npm - @nextsparkjs/ai-workflow - Versions diffs - 0.1.0-beta.100 - Mend

@nextsparkjs/ai-workflow 0.1.0-beta.100

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/LICENSE +21 -0
package/README.md +115 -0
package/claude/_docs/workflows-optimizations.md +359 -0
package/claude/agents/api-tester.md +634 -0
package/claude/agents/architecture-supervisor.md +1351 -0
package/claude/agents/backend-developer.md +997 -0
package/claude/agents/backend-validator.md +417 -0
package/claude/agents/bdd-docs-writer.md +737 -0
package/claude/agents/block-developer.md +677 -0
package/claude/agents/code-reviewer.md +1432 -0
package/claude/agents/db-developer.md +721 -0
package/claude/agents/db-validator.md +407 -0
package/claude/agents/demo-video-generator.md +493 -0
package/claude/agents/documentation-writer.md +1268 -0
package/claude/agents/frontend-developer.md +1234 -0
package/claude/agents/frontend-validator.md +777 -0
package/claude/agents/functional-validator.md +630 -0
package/claude/agents/mock-analyst.md +387 -0
package/claude/agents/product-manager.md +963 -0
package/claude/agents/qa-automation.md +1762 -0
package/claude/agents/release-manager.md +634 -0
package/claude/agents/selectors-translator.md +262 -0
package/claude/agents/unit-test-writer.md +785 -0
package/claude/agents/visual-comparator.md +329 -0
package/claude/agents/workflow-maintainer.md +352 -0
package/claude/commands/do/README.md +88 -0
package/claude/commands/do/create-api.md +64 -0
package/claude/commands/do/create-entity.md +66 -0
package/claude/commands/do/create-migration.md +64 -0
package/claude/commands/do/create-plugin.md +56 -0
package/claude/commands/do/create-theme.md +70 -0
package/claude/commands/do/mock-data.md +67 -0
package/claude/commands/do/reset-db.md +71 -0
package/claude/commands/do/setup-scheduled-action.md +75 -0
package/claude/commands/do/sync-code-review.md +117 -0
package/claude/commands/do/update-selectors.md +112 -0
package/claude/commands/do/use-skills.md +90 -0
package/claude/commands/do/validate-blocks.md +69 -0
package/claude/commands/how-to/README.md +261 -0
package/claude/commands/how-to/add-metadata.md +692 -0
package/claude/commands/how-to/add-taxonomies.md +806 -0
package/claude/commands/how-to/add-translations.md +571 -0
package/claude/commands/how-to/create-api.md +577 -0
package/claude/commands/how-to/create-block.md +575 -0
package/claude/commands/how-to/create-child-entities.md +771 -0
package/claude/commands/how-to/create-entity.md +597 -0
package/claude/commands/how-to/create-migrations.md +605 -0
package/claude/commands/how-to/create-plugin.md +654 -0
package/claude/commands/how-to/customize-app.md +481 -0
package/claude/commands/how-to/customize-dashboard.md +553 -0
package/claude/commands/how-to/customize-theme.md +438 -0
package/claude/commands/how-to/define-features-flows.md +632 -0
package/claude/commands/how-to/deploy.md +507 -0
package/claude/commands/how-to/handle-file-uploads.md +746 -0
package/claude/commands/how-to/implement-search.md +1001 -0
package/claude/commands/how-to/install-plugins.md +352 -0
package/claude/commands/how-to/manage-test-coverage.md +984 -0
package/claude/commands/how-to/run-tests.md +400 -0
package/claude/commands/how-to/set-app-languages.md +601 -0
package/claude/commands/how-to/set-plans-and-permissions.md +575 -0
package/claude/commands/how-to/set-scheduled-actions.md +527 -0
package/claude/commands/how-to/set-user-roles-and-permissions.md +550 -0
package/claude/commands/how-to/setup-authentication.md +388 -0
package/claude/commands/how-to/setup-claude-code.md +440 -0
package/claude/commands/how-to/setup-database.md +274 -0
