@tenantegroup/ai-rules-mcp 1.0.0 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +42 -0
- package/README.md +142 -29
- package/package.json +3 -2
- package/rules/cloudflare/security.md +118 -0
- package/rules/nuxt/code-quality.md +16 -18
- package/rules/nuxt/configuration.md +3 -2
- package/src/index.js +1 -1
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to the `@tenantegroup/ai-rules-mcp` project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
|
+
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
|
+
|
|
8
|
+
---
|
|
9
|
+
|
|
10
|
+
## [1.2.0] - 2026-07-02
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
- **TypeScript Clean Code Manual**: Created [03 - TypeScript Clean Code Standards.md](vault/00%20-%20Core%20Standards/03%20-%20TypeScript%20Clean%20Code%20Standards.md) in the vault's core standards.
|
|
14
|
+
- **MCP Code Quality Updates**: Integrated Clean Code principles (variables, naming, functions, immutability, side-effect prevention) into [rules/nuxt/code-quality.md](rules/nuxt/code-quality.md).
|
|
15
|
+
- Updated [vault/99 - Master Index.md](vault/99%20-%20Master%20Index.md) to register the new Clean Code manual.
|
|
16
|
+
|
|
17
|
+
---
|
|
18
|
+
|
|
19
|
+
## [1.1.0] - 2026-07-02
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
- **Obsidian Vault Integration**: Relocated the entire documentation vault into the repository under the [vault/](vault/) folder for unified maintenance.
|
|
23
|
+
- **AI bot mitigation postures**: Added detailed documentation for **Open** (maximum visibility), **Balanced** (standard SEO, block AI training), and **Strict** (lockdown) configurations in [rules/cloudflare/security.md](rules/cloudflare/security.md).
|
|
24
|
+
- **AI Agent Action Directive**: Embedded inline instructions in security rules guiding AI assistants to interactively prompt users when setting up bot controls.
|
|
25
|
+
- **Developer Guide Enhancements**: Expanded configuration instructions for Claude Code, GitHub Copilot, Antigravity CLI, and Pi Coding Agent.
|
|
26
|
+
- **Preview & Testing URL Security Guidelines**: Added instructions on how to programmatically secure or disable Cloudflare testing/preview subdomains (`*.workers.dev` and `*.pages.dev`) in both Workers and Pages setups.
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
- Updated [.gitignore](.gitignore) to exclude local Obsidian configurations (`vault/.obsidian/` and `vault/.trash/`).
|
|
30
|
+
|
|
31
|
+
### Fixed
|
|
32
|
+
- Outdated Drizzle Kit configuration rules: updated the `drizzle.config.ts` template and rules to use dialect `'sqlite'` and driver `'d1-http'` to prevent configuration parsing errors in newer versions of Drizzle Kit (v0.21+ / v0.31+).
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## [1.0.0] - 2026-07-01
|
|
37
|
+
|
|
38
|
+
### Added
|
|
39
|
+
- Initial release of the Unified AI Rules MCP Server.
|
|
40
|
+
- Dynamic rule filtering based on file types, stack detection, and keywords.
|
|
41
|
+
- Support for Cloudflare Backend, Nuxt Frontend, Flutter Client, and .NET MAUI stacks.
|
|
42
|
+
- Built-in smart project scaffolder (`install_rules_to_project`).
|
package/README.md
CHANGED
|
@@ -1,57 +1,170 @@
|
|
|
1
|
-
# Unified AI Rules MCP Server (`@tenantegroup/ai-rules-mcp`)
|
|
1
|
+
# 🎯 Unified AI Rules MCP Server (`@tenantegroup/ai-rules-mcp`)
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
[](https://www.npmjs.com/package/@tenantegroup/ai-rules-mcp)
|
|
4
|
+
[](https://opensource.org/licenses/MIT)
|
|
5
|
+
[](https://nodejs.org/)
|
|
4
6
|
|
|
5
|
-
|
|
7
|
+
Model Context Protocol (MCP) server providing structured, production-tested AI coding rules for **Cloudflare Backend**, **Nuxt Frontend**, **Flutter Client**, and **.NET MAUI Client** stacks.
