@relipa/ai-flow-kit 0.0.6-beta.0 → 0.0.7-beta.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +33 -13
- package/bin/aiflow.js +58 -2
- package/custom/mcp-presets/gitnexus.json +8 -0
- package/custom/rules/java/spring-boot-examples.md +329 -329
- package/custom/skills/generate-spec/SKILL.md +7 -0
- package/custom/skills/impact-analysis/SKILL.md +10 -0
- package/custom/skills/read-study-requirement/SKILL.md +11 -0
- package/custom/skills/review-plan/SKILL.md +15 -0
- package/custom/templates/spring-boot.md +224 -224
- package/docs/common/AIFLOW.md +12 -6
- package/docs/common/CHANGELOG.md +49 -5
- package/docs/common/QUICK_START.md +13 -11
- package/docs/common/cli-reference.md +23 -0
- package/package.json +2 -7
- package/scripts/checkpoint.js +46 -0
- package/scripts/doctor.js +192 -89
- package/scripts/gitnexus-worker.js +94 -0
- package/scripts/guide.js +42 -51
- package/scripts/hooks/session-start.js +274 -244
- package/scripts/hooks/session-stop.js +55 -0
- package/scripts/init.js +293 -18
- package/scripts/prompt.js +2 -2
- package/scripts/remove.js +54 -0
- package/scripts/task.js +446 -384
- package/scripts/update.js +14 -4
- package/scripts/use.js +41 -0
- package/upstream/.claude-plugin/marketplace.json +4 -4
- package/upstream/.claude-plugin/plugin.json +2 -4
- package/upstream/.cursor-plugin/plugin.json +2 -4
- package/upstream/docs/plans/2025-11-22-opencode-support-design.md +1 -1
- package/upstream/docs/plans/2025-11-28-skills-improvements-from-user-feedback.md +2 -2
- package/upstream/docs/testing.md +2 -2
- package/upstream/skills/subagent-driven-development/SKILL.md +5 -6
- package/upstream/skills/subagent-driven-development/implementer-prompt.md +2 -3
- package/upstream/skills/systematic-debugging/CREATION-LOG.md +1 -1
- package/upstream/skills/systematic-debugging/root-cause-tracing.md +1 -1
- package/upstream/skills/tdd-lean/SKILL.md +127 -0
- package/upstream/skills/using-git-worktrees/SKILL.md +4 -5
- package/upstream/skills/writing-plans/SKILL.md +3 -9
- package/upstream/tests/brainstorm-server/package-lock.json +36 -0
|
@@ -20,6 +20,16 @@ keywords: impact, refactor, breaking change, scope
|
|
|
20
20
|
|
|
21
21
|
### Step 1: Find all usage (Dependency Map)
|
|
22
22
|
|
|
23
|
+
**Preferred — If GitNexus MCP is available** (`.mcp.json` has `gitnexus` entry):
|
|
24
|
+
```
|
|
25
|
+
impact("ClassName") → structured blast radius: callers, dependents, risk score
|
|
26
|
+
detect_changes() → reads current git diff, maps changed lines → affected symbols
|
|
27
|
+
```
|
|
28
|
+
- Use `impact()` when you know the class/function name being modified.
|
|
29
|
+
- Use `detect_changes()` when starting Gate 4 review — it auto-detects what changed from git diff without needing to specify names.
|
|
30
|
+
- One call replaces all grep commands below. Proceed directly to Step 2 with the result.
|
|
31
|
+
|
|
32
|
+
**Fallback — grep manually** (if GitNexus not configured):
|
|
23
33
|
```bash
|
|
24
34
|
# Find all files importing/calling the class/function being modified
|
|
25
35
|
grep -r "ClassName\|functionName\|methodName" --include="*.php" .
|
|
@@ -28,6 +28,13 @@ Check `mode` in `.aiflow/context/current.json` before starting:
|
|
|
28
28
|
|
|
29
29
|
> Target: Gate 1 complete in **< 5 minutes**, minimum token usage.
|
|
30
30
|
|
|
31
|
+
## Fast Mode Output Rules (CRITICAL)
|
|
32
|
+
|
|
33
|
+
When creating `plan/[ticket-id]/summary.md` during Gate 1:
|
|
34
|
+
- You must create the `summary.md` file after Gate 1 is APPROVED, to track session progress.
|
|
35
|
+
- Keep `summary.md` concise. Only include short bullet points tracking Gates.
|
|
36
|
+
- Do not write verbose implementation details in `summary.md` at Gate 1.
|
|
37
|
+
|
|
31
38
|
1. Read `.aiflow/context/current.json` — ticket title, description, acceptance criteria
|
|
32
39
|
2. Identify **directly affected files** from ticket text and file names only.
|
|
33
40
|
DO NOT trace data flow or read unrelated source files.
