npm - @malamute/ai-rules - Versions diffs - 1.0.0 → 1.2.0 - Mend

@malamute/ai-rules 1.0.0 → 1.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (133) hide show

package/README.md +270 -121
package/bin/cli.js +5 -2
package/configs/_shared/.claude/rules/conventions/documentation.md +324 -0
package/configs/_shared/.claude/rules/conventions/git.md +265 -0
package/configs/_shared/.claude/rules/{performance.md → conventions/performance.md} +1 -1
package/configs/_shared/.claude/rules/conventions/principles.md +334 -0
package/configs/_shared/.claude/rules/devops/ci-cd.md +262 -0
package/configs/_shared/.claude/rules/devops/docker.md +275 -0
package/configs/_shared/.claude/rules/devops/nx.md +194 -0
package/configs/_shared/.claude/rules/domain/backend/api-design.md +203 -0
package/configs/_shared/.claude/rules/lang/csharp/async.md +220 -0
package/configs/_shared/.claude/rules/lang/csharp/csharp.md +314 -0
package/configs/_shared/.claude/rules/lang/csharp/linq.md +210 -0
package/configs/_shared/.claude/rules/lang/python/async.md +337 -0
package/configs/_shared/.claude/rules/lang/python/celery.md +476 -0
package/configs/_shared/.claude/rules/lang/python/config.md +339 -0
package/configs/{python/.claude/rules → _shared/.claude/rules/lang/python}/database/sqlalchemy.md +6 -1
package/configs/_shared/.claude/rules/lang/python/deployment.md +523 -0
package/configs/_shared/.claude/rules/lang/python/error-handling.md +330 -0
package/configs/_shared/.claude/rules/lang/python/migrations.md +421 -0
package/configs/_shared/.claude/rules/lang/python/python.md +172 -0
package/configs/_shared/.claude/rules/lang/python/repository.md +383 -0
package/configs/{python/.claude/rules → _shared/.claude/rules/lang/python}/testing.md +2 -69
package/configs/_shared/.claude/rules/lang/typescript/async.md +447 -0
package/configs/_shared/.claude/rules/lang/typescript/generics.md +356 -0
package/configs/_shared/.claude/rules/lang/typescript/typescript.md +212 -0
package/configs/_shared/.claude/rules/quality/error-handling.md +48 -0
package/configs/_shared/.claude/rules/quality/logging.md +45 -0
package/configs/_shared/.claude/rules/quality/observability.md +240 -0
package/configs/_shared/.claude/rules/quality/testing-patterns.md +65 -0
package/configs/_shared/.claude/rules/security/secrets-management.md +222 -0
package/configs/_shared/.claude/skills/analysis/explore/SKILL.md +257 -0
package/configs/_shared/.claude/skills/analysis/security-audit/SKILL.md +184 -0
package/configs/_shared/.claude/skills/dev/api-endpoint/SKILL.md +126 -0
package/configs/_shared/.claude/{commands/generate-tests.md → skills/dev/generate-tests/SKILL.md} +6 -0
package/configs/_shared/.claude/{commands/fix-issue.md → skills/git/fix-issue/SKILL.md} +6 -0
package/configs/_shared/.claude/{commands/review-pr.md → skills/git/review-pr/SKILL.md} +6 -0
package/configs/_shared/.claude/skills/infra/deploy/SKILL.md +139 -0
package/configs/_shared/.claude/skills/infra/docker/SKILL.md +95 -0
package/configs/_shared/.claude/skills/infra/migration/SKILL.md +158 -0
package/configs/_shared/.claude/skills/nx/nx-affected/SKILL.md +72 -0
package/configs/_shared/.claude/skills/nx/nx-lib/SKILL.md +375 -0
package/configs/_shared/CLAUDE.md +52 -149
package/configs/angular/.claude/rules/{components.md → core/components.md} +69 -15
package/configs/angular/.claude/rules/core/resource.md +285 -0
package/configs/angular/.claude/rules/core/signals.md +323 -0
package/configs/angular/.claude/rules/http.md +338 -0
package/configs/angular/.claude/rules/routing.md +291 -0
package/configs/angular/.claude/rules/ssr.md +312 -0
package/configs/angular/.claude/rules/state/signal-store.md +408 -0