|
|
8
|
+
|
|
9
|
+
By dynamically scanning your current task, files, and keywords, it selects only the rules relevant to your active session. This achieves a **~75% token footprint reduction** and prevents conflicting instructions between frontend, mobile, and backend paradigms (e.g., stopping mobile SQLite rules from polluting a Cloudflare D1 worker context).
|
|
6
10
|
|
|
7
11
|
---
|
|
8
12
|
|
|
9
13
|
## ⚡ Key Features
|
|
10
14
|
|
|
11
|
-
1.
|
|
12
|
-
2.
|
|
13
|
-
3.
|
|
15
|
+
1. **Smart Context Filtering**: Dynamically evaluates stack requirements, stripping out dotNET rules during Flutter sessions and vice-versa.
|
|
16
|
+
2. **Interactive AI Scaffolder**: Integrates the `install_rules_to_project` tool. Running this inside any repository auto-detects the tech stack and copies appropriate `.ai/rules`, static compilers, and pre-commit Git validators.
|
|
17
|
+
3. **Multi-Agent Support**: Out-of-the-box support for all major modern AI development interfaces.
|
|
18
|
+
4. **Obsidian Vault Synced**: The source of truth rules are maintained in a structured Obsidian [vault/](vault/) folder right in the repository, making it easy to version-control documentation alongside the MCP code.
|
|
14
19
|
|
|
15
20
|
---
|
|
16
21
|
|
|
17
|
-
## 🛠️
|
|
22
|
+
## 🛠️ Supported Stacks
|
|
18
23
|
|
|
19
|
-
*
|
|
20
|
-
*
|
|
21
|
-
*
|
|
22
|
-
*
|
|
24
|
+
* **Cloudflare Backend**: Workers runtime edge parity, Drizzle ORM, D1 SQLite, Workflows (durable sagas), KV storage, R2 bucket storage, and Durable Objects.
|
|
25
|
+
* **Nuxt Frontend**: Nuxt 4 directories, Pinia reactive state, layout routing, and client-side API integrations.
|
|
26
|
+
* **Flutter Client**: Riverpod state management, GoRouter, Retrofit clients, and Drift SQLite databases.
|
|
27
|
+
* **dotNET Client**: .NET MAUI UI shell, XAML layouts, MVVM pattern (CommunityToolkit), Refit HTTP clients, and sqlite-net.
|
|
23
28
|
|
|
24
29
|
---
|
|
25
30
|
|
|
26
|
-
## 🚀
|
|
31
|
+
## 🚀 Installation
|
|
32
|
+
|
|
33
|
+
Ensure you have Node.js (version 18 or higher) installed, then install the package globally:
|
|
27
34
|
|
|
28
|
-
### 1. Global Installation
|
|
29
|
-
Install the unified package globally:
|
|
30
35
|
```bash
|
|
31
36
|
npm install -g @tenantegroup/ai-rules-mcp
|
|
32
37
|
```
|
|
33
38
|
|
|
34
|
-
|
|
35
|
-
Edit your Claude Desktop configuration (e.g. `%APPDATA%\Claude\claude_desktop_config.json` on Windows or `~/Library/Application Support/Claude/claude_desktop_config.json` on macOS):
|
|
39
|
+
---
|
|
36
40
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
41
|
+
## ⚙️ Configuration for Coding Agents
|
|
42
|
+
|
|
43
|
+
### 1. Claude Desktop (macOS & Windows)
|
|
44
|
+
Add the server to your desktop client configuration:
|
|
45
|
+
* **Configuration File Location**:
|
|
46
|
+
* **macOS**: `~/Library/Application Support/Claude/claude_desktop_config.json`
|
|
47
|
+
* **Windows**: `%APPDATA%\Claude\claude_desktop_config.json`
|
|
48
|
+
* **JSON Configuration**:
|
|
49
|
+
```json
|
|
50
|
+
{
|
|
51
|
+
"mcpServers": {
|
|
52
|
+
"ai-rules": {
|
|
53
|
+
"command": "ai-rules-mcp"
|
|
54
|
+
}
|
|
42
55
|
}
|
|
43
56
|
}
|
|
44
|
-
|
|
45
|
-
|
|
57
|
+
```
|
|
58
|
+
* **To Apply**: Restart the Claude Desktop application.