package/claude/commands/how-to/setup-email-providers.md +598 -0
package/claude/commands/how-to/setup-mobile-dev.md +627 -0
package/claude/commands/how-to/start.md +500 -0
package/claude/commands/how-to/use-devtools.md +639 -0
package/claude/commands/how-to/use-superadmin.md +622 -0
package/claude/commands/session/README.md +193 -0
package/claude/commands/session/block-create.md +190 -0
package/claude/commands/session/block-list.md +203 -0
package/claude/commands/session/block-update.md +192 -0
package/claude/commands/session/block-validate.md +218 -0
package/claude/commands/session/changelog.md +115 -0
package/claude/commands/session/close.md +225 -0
package/claude/commands/session/commit.md +174 -0
package/claude/commands/session/db-entity.md +206 -0
package/claude/commands/session/db-fix.md +212 -0
package/claude/commands/session/db-sample.md +206 -0
package/claude/commands/session/demo.md +178 -0
package/claude/commands/session/doc-bdd.md +207 -0
package/claude/commands/session/doc-feature.md +218 -0
package/claude/commands/session/doc-read.md +225 -0
package/claude/commands/session/execute.md +204 -0
package/claude/commands/session/explain.md +202 -0
package/claude/commands/session/fix-bug.md +210 -0
package/claude/commands/session/fix-build.md +182 -0
package/claude/commands/session/fix-test.md +189 -0
package/claude/commands/session/pending.md +232 -0
package/claude/commands/session/refine.md +188 -0
package/claude/commands/session/resume.md +192 -0
package/claude/commands/session/review.md +192 -0
package/claude/commands/session/scope-change.md +181 -0
package/claude/commands/session/start-blocks.md +347 -0
package/claude/commands/session/start.md +604 -0
package/claude/commands/session/status.md +169 -0
package/claude/commands/session/test-fix.md +221 -0
package/claude/commands/session/test-run.md +203 -0
package/claude/commands/session/test-write.md +242 -0
package/claude/commands/session/validate.md +162 -0
package/claude/config/context.json +40 -0
package/claude/config/github.json +69 -0
package/claude/config/github.schema.json +106 -0
package/claude/config/team.json +46 -0
package/claude/config/team.schema.json +106 -0
package/claude/config/workspace.json +43 -0
package/claude/config/workspace.schema.json +75 -0
package/claude/skills/README.md +228 -0
package/claude/skills/accessibility/SKILL.md +573 -0
package/claude/skills/api-bypass-layers/SKILL.md +550 -0
package/claude/skills/asana-integration/SKILL.md +499 -0
package/claude/skills/better-auth/SKILL.md +666 -0
package/claude/skills/billing-subscriptions/SKILL.md +660 -0
package/claude/skills/block-decision-matrix/SKILL.md +359 -0
package/claude/skills/clickup-integration/SKILL.md +434 -0
package/claude/skills/core-theme-responsibilities/SKILL.md +485 -0
package/claude/skills/create-plugin/SKILL.md +425 -0
package/claude/skills/create-theme/SKILL.md +331 -0
package/claude/skills/cypress-api/SKILL.md +511 -0
package/claude/skills/cypress-api/scripts/generate-api-controller.py +329 -0
package/claude/skills/cypress-api/scripts/generate-api-test.py +930 -0
package/claude/skills/cypress-e2e/SKILL.md +526 -0
package/claude/skills/cypress-e2e/scripts/extract-selectors.py +383 -0
package/claude/skills/cypress-e2e/scripts/generate-uat-test.py +788 -0
package/claude/skills/cypress-selectors/SKILL.md +309 -0
package/claude/skills/cypress-selectors/scripts/extract-missing.py +243 -0
package/claude/skills/cypress-selectors/scripts/generate-block-selectors.py +283 -0
package/claude/skills/cypress-selectors/scripts/validate-selectors.py +145 -0
package/claude/skills/database-migrations/SKILL.md +335 -0
