@tinkcarlos/skillora 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/.temp-skill-index.md +245 -0
- package/.claude/skills/SKILL.md +264 -0
- package/.claude/skills/api-scaffolding/SKILL.md +431 -0
- package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
- package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
- package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
- package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
- package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
- package/.claude/skills/api-testing-observability/SKILL.md +583 -0
- package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
- package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
- package/.claude/skills/brainstorming/SKILL.md +283 -0
- package/.claude/skills/bug-fixing/SKILL.md +382 -0
- package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
- package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
- package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
- package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
- package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
- package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
- package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
- package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
- package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
- package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
- package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
- package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
- package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
- package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
- package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
- package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
- package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
- package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
- package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
- package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
- package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
- package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
- package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
- package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
- package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
- package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
- package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
- package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
- package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
- package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
- package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
- package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
- package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
- package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
- package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
- package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
- package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
- package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
- package/.claude/skills/code-review/SKILL.md +535 -0
- package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
- package/.claude/skills/code-review/references/automated-analysis.md +456 -0
- package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
- package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
- package/.claude/skills/code-review/references/backend-review.md +868 -0
- package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
- package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
- package/.claude/skills/code-review/references/common-patterns.md +321 -0
- package/.claude/skills/code-review/references/configuration-review.md +425 -0
- package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
- package/.claude/skills/code-review/references/database-review.md +298 -0
- package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
- package/.claude/skills/code-review/references/external-standards.md +51 -0
- package/.claude/skills/code-review/references/feature-review.md +329 -0
- package/.claude/skills/code-review/references/file-review-template.md +326 -0
- package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
- package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
- package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
- package/.claude/skills/code-review/references/frontend-review.md +783 -0
- package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
- package/.claude/skills/code-review/references/fullstack-review.md +477 -0
- package/.claude/skills/code-review/references/functional-completeness.md +386 -0
- package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
- package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
- package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
- package/.claude/skills/code-review/references/iteration-review.md +264 -0
- package/.claude/skills/code-review/references/job-review.md +335 -0
- package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
- package/.claude/skills/code-review/references/logic-completeness.md +535 -0
- package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
- package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
- package/.claude/skills/code-review/references/new-project-review.md +226 -0
- package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
- package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
- package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
- package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
- package/.claude/skills/code-review/references/python-patterns.md +494 -0
- package/.claude/skills/code-review/references/rca-techniques.md +362 -0
- package/.claude/skills/code-review/references/report-template.md +430 -0
- package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
- package/.claude/skills/code-review/references/review-dimensions.md +311 -0
- package/.claude/skills/code-review/references/review-guide.md +202 -0
- package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
- package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
- package/.claude/skills/code-review/references/review-record-template.md +195 -0
- package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
- package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
- package/.claude/skills/containerization/SKILL.md +313 -0
- package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
- package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
- package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
- package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
- package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
- package/.claude/skills/frontend-design/LICENSE.txt +177 -0
- package/.claude/skills/frontend-design/SKILL.md +587 -0
- package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
- package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
- package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
- package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
- package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
- package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
- package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
- package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
- package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
- package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
- package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
- package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
- package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
- package/.claude/skills/fullstack-developer/SKILL.md +512 -0
- package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
- package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
- package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
- package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
- package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
- package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
- package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
- package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
- package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
- package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
- package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
- package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
- package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
- package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
- package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
- package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
- package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
- package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
- package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
- package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
- package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
- package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
- package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
- package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
- package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
- package/.claude/skills/performance-optimization/SKILL.md +250 -0
- package/.claude/skills/product-requirements/SKILL.md +357 -0
- package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
- package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
- package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
- package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
- package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
- package/.claude/skills/product-requirements/references/external-standards.md +62 -0
- package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
- package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
- package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
- package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
- package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
- package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
- package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
- package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
- package/.claude/skills/react-best-practices/SKILL.md +198 -0
- package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
- package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
- package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
- package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
- package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
- package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
- package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
- package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
- package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
- package/.claude/skills/security-audit/SKILL.md +226 -0
- package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
- package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
- package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
- package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
- package/.claude/skills/shared-references/skill-call-graph.md +230 -0
- package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
- package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
- package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
- package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
- package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
- package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
- package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
- package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
- package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
- package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
- package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
- package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
- package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
- package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
- package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
- package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
- package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
- package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
- package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
- package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
- package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
- package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
- package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
- package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
- package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
- package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
- package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
- package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
- package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
- package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
- package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
- package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
- package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
- package/.claude/skills/test-driven-development/SKILL.md +246 -0
- package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
- package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
- package/.claude/skills/using-skillstack/SKILL.md +127 -0
- package/.claude/skills/vercel-deploy/SKILL.md +166 -0
- package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
- package/.claude/skills/verification-before-completion/SKILL.md +305 -0
- package/.claude/skills/writing-plans/SKILL.md +259 -0
- package/README.md +69 -0
- package/bin/cli.js +468 -0
- package/lib/init.js +333 -0
- package/package.json +29 -0
|
@@ -0,0 +1,431 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: api-scaffolding
|
|
3
|
+
description: |
|
|
4
|
+
API scaffolding with contract-first design and multi-framework support.