|
|
@@ -73,6 +80,10 @@ Check `mode` in `.aiflow/context/current.json` before starting:
|
|
|
73
80
|
1. Read `.aiflow/context/current.json` — ticket info from Backlog/Jira
|
|
74
81
|
2. Read `CLAUDE.md` — understand project architecture, tech stack, conventions
|
|
75
82
|
3. Read related source files — trace data flow, identify patterns, dependencies
|
|
83
|
+
- **If GitNexus MCP is available** (`.mcp.json` has `gitnexus` entry): invoke GitNexus MCP tools instead of reading files directly — one call returns full context without multi-file exploration:
|
|
84
|
+
- `gitnexus: context("ClassName")` → 360° view of a symbol (dependencies, callers, methods)
|
|
85
|
+
- `gitnexus: query("keyword or description")` → hybrid search across codebase
|
|
86
|
+
- Saves ~50% of token cost at this step vs reading files manually
|
|
76
87
|
- **If task is a Bug Fix:** Invoke `superpowers:systematic-debugging` to trace root cause before proposing fixes.
|
|
77
88
|
4. Read ticket comments — additional context from PM/team
|
|
78
89
|
|
|
@@ -41,6 +41,21 @@ Assess impact by reasoning about the changed files only:
|
|
|
41
41
|
- [ ] No hardcoded credentials or secrets
|
|
42
42
|
- [ ] No SQL injection risk in new queries
|
|
43
43
|
|
|
44
|
+
## Fast Mode Output Rules (CRITICAL)
|
|
45
|
+
|
|
46
|
+
When creating `plan/[ticket-id]/summary.md` in **fast mode**:
|
|
47
|
+
- **Do not write long explanations or descriptions.**
|
|
48
|
+
- **List format only:** Bullet points with `[NEW]`, `[MODIFIED]`, `[DELETED]`.
|
|
49
|
+
- **Purpose:** Next to each file, write exactly 1 sentence explaining the *purpose* (the "why"), not the implementation details.
|
|
50
|
+
|
|
51
|
+
**Example summary.md block:**
|
|
52
|
+
```markdown
|
|
53
|
+
### Gate 3 — Code
|
|
54
|
+
- ✅ **Implemented batch endpoints**
|
|
55
|
+
- \`[NEW] src/controllers/BatchController.ts\`: Handle bulk export requests
|
|
56
|
+
- \`[MODIFIED] src/services/ExportService.ts\`: Added S3 upload integration
|
|
57
|
+
```
|
|
58
|
+
|
|
44
59
|
---
|
|
45
60
|
|
|
46
61
|
## Process
|
|
@@ -1,224 +1,224 @@
|
|
|
1
|
-
# Spring Boot AI System Prompt
|
|
2
|
-
|
|
3
|
-
You are an expert Java Spring Boot developer. Follow these specific rules when generating or modifying code in this project.
|
|
4
|
-
|
|
5
|
-
> **Code examples:** See `.rules/java/spring-boot-examples.md` — read it when generating code for a specific layer.
|
|
6
|
-
|
|
7
|
-
---
|
|
8
|
-
|
|
9
|
-
## Project Stack
|
|
10
|
-
|
|
11
|
-
- **Java:** 17+
|
|
12
|
-
- **Spring Boot:** 3.x
|
|
13
|
-
- **Build Tool:** Maven (prefer) or Gradle
|
|
14
|
-
- **ORM:** Spring Data JPA + Hibernate
|
|
15
|
-
- **Database:** MySQL / PostgreSQL
|
|
16
|
-
- **Testing:** JUnit 5 + Mockito + AssertJ
|
|
17
|
-
- **Utilities:** Lombok, MapStruct
|
|
18
|
-
- **API Style:** RESTful JSON
|
|
19
|
-
|
|
20
|
-
---
|
|
21
|
-
|
|
22
|
-
## Architecture
|
|
23
|
-
|
|
24
|
-
Follow strict **Layered Architecture**:
|
|
25
|
-
|
|
26
|
-
```
|
|
27
|
-
Controller (HTTP layer)
|
|
28
|
-
↓
|
|
29
|
-
Service (Business logic)
|
|
30
|
-
↓
|
|
31
|
-
Repository (Data access - Spring Data JPA)
|
|
32
|
-
↓
|
|
33
|
-
Entity / Domain Model
|
|
34
|
-
```
|
|
35
|
-
|
|
36
|
-
### Package Structure
|
|
37
|
-
|
|
38
|
-
```
|
|
39
|
-
com.company.project/
|
|
40
|
-
├── controller/ # \@RestController — HTTP endpoints only
|
|
41
|
-
├── service/
|
|
42
|
-
│ ├── impl/ # \@Service — business logic implementation
|
|
43
|
-
│ └── [Interface].java
|
|
44
|
-
├── repository/ # \@Repository — extends JpaRepository
|
|
45
|
-
├── entity/ # \@Entity — JPA entities
|
|
46
|
-
