@malamute/ai-rules 1.4.1 → 1.5.1

package/README.md

@@ -41,14 +41,15 @@ npx @malamute/ai-rules <command>
 
 ## Supported Technologies
 
-| Technology  | Stack                                     | Version |
-| ----------- | ----------------------------------------- | ------- |
-| **Angular** | Nx + NgRx + Signals + Vitest              | 21+     |
-| **Next.js** | App Router + React 19 + Server Components | 15+     |
-| **NestJS**  | Prisma/TypeORM + Passport + Vitest        | 11+     |
-| **.NET**    | Clean Architecture + MediatR + EF Core    | 9+      |
-| **FastAPI** | Pydantic v2 + SQLAlchemy 2.0 + pytest     | 0.115+  |
-| **Flask**   | Marshmallow + SQLAlchemy 2.0 + pytest     | 3.0+    |
+| Technology   | Stack                                     | Version |
+| ------------ | ----------------------------------------- | ------- |
+| **Angular**  | Nx + NgRx + Signals + Vitest              | 21+     |
+| **Next.js**  | App Router + React 19 + Server Components | 15+     |
+| **NestJS**   | Prisma/TypeORM + Passport + Vitest        | 11+     |
+| **AdonisJS** | Lucid ORM + VineJS + Japa                 | 6+      |
+| **.NET**     | Clean Architecture + MediatR + EF Core    | 9+      |
+| **FastAPI**  | Pydantic v2 + SQLAlchemy 2.0 + pytest     | 0.115+  |
+| **Flask**    | Marshmallow + SQLAlchemy 2.0 + pytest     | 3.0+    |
 
 ## Commands
 
@@ -255,6 +256,19 @@ ai-rules update
 
 </details>
 
+<details>
+<summary><strong>AdonisJS</strong></summary>
+
+| Aspect       | Convention                          |
+| ------------ | ----------------------------------- |
+| Architecture | MVC with Services layer             |
+| Validation   | VineJS                              |
+| ORM          | Lucid (Active Record)               |
+| Auth         | Access Tokens / Session-based       |
+| Tests        | Japa                                |
+
+</details>
+
 <details>
 <summary><strong>.NET</strong></summary>
 

package/configs/_shared/rules/conventions/interaction.md

@@ -0,0 +1,38 @@
+---
+paths:
+  - "**/*"
+---
+
+# Interaction Rules
+
+## Rules Are Absolute
+
+1. **Rules can NEVER be violated. Tasks can fail.**
+2. If a task requires violating a rule, the task fails - not the rule.
+3. If a task is blocked, explain the problem and ask how to proceed.
+
+## Protected Changes
+
+Never modify without explaining WHY and asking permission:
+- Package manager config (yarn, npm, pnpm)
+- Infrastructure (docker, CI/CD, deployment)
+- Project structure
+- Build config
+
+## Questions vs Actions
+
+- **Question** ("what is...", "why...", "how does...") → Answer only, no code
+- **Explicit request** ("create", "implement", "fix", "add") → Action with code
+
+When the user asks a question, answer it. Do not start coding or running commands.
+
+## Confirmation Before Action
+
+For non-trivial changes, confirm approach before implementing:
+1. Explain what will be done
+2. Wait for user approval
+3. Then execute
+
+## Language
+
+Match the user's language. If they write in French, respond in French.