|
|
5
|
+
|
|
6
|
+
Use when:
|
|
7
|
+
- Creating new API endpoints (REST/GraphQL/gRPC)
|
|
8
|
+
- Designing API architecture and service boundaries
|
|
9
|
+
- Setting up backend project structure
|
|
10
|
+
- Implementing authentication/authorization
|
|
11
|
+
|
|
12
|
+
Key Features:
|
|
13
|
+
- Contract-first: OpenAPI/GraphQL schema before code
|
|
14
|
+
- Multi-framework: FastAPI, Django, Express, NestJS
|
|
15
|
+
- Security-first: Auth patterns built-in
|
|
16
|
+
- Integration with fullstack-developer workflow
|
|
17
|
+
allowed-tools: [read, write, execute, grep, glob, mcp__serena__find_symbol, mcp__serena__get_symbols_overview]
|
|
18
|
+
---
|
|
19
|
+
|
|
20
|
+
# API Scaffolding
|
|
21
|
+
|
|
22
|
+
Contract-first, security-built-in, production-ready.
|
|
23
|
+
|
|
24
|
+
## The Iron Law
|
|
25
|
+
|
|
26
|
+
```
|
|
27
|
+
NO CODE WITHOUT CONTRACT. NO ENDPOINT WITHOUT AUTH CHECK. NO RESPONSE WITHOUT VALIDATION.
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## Quick Start Decision Tree
|
|
33
|
+
|
|
34
|
+
```
|
|
35
|
+
API 需求
|
|
36
|
+
│
|
|
37
|
+
▼
|
|
38
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
39
|
+
│ Step 1: 选择 API 类型 │
|
|
40
|
+
│ ─────────────────────────────────────────────────────────── │
|
|
41
|
+
│ REST API → OpenAPI 3.1 contract │
|
|
42
|
+
│ GraphQL → Schema-first design │
|
|
43
|
+
│ gRPC → Protocol Buffers definition │
|
|
44
|
+
│ WebSocket → Event schema definition │
|
|
45
|
+
└─────────────────────────────────────────────────────────────┘
|
|
46
|
+
│
|
|
47
|
+
▼
|
|
48
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
49
|
+
│ Step 2: 选择框架 │
|
|
50
|
+
│ ─────────────────────────────────────────────────────────── │
|
|
51
|
+
│ Python: FastAPI (推荐) / Django REST │
|
|
52
|
+
│ Node.js: NestJS (推荐) / Express │
|
|
53
|
+
│ Go: Gin / Echo │
|
|
54
|
+
│ Java: Spring Boot │
|
|
55
|
+
└─────────────────────────────────────────────────────────────┘
|
|
56
|
+
│
|
|
57
|
+
▼
|
|
58
|
+
┌─────────────────────────────────────────────────────────────┐
|
|
59
|
+
│ Step 3: 执行脚手架流程 │
|
|
60
|
+
│ ─────────────────────────────────────────────────────────── │
|
|
61
|
+
│ 1. 定义 Contract (OpenAPI/GraphQL Schema) │
|
|
62
|
+
│ 2. 生成项目结构 │
|
|
63
|
+
│ 3. 实现端点 + 验证 │
|
|
64
|
+
│ 4. 添加认证/授权 │
|
|
65
|
+
│ 5. 集成测试 │
|
|
66
|
+
└─────────────────────────────────────────────────────────────┘
|
|
67
|
+
```
|
|
68
|
+
|
|
69
|
+
---
|
|
70
|
+
|
|
71
|
+
## 🔴 Contract-First Protocol (MANDATORY)
|
|
72
|
+
|
|
73
|
+
### Step 1: 定义 API Contract
|
|
74
|
+
|
|
75
|
+
**在写任何代码之前,必须先定义 contract:**
|
|
76
|
+
|
|
77
|
+
```yaml
|
|
78
|
+
# openapi.yaml
|
|
79
|
+
openapi: 3.1.0
|
|
80
|
+
info:
|
|
81
|
+