|
|
59
|
+
|
|
60
|
+
---
|
|
61
|
+
|
|
62
|
+
### 2. Claude Code (CLI)
|
|
63
|
+
Claude Code supports direct command-line utility configurations.
|
|
64
|
+
* **Using the CLI (Recommended)**:
|
|
65
|
+
Run the interactive setup wizard in your terminal:
|
|
66
|
+
```bash
|
|
67
|
+
claude mcp add --transport stdio ai-rules ai-rules-mcp
|
|
68
|
+
```
|
|
69
|
+
* **Manual Setup**:
|
|
70
|
+
Open or create `~/.claude.json` and add the configuration under the `mcpServers` block:
|
|
71
|
+
```json
|
|
72
|
+
{
|
|
73
|
+
"mcpServers": {
|
|
74
|
+
"ai-rules": {
|
|
75
|
+
"command": "ai-rules-mcp",
|
|
76
|
+
"args": []
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
```
|
|
81
|
+
* **Verify Configuration**: Check connection status by running `claude mcp list`.
|
|
82
|
+
|
|
83
|
+
---
|
|
84
|
+
|
|
85
|
+
### 3. GitHub Copilot (CLI & IDEs)
|
|
86
|
+
GitHub Copilot handles MCP integrations across CLI contexts and IDE extension layers.
|
|
87
|
+
* **Using the Copilot CLI**:
|
|
88
|
+
Run the helper tool to bind the server:
|
|
89
|
+
```bash
|
|
90
|
+
copilot mcp add
|
|
91
|
+
```
|
|
92
|
+
*(Follow the interactive terminal wizard to select `stdio` type, name it `ai-rules`, and enter `ai-rules-mcp` as the command.)*
|
|
93
|
+
* **Manual CLI Config Location**: Saved in `~/.copilot/mcp-config.json`.
|
|
94
|
+
* **VS Code / Visual Studio**:
|
|
95
|
+
Click the **Configure Tools** gear icon inside the Copilot Chat pane, navigate to the MCP config panel, and add a local command server pointing to `ai-rules-mcp`.
|
|
96
|
+
* **Repository-Level (GitHub.com)**:
|
|
97
|
+
Go to your repository **Settings** ➔ **Copilot** (under Code & Automation) ➔ **MCP Servers** to configure server hooks globally for your team's Copilot workspace.
|
|
98
|
+
|
|
99
|
+
---
|
|
46
100
|
|
|
47
|
-
|
|
101
|
+
### 4. Antigravity CLI (`agy`)
|
|
102
|
+
The Google Antigravity developer environment natively integrates local and remote MCP hosts.
|
|
103
|
+
* **Configuration File Location**:
|
|
104
|
+
* **Global Settings**: `~/.gemini/antigravity-cli/mcp_config.json`
|
|
105
|
+
* **Workspace-local Settings**: `.agents/mcp_config.json` (inside your project directory)
|
|
106
|
+
* **JSON Configuration**:
|
|
107
|
+
```json
|
|
108
|
+
{
|
|
109
|
+
"mcpServers": {
|
|
110
|
+
"ai-rules": {
|
|
111
|
+
"command": "ai-rules-mcp",
|
|
112
|
+
"args": []
|
|
113
|
+
}
|
|
114
|
+
}
|
|
115
|
+
}
|
|
116
|
+
```
|
|
117
|
+
* **TUI Management**:
|
|
118
|
+
Launch `agy` in your terminal and type `/mcp` to open the **Interactive MCP Manager** to check statuses and reload configurations.
|
|
119
|
+
|
|
120
|
+
---
|
|
121
|
+
|
|
122
|
+
### 5. Pi Coding Agent
|
|
123
|
+
Pi manages external toolsets via the `pi-mcp-adapter`.
|
|
124
|
+
* **Step 1: Install the Adapter**:
|
|
125
|
+
```bash
|
|
126
|
+
pi install npm:pi-mcp-adapter
|
|
127
|
+
```
|
|
128
|
+
* **Step 2: Configuration File Location**:
|
|
129
|
+
* **Global**: `~/.pi/agent/mcp.json`
|
|
130
|
+
* **Project-local**: `.pi/mcp.json` (overrides global preferences)
|
|
131
|
+
* **JSON Configuration**:
|
|
132
|
+
```json
|
|
133
|
+
{
|
|
134
|
+
"mcpServers": {
|
|
135
|
+
"ai-rules": {
|
|
136
|
+
"command": "ai-rules-mcp",
|
|
137
|
+
"args": []
|
|
138
|
+
}
|
|
139
|
+
}
|
|
140
|
+
}
|
|
141
|
+
```
|
|
142
|
+
* **Step 3: Verification**:
|
|
143
|
+
Open the Pi REPL and use `/mcp setup` to auto-detect and register the server, or type `/mcp` to list active tools.
