:20-alpine`: shell available for debugging; use when distroless breaks scripts.
|
|
31
|
+
- `scratch`: static binaries only (Go, Rust with `musl`).
|
|
32
32
|
- Never use `debian`, `ubuntu`, or `node:20` (Debian-based) as a production runtime base; they carry thousands of unnecessary packages.
|
|
33
33
|
|
|
34
34
|
## Layer Caching
|
|
35
35
|
|
|
36
|
-
Order layers by change frequency
|
|
36
|
+
Order layers by change frequency: least-changed first:
|
|
37
37
|
|
|
38
38
|
1. Base OS packages (`RUN apk add ...`)
|
|
39
39
|
2. App dependencies (`COPY package*.json ./` then `RUN npm ci`)
|
|
@@ -54,7 +54,7 @@ RUN apk add --no-cache curl git && \
|
|
|
54
54
|
rm -rf /var/cache/apk/*
|
|
55
55
|
```
|
|
56
56
|
|
|
57
|
-
Never put cache cleanup in a separate `RUN
|
|
57
|
+
Never put cache cleanup in a separate `RUN`: it creates a new layer that does not reclaim space from the previous layer.
|
|
58
58
|
|
|
59
59
|
## Security
|
|
60
60
|
|
|
@@ -67,7 +67,7 @@ Never put cache cleanup in a separate `RUN` — it creates a new layer that does
|
|
|
67
67
|
| No `apt-get upgrade` | Pin the base image digest instead; `upgrade` produces non-reproducible layers |
|
|
68
68
|
| Read-only filesystem | Pass `--read-only` at runtime; mount writable tmpfs only for paths that need writes |
|
|
69
69
|
|
|
70
|
-
Never use `ADD` with a URL
|
|
70
|
+
Never use `ADD` with a URL: it bypasses layer caching in unpredictable ways and cannot be verified. Use `COPY` for local files and `curl` + checksum verification for remote files.
|
|
71
71
|
|
|
72
72
|
## Image Scanning
|
|
73
73
|
|
|
@@ -94,7 +94,7 @@ HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 \
|
|
|
94
94
|
|
|
95
95
|
Use an HTTP endpoint for web services. Use a process check (`pgrep`) only for non-HTTP workloads.
|
|
96
96
|
|
|
97
|
-
Kubernetes uses separate liveness, readiness, and startup probes
|
|
97
|
+
Kubernetes uses separate liveness, readiness, and startup probes: configure those in the deployment manifest, not in the Dockerfile. The Docker `HEALTHCHECK` is relevant for `docker run` and Docker Compose only.
|
|
98
98
|
|
|
99
99
|
## Size Optimization
|
|
100
100
|
|
|
@@ -102,5 +102,5 @@ Kubernetes uses separate liveness, readiness, and startup probes — configure t
|
|
|
102
102
|
- `--no-install-recommends` with `apt-get install` eliminates suggested packages.
|
|
103
103
|
- Always clean package manager caches in the same `RUN` layer as the install command.
|
|
104
104
|
- Use `COPY --chown=app:app` instead of a separate `RUN chown` to avoid a wasted layer.
|
|
105
|
-
- Multi-stage builds remove all build tools, source files, and intermediate artifacts automatically
|
|
105
|
+
- Multi-stage builds remove all build tools, source files, and intermediate artifacts automatically: they are the single highest-impact size reduction technique.
|
|
106
106
|
- For Go and Rust, build a statically linked binary (`CGO_ENABLED=0` for Go, `musl` target for Rust) and copy it into `scratch` or distroless for a final image under 20 MB.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/cost-optimization.md
|
|
2
|
+
skills/devops/cost-optimization.md (Cloud Cost Optimization) Use this skill when reducing cloud spend, right-sizing resources, or implementin
|
|
3
3
|
|
|
4
4
|
Use this skill when reducing cloud spend, right-sizing resources, or implementing FinOps practices. ## Cost Visibility
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/data-engineering.md
|
|
2
|
+
skills/devops/data-engineering.md (Data Engineering) 1. **Idempotency**: pipelines can run multiple times without duplicating data
|
|
3
3
|
|
|
4
4
|
## Core Principles 1. **Idempotency**: pipelines can run multiple times without duplicating data
|
|
5
5
|
-->
|
|
@@ -59,7 +59,7 @@ stream = env \
|
|
|
59
59
|
env.execute("Orders Streaming Pipeline")
|
|
60
60
|
```
|
|
61
61
|
|
|
62
|
-
Watermarks define event-time handling for late-arriving events
|
|
62
|
+
Watermarks define event-time handling for late-arriving events: configure based on source latency SLA.
