@mofaggolhoshen/dev-assist-mcp 1.0.4 → 1.0.6

package/examples/polly-retry/expected-response.json

@@ -0,0 +1,14 @@
+{
+  "total": 1,
+  "results": [
+    {
+      "id": "polly-retry",
+      "title": "Polly Retry Policy",
+      "category": "resilience",
+      "framework": "dotnet",
+      "confidence": "high",
+      "rankScore": 0.82,
+      "reasons": ["title_match", "tag_matches:3"]
+    }
+  ]
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mofaggolhoshen/dev-assist-mcp",
-  "version": "1.0.4",
+  "version": "1.0.6",
   "description": "",
   "main": "dist/index.js",
   "bin": {
@@ -15,7 +15,20 @@
     "dev": "tsx src/index.ts",
     "test": "jest"
   },
-  "keywords": [],
+  "keywords": [
+    "mcp",
+    "model-context-protocol",
+    "developer-tools",
+    "ai",
+    "copilot",
+    "snippets",
+    "aspnet",
+    "dotnet",
+    "csharp",
+    "knowledge-base",
+    "code-generation",
+    "dev-assist"
+  ],
   "author": "",
   "license": "ISC",
   "repository": {
@@ -29,7 +42,9 @@
   "type": "module",
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
+    "fuse.js": "^7.3.0",
     "glob": "^13.0.6",
+    "gray-matter": "^4.0.3",
     "zod": "^4.3.6",
     "zod-to-json-schema": "^3.25.2"
   },

package/snippets/architecture/clean-architecture-api.md

@@ -0,0 +1,25 @@
+---
+id: clean-architecture-api
+title: Clean Architecture API Composition
+summary: Compose API, application, domain, and infrastructure layers.
+framework: dotnet
+version: .net8+
+language: csharp
+category: architecture
+tags:
+  - clean-architecture
+  - layering
+  - api
+difficulty: medium
+bestPractices:
+  - Keep dependency flow inward only
+  - Register infrastructure implementations in composition root
+pitfalls:
+  - Leaking EF entities into API contract layer
+---
+
+## Implementation
+
+```csharp
+// Configure service registrations at startup by layer.
+```

package/snippets/architecture/cqrs-starter.md

@@ -0,0 +1,25 @@
+---
+id: cqrs-starter
+title: CQRS Starter Pattern
+summary: Separate command and query models for clearer responsibilities.
+framework: dotnet
+version: .net8+
+language: csharp
+category: architecture
+tags:
+  - cqrs
+  - architecture
+  - mediator
+difficulty: medium
+bestPractices:
+  - Keep commands side-effect focused
+  - Keep queries read-optimized and idempotent
+pitfalls:
+  - Applying CQRS to trivial CRUD adds complexity
+---
+
+## Implementation
+
+```csharp
+// Define CreateOrderCommand and GetOrderByIdQuery handlers separately.
+```

package/snippets/architecture/ddd-aggregate.md

@@ -0,0 +1,25 @@
+---
+id: ddd-aggregate
+title: DDD Aggregate Root Rules
+summary: Enforce domain invariants through aggregate boundaries.
+framework: dotnet
+version: .net8+
+language: csharp
+category: architecture
+tags:
+  - ddd
+  - aggregate
+  - domain-model
+difficulty: advanced
+bestPractices:
+  - Expose behavior methods rather than setters
+  - Keep invariants inside aggregate root
+pitfalls:
+  - Directly mutating child entities from outside aggregate
+---
+
+## Implementation
+
+```csharp
+// Aggregate root methods validate invariants before state changes.
+```

package/snippets/architecture/efcore-repository.md

@@ -0,0 +1,39 @@
+---
+id: efcore-repository
+title: EF Core Repository Pattern
+summary: Simple EF Core repository with asynchronous read and write operations.
+framework: dotnet
+version: .net8+
+language: csharp
+category: architecture
+tags:
+  - efcore
+  - repository
+  - data-access
+  - pattern
+  - async
+difficulty: beginner
+bestPractices:
+  - Pass CancellationToken through all async database calls
+  - Use constructor injection for testability and clear dependencies
+  - Keep repositories focused on a single aggregate root
+pitfalls:
+  - Avoid exposing IQueryable from the repository to prevent leaky abstractions
+  - Calling SaveChangesAsync in every method prevents batching opportunities
+---
+
+## Implementation
+
+```csharp
+public sealed class ProductRepository(AppDbContext db)
+{
+    public Task<Product?> GetByIdAsync(Guid id, CancellationToken ct = default) =>
+        db.Products.FirstOrDefaultAsync(p => p.Id == id, ct);
+
+    public async Task AddAsync(Product entity, CancellationToken ct = default)
+    {
+        await db.Products.AddAsync(entity, ct);
+        await db.SaveChangesAsync(ct);
+    }
+}
+```