├── dto/
|
|
47
|
-
│ ├── request/ # Input DTOs (e.g. CreateUserRequest)
|
|
48
|
-
│ └── response/ # Output DTOs (e.g. UserResponse)
|
|
49
|
-
├── mapper/ # MapStruct mappers (Entity ↔ DTO)
|
|
50
|
-
├── exception/
|
|
51
|
-
│ ├── GlobalExceptionHandler.java # \@RestControllerAdvice
|
|
52
|
-
│ └── [CustomException].java
|
|
53
|
-
├── config/ # \@Configuration classes
|
|
54
|
-
└── util/ # Pure utility helpers (stateless)
|
|
55
|
-
```
|
|
56
|
-
|
|
57
|
-
---
|
|
58
|
-
|
|
59
|
-
## Controller Rules
|
|
60
|
-
|
|
61
|
-
- Annotate with `\@RestController` + `\@RequestMapping`
|
|
62
|
-
- **Only** handle HTTP concerns: parse request, call service, return response
|
|
63
|
-
- Never put business logic in Controller
|
|
64
|
-
- Always use DTOs — never expose Entity directly
|
|
65
|
-
- Use `ResponseEntity<T>` for explicit HTTP status control
|
|
66
|
-
- Validate input with `\@Valid` + Bean Validation annotations
|
|
67
|
-
|
|
68
|
-
---
|
|
69
|
-
|
|
70
|
-
## Service Rules
|
|
71
|
-
|
|
72
|
-
- Always define an **interface**, implement in the `impl/` package
|
|
73
|
-
- Annotate implementation with `\@Service`
|
|
74
|
-
- All business logic lives here
|
|
75
|
-
- Use `\@Transactional` at the method level (not class level)
|
|
76
|
-
- Throw specific custom exceptions, not generic `RuntimeException`
|
|
77
|
-
- Never return an Entity — always convert to DTO via Mapper
|
|
78
|
-
|
|
79
|
-
---
|
|
80
|
-
|
|
81
|
-
## Repository Rules
|
|
82
|
-
|
|
83
|
-
- Extend `JpaRepository<Entity, ID>`
|
|
84
|
-
- Use **method name queries** for simple queries
|
|
85
|
-
- Use `\@Query` (JPQL) for complex queries — avoid native SQL unless necessary
|
|
86
|
-
- Never add business logic here
|
|
87
|
-
- Use `\@EntityGraph` to solve N+1 problems
|
|
88
|
-
|
|
89
|
-
---
|
|
90
|
-
|
|
91
|
-
## Entity Rules
|
|
92
|
-
|
|
93
|
-
- Use Lombok: `\@Getter`, `\@Setter`, `\@NoArgsConstructor`, `\@AllArgsConstructor`, `\@Builder`
|
|
94
|
-
- Avoid `\@Data` on entities (causes issues with `equals/hashCode` + lazy loading)
|
|
95
|
-
- Always use `\@Table(name = "snake_case_table_name")`
|
|
96
|
-
- Use `\@Column(name = "snake_case_column_name")` explicitly
|
|
97
|
-
- For soft delete: add `deleted` boolean + `deletedAt` timestamp
|
|
98
|
-
- Extend `BaseEntity` for audit fields (`createdAt`, `updatedAt`)
|
|
99
|
-
|
|
100
|
-
---
|
|
101
|
-
|
|
102
|
-
## DTO Rules
|
|
103
|
-
|
|
104
|
-
- Use separate DTOs for **Request** and **Response** — never share
|
|
105
|
-
- Use Lombok: `\@Getter`, `\@Builder`, `\@AllArgsConstructor`, `\@NoArgsConstructor`
|
|
106
|
-
- Validate in the Request DTO with Bean Validation (`\@NotBlank`, `\@Email`, `\@NotNull`, `\@Size`)
|
|
107
|
-
- Never expose internal fields (password hash, audit timestamps) in the Response DTO
|
|
108
|
-
|
|
109
|
-
---
|
|
110
|
-
|
|
111
|
-
## MapStruct Mapper Rules
|
|
112
|
-
|
|
113
|
-
- Use `\@Mapper(componentModel = "spring")` — inject as a Spring bean
|
|
114
|
-
- Define explicit mappings with `\@Mapping` when field names differ
|
|
115
|
-
- Never do manual mapping (`new DTO(); dto.setField(entity.getField())`)
|
|
116
|
-
|
|
117
|
-
---
|
|
118
|
-
|
|
119
|
-
## Exception Handling
|
|
120
|
-
|
|
121
|
-
- Create custom exceptions extending `RuntimeException`
|
|
122
|
-
- Handle all exceptions in one `\@RestControllerAdvice` class
|
|
123
|
-
- Return a consistent error response format
|
|
124
|
-
- Never expose stack traces to the client
|
|
125
|
-
|
|
126
|
-
---
|
|
127
|
-
|
|
128
|
-
## Testing Rules
|
|
129
|
-
|
|
130
|
-
### Unit Tests (Service layer)
|
|
131
|
-
