@stackguide/mcp-server 1.0.0

package/data/rules/python-django/coding-standards/django-standards.md

@@ -0,0 +1,104 @@
+# Django Coding Standards
+
+Follow these coding standards when developing Django applications.
+
+## Project Structure
+
+```
+project/
+├── config/                 # Project settings
+│   ├── settings/
+│   │   ├── base.py
+│   │   ├── development.py
+│   │   └── production.py
+│   ├── urls.py
+│   └── wsgi.py
+├── apps/                   # Django applications
+│   └── app_name/
+│       ├── models.py
+│       ├── views.py
+│       ├── serializers.py
+│       ├── urls.py
+│       └── tests/
+├── templates/
+├── static/
+└── manage.py
+```
+
+## Naming Conventions
+
+- **Models**: Use singular, PascalCase (e.g., `User`, `BlogPost`)
+- **Views**: Suffix with purpose (e.g., `UserListView`, `create_user`)
+- **URLs**: Use lowercase, hyphens (e.g., `/user-profile/`)
+- **Templates**: Use lowercase, underscores (e.g., `user_detail.html`)
+
+## Model Best Practices
+
+```python
+from django.db import models
+from django.utils.translation import gettext_lazy as _
+
+class BaseModel(models.Model):
+    """Abstract base model with common fields."""
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+    
+    class Meta:
+        abstract = True
+
+class Article(BaseModel):
+    title = models.CharField(_("title"), max_length=200)
+    slug = models.SlugField(_("slug"), unique=True)
+    content = models.TextField(_("content"))
+    author = models.ForeignKey(
+        "users.User",
+        on_delete=models.CASCADE,
+        related_name="articles",
+        verbose_name=_("author")
+    )
+    
+    class Meta:
+        verbose_name = _("article")
+        verbose_name_plural = _("articles")
+        ordering = ["-created_at"]
+    
+    def __str__(self):
+        return self.title
+```
+
+## View Patterns
+
+Prefer class-based views for complex logic:
+
+```python
+from django.views.generic import ListView, DetailView
+from django.contrib.auth.mixins import LoginRequiredMixin
+
+class ArticleListView(LoginRequiredMixin, ListView):
+    model = Article
+    template_name = "articles/list.html"
+    context_object_name = "articles"
+    paginate_by = 10
+    
+    def get_queryset(self):
+        return super().get_queryset().select_related("author")
+```
+
+## Import Order
+
+1. Standard library imports
+2. Django imports
+3. Third-party imports
+4. Local application imports
+
+```python
+import json
+from datetime import datetime
+
+from django.db import models
+from django.utils import timezone
+
+from rest_framework import serializers
+
+from .models import Article
+```

