@mandujs/mcp 0.12.2 → 0.13.0

package/src/resources/skills/mandu-performance/rules/perf-render-transitions.md

@@ -1,154 +1,154 @@
----
-title: Use startTransition for Non-Urgent Updates
-impact: MEDIUM
-impactDescription: Prevents UI blocking on heavy updates
-tags: performance, render, transitions, react
----
-
-## Use startTransition for Non-Urgent Updates
-
-**Impact: MEDIUM (Prevents UI blocking on heavy updates)**
-
-`startTransition`으로 비긴급 업데이트를 표시하면 React가 긴급 업데이트(타이핑, 클릭)를 우선 처리합니다.
-
-**Incorrect (모든 업데이트가 긴급):**
-
-```tsx
-"use client";
-
-import { useState } from "react";
-
-export default function SearchIsland() {
-  const [query, setQuery] = useState("");
-  const [results, setResults] = useState([]);
-
-  const handleChange = async (e) => {
-    const value = e.target.value;
-    setQuery(value);  // 긴급: 입력 반영
-
-    // ❌ 검색도 긴급으로 처리 → 입력이 버벅임
-    const data = await search(value);
-    setResults(data);
-  };
-
-  return (
-    <div>
-      <input value={query} onChange={handleChange} />
-      <ResultsList results={results} />
-    </div>
-  );
-}
-```
-
-**Correct (비긴급 업데이트 분리):**
-
-```tsx
-"use client";
-
-import { useState, useTransition } from "react";
-
-export default function SearchIsland() {
-  const [query, setQuery] = useState("");
-  const [results, setResults] = useState([]);
-  const [isPending, startTransition] = useTransition();
-
-  const handleChange = async (e) => {
-    const value = e.target.value;
-    setQuery(value);  // 긴급: 입력 즉시 반영
-
-    // ✅ 검색 결과는 비긴급
-    startTransition(async () => {
-      const data = await search(value);
-      setResults(data);
-    });
-  };
-
-  return (
-    <div>
-      <input value={query} onChange={handleChange} />
-      {isPending && <Spinner />}
-      <ResultsList results={results} />
-    </div>
-  );
-}
-```
-
-## 무거운 리스트 필터링
-
-```tsx
-"use client";
-
-import { useState, useTransition, useMemo } from "react";
-
-export default function FilterableList({ items }) {
-  const [filter, setFilter] = useState("");
-  const [isPending, startTransition] = useTransition();
-
-  // ✅ 필터링을 transition으로 처리
-  const handleFilterChange = (e) => {
-    startTransition(() => {
-      setFilter(e.target.value);
-    });
-  };
-
-  const filteredItems = useMemo(
-    () => items.filter((item) => item.name.includes(filter)),
-    [items, filter]
-  );
-
-  return (
-    <div>
-      <input
-        onChange={handleFilterChange}
-        placeholder="Filter..."
-      />
-      <div style={{ opacity: isPending ? 0.7 : 1 }}>
-        {filteredItems.map((item) => (
-          <Item key={item.id} data={item} />
-        ))}
-      </div>
-    </div>
-  );
-}
-```
-
-## 탭 전환
-
-```tsx
-"use client";
-
-import { useState, useTransition } from "react";
-
-export default function TabsIsland() {
-  const [tab, setTab] = useState("home");
-  const [isPending, startTransition] = useTransition();
-
-  const handleTabChange = (newTab) => {
-    // ✅ 탭 콘텐츠 로딩은 비긴급
-    startTransition(() => {
-      setTab(newTab);
-    });
-  };
-
-  return (
-    <div>
-      <TabButtons activeTab={tab} onChange={handleTabChange} />
-      <div style={{ opacity: isPending ? 0.5 : 1 }}>
-        <TabContent tab={tab} />
-      </div>
-    </div>
-  );
-}
-```
-
-## 언제 사용하나요?
-
-| 상황 | startTransition 사용 |
-|------|---------------------|
-| 타이핑, 클릭 반응 | ❌ (긴급) |
-| 검색 결과 표시 | ✅ |
-| 리스트 필터링 | ✅ |
-| 탭/페이지 전환 | ✅ |
-| 무거운 계산 결과 | ✅ |
-