package/claude/skills/database-migrations/scripts/generate-sample-data.py +284 -0
package/claude/skills/database-migrations/scripts/validate-migration.py +323 -0
package/claude/skills/design-system/SKILL.md +682 -0
package/claude/skills/documentation/SKILL.md +540 -0
package/claude/skills/entity-api/SKILL.md +482 -0
package/claude/skills/entity-system/SKILL.md +635 -0
package/claude/skills/entity-system/scripts/generate-child-migration.py +298 -0
package/claude/skills/entity-system/scripts/generate-metas-migration.py +233 -0
package/claude/skills/entity-system/scripts/generate-migration.py +382 -0
package/claude/skills/entity-system/scripts/generate-sample-data.py +418 -0
package/claude/skills/entity-system/scripts/scaffold-entity.py +661 -0
package/claude/skills/github/SKILL.md +467 -0
package/claude/skills/i18n-nextintl/SKILL.md +302 -0
package/claude/skills/i18n-nextintl/scripts/add-translation.py +243 -0
package/claude/skills/i18n-nextintl/scripts/extract-hardcoded.py +246 -0
package/claude/skills/i18n-nextintl/scripts/validate-translations.py +260 -0
package/claude/skills/impact-analysis/SKILL.md +203 -0
package/claude/skills/jest-unit/SKILL.md +306 -0
package/claude/skills/jest-unit/references/component-testing.md +371 -0
package/claude/skills/jest-unit/references/mocking-patterns.md +380 -0
package/claude/skills/jest-unit/references/service-hook-testing.md +454 -0
package/claude/skills/jira-integration/SKILL.md +539 -0
package/claude/skills/media-library/SKILL.md +743 -0
package/claude/skills/mock-analysis/SKILL.md +276 -0
package/claude/skills/monorepo-architecture/SKILL.md +162 -0
package/claude/skills/nextjs-api-development/SKILL.md +364 -0
package/claude/skills/nextjs-api-development/scripts/generate-crud-tests.py +456 -0
package/claude/skills/nextjs-api-development/scripts/scaffold-endpoint.py +481 -0
package/claude/skills/nextjs-api-development/scripts/validate-api.py +283 -0
package/claude/skills/notion-integration/SKILL.md +641 -0
package/claude/skills/npm-development-workflow/SKILL.md +480 -0
package/claude/skills/page-builder-blocks/SKILL.md +530 -0
package/claude/skills/page-builder-blocks/scripts/scaffold-block.py +444 -0
package/claude/skills/permissions-system/SKILL.md +619 -0
package/claude/skills/plugins/SKILL.md +340 -0
package/claude/skills/plugins/references/plugin-templates.md +414 -0
package/claude/skills/plugins/references/plugin-testing.md +353 -0
package/claude/skills/plugins/references/plugin-types.md +198 -0
package/claude/skills/plugins/scripts/scaffold-plugin.py +443 -0
package/claude/skills/pom-patterns/SKILL.md +452 -0
package/claude/skills/pom-patterns/scripts/generate-pom.py +392 -0
package/claude/skills/rate-limiting/SKILL.md +342 -0
package/claude/skills/react-best-practices/AGENTS.md +2410 -0
package/claude/skills/react-best-practices/README.md +123 -0
package/claude/skills/react-best-practices/SKILL.md +125 -0
package/claude/skills/react-best-practices/metadata.json +15 -0
package/claude/skills/react-best-practices/rules/_sections.md +46 -0
package/claude/skills/react-best-practices/rules/_template.md +28 -0
package/claude/skills/react-best-practices/rules/advanced-event-handler-refs.md +55 -0
package/claude/skills/react-best-practices/rules/advanced-use-latest.md +49 -0
package/claude/skills/react-best-practices/rules/async-api-routes.md +38 -0
package/claude/skills/react-best-practices/rules/async-defer-await.md +80 -0
package/claude/skills/react-best-practices/rules/async-dependencies.md +36 -0
package/claude/skills/react-best-practices/rules/async-parallel.md +28 -0
