@malamute/ai-rules 1.0.0 → 1.2.0

package/configs/fastapi/.claude/rules/responses.md

@@ -0,0 +1,251 @@
+---
+paths:
+  - "**/*.py"
+---
+
+# FastAPI Response Patterns
+
+## Response Models
+
+```python
+from pydantic import BaseModel, ConfigDict
+
+# GOOD - explicit response model
+class UserResponse(BaseModel):
+    id: int
+    email: str
+    name: str
+    created_at: datetime
+
+    model_config = ConfigDict(from_attributes=True)
+
+@router.get("/users/{user_id}", response_model=UserResponse)
+async def get_user(user_id: int, db: DbSession) -> User:
+    user = await db.get(User, user_id)
+    if not user:
+        raise HTTPException(404, "User not found")
+    return user  # Automatically serialized to UserResponse
+```
+
+## Pagination Response
+
+```python
+from typing import Generic, TypeVar
+
+T = TypeVar("T")
+
+class Page(BaseModel, Generic[T]):
+    items: list[T]
+    total: int
+    page: int
+    size: int
+    pages: int
+
+    @classmethod
+    def create(cls, items: list[T], total: int, page: int, size: int) -> "Page[T]":
+        return cls(
+            items=items,
+            total=total,
+            page=page,
+            size=size,
+            pages=(total + size - 1) // size,
+        )
+
+@router.get("/users", response_model=Page[UserResponse])
+async def list_users(
+    page: int = Query(1, ge=1),
+    size: int = Query(20, ge=1, le=100),
+    db: DbSession,
+) -> Page[User]:
+    total = await db.scalar(select(func.count()).select_from(User))
+
+    users = await db.scalars(
+        select(User)
+        .offset((page - 1) * size)
+        .limit(size)
+    )
+
+    return Page.create(list(users), total, page, size)
+```
+
+## Response Classes
+
+```python
+from fastapi.responses import (
+    JSONResponse,
+    HTMLResponse,
+    PlainTextResponse,
+    RedirectResponse,
+    StreamingResponse,
+    FileResponse,
+)
+
+# JSON with custom status and headers
+@router.post("/users")
+async def create_user(data: UserCreate) -> JSONResponse:
+    user = await user_service.create(data)
+    return JSONResponse(
+        content={"id": user.id, "message": "User created"},
+        status_code=201,
+        headers={"X-Custom-Header": "value"},
+    )
+
+# HTML response
+@router.get("/page", response_class=HTMLResponse)
+async def get_page() -> str:
+    return "<html><body><h1>Hello</h1></body></html>"
+
+# Redirect
+@router.get("/old-path")
+async def redirect() -> RedirectResponse:
+    return RedirectResponse(url="/new-path", status_code=301)
+
+# File download
+@router.get("/download/{filename}")
+async def download_file(filename: str) -> FileResponse:
+    return FileResponse(
+        path=f"files/{filename}",
+        filename=filename,
+        media_type="application/octet-stream",
+    )
+```
+
+## Streaming Response
+
+```python
+import asyncio
+from typing import AsyncGenerator
+
+async def generate_data() -> AsyncGenerator[bytes, None]:
+    for i in range(100):
+        yield f"data: {i}\n\n".encode()
+        await asyncio.sleep(0.1)
+
+@router.get("/stream")
+async def stream_data() -> StreamingResponse:
+    return StreamingResponse(
+        generate_data(),
+        media_type="text/event-stream",
+    )
+
+# Stream large file
+@router.get("/large-file")
+async def stream_file() -> StreamingResponse:
+    async def iterfile():
+        async with aiofiles.open("large_file.csv", "rb") as f:
+            while chunk := await f.read(8192):
+                yield chunk
+
+    return StreamingResponse(
+        iterfile(),
+        media_type="text/csv",
+        headers={"Content-Disposition": "attachment; filename=data.csv"},
+    )
+```
+
+## Error Responses
+
+```python
+from fastapi import HTTPException
+from fastapi.responses import JSONResponse
+
+# Standard HTTP exception
+@router.get("/users/{user_id}")
+async def get_user(user_id: int) -> UserResponse:
+    user = await db.get(User, user_id)
+    if not user:
+        raise HTTPException(
+            status_code=404,
+            detail="User not found",
+            headers={"X-Error-Code": "USER_NOT_FOUND"},
+        )
+    return user
+
+# Custom error response model
+class ErrorResponse(BaseModel):
+    error: str
+    detail: str
+    request_id: str | None = None
+
+@router.get(
+    "/users/{user_id}",
+    responses={
+        200: {"model": UserResponse},
+        404: {"model": ErrorResponse, "description": "User not found"},
+        500: {"model": ErrorResponse, "description": "Internal server error"},
+    },
+)
+async def get_user(user_id: int) -> UserResponse:
+    ...