package/configs/_shared/rules/domain/backend/api-design.md

@@ -151,21 +151,77 @@ GET /api/v1/users?sort=lastName:asc,firstName:asc
 GET /api/v1/users?fields=id,name,email
 ```
 
-## Versioning
+## API Versioning
 
-### URL Path (recommended)
+### When to Version (Breaking Changes)
+
+- Removing or renaming a field
+- Changing field type (string → number)
+- Removing an endpoint
+- Changing authentication method
+- Modifying error response structure
+
+### NOT Breaking (no version bump)
+
+- Adding new optional fields
+- Adding new endpoints
+- Adding new query parameters
+- Performance improvements
+
+### Strategy: URL Path (recommended)
 
 ```
 /api/v1/users
 /api/v2/users
 ```
 
+- Simple, explicit, cacheable
+- Easy to route at load balancer level
+- Version visible in logs
+
 ### Header-based (alternative)
 
 ```
 Accept: application/vnd.api+json; version=1
 ```
 
+### Deprecation Policy
+
+1. Announce deprecation (minimum 6 months before sunset)
+2. Add `Deprecation` header to responses
+3. Document migration path
+4. Monitor usage, notify active consumers
+5. Sunset old version
+
+```
+Deprecation: true
+Sunset: Sat, 01 Jun 2025 00:00:00 GMT
+Link: <https://api.example.com/docs/migration-v2>; rel="deprecation"
+```
+
+### Version Lifecycle
+
+| Status | Description |
+|--------|-------------|
+| **Current** | Latest stable, recommended |
+| **Supported** | Still maintained, receives security fixes |
+| **Deprecated** | Works but scheduled for removal |
+| **Sunset** | No longer available |
+
+### Code Organization
+
+```
+project/
+├── src/
+│   ├── v1/
+│   │   ├── controllers/
+│   │   └── dto/
+│   ├── v2/
+│   │   ├── controllers/
+│   │   └── dto/
+│   └── shared/          # Version-agnostic (services, repositories)
+```
+
 ## Rate Limiting
 
 Include headers in response:

package/configs/adonisjs/rules/auth.md

@@ -0,0 +1,192 @@
+---
+paths:
+  - "app/controllers/auth/**/*.ts"
+  - "app/middleware/**/*.ts"
+  - "config/auth.ts"
+---
+
+# AdonisJS Authentication
+
+## Access Tokens (API)
+
+### Configuration
+
+```typescript
+// config/auth.ts
+import { defineConfig } from '@adonisjs/auth'
+import { tokensGuard, tokensUserProvider } from '@adonisjs/auth/access_tokens'
+
+export default defineConfig({
+  default: 'api',
+  guards: {
+    api: tokensGuard({
+      provider: tokensUserProvider({
+        tokens: 'accessTokens',
+        model: () => import('#models/user'),
+      }),
+    }),
+  },
+})
+```
+
+### User Model Setup
+
+```typescript
+import { DbAccessTokensProvider } from '@adonisjs/auth/access_tokens'
+
+export default class User extends BaseModel {
+  // ... other columns
+
+  static accessTokens = DbAccessTokensProvider.forModel(User)
+}
+```
+
+### Auth Controller
+
+```typescript
+import type { HttpContext } from '@adonisjs/core/http'
+import User from '#models/user'
+import hash from '@adonisjs/core/services/hash'
+import { loginValidator, registerValidator } from '#validators/auth'
+
+export default class AuthController {
+  async register({ request, response }: HttpContext) {
+    const payload = await request.validateUsing(registerValidator)
+    const user = await User.create(payload)
+    const token = await User.accessTokens.create(user)
+
+    return response.created({
+      user,
+      token: token.value!.release(),
+    })
+  }
+
+  async login({ request, response }: HttpContext) {
+    const { email, password } = await request.validateUsing(loginValidator)
+
+    const user = await User.findBy('email', email)
+    if (!user) {
+      return response.unauthorized({ message: 'Invalid credentials' })
+    }
+
+    const isValid = await hash.verify(user.password, password)
+    if (!isValid) {
+      return response.unauthorized({ message: 'Invalid credentials' })
+    }
+
+    const token = await User.accessTokens.create(user)
+
+    return response.ok({
+      user,
+      token: token.value!.release(),
+    })
+  }
+
+  async logout({ auth, response }: HttpContext) {
+    const user = auth.user!
+    await User.accessTokens.delete(user, user.currentAccessToken.identifier)
+    return response.noContent()
+  }
+
+  async me({ auth, response }: HttpContext) {
+    return response.ok(auth.user)
+  }
+}
+```
+
+### Routes
+
+```typescript
+// start/routes.ts
+import router from '@adonisjs/core/services/router'
+import { middleware } from '#start/kernel'
+
+const AuthController = () => import('#controllers/auth_controller')
+
+router.group(() => {
+  router.post('register', [AuthController, 'register'])
+  router.post('login', [AuthController, 'login'])
+
+  router.group(() => {
+    router.delete('logout', [AuthController, 'logout'])
+    router.get('me', [AuthController, 'me'])