package/data/rules/python-django/security/security-guidelines.md

@@ -0,0 +1,146 @@
+# Django Security Guidelines
+
+Critical security practices for Django applications.
+
+## CRITICAL: Security Checklist
+
+- [ ] SECRET_KEY is kept secret and rotated
+- [ ] DEBUG is False in production
+- [ ] ALLOWED_HOSTS is properly configured
+- [ ] HTTPS is enforced
+- [ ] CSRF protection is enabled
+- [ ] SQL injection is prevented (use ORM)
+- [ ] XSS protection is enabled
+
+## Settings for Production
+
+```python
+# config/settings/production.py
+
+DEBUG = False
+ALLOWED_HOSTS = ["yourdomain.com", "www.yourdomain.com"]
+
+# Security settings
+SECURE_BROWSER_XSS_FILTER = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+X_FRAME_OPTIONS = "DENY"
+
+# HTTPS settings
+SECURE_SSL_REDIRECT = True
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SECURE_HSTS_SECONDS = 31536000
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+
+# Cookie settings
+SESSION_COOKIE_HTTPONLY = True
+CSRF_COOKIE_HTTPONLY = True
+```
+
+## Authentication Security
+
+```python
+# Strong password validation
+AUTH_PASSWORD_VALIDATORS = [
+    {"NAME": "django.contrib.auth.password_validation.UserAttributeSimilarityValidator"},
+    {"NAME": "django.contrib.auth.password_validation.MinimumLengthValidator", 
+     "OPTIONS": {"min_length": 12}},
+    {"NAME": "django.contrib.auth.password_validation.CommonPasswordValidator"},
+    {"NAME": "django.contrib.auth.password_validation.NumericPasswordValidator"},
+]
+
+# Rate limiting login attempts
+AXES_FAILURE_LIMIT = 5
+AXES_COOLOFF_TIME = timedelta(minutes=15)
+```
+
+## SQL Injection Prevention
+
+```python
+# ALWAYS use ORM or parameterized queries
+
+# DANGEROUS - Never do this!
+query = f"SELECT * FROM articles WHERE id = {user_input}"
+
+# SAFE - Use ORM
+Article.objects.filter(id=user_input)
+
+# SAFE - Parameterized raw query if needed
+Article.objects.raw("SELECT * FROM articles WHERE id = %s", [user_input])
+```
+
+## XSS Prevention
+
+```html
+<!-- Django auto-escapes by default -->
+{{ user_input }}
+
+<!-- Be careful with safe filter -->
+{{ user_input|safe }}  <!-- Only use with trusted content -->
+
+<!-- Use bleach for user HTML -->
+{{ user_input|bleach }}
+```
+
+## CSRF Protection
+
+```html
+<!-- Always include in forms -->
+<form method="post">
+    {% csrf_token %}
+    ...
+</form>
+```
+
+```python
+# For AJAX requests
+from django.views.decorators.csrf import ensure_csrf_cookie
+
+@ensure_csrf_cookie
+def get_csrf_token(request):
+    return JsonResponse({"status": "ok"})
+```
+
+## File Upload Security
+
+```python
+import os
+from django.core.exceptions import ValidationError
+
+def validate_file_extension(value):
+    ext = os.path.splitext(value.name)[1].lower()
+    valid_extensions = [".pdf", ".doc", ".docx"]
+    if ext not in valid_extensions:
+        raise ValidationError("Unsupported file extension.")
+
+def validate_file_size(value):
+    limit = 5 * 1024 * 1024  # 5MB
+    if value.size > limit:
+        raise ValidationError("File too large.")
+
+class Document(models.Model):
+    file = models.FileField(
+        upload_to="documents/",
+        validators=[validate_file_extension, validate_file_size]
+    )
+```
+
+## Sensitive Data
+
+```python
+# Never log sensitive data
+import logging
+logger = logging.getLogger(__name__)
+
+# BAD
+logger.info(f"User {user.email} logged in with password {password}")
+
+# GOOD
+logger.info(f"User {user.id} logged in successfully")
+
+# Use Django's signing for tokens
+from django.core.signing import Signer
+signer = Signer()
+signed_value = signer.sign("my-data")
+```

