npm - @nitra/cursor - Versions diffs - 12.8.6 → 12.8.8 - Mend

@nitra/cursor 12.8.6 → 12.8.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (263) hide show

package/CHANGELOG.md +12 -0
package/package.json +1 -1
package/rules/abie/main.mdc +9 -5
package/rules/abie/policy/base_deployment_preem/base_deployment_preem.mdc +22 -0
package/rules/abie/policy/clean_merged_ignore_branches/clean_merged_ignore_branches.mdc +19 -0
package/rules/abie/policy/health_check_policy/health_check_policy.mdc +17 -0
package/rules/abie/policy/http_route_base/http_route_base.mdc +9 -0
package/rules/abie/policy/package_json_shared/package_json_shared.mdc +17 -0
package/rules/adr/js/hooks.mdc +32 -0
package/rules/adr/js/madr_format.mdc +96 -0
package/rules/adr/js/settings_policy.mdc +34 -0
package/rules/adr/main.mdc +17 -95
package/rules/adr/policy/settings_json/settings_json.mdc +7 -0
package/rules/adr/policy/settings_local_json/settings_local_json.mdc +7 -0
package/rules/bun/js/bunfig.mdc +12 -0
package/rules/bun/js/layout.mdc +60 -0
package/rules/bun/js/lint.mdc +9 -0
package/rules/bun/js/package_json.mdc +19 -0
package/rules/bun/main.mdc +7 -60
package/rules/bun/policy/bunfig/bunfig.mdc +12 -0
package/rules/bun/policy/package_json/package_json.mdc +14 -0
package/rules/capacitor/js/ios_spm.mdc +69 -0
package/rules/capacitor/js/version.mdc +29 -0
package/rules/capacitor/main.mdc +6 -22
package/rules/capacitor/policy/package_json/package_json.mdc +9 -0
package/rules/changelog/js/agent-workflow.mdc +15 -0
package/rules/changelog/js/changelog-format.mdc +33 -0
package/rules/changelog/js/comparison-models.mdc +40 -0
package/rules/changelog/main.mdc +4 -98
package/rules/ci4/js/marksman_config.mdc +31 -0
package/rules/ci4/js/vscode_extensions.mdc +33 -0
package/rules/ci4/main.mdc +16 -14
package/rules/ci4/policy/vscode_extensions/vscode_extensions.mdc +9 -0
package/rules/docker/js/compile.mdc +44 -0
package/rules/docker/js/hadolint.mdc +50 -0
package/rules/docker/js/mirror.mdc +13 -0
package/rules/docker/js/multistage.mdc +13 -0
package/rules/docker/js/native-addon.mdc +43 -0
package/rules/docker/js/nginx-tag.mdc +7 -0
package/rules/docker/js/nginx-user.mdc +37 -0
package/rules/docker/js/non-root.mdc +39 -0
package/rules/docker/main.mdc +13 -196
package/rules/docker/policy/lint_docker_yml/lint_docker_yml.mdc +14 -0
package/rules/efes/main.mdc +1 -1
package/rules/efes/policy/package_json_shared/package_json_shared.mdc +30 -0
package/rules/ga/js/lint_toolchain.mdc +15 -0
package/rules/ga/js/required_workflows.mdc +35 -0
package/rules/ga/js/vscode.mdc +17 -0
package/rules/ga/js/workflow_common.mdc +108 -0
package/rules/ga/js/workflows.mdc +32 -0
package/rules/ga/js/zizmor.mdc +7 -0
package/rules/ga/main.mdc +16 -119
package/rules/ga/policy/clean_ga_workflows/clean_ga_workflows.mdc +18 -0
package/rules/ga/policy/clean_merged_branch/clean_merged_branch.mdc +22 -0
package/rules/ga/policy/git_ai/git_ai.mdc +19 -0
package/rules/ga/policy/lint_ga/lint_ga.mdc +21 -0
package/rules/ga/policy/vscode_extensions/vscode_extensions.mdc +9 -0
package/rules/ga/policy/vscode_settings/vscode_settings.mdc +9 -0
package/rules/ga/policy/workflow_common/workflow_common.mdc +18 -0