+  }).use(middleware.auth())
+}).prefix('auth')
+```
+
+## Middleware
+
+### Auth Middleware
+
+```typescript
+// Protect routes
+router.get('profile', [ProfileController, 'show']).use(middleware.auth())
+
+// In controller, access user
+async show({ auth }: HttpContext) {
+  const user = auth.user! // Typed as User
+}
+```
+
+### Custom Middleware
+
+```typescript
+// app/middleware/admin_middleware.ts
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+export default class AdminMiddleware {
+  async handle({ auth, response }: HttpContext, next: NextFn) {
+    if (auth.user?.role !== 'admin') {
+      return response.forbidden({ message: 'Admin access required' })
+    }
+    await next()
+  }
+}
+```
+
+### Register Middleware
+
+```typescript
+// start/kernel.ts
+import router from '@adonisjs/core/services/router'
+
+router.named({
+  auth: () => import('#middleware/auth_middleware'),
+  admin: () => import('#middleware/admin_middleware'),
+})
+```
+
+## Password Hashing
+
+```typescript
+import hash from '@adonisjs/core/services/hash'
+
+// Hash password
+const hashed = await hash.make('password')
+
+// Verify password
+const isValid = await hash.verify(hashed, 'password')
+```
+
+## Auth Validators
+
+```typescript
+// app/validators/auth.ts
+import vine from '@vinejs/vine'
+
+export const registerValidator = vine.compile(
+  vine.object({
+    email: vine.string().email().normalizeEmail(),
+    password: vine.string().minLength(8).confirmed(),
+    name: vine.string().minLength(2),
+  })
+)
+
+export const loginValidator = vine.compile(
+  vine.object({
+    email: vine.string().email(),
+    password: vine.string(),
+  })
+)
+```

package/configs/adonisjs/rules/controllers.md

@@ -0,0 +1,111 @@
+---
+paths:
+  - "app/controllers/**/*.ts"
+---
+
+# AdonisJS Controllers
+
+## Structure
+
+Controllers handle HTTP concerns only. Delegate business logic to services.
+
+```typescript
+import type { HttpContext } from '@adonisjs/core/http'
+import { inject } from '@adonisjs/core'
+import UserService from '#services/user_service'
+import { createUserValidator, updateUserValidator } from '#validators/user'
+
+@inject()
+export default class UsersController {
+  constructor(private userService: UserService) {}
+
+  async index({ response }: HttpContext) {
+    const users = await this.userService.getAll()
+    return response.ok(users)
+  }
+
+  async store({ request, response }: HttpContext) {
+    const payload = await request.validateUsing(createUserValidator)
+    const user = await this.userService.create(payload)
+    return response.created(user)
+  }
+
+  async show({ params, response }: HttpContext) {
+    const user = await this.userService.findOrFail(params.id)
+    return response.ok(user)
+  }
+
+  async update({ params, request, response }: HttpContext) {
+    const payload = await request.validateUsing(updateUserValidator)
+    const user = await this.userService.update(params.id, payload)
+    return response.ok(user)
+  }
+
+  async destroy({ params, response }: HttpContext) {
+    await this.userService.delete(params.id)
+    return response.noContent()
+  }
+}
+```
+
+## Best Practices
+
+### Use Dependency Injection
+
+```typescript
+// Good
+@inject()
+export default class OrdersController {
+  constructor(
+    private orderService: OrderService,
+    private notificationService: NotificationService
+  ) {}
+}
+
+// Avoid: instantiating services manually
+export default class OrdersController {
+  private orderService = new OrderService() // Hard to test
+}
+```
+
+### Validate Input
+
+Always validate using VineJS validators:
+
+```typescript
+async store({ request }: HttpContext) {
+  // Validates and returns typed payload
+  const payload = await request.validateUsing(createOrderValidator)
+  // payload is now typed and validated
+}
+```
+
+### Use Response Helpers
+
+```typescript
+response.ok(data)           // 200
+response.created(data)      // 201
+response.noContent()        // 204
+response.badRequest(error)  // 400
+response.unauthorized()     // 401
+response.forbidden()        // 403
+response.notFound()         // 404
+```
+
+### Resource Routes
+
+```typescript
+// start/routes.ts
+import router from '@adonisjs/core/services/router'
+
+const UsersController = () => import('#controllers/users_controller')
+
+router.resource('users', UsersController).apiOnly()
+
+// Generates:
+// GET    /users          → index
+// POST   /users          → store
+// GET    /users/:id      → show
+// PUT    /users/:id      → update
+// DELETE /users/:id      → destroy
+```

package/configs/adonisjs/rules/core.md

@@ -0,0 +1,95 @@
+---
+description: "AdonisJS 6+ project conventions and architecture"