|
|
63
63
|
|
|
64
64
|
## Data Modeling
|
|
65
65
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/database.md
|
|
2
|
+
skills/devops/database.md (Database Patterns) Use this skill when designing schemas, writing migrations, optimizing queries, o
|
|
3
3
|
|
|
4
4
|
Use this skill when designing schemas, writing migrations, optimizing queries, or selecting databases. ## Schema Design
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/dependency-management.md
|
|
2
|
+
skills/devops/dependency-management.md (Dependency Management) Use this skill when managing package upgrades, resolving CVEs, or establishing l
|
|
3
3
|
|
|
4
4
|
Use this skill when managing package upgrades, resolving CVEs, or establishing lock file and versioning policy. ## Lock File Hygiene
|
|
5
5
|
-->
|
|
@@ -11,7 +11,7 @@ Use this skill when managing package upgrades, resolving CVEs, or establishing l
|
|
|
11
11
|
|
|
12
12
|
- Always commit lock files: `package-lock.json`, `yarn.lock`, `pnpm-lock.yaml`, `go.sum`, `Cargo.lock`.
|
|
13
13
|
- Never delete and regenerate a lock file without reviewing the full diff; regeneration silently upgrades all transitive dependencies.
|
|
14
|
-
- Review lock file diffs in PRs for unexpected transitive version changes
|
|
14
|
+
- Review lock file diffs in PRs for unexpected transitive version changes: these are where supply chain attacks hide.
|
|
15
15
|
- Do not add lock files to `.gitignore`; they are the reproducibility contract for the build.
|
|
16
16
|
- A PR that changes only the lock file (no `package.json` change) warrants careful scrutiny.
|
|
17
17
|
|
|
@@ -22,7 +22,7 @@ Use this skill when managing package upgrades, resolving CVEs, or establishing l
|
|
|
22
22
|
| Dependabot | Daily/weekly schedule | One PR per package by default; group with `groups:` config | Patch: auto-merge if CI passes. Minor: batch weekly, manual review. Major: manual always. |
|
|
23
23
|
| Renovate | Configurable schedule | Group by ecosystem, semver range, or custom regex via `packageRules` | Auto-merge patch and minor with passing CI; use `stabilityDays: 3` to avoid merging on day of release |
|
|
24
24
|
|
|
25
|
-
Prefer Renovate for complex repos
|
|
25
|
+
Prefer Renovate for complex repos: its `rangeStrategy`, `grouping`, `stabilityDays`, and `automerge` controls are more expressive than Dependabot's.
|
|
26
26
|
|
|
27
27
|
Always require CI to pass before any auto-merge. Never auto-merge major version bumps.
|
|
28
28
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/devsecops.md
|
|
2
|
+
skills/devops/devsecops.md (DevSecOps) Use this skill when integrating security into CI/CD pipelines, managing supply c
|
|
3
3
|
|
|
4
4
|
Use this skill when integrating security into CI/CD pipelines, managing supply chain risk, or automating security scanning. ## Pipeline Security Stages
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/git-workflow.md
|
|
2
|
+
skills/devops/git-workflow.md (Git Workflow) Use this skill when establishing branching strategies, commit conventions, or co
|
|
3
3
|
|
|
4
4
|
Use this skill when establishing branching strategies, commit conventions, or code integration practices. ## Branching Strategies
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/incident-response.md
|
|
2
|
+
skills/devops/incident-response.md (Incident Response) | Sev | User impact | Response time | Example |
|
|
3
3
|
|
|
4
4
|
## Severity Levels | Sev | User impact | Response time | Example |
|
|
5
5
|
-->
|
|
@@ -14,7 +14,7 @@ skills/devops/incident-response.md — Incident Response — | Sev | User impact
|
|
|
14
14
|
| **P2** | Significant degradation, partial outage | < 1 hour | Elevated error rate, slow responses |
|
|
15
15
|
| **P3** | Minor impact, workaround available | Best effort / next business day | Single user affected, cosmetic |
|
|
16
16
|
|
|
17
|
-
Define severity in your runbook and assign it early
|
|
17
|
+
Define severity in your runbook and assign it early: it determines escalation and comms cadence.
|
|
18
18
|
|
|
19
19
|
## The Response Loop
|
|
20
20
|
|
|
@@ -36,9 +36,9 @@ Healthy detection requires:
|
|
|
36
36
|
Declare an incident early, even if uncertain. It is easier to downgrade than to delay comms.