package/configs/angular/.claude/rules/{state.md → state/state.md} +2 -2
package/configs/angular/.claude/rules/testing.md +7 -7
package/configs/angular/.claude/rules/ui/aria.md +422 -0
package/configs/angular/.claude/rules/ui/forms.md +424 -0
package/configs/angular/.claude/rules/ui/pipes-directives.md +335 -0
package/configs/angular/.claude/settings.json +1 -0
package/configs/angular/.claude/skills/ngrx-slice/SKILL.md +362 -0
package/configs/angular/.claude/skills/signal-store/SKILL.md +445 -0
package/configs/angular/CLAUDE.md +24 -216
package/configs/dotnet/.claude/rules/background-services.md +552 -0
package/configs/dotnet/.claude/rules/configuration.md +426 -0
package/configs/dotnet/.claude/rules/ddd.md +447 -0
package/configs/dotnet/.claude/rules/dependency-injection.md +343 -0
package/configs/dotnet/.claude/rules/mediatr.md +320 -0
package/configs/dotnet/.claude/rules/middleware.md +489 -0
package/configs/dotnet/.claude/rules/result-pattern.md +363 -0
package/configs/dotnet/.claude/rules/validation.md +388 -0
package/configs/dotnet/.claude/settings.json +21 -3
package/configs/dotnet/CLAUDE.md +53 -286
package/configs/fastapi/.claude/rules/background-tasks.md +254 -0
package/configs/fastapi/.claude/rules/dependencies.md +170 -0
package/configs/{python → fastapi}/.claude/rules/fastapi.md +61 -1
package/configs/fastapi/.claude/rules/lifespan.md +274 -0
package/configs/fastapi/.claude/rules/middleware.md +229 -0
package/configs/fastapi/.claude/rules/pydantic.md +433 -0
package/configs/fastapi/.claude/rules/responses.md +251 -0
package/configs/fastapi/.claude/rules/routers.md +202 -0
package/configs/fastapi/.claude/rules/security.md +222 -0
package/configs/fastapi/.claude/rules/testing.md +251 -0
package/configs/fastapi/.claude/rules/websockets.md +298 -0
package/configs/fastapi/.claude/settings.json +33 -0
package/configs/fastapi/CLAUDE.md +144 -0
package/configs/flask/.claude/rules/blueprints.md +208 -0
package/configs/flask/.claude/rules/cli.md +285 -0
package/configs/flask/.claude/rules/configuration.md +281 -0
package/configs/flask/.claude/rules/context.md +238 -0
package/configs/flask/.claude/rules/error-handlers.md +278 -0
package/configs/flask/.claude/rules/extensions.md +278 -0
package/configs/flask/.claude/rules/flask.md +171 -0
package/configs/flask/.claude/rules/marshmallow.md +206 -0
package/configs/flask/.claude/rules/security.md +267 -0
package/configs/flask/.claude/rules/testing.md +284 -0
package/configs/flask/.claude/settings.json +33 -0
package/configs/flask/CLAUDE.md +166 -0
package/configs/nestjs/.claude/rules/common-patterns.md +300 -0
package/configs/nestjs/.claude/rules/filters.md +376 -0
package/configs/nestjs/.claude/rules/interceptors.md +317 -0
package/configs/nestjs/.claude/rules/middleware.md +321 -0
package/configs/nestjs/.claude/rules/modules.md +26 -0
package/configs/nestjs/.claude/rules/pipes.md +351 -0
package/configs/nestjs/.claude/rules/websockets.md +451 -0
package/configs/nestjs/.claude/settings.json +16 -2
package/configs/nestjs/CLAUDE.md +57 -215
package/configs/nextjs/.claude/rules/api-routes.md +358 -0
package/configs/nextjs/.claude/rules/authentication.md +355 -0
package/configs/nextjs/.claude/rules/components.md +52 -0
package/configs/nextjs/.claude/rules/data-fetching.md +249 -0
package/configs/nextjs/.claude/rules/database.md +400 -0
package/configs/nextjs/.claude/rules/middleware.md +303 -0
package/configs/nextjs/.claude/rules/routing.md +324 -0
package/configs/nextjs/.claude/rules/seo.md +350 -0
package/configs/nextjs/.claude/rules/server-actions.md +353 -0
package/configs/nextjs/.claude/rules/state/zustand.md +6 -6