package/claude/skills/react-best-practices/rules/async-suspense-boundaries.md +99 -0
package/claude/skills/react-best-practices/rules/bundle-barrel-imports.md +59 -0
package/claude/skills/react-best-practices/rules/bundle-conditional.md +31 -0
package/claude/skills/react-best-practices/rules/bundle-defer-third-party.md +49 -0
package/claude/skills/react-best-practices/rules/bundle-dynamic-imports.md +35 -0
package/claude/skills/react-best-practices/rules/bundle-preload.md +50 -0
package/claude/skills/react-best-practices/rules/client-event-listeners.md +74 -0
package/claude/skills/react-best-practices/rules/client-localstorage-schema.md +71 -0
package/claude/skills/react-best-practices/rules/client-passive-event-listeners.md +48 -0
package/claude/skills/react-best-practices/rules/client-swr-dedup.md +56 -0
package/claude/skills/react-best-practices/rules/js-batch-dom-css.md +82 -0
package/claude/skills/react-best-practices/rules/js-cache-function-results.md +80 -0
package/claude/skills/react-best-practices/rules/js-cache-property-access.md +28 -0
package/claude/skills/react-best-practices/rules/js-cache-storage.md +70 -0
package/claude/skills/react-best-practices/rules/js-combine-iterations.md +32 -0
package/claude/skills/react-best-practices/rules/js-early-exit.md +50 -0
package/claude/skills/react-best-practices/rules/js-hoist-regexp.md +45 -0
package/claude/skills/react-best-practices/rules/js-index-maps.md +37 -0
package/claude/skills/react-best-practices/rules/js-length-check-first.md +49 -0
package/claude/skills/react-best-practices/rules/js-min-max-loop.md +82 -0
package/claude/skills/react-best-practices/rules/js-set-map-lookups.md +24 -0
package/claude/skills/react-best-practices/rules/js-tosorted-immutable.md +57 -0
package/claude/skills/react-best-practices/rules/rendering-activity.md +26 -0
package/claude/skills/react-best-practices/rules/rendering-animate-svg-wrapper.md +47 -0
package/claude/skills/react-best-practices/rules/rendering-conditional-render.md +40 -0
package/claude/skills/react-best-practices/rules/rendering-content-visibility.md +38 -0
package/claude/skills/react-best-practices/rules/rendering-hoist-jsx.md +46 -0
package/claude/skills/react-best-practices/rules/rendering-hydration-no-flicker.md +82 -0
package/claude/skills/react-best-practices/rules/rendering-svg-precision.md +28 -0
package/claude/skills/react-best-practices/rules/rerender-defer-reads.md +39 -0
package/claude/skills/react-best-practices/rules/rerender-dependencies.md +45 -0
package/claude/skills/react-best-practices/rules/rerender-derived-state.md +29 -0
package/claude/skills/react-best-practices/rules/rerender-functional-setstate.md +74 -0
package/claude/skills/react-best-practices/rules/rerender-lazy-state-init.md +58 -0
package/claude/skills/react-best-practices/rules/rerender-memo.md +44 -0
package/claude/skills/react-best-practices/rules/rerender-transitions.md +40 -0
package/claude/skills/react-best-practices/rules/server-after-nonblocking.md +73 -0
package/claude/skills/react-best-practices/rules/server-cache-lru.md +41 -0
package/claude/skills/react-best-practices/rules/server-cache-react.md +76 -0
package/claude/skills/react-best-practices/rules/server-parallel-fetching.md +83 -0
package/claude/skills/react-best-practices/rules/server-serialization.md +38 -0
package/claude/skills/react-patterns/SKILL.md +688 -0
package/claude/skills/registry-system/SKILL.md +331 -0
package/claude/skills/scheduled-actions/SKILL.md +671 -0
package/claude/skills/scope-enforcement/SKILL.md +542 -0
package/claude/skills/scope-enforcement/scripts/validate-scope.py +357 -0