|
|
48
144
|
|
|
49
145
|
---
|
|
50
146
|
|
|
51
147
|
## 📖 Available Tools
|
|
52
148
|
|
|
53
|
-
* `get_relevant_rules(task_description, file_types, keywords)`:
|
|
54
|
-
* `get_rule_by_name(rule_name)`:
|
|
55
|
-
* `search_rule_content(query)`: Performs a regex search
|
|
56
|
-
* `list_all_rules()`: Lists
|
|
57
|
-
* `install_rules_to_project(target_dir, stack)`: Scaffolds the `.ai
|
|
149
|
+
* `get_relevant_rules(task_description, file_types, keywords, include_all)`: Evaluates task context, filters irrelevant tech stacks, and returns matching standards.
|
|
150
|
+
* `get_rule_by_name(rule_name)`: Directly retrieves a specific rule (e.g., `flutter/riverpod`, `cloudflare/workflows`).
|
|
151
|
+
* `search_rule_content(query, case_sensitive)`: Performs a regex search inside the contents of all rule files.
|
|
152
|
+
* `list_all_rules()`: Lists all rule titles grouped by target technology stack.
|
|
153
|
+
* `install_rules_to_project(target_dir, stack)`: Scaffolds the `.ai/` settings folder, copies rule files, and drops git validator scripts into the specified project root directory.
|
|
154
|
+
|
|
155
|
+
---
|
|
156
|
+
|
|
157
|
+
## 📁 Obsidian Vault Structure
|
|
158
|
+
|
|
159
|
+
The rules served by this MCP server are maintained in the [vault/](vault/) folder of this repository. This folder is structured to be opened directly as an Obsidian vault:
|
|
160
|
+
* `00 - Core Standards/` — General software engineering and reviewer standards.
|
|
161
|
+
* `01 - Cloudflare Backend Stack/` — Workers, Workflows, and D1 configuration standards.
|
|
162
|
+
* `02 - Nuxt Frontend Stack/` — Nuxt 4 and Vue configurations.
|
|
163
|
+
* `03 - Flutter Client Stack/` — Dart and Riverpod layouts.
|
|
164
|
+
* `04 - dotNET Client Stack/` — C# and .NET MAUI layouts.
|
|
165
|
+
* `99 - Master Index.md` — The central map linking all manual entries.
|
|
166
|
+
|
|
167
|
+
---
|
|
168
|
+
|
|
169
|
+
## 📄 License
|
|
170
|
+
This project is licensed under the MIT License. See [LICENSE](LICENSE) (if present) or `package.json` for details.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tenantegroup/ai-rules-mcp",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "Unified MCP server providing AI coding rules for Cloudflare Backend, Nuxt Frontend, Flutter Client, and dotNET MAUI stacks with smart context filtering",
|
|
5
5
|
"main": "src/index.js",
|
|
6
6
|
"type": "module",
|
|
@@ -45,7 +45,8 @@
|
|
|
45
45
|
"templates/",
|
|
46
46
|
"README.md",
|
|
47
47
|
"INSTALLATION.md",
|
|
48
|
-
"USAGE.md"
|
|
48
|
+
"USAGE.md",
|
|
49
|
+
"CHANGELOG.md"
|
|
49
50
|
],
|
|
50
51
|
"engines": {
|
|
51
52
|
"node": ">=18.0.0"
|
|
@@ -138,11 +138,129 @@ Implement these before launching:
|
|
|
138
138
|
- Set `Content-Disposition: attachment` on all endpoints that return binary file content to prevent inline browser rendering
|
|
139
139
|
|
|
140
140
|
|
|
141
|
+
## Restricting Testing & Preview URLs
|
|
142
|
+
|
|
143
|
+
Cloudflare generates default testing subdomains (`*.workers.dev` and `*.pages.dev`) for all Workers and Pages deployments. Since these preview URLs are public, they present a vector for search engine duplication, intellectual property exposure, and direct endpoint exploitation. You must restrict access to these testing channels.