package/configs/nextjs/.claude/settings.json +5 -0
package/configs/nextjs/CLAUDE.md +69 -331
package/package.json +23 -9
package/src/cli.js +220 -0
package/src/config.js +29 -0
package/src/index.js +13 -0
package/src/installer.js +361 -0
package/src/merge.js +116 -0
package/src/tech-config.json +29 -0
package/src/utils.js +96 -0
package/configs/python/.claude/rules/flask.md +0 -332
package/configs/python/.claude/settings.json +0 -18
package/configs/python/CLAUDE.md +0 -273
package/src/install.js +0 -315
/package/configs/_shared/.claude/rules/{accessibility.md → domain/frontend/accessibility.md} +0 -0
/package/configs/_shared/.claude/rules/{security.md → security/security.md} +0 -0
/package/configs/_shared/.claude/skills/{debug → dev/debug}/SKILL.md +0 -0
/package/configs/_shared/.claude/skills/{learning → dev/learning}/SKILL.md +0 -0
/package/configs/_shared/.claude/skills/{spec → dev/spec}/SKILL.md +0 -0
/package/configs/_shared/.claude/skills/{review → git/review}/SKILL.md +0 -0

package/configs/dotnet/.claude/rules/middleware.md ADDED Viewed

@@ -0,0 +1,489 @@
+---
+paths:
+  - "**/*Middleware.cs"
+  - "**/Middleware/**/*.cs"
+---
+# .NET Middleware
+## Basic Middleware
+```csharp
+// Middleware/RequestLoggingMiddleware.cs
+public class RequestLoggingMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly ILogger<RequestLoggingMiddleware> _logger;
+    public RequestLoggingMiddleware(RequestDelegate next, ILogger<RequestLoggingMiddleware> logger)
+    {
+        _next = next;
+        _logger = logger;
+    }
+    public async Task InvokeAsync(HttpContext context)
+    {
+        var stopwatch = Stopwatch.StartNew();
+        try
+        {
+            await _next(context);
+        }
+        finally
+        {
+            stopwatch.Stop();
+            _logger.LogInformation(
+                "{Method} {Path} responded {StatusCode} in {ElapsedMs}ms",
+                context.Request.Method,
+                context.Request.Path,
+                context.Response.StatusCode,
+                stopwatch.ElapsedMilliseconds);
+        }
+    }
+}
+// Extension method
+public static class RequestLoggingMiddlewareExtensions
+{
+    public static IApplicationBuilder UseRequestLogging(this IApplicationBuilder builder)
+    {
+        return builder.UseMiddleware<RequestLoggingMiddleware>();
+    }
+}
+```
+## Correlation ID Middleware
+```csharp
+// Middleware/CorrelationIdMiddleware.cs
+public class CorrelationIdMiddleware
+{
+    private const string CorrelationIdHeader = "X-Correlation-ID";
+    private readonly RequestDelegate _next;
+    public CorrelationIdMiddleware(RequestDelegate next)
+    {
+        _next = next;
+    }
+    public async Task InvokeAsync(HttpContext context)
+    {
+        var correlationId = GetOrCreateCorrelationId(context);
+        // Add to response headers
+        context.Response.OnStarting(() =>
+        {
+            context.Response.Headers.TryAdd(CorrelationIdHeader, correlationId);
+            return Task.CompletedTask;
+        });
+        // Store in Items for access throughout request
+        context.Items["CorrelationId"] = correlationId;
+        // Add to logging scope
+        using (_logger.BeginScope(new Dictionary<string, object>
+        {
+            ["CorrelationId"] = correlationId
+        }))
+        {
+            await _next(context);
+        }
+    }
+    private static string GetOrCreateCorrelationId(HttpContext context)
+    {
+        if (context.Request.Headers.TryGetValue(CorrelationIdHeader, out var existingId))
+        {
+            return existingId.ToString();
+        }
+        return Guid.NewGuid().ToString();