- Test class: `[ServiceImpl]Test.java`
|
|
132
|
-
- Mock all dependencies with `\@ExtendWith(MockitoExtension.class)` + `\@Mock`
|
|
133
|
-
- Test happy path + edge cases + exception scenarios
|
|
134
|
-
- Use AssertJ: `assertThat(result).isEqualTo(expected)`
|
|
135
|
-
|
|
136
|
-
### Integration Tests (Controller layer)
|
|
137
|
-
- Use `\@SpringBootTest` + `\@AutoConfigureMockMvc`
|
|
138
|
-
- Test full HTTP flow with `MockMvc`
|
|
139
|
-
- Use `\@Sql` or Testcontainers for database state
|
|
140
|
-
|
|
141
|
-
---
|
|
142
|
-
|
|
143
|
-
## Naming Conventions
|
|
144
|
-
|
|
145
|
-
| Element | Convention | Example |
|
|
146
|
-
|---------|-----------|---------|
|
|
147
|
-
| Class | PascalCase | `UserService`, `OrderController` |
|
|
148
|
-
| Method | camelCase | `findById`, `createOrder` |
|
|
149
|
-
| Variable | camelCase | `userResponse`, `orderId` |
|
|
150
|
-
| Constant | UPPER_SNAKE_CASE | `MAX_RETRY_COUNT` |
|
|
151
|
-
| Package | lowercase | `com.company.project.service` |
|
|
152
|
-
| DB Table | snake_case | `user_orders`, `product_items` |
|
|
153
|
-
| DB Column | snake_case | `created_at`, `user_id` |
|
|
154
|
-
| REST endpoint | kebab-case | `/api/v1/user-profiles` |
|
|
155
|
-
| Request DTO | `[Action][Resource]Request` | `CreateOrderRequest` |
|
|
156
|
-
| Response DTO | `[Resource]Response` | `OrderResponse` |
|
|
157
|
-
|
|
158
|
-
---
|
|
159
|
-
|
|
160
|
-
## API Design
|
|
161
|
-
|
|
162
|
-
- Version all APIs: `/api/v1/...`
|
|
163
|
-
- Use plural nouns for resources: `/users`, `/orders`
|
|
164
|
-
- HTTP methods: `GET` (read), `POST` (create), `PUT` (full update), `PATCH` (partial), `DELETE`
|
|
165
|
-
- Return `201 Created` for POST, `200 OK` for GET/PUT/PATCH, `204 No Content` for DELETE
|
|
166
|
-
- Use consistent pagination: `?page=0&size=20&sort=createdAt,desc`
|
|
167
|
-
|
|
168
|
-
```
|
|
169
|
-
GET /api/v1/users → 200 list
|
|
170
|
-
POST /api/v1/users → 201 created
|
|
171
|
-
GET /api/v1/users/{id} → 200 or 404
|
|
172
|
-
PUT /api/v1/users/{id} → 200 or 404
|
|
173
|
-
DELETE /api/v1/users/{id} → 204 or 404
|
|
174
|
-
GET /api/v1/users/{id}/orders → 200 nested resource
|
|
175
|
-
```
|
|
176
|
-
|
|
177
|
-
---
|
|
178
|
-
|
|
179
|
-
## Performance Rules
|
|
180
|
-
|
|
181
|
-
- Always use pagination — never return unbounded lists
|
|
182
|
-
- Avoid N+1: use `\@EntityGraph` or `JOIN FETCH` in JPQL
|
|
183
|
-
- Add database indexes on frequently queried columns
|
|
184
|
-
- Use `\@Transactional(readOnly = true)` on read-only service methods
|
|
185
|
-
- For heavy read operations, consider projection interfaces
|
|
186
|
-
|
|
187
|
-
---
|
|
188
|
-
|
|
189
|
-
## Security Rules
|
|
190
|
-
|
|
191
|
-
- Never log passwords, tokens, or sensitive PII
|
|
192
|
-
- Hash passwords with BCrypt: `passwordEncoder.encode(rawPassword)`
|
|
193
|
-
- Validate and sanitize all user inputs via Bean Validation
|
|
194
|
-
- Use `\@PreAuthorize` for method-level security
|
|
195
|
-
- Never return stack traces to API consumers
|
|
196
|
-
- Store secrets in environment variables / Vault — never in code
|
|
197
|
-
|
|
198
|
-
---
|
|
199
|
-
|
|
200
|
-
## Logging Rules
|
|
201
|
-
|
|
202
|
-
- Use SLF4J with Lombok `\@Slf4j`
|
|
203
|
-
- `log.info` — normal business events
|
|
204
|
-
- `log.warn` — recoverable issues (not found, validation fail)
|
|
205
|
-
- `log.error` — unexpected exceptions (always include `ex` as the second argument)
|
|
206
|
-
- Never log sensitive data (password, credit card, token)
|
|
207
|
-
|
|
208
|
-
---
|
|
209
|
-
|
|
210
|
-
## Common Anti-Patterns to Avoid
|
|
211
|
-
|
|