-Reference: [React useTransition](https://react.dev/reference/react/useTransition)
+---
+title: Use startTransition for Non-Urgent Updates
+impact: MEDIUM
+impactDescription: Prevents UI blocking on heavy updates
+tags: performance, render, transitions, react
+---
+
+## Use startTransition for Non-Urgent Updates
+
+**Impact: MEDIUM (Prevents UI blocking on heavy updates)**
+
+`startTransition`으로 비긴급 업데이트를 표시하면 React가 긴급 업데이트(타이핑, 클릭)를 우선 처리합니다.
+
+**Incorrect (모든 업데이트가 긴급):**
+
+```tsx
+"use client";
+
+import { useState } from "react";
+
+export default function SearchIsland() {
+  const [query, setQuery] = useState("");
+  const [results, setResults] = useState([]);
+
+  const handleChange = async (e) => {
+    const value = e.target.value;
+    setQuery(value);  // 긴급: 입력 반영
+
+    // ❌ 검색도 긴급으로 처리 → 입력이 버벅임
+    const data = await search(value);
+    setResults(data);
+  };
+
+  return (
+    <div>
+      <input value={query} onChange={handleChange} />
+      <ResultsList results={results} />
+    </div>
+  );
+}
+```
+
+**Correct (비긴급 업데이트 분리):**
+
+```tsx
+"use client";
+
+import { useState, useTransition } from "react";
+
+export default function SearchIsland() {
+  const [query, setQuery] = useState("");
+  const [results, setResults] = useState([]);
+  const [isPending, startTransition] = useTransition();
+
+  const handleChange = async (e) => {
+    const value = e.target.value;
+    setQuery(value);  // 긴급: 입력 즉시 반영
+
+    // ✅ 검색 결과는 비긴급
+    startTransition(async () => {
+      const data = await search(value);
+      setResults(data);
+    });
+  };
+
+  return (
+    <div>
+      <input value={query} onChange={handleChange} />
+      {isPending && <Spinner />}
+      <ResultsList results={results} />
+    </div>
+  );
+}
+```
+
+## 무거운 리스트 필터링
+
+```tsx
+"use client";
+
+import { useState, useTransition, useMemo } from "react";
+
+export default function FilterableList({ items }) {
+  const [filter, setFilter] = useState("");
+  const [isPending, startTransition] = useTransition();
+
+  // ✅ 필터링을 transition으로 처리
+  const handleFilterChange = (e) => {
+    startTransition(() => {
+      setFilter(e.target.value);
+    });
+  };
+
+  const filteredItems = useMemo(
+    () => items.filter((item) => item.name.includes(filter)),
+    [items, filter]
+  );
+
+  return (
+    <div>
+      <input
+        onChange={handleFilterChange}
+        placeholder="Filter..."
+      />
+      <div style={{ opacity: isPending ? 0.7 : 1 }}>
+        {filteredItems.map((item) => (
+          <Item key={item.id} data={item} />
+        ))}
+      </div>
+    </div>
+  );
+}
+```
+
+## 탭 전환
+
+```tsx
+"use client";
+
+import { useState, useTransition } from "react";
+
+export default function TabsIsland() {
+  const [tab, setTab] = useState("home");
+  const [isPending, startTransition] = useTransition();
+
+  const handleTabChange = (newTab) => {
+    // ✅ 탭 콘텐츠 로딩은 비긴급
+    startTransition(() => {
+      setTab(newTab);
+    });
+  };
+
+  return (
+    <div>
+      <TabButtons activeTab={tab} onChange={handleTabChange} />
+      <div style={{ opacity: isPending ? 0.5 : 1 }}>
+        <TabContent tab={tab} />
+      </div>
+    </div>
+  );
+}
+```
+
+## 언제 사용하나요?
+
+| 상황 | startTransition 사용 |
+|------|---------------------|
+| 타이핑, 클릭 반응 | ❌ (긴급) |
+| 검색 결과 표시 | ✅ |
+| 리스트 필터링 | ✅ |
+| 탭/페이지 전환 | ✅ |
+| 무거운 계산 결과 | ✅ |
+
+Reference: [React useTransition](https://react.dev/reference/react/useTransition)