package/snippets/auth/jwe-setup.md

@@ -0,0 +1,28 @@
+---
+id: jwe-setup
+title: JWE Encryption Setup (ASP.NET Core)
+summary: Add encrypted JWT (JWE) support for sensitive claims.
+framework: aspnet
+version: .net8+
+language: csharp
+category: auth
+tags:
+  - jwe
+  - jwt
+  - encryption
+  - security
+difficulty: advanced
+bestPractices:
+  - Encrypt tokens when claims contain sensitive data
+  - Separate signing and encryption keys
+pitfalls:
+  - Reusing one key for all purposes weakens security
+securityNotes:
+  - Store encryption keys in secure vaults and rotate regularly
+---
+
+## Implementation
+
+```csharp
+// Configure token encryption credentials and validation handlers.
+```

package/snippets/auth/jwt-setup-dotnet9.md

@@ -0,0 +1,27 @@
+---
+id: jwt-setup-dotnet9
+title: JWT Setup (.NET 9)
+summary: JWT bearer configuration optimized for ASP.NET on .NET 9.
+updatedAt: 2026-05-10T00:00:00.000Z
+framework: aspnet
+version: .net9
+language: csharp
+category: auth
+tags:
+  - jwt
+  - authentication
+  - dotnet9
+difficulty: medium
+bestPractices:
+  - Keep token validation settings explicit
+pitfalls:
+  - Disabling issuer/audience checks for convenience
+securityNotes:
+  - Keep signing keys in secure secret stores
+---
+
+## Implementation
+
+```csharp
+// .NET 9 JWT setup baseline
+```

package/snippets/auth/jwt-setup.md

@@ -0,0 +1,44 @@
+---
+id: jwt-setup
+title: JWT Authentication Setup (ASP.NET Core)
+summary: Configures JWT bearer authentication with token validation parameters.
+framework: aspnet
+version: .net8+
+language: csharp
+category: auth
+tags:
+  - jwt
+  - authentication
+  - bearer
+  - aspnet
+  - security
+difficulty: medium
+bestPractices:
+  - Always validate issuer and audience to prevent token misuse
+  - Store signing keys in environment variables or a secrets manager
+  - Use short-lived access tokens with refresh token rotation
+pitfalls:
+  - Omitting audience or issuer validation opens the server to token substitution attacks
+  - Using a weak or short signing key reduces security
+securityNotes:
+  - Signing keys for HS256 should be at least 32 bytes
+  - Use HTTPS exclusively to protect bearer tokens in transit
+---
+
+## Implementation
+
+```csharp
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options =>
+    {
+        options.TokenValidationParameters = new TokenValidationParameters
+        {
+            ValidateIssuer = true,
+            ValidateAudience = true,
+            ValidateIssuerSigningKey = true,
+            ValidIssuer = config["Jwt:Issuer"],
+            ValidAudience = config["Jwt:Audience"],
+            IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(config["Jwt:Key"]!))
+        };
+    });
+```

package/snippets/auth/refresh-token-rotation.md

@@ -0,0 +1,27 @@
+---
+id: refresh-token-rotation
+title: Refresh Token Rotation
+summary: Secure refresh flow that invalidates tokens after each use.
+framework: aspnet
+version: .net8+
+language: csharp
+category: auth
+tags:
+  - refresh-token
+  - auth
+  - security
+difficulty: medium
+bestPractices:
+  - Rotate refresh tokens on every successful exchange
+  - Track token family and revoke on reuse detection
+pitfalls:
+  - Long-lived reusable refresh tokens increase takeover risk
+securityNotes:
+  - Hash refresh tokens before persistence
+---
+
+## Implementation
+
+```csharp
+// Issue new refresh token and revoke previous token atomically.
+```

package/snippets/auth/role-based-authorization.md

@@ -0,0 +1,28 @@
+---
+id: role-based-authorization
+title: Role-Based Authorization Policies
+summary: Define policy-based authorization rules using roles and claims.
+framework: aspnet
+version: .net8+
+language: csharp
+category: auth
+tags:
+  - authorization
+  - roles
+  - policies
+difficulty: beginner
+bestPractices:
+  - Prefer policies over hardcoded role checks in controllers
+  - Keep policy names stable and domain-oriented
+pitfalls:
+  - Embedding authorization logic directly in business services
+---
+
+## Implementation
+
+```csharp
+builder.Services.AddAuthorization(options =>
+{
+    options.AddPolicy("CanManageUsers", p => p.RequireRole("Admin"));
+});
+```