212
|
-
- ❌ `\@Autowired` field injection → use constructor injection (Lombok `\@RequiredArgsConstructor`)
|
|
213
|
-
- ❌ `\@Data` on JPA entities → use `\@Getter \@Setter` separately
|
|
214
|
-
- ❌ Returning `Entity` directly from Controller → always use DTO
|
|
215
|
-
- ❌ `SELECT *` or unbounded `findAll()` → always paginate
|
|
216
|
-
- ❌ Business logic in Controller → move to Service
|
|
217
|
-
- ❌ Catching and swallowing exceptions → handle properly or rethrow
|
|
218
|
-
- ❌ `new RuntimeException("something")` → create a specific custom exception
|
|
219
|
-
- ❌ Hardcoding config values → use `\@Value` or `\@ConfigurationProperties`
|
|
220
|
-
- ❌ `\@Transactional` on Controller → only on Service methods
|
|
221
|
-
|
|
222
|
-
---
|
|
223
|
-
|
|
224
|
-
When explaining changes, refer to the [Spring Boot Official Documentation](https://docs.spring.io/spring-boot/docs/current/reference/html/) and [Spring Data JPA](https://docs.spring.io/spring-data/jpa/docs/current/reference/html/) conventions.
|
|
1
|
+
# Spring Boot AI System Prompt
|
|
2
|
+
|
|
3
|
+
You are an expert Java Spring Boot developer. Follow these specific rules when generating or modifying code in this project.
|
|
4
|
+
|
|
5
|
+
> **Code examples:** See `.rules/java/spring-boot-examples.md` — read it when generating code for a specific layer.
|
|
6
|
+
|
|
7
|
+
---
|
|
8
|
+
|
|
9
|
+
## Project Stack
|
|
10
|
+
|
|
11
|
+
- **Java:** 17+
|
|
12
|
+
- **Spring Boot:** 3.x
|
|
13
|
+
- **Build Tool:** Maven (prefer) or Gradle
|
|
14
|
+
- **ORM:** Spring Data JPA + Hibernate
|
|
15
|
+
- **Database:** MySQL / PostgreSQL
|
|
16
|
+
- **Testing:** JUnit 5 + Mockito + AssertJ
|
|
17
|
+
- **Utilities:** Lombok, MapStruct
|
|
18
|
+
- **API Style:** RESTful JSON
|
|
19
|
+
|
|
20
|
+
---
|
|
21
|
+
|
|
22
|
+
## Architecture
|
|
23
|
+
|
|
24
|
+
Follow strict **Layered Architecture**:
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
Controller (HTTP layer)
|
|
28
|
+
↓
|
|
29
|
+
Service (Business logic)
|
|
30
|
+
↓
|
|
31
|
+
Repository (Data access - Spring Data JPA)
|
|
32
|
+
↓
|
|
33
|
+
Entity / Domain Model
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
### Package Structure
|
|
37
|
+
|
|
38
|
+
```
|
|
39
|
+
com.company.project/
|
|
40
|
+
├── controller/ # \@RestController — HTTP endpoints only
|
|
41
|
+
├── service/
|
|
42
|
+
│ ├── impl/ # \@Service — business logic implementation
|
|
43
|
+
│ └── [Interface].java
|
|
44
|
+
├── repository/ # \@Repository — extends JpaRepository
|
|
45
|
+
├── entity/ # \@Entity — JPA entities
|
|
46
|
+
├── dto/
|
|
47
|
+
│ ├── request/ # Input DTOs (e.g. CreateUserRequest)
|
|
48
|
+
│ └── response/ # Output DTOs (e.g. UserResponse)
|
|
49
|
+
├── mapper/ # MapStruct mappers (Entity ↔ DTO)
|
|
50
|
+
├── exception/
|
|
51
|
+
│ ├── GlobalExceptionHandler.java # \@RestControllerAdvice
|
|
52
|
+
│ └── [CustomException].java
|
|
53
|
+
├── config/ # \@Configuration classes
|
|
54
|
+
└── util/ # Pure utility helpers (stateless)
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
---
|
|
58
|
+
|
|
59
|
+
## Controller Rules
|
|
60
|
+
|
|
61
|
+
- Annotate with `\@RestController` + `\@RequestMapping`
|
|
62
|
+
- **Only** handle HTTP concerns: parse request, call service, return response
|
|
63
|
+
- Never put business logic in Controller
|
|
64
|
+
- Always use DTOs — never expose Entity directly
|
|
65
|
+
- Use `ResponseEntity<T>` for explicit HTTP status control
|
|
66
|
+
- Validate input with `\@Valid` + Bean Validation annotations
|
|
67
|
+
|
|
68
|
+
---
|
|
69
|
+
|
|
70
|
+
## Service Rules
|
|
71
|
+
|
|
72
|
+