package/data/rules/react-node/best-practices/react-best-practices.md

@@ -0,0 +1,195 @@
+# React Best Practices
+
+Essential best practices for building robust React applications.
+
+## State Management
+
+### Local State First
+
+```tsx
+// Start with local state
+const [count, setCount] = useState(0);
+
+// Lift state only when necessary
+// Move to context/store when multiple components need it
+```
+
+### Derived State
+
+```tsx
+// Bad - Storing derived state
+const [items, setItems] = useState([]);
+const [filteredItems, setFilteredItems] = useState([]);
+
+useEffect(() => {
+  setFilteredItems(items.filter(i => i.active));
+}, [items]);
+
+// Good - Compute during render
+const [items, setItems] = useState([]);
+const filteredItems = useMemo(
+  () => items.filter(i => i.active),
+  [items]
+);
+```
+
+## Performance Optimization
+
+### Memoization
+
+```tsx
+import { memo, useMemo, useCallback } from 'react';
+
+// Memoize expensive calculations
+const sortedItems = useMemo(() => {
+  return [...items].sort((a, b) => a.name.localeCompare(b.name));
+}, [items]);
+
+// Memoize callbacks passed to children
+const handleClick = useCallback((id: string) => {
+  setSelected(id);
+}, []);
+
+// Memoize components that receive object/array props
+export const UserList = memo(function UserList({ users }: Props) {
+  return users.map(user => <UserCard key={user.id} user={user} />);
+});
+```
+
+### Code Splitting
+
+```tsx
+import { lazy, Suspense } from 'react';
+
+// Lazy load heavy components
+const Dashboard = lazy(() => import('./pages/Dashboard'));
+const Analytics = lazy(() => import('./pages/Analytics'));
+
+function App() {
+  return (
+    <Suspense fallback={<LoadingSpinner />}>
+      <Routes>
+        <Route path="/dashboard" element={<Dashboard />} />
+        <Route path="/analytics" element={<Analytics />} />
+      </Routes>
+    </Suspense>
+  );
+}
+```
+
+## Error Handling
+
+### Error Boundaries
+
+```tsx
+import { Component, ErrorInfo, ReactNode } from 'react';
+
+interface Props {
+  children: ReactNode;
+  fallback?: ReactNode;
+}
+
+interface State {
+  hasError: boolean;
+  error?: Error;
+}
+
+export class ErrorBoundary extends Component<Props, State> {
+  state: State = { hasError: false };
+
+  static getDerivedStateFromError(error: Error): State {
+    return { hasError: true, error };
+  }
+
+  componentDidCatch(error: Error, errorInfo: ErrorInfo) {
+    console.error('Error caught:', error, errorInfo);
+    // Log to error tracking service
+  }
+
+  render() {
+    if (this.state.hasError) {
+      return this.props.fallback || <ErrorFallback error={this.state.error} />;
+    }
+    return this.props.children;
+  }
+}
+```
+
+## Custom Hooks
+
+### Reusable Logic
+
+```tsx
+// hooks/useLocalStorage.ts
+function useLocalStorage<T>(key: string, initialValue: T) {
+  const [storedValue, setStoredValue] = useState<T>(() => {
+    try {
+      const item = window.localStorage.getItem(key);
+      return item ? JSON.parse(item) : initialValue;
+    } catch {
+      return initialValue;
+    }
+  });
+
+  const setValue = useCallback((value: T | ((val: T) => T)) => {
+    try {
+      const valueToStore = value instanceof Function ? value(storedValue) : value;
+      setStoredValue(valueToStore);
+      window.localStorage.setItem(key, JSON.stringify(valueToStore));
+    } catch (error) {
+      console.error('Error saving to localStorage:', error);
+    }
+  }, [key, storedValue]);
+
+  return [storedValue, setValue] as const;
+}
+```
+
+## API Integration
+
+### React Query Pattern
+
+```tsx
+import { useQuery, useMutation, useQueryClient } from '@tanstack/react-query';
+
+// Fetch data
+function useUsers() {
+  return useQuery({
+    queryKey: ['users'],
+    queryFn: () => api.getUsers(),
+    staleTime: 5 * 60 * 1000, // 5 minutes
+  });
+}
+
+// Mutate data
+function useCreateUser() {
+  const queryClient = useQueryClient();
+  
+  return useMutation({
+    mutationFn: (data: CreateUserDTO) => api.createUser(data),
+    onSuccess: () => {
+      queryClient.invalidateQueries({ queryKey: ['users'] });
+    },
+  });
+}
+```
+
+## Testing Patterns
+
+```tsx
+import { render, screen, fireEvent } from '@testing-library/react';
+import userEvent from '@testing-library/user-event';
+
+describe('UserCard', () => {
+  it('calls onSelect when clicked', async () => {
+    const onSelect = jest.fn();
+    const user = { id: '1', name: 'John' };
+    
+    render(<UserCard user={user} onSelect={onSelect} />);
+    
+    await userEvent.click(screen.getByRole('button'));
+    
+    expect(onSelect).toHaveBeenCalledWith('1');
+  });
+});
+```