package/snippets/caching/cache-aside-pattern.md

@@ -0,0 +1,25 @@
+---
+id: cache-aside-pattern
+title: Cache-Aside Pattern
+summary: Load from cache first, then source of truth on misses.
+framework: dotnet
+version: .net8+
+language: csharp
+category: caching
+tags:
+  - cache-aside
+  - caching
+  - performance
+difficulty: beginner
+bestPractices:
+  - Cache misses should populate cache with sensible expiration
+  - Use stale-while-revalidate for hot paths when appropriate
+pitfalls:
+  - No eviction strategy causes stale data and memory growth
+---
+
+## Implementation
+
+```csharp
+// Try cache, fetch DB on miss, then set cache.
+```

package/snippets/caching/redis-distributed-cache.md

@@ -0,0 +1,25 @@
+---
+id: redis-distributed-cache
+title: Redis Distributed Cache Setup
+summary: Configure Redis cache provider for shared low-latency data access.
+framework: aspnet
+version: .net8+
+language: csharp
+category: caching
+tags:
+  - redis
+  - cache
+  - distributed
+difficulty: beginner
+bestPractices:
+  - Set TTL based on freshness requirements
+  - Use namespaced cache keys
+pitfalls:
+  - Very large values increase serialization overhead and latency
+---
+
+## Implementation
+
+```csharp
+// builder.Services.AddStackExchangeRedisCache(...)
+```

package/snippets/logging/opentelemetry-tracing.md

@@ -0,0 +1,25 @@
+---
+id: opentelemetry-tracing
+title: OpenTelemetry Tracing Setup
+summary: Add distributed tracing with ASP.NET and outbound HTTP instrumentation.
+framework: aspnet
+version: .net8+
+language: csharp
+category: logging
+tags:
+  - opentelemetry
+  - tracing
+  - observability
+difficulty: medium
+bestPractices:
+  - Propagate trace context across service boundaries
+  - Export traces to centralized backend
+pitfalls:
+  - Sampling too low during incident response obscures root cause
+---
+
+## Implementation
+
+```csharp
+// builder.Services.AddOpenTelemetry().WithTracing(...)
+```

package/snippets/logging/serilog-bootstrap.md

@@ -0,0 +1,25 @@
+---
+id: serilog-bootstrap
+title: Serilog Bootstrap Logger
+summary: Capture startup exceptions and switch to configured logging pipeline.
+framework: aspnet
+version: .net8+
+language: csharp
+category: logging
+tags:
+  - serilog
+  - logging
+  - startup
+difficulty: beginner
+bestPractices:
+  - Initialize bootstrap logger before host build
+  - Include correlation ids in enrichers
+pitfalls:
+  - Delayed logger init loses early critical errors
+---
+
+## Implementation
+
+```csharp
+// Log.Logger = new LoggerConfiguration().WriteTo.Console().CreateBootstrapLogger();
+```

package/snippets/logging/structured-logging-guidelines.md

@@ -0,0 +1,27 @@
+---
+id: structured-logging-guidelines
+title: Structured Logging Guidelines
+summary: Build queryable logs with consistent properties and event ids.
+framework: dotnet
+version: .net8+
+language: csharp
+category: logging
+tags:
+  - structured-logging
+  - observability
+  - serilog
+difficulty: beginner
+bestPractices:
+  - Use named properties not interpolated strings
+  - Attach tenant, user, and correlation context consistently
+pitfalls:
+  - Logging secrets or PII in structured properties
+securityNotes:
+  - Redact sensitive data before log emission
+---
+
+## Implementation
+
+```csharp
+logger.LogInformation("Order created {OrderId} for {CustomerId}", orderId, customerId);
+```

package/snippets/messaging/masstransit-rabbitmq.md

@@ -0,0 +1,25 @@
+---
+id: masstransit-rabbitmq
+title: MassTransit with RabbitMQ
+summary: Configure message bus, consumers, and retry policies.
+framework: dotnet
+version: .net8+
+language: csharp
+category: messaging
+tags:
+  - masstransit
+  - rabbitmq
+  - messaging
+difficulty: medium
+bestPractices:
+  - Use consumer definitions for endpoint consistency
+  - Configure retry and dead-letter policies
+pitfalls:
+  - Sharing queues across unrelated consumers
+---
+
+## Implementation
+
+```csharp
+// services.AddMassTransit(x => { ... });
+```