+    }
+}
+```
+## Exception Handling Middleware
+```csharp
+// Middleware/ExceptionHandlingMiddleware.cs
+public class ExceptionHandlingMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly ILogger<ExceptionHandlingMiddleware> _logger;
+    private readonly IHostEnvironment _env;
+    public ExceptionHandlingMiddleware(
+        RequestDelegate next,
+        ILogger<ExceptionHandlingMiddleware> logger,
+        IHostEnvironment env)
+    {
+        _next = next;
+        _logger = logger;
+        _env = env;
+    }
+    public async Task InvokeAsync(HttpContext context)
+    {
+        try
+        {
+            await _next(context);
+        }
+        catch (Exception ex)
+        {
+            await HandleExceptionAsync(context, ex);
+        }
+    }
+    private async Task HandleExceptionAsync(HttpContext context, Exception exception)
+    {
+        var (statusCode, title, detail) = exception switch
+        {
+            ValidationException ex => (
+                StatusCodes.Status400BadRequest,
+                "Validation Error",
+                string.Join("; ", ex.Errors.Select(e => e.ErrorMessage))),
+            NotFoundException ex => (
+                StatusCodes.Status404NotFound,
+                "Not Found",
+                ex.Message),
+            UnauthorizedAccessException => (
+                StatusCodes.Status401Unauthorized,
+                "Unauthorized",
+                "Authentication required"),
+            ForbiddenException => (
+                StatusCodes.Status403Forbidden,
+                "Forbidden",
+                "Insufficient permissions"),
+            ConflictException ex => (
+                StatusCodes.Status409Conflict,
+                "Conflict",
+                ex.Message),
+            _ => (
+                StatusCodes.Status500InternalServerError,
+                "Internal Server Error",
+                _env.IsDevelopment() ? exception.Message : "An error occurred")
+        };
+        _logger.LogError(exception, "Exception occurred: {Message}", exception.Message);
+        context.Response.StatusCode = statusCode;
+        context.Response.ContentType = "application/problem+json";
+        var problemDetails = new ProblemDetails
+        {
+            Status = statusCode,
+            Title = title,
+            Detail = detail,
+            Instance = context.Request.Path
+        };
+        if (_env.IsDevelopment())
+        {
+            problemDetails.Extensions["stackTrace"] = exception.StackTrace;
+        }
+        await context.Response.WriteAsJsonAsync(problemDetails);
+    }
+}
+```
+## Rate Limiting Middleware
+```csharp
+// Middleware/RateLimitingMiddleware.cs
+public class RateLimitingMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly IDistributedCache _cache;
+    private readonly RateLimitOptions _options;
+    public RateLimitingMiddleware(
+        RequestDelegate next,
+        IDistributedCache cache,
+        IOptions<RateLimitOptions> options)
+    {
+        _next = next;
+        _cache = cache;
+        _options = options.Value;
+    }
+    public async Task InvokeAsync(HttpContext context)
+    {
+        var clientId = GetClientIdentifier(context);
+        var key = $"rate-limit:{clientId}";
+        var currentCount = await GetRequestCountAsync(key);
+        if (currentCount >= _options.MaxRequests)
+        {
+            context.Response.StatusCode = StatusCodes.Status429TooManyRequests;
+            context.Response.Headers.RetryAfter = _options.WindowSeconds.ToString();
+            await context.Response.WriteAsJsonAsync(new
+            {