+alwaysApply: true
+---
+
+# AdonisJS Project Guidelines
+
+## Stack
+
+- AdonisJS 6+
+- TypeScript strict mode
+- Node.js 20+
+- Japa (test framework)
+- Lucid ORM
+
+## Architecture
+
+```
+├── app/
+│   ├── controllers/
+│   ├── models/
+│   ├── services/
+│   ├── validators/
+│   ├── middleware/
+│   ├── exceptions/
+│   └── mails/
+├── config/
+├── database/
+│   ├── migrations/
+│   ├── seeders/
+│   └── factories/
+├── resources/
+│   └── views/
+├── start/
+│   ├── routes.ts
+│   ├── kernel.ts
+│   └── events.ts
+├── tests/
+└── adonisrc.ts
+```
+
+## Request Lifecycle
+
+```
+Request → Global Middleware → Route Middleware → Controller → Response
+```
+
+## Core Principles
+
+### Layer Responsibilities
+
+| Layer | Responsibility |
+|-------|---------------|
+| Controller | HTTP handling, delegates to services |
+| Service | Business logic |
+| Model | Data structure, relationships, hooks |
+| Validator | Input validation with VineJS |
+
+### Naming Conventions
+
+- Controllers: `UsersController` (plural)
+- Models: `User` (singular)
+- Validators: `CreateUserValidator`
+- Migrations: `TIMESTAMP_create_users_table`
+
+### Dependency Injection
+
+Use the IoC container:
+```typescript
+@inject()
+export default class UsersController {
+  constructor(private userService: UserService) {}
+}
+```
+
+## Commands
+
+```bash
+node ace serve --watch     # Dev server
+node ace build             # Production build
+node ace test              # Run tests
+node ace make:controller   # Generate controller
+node ace make:model        # Generate model
+node ace make:validator    # Generate validator
+node ace make:service      # Generate service
+node ace migration:run     # Run migrations
+node ace migration:rollback
+```
+
+## Code Style
+
+- Use `@inject()` decorator for DI
+- Async methods return `Promise<T>`
+- Use `HttpContext` for request/response
+- Validators use VineJS schema

package/configs/adonisjs/rules/database/lucid.md

@@ -0,0 +1,167 @@
+---
+paths:
+  - "app/models/**/*.ts"
+  - "database/migrations/**/*.ts"
+  - "database/seeders/**/*.ts"
+  - "database/factories/**/*.ts"
+---
+
+# Lucid ORM
+
+## Models
+
+```typescript
+import { DateTime } from 'luxon'
+import { BaseModel, column, hasMany, belongsTo } from '@adonisjs/lucid/orm'
+import type { HasMany, BelongsTo } from '@adonisjs/lucid/types/relations'
+import Post from '#models/post'
+import Role from '#models/role'
+
+export default class User extends BaseModel {
+  @column({ isPrimary: true })
+  declare id: number
+
+  @column()
+  declare email: string
+
+  @column({ serializeAs: null })
+  declare password: string
+
+  @column()
+  declare roleId: number
+
+  @column.dateTime({ autoCreate: true })
+  declare createdAt: DateTime
+
+  @column.dateTime({ autoCreate: true, autoUpdate: true })
+  declare updatedAt: DateTime
+
+  // Relationships
+  @hasMany(() => Post)
+  declare posts: HasMany<typeof Post>
+
+  @belongsTo(() => Role)
+  declare role: BelongsTo<typeof Role>
+}
+```
+
+## Relationships
+
+```typescript
+// One to Many
+@hasMany(() => Post)
+declare posts: HasMany<typeof Post>
+
+// Belongs To
+@belongsTo(() => User)
+declare user: BelongsTo<typeof User>
+
+// Many to Many
+@manyToMany(() => Tag, {
+  pivotTable: 'post_tags',
+  pivotTimestamps: true,
+})
+declare tags: ManyToMany<typeof Tag>
+
+// Has One
+@hasOne(() => Profile)
+declare profile: HasOne<typeof Profile>
+```
+
+## Queries
+
+```typescript
+// Find
+const user = await User.find(1)
+const user = await User.findOrFail(1)
+const user = await User.findBy('email', 'user@example.com')
+
+// Query builder
+const users = await User.query()
+  .where('isActive', true)
+  .whereNotNull('verifiedAt')
+  .orderBy('createdAt', 'desc')
+  .limit(10)
+
+// With relationships
+const user = await User.query()
+  .where('id', 1)
+  .preload('posts', (query) => {
+    query.where('isPublished', true)
+  })
+  .firstOrFail()
+
+// Aggregates
+const count = await User.query().count('* as total')
+```
+
+## Migrations
+
+```typescript
+import { BaseSchema } from '@adonisjs/lucid/schema'
+
+export default class extends BaseSchema {
+  protected tableName = 'users'
+
+  async up() {
+    this.schema.createTable(this.tableName, (table) => {
+      table.increments('id')
+      table.string('email').notNullable().unique()
+      table.string('password').notNullable()
+      table.integer('role_id').unsigned().references('roles.id').onDelete('CASCADE')
+      table.timestamp('created_at')
+      table.timestamp('updated_at')
+    })
+  }
+
+  async down() {
+    this.schema.dropTable(this.tableName)
+  }
+}
+```
+
+## Factories
+
+```typescript
+import Factory from '@adonisjs/lucid/factories'