+
+# Global exception handler
+@app.exception_handler(ValueError)
+async def value_error_handler(request: Request, exc: ValueError) -> JSONResponse:
+    return JSONResponse(
+        status_code=400,
+        content={"error": "Bad Request", "detail": str(exc)},
+    )
+```
+
+## Response Headers
+
+```python
+from fastapi import Response
+
+@router.get("/data")
+async def get_data(response: Response) -> dict:
+    response.headers["X-Custom-Header"] = "custom-value"
+    response.headers["Cache-Control"] = "max-age=3600"
+    return {"data": "value"}
+
+# Set cookies
+@router.post("/login")
+async def login(response: Response) -> dict:
+    response.set_cookie(
+        key="session_id",
+        value="abc123",
+        httponly=True,
+        secure=True,
+        samesite="lax",
+        max_age=3600,
+    )
+    return {"status": "logged_in"}
+
+# Delete cookie
+@router.post("/logout")
+async def logout(response: Response) -> dict:
+    response.delete_cookie("session_id")
+    return {"status": "logged_out"}
+```
+
+## Background Response
+
+```python
+from fastapi import BackgroundTasks
+
+@router.post("/send-email")
+async def send_email(
+    email: EmailSchema,
+    background_tasks: BackgroundTasks,
+) -> dict:
+    # Return immediately
+    background_tasks.add_task(send_email_async, email.to, email.subject, email.body)
+    return {"message": "Email queued"}
+```
+
+## No Content Response
+
+```python
+from fastapi import Response, status
+
+@router.delete("/users/{user_id}", status_code=status.HTTP_204_NO_CONTENT)
+async def delete_user(user_id: int, db: DbSession) -> Response:
+    user = await db.get(User, user_id)
+    if not user:
+        raise HTTPException(404, "User not found")
+
+    await db.delete(user)
+    await db.commit()
+
+    return Response(status_code=status.HTTP_204_NO_CONTENT)
+```

package/configs/fastapi/.claude/rules/routers.md

@@ -0,0 +1,202 @@
+---
+paths:
+  - "**/routers/**/*.py"
+  - "**/routes/**/*.py"
+  - "**/api/**/*.py"
+  - "**/endpoints/**/*.py"
+---
+
+# FastAPI Router Patterns
+
+## Router Organization
+
+```python
+# GOOD - organized router structure
+# app/users/router.py
+from fastapi import APIRouter, status
+
+router = APIRouter(
+    prefix="/users",
+    tags=["Users"],
+    responses={404: {"description": "User not found"}},
+)
+
+@router.get("/", response_model=list[UserResponse])
+async def list_users(db: DbSession) -> list[User]:
+    """List all active users."""
+    return await db.scalars(select(User).where(User.is_active))
+
+@router.post("/", status_code=status.HTTP_201_CREATED)
+async def create_user(data: UserCreate, db: DbSession) -> UserResponse:
+    """Create a new user."""
+    user = User(**data.model_dump())
+    db.add(user)
+    await db.commit()
+    return user
+
+@router.get("/{user_id}")
+async def get_user(user_id: int, db: DbSession) -> UserResponse:
+    """Get user by ID."""
+    user = await db.get(User, user_id)
+    if not user:
+        raise HTTPException(404, "User not found")
+    return user
+```
+
+## Router Registration
+
+```python
+# app/main.py
+from fastapi import FastAPI
+from app.users.router import router as users_router
+from app.auth.router import router as auth_router
+from app.products.router import router as products_router
+
+app = FastAPI(title="My API", version="1.0.0")
+
+# Version prefix
+api_v1 = APIRouter(prefix="/api/v1")
+api_v1.include_router(users_router)
+api_v1.include_router(auth_router)
+api_v1.include_router(products_router)
+
+app.include_router(api_v1)
+```
+
+## Path Parameters
+
+```python
+# GOOD - typed path parameters with validation
+@router.get("/{user_id}")
+async def get_user(
+    user_id: Annotated[int, Path(ge=1, description="User ID")],
+) -> UserResponse:
+    ...
+
+# UUID path parameter
+@router.get("/{item_id}")
+async def get_item(item_id: UUID) -> ItemResponse:
+    ...
+
+# Multiple path parameters
+@router.get("/{user_id}/orders/{order_id}")
+async def get_user_order(user_id: int, order_id: int) -> OrderResponse:
+    ...