package/claude/skills/server-actions/SKILL.md +493 -0
package/claude/skills/service-layer/SKILL.md +587 -0
package/claude/skills/session-management/SKILL.md +266 -0
package/claude/skills/session-management/scripts/create-session.py +166 -0
package/claude/skills/session-management/scripts/iteration-close.sh +105 -0
package/claude/skills/session-management/scripts/iteration-init.sh +180 -0
package/claude/skills/session-management/scripts/session-archive.sh +87 -0
package/claude/skills/session-management/scripts/session-close.sh +133 -0
package/claude/skills/session-management/scripts/session-init.sh +225 -0
package/claude/skills/session-management/scripts/session-list.sh +163 -0
package/claude/skills/session-management/scripts/split-plan.sh +116 -0
package/claude/skills/shadcn-components/SKILL.md +586 -0
package/claude/skills/shadcn-theming/SKILL.md +446 -0
package/claude/skills/suspense-loading/SKILL.md +280 -0
package/claude/skills/tailwind-theming/SKILL.md +507 -0
package/claude/skills/tanstack-query/SKILL.md +608 -0
package/claude/skills/test-coverage/SKILL.md +239 -0
package/claude/skills/web-design-guidelines/SKILL.md +39 -0
package/claude/skills/zod-validation/SKILL.md +537 -0
package/claude/templates/blocks/progress.md +86 -0
package/claude/templates/iteration/changes.md +61 -0
package/claude/templates/iteration/progress.md +55 -0
package/claude/templates/log.md +31 -0
package/claude/templates/story/context.md +77 -0
package/claude/templates/story/pendings.md +37 -0
package/claude/templates/story/plan.md +299 -0
package/claude/templates/story/requirements.md +109 -0
package/claude/templates/story/scope.json +10 -0
package/claude/templates/story/tests.md +91 -0
package/claude/templates/task/progress.md +58 -0
package/claude/templates/task/requirements.md +54 -0
package/claude/workflows/README.md +154 -0
package/claude/workflows/blocks.md +614 -0
package/claude/workflows/story.md +1207 -0
package/claude/workflows/task.md +927 -0
package/claude/workflows/tweak.md +527 -0
package/cursor/.gitkeep +0 -0
package/package.json +35 -0
package/scripts/postinstall.mjs +198 -0
package/scripts/setup.mjs +282 -0
package/scripts/sync.mjs +209 -0

package/claude/skills/rate-limiting/SKILL.md ADDED Viewed

@@ -0,0 +1,342 @@
+---
+name: rate-limiting
+description: |
+  Rate limiting patterns for all API endpoints in this Next.js application.
+  Covers distributed rate limiting with Redis, tier selection, HOC patterns, and security best practices.
+  Use this skill when creating new API endpoints or reviewing rate limiting implementation.
+allowed-tools: Read, Glob, Grep
+version: 1.0.0
+---
+# Rate Limiting Skill
+Rate limiting patterns and best practices for protecting API endpoints from abuse and DDoS attacks.
+## Architecture Overview
+```
+core/lib/
+├── api/
+│   └── rate-limit.ts          # withRateLimitTier HOC, checkDistributedRateLimit
+└── rate-limit-redis.ts        # Redis/Upstash distributed rate limiting
+packages/core/templates/app/api/  # All template routes use rate limiting
+plugins/*/api/                    # Plugin API routes
+themes/*/api/                     # Theme API routes
+```
+## When to Use This Skill
+- **ALWAYS** when creating new API endpoints
+- Reviewing existing endpoints for rate limiting coverage
+- Debugging rate limit responses (429 errors)
+- Configuring Redis for distributed rate limiting
+- Choosing appropriate rate limit tiers
+## MANDATORY RULE: All Endpoints Must Have Rate Limiting
+**CRITICAL:** Every `route.ts` file that exports HTTP handlers (GET, POST, PUT, PATCH, DELETE)
+MUST use the `withRateLimitTier` HOC wrapper.