+import User from '#models/user'
+
+export const UserFactory = Factory.define(User, ({ faker }) => ({
+  email: faker.internet.email(),
+  password: faker.internet.password(),
+}))
+  .relation('posts', () => PostFactory)
+  .build()
+
+// Usage
+const user = await UserFactory.create()
+const users = await UserFactory.createMany(5)
+const userWithPosts = await UserFactory.with('posts', 3).create()
+```
+
+## Hooks
+
+```typescript
+import { beforeSave } from '@adonisjs/lucid/orm'
+import hash from '@adonisjs/core/services/hash'
+
+export default class User extends BaseModel {
+  @beforeSave()
+  static async hashPassword(user: User) {
+    if (user.$dirty.password) {
+      user.password = await hash.make(user.password)
+    }
+  }
+}
+```
+
+## Transactions
+
+```typescript
+import db from '@adonisjs/lucid/services/db'
+
+await db.transaction(async (trx) => {
+  const user = await User.create({ email, password }, { client: trx })
+  await Profile.create({ userId: user.id }, { client: trx })
+})
+```

package/configs/adonisjs/rules/middleware.md

@@ -0,0 +1,140 @@
+---
+paths:
+  - "app/middleware/**/*.ts"
+  - "start/kernel.ts"
+---
+
+# AdonisJS Middleware
+
+## Creating Middleware
+
+```typescript
+// app/middleware/admin_middleware.ts
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+export default class AdminMiddleware {
+  async handle({ auth, response }: HttpContext, next: NextFn) {
+    if (auth.user?.role !== 'admin') {
+      return response.forbidden({ message: 'Admin access required' })
+    }
+
+    await next()
+  }
+}
+```
+
+## Register Middleware
+
+```typescript
+// start/kernel.ts
+import router from '@adonisjs/core/services/router'
+
+// Named middleware (use on specific routes)
+router.named({
+  auth: () => import('#middleware/auth_middleware'),
+  admin: () => import('#middleware/admin_middleware'),
+  verified: () => import('#middleware/verified_middleware'),
+})
+```
+
+## Using Middleware
+
+```typescript
+// start/routes.ts
+import router from '@adonisjs/core/services/router'
+import { middleware } from '#start/kernel'
+
+// Single middleware
+router.get('dashboard', [DashboardController, 'index'])
+  .use(middleware.auth())
+
+// Multiple middleware
+router.get('admin', [AdminController, 'index'])
+  .use([middleware.auth(), middleware.admin()])
+
+// Group middleware
+router.group(() => {
+  router.get('profile', [ProfileController, 'show'])
+  router.put('profile', [ProfileController, 'update'])
+}).use(middleware.auth())
+```
+
+## Middleware with Parameters
+
+```typescript
+// app/middleware/role_middleware.ts
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+
+export default class RoleMiddleware {
+  async handle({ auth, response }: HttpContext, next: NextFn, options: { roles: string[] }) {
+    if (!options.roles.includes(auth.user!.role)) {
+      return response.forbidden({ message: 'Insufficient permissions' })
+    }
+
+    await next()
+  }
+}
+
+// Usage
+router.get('reports', [ReportsController, 'index'])
+  .use(middleware.role({ roles: ['admin', 'manager'] }))
+```
+
+## Request Logging Middleware
+
+```typescript
+import type { HttpContext } from '@adonisjs/core/http'
+import type { NextFn } from '@adonisjs/core/types/http'
+import logger from '@adonisjs/core/services/logger'
+
+export default class RequestLoggerMiddleware {
+  async handle({ request }: HttpContext, next: NextFn) {
+    const start = Date.now()
+
+    await next()
+
+    const duration = Date.now() - start
+    logger.info(`${request.method()} ${request.url()} - ${duration}ms`)
+  }
+}
+```
+
+## Global Middleware
+
+```typescript
+// start/kernel.ts
+import server from '@adonisjs/core/services/server'
+
+// Server middleware (runs for every request)
+server.use([
+  () => import('#middleware/container_bindings_middleware'),
+  () => import('#middleware/force_json_response_middleware'),
+])
+
+// Router middleware (runs for routes only)
+router.use([
+  () => import('@adonisjs/core/bodyparser_middleware'),
+  () => import('#middleware/request_logger_middleware'),
+])
+```
+
+## Terminate Hook
+
+```typescript
+export default class AnalyticsMiddleware {
+  async handle(ctx: HttpContext, next: NextFn) {
+    await next()
+  }
+
+  // Runs after response is sent
+  async terminate(ctx: HttpContext) {
+    await Analytics.track({
+      path: ctx.request.url(),
+      userId: ctx.auth.user?.id,
+      duration: ctx.response.getResponseTime(),
+    })
+  }
+}
+```

package/configs/adonisjs/rules/services.md

@@ -0,0 +1,154 @@
+---
+paths:
+  - "app/services/**/*.ts"
+---
+
+# AdonisJS Services
+
+## Structure
+
+Services contain business logic. Controllers delegate to services.