|
|
144
|
+
|
|
145
|
+
### 1. Cloudflare Workers (Programmatic)
|
|
146
|
+
To disable public access via the default `*.workers.dev` subdomain programmatically:
|
|
147
|
+
* Configure `workers_dev = false` inside your `wrangler.toml` file.
|
|
148
|
+
* Once disabled, the Worker will only be accessible via your configured custom domains or internal service bindings.
|
|
149
|
+
* *Config Example:*
|
|
150
|
+
```toml
|
|
151
|
+
name = "my-api-service"
|
|
152
|
+
main = "src/index.js"
|
|
153
|
+
compatibility_date = "2024-01-01"
|
|
154
|
+
workers_dev = false
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
### 2. Cloudflare Pages & Pages Previews
|
|
158
|
+
Cloudflare Pages does not support disabling the default `*.pages.dev` subdomain or branch preview subdomains programmatically. You must secure them using one of the following methods:
|
|
159
|
+
|
|
160
|
+
#### A. Cloudflare Access Policy (Recommended)
|
|
161
|
+
Gate all preview URLs behind Cloudflare Zero Trust Access to enforce authorization (e.g., locking access to your organization's email domain or authenticated users):
|
|
162
|
+
1. Navigate to the Cloudflare Dashboard ➔ **Workers & Pages** ➔ select your Pages project.
|
|
163
|
+
2. Go to **Settings** ➔ **General** ➔ **Access policy**.
|
|
164
|
+
3. Click **Enable** (or **Manage**) to bind a Cloudflare Access application policy to your preview deployments.
|
|
165
|
+
|
|
166
|
+
#### B. Programmatic Edge Middleware
|
|
167
|
+
For a purely code-based restriction, implement a middleware check inside your Pages directory (e.g., `/functions/_middleware.js` for Pages or Nitro middleware for Nuxt) to block direct traffic attempting to connect via any host ending in `pages.dev`:
|
|
168
|
+
|
|
169
|
+
```javascript
|
|
170
|
+
// /functions/_middleware.js
|
|
171
|
+
export const onRequest = async (context) => {
|
|
172
|
+
const url = new URL(context.request.url);
|
|
173
|
+
|
|
174
|
+
// Intercept and reject direct access to pages.dev subdomains
|
|
175
|
+
if (url.hostname.endsWith(".pages.dev")) {
|
|
176
|
+
return new Response(
|
|
177
|
+
JSON.stringify({
|
|
178
|
+
error: "Forbidden",
|
|
179
|
+
message: "Direct access to pages.dev subdomains is prohibited. Please use the registered custom domain."
|
|
180
|
+
}),
|
|
181
|
+
{
|
|
182
|
+
status: 403,
|
|
183
|
+
headers: { "Content-Type": "application/json" }
|
|
184
|
+
}
|
|
185
|
+
);
|
|
186
|
+
}
|
|
187
|
+
|
|
188
|
+
return context.next();
|
|
189
|
+
};
|
|
190
|
+
```
|
|
191
|
+
|
|
192
|
+
|
|
141
193
|
## Dependency & Supply Chain Security *(OWASP A06)*
|
|
142
194
|
|
|
143
195
|
- Configure Dependabot (`.github/dependabot.yml`) for weekly PRs covering npm packages and GitHub Actions in all projects
|
|
144
196
|
- Add `pnpm audit` / `npm audit` as a required CI step on every push; surface known vulnerabilities before merge
|
|
145
197
|
- Review D1 migrations before every production apply — no auto-apply on deploy
|
|
198
|
+
## AI Crawler Control & Bot Mitigation Postures
|
|
199
|
+
|
|
200
|
+
> [!IMPORTANT]
|
|
201
|
+
> **AI Agent Action Directive**: When you (the AI agent) read this security rule or assist with setting up bot mitigation or crawler controls, you MUST:
|
|
202
|
+
> 1. Ask the user to choose their preferred posture: **Open** (maximum search/AI indexing), **Balanced** (standard SEO but block AI model training), or **Strict** (locked down).
|
|
203
|
+
> 2. Explain the business trade-offs of each posture.