+**Only exceptions:**
+- `/api/auth/**` - Better Auth handles its own rate limiting
+- `/api/cron/**` - Protected by Vercel cron signatures
+- `/api/webhooks/**` - Protected by webhook signatures
+## Rate Limit Tiers
+| Tier | Limit | Window | Use Case |
+|------|-------|--------|----------|
+| `auth` | 5 | 15 min | Authentication endpoints (login, register, reset password) |
+| `read` | 200 | 1 min | GET requests, read-only operations |
+| `write` | 50 | 1 min | POST, PUT, PATCH, DELETE operations |
+| `api` | 100 | 1 min | General API (default tier) |
+| `strict` | 10 | 1 hr | Sensitive operations (bulk delete, admin actions) |
+## How to Apply Rate Limiting
+### Basic Usage
+```typescript
+// route.ts
+import { NextRequest, NextResponse } from 'next/server';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
+// For GET (read operations)
+export const GET = withRateLimitTier(async (request: NextRequest) => {
+  // Your handler logic
+  return NextResponse.json({ data: [] });
+}, 'read');
+// For POST (write operations)
+export const POST = withRateLimitTier(async (request: NextRequest) => {
+  // Your handler logic
+  return NextResponse.json({ created: true }, { status: 201 });
+}, 'write');
+// For PUT/PATCH (update operations)
+export const PUT = withRateLimitTier(async (request: NextRequest) => {
+  // Your handler logic
+  return NextResponse.json({ updated: true });
+}, 'write');
+// For DELETE
+export const DELETE = withRateLimitTier(async (request: NextRequest) => {
+  // Your handler logic
+  return NextResponse.json({ deleted: true });
+}, 'write');
+```
+### With Dynamic Routes
+```typescript
+// [id]/route.ts
+import { NextRequest, NextResponse } from 'next/server';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
+// Handler receives route params as second argument
+export const GET = withRateLimitTier(async (
+  request: NextRequest,
+  { params }: { params: Promise<{ id: string }> }
+) => {
+  const { id } = await params;
+  return NextResponse.json({ id });
+}, 'read');
+```
+### For Sensitive Operations
+```typescript
+// Use 'strict' tier for operations like bulk delete, admin actions
+export const DELETE = withRateLimitTier(async (request: NextRequest) => {
+  // Bulk delete or sensitive operation
+  return NextResponse.json({ deleted: true });
+}, 'strict');
+```
+## Tier Selection Guidelines
+### Use 'read' tier for:
+- All GET requests
+- Search endpoints
+- List/pagination endpoints
+- Public data endpoints
+- Status/health check endpoints
+### Use 'write' tier for:
+- POST (create) operations
+- PUT/PATCH (update) operations
+- DELETE (remove) operations
+- Form submissions
+- File uploads
+### Use 'strict' tier for:
+- Bulk operations (delete all, import, export)
+- Admin-only operations
+- Superadmin endpoints
+- Operations with significant server load
+- AI/LLM endpoints with high compute cost
+### Use 'auth' tier for:
+- Login attempts
+- Registration
+- Password reset requests
+- Email verification resends
+- Any authentication-related endpoint
+### Use 'api' tier for:
+- General-purpose API endpoints
+- When unsure (default fallback)
+- Mixed read/write operations
+## Response Headers
+All rate-limited responses include these headers:
+```
+X-RateLimit-Limit: 200        # Max requests in window
+X-RateLimit-Remaining: 150    # Requests remaining
+X-RateLimit-Reset: 1705432100 # Unix timestamp when window resets
+```
+When limit is exceeded (429 response):
+```
+Retry-After: 45              # Seconds until retry allowed
+```
+## 429 Response Format
+```json
+{
+  "success": false,
+  "error": "Rate limit exceeded",
+  "message": "Too many requests. Please try again later.",
+  "code": "RATE_LIMIT_EXCEEDED",
+  "meta": {
+    "limit": 200,
+    "remaining": 0,
+    "resetTime": "2024-01-16T12:00:00.000Z",
+    "retryAfter": 45
+  }
+}
+```
+## Rate Limiting Strategy
+The system uses a **per-tier global limit** strategy (NOT per-endpoint):
+```
+User makes requests:
+  GET /api/v1/products      → counts against 'read' tier
+  GET /api/v1/orders        → counts against 'read' tier
+  GET /api/v1/customers     → counts against 'read' tier
+All 3 requests count toward the SAME 200/min 'read' limit
+```
+**Why global per-tier?**
+- Prevents attackers from hitting multiple endpoints to bypass limits
+- Simpler mental model for users
+- More effective DDoS protection
+## Identifier Strategy
+Rate limits are tracked by:
+1. **API Key** (when present): `{tier}:apikey:{first16chars}`
+2. **IP Address** (fallback): `{tier}:ip:{clientIp}`
+This allows:
+- Per-user limits for authenticated API requests
+- IP-based limits for unauthenticated or session-based requests
+## Redis Configuration (Production)
+For distributed rate limiting across multiple instances, configure Redis:
+```env
+# Upstash Redis (recommended for Vercel)
+UPSTASH_REDIS_REST_URL=https://xxx.upstash.io
+UPSTASH_REDIS_REST_TOKEN=xxx
+# Or standard Redis
+REDIS_URL=redis://localhost:6379
+```
+Without Redis, the system falls back to in-memory rate limiting (single-instance only).