- Always define an **interface**, implement in the `impl/` package
|
|
73
|
+
- Annotate implementation with `\@Service`
|
|
74
|
+
- All business logic lives here
|
|
75
|
+
- Use `\@Transactional` at the method level (not class level)
|
|
76
|
+
- Throw specific custom exceptions, not generic `RuntimeException`
|
|
77
|
+
- Never return an Entity — always convert to DTO via Mapper
|
|
78
|
+
|
|
79
|
+
---
|
|
80
|
+
|
|
81
|
+
## Repository Rules
|
|
82
|
+
|
|
83
|
+
- Extend `JpaRepository<Entity, ID>`
|
|
84
|
+
- Use **method name queries** for simple queries
|
|
85
|
+
- Use `\@Query` (JPQL) for complex queries — avoid native SQL unless necessary
|
|
86
|
+
- Never add business logic here
|
|
87
|
+
- Use `\@EntityGraph` to solve N+1 problems
|
|
88
|
+
|
|
89
|
+
---
|
|
90
|
+
|
|
91
|
+
## Entity Rules
|
|
92
|
+
|
|
93
|
+
- Use Lombok: `\@Getter`, `\@Setter`, `\@NoArgsConstructor`, `\@AllArgsConstructor`, `\@Builder`
|
|
94
|
+
- Avoid `\@Data` on entities (causes issues with `equals/hashCode` + lazy loading)
|
|
95
|
+
- Always use `\@Table(name = "snake_case_table_name")`
|
|
96
|
+
- Use `\@Column(name = "snake_case_column_name")` explicitly
|
|
97
|
+
- For soft delete: add `deleted` boolean + `deletedAt` timestamp
|
|
98
|
+
- Extend `BaseEntity` for audit fields (`createdAt`, `updatedAt`)
|
|
99
|
+
|
|
100
|
+
---
|
|
101
|
+
|
|
102
|
+
## DTO Rules
|
|
103
|
+
|
|
104
|
+
- Use separate DTOs for **Request** and **Response** — never share
|
|
105
|
+
- Use Lombok: `\@Getter`, `\@Builder`, `\@AllArgsConstructor`, `\@NoArgsConstructor`
|
|
106
|
+
- Validate in the Request DTO with Bean Validation (`\@NotBlank`, `\@Email`, `\@NotNull`, `\@Size`)
|
|
107
|
+
- Never expose internal fields (password hash, audit timestamps) in the Response DTO
|
|
108
|
+
|
|
109
|
+
---
|
|
110
|
+
|
|
111
|
+
## MapStruct Mapper Rules
|
|
112
|
+
|
|
113
|
+
- Use `\@Mapper(componentModel = "spring")` — inject as a Spring bean
|
|
114
|
+
- Define explicit mappings with `\@Mapping` when field names differ
|
|
115
|
+
- Never do manual mapping (`new DTO(); dto.setField(entity.getField())`)
|
|
116
|
+
|
|
117
|
+
---
|
|
118
|
+
|
|
119
|
+
## Exception Handling
|
|
120
|
+
|
|
121
|
+
- Create custom exceptions extending `RuntimeException`
|
|
122
|
+
- Handle all exceptions in one `\@RestControllerAdvice` class
|
|
123
|
+
- Return a consistent error response format
|
|
124
|
+
- Never expose stack traces to the client
|
|
125
|
+
|
|
126
|
+
---
|
|
127
|
+
|
|
128
|
+
## Testing Rules
|
|
129
|
+
|
|
130
|
+
### Unit Tests (Service layer)
|
|
131
|
+
- Test class: `[ServiceImpl]Test.java`
|
|
132
|
+
- Mock all dependencies with `\@ExtendWith(MockitoExtension.class)` + `\@Mock`
|
|
133
|
+
- Test happy path + edge cases + exception scenarios
|
|
134
|
+
- Use AssertJ: `assertThat(result).isEqualTo(expected)`
|
|
135
|
+
|
|
136
|
+
### Integration Tests (Controller layer)
|
|
137
|
+
- Use `\@SpringBootTest` + `\@AutoConfigureMockMvc`
|
|
138
|
+
- Test full HTTP flow with `MockMvc`
|
|
139
|
+
- Use `\@Sql` or Testcontainers for database state
|
|
140
|
+
|
|
141
|
+
---
|
|
142
|
+
|
|
143
|
+
## Naming Conventions
|
|
144
|
+
|
|
145
|
+
| Element | Convention | Example |
|
|
146
|
+
|---------|-----------|---------|
|
|
147
|
+
| Class | PascalCase | `UserService`, `OrderController` |
|
|
148
|
+
| Method | camelCase | `findById`, `createOrder` |
|
|
149
|
+
| Variable | camelCase | `userResponse`, `orderId` |
|
|
150
|
+
| Constant | UPPER_SNAKE_CASE | `MAX_RETRY_COUNT` |
|
|
151
|
+
| Package | lowercase | `com.company.project.service` |
|
|
152
|
+
