@girardmedia/bootspring 1.1.0

package/agents/code-review-expert/context.md

@@ -0,0 +1,365 @@
+# Code Review Expert Agent
+
+## Role
+Specialized in code review, best practices, code quality, identifying improvements, and ensuring maintainable, readable code.
+
+## Core Expertise
+
+### Code Review Checklist
+
+#### Functionality
+- [ ] Code does what it's supposed to do
+- [ ] Edge cases handled
+- [ ] Error handling is comprehensive
+- [ ] No regression in existing functionality
+
+#### Security
+- [ ] Input validation present
+- [ ] No SQL injection vulnerabilities
+- [ ] No XSS vulnerabilities
+- [ ] Authentication/authorization checked
+- [ ] Sensitive data not exposed
+
+#### Performance
+- [ ] No N+1 queries
+- [ ] Appropriate indexing considered
+- [ ] No memory leaks
+- [ ] Efficient algorithms used
+
+#### Maintainability
+- [ ] Code is readable
+- [ ] Functions are focused (single responsibility)
+- [ ] No magic numbers/strings
+- [ ] Appropriate comments for complex logic
+
+#### Testing
+- [ ] Unit tests added for new code
+- [ ] Edge cases tested
+- [ ] Tests are meaningful, not just coverage
+
+### Common Issues & Fixes
+
+#### 1. Async/Await Mistakes
+
+```typescript
+// Bad: Sequential when could be parallel
+async function getBothUsers(id1: string, id2: string) {
+  const user1 = await getUser(id1);
+  const user2 = await getUser(id2);
+  return [user1, user2];
+}
+
+// Good: Parallel execution
+async function getBothUsers(id1: string, id2: string) {
+  const [user1, user2] = await Promise.all([
+    getUser(id1),
+    getUser(id2),
+  ]);
+  return [user1, user2];
+}
+
+// Bad: Missing error handling
+async function fetchData() {
+  const data = await fetch('/api/data').then(r => r.json());
+  return data;
+}
+
+// Good: Proper error handling
+async function fetchData() {
+  const response = await fetch('/api/data');
+  if (!response.ok) {
+    throw new Error(`HTTP ${response.status}: ${response.statusText}`);
+  }
+  return response.json();
+}
+```
+
+#### 2. React Anti-patterns
+
+```tsx
+// Bad: useEffect for derived state
+function BadComponent({ items }) {
+  const [count, setCount] = useState(0);
+
+  useEffect(() => {
+    setCount(items.length);
+  }, [items]);
+
+  return <div>Count: {count}</div>;
+}
+
+// Good: Derive directly
+function GoodComponent({ items }) {
+  const count = items.length;
+  return <div>Count: {count}</div>;
+}
+
+// Bad: Object/array in dependency array
+function BadComponent() {
+  const options = { enabled: true };
+
+  useEffect(() => {
+    doSomething(options);
+  }, [options]); // New object every render!
+
+  return null;
+}
+
+// Good: useMemo or extract
+function GoodComponent() {
+  const options = useMemo(() => ({ enabled: true }), []);
+
+  useEffect(() => {
+    doSomething(options);
+  }, [options]);
+
+  return null;
+}
+
+// Bad: Inline function causing re-renders
+function ParentComponent() {
+  return (
+    <ChildComponent onClick={() => console.log('clicked')} />
+  );
+}
+
+// Good: useCallback for stable reference
+function ParentComponent() {
+  const handleClick = useCallback(() => {
+    console.log('clicked');
+  }, []);
+
+  return <ChildComponent onClick={handleClick} />;
+}
+```
+
+#### 3. TypeScript Issues
+
+```typescript
+// Bad: Using 'any'
+function processData(data: any) {
+  return data.value;
+}
+
+// Good: Proper typing
+interface DataItem {
+  value: string;
+  count: number;
+}
+
+function processData(data: DataItem) {
+  return data.value;
+}
+
+// Bad: Non-null assertion abuse
+function getUser(users: User[]) {
+  return users.find(u => u.active)!.name; // Might be undefined!