title: [API Name]
|
|
82
|
+
version: 1.0.0
|
|
83
|
+
paths:
|
|
84
|
+
/api/v1/[resource]:
|
|
85
|
+
get:
|
|
86
|
+
summary: List [resources]
|
|
87
|
+
parameters:
|
|
88
|
+
- name: page
|
|
89
|
+
in: query
|
|
90
|
+
schema:
|
|
91
|
+
type: integer
|
|
92
|
+
default: 1
|
|
93
|
+
responses:
|
|
94
|
+
'200':
|
|
95
|
+
description: Success
|
|
96
|
+
content:
|
|
97
|
+
application/json:
|
|
98
|
+
schema:
|
|
99
|
+
$ref: '#/components/schemas/[Resource]List'
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
### Step 2: Contract 验证清单
|
|
103
|
+
|
|
104
|
+
| 检查项 | 通过标准 |
|
|
105
|
+
|--------|----------|
|
|
106
|
+
| 资源命名 | 复数名词,kebab-case |
|
|
107
|
+
| HTTP 方法 | GET/POST/PUT/PATCH/DELETE 语义正确 |
|
|
108
|
+
| 状态码 | 200/201/204/400/401/403/404/500 覆盖 |
|
|
109
|
+
| 分页 | 列表接口必须支持分页 |
|
|
110
|
+
| 版本 | URL 或 Header 版本控制 |
|
|
111
|
+
| 错误格式 | 统一错误响应结构 |
|
|
112
|
+
|
|
113
|
+
---
|
|
114
|
+
|
|
115
|
+
## 🔴 Project Structure Templates
|
|
116
|
+
|
|
117
|
+
### FastAPI (Python)
|
|
118
|
+
|
|
119
|
+
```
|
|
120
|
+
project/
|
|
121
|
+
├── app/
|
|
122
|
+
│ ├── __init__.py
|
|
123
|
+
│ ├── main.py # FastAPI app entry
|
|
124
|
+
│ ├── config.py # Settings with Pydantic
|
|
125
|
+
│ ├── api/
|
|
126
|
+
│ │ ├── __init__.py
|
|
127
|
+
│ │ ├── deps.py # Dependencies (auth, db)
|
|
128
|
+
│ │ └── v1/
|
|
129
|
+
│ │ ├── __init__.py
|
|
130
|
+
│ │ ├── router.py # API router
|
|
131
|
+
│ │ └── endpoints/
|
|
132
|
+
│ │ └── [resource].py
|
|
133
|
+
│ ├── models/ # SQLAlchemy models
|
|
134
|
+
│ ├── schemas/ # Pydantic schemas
|
|
135
|
+
│ ├── services/ # Business logic
|
|
136
|
+
│ └── core/
|
|
137
|
+
│ ├── security.py # Auth utilities
|
|
138
|
+
│ └── exceptions.py # Custom exceptions
|
|
139
|
+
├── tests/
|
|
140
|
+
├── alembic/ # Migrations
|
|
141
|
+
├── requirements.txt
|
|
142
|
+
└── docker-compose.yml
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
### NestJS (Node.js)
|
|
146
|
+
|
|
147
|
+
```
|
|
148
|
+
project/
|
|
149
|
+
├── src/
|
|
150
|
+
│ ├── main.ts
|
|
151
|
+
│ ├── app.module.ts
|
|
152
|
+
│ ├── common/
|
|
153
|
+
│ │ ├── decorators/
|
|
154
|
+
│ │ ├── filters/
|
|
155
|
+
│ │ ├── guards/
|
|
156
|
+
│ │ └── interceptors/
|
|
157
|
+
│ └── modules/
|
|
158
|
+
│ └── [resource]/
|
|
159
|
+
│ ├── [resource].module.ts
|
|
160
|
+
│ ├── [resource].controller.ts
|
|
161
|
+
│ ├── [resource].service.ts
|
|
162
|
+
│ ├── dto/
|
|
163
|
+
│ └── entities/
|
|
164
|
+
├── test/
|
|
165
|
+
├── package.json
|
|
166
|
+
└── docker-compose.yml
|
|
167
|
+
```
|
|
168
|
+
|
|
169
|
+
---
|
|
170
|
+
|
|
171
|
+
## 🔴 Security Patterns (MANDATORY)
|
|
172
|
+
|
|
173
|
+
### Authentication Flow
|
|
174
|
+