|
|
204
|
+
> 3. Provide the necessary code/configuration files (e.g., `robots.txt`) and outline the exact manual steps they need to take on their Cloudflare Dashboard for that posture.
|
|
205
|
+
|
|
206
|
+
With the emergence of LLM scrapers, AGI agents, and AI search engines, standard bot protection must be tailored to the website's business goals. We define three distinct postures: **Open**, **Balanced (Medium)**, and **Strict**.
|
|
207
|
+
|
|
208
|
+
---
|
|
209
|
+
|
|
210
|
+
### Posture A: Open (Maximum Visibility)
|
|
211
|
+
* **Best for**: Public marketing sites, blogs, portfolios, and brand landing pages where searchability, AI recommendations (e.g., ChatGPT search, Gemini AI Overviews), and discovery are paramount.
|
|
212
|
+
* **Goal**: Invite all bots, AGI agents, and training scrapers to read and ingest the site's content so the business appears in all traditional and AI search results.
|
|
213
|
+
|
|
214
|
+
#### 1. Programmatic Implementation (`robots.txt`)
|
|
215
|
+
Configure `robots.txt` to explicitly grant permission for training and full content reproduction:
|
|
216
|
+
```text
|
|
217
|
+
User-agent: *
|
|
218
|
+
Content-Signal: search=yes,ai-train=yes,use=full
|
|
219
|
+
Allow: /
|
|
220
|
+
```
|
|
221
|
+
|
|
222
|
+
#### 2. Cloudflare Dashboard Settings
|
|
223
|
+
* **Legacy "Block AI Bots"**: Toggle **Off**.
|
|
224
|
+
* **AI Traffic Categories**: Explicitly set **Search**, **Agent**, and **Training** bots to **Allow**.
|
|
225
|
+
* *Note on Sept 15, 2026 update:* Ensure you opt out of default blocks for "Training" and "Agent" bots on pages with ads.
|
|
226
|
+
|
|
227
|
+
---
|
|
228
|
+
|
|
229
|
+
### Posture B: Balanced (Medium / Protection & SEO)
|
|
230
|
+
* **Best for**: SaaS product landing pages, corporate websites, or publications that want to show up in traditional search results (Google, Bing) but protect their intellectual property from being scraped to train AI models without consent.
|
|
231
|
+
* **Goal**: Allow discovery through standard search, but block AI model training.
|
|
232
|
+
|
|
233
|
+
#### 1. Programmatic Implementation (`robots.txt`)
|
|
234
|
+
Configure `robots.txt` to allow search but prohibit model training and restrict content use to excerpts:
|
|
235
|
+
```text
|
|
236
|
+
User-agent: *
|
|
237
|
+
Content-Signal: search=yes,ai-train=no,use=reference
|
|
238
|
+
Allow: /
|
|
239
|
+
```
|
|
240
|
+
|
|
241
|
+
#### 2. Cloudflare Dashboard Settings
|
|
242
|
+
* **Legacy "Block AI Bots"**: Toggle **On**.
|
|
243
|
+
* **AI Traffic Categories**: Set **Search** to **Allow**, but **Training** and **Agent** to **Block**.
|
|
244
|
+
* *Warning:* Under this setting, multi-purpose crawlers (e.g., Googlebot, Bingbot, Applebot) that crawl for both search and training will be blocked by default as of Sept 15, 2026. Review and override this behavior in the Cloudflare dashboard to allow their search crawls.
|
|
245
|
+
|
|
246
|
+
---
|
|
247
|
+
|
|
248
|
+
### Posture C: Strict (Maximum Lockdown)
|
|
249
|
+
* **Best for**: SaaS web applications, customer portals, internal tools, and private databases.
|
|
250
|
+
* **Goal**: Deny access to all bots, scrapers, and automated agents to protect user data, secure API endpoints, and reduce server bandwidth costs.
|
|
251
|
+
|
|
252
|
+
#### 1. Programmatic Implementation (`robots.txt`)
|
|
253
|
+
Tell all crawlers and agents that they are forbidden:
|
|
254
|
+
```text
|
|
255
|
+
User-agent: *
|
|
256
|
+
Disallow: /
|
|
257
|
+
```
|
|
258
|
+
|
|
259
|
+
#### 2. Cloudflare Dashboard Settings
|
|
260
|
+
* **Legacy "Block AI Bots"**: Toggle **On**.