package/src/resources/skills/mandu-security/SKILL.md

@@ -1,87 +1,87 @@
----
-name: mandu-security
-description: |
-  Security best practices for Mandu applications. Use when implementing
-  authentication, authorization, input validation, or protecting against
-  common vulnerabilities. Triggers on guard, auth, CSRF, XSS, or security tasks.
-license: MIT
-metadata:
-  author: mandu
-  version: "1.0.0"
----
-
-# Mandu Security
-
-Mandu 애플리케이션의 보안 모범 사례 가이드. slot guard를 통한 인증/인가, 입력 검증, CSRF/XSS 방어, 환경 변수 관리를 다룹니다.
-
-## When to Apply
-
-Reference these guidelines when:
-- Implementing authentication in slots
-- Adding authorization guards
-- Validating user input
-- Protecting against CSRF/XSS attacks
-- Managing secrets and environment variables
-- Handling sensitive data
-
-## Rule Categories by Priority
-
-| Priority | Category | Impact | Prefix |
-|----------|----------|--------|--------|
-| 1 | Authentication | CRITICAL | `sec-auth-` |
-| 2 | Input Validation | CRITICAL | `sec-input-` |
-| 3 | CSRF/XSS Protection | HIGH | `sec-protect-` |
-| 4 | Environment & Secrets | HIGH | `sec-env-` |
-| 5 | Data Handling | MEDIUM | `sec-data-` |
-
-## Quick Reference
-
-### 1. Authentication (CRITICAL)
-
-- `sec-auth-guard` - Use guard() for authentication checks
-- `sec-auth-session` - Secure session management
-- `sec-auth-jwt` - JWT token handling best practices
-
-### 2. Input Validation (CRITICAL)
-
-- `sec-input-validate` - Always validate and sanitize input
-- `sec-input-schema` - Use schema validation (Zod, etc.)
-- `sec-input-escape` - Escape output to prevent injection
-
-### 3. CSRF/XSS Protection (HIGH)
-
-- `sec-protect-csrf` - CSRF token implementation
-- `sec-protect-xss` - XSS prevention techniques
-- `sec-protect-headers` - Security headers configuration
-
-### 4. Environment & Secrets (HIGH)
-
-- `sec-env-management` - Environment variable best practices
-- `sec-env-no-expose` - Never expose secrets to client
-
-### 5. Data Handling (MEDIUM)
-
-- `sec-data-sanitize` - Sanitize data before storage
-- `sec-data-encrypt` - Encrypt sensitive data
-
-## Security Checklist
-
-```
-□ Authentication required for protected routes
-□ Input validated on server side
-□ Output escaped/sanitized
-□ CSRF tokens for state-changing operations
-□ Security headers configured
-□ Secrets in environment variables only
-□ No sensitive data in client bundles
-```
-
-## How to Use
-
-Read individual rule files for detailed explanations:
-
-```
-rules/sec-auth-guard.md
-rules/sec-input-validate.md
-rules/sec-protect-csrf.md
-```
+---
+name: mandu-security
+description: |
+  Security best practices for Mandu applications. Use when implementing
+  authentication, authorization, input validation, or protecting against
+  common vulnerabilities. Triggers on guard, auth, CSRF, XSS, or security tasks.
+license: MIT
+metadata:
+  author: mandu
+  version: "1.0.0"
+---
+
+# Mandu Security
+
+Mandu 애플리케이션의 보안 모범 사례 가이드. slot guard를 통한 인증/인가, 입력 검증, CSRF/XSS 방어, 환경 변수 관리를 다룹니다.
+
+## When to Apply
+
+Reference these guidelines when:
+- Implementing authentication in slots
+- Adding authorization guards
+- Validating user input
+- Protecting against CSRF/XSS attacks
+- Managing secrets and environment variables
+- Handling sensitive data
+
+## Rule Categories by Priority
+
+| Priority | Category | Impact | Prefix |
+|----------|----------|--------|--------|
+| 1 | Authentication | CRITICAL | `sec-auth-` |
+| 2 | Input Validation | CRITICAL | `sec-input-` |
+| 3 | CSRF/XSS Protection | HIGH | `sec-protect-` |
+| 4 | Environment & Secrets | HIGH | `sec-env-` |
+| 5 | Data Handling | MEDIUM | `sec-data-` |
+
+## Quick Reference
+
+### 1. Authentication (CRITICAL)
+
+- `sec-auth-guard` - Use guard() for authentication checks
+- `sec-auth-session` - Secure session management
+- `sec-auth-jwt` - JWT token handling best practices
+
+### 2. Input Validation (CRITICAL)
+
+- `sec-input-validate` - Always validate and sanitize input
+- `sec-input-schema` - Use schema validation (Zod, etc.)
+- `sec-input-escape` - Escape output to prevent injection
+
+### 3. CSRF/XSS Protection (HIGH)
+
+- `sec-protect-csrf` - CSRF token implementation
+- `sec-protect-xss` - XSS prevention techniques
+- `sec-protect-headers` - Security headers configuration
+
+### 4. Environment & Secrets (HIGH)
+
+- `sec-env-management` - Environment variable best practices
+- `sec-env-no-expose` - Never expose secrets to client
+
+### 5. Data Handling (MEDIUM)
+
+- `sec-data-sanitize` - Sanitize data before storage
+- `sec-data-encrypt` - Encrypt sensitive data
+
+## Security Checklist
+
+```
+□ Authentication required for protected routes
+□ Input validated on server side
+□ Output escaped/sanitized
+□ CSRF tokens for state-changing operations
+□ Security headers configured
+□ Secrets in environment variables only
+□ No sensitive data in client bundles
+```
+
+## How to Use
+
+Read individual rule files for detailed explanations:
+
+```
+rules/sec-auth-guard.md
+rules/sec-input-validate.md
+rules/sec-protect-csrf.md
+```