+## Disabling Rate Limiting (Development/Testing)
+To disable rate limiting completely (useful for development, testing, or debugging):
+```env
+# .env.local or .env
+DISABLE_RATE_LIMITING=true
+```
+When disabled:
+- All rate limit checks are bypassed
+- A warning is logged once: `[RateLimit] WARNING: Rate limiting is DISABLED...`
+- Handlers execute without rate limit headers
+**WARNING:** Never disable rate limiting in production environments!
+**Use cases for disabling:**
+- Local development when hitting limits during testing
+- Running automated tests that make many requests
+- Debugging API behavior without rate limit interference
+- Load testing (measure true capacity without limits)
+## Anti-Patterns
+```typescript
+// NEVER: Skip rate limiting on public endpoints
+export const GET = async (request: NextRequest) => {
+  // Missing withRateLimitTier - VULNERABLE TO DDOS!
+  return NextResponse.json({ data: [] });
+};
+// NEVER: Use wrong tier (read tier for write operations)
+export const POST = withRateLimitTier(async (request: NextRequest) => {
+  await createEntity(data);  // Write operation
+  return NextResponse.json({ created: true });
+}, 'read');  // WRONG! Should be 'write'
+// NEVER: Hardcode rate limits in handlers
+export const GET = async (request: NextRequest) => {
+  const ip = request.headers.get('x-forwarded-for');
+  if (requestCount[ip] > 100) {  // Custom implementation - DON'T
+    return NextResponse.json({ error: 'Too many' }, { status: 429 });
+  }
+  // ...
+};
+// CORRECT: Always use the HOC
+export const GET = withRateLimitTier(async (request: NextRequest) => {
+  return NextResponse.json({ data: [] });
+}, 'read');
+```
+## Checklist for New Endpoints
+Before finalizing any API endpoint:
+- [ ] Handler is wrapped with `withRateLimitTier`
+- [ ] Appropriate tier selected based on operation type
+- [ ] GET operations use 'read' tier
+- [ ] POST/PUT/PATCH/DELETE use 'write' tier
+- [ ] Sensitive operations use 'strict' tier
+- [ ] Auth operations use 'auth' tier
+- [ ] Import statement added: `import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'`
+## Verification Commands
+```bash
+# Check if a route has rate limiting
+grep -l "withRateLimitTier" packages/core/templates/app/api/**/route.ts
+# Find routes WITHOUT rate limiting (potential vulnerabilities)
+grep -L "withRateLimitTier" packages/core/templates/app/api/**/route.ts
+# Count rate-limited vs unprotected routes
+echo "Protected:"; grep -l "withRateLimitTier" packages/core/templates/app/api/**/route.ts | wc -l
+echo "Unprotected:"; grep -L "withRateLimitTier" packages/core/templates/app/api/**/route.ts | wc -l
+```
+## Testing Rate Limits
+```typescript
+// Cypress test example
+describe('Rate Limiting', () => {
+  it('should return 429 after exceeding limit', () => {
+    // Make requests up to the limit
+    for (let i = 0; i < 210; i++) {
+      cy.request({
+        method: 'GET',
+        url: '/api/v1/products',
+        headers: { 'x-api-key': Cypress.env('API_KEY') },
+        failOnStatusCode: false
+      });
+    }
+    // Next request should be rate limited
+    cy.request({
+      method: 'GET',
+      url: '/api/v1/products',
+      headers: { 'x-api-key': Cypress.env('API_KEY') },
+      failOnStatusCode: false
+    }).then((response) => {
+      expect(response.status).to.eq(429);
+      expect(response.body.code).to.eq('RATE_LIMIT_EXCEEDED');
+      expect(response.headers).to.have.property('retry-after');
+    });
+  });
+});
+```
+## Related Skills
+- `better-auth` - Authentication patterns (auth tier integration)
+- `nextjs-api-development` - API route development patterns
+- `cypress-api` - API testing with rate limit considerations