|
|
261
|
+
* **AI Traffic Categories**: Set **Search**, **Agent**, and **Training** bots to **Block**.
|
|
262
|
+
* **Bot Fight Mode**: Enable **On** (or set up custom WAF rules to challenge all traffic with a bot score below 30).
|
|
263
|
+
* **Transitive Trust validation**: Programmatically reject requests carrying proxy forwarded headers (e.g., block requests if the standard `Forwarded` header specifies AI operators, or return a `403 Forbidden` response).
|
|
146
264
|
|
|
147
265
|
|
|
148
266
|
## Advanced Security (When Scaling)
|
|
@@ -1,25 +1,23 @@
|
|
|
1
1
|
# Code Quality Standards
|
|
2
2
|
|
|
3
|
-
## TypeScript Requirements
|
|
4
|
-
- Enable strict mode in `tsconfig.json`
|
|
5
|
-
- Never use `any` type without justification
|
|
6
|
-
- Define interfaces for all data structures
|
|
7
|
-
- Use
|
|
3
|
+
## TypeScript Requirements & Clean Naming
|
|
4
|
+
- Enable strict mode in `tsconfig.json` (specifically check `--strictNullChecks`)
|
|
5
|
+
- Never use `any` type without justification; use explicit typing or generics
|
|
6
|
+
- Define interfaces or type aliases for all data structures
|
|
7
|
+
- Use meaningful, pronounceable, and searchable variable/constant names (avoid magic numbers/strings)
|
|
8
|
+
- Avoid mental mapping; use explicit names (e.g. `user` instead of `u`)
|
|
9
|
+
- Avoid unneeded context in property definitions (e.g. `make` instead of `carMake` inside a `Car` type)
|
|
10
|
+
- Use default parameters instead of short-circuiting (`||` or ternary checks)
|
|
8
11
|
- Export types for reuse across services
|
|
9
12
|
|
|
10
|
-
## Code Organization
|
|
11
|
-
- Keep functions small and focused (
|
|
12
|
-
-
|
|
13
|
-
-
|
|
14
|
-
-
|
|
15
|
-
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
- Use camelCase for variables and functions
|
|
19
|
-
- Use PascalCase for classes and types
|
|
20
|
-
- Use UPPER_CASE for constants
|
|
21
|
-
- Use descriptive names (avoid abbreviations)
|
|
22
|
-
- Prefix boolean variables with `is`, `has`, or `should`
|
|
13
|
+
## Code Organization & Functions
|
|
14
|
+
- Keep functions small and focused (Single Responsibility Principle)
|
|
15
|
+
- Functions should ideally take **2 or fewer arguments**; consolidate larger parameter lists into a config object and use destructuring
|
|
16
|
+
- Functions should do exactly one thing and maintain a single level of abstraction
|
|
17
|
+
- Never use flags (boolean parameters) in function signatures; split them into separate functions (e.g. `createTempFile` vs `createFile`)
|
|
18
|
+
- Avoid side effects: do not mutate input objects or arrays; return cloned, modified copies (e.g., `[...cart, item]` instead of `cart.push(item)`)
|
|
19
|
+
- Group related functionality in classes or services
|
|
20
|
+
- Avoid deep nesting (max 3 levels recommended) and use early returns
|
|
23
21
|
|
|
24
22
|
## Comments and Documentation
|
|
25
23
|
- Write self-documenting code when possible
|
|
@@ -16,8 +16,9 @@
|
|
|
16
16
|
## drizzle.config.ts
|
|
17
17
|
- Define schema in `/server/db/schema.ts`
|
|
18
18
|
- Output migrations to `/drizzle` directory
|
|
19
|
-
- Set
|
|
20
|
-
-
|
|
19
|
+
- Set dialect to `sqlite` (since D1 is SQLite-compatible)
|
|
20
|
+
- Set driver to `d1-http` for Cloudflare D1 migrations and operations
|
|
21
|
+
- Provide Cloudflare accountId, databaseId, and D1 API token credentials via environment variables
|
|
21
22
|
|
|
22
23
|
## Environment Variables
|
|
23
24
|
- Commit only `.env.example` to repository
|