+
+```typescript
+// app/services/user_service.ts
+import { inject } from '@adonisjs/core'
+import User from '#models/user'
+import hash from '@adonisjs/core/services/hash'
+
+@inject()
+export default class UserService {
+  async getAll() {
+    return User.query().orderBy('createdAt', 'desc')
+  }
+
+  async findOrFail(id: number) {
+    return User.findOrFail(id)
+  }
+
+  async create(data: { email: string; password: string; name: string }) {
+    return User.create({
+      ...data,
+      password: await hash.make(data.password),
+    })
+  }
+
+  async update(id: number, data: Partial<{ email: string; name: string }>) {
+    const user = await User.findOrFail(id)
+    user.merge(data)
+    await user.save()
+    return user
+  }
+
+  async delete(id: number) {
+    const user = await User.findOrFail(id)
+    await user.delete()
+  }
+}
+```
+
+## Service with Dependencies
+
+```typescript
+import { inject } from '@adonisjs/core'
+import mail from '@adonisjs/mail/services/main'
+import User from '#models/user'
+import NotificationService from '#services/notification_service'
+
+@inject()
+export default class OrderService {
+  constructor(private notificationService: NotificationService) {}
+
+  async create(userId: number, items: OrderItem[]) {
+    const user = await User.findOrFail(userId)
+
+    const order = await Order.create({
+      userId,
+      total: this.calculateTotal(items),
+    })
+
+    await order.related('items').createMany(items)
+
+    // Use injected service
+    await this.notificationService.sendOrderConfirmation(user, order)
+
+    return order
+  }
+
+  private calculateTotal(items: OrderItem[]): number {
+    return items.reduce((sum, item) => sum + item.price * item.quantity, 0)
+  }
+}
+```
+
+## Register in Container (optional)
+
+For complex setup or interfaces:
+
+```typescript
+// providers/app_provider.ts
+import type { ApplicationService } from '@adonisjs/core/types'
+
+export default class AppProvider {
+  constructor(protected app: ApplicationService) {}
+
+  async boot() {
+    const { default: PaymentService } = await import('#services/payment_service')
+
+    this.app.container.singleton('payment', () => {
+      return new PaymentService(env.get('STRIPE_KEY'))
+    })
+  }
+}
+```
+
+## Error Handling
+
+```typescript
+import { Exception } from '@adonisjs/core/exceptions'
+
+export class InsufficientFundsException extends Exception {
+  static status = 422
+  static code = 'E_INSUFFICIENT_FUNDS'
+}
+
+export default class WalletService {
+  async withdraw(userId: number, amount: number) {
+    const wallet = await Wallet.findByOrFail('userId', userId)
+
+    if (wallet.balance < amount) {
+      throw new InsufficientFundsException('Insufficient funds')
+    }
+
+    wallet.balance -= amount
+    await wallet.save()
+    return wallet
+  }
+}
+```
+
+## Testing Services
+
+```typescript
+import { test } from '@japa/runner'
+import UserService from '#services/user_service'
+import { UserFactory } from '#database/factories/user_factory'
+
+test.group('UserService', (group) => {
+  group.each.setup(async () => {
+    await Database.beginGlobalTransaction()
+    return () => Database.rollbackGlobalTransaction()
+  })
+
+  test('creates user with hashed password', async ({ assert }) => {
+    const service = new UserService()
+
+    const user = await service.create({
+      email: 'test@example.com',
+      password: 'plaintext',
+      name: 'Test',
+    })
+
+    assert.notEqual(user.password, 'plaintext')
+  })
+})
+```

package/configs/adonisjs/rules/testing.md

@@ -0,0 +1,170 @@
+---
+paths:
+  - "tests/**/*.ts"
+---
+
+# AdonisJS Testing (Japa)
+
+## Test Structure
+
+```
+tests/
+├── bootstrap.ts      # Test setup
+├── unit/
+│   └── services/
+├── functional/
+│   └── controllers/
+└── integration/
+```
+
+## Unit Test
+
+```typescript
+import { test } from '@japa/runner'
+import UserService from '#services/user_service'
+
+test.group('UserService', () => {