|
|
175
|
+
| 场景 | 推荐方案 |
|
|
176
|
+
|------|----------|
|
|
177
|
+
| SPA + API | JWT + Refresh Token |
|
|
178
|
+
| Server-rendered | Session + CSRF Token |
|
|
179
|
+
| Mobile App | OAuth2 + PKCE |
|
|
180
|
+
| Service-to-Service | mTLS / API Key |
|
|
181
|
+
| Third-party | OAuth2 Authorization Code |
|
|
182
|
+
|
|
183
|
+
### Authorization Checklist
|
|
184
|
+
|
|
185
|
+
```python
|
|
186
|
+
# 每个端点必须检查:
|
|
187
|
+
# 1. 认证 (Authentication)
|
|
188
|
+
@router.get("/users/{user_id}")
|
|
189
|
+
async def get_user(
|
|
190
|
+
user_id: int,
|
|
191
|
+
current_user: User = Depends(get_current_user) # ✅ 认证
|
|
192
|
+
):
|
|
193
|
+
# 2. 授权 (Authorization)
|
|
194
|
+
if current_user.id != user_id and not current_user.is_admin: # ✅ 授权
|
|
195
|
+
raise HTTPException(status_code=403, detail="Not authorized")
|
|
196
|
+
|
|
197
|
+
# 3. 输入验证 (已通过 Pydantic schema)
|
|
198
|
+
return await user_service.get(user_id)
|
|
199
|
+
```
|
|
200
|
+
|
|
201
|
+
### Security Headers
|
|
202
|
+
|
|
203
|
+
```python
|
|
204
|
+
# middleware/security.py
|
|
205
|
+
SECURITY_HEADERS = {
|
|
206
|
+
"X-Content-Type-Options": "nosniff",
|
|
207
|
+
"X-Frame-Options": "DENY",
|
|
208
|
+
"X-XSS-Protection": "1; mode=block",
|
|
209
|
+
"Strict-Transport-Security": "max-age=31536000; includeSubDomains",
|
|
210
|
+
"Content-Security-Policy": "default-src 'self'"
|
|
211
|
+
}
|
|
212
|
+
```
|
|
213
|
+
|
|
214
|
+
---
|
|
215
|
+
|
|
216
|
+
## 🔴 Input Validation Protocol
|
|
217
|
+
|
|
218
|
+
### Pydantic Schema 规范
|
|
219
|
+
|
|
220
|
+
```python
|
|
221
|
+
from pydantic import BaseModel, Field, validator
|
|
222
|
+
|
|
223
|
+
class UserCreate(BaseModel):
|
|
224
|
+
username: str = Field(..., min_length=3, max_length=50, pattern=r'^[a-zA-Z0-9_]+$')
|
|
225
|
+
email: EmailStr
|
|
226
|
+
password: str = Field(..., min_length=8)
|
|
227
|
+
|
|
228
|
+
@validator('password')
|
|
229
|
+
def password_strength(cls, v):
|
|
230
|
+
if not any(c.isupper() for c in v):
|
|
231
|
+
raise ValueError('Password must contain uppercase')
|
|
232
|
+
if not any(c.isdigit() for c in v):
|
|
233
|
+
raise ValueError('Password must contain digit')
|
|
234
|
+
return v
|
|
235
|
+
```
|
|
236
|
+
|
|
237
|
+
### 验证清单
|
|
238
|
+
|
|
239
|
+
| 检查项 | 实现方式 |
|
|
240
|
+
|--------|----------|
|
|
241
|
+
| 类型验证 | Pydantic/Zod schema |
|
|
242
|
+
| 长度限制 | min_length/max_length |
|
|
243
|
+
| 格式验证 | regex pattern |
|
|
244
|
+
| 业务规则 | custom validator |
|
|
245
|
+
| SQL 注入 | ORM 参数化查询 |
|
|
246
|
+
| XSS | 输出编码 |
|
|
247
|
+
|
|
248
|
+
---
|
|
249
|
+
|
|
250
|
+
## 🔴 Error Handling Standard
|
|
251
|
+
|
|
252
|
+
### 统一错误响应格式
|
|
253
|
+
|
|
254
|
+
```python
|
|
255