|
|
37
37
|
|
|
38
38
|
1. Create incident channel: `#incident-YYYY-MM-DD-brief-description`
|
|
39
|
-
2. Assign **Incident Commander (IC)
|
|
40
|
-
3. Assign **Scribe
|
|
41
|
-
4. Assign **Comms Lead
|
|
39
|
+
2. Assign **Incident Commander (IC)**: one person owns the call and all decisions
|
|
40
|
+
3. Assign **Scribe**: records timeline, decisions, actions in real time
|
|
41
|
+
4. Assign **Comms Lead**: status page updates and stakeholder notifications
|
|
42
42
|
|
|
43
43
|
### Triage
|
|
44
44
|
|
|
@@ -53,14 +53,14 @@ IC asks: **"What is the user impact and is it getting better or worse?"**
|
|
|
53
53
|
|
|
54
54
|
Use `git log --since="2 hours ago"` and deployment logs to find the change vector.
|
|
55
55
|
|
|
56
|
-
### Mitigate (not root cause
|
|
56
|
+
### Mitigate (not root cause: stop the bleeding first)
|
|
57
57
|
|
|
58
58
|
Mitigation options in priority order:
|
|
59
|
-
1. **Rollback
|
|
60
|
-
2. **Feature flag off
|
|
61
|
-
3. **Traffic shift
|
|
62
|
-
4. **Scale up
|
|
63
|
-
5. **Restart**
|
|
59
|
+
1. **Rollback**: fastest if a recent deploy is the cause
|
|
60
|
+
2. **Feature flag off**: disable the failing feature
|
|
61
|
+
3. **Traffic shift**: route to a healthy region or canary
|
|
62
|
+
4. **Scale up**: if resource exhaustion is the cause
|
|
63
|
+
5. **Restart** (for stuck processes (last resort) often hides root cause)
|
|
64
64
|
|
|
65
65
|
Do NOT wait for a perfect fix. Mitigate first, fix properly after users are unblocked.
|
|
66
66
|
|
|
@@ -107,12 +107,12 @@ Write the post-mortem within 48 hours while memory is fresh.
|
|
|
107
107
|
|
|
108
108
|
### Required sections
|
|
109
109
|
|
|
110
|
-
1. **Summary
|
|
111
|
-
2. **Timeline
|
|
112
|
-
3. **Root cause(s)
|
|
113
|
-
4. **Contributing factors
|
|
114
|
-
5. **What went well
|
|
115
|
-
6. **Action items
|
|
110
|
+
1. **Summary**: 3-sentence description of what happened, impact, and resolution
|
|
111
|
+
2. **Timeline**: chronological log with timestamps
|
|
112
|
+
3. **Root cause(s)**: use 5-whys to reach systemic causes, not surface symptoms
|
|
113
|
+
4. **Contributing factors**: process/tooling gaps that allowed the issue
|
|
114
|
+
5. **What went well**: detection worked, rollback was fast, etc.
|
|
115
|
+
6. **Action items**: concrete, assigned, time-bounded; not vague recommendations
|
|
116
116
|
|
|
117
117
|
### 5-Whys example
|
|
118
118
|
|
|
@@ -129,7 +129,7 @@ Action: Add query plan check to PR template + CI gate for slow queries
|
|
|
129
129
|
|
|
130
130
|
### Blameless culture
|
|
131
131
|
|
|
132
|
-
The post-mortem finds systemic failures, not individual errors. A person took an action that made sense given the information and tools available at the time
|
|
132
|
+
The post-mortem finds systemic failures, not individual errors. A person took an action that made sense given the information and tools available at the time: the question is why the system allowed that action to cause an outage.
|
|
133
133
|
|
|
134
134
|
## Runbook Template
|
|
135
135
|
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/monorepo.md
|
|
2
|
+
skills/devops/monorepo.md (Monorepo) Use this skill when selecting monorepo tooling, structuring packages, or optimiz
|
|
3
3
|
|
|
4
4
|
Use this skill when selecting monorepo tooling, structuring packages, or optimizing affected-only builds. ## Tool Selection
|
|
5
5
|
-->
|
|
@@ -32,12 +32,12 @@ packages/
|
|
|
32
32
|
auth/
|
|
33
33
|
```
|
|
34
34
|
|
|
35
|
-
Keep `apps/` for deployable surfaces and `packages/` for everything importable. Never put deployable entrypoints inside `packages/`. Config packages (`packages/config/`) centralise tooling setup
|
|
35
|
+
Keep `apps/` for deployable surfaces and `packages/` for everything importable. Never put deployable entrypoints inside `packages/`. Config packages (`packages/config/`) centralise tooling setup: each app/package extends rather than duplicates.
|
|
36
36
|
|
|
37
37
|
## Package Boundaries
|
|
38
38
|
|
|
39
39
|
- One package per domain or product surface (`packages/billing`, `packages/auth`, `apps/web`, `apps/api`).