+}
+
+// Good: Handle the undefined case
+function getUser(users: User[]) {
+  const activeUser = users.find(u => u.active);
+  if (!activeUser) {
+    throw new Error('No active user found');
+  }
+  return activeUser.name;
+}
+
+// Good: Optional chaining with fallback
+function getUserName(users: User[]) {
+  return users.find(u => u.active)?.name ?? 'Unknown';
+}
+```
+
+#### 4. Database Query Issues
+
+```typescript
+// Bad: N+1 query problem
+const posts = await prisma.post.findMany();
+for (const post of posts) {
+  post.author = await prisma.user.findUnique({
+    where: { id: post.authorId }
+  });
+}
+
+// Good: Include related data
+const posts = await prisma.post.findMany({
+  include: { author: true }
+});
+
+// Bad: Selecting all fields
+const users = await prisma.user.findMany();
+
+// Good: Select only needed fields
+const users = await prisma.user.findMany({
+  select: {
+    id: true,
+    name: true,
+    email: true,
+  }
+});
+
+// Bad: Missing transaction for related operations
+await prisma.order.create({ data: orderData });
+await prisma.inventory.update({ data: inventoryData }); // What if this fails?
+
+// Good: Use transaction
+await prisma.$transaction([
+  prisma.order.create({ data: orderData }),
+  prisma.inventory.update({ data: inventoryData }),
+]);
+```
+
+#### 5. Security Issues
+
+```typescript
+// Bad: SQL injection
+const user = await prisma.$queryRaw`
+  SELECT * FROM users WHERE email = '${email}'
+`;
+
+// Good: Parameterized query
+const user = await prisma.$queryRaw`
+  SELECT * FROM users WHERE email = ${email}
+`;
+
+// Bad: Exposing sensitive data
+return NextResponse.json(user); // Includes password hash!
+
+// Good: Select safe fields
+return NextResponse.json({
+  id: user.id,
+  name: user.name,
+  email: user.email,
+});
+
+// Bad: Trusting user input
+const { role } = await request.json();
+await prisma.user.update({
+  where: { id },
+  data: { role } // User can set themselves as admin!
+});
+
+// Good: Validate and restrict
+const { role } = await request.json();
+const allowedRoles = ['user', 'editor'];
+if (!allowedRoles.includes(role)) {
+  return NextResponse.json({ error: 'Invalid role' }, { status: 400 });
+}
+```
+
+### Code Smells to Watch For
+
+```typescript
+// 1. Long functions (> 30 lines)
+// Split into smaller, focused functions
+
+// 2. Deep nesting
+// Bad
+if (user) {
+  if (user.isActive) {
+    if (user.hasPermission) {
+      // do something
+    }
+  }
+}
+
+// Good: Early returns
+if (!user) return;
+if (!user.isActive) return;
+if (!user.hasPermission) return;
+// do something
+
+// 3. Magic numbers
+// Bad
+if (items.length > 50) { /* ... */ }
+
+// Good
+const MAX_ITEMS = 50;
+if (items.length > MAX_ITEMS) { /* ... */ }
+
+// 4. Duplicated code
+// Extract into reusable function or component
+
+// 5. Dead code
+// Remove unused imports, variables, functions
+
+// 6. Inconsistent naming
+// Follow conventions: camelCase for variables, PascalCase for components
+
+// 7. Missing error boundaries
+// Add error handling for async operations
+
+// 8. Hardcoded values
+// Use environment variables or configuration
+```
+
+### Review Feedback Templates
+
+```markdown
+## Approved ✅
+LGTM! Code is clean and well-structured.
+
+## Request Changes 🔄
+### Issue 1: [Brief description]
+**Location:** `file.ts:42`
+**Problem:** [What's wrong]
+**Suggestion:** [How to fix]
+
+```typescript
+// Instead of this:
+// current code
+
+// Consider this:
+// suggested code
+```
+
+### Issue 2: ...
+
+## Questions ❓
+- Could you explain the reasoning behind X?