|
+
class ErrorResponse(BaseModel):
|
|
256
|
+
error: str # 错误类型
|
|
257
|
+
message: str # 用户友好消息
|
|
258
|
+
details: list = [] # 详细错误信息
|
|
259
|
+
request_id: str # 请求追踪 ID
|
|
260
|
+
|
|
261
|
+
# 示例响应
|
|
262
|
+
{
|
|
263
|
+
"error": "validation_error",
|
|
264
|
+
"message": "Invalid input data",
|
|
265
|
+
"details": [
|
|
266
|
+
{"field": "email", "message": "Invalid email format"}
|
|
267
|
+
],
|
|
268
|
+
"request_id": "req_abc123"
|
|
269
|
+
}
|
|
270
|
+
```
|
|
271
|
+
|
|
272
|
+
### HTTP 状态码映射
|
|
273
|
+
|
|
274
|
+
| 状态码 | 使用场景 |
|
|
275
|
+
|--------|----------|
|
|
276
|
+
| 200 | 成功 (GET/PUT/PATCH) |
|
|
277
|
+
| 201 | 创建成功 (POST) |
|
|
278
|
+
| 204 | 删除成功 (DELETE) |
|
|
279
|
+
| 400 | 请求格式错误 |
|
|
280
|
+
| 401 | 未认证 |
|
|
281
|
+
| 403 | 无权限 |
|
|
282
|
+
| 404 | 资源不存在 |
|
|
283
|
+
| 409 | 资源冲突 |
|
|
284
|
+
| 422 | 验证失败 |
|
|
285
|
+
| 429 | 请求过多 |
|
|
286
|
+
| 500 | 服务器错误 |
|
|
287
|
+
|
|
288
|
+
---
|
|
289
|
+
|
|
290
|
+
## 🔴 Database Integration
|
|
291
|
+
|
|
292
|
+
### Repository Pattern
|
|
293
|
+
|
|
294
|
+
```python
|
|
295
|
+
# repositories/user_repository.py
|
|
296
|
+
class UserRepository:
|
|
297
|
+
def __init__(self, db: AsyncSession):
|
|
298
|
+
self.db = db
|
|
299
|
+
|
|
300
|
+
async def get_by_id(self, user_id: int) -> User | None:
|
|
301
|
+
result = await self.db.execute(
|
|
302
|
+
select(User).where(User.id == user_id)
|
|
303
|
+
)
|
|
304
|
+
return result.scalar_one_or_none()
|
|
305
|
+
|
|
306
|
+
async def create(self, user_data: UserCreate) -> User:
|
|
307
|
+
user = User(**user_data.model_dump())
|
|
308
|
+
self.db.add(user)
|
|
309
|
+
await self.db.commit()
|
|
310
|
+
await self.db.refresh(user)
|
|
311
|
+
return user
|
|
312
|
+
```
|
|
313
|
+
|
|
314
|
+
### Transaction Management
|
|
315
|
+
|
|
316
|
+
```python
|
|
317
|
+
# 事务边界在 Service 层
|
|
318
|
+
async def transfer_funds(from_id: int, to_id: int, amount: Decimal):
|
|
319
|
+
async with db.begin(): # 事务开始
|
|
320
|
+
from_account = await account_repo.get(from_id)
|
|
321
|
+
to_account = await account_repo.get(to_id)
|
|
322
|
+
|
|
323
|
+
if from_account.balance < amount:
|
|
324
|
+
raise InsufficientFundsError()
|
|
325
|
+
|
|
326
|
+
from_account.balance -= amount
|
|
327
|
+
to_account.balance += amount
|
|
328
|
+
# 事务自动提交或回滚
|
|
329
|
+
```
|
|
330
|
+
|
|
331
|
+
---
|
|
332
|
+
|
|
333
|
+
## 🔴 API Documentation
|
|
334
|
+
|
|
335
|
+
### OpenAPI 自动生成
|
|
336
|
+
|
|
337
|
+
```python
|
|
338
|
+
# FastAPI 自动生成 OpenAPI
|
|
339
|
+
app = FastAPI(
|
|
340
|
+
title="My API",
|
|
341
|
+
description="API description",
|
|
342
|
+
version="1.0.0",
|
|
343
|
+
docs_url="/docs", # Swagger UI
|
|
344
|
+