+```
+
+## Query Parameters
+
+```python
+# GOOD - query parameters with defaults and validation
+@router.get("/")
+async def list_items(
+    skip: int = Query(0, ge=0),
+    limit: int = Query(20, ge=1, le=100),
+    search: str | None = Query(None, min_length=1, max_length=100),
+    status: ItemStatus | None = None,
+    sort_by: Literal["name", "created_at", "price"] = "created_at",
+    order: Literal["asc", "desc"] = "desc",
+) -> Page[ItemResponse]:
+    ...
+
+# List query parameter
+@router.get("/")
+async def get_items(
+    ids: Annotated[list[int], Query()] = [],
+) -> list[ItemResponse]:
+    ...
+```
+
+## Request Body
+
+```python
+# GOOD - explicit body parameter
+@router.post("/")
+async def create_item(
+    item: Annotated[ItemCreate, Body(embed=True)],
+) -> ItemResponse:
+    ...
+
+# Multiple body parameters
+@router.post("/transfer")
+async def transfer(
+    source: Annotated[Account, Body()],
+    destination: Annotated[Account, Body()],
+    amount: Annotated[Decimal, Body(gt=0)],
+) -> TransferResult:
+    ...
+```
+
+## Response Configuration
+
+```python
+# GOOD - explicit response models and status codes
+@router.post(
+    "/",
+    response_model=UserResponse,
+    status_code=status.HTTP_201_CREATED,
+    responses={
+        201: {"description": "User created successfully"},
+        400: {"model": ErrorResponse, "description": "Validation error"},
+        409: {"model": ErrorResponse, "description": "Email already exists"},
+    },
+)
+async def create_user(data: UserCreate) -> User:
+    ...
+
+# Exclude fields from response
+@router.get("/", response_model_exclude={"password", "secret"})
+async def get_user() -> User:
+    ...
+
+# Dynamic response model
+@router.get("/", response_model=UserResponse | AdminResponse)
+async def get_current(user: CurrentUser) -> User:
+    return user
+```
+
+## File Uploads
+
+```python
+from fastapi import File, UploadFile
+
+@router.post("/upload")
+async def upload_file(
+    file: Annotated[UploadFile, File(description="File to upload")],
+) -> dict:
+    contents = await file.read()
+    return {"filename": file.filename, "size": len(contents)}
+
+# Multiple files
+@router.post("/upload-many")
+async def upload_files(
+    files: Annotated[list[UploadFile], File()],
+) -> list[dict]:
+    return [{"filename": f.filename} for f in files]
+```
+
+## Form Data
+
+```python
+from fastapi import Form
+
+@router.post("/login")
+async def login(
+    username: Annotated[str, Form()],
+    password: Annotated[str, Form()],
+) -> Token:
+    ...
+```
+
+## Headers and Cookies
+
+```python
+from fastapi import Header, Cookie
+
+@router.get("/")
+async def get_items(
+    x_token: Annotated[str, Header()],
+    session_id: Annotated[str | None, Cookie()] = None,
+) -> list[Item]:
+    ...
+```

package/configs/fastapi/.claude/rules/security.md

@@ -0,0 +1,222 @@
+---
+paths:
+  - "**/*.py"
+---
+
+# FastAPI Security Patterns
+
+## OAuth2 Password Flow
+
+```python
+from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
+
+oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/token")
+
+@router.post("/token")
+async def login(
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+    db: DbSession,
+) -> Token:
+    user = await authenticate_user(db, form_data.username, form_data.password)
+    if not user:
+        raise HTTPException(
+            status_code=401,
+            detail="Incorrect username or password",
+            headers={"WWW-Authenticate": "Bearer"},
+        )
+
+    access_token = create_access_token(data={"sub": str(user.id)})
+    return Token(access_token=access_token, token_type="bearer")
+```
+
+## JWT Authentication
+
+```python
+from jose import JWTError, jwt
+from datetime import datetime, timedelta
+
+SECRET_KEY = settings.secret_key
+ALGORITHM = "HS256"
+ACCESS_TOKEN_EXPIRE_MINUTES = 30
+
+def create_access_token(data: dict) -> str:
+    to_encode = data.copy()
+    expire = datetime.utcnow() + timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
+    to_encode.update({"exp": expire})
+    return jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+
+async def get_current_user(
+    token: Annotated[str, Depends(oauth2_scheme)],
+    db: DbSession,
+) -> User:
+    credentials_exception = HTTPException(
+        status_code=401,
+        detail="Could not validate credentials",
+        headers={"WWW-Authenticate": "Bearer"},
+    )
+
+    try:
+        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+        user_id: str = payload.get("sub")
+        if user_id is None:
+            raise credentials_exception
+    except JWTError:
+        raise credentials_exception
+
+    user = await db.get(User, int(user_id))
+    if user is None:
+        raise credentials_exception
+
+    return user
+
+CurrentUser = Annotated[User, Depends(get_current_user)]
+```
+
+## API Key Authentication
+
+```python
+from fastapi.security import APIKeyHeader, APIKeyQuery
+
+api_key_header = APIKeyHeader(name="X-API-Key", auto_error=False)
+api_key_query = APIKeyQuery(name="api_key", auto_error=False)
+
+async def get_api_key(
+    api_key_header: str | None = Depends(api_key_header),
+    api_key_query: str | None = Depends(api_key_query),
+) -> str:
+    api_key = api_key_header or api_key_query
+    if not api_key:
+        raise HTTPException(403, "API key required")
+
+    if not await verify_api_key(api_key):
+        raise HTTPException(403, "Invalid API key")
+
+    return api_key
+
+@router.get("/data", dependencies=[Depends(get_api_key)])
+async def get_data() -> dict:
+    ...