package/snippets/messaging/outbox-pattern.md

@@ -0,0 +1,25 @@
+---
+id: outbox-pattern
+title: Transactional Outbox Pattern
+summary: Ensure reliable event publishing with database consistency.
+framework: dotnet
+version: .net8+
+language: csharp
+category: messaging
+tags:
+  - outbox
+  - reliability
+  - messaging
+difficulty: advanced
+bestPractices:
+  - Write outbox records in the same DB transaction as business changes
+  - Use background dispatcher with retry and dedupe
+pitfalls:
+  - Deleting outbox rows before successful publish acknowledgment
+---
+
+## Implementation
+
+```csharp
+// Persist integration event to outbox table inside transaction.
+```

package/snippets/messaging/saga-state-machine.md

@@ -0,0 +1,25 @@
+---
+id: saga-state-machine
+title: Saga State Machine Basics
+summary: Coordinate long-running workflows across distributed services.
+framework: dotnet
+version: .net8+
+language: csharp
+category: messaging
+tags:
+  - saga
+  - state-machine
+  - masstransit
+difficulty: advanced
+bestPractices:
+  - Persist saga state durably
+  - Define timeout and compensation transitions
+pitfalls:
+  - Missing idempotency in event handlers causes duplicate effects
+---
+
+## Implementation
+
+```csharp
+// Define states, events, transitions, and compensation steps.
+```

package/snippets/resilience/bulkhead-isolation.md

@@ -0,0 +1,25 @@
+---
+id: bulkhead-isolation
+title: Bulkhead Isolation for External Calls
+summary: Limit concurrency to isolate failures in heavy dependencies.
+framework: aspnet
+version: .net8+
+language: csharp
+category: resilience
+tags:
+  - bulkhead
+  - concurrency
+  - resilience
+difficulty: advanced
+bestPractices:
+  - Set queue and parallelism based on load tests
+  - Protect critical paths with separate bulkheads
+pitfalls:
+  - Shared bulkhead for unrelated dependencies causes coupling
+---
+
+## Implementation
+
+```csharp
+// AddBulkheadPolicy(...) with per-dependency limits.
+```

package/snippets/resilience/circuit-breaker-polly.md

@@ -0,0 +1,25 @@
+---
+id: circuit-breaker-polly
+title: Polly Circuit Breaker
+summary: Fail fast after repeated errors and allow recovery windows.
+framework: aspnet
+version: .net8+
+language: csharp
+category: resilience
+tags:
+  - polly
+  - circuit-breaker
+  - resilience
+difficulty: medium
+bestPractices:
+  - Configure thresholds based on service SLOs
+  - Combine with retry and timeout policies
+pitfalls:
+  - Opening breaker too aggressively can block healthy traffic
+---
+
+## Implementation
+
+```csharp
+// AddCircuitBreakerAsync(...) on HttpClient policy chain.
+```

package/snippets/resilience/fallback-policy-polly.md

@@ -0,0 +1,25 @@
+---
+id: fallback-policy-polly
+title: Polly Fallback Policy
+summary: Return controlled fallback responses when dependencies fail.
+framework: aspnet
+version: .net8+
+language: csharp
+category: resilience
+tags:
+  - polly
+  - fallback
+  - resilience
+difficulty: medium
+bestPractices:
+  - Keep fallback responses explicit and observable
+  - Emit logs and metrics when fallback is triggered
+pitfalls:
+  - Silent fallback can hide outages from operators
+---
+
+## Implementation
+
+```csharp
+// AddFallbackAsync(...) with domain-safe default response.
+```

package/snippets/resilience/polly-retry.md

@@ -0,0 +1,31 @@
+---
+id: polly-retry
+title: Polly Retry Policy (.NET)
+summary: Configures an HTTP retry policy with exponential backoff using Polly.
+framework: aspnet
+version: .net8+
+language: csharp
+category: resilience
+tags:
+  - retry
+  - resilience
+  - polly
+  - http
+  - exponential-backoff
+difficulty: medium
+bestPractices:
+  - Use exponential backoff to avoid overwhelming a failing service
+  - Combine retry with circuit breaker for comprehensive resilience
+  - Log each retry attempt for observability
+pitfalls:
+  - Avoid retrying non-transient errors such as 400 Bad Request or 401 Unauthorized
+  - Do not use a fixed delay in high-concurrency scenarios; exponential backoff with jitter is preferred
+---
+
+## Implementation
+
+```csharp
+builder.Services.AddHttpClient("MyClient")
+  .AddTransientHttpErrorPolicy(p =>
+    p.WaitAndRetryAsync(3, attempt => TimeSpan.FromSeconds(Math.Pow(2, attempt))));
+```