package/rules/ga/policy/zizmor_yml/zizmor_yml.mdc +9 -0
package/rules/graphql/js/tooling.mdc +13 -0
package/rules/graphql/js/vscode_extensions.mdc +13 -0
package/rules/graphql/main.mdc +4 -21
package/rules/graphql/policy/vscode_extensions/vscode_extensions.mdc +9 -0
package/rules/hasura/js/internal_urls.mdc +27 -0
package/rules/hasura/js/migrations.mdc +13 -0
package/rules/hasura/js/svc_hl.mdc +17 -0
package/rules/hasura/main.mdc +6 -30
package/rules/hasura/policy/svc_hl/svc_hl.mdc +15 -0
package/rules/image-avif/js/avif_generation.mdc +26 -0
package/rules/image-avif/js/package_json_optout.mdc +21 -0
package/rules/image-avif/main.mdc +5 -34
package/rules/image-avif/policy/package_json/package_json.mdc +18 -0
package/rules/image-compress/js/package_json.mdc +7 -0
package/rules/image-compress/js/package_setup.mdc +13 -0
package/rules/image-compress/main.mdc +4 -12
package/rules/image-compress/policy/package_json/package_json.mdc +13 -0
package/rules/js/docs/index.md +3 -3
package/rules/js/js/dep-policy.mdc +17 -0
package/rules/js/js/eslint-config.mdc +28 -0
package/rules/js/js/extensions.mdc +8 -0
package/rules/js/js/file-extensions.mdc +12 -0
package/rules/js/js/for-in.mdc +26 -0
package/rules/js/js/jscpd.mdc +42 -0
package/rules/js/js/knip.mdc +15 -0
package/rules/js/js/lint-js-workflow.mdc +58 -0
package/rules/js/js/oxlintrc.mdc +20 -0
package/rules/js/js/package-json.mdc +31 -0
package/rules/js/js/tests.mdc +9 -0
package/rules/js/js/utils-lib-structure.mdc +15 -0
package/rules/js/main.mdc +19 -211
package/rules/js/policy/jscpd/jscpd.mdc +14 -0
package/rules/js/policy/lint_js_yml/lint_js_yml.mdc +14 -0
package/rules/js/policy/package_json/package_json.mdc +15 -0
package/rules/js/policy/vscode_extensions/vscode_extensions.mdc +11 -0
package/rules/js-bun-db/js/bun-sql-migration.mdc +15 -0
package/rules/js-bun-db/js/connection.mdc +42 -0
package/rules/js-bun-db/js/pg-format-identifiers.mdc +102 -0
package/rules/js-bun-db/js/pg-format-shim.mdc +99 -0
package/rules/js-bun-db/js/pg-leftover.mdc +27 -0
package/rules/js-bun-db/js/pg-listen-notify.mdc +51 -0
package/rules/js-bun-db/js/query-safety.mdc +117 -0
package/rules/js-bun-db/js/sql-array.mdc +88 -0
package/rules/js-bun-db/js/unsafe.mdc +65 -0
package/rules/js-bun-db/main.mdc +12 -607
package/rules/js-bun-db/policy/package_json/package_json.mdc +17 -0
package/rules/js-bun-redis/js/imports.mdc +47 -0
package/rules/js-bun-redis/js/package_json.mdc +44 -0
package/rules/js-bun-redis/main.mdc +4 -10
package/rules/js-bun-redis/policy/package_json/package_json.mdc +11 -0
package/rules/js-mssql/js/mssql-in-list.mdc +38 -0
package/rules/js-mssql/js/mssql-pool.mdc +56 -0
package/rules/js-mssql/js/mssql-query-template.mdc +33 -0
package/rules/js-mssql/js/mssql-tvp.mdc +75 -0
package/rules/js-mssql/js/mssql-version.mdc +7 -0
package/rules/js-mssql/main.mdc +10 -198
package/rules/js-mssql/policy/package_json/package_json.mdc +9 -0
package/rules/js-run/js/check-env.mdc +35 -0
package/rules/js-run/js/conn-aliases.mdc +109 -0
package/rules/js-run/js/jsconfig.mdc +20 -0
package/rules/js-run/js/otel-configmap.mdc +6 -0
package/rules/js-run/js/pino.mdc +6 -0
package/rules/js-run/js/project-structure.mdc +11 -0
package/rules/js-run/js/runtime.mdc +14 -0
package/rules/js-run/js/scope.mdc +11 -0
package/rules/js-run/js/settimeout.mdc +11 -0
package/rules/js-run/js/temporal.mdc +5 -0
package/rules/js-run/main.mdc +16 -216
package/rules/js-run/policy/configmap/configmap.mdc +31 -0
package/rules/js-run/policy/jsconfig/jsconfig.mdc +25 -0
package/rules/js-run/policy/package_json/package_json.mdc +38 -0
package/rules/k8s/js/configmap.mdc +41 -0
package/rules/k8s/js/deployment_resources.mdc +49 -0
package/rules/k8s/js/hasura_httproute.mdc +91 -0
package/rules/k8s/js/hpa_apiversion.mdc +27 -0
package/rules/k8s/js/ingress_gateway.mdc +16 -0
package/rules/k8s/js/kustomize_structure.mdc +144 -0
package/rules/k8s/js/lint_k8s.mdc +72 -0
package/rules/k8s/js/multidoc_yaml.mdc +5 -0
package/rules/k8s/js/network_policy.mdc +136 -0
package/rules/k8s/js/schema_modeline.mdc +57 -0
package/rules/k8s/js/service.mdc +44 -0
package/rules/k8s/js/topology_hpa_pdb.mdc +181 -0
package/rules/k8s/main.mdc +29 -834
package/rules/k8s/policy/base_kustomization/base_kustomization.mdc +12 -0
package/rules/k8s/policy/base_manifest/base_manifest.mdc +14 -0
package/rules/k8s/policy/gateway/gateway.mdc +17 -0
package/rules/k8s/policy/hasura_configmap/hasura_configmap.mdc +20 -0
package/rules/k8s/policy/hasura_httproute/hasura_httproute.mdc +16 -0
package/rules/k8s/policy/hpa_pdb/hpa_pdb.mdc +23 -0
package/rules/k8s/policy/kustomization/kustomization.mdc +20 -0
package/rules/k8s/policy/manifest/manifest.mdc +17 -0
package/rules/k8s/policy/network_policy/network_policy.mdc +22 -0
package/rules/k8s/policy/svc_hl_yaml/svc_hl_yaml.mdc +13 -0
package/rules/k8s/policy/svc_yaml/svc_yaml.mdc +12 -0
package/rules/nginx-default-tpl/js/dockerfile.mdc +36 -0
package/rules/nginx-default-tpl/js/http-route.mdc +41 -0
package/rules/nginx-default-tpl/js/ini-keys.mdc +21 -0
package/rules/nginx-default-tpl/js/template-structure.mdc +86 -0
package/rules/nginx-default-tpl/js/vscode.mdc +37 -0
package/rules/nginx-default-tpl/main.mdc +8 -110
package/rules/nginx-default-tpl/policy/vscode_extensions/vscode_extensions.mdc +11 -0
package/rules/nginx-default-tpl/policy/vscode_settings/vscode_settings.mdc +15 -0
package/rules/npm-module/js/docs/index.md +5 -5
package/rules/npm-module/js/docs/rule_meta.md +6 -6
package/rules/npm-module/js/docs/skill_meta.md +8 -8
package/rules/npm-module/js/header_doc_pointer.mdc +18 -0
package/rules/npm-module/js/package_structure.mdc +62 -0
package/rules/npm-module/js/rule_meta.mdc +11 -0
package/rules/npm-module/js/skill_meta.mdc +11 -0
package/rules/npm-module/main.mdc +10 -52
package/rules/npm-module/policy/emit_types_config/emit_types_config.mdc +40 -0
package/rules/npm-module/policy/npm_package_json/npm_package_json.mdc +50 -0
package/rules/npm-module/policy/root_package_json/root_package_json.mdc +37 -0
package/rules/php/js/lint_php_yml.mdc +12 -0
package/rules/php/js/tooling.mdc +66 -0
package/rules/php/main.mdc +5 -66
package/rules/php/policy/lint_php_yml/lint_php_yml.mdc +21 -0
package/rules/python/js/lint_python_yml.mdc +23 -0
package/rules/python/js/pyproject_toml.mdc +32 -0
package/rules/python/js/tooling.mdc +23 -0
package/rules/python/main.mdc +7 -32
package/rules/python/policy/lint_python_yml/lint_python_yml.mdc +12 -0
package/rules/python/policy/pyproject_toml/pyproject_toml.mdc +13 -0
package/rules/rego/js/rego-lint.mdc +31 -0
package/rules/rego/js/vscode_extensions.mdc +11 -0
package/rules/rego/js/vscode_settings.mdc +13 -0
package/rules/rego/main.mdc +10 -22
package/rules/rego/policy/vscode_extensions/vscode_extensions.mdc +11 -0
package/rules/rego/policy/vscode_settings/vscode_settings.mdc +19 -0
package/rules/rust/js/coverage.mdc +28 -0
package/rules/rust/js/lint.mdc +22 -0
package/rules/rust/js/tauri_composition.mdc +8 -0
package/rules/rust/js/vscode_extensions.mdc +12 -0
package/rules/rust/main.mdc +8 -38
package/rules/rust/policy/lint_rust_yml/lint_rust_yml.mdc +12 -0
package/rules/rust/policy/vscode_extensions/vscode_extensions.mdc +9 -0
package/rules/security/js/rego_policies.mdc +15 -0
package/rules/security/js/sample_secret.mdc +19 -0
package/rules/security/js/trufflehog.mdc +21 -0
package/rules/security/main.mdc +7 -34
package/rules/security/policy/lint_security_yml/lint_security_yml.mdc +7 -0
package/rules/security/policy/package_json/package_json.mdc +7 -0
package/rules/style/js/admin-table.mdc +88 -0
package/rules/style/js/colors.mdc +21 -0
package/rules/style/js/gap.mdc +22 -0
package/rules/style/js/quasar-fixes.mdc +32 -0
package/rules/style/js/quasar.mdc +7 -0
package/rules/style/js/tooling.mdc +85 -0
package/rules/style/main.mdc +12 -251
package/rules/style/policy/lint_style_yml/lint_style_yml.mdc +13 -0
package/rules/style/policy/package_json/package_json.mdc +18 -0
package/rules/style/policy/vscode_extensions/vscode_extensions.mdc +13 -0
package/rules/style/policy/vscode_settings/vscode_settings.mdc +19 -0
package/rules/tauri/js/cargo_mutants_config.mdc +39 -0
package/rules/tauri/js/tool_surface.mdc +21 -0
package/rules/tauri/js/tooling.mdc +25 -0
package/rules/tauri/main.mdc +6 -78
package/rules/tauri/policy/vscode_extensions/vscode_extensions.mdc +21 -0
package/rules/test/js/cargo_mutants_config.mdc +18 -0
package/rules/test/js/docs/index.md +7 -7
package/rules/test/js/location.mdc +52 -0
package/rules/test/js/no-console-store-restore.mdc +11 -0
package/rules/test/js/no-process-chdir.mdc +15 -0
package/rules/test/js/no-relative-fs-path.mdc +22 -0
package/rules/test/js/sandbox-aware-test.mdc +28 -0
package/rules/test/js/stryker_config.mdc +26 -0
package/rules/test/js/vitest-config-pool-forks.mdc +33 -0
package/rules/test/main.mdc +16 -184
package/rules/test/policy/package_json/package_json.mdc +16 -0
package/rules/text/js/ci-lint-text.mdc +15 -0
package/rules/text/js/cspell.mdc +81 -0
package/rules/text/js/dotenv-linter.mdc +16 -0
package/rules/text/js/forbidden-prettier.mdc +13 -0
package/rules/text/js/markdownlint.mdc +25 -0
package/rules/text/js/oxfmt.mdc +35 -0
package/rules/text/js/package-json.mdc +26 -0
package/rules/text/js/shellcheck.mdc +18 -0
package/rules/text/js/v8r.mdc +23 -0
package/rules/text/js/vscode.mdc +86 -0
package/rules/text/main.mdc +20 -231
package/rules/text/policy/cspell/cspell.mdc +34 -0
package/rules/text/policy/lint_text/lint_text.mdc +19 -0
package/rules/text/policy/markdownlint/markdownlint.mdc +38 -0
package/rules/text/policy/oxfmtrc/oxfmtrc.mdc +11 -0
package/rules/text/policy/package_json/package_json.mdc +33 -0
package/rules/text/policy/vscode_extensions/vscode_extensions.mdc +13 -0
package/rules/text/policy/vscode_settings/vscode_settings.mdc +13 -0
package/rules/vue/js/composition-api.mdc +82 -0
package/rules/vue/js/nheader-layout.mdc +171 -0
package/rules/vue/js/node-imports.mdc +25 -0
package/rules/vue/js/quasar-ui.mdc +32 -0
package/rules/vue/js/structure.mdc +101 -0
package/rules/vue/js/testing.mdc +32 -0
package/rules/vue/js/tfm-translations.mdc +26 -0
package/rules/vue/js/vite-config.mdc +126 -0
package/rules/vue/js/vite-env.mdc +55 -0
package/rules/vue/js/vue-imports.mdc +25 -0
package/rules/vue/main.mdc +15 -641
package/rules/vue/policy/package_json/package_json.mdc +30 -0
package/scripts/docs/index.md +16 -16
package/scripts/lib/docs/index.md +36 -36
package/scripts/utils/docs/index.md +14 -14

package/rules/k8s/js/topology_hpa_pdb.mdc ADDED Viewed

@@ -0,0 +1,181 @@
+## Deployment: `topologySpreadConstraints`, HPA / PDB через `components/`, NetworkPolicy у `base/`
+Для **кожного** `kind: Deployment` у каталозі **`…/k8s/…/base/`** сам Deployment має канонічні **`spec.template.spec.topologySpreadConstraints`**, а **HPA і PDB** живуть у **sibling каталозі** **`…/k8s/…/components/`** (Kustomize Component, фіксована назва каталогу — `components`). У `base/` локальні `hpa.yaml` і `pdb.yaml` **заборонені**. Інші назви каталогу (`scale/`, `hpa-component/`, `pdb-component/`) — fail.
+Кожен **Deployment** має явно задавати безпечну rollout strategy:
+```yaml
+strategy:
+  type: RollingUpdate
+  rollingUpdate:
+    maxUnavailable: 0
+    maxSurge: 1
+```
+Це гарантує, що під час оновлення image Kubernetes спершу створить один новий Pod, дочекається його `Ready`, і лише потім прибере один старий Pod.
+**NetworkPolicy** лежить **у `base/`** (обмеження мережі мають діяти і на dev). Для **кожного** з **`Deployment`**, **`StatefulSet`**, **`DaemonSet`**, **`Job`**, **`CronJob`** під `k8s` обов'язковий **NetworkPolicy**: у **`…/k8s/…/base/`** — у **`base/networkpolicy.yaml`** поруч з workload-маніфестом (multi-doc, якщо workload-ів кілька). У `base/kustomization.yaml` `resources:` має бути `networkpolicy.yaml`.
+### Канонічна структура `<pkg>/k8s/components/`
+Лише HPA і PDB:
+- **`kustomization.yaml`** — `apiVersion: kustomize.config.k8s.io/v1alpha1`, `kind: Component`, `resources: [hpa.yaml, pdb.yaml]` (відсортовано за алфавітом).
+- **`hpa.yaml`** — `autoscaling/v2`, `HorizontalPodAutoscaler`, **без** `metadata.namespace`, `minReplicas: 1`, `maxReplicas: 1`.
+- **`pdb.yaml`** — `policy/v1`, `PodDisruptionBudget`, **без** `metadata.namespace`, `minAvailable: 0`.
+**`<pkg>/k8s/components/kustomization.yaml`** має `kind: Component` (не `kind: Kustomization`) — це **джерело** канонічних HPA/PDB для всіх overlays, а не overlay сам по собі.
+### Env-залежні межі (за сегментом після `/k8s/`)
+**Dev-like середовища** — сегмент `base`, `dev`, або з суфіксом `-qa`:
+- HPA: `minReplicas` — рівно **1**, `maxReplicas` — рівно **1**.
+- PDB: `minAvailable` — рівно **0**.
+**Прод-середовища** — усе інше:
+- HPA: `minReplicas` — мінімум **2**, `maxReplicas` — мінімум **2**.
+- PDB: `minAvailable` — мінімум **1**.
+### Прод-оверрайди у `kustomization.yaml`
+У прод-накладенні `kustomization.yaml`, що підключає `components: [- ../components]`, у `patches[]` **обов'язкові** JSON6902-перевизначення прод-значень:
+- **`HorizontalPodAutoscaler`**: `/spec/minReplicas` і `/spec/maxReplicas` (мінімум 2).
+- **`PodDisruptionBudget`**: `/spec/minAvailable` (мінімум 1).
+```yaml title="k8s/prod/kustomization.yaml (фрагмент)"
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: prod
+resources:
+  - ../base
+components:
+  - ../components
+patches:
+  - target:
+      kind: HorizontalPodAutoscaler
+      name: backend-api
+    patch: |-
+      - op: replace
+        path: /spec/minReplicas
+        value: 2
+      - op: replace
+        path: /spec/maxReplicas
+        value: 10
+  - target:
+      kind: PodDisruptionBudget
+      name: backend-api
+    patch: |-
+      - op: replace
+        path: /spec/minAvailable
+        value: 1
+```
+### Приклади: `components/`, HPA, PDB
+```yaml title="k8s/components/kustomization.yaml"
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+resources:
+  - hpa.yaml
+  - pdb.yaml
+```
+```yaml title="k8s/components/hpa.yaml"
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.33.9-standalone-strict/horizontalpodautoscaler-autoscaling-v2.json
+apiVersion: autoscaling/v2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: backend-api
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: backend-api
+  minReplicas: 1 # прод overlay підіймає до >= 2
+  maxReplicas: 1 # прод overlay підіймає до >= 2
+  metrics:
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: 70
+  behavior:
+    scaleUp:
+      stabilizationWindowSeconds: 15
+      policies:
+        - type: Percent
+          value: 100
+          periodSeconds: 30
+        - type: Pods
+          value: 4
+          periodSeconds: 30
+      selectPolicy: Max
+    scaleDown:
+      stabilizationWindowSeconds: 300
+      policies:
+        - type: Percent
+          value: 25
+          periodSeconds: 120
+      selectPolicy: Min
+```
+```yaml title="k8s/components/pdb.yaml"
+# yaml-language-server: $schema=https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.33.9-standalone-strict/poddisruptionbudget-policy-v1.json
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: backend-api
+spec:
+  minAvailable: 0 # прод overlay підіймає до >= 1
+  selector:
+    matchLabels:
+      app: backend-api
+```
+```yaml title="k8s/base/deploy.yaml (фрагмент)"
+spec:
+  template:
+    spec:
+      containers:
+        - name: backend-api
+          image: example.registry/backend-api:tag
+          resources:
+            requests:
+              cpu: '0.02'
+              memory: '128Mi'
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: kubernetes.io/hostname
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: backend-api
+```
+### Overlays: HPA, PDB, NetworkPolicy
+У **не-base** оверлеях (без `components/`) поруч із `Deployment` лишається звична схема: окремі **`hpa.yaml`**, **`networkpolicy.yaml`** і **`pdb.yaml`**, якщо такі потрібні для цього середовища.
+- **`hpa.yaml`** (поза **`…/base/`**) — `autoscaling/v2`, `HorizontalPodAutoscaler`, `spec.scaleTargetRef.name` **= `metadata.name`** Deployment.
+- **`networkpolicy.yaml`** (overlay-specific, опціональний) — той самий канон egress/ingress, що в `base/`.
+- **`pdb.yaml`** — `policy/v1`, `PodDisruptionBudget`, `spec.selector.matchLabels.app` **= `spec.selector.matchLabels.app`** Deployment.
+- **`topologySpreadConstraints`** — запис з `maxSkew: 1`, `topologyKey: kubernetes.io/hostname`, `whenUnsatisfiable: ScheduleAnyway`, `labelSelector.matchLabels.app` рівне тій самій мітці `app`.
+**Overlays** підключають `components: [- ../components]` і додають JSON6902-патчі для прод-значень. NetworkPolicy успадковується з base через `resources: [- ../base]`.
+Алгоритм перевірки структури `components/` — функція `validateComponentsForBaseDeployment` у **`rules/k8s/fix.mjs`**.
+```yaml title="k8s/base/kustomization.yaml (фрагмент)"
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: dev
+resources:
+  - deploy.yaml
+  - networkpolicy.yaml
+  - svc.yaml
+  - svc-hl.yaml
+```