+- Have you considered Y approach?
+
+## Suggestions 💡
+Not blocking, but consider:
+- [ ] Optional improvement 1
+- [ ] Optional improvement 2
+```
+
+### Performance Review Checklist
+
+```typescript
+// Check for:
+
+// 1. Bundle size impact
+// Did new dependencies increase bundle significantly?
+// Can they be dynamically imported?
+
+// 2. Render performance
+// Any unnecessary re-renders?
+// Are expensive computations memoized?
+
+// 3. Data fetching
+// Are queries optimized?
+// Is caching used appropriately?
+
+// 4. Memory usage
+// Are event listeners cleaned up?
+// Are subscriptions unsubscribed?
+```
+
+## Review Checklist
+
+- [ ] Code compiles without warnings
+- [ ] Tests pass
+- [ ] No console.logs left
+- [ ] Error handling present
+- [ ] Types are correct
+- [ ] No hardcoded secrets
+- [ ] Follows project conventions
+- [ ] Documentation updated if needed
+- [ ] No breaking changes without migration
+- [ ] Accessibility considered
+
+## Trigger Keywords
+review, code review, best practice, improve, refactor, clean code, lint, smell, anti-pattern, quality, convention, standard, tech debt

package/agents/database-expert/context.md

@@ -0,0 +1,250 @@
+# Database Expert Agent
+
+## Role
+Specialized in database design, ORM configuration, query optimization, and data modeling for modern web applications.
+
+## Core Expertise
+
+### Schema Design
+- Relational database normalization (1NF through BCNF)
+- Denormalization strategies for read-heavy workloads
+- Index design and optimization
+- Constraint enforcement (foreign keys, unique, check)
+- Soft delete patterns vs hard delete
+- Audit trail implementation
+
+### ORM Mastery
+
+#### Prisma
+```prisma
+// Example: User with relations
+model User {
+  id        String   @id @default(cuid())
+  email     String   @unique
+  name      String?
+  posts     Post[]
+  profile   Profile?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+  deletedAt DateTime? // Soft delete
+
+  @@index([email])
+  @@map("users")
+}
+
+model Post {
+  id        String   @id @default(cuid())
+  title     String
+  content   String?
+  published Boolean  @default(false)
+  author    User     @relation(fields: [authorId], references: [id])
+  authorId  String
+
+  @@index([authorId, published])
+}
+```
+
+#### Drizzle
+```typescript
+// Example: Type-safe schema
+import { pgTable, text, timestamp, boolean, index } from 'drizzle-orm/pg-core';
+
+export const users = pgTable('users', {
+  id: text('id').primaryKey().$defaultFn(() => createId()),
+  email: text('email').notNull().unique(),
+  name: text('name'),
+  createdAt: timestamp('created_at').defaultNow().notNull(),
+  updatedAt: timestamp('updated_at').defaultNow().notNull(),
+  deletedAt: timestamp('deleted_at'),
+}, (table) => ({
+  emailIdx: index('email_idx').on(table.email),
+}));
+```
+
+### Query Patterns
+
+#### Efficient Queries
+```typescript
+// Prisma: Selective loading
+const user = await prisma.user.findUnique({
+  where: { id },
+  select: {
+    id: true,
+    email: true,
+    posts: {
+      where: { published: true },
+      take: 10,
+      orderBy: { createdAt: 'desc' }
+    }
+  }
+});
+
+// Drizzle: Join with conditions
+const result = await db
+  .select({
+    user: users,
+    postCount: sql<number>`count(${posts.id})`
+  })
+  .from(users)
+  .leftJoin(posts, eq(posts.authorId, users.id))
+  .where(isNull(users.deletedAt))
+  .groupBy(users.id);
+```
+
+#### Transaction Patterns
+```typescript
+// Prisma transaction
+const result = await prisma.$transaction(async (tx) => {
+  const user = await tx.user.create({ data: userData });
+  await tx.profile.create({
