npm - @patricio0312rev/skillset - Versions diffs - 0.1.0 - Mend

@patricio0312rev/skillset 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (115) hide show

package/templates/backend/caching-strategist/ SKILL.md ADDED Viewed

@@ -0,0 +1,190 @@
+---
+name: caching-strategist
+description: Defines caching strategies with cache keys, TTL values, invalidation triggers, consistency patterns, and correctness checklist. Provides code examples for Redis, CDN, and application-level caching. Use when implementing "caching", "performance optimization", "cache strategy", or "Redis caching".
+---
+# Caching Strategist
+Design effective caching strategies for performance and consistency.
+## Cache Layers
+**CDN**: Static assets, public pages (TTL: days/weeks)
+**Application Cache** (Redis): API responses, sessions (TTL: minutes/hours)
+**Database Cache**: Query results (TTL: seconds/minutes)
+**Client Cache**: Browser/app local cache
+## Cache Key Strategy
+```typescript
+// Hierarchical key structure
+const CACHE_KEYS = {
+  user: (id: string) => `user:${id}`,
+  userPosts: (userId: string, page: number) => `user:${userId}:posts:${page}`,
+  post: (id: string) => `post:${id}`,
+  postComments: (postId: string) => `post:${postId}:comments`,
+};
+// Include version in keys for easy invalidation
+const CACHE_VERSION = "v1";
+const key = `${CACHE_VERSION}:${CACHE_KEYS.user(userId)}`;
+```
+## TTL Strategy
+```typescript
+const TTL = {
+  // Frequently changing
+  REALTIME: 10, // 10 seconds
+  SHORT: 60, // 1 minute
+  // Moderate updates
+  MEDIUM: 300, // 5 minutes
+  STANDARD: 3600, // 1 hour
+  // Rarely changing
+  LONG: 86400, // 1 day
+  VERY_LONG: 604800, // 1 week
+};
+// Usage
+await redis.setex(key, TTL.MEDIUM, JSON.stringify(data));
+```
+## Cache-Aside Pattern
+```typescript
+export const getCachedUser = async (userId: string): Promise<User> => {
+  const key = CACHE_KEYS.user(userId);
+  // Try cache first
+  const cached = await redis.get(key);
+  if (cached) {
+    return JSON.parse(cached);
+  }
+  // Cache miss - fetch from DB
+  const user = await db.users.findById(userId);
+  // Store in cache
+  await redis.setex(key, TTL.STANDARD, JSON.stringify(user));
+  return user;
+};
+```
+## Cache Invalidation
+```typescript
+// Invalidate on update
+export const updateUser = async (userId: string, data: UpdateUserDto) => {
+  const user = await db.users.update(userId, data);
+  // Invalidate cache
+  await redis.del(CACHE_KEYS.user(userId));
+  // Invalidate related caches
+  await redis.del(CACHE_KEYS.userPosts(userId, "*"));
+  return user;
+};
+// Tag-based invalidation
+const addCacheTags = (key: string, tags: string[]) => {
+  tags.forEach((tag) => {
+    redis.sadd(`cache_tag:${tag}`, key);
+  });
+};
+const invalidateByTag = async (tag: string) => {
+  const keys = await redis.smembers(`cache_tag:${tag}`);
+  if (keys.length) {
+    await redis.del(...keys);
+    await redis.del(`cache_tag:${tag}`);
+  }
+};
+```
+## Cache Warming
+```typescript
+// Pre-populate cache for common queries
+export const warmCache = async () => {
+  const popularPosts = await db.posts.findPopular(100);
+  for (const post of popularPosts) {
+    const key = CACHE_KEYS.post(post.id);
+    await redis.setex(key, TTL.LONG, JSON.stringify(post));
+  }
+};
+// Schedule warming
+cron.schedule("0 */6 * * *", warmCache); // Every 6 hours
+```
+## Cache Stampede Prevention
+```typescript
+// Use locks to prevent multiple simultaneous fetches
+export const getCachedWithLock = async (
+  key: string,
+  fetchFn: () => Promise<any>
+) => {
+  const cached = await redis.get(key);
+  if (cached) return JSON.parse(cached);
+  const lockKey = `lock:${key}`;
+  const acquired = await redis.set(lockKey, "1", "EX", 10, "NX");
+  if (acquired) {
+    try {
+      // Fetch and cache
+      const data = await fetchFn();
+      await redis.setex(key, TTL.STANDARD, JSON.stringify(data));
+      return data;
+    } finally {
+      await redis.del(lockKey);
+    }
+  } else {
+    // Wait for other request to finish
+    await new Promise((resolve) => setTimeout(resolve, 100));
+    return getCachedWithLock(key, fetchFn);
+  }
+};
+```
+## Cache Correctness Checklist
+```markdown
+- [ ] Cache keys are unique and predictable
+- [ ] TTL is appropriate for data freshness
+- [ ] Invalidation happens on all updates
+- [ ] Related caches invalidated together
+- [ ] Cache stampede prevention in place
+- [ ] Fallback to DB if cache fails
+- [ ] Monitoring cache hit rate
+- [ ] Cache size doesn't grow unbounded
+- [ ] Sensitive data not cached or encrypted
+- [ ] Cache warming for critical paths
+```
+## Best Practices
+- Cache immutable data aggressively
+- Short TTLs for frequently changing data
+- Invalidate on write, not on read
+- Monitor hit rates and adjust
+- Use tags for bulk invalidation
+- Prevent cache stampedes
+- Graceful degradation if cache down
+## Output Checklist
+- [ ] Cache key naming strategy
+- [ ] TTL values per data type
+- [ ] Invalidation triggers documented
+- [ ] Cache-aside implementation
+- [ ] Stampede prevention
+- [ ] Cache warming strategy
+- [ ] Monitoring/metrics setup
+- [ ] Correctness checklist completed

package/templates/backend/error-handling-standardizer/ SKILL.md ADDED Viewed

@@ -0,0 +1,174 @@
+---
+name: error-handling-standardizer
+description: Creates consistent error handling with custom error classes, HTTP status mapping, structured logging, safe client messages, and error taxonomy. Use when standardizing "error handling", "logging", "error responses", or "exception management".
+---
+# Error Handling Standardizer
+Build consistent, debuggable error handling across the application.
+## Error Taxonomy
+```typescript
+export class AppError extends Error {
+  constructor(
+    public code: string,
+    public message: string,
+    public statusCode: number = 500,
+    public isOperational: boolean = true,
+    public details?: any
+  ) {
+    super(message);
+    Error.captureStackTrace(this, this.constructor);
+  }
+}
+export class ValidationError extends AppError {
+  constructor(details: Record<string, string[]>) {
+    super("VALIDATION_ERROR", "Validation failed", 400, true, details);
+  }
+}
+export class NotFoundError extends AppError {
+  constructor(resource: string) {
+    super("NOT_FOUND", `${resource} not found`, 404);
+  }
+}
+export class UnauthorizedError extends AppError {
+  constructor(message = "Unauthorized") {
+    super("UNAUTHORIZED", message, 401);
+  }
+}
+export class ForbiddenError extends AppError {
+  constructor(message = "Forbidden") {
+    super("FORBIDDEN", message, 403);
+  }
+}
+```
+## Error Handler Middleware
+```typescript
+export const errorHandler = (
+  err: Error,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  // Log error
+  logger.error("Request error", {
+    error: err.message,
+    stack: err.stack,
+    path: req.path,
+    method: req.method,
+    requestId: req.id,
+  });
+  // Operational errors (known)
+  if (err instanceof AppError && err.isOperational) {
+    return res.status(err.statusCode).json({
+      success: false,
+      error: {
+        code: err.code,
+        message: err.message,
+        details: err.details,
+        trace_id: req.id,
+      },
+    });
+  }
+  // Programming errors (unknown)
+  return res.status(500).json({
+    success: false,
+    error: {
+      code: "INTERNAL_ERROR",
+      message: "An unexpected error occurred",
+      trace_id: req.id,
+    },
+  });
+};
+```
+## Structured Logging
+```typescript
+import winston from "winston";
+export const logger = winston.createLogger({
+  level: "info",
+  format: winston.format.combine(
+    winston.format.timestamp(),
+    winston.format.errors({ stack: true }),
+    winston.format.json()
+  ),
+  transports: [
+    new winston.transports.File({ filename: "error.log", level: "error" }),
+    new winston.transports.File({ filename: "combined.log" }),
+  ],
+});
+// Log with context
+logger.error("Payment processing failed", {
+  userId: user.id,
+  amount: payment.amount,
+  error: err.message,
+  trace_id: req.id,
+});
+```
+## Safe Client Messages
+```typescript
+// Never expose internal errors to clients
+const getSafeErrorMessage = (err: Error): string => {
+  if (err instanceof AppError && err.isOperational) {
+    return err.message; // Safe, user-facing message
+  }
+  // Generic message for unexpected errors
+  return "An unexpected error occurred";
+};
+```
+## Async Error Handling
+```typescript
+// Wrap async routes
+export const asyncHandler = (fn: RequestHandler) => {
+  return (req: Request, res: Response, next: NextFunction) => {
+    Promise.resolve(fn(req, res, next)).catch(next);
+  };
+};
+// Usage
+router.get(
+  "/users",
+  asyncHandler(async (req, res) => {
+    const users = await userService.findAll();
+    res.json(users);
+  })
+);
+```
+## Best Practices
+- Use custom error classes
+- Distinguish operational vs programming errors
+- Log all errors with context
+- Never expose stack traces to clients
+- Include trace IDs for debugging
+- Monitor error rates by type
+- Set up alerting for critical errors
+## Output Checklist
+- [ ] Custom error classes defined
+- [ ] Error handler middleware
+- [ ] HTTP status code mapping
+- [ ] Structured logging setup
+- [ ] Safe client error messages
+- [ ] Async error wrapper
+- [ ] Error monitoring/alerts
+- [ ] Documentation of error codes

package/templates/backend/rate-limiting-abuse-protection/ SKILL.md ADDED Viewed

@@ -0,0 +1,147 @@
+---
+name: rate-limiting-abuse-protection
+description: Implements rate limiting and abuse prevention with per-route policies, IP/user-based limits, sliding windows, safe error responses, and observability. Use when adding "rate limiting", "API protection", "abuse prevention", or "DDoS protection".
+---
+# Rate Limiting & Abuse Protection
+Protect APIs from abuse with intelligent rate limiting.
+## Rate Limit Strategies
+**Fixed Window**: 100 requests per hour
+**Sliding Window**: More accurate, prevents bursts
+**Token Bucket**: Allow bursts up to limit
+**Leaky Bucket**: Smooth request rate
+## Implementation (Express)
+```typescript
+import rateLimit from "express-rate-limit";
+// Global rate limit
+const globalLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000, // 15 minutes
+  max: 100, // 100 requests per window
+  message: "Too many requests, please try again later",
+  standardHeaders: true, // Return rate limit info in headers
+  legacyHeaders: false,
+});
+// Stricter limit for auth endpoints
+const authLimiter = rateLimit({
+  windowMs: 15 * 60 * 1000,
+  max: 5, // Only 5 attempts
+  skipSuccessfulRequests: true, // Don't count successful logins
+});
+app.use("/api/", globalLimiter);
+app.use("/api/auth/login", authLimiter);
+```
+## Redis-based Rate Limiting
+```typescript
+import Redis from "ioredis";
+const redis = new Redis();
+export const checkRateLimit = async (
+  key: string,
+  max: number,
+  window: number
+): Promise<{ allowed: boolean; remaining: number }> => {
+  const now = Date.now();
+  const windowStart = now - window;
+  await redis
+    .multi()
+    .zremrangebyscore(key, 0, windowStart)
+    .zadd(key, now, `${now}`)
+    .zcard(key)
+    .expire(key, Math.ceil(window / 1000))
+    .exec();
+  const count = await redis.zcard(key);
+  return {
+    allowed: count <= max,
+    remaining: Math.max(0, max - count),
+  };
+};
+```
+## Per-User Rate Limiting
+```typescript
+export const userRateLimit = (max: number, window: number) => {
+  return async (req, res, next) => {
+    if (!req.user) return next();
+    const key = `rate_limit:user:${req.user.id}`;
+    const result = await checkRateLimit(key, max, window);
+    res.setHeader("X-RateLimit-Limit", max);
+    res.setHeader("X-RateLimit-Remaining", result.remaining);
+    if (!result.allowed) {
+      return res.status(429).json({
+        error: "Rate limit exceeded",
+        retryAfter: window / 1000,
+      });
+    }
+    next();
+  };
+};
+```
+## IP-based Protection
+```typescript
+// Block suspicious IPs
+const ipBlocklist = new Set<string>();
+export const checkIPReputation = async (ip: string): Promise<boolean> => {
+  if (ipBlocklist.has(ip)) return false;
+  // Check against threat intelligence API
+  const reputation = await checkThreatIntel(ip);
+  if (reputation.isMalicious) {
+    ipBlocklist.add(ip);
+    return false;
+  }
+  return true;
+};
+```
+## Response Headers
+```
+X-RateLimit-Limit: 100
+X-RateLimit-Remaining: 95
+X-RateLimit-Reset: 1640000000
+Retry-After: 3600
+```
+## Best Practices
+- Different limits for different endpoints
+- Lower limits for expensive operations
+- Skip rate limit for internal services
+- Return helpful error messages
+- Log rate limit violations
+- Monitor for abuse patterns
+- Allowlist trusted IPs
+## Output Checklist
+- [ ] Rate limiter middleware
+- [ ] Per-route policies
+- [ ] User-based limiting
+- [ ] IP-based limiting
+- [ ] Rate limit headers
+- [ ] Safe error responses
+- [ ] Observability/logging
+- [ ] Bypass for internal services

package/templates/backend/rbac-permissions-builder/ SKILL.md ADDED Viewed

@@ -0,0 +1,158 @@
+---
+name: rbac-permissions-builder
+description: Implements role-based access control with permission matrix, route guards, policy functions, and UI permission hints. Provides middleware/guards, helper utilities, test suggestions, and permission checking patterns. Use when building "RBAC", "permissions", "access control", or "authorization".
+---
+# RBAC/Permissions Builder
+Implement flexible role-based access control systems.
+## Permission Matrix
+```typescript
+// Define permissions
+export enum Permission {
+  USER_READ = "user:read",
+  USER_WRITE = "user:write",
+  USER_DELETE = "user:delete",
+  POST_READ = "post:read",
+  POST_WRITE = "post:write",
+  ADMIN_ACCESS = "admin:access",
+}
+// Define roles
+export const ROLE_PERMISSIONS = {
+  user: [Permission.USER_READ, Permission.POST_READ, Permission.POST_WRITE],
+  moderator: [...userPermissions, Permission.POST_DELETE],
+  admin: Object.values(Permission), // All permissions
+};
+// Check permission
+export const hasPermission = (user: User, permission: Permission): boolean => {
+  return ROLE_PERMISSIONS[user.role]?.includes(permission) ?? false;
+};
+```
+## Route Guards (Express)
+```typescript
+export const requirePermission = (...permissions: Permission[]) => {
+  return (req: Request, res: Response, next: NextFunction) => {
+    if (!req.user) {
+      return res.status(401).json({ error: "Unauthorized" });
+    }
+    const hasAllPermissions = permissions.every((p) =>
+      hasPermission(req.user, p)
+    );
+    if (!hasAllPermissions) {
+      return res.status(403).json({ error: "Forbidden" });
+    }
+    next();
+  };
+};
+// Usage
+router.delete(
+  "/users/:id",
+  authenticate,
+  requirePermission(Permission.USER_DELETE),
+  controller.delete
+);
+```
+## Policy Pattern
+```typescript
+// policies/user.policy.ts
+export class UserPolicy {
+  static canUpdate(currentUser: User, targetUser: User): boolean {
+    // Users can update themselves
+    if (currentUser.id === targetUser.id) return true;
+    // Admins can update anyone
+    if (hasPermission(currentUser, Permission.USER_WRITE)) return true;
+    return false;
+  }
+  static canDelete(currentUser: User, targetUser: User): boolean {
+    // Can't delete yourself
+    if (currentUser.id === targetUser.id) return false;
+    // Only admins can delete
+    return hasPermission(currentUser, Permission.USER_DELETE);
+  }
+}
+// Usage in controller
+if (!UserPolicy.canUpdate(req.user, targetUser)) {
+  return res.status(403).json({ error: "Cannot update this user" });
+}
+```
+## Resource Ownership
+```typescript
+export const requireOwnership = (
+  getResourceUserId: (req: Request) => Promise<string>
+) => {
+  return async (req: Request, res: Response, next: NextFunction) => {
+    const resourceUserId = await getResourceUserId(req);
+    // Owner can access
+    if (req.user.id === resourceUserId) {
+      return next();
+    }
+    // Admin can access anything
+    if (hasPermission(req.user, Permission.ADMIN_ACCESS)) {
+      return next();
+    }
+    return res.status(403).json({ error: "Forbidden" });
+  };
+};
+```
+## UI Permission Hints
+```typescript
+// Return permissions with user
+GET /api/me
+{
+  "user": { ... },
+  "permissions": ["user:read", "post:write"]
+}
+// Frontend helper
+export const usePermission = (permission: Permission): boolean => {
+  const { user } = useAuth();
+  return user?.permissions?.includes(permission) ?? false;
+};
+// Usage
+{usePermission('user:delete') && <DeleteButton />}
+```
+## Best Practices
+- Define permissions granularly (resource:action)
+- Check at multiple layers (route, controller, UI)
+- Use policies for complex rules
+- Cache permission checks
+- Log permission denials
+- Test all permission paths
+## Output Checklist
+- [ ] Permission enum/constants
+- [ ] Role-to-permission mapping
+- [ ] Route guard middleware
+- [ ] Policy classes for complex rules
+- [ ] Ownership checking utilities
+- [ ] Permission checking helpers
+- [ ] UI permission hints endpoint
+- [ ] Test cases for all permission paths