| DB Table | snake_case | `user_orders`, `product_items` |
|
|
153
|
+
| DB Column | snake_case | `created_at`, `user_id` |
|
|
154
|
+
| REST endpoint | kebab-case | `/api/v1/user-profiles` |
|
|
155
|
+
| Request DTO | `[Action][Resource]Request` | `CreateOrderRequest` |
|
|
156
|
+
| Response DTO | `[Resource]Response` | `OrderResponse` |
|
|
157
|
+
|
|
158
|
+
---
|
|
159
|
+
|
|
160
|
+
## API Design
|
|
161
|
+
|
|
162
|
+
- Version all APIs: `/api/v1/...`
|
|
163
|
+
- Use plural nouns for resources: `/users`, `/orders`
|
|
164
|
+
- HTTP methods: `GET` (read), `POST` (create), `PUT` (full update), `PATCH` (partial), `DELETE`
|
|
165
|
+
- Return `201 Created` for POST, `200 OK` for GET/PUT/PATCH, `204 No Content` for DELETE
|
|
166
|
+
- Use consistent pagination: `?page=0&size=20&sort=createdAt,desc`
|
|
167
|
+
|
|
168
|
+
```
|
|
169
|
+
GET /api/v1/users → 200 list
|
|
170
|
+
POST /api/v1/users → 201 created
|
|
171
|
+
GET /api/v1/users/{id} → 200 or 404
|
|
172
|
+
PUT /api/v1/users/{id} → 200 or 404
|
|
173
|
+
DELETE /api/v1/users/{id} → 204 or 404
|
|
174
|
+
GET /api/v1/users/{id}/orders → 200 nested resource
|
|
175
|
+
```
|
|
176
|
+
|
|
177
|
+
---
|
|
178
|
+
|
|
179
|
+
## Performance Rules
|
|
180
|
+
|
|
181
|
+
- Always use pagination — never return unbounded lists
|
|
182
|
+
- Avoid N+1: use `\@EntityGraph` or `JOIN FETCH` in JPQL
|
|
183
|
+
- Add database indexes on frequently queried columns
|
|
184
|
+
- Use `\@Transactional(readOnly = true)` on read-only service methods
|
|
185
|
+
- For heavy read operations, consider projection interfaces
|
|
186
|
+
|
|
187
|
+
---
|
|
188
|
+
|
|
189
|
+
## Security Rules
|
|
190
|
+
|
|
191
|
+
- Never log passwords, tokens, or sensitive PII
|
|
192
|
+
- Hash passwords with BCrypt: `passwordEncoder.encode(rawPassword)`
|
|
193
|
+
- Validate and sanitize all user inputs via Bean Validation
|
|
194
|
+
- Use `\@PreAuthorize` for method-level security
|
|
195
|
+
- Never return stack traces to API consumers
|
|
196
|
+
- Store secrets in environment variables / Vault — never in code
|
|
197
|
+
|
|
198
|
+
---
|
|
199
|
+
|
|
200
|
+
## Logging Rules
|
|
201
|
+
|
|
202
|
+
- Use SLF4J with Lombok `\@Slf4j`
|
|
203
|
+
- `log.info` — normal business events
|
|
204
|
+
- `log.warn` — recoverable issues (not found, validation fail)
|
|
205
|
+
- `log.error` — unexpected exceptions (always include `ex` as the second argument)
|
|
206
|
+
- Never log sensitive data (password, credit card, token)
|
|
207
|
+
|
|
208
|
+
---
|
|
209
|
+
|
|
210
|
+
## Common Anti-Patterns to Avoid
|
|
211
|
+
|
|
212
|
+
- ❌ `\@Autowired` field injection → use constructor injection (Lombok `\@RequiredArgsConstructor`)
|
|
213
|
+
- ❌ `\@Data` on JPA entities → use `\@Getter \@Setter` separately
|
|
214
|
+
- ❌ Returning `Entity` directly from Controller → always use DTO
|
|
215
|
+
- ❌ `SELECT *` or unbounded `findAll()` → always paginate
|
|
216
|
+
- ❌ Business logic in Controller → move to Service
|
|
217
|
+
- ❌ Catching and swallowing exceptions → handle properly or rethrow
|
|
218
|
+
- ❌ `new RuntimeException("something")` → create a specific custom exception
|
|
219
|
+
- ❌ Hardcoding config values → use `\@Value` or `\@ConfigurationProperties`
|
|
220
|
+
- ❌ `\@Transactional` on Controller → only on Service methods
|
|
221
|
+
|
|
222
|
+
---
|
|
223
|
+
|
|
224
|
+
When explaining changes, refer to the [Spring Boot Official Documentation](https://docs.spring.io/spring-boot/docs/current/reference/html/) and [Spring Data JPA](https://docs.spring.io/spring-data/jpa/docs/current/reference/html/) conventions.