+                error = "Too many requests",
+                retryAfter = _options.WindowSeconds
+            });
+            return;
+        }
+        await IncrementRequestCountAsync(key);
+        context.Response.Headers.Append("X-RateLimit-Limit", _options.MaxRequests.ToString());
+        context.Response.Headers.Append("X-RateLimit-Remaining", (options.MaxRequests - currentCount - 1).ToString());
+        await _next(context);
+    }
+    private string GetClientIdentifier(HttpContext context)
+    {
+        // Prefer authenticated user ID, fallback to IP
+        return context.User.Identity?.IsAuthenticated == true
+            ? context.User.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? context.Connection.RemoteIpAddress?.ToString() ?? "anonymous"
+            : context.Connection.RemoteIpAddress?.ToString() ?? "anonymous";
+    }
+    private async Task<int> GetRequestCountAsync(string key)
+    {
+        var value = await _cache.GetStringAsync(key);
+        return int.TryParse(value, out var count) ? count : 0;
+    }
+    private async Task IncrementRequestCountAsync(string key)
+    {
+        var count = await GetRequestCountAsync(key) + 1;
+        await _cache.SetStringAsync(
+            key,
+            count.ToString(),
+            new DistributedCacheEntryOptions
+            {
+                AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(_options.WindowSeconds)
+            });
+    }
+}
+public class RateLimitOptions
+{
+    public int MaxRequests { get; set; } = 100;
+    public int WindowSeconds { get; set; } = 60;
+}
+```
+## Security Headers Middleware
+```csharp
+// Middleware/SecurityHeadersMiddleware.cs
+public class SecurityHeadersMiddleware
+{
+    private readonly RequestDelegate _next;
+    public SecurityHeadersMiddleware(RequestDelegate next)
+    {
+        _next = next;
+    }
+    public async Task InvokeAsync(HttpContext context)
+    {
+        // Security headers
+        context.Response.Headers.Append("X-Content-Type-Options", "nosniff");
+        context.Response.Headers.Append("X-Frame-Options", "DENY");
+        context.Response.Headers.Append("X-XSS-Protection", "1; mode=block");
+        context.Response.Headers.Append("Referrer-Policy", "strict-origin-when-cross-origin");
+        context.Response.Headers.Append(
+            "Content-Security-Policy",
+            "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';");
+        context.Response.Headers.Append(
+            "Permissions-Policy",
+            "camera=(), microphone=(), geolocation=()");
+        // Remove server header
+        context.Response.Headers.Remove("Server");
+        context.Response.Headers.Remove("X-Powered-By");
+        await _next(context);
+    }
+}
+```
+## Request Timeout Middleware
+```csharp
+// Middleware/RequestTimeoutMiddleware.cs
+public class RequestTimeoutMiddleware
+{
+    private readonly RequestDelegate _next;
+    private readonly TimeSpan _timeout;
+    public RequestTimeoutMiddleware(RequestDelegate next, TimeSpan timeout)
+    {
+        _next = next;
+        _timeout = timeout;
+    }
+    public async Task InvokeAsync(HttpContext context)
+    {
+        using var cts = CancellationTokenSource.CreateLinkedTokenSource(context.RequestAborted);
+        cts.CancelAfter(_timeout);
+        context.RequestAborted = cts.Token;
+        try
+        {
+            await _next(context);
+        }
+        catch (OperationCanceledException) when (cts.IsCancellationRequested)
+        {
+            context.Response.StatusCode = StatusCodes.Status408RequestTimeout;