|
|
40
|
-
- Place shared utilities in `packages/utils` or `packages/shared
|
|
40
|
+
- Place shared utilities in `packages/utils` or `packages/shared`: never in an app package.
|
|
41
41
|
- Never import directly from one `apps/` package to another `apps/` package; extract shared code to `packages/`.
|
|
42
42
|
- Each package exposes its public API through a single `index.ts` barrel file; internal modules are private.
|
|
43
43
|
- Enforce boundaries with Nx `@nrwl/enforce-module-boundaries` lint rules or ESLint's `import/no-restricted-paths`.
|
|
@@ -56,7 +56,7 @@ nx affected --target=build --base=origin/main
|
|
|
56
56
|
nx affected --target=test --base=origin/main
|
|
57
57
|
```
|
|
58
58
|
|
|
59
|
-
Both tools build a change graph from the dependency tree. A change to `packages/utils` marks every downstream package as affected. Only affected packages run in CI
|
|
59
|
+
Both tools build a change graph from the dependency tree. A change to `packages/utils` marks every downstream package as affected. Only affected packages run in CI: unaffected packages use cached results.
|
|
60
60
|
|
|
61
61
|
CI integration: set `--base` to the merge base of the PR branch (`origin/main` or `$(git merge-base HEAD origin/main)`), not `HEAD^1`, to correctly identify all changed files in the PR.
|
|
62
62
|
|
|
@@ -82,6 +82,6 @@ Generate changelogs automatically from changeset files; do not write changelogs
|
|
|
82
82
|
## CI Optimization
|
|
83
83
|
|
|
84
84
|
- Cache `.turbo` or Nx's default cache directory (`node_modules/.cache/nx`) between CI runs, keyed to the lock file hash.
|
|
85
|
-
- Enable remote caching (Turborepo Remote Cache, Nx Cloud) for team environments
|
|
85
|
+
- Enable remote caching (Turborepo Remote Cache, Nx Cloud) for team environments: local caches do not transfer between CI runners.
|
|
86
86
|
- Run `turbo prune --scope=<app>` to generate a minimal lockfile subset for Docker builds of individual apps.
|
|
87
87
|
- Gate PR merges on `affected` tests, not the full suite, to keep CI under 10 minutes for large repos.
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/observability.md
|
|
2
|
+
skills/devops/observability.md (Observability) Use this skill when designing logging, tracing, metrics, or alerting systems.
|
|
3
3
|
|
|
4
4
|
Use this skill when designing logging, tracing, metrics, or alerting systems. ## Three Pillars
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/performance.md
|
|
2
|
+
skills/devops/performance.md (Performance Engineering) Use this skill when profiling, load testing, or optimizing application and infra
|
|
3
3
|
|
|
4
4
|
Use this skill when profiling, load testing, or optimizing application and infrastructure performance. ## Performance Targets
|
|
5
5
|
-->
|
package/skills/devops/testing.md
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/devops/testing.md
|
|
2
|
+
skills/devops/testing.md (Testing Strategy) Use this skill when planning test coverage, selecting test types, or establishin
|
|
3
3
|
|
|
4
4
|
Use this skill when planning test coverage, selecting test types, or establishing testing practices. ## Test Pyramid
|
|
5
5
|
-->
|
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
<!--
|
|
2
|
-
skills/docs/adr-workflow.md
|
|
2
|
+
skills/docs/adr-workflow.md: Workflow for recording an architectural decision as an ADR.
|
|
3
3
|
|
|
4
4
|
Triggered when cx-architect finalizes a design or a technology choice is made. Writes a
|
|
5
5
|
full ADR to docs/adr/ using the shipped template (user-overridable via .cx/templates/docs/adr.md)
|
|
@@ -18,7 +18,7 @@ Use when: an architectural decision is made that affects the system structure, d
|
|
|
18
18
|
## Steps
|
|
19
19
|
|
|
20
20
|
1. **cx-architect** or **cx-engineer** identifies the decision
|
|
21
|
-
2. **Write to `docs/adr/ADR-{NNN}-{slug}.md`** using the template from `get_template("adr")
|
|
21
|
+
2. **Write to `docs/adr/ADR-{NNN}-{slug}.md`** using the template from `get_template("adr")`: resolves `.cx/templates/docs/adr.md` (override) then `templates/docs/adr.md` (shipped)
|
|
22
22
|
- NNN = next sequential number (check existing files)
|
|
23
23
|
3. **Also write a shorter entry to `.cx/decisions/`** for session context
|
|
24
24
|
4. **cx-docs-keeper** updates `.cx/context.md` Architecture Notes with a one-line summary and link
|