+  test('creates a user with valid data', async ({ assert }) => {
+    const service = new UserService()
+    const user = await service.create({
+      email: 'test@example.com',
+      password: 'password123',
+    })
+
+    assert.exists(user.id)
+    assert.equal(user.email, 'test@example.com')
+  })
+})
+```
+
+## Functional Test (HTTP)
+
+```typescript
+import { test } from '@japa/runner'
+import { UserFactory } from '#database/factories/user_factory'
+
+test.group('Users Controller', (group) => {
+  group.each.setup(async () => {
+    // Runs before each test
+    await Database.beginGlobalTransaction()
+    return () => Database.rollbackGlobalTransaction()
+  })
+
+  test('list all users', async ({ client, assert }) => {
+    await UserFactory.createMany(3)
+
+    const response = await client.get('/users')
+
+    response.assertStatus(200)
+    assert.lengthOf(response.body(), 3)
+  })
+
+  test('create a user', async ({ client }) => {
+    const response = await client.post('/users').json({
+      email: 'new@example.com',
+      password: 'password123',
+      name: 'New User',
+    })
+
+    response.assertStatus(201)
+    response.assertBodyContains({ email: 'new@example.com' })
+  })
+
+  test('requires authentication', async ({ client }) => {
+    const response = await client.get('/profile')
+    response.assertStatus(401)
+  })
+})
+```
+
+## Authenticated Requests
+
+```typescript
+test('authenticated user can view profile', async ({ client }) => {
+  const user = await UserFactory.create()
+
+  const response = await client
+    .get('/profile')
+    .loginAs(user)
+
+  response.assertStatus(200)
+  response.assertBodyContains({ id: user.id })
+})
+```
+
+## Database Helpers
+
+```typescript
+import Database from '@adonisjs/lucid/services/db'
+import { test } from '@japa/runner'
+
+test.group('Database tests', (group) => {
+  // Transaction per test (auto rollback)
+  group.each.setup(async () => {
+    await Database.beginGlobalTransaction()
+    return () => Database.rollbackGlobalTransaction()
+  })
+
+  // Or truncate tables
+  group.each.setup(async () => {
+    await Database.truncate('users')
+  })
+})
+```
+
+## Assertions
+
+```typescript
+test('response assertions', async ({ client, assert }) => {
+  const response = await client.get('/users/1')
+
+  // Status
+  response.assertStatus(200)
+  response.assertStatus(201)
+  response.assertStatus(404)
+
+  // Body
+  response.assertBody({ id: 1, name: 'John' })
+  response.assertBodyContains({ name: 'John' })
+
+  // Headers
+  response.assertHeader('content-type', 'application/json')
+
+  // Custom assertions
+  assert.equal(response.body().email, 'test@example.com')
+  assert.lengthOf(response.body().users, 3)
+  assert.isTrue(response.body().isActive)
+})
+```
+
+## Mocking
+
+```typescript
+import { test } from '@japa/runner'
+import mail from '@adonisjs/mail/services/main'
+
+test('sends welcome email on registration', async ({ client, assert }) => {
+  const { mails } = mail.fake()
+
+  await client.post('/auth/register').json({
+    email: 'test@example.com',
+    password: 'password123',
+  })
+
+  assert.lengthOf(mails.sent, 1)
+  mails.assertSent(WelcomeMail, (mail) => {
+    return mail.to[0].address === 'test@example.com'
+  })
+
+  mail.restore()
+})
+```
+
+## Running Tests
+
+```bash
+node ace test              # All tests
+node ace test --files="tests/functional/**"
+node ace test --tags="@slow"
+node ace test --watch      # Watch mode
+```

package/configs/adonisjs/rules/validation.md

@@ -0,0 +1,130 @@
+---
+paths:
+  - "app/validators/**/*.ts"
+---
+
+# VineJS Validation
+
+## Basic Validator
+
+```typescript
+import vine from '@vinejs/vine'
+
+export const createUserValidator = vine.compile(
+  vine.object({
+    email: vine.string().email().normalizeEmail(),
+    password: vine.string().minLength(8),
+    name: vine.string().minLength(2).maxLength(100),
+  })
+)
+
+export const updateUserValidator = vine.compile(
+  vine.object({
+    email: vine.string().email().normalizeEmail().optional(),
+    name: vine.string().minLength(2).maxLength(100).optional(),
+  })
+)
+```
+
+## Common Rules
+
+```typescript
+vine.object({
+  // Strings
+  name: vine.string().minLength(2).maxLength(100),
+  email: vine.string().email(),
+  url: vine.string().url(),
+  slug: vine.string().regex(/^[a-z0-9-]+$/),
+
+  // Numbers
+  age: vine.number().min(0).max(150),
+  price: vine.number().positive().decimal(2),
+
+  // Booleans
+  isActive: vine.boolean(),
+
+  // Dates
+  birthDate: vine.date({ formats: ['YYYY-MM-DD'] }),
+
+  // Arrays
+  tags: vine.array(vine.string()).minLength(1).maxLength(10),
+
+  // Enums
+  status: vine.enum(['draft', 'published', 'archived']),
+
+  // Optional & Nullable
+  bio: vine.string().optional(),
+  deletedAt: vine.date().nullable(),
+})
+```
+
+## Custom Error Messages
+
+```typescript
+export const createUserValidator = vine.compile(
+  vine.object({
+    email: vine.string().email(),
+    password: vine.string().minLength(8),
+  })
+)
+
+createUserValidator.messagesProvider = new SimpleMessagesProvider({
+  'email.required': 'Email is required',
+  'email.email': 'Invalid email format',
+  'password.minLength': 'Password must be at least 8 characters',
+})
+```
+
+## Unique Validation
+
+```typescript
+import vine from '@vinejs/vine'
+import { FieldContext } from '@vinejs/vine/types'
+import User from '#models/user'
+
+const uniqueEmail = vine.createRule(async (value: unknown, _options: undefined, field: FieldContext) => {
+  if (typeof value !== 'string') return
+
+  const user = await User.findBy('email', value)
+  if (user) {
+    field.report('Email already exists', 'unique', field)
+  }
+})
+
+export const createUserValidator = vine.compile(
+  vine.object({
+    email: vine.string().email().use(uniqueEmail()),
+  })
+)
+```
+
+## Conditional Validation
+
+```typescript
+vine.object({
+  accountType: vine.enum(['personal', 'business']),
+  companyName: vine
+    .string()
+    .minLength(2)
+    .requiredWhen('accountType', '=', 'business'),
+  taxId: vine
+    .string()
+    .optional()
+    .requiredWhen('accountType', '=', 'business'),
+})
+```
+
+## Usage in Controller
+
+```typescript
+import { createUserValidator } from '#validators/user'
+
+export default class UsersController {
+  async store({ request, response }: HttpContext) {
+    const payload = await request.validateUsing(createUserValidator)
+    // payload is fully typed: { email: string, password: string, name: string }
+    const user = await User.create(payload)
+    return response.created(user)
+  }
+}
+```

package/configs/adonisjs/settings.json

@@ -0,0 +1,34 @@
+{
+  "permissions": {
+    "allow": [
+      "Bash(node ace serve --watch)",
+      "Bash(node ace build)",
+      "Bash(node ace test*)",
+      "Bash(node ace make:*)",
+      "Bash(node ace migration:*)",
+      "Bash(node ace db:*)",
+      "Bash(node ace generate:*)",
+      "Bash(node ace list)",
+      "Bash(npm run dev)",
+      "Bash(npm run build)",
+      "Bash(npm run test*)",
+      "Bash(npm run lint*)",
+      "Bash(npm install *)",
+      "Bash(npm ci)",
+      "Read",
+      "Edit",
+      "Write"
+    ],
+    "deny": [
+      "Bash(git push *)",
+      "Bash(git push)",
+      "Bash(rm -rf *)",
+      "Read(.env)",
+      "Read(.env.*)",
+      "Read(**/secrets/**)"
+    ]
+  },
+  "env": {
+    "NODE_ENV": "development"
+  }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@malamute/ai-rules",
-  "version": "1.4.1",
+  "version": "1.5.1",
   "description": "Claude Code configuration boilerplates for Angular, Next.js, NestJS, .NET, Python and more",
   "type": "module",
   "main": "src/index.js",

package/src/tech-config.json

@@ -23,6 +23,10 @@
     "flask": {
       "type": "backend",
       "language": "python"
+    },
+    "adonisjs": {
+      "type": "backend",
+      "language": "typescript"
     }
   },
   "ruleMapping": {