+            await context.Response.WriteAsJsonAsync(new { error = "Request timeout" });
+        }
+    }
+}
+```
+## Tenant Resolution Middleware
+```csharp
+// Middleware/TenantMiddleware.cs
+public class TenantMiddleware
+{
+    private readonly RequestDelegate _next;
+    public TenantMiddleware(RequestDelegate next)
+    {
+        _next = next;
+    }
+    public async Task InvokeAsync(HttpContext context, ITenantResolver tenantResolver)
+    {
+        var tenantId = ResolveTenantId(context);
+        if (string.IsNullOrEmpty(tenantId))
+        {
+            context.Response.StatusCode = StatusCodes.Status400BadRequest;
+            await context.Response.WriteAsJsonAsync(new { error = "Tenant not specified" });
+            return;
+        }
+        var tenant = await tenantResolver.ResolveAsync(tenantId);
+        if (tenant == null)
+        {
+            context.Response.StatusCode = StatusCodes.Status404NotFound;
+            await context.Response.WriteAsJsonAsync(new { error = "Tenant not found" });
+            return;
+        }
+        context.Items["Tenant"] = tenant;
+        context.Items["TenantId"] = tenant.Id;
+        await _next(context);
+    }
+    private static string? ResolveTenantId(HttpContext context)
+    {
+        // From header
+        if (context.Request.Headers.TryGetValue("X-Tenant-ID", out var headerValue))
+        {
+            return headerValue.ToString();
+        }
+        // From subdomain
+        var host = context.Request.Host.Host;
+        var subdomain = host.Split('.').FirstOrDefault();
+        if (!string.IsNullOrEmpty(subdomain) && subdomain != "www")
+        {
+            return subdomain;
+        }
+        // From claim
+        return context.User.FindFirst("tenant_id")?.Value;
+    }
+}
+```
+## Middleware Registration Order
+```csharp
+// Program.cs
+var app = builder.Build();
+// 1. Exception handling (first to catch all)
+app.UseMiddleware<ExceptionHandlingMiddleware>();
+// 2. Security headers
+app.UseMiddleware<SecurityHeadersMiddleware>();
+// 3. Correlation ID (before logging)
+app.UseMiddleware<CorrelationIdMiddleware>();
+// 4. Request logging
+app.UseMiddleware<RequestLoggingMiddleware>();
+// 5. Rate limiting
+app.UseMiddleware<RateLimitingMiddleware>();
+// 6. Built-in middleware
+app.UseHttpsRedirection();
+app.UseAuthentication();
+app.UseAuthorization();
+// 7. Tenant resolution (after auth)
+app.UseMiddleware<TenantMiddleware>();
+// 8. Endpoints
+app.MapControllers();
+app.Run();
+```
+## Anti-patterns
+```csharp
+// BAD: Middleware with scoped dependencies in constructor
+public class BadMiddleware
+{
+    private readonly IDbContext _context; // Scoped service!
+    public BadMiddleware(RequestDelegate next, IDbContext context)
+    {
+        _context = context; // Will use same instance for all requests!
+    }
+}
+// GOOD: Inject scoped services in InvokeAsync
+public async Task InvokeAsync(HttpContext context, IDbContext dbContext)
+{
+    // dbContext is resolved per request
+}
+// BAD: Blocking in middleware
+public async Task InvokeAsync(HttpContext context)
+{
+    var result = _service.GetData().Result; // Deadlock risk!
+}
+// GOOD: Use async/await
+public async Task InvokeAsync(HttpContext context)
+{
+    var result = await _service.GetDataAsync();
+}
+// BAD: Modifying response after body written
+public async Task InvokeAsync(HttpContext context)
+{
+    await _next(context);
+    context.Response.Headers.Add("X-Custom", "value"); // May fail!
+}
+// GOOD: Use OnStarting callback
+context.Response.OnStarting(() =>
+{
+    context.Response.Headers.Add("X-Custom", "value");
+    return Task.CompletedTask;
+});
+```