package/data/rules/react-node/coding-standards/node-standards.md

@@ -0,0 +1,192 @@
+# Node.js Coding Standards
+
+Follow these coding standards when developing Node.js applications.
+
+## Project Structure
+
+```
+src/
+├── config/              # Configuration files
+│   ├── index.ts
+│   └── database.ts
+├── controllers/         # Request handlers
+├── services/            # Business logic
+├── repositories/        # Data access layer
+├── models/              # Data models/entities
+├── middlewares/         # Express middlewares
+├── routes/              # Route definitions
+├── utils/               # Utility functions
+├── types/               # TypeScript types
+├── validators/          # Request validation
+└── app.ts              # Application entry
+```
+
+## Naming Conventions
+
+- **Files**: camelCase or kebab-case (e.g., `userService.ts` or `user-service.ts`)
+- **Classes**: PascalCase (e.g., `UserService`)
+- **Functions/Variables**: camelCase (e.g., `getUserById`)
+- **Constants**: SCREAMING_SNAKE_CASE (e.g., `MAX_RETRIES`)
+- **Interfaces**: PascalCase (e.g., `IUserRepository`)
+
+## Error Handling
+
+### Custom Error Classes
+
+```typescript
+// errors/AppError.ts
+export class AppError extends Error {
+  constructor(
+    public message: string,
+    public statusCode: number = 500,
+    public code?: string,
+    public isOperational: boolean = true
+  ) {
+    super(message);
+    Error.captureStackTrace(this, this.constructor);
+  }
+}
+
+export class NotFoundError extends AppError {
+  constructor(resource: string = 'Resource') {
+    super(`${resource} not found`, 404, 'NOT_FOUND');
+  }
+}
+
+export class ValidationError extends AppError {
+  constructor(message: string, public errors?: Record<string, string>) {
+    super(message, 400, 'VALIDATION_ERROR');
+  }
+}
+```
+
+### Error Middleware
+
+```typescript
+// middlewares/errorHandler.ts
+import { Request, Response, NextFunction } from 'express';
+import { AppError } from '../errors/AppError';
+
+export const errorHandler = (
+  err: Error,
+  req: Request,
+  res: Response,
+  next: NextFunction
+) => {
+  if (err instanceof AppError) {
+    return res.status(err.statusCode).json({
+      status: 'error',
+      code: err.code,
+      message: err.message,
+      ...(err.errors && { errors: err.errors })
+    });
+  }
+
+  // Log unexpected errors
+  console.error('Unexpected error:', err);
+  
+  res.status(500).json({
+    status: 'error',
+    code: 'INTERNAL_ERROR',
+    message: 'An unexpected error occurred'
+  });
+};
+```
+
+## Async Handling
+
+### Async Wrapper
+
+```typescript
+// utils/asyncHandler.ts
+import { Request, Response, NextFunction, RequestHandler } from 'express';
+
+export const asyncHandler = (fn: RequestHandler): RequestHandler => {
+  return (req: Request, res: Response, next: NextFunction) => {
+    Promise.resolve(fn(req, res, next)).catch(next);
+  };
+};
+
+// Usage
+router.get('/users/:id', asyncHandler(async (req, res) => {
+  const user = await userService.getById(req.params.id);
+  res.json(user);
+}));
+```
+
+## Configuration
+
+### Environment Variables
+
+```typescript
+// config/index.ts
+import dotenv from 'dotenv';
+import { z } from 'zod';
+
+dotenv.config();
+
+const envSchema = z.object({
+  NODE_ENV: z.enum(['development', 'production', 'test']).default('development'),
+  PORT: z.string().transform(Number).default('3000'),
+  DATABASE_URL: z.string(),
+  JWT_SECRET: z.string().min(32),
+  JWT_EXPIRES_IN: z.string().default('7d'),
+});
+
+const parsed = envSchema.safeParse(process.env);
+
+if (!parsed.success) {
+  console.error('❌ Invalid environment variables:', parsed.error.format());
+  process.exit(1);
+}
+
+export const config = parsed.data;
+```
+
+## Logging
+
+### Structured Logging
+
+```typescript
+// utils/logger.ts
+import pino from 'pino';
+
+export const logger = pino({
+  level: process.env.LOG_LEVEL || 'info',
+  transport: process.env.NODE_ENV === 'development' 
+    ? { target: 'pino-pretty' } 
+    : undefined,
+  base: {
+    pid: process.pid,
+    env: process.env.NODE_ENV,
+  },
+});
+
+// Usage
+logger.info({ userId: user.id }, 'User logged in');
+logger.error({ err, requestId }, 'Failed to process request');
+```
+
+## Import Order
+
+1. Node.js built-in modules
+2. External dependencies
+3. Internal modules
+4. Relative imports
+5. Types (if separate)
+
+```typescript
+import { readFile } from 'fs/promises';
+import path from 'path';
+
+import express from 'express';
+import { z } from 'zod';
+
+import { config } from '@/config';
+import { logger } from '@/utils/logger';
+
+import { UserService } from './userService';
+import { validateUser } from './validators';
+
+import type { User, CreateUserDTO } from './types';
+```