+    data: { ...profileData, userId: user.id }
+  });
+  return user;
+});
+
+// Drizzle transaction
+const result = await db.transaction(async (tx) => {
+  const [user] = await tx.insert(users).values(userData).returning();
+  await tx.insert(profiles).values({ ...profileData, userId: user.id });
+  return user;
+});
+```
+
+### Migration Strategies
+
+#### Safe Migration Practices
+1. **Always backup before migrations**
+2. **Test migrations on staging first**
+3. **Use transactions when possible**
+4. **Plan for rollback scenarios**
+
+```bash
+# Prisma
+npx prisma migrate dev --name add_user_status
+npx prisma migrate deploy  # Production
+
+# Drizzle
+npx drizzle-kit generate:pg
+npx drizzle-kit push:pg
+```
+
+#### Data Migration Pattern
+```typescript
+// Safe data migration with batching
+async function migrateUserStatuses(batchSize = 1000) {
+  let processed = 0;
+
+  while (true) {
+    const users = await prisma.user.findMany({
+      where: { status: null },
+      take: batchSize,
+      select: { id: true }
+    });
+
+    if (users.length === 0) break;
+
+    await prisma.user.updateMany({
+      where: { id: { in: users.map(u => u.id) } },
+      data: { status: 'active' }
+    });
+
+    processed += users.length;
+    console.log(`Migrated ${processed} users`);
+  }
+}
+```
+
+## Performance Optimization
+
+### Index Strategy
+```sql
+-- Composite index for common queries
+CREATE INDEX idx_posts_author_published
+ON posts(author_id, published)
+WHERE deleted_at IS NULL;
+
+-- Partial index for specific conditions
+CREATE INDEX idx_users_active
+ON users(email)
+WHERE status = 'active';
+```
+
+### Query Analysis
+```sql
+-- Check query plan
+EXPLAIN ANALYZE
+SELECT * FROM posts
+WHERE author_id = 'xxx' AND published = true;
+```
+
+### Connection Pooling
+```typescript
+// Prisma connection config
+const prisma = new PrismaClient({
+  datasources: {
+    db: {
+      url: process.env.DATABASE_URL,
+    },
+  },
+  // Connection pool settings via URL params
+  // ?connection_limit=10&pool_timeout=20
+});
+```
+
+## Common Patterns
+
+### Repository Pattern
+```typescript
+// Type-safe repository
+class UserRepository {
+  constructor(private prisma: PrismaClient) {}
+
+  async findById(id: string) {
+    return this.prisma.user.findUnique({ where: { id } });
+  }
+
+  async findByEmail(email: string) {
+    return this.prisma.user.findUnique({ where: { email } });
+  }
+
+  async create(data: Prisma.UserCreateInput) {
+    return this.prisma.user.create({ data });
+  }
+
+  async softDelete(id: string) {
+    return this.prisma.user.update({
+      where: { id },
+      data: { deletedAt: new Date() }
+    });
+  }
+}
+```
+
+### Pagination
+```typescript
+// Cursor-based pagination (more efficient)
+async function getPaginatedPosts(cursor?: string, limit = 20) {
+  return prisma.post.findMany({
+    take: limit + 1, // Fetch one extra to check hasMore
+    cursor: cursor ? { id: cursor } : undefined,
+    skip: cursor ? 1 : 0,
+    orderBy: { createdAt: 'desc' }
+  });
+}
+```
+
+## Checklist for Database Work
+
+- [ ] Schema follows naming conventions (snake_case for columns)
+- [ ] Appropriate indexes for query patterns
+- [ ] Foreign key constraints defined
+- [ ] Soft delete considered for important data
+- [ ] Timestamps (created_at, updated_at) included
+- [ ] Migration is reversible
+- [ ] N+1 queries avoided
+- [ ] Connection pooling configured
+- [ ] Sensitive data encrypted at rest
+- [ ] Backup strategy in place
+
+## Trigger Keywords
+database, schema, prisma, drizzle, migration, query, model, relation, index, orm, sql, postgres, mysql, mongodb, transaction, seed, foreign key, constraint