+```
+
+## Role-Based Access Control
+
+```python
+from enum import Enum
+from functools import wraps
+
+class Role(str, Enum):
+    USER = "user"
+    ADMIN = "admin"
+    MODERATOR = "moderator"
+
+def require_roles(*roles: Role):
+    async def dependency(user: CurrentUser) -> User:
+        if user.role not in roles:
+            raise HTTPException(
+                status_code=403,
+                detail=f"Required roles: {', '.join(r.value for r in roles)}",
+            )
+        return user
+    return dependency
+
+AdminOnly = Annotated[User, Depends(require_roles(Role.ADMIN))]
+ModeratorOrAdmin = Annotated[User, Depends(require_roles(Role.ADMIN, Role.MODERATOR))]
+
+@router.delete("/{user_id}")
+async def delete_user(user_id: int, admin: AdminOnly) -> None:
+    ...
+```
+
+## Permission-Based Access
+
+```python
+class Permission(str, Enum):
+    READ_USERS = "read:users"
+    WRITE_USERS = "write:users"
+    DELETE_USERS = "delete:users"
+
+def require_permissions(*permissions: Permission):
+    async def dependency(user: CurrentUser) -> User:
+        user_permissions = set(user.permissions)
+        required = set(permissions)
+
+        if not required.issubset(user_permissions):
+            missing = required - user_permissions
+            raise HTTPException(
+                status_code=403,
+                detail=f"Missing permissions: {', '.join(p.value for p in missing)}",
+            )
+        return user
+    return dependency
+
+CanDeleteUsers = Annotated[User, Depends(require_permissions(Permission.DELETE_USERS))]
+```
+
+## Password Hashing
+
+```python
+from passlib.context import CryptContext
+
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")
+
+def hash_password(password: str) -> str:
+    return pwd_context.hash(password)
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    return pwd_context.verify(plain_password, hashed_password)
+
+async def authenticate_user(db: DbSession, email: str, password: str) -> User | None:
+    user = await db.scalar(select(User).where(User.email == email))
+    if not user:
+        return None
+    if not verify_password(password, user.hashed_password):
+        return None
+    return user
+```
+
+## CORS Configuration
+
+```python
+from fastapi.middleware.cors import CORSMiddleware
+
+app.add_middleware(
+    CORSMiddleware,
+    allow_origins=settings.cors_origins,  # ["https://example.com"]
+    allow_credentials=True,
+    allow_methods=["GET", "POST", "PUT", "DELETE"],
+    allow_headers=["*"],
+    expose_headers=["X-Request-ID"],
+)
+```
+
+## Security Headers Middleware
+
+```python
+from starlette.middleware.base import BaseHTTPMiddleware
+
+class SecurityHeadersMiddleware(BaseHTTPMiddleware):
+    async def dispatch(self, request: Request, call_next):
+        response = await call_next(request)
+        response.headers["X-Content-Type-Options"] = "nosniff"
+        response.headers["X-Frame-Options"] = "DENY"
+        response.headers["X-XSS-Protection"] = "1; mode=block"
+        response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"
+        return response
+
+app.add_middleware(SecurityHeadersMiddleware)
+```
+
+## Rate Limiting
+
+```python
+from slowapi import Limiter
+from slowapi.util import get_remote_address
+
+limiter = Limiter(key_func=get_remote_address)
+app.state.limiter = limiter
+
+@router.get("/")
+@limiter.limit("10/minute")
+async def get_items(request: Request) -> list[Item]:
+    ...
+```