package/src/resources/skills/mandu-security/metadata.json

@@ -1,13 +1,13 @@
-{
-  "version": "1.0.0",
-  "organization": "Mandu Framework",
-  "date": "February 2026",
-  "abstract": "Mandu 애플리케이션 보안 모범 사례 가이드. slot guard 인증/인가, 입력 검증 및 스키마 유효성 검사, CSRF/XSS 방어, 보안 헤더, 환경 변수 및 시크릿 관리를 다룹니다.",
-  "references": [
-    "https://owasp.org/www-project-top-ten/",
-    "https://cheatsheetseries.owasp.org/",
-    "https://bun.sh/docs/api/hashing",
-    "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
-  ],
-  "tags": ["security", "auth", "csrf", "xss", "validation", "mandu"]
-}
+{
+  "version": "1.0.0",
+  "organization": "Mandu Framework",
+  "date": "February 2026",
+  "abstract": "Mandu 애플리케이션 보안 모범 사례 가이드. slot guard 인증/인가, 입력 검증 및 스키마 유효성 검사, CSRF/XSS 방어, 보안 헤더, 환경 변수 및 시크릿 관리를 다룹니다.",
+  "references": [
+    "https://owasp.org/www-project-top-ten/",
+    "https://cheatsheetseries.owasp.org/",
+    "https://bun.sh/docs/api/hashing",
+    "https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP"
+  ],
+  "tags": ["security", "auth", "csrf", "xss", "validation", "mandu"]
+}

package/src/resources/skills/mandu-security/rules/_sections.md

@@ -1,31 +1,31 @@
-# Sections
-
-This file defines all sections, their ordering, impact levels, and descriptions.
-The section ID (in parentheses) is the filename prefix used to group rules.
-
----
-
-## 1. Authentication (sec-auth)
-
-**Impact:** CRITICAL
-**Description:** slot guard를 통한 인증 구현. 보호된 리소스에 대한 접근 제어의 첫 번째 방어선입니다.
-
-## 2. Input Validation (sec-input)
-
-**Impact:** CRITICAL
-**Description:** 모든 사용자 입력의 검증과 살균. SQL Injection, Command Injection 등의 주입 공격 방어에 필수입니다.
-
-## 3. CSRF/XSS Protection (sec-protect)
-
-**Impact:** HIGH
-**Description:** Cross-Site Request Forgery와 Cross-Site Scripting 방어. 웹 애플리케이션의 대표적인 취약점입니다.
-
-## 4. Environment & Secrets (sec-env)
-
-**Impact:** HIGH
-**Description:** 환경 변수와 시크릿 관리. API 키, 데이터베이스 비밀번호 등 민감 정보 보호에 필수입니다.
-
-## 5. Data Handling (sec-data)
-
-**Impact:** MEDIUM
-**Description:** 민감 데이터의 안전한 처리. 암호화, 해싱, 마스킹 등의 기법을 다룹니다.
+# Sections
+
+This file defines all sections, their ordering, impact levels, and descriptions.
+The section ID (in parentheses) is the filename prefix used to group rules.
+
+---
+
+## 1. Authentication (sec-auth)
+
+**Impact:** CRITICAL
+**Description:** slot guard를 통한 인증 구현. 보호된 리소스에 대한 접근 제어의 첫 번째 방어선입니다.
+
+## 2. Input Validation (sec-input)
+
+**Impact:** CRITICAL
+**Description:** 모든 사용자 입력의 검증과 살균. SQL Injection, Command Injection 등의 주입 공격 방어에 필수입니다.
+
+## 3. CSRF/XSS Protection (sec-protect)
+
+**Impact:** HIGH
+**Description:** Cross-Site Request Forgery와 Cross-Site Scripting 방어. 웹 애플리케이션의 대표적인 취약점입니다.
+
+## 4. Environment & Secrets (sec-env)
+
+**Impact:** HIGH
+**Description:** 환경 변수와 시크릿 관리. API 키, 데이터베이스 비밀번호 등 민감 정보 보호에 필수입니다.
+
+## 5. Data Handling (sec-data)
+
+**Impact:** MEDIUM
+**Description:** 민감 데이터의 안전한 처리. 암호화, 해싱, 마스킹 등의 기법을 다룹니다.