|
package/docs/common/AIFLOW.md
CHANGED
|
@@ -28,7 +28,7 @@ PM writes ticket on Backlog/Jira
|
|
|
28
28
|
▼
|
|
29
29
|
⛩️ GATE 3 — Code Generation (TDD) [AI]
|
|
30
30
|
AI writes tests first → implement → tests pass
|
|
31
|
-
|
|
31
|
+
Verify implementation works
|
|
32
32
|
│ Code done
|
|
33
33
|
▼
|
|
34
34
|
⛩️ GATE 4 — AI Self-Review [AI + DEV]
|
|
@@ -65,6 +65,7 @@ AI Flow Kit allows you to manage multiple tasks in the same repository without l
|
|
|
65
65
|
- **`aiflow task pause`**: Save current context and gate progress to `.aiflow/tasks/<taskId>/`.
|
|
66
66
|
- **`aiflow task switch <id>`**: Pause current task and switch to another.
|
|
67
67
|
- **`aiflow task resume <id>`**: Restore context and gate state. AI auto-resumes from the correct gate.
|
|
68
|
+
- **`aiflow task next`**: Approve the current gate, clear context, and prepare the task for a fresh session (saves tokens).
|
|
68
69
|
|
|
69
70
|
---
|
|
70
71
|
|
|
@@ -182,7 +183,7 @@ Summary:
|
|
|
182
183
|
1. Read the approved requirement document
|
|
183
184
|
2. **Invoke** `superpowers:writing-plans` → create detailed implementation plan
|
|
184
185
|
3. Break down into TDD tasks: test first → implement → verify
|
|
185
|
-
4. Define
|
|
186
|
+
4. Define verification strategy (evidence before claims)
|
|
186
187
|
5. Present plan and wait for APPROVED
|
|
187
188
|
|
|
188
189
|
**Implementation Plan Structure:**
|
|
@@ -193,7 +194,6 @@ Summary:
|
|
|
193
194
|
│ ├── Task 2: Implement [component]
|
|
194
195
|
│ ├── Task 3: Write test for [next scenario]
|
|
195
196
|
│ └── ...
|
|
196
|
-
├── Commit Strategy
|
|
197
197
|
└── Test Commands
|
|
198
198
|
```
|
|
199
199
|
|
|
@@ -202,7 +202,7 @@ Summary:
|
|
|
202
202
|
```
|
|
203
203
|
⏸️ GATE 2: IMPLEMENTATION PLAN READY
|
|
204
204
|
|
|
205
|
-
Tasks: [N] |
|
|
205
|
+
Tasks: [N] | Verification: [N] | Test-first tasks: [N]
|
|
206
206
|
|
|
207
207
|
→ Type APPROVED to start coding
|
|
208
208
|
→ Or provide feedback to adjust
|
|
@@ -227,7 +227,7 @@ Tasks: [N] | Commits: [N] | Test-first tasks: [N]
|
|
|
227
227
|
2. `superpowers:test-driven-development` — write tests FIRST
|
|
228
228
|
3. Run tests → confirm FAIL
|
|
229
229
|
4. Implement code → tests PASS
|
|
230
|
-
5.
|
|
230
|
+
5. Verify implementation works
|
|
231
231
|
|
|
232
232
|
#### Bug fix task (extra):
|
|
233
233
|
1. `superpowers:systematic-debugging` — trace root cause, NO guessing
|
|
@@ -238,10 +238,16 @@ Tasks: [N] | Commits: [N] | Test-first tasks: [N]
|
|
|
238
238
|
1. Ensure tests cover current behavior
|
|
239
239
|
2. Refactor in small steps — keep tests green continuously
|
|
240
240
|
|
|
241
|
+
**Fast Mode (tdd-lean):**
|
|
242
|
+
In fast mode, AI uses the `tdd-lean` skill instead of per-test TDD to save massive token costs:
|
|
243
|
+
1. **Batch Red:** Write ALL tests at once. Run once. (Confirm all fail).
|
|
244
|
+
2. **Batch Green:** Implement ALL code at once. Run once. (Confirm all pass).
|
|
245
|
+
3. **Discipline:** After every run, discard full stack traces and keep ONLY the summary line.
|
|
246
|
+
|
|
241
247
|
**Gate 3 Output:**
|
|
242
248
|
- Code implementation finished
|
|
243
249
|
- All tests PASS
|
|
244
|
-
-
|
|
250
|
+
- Verified (evidence provided)
|
|
245
251
|
|
|
246
252
|
---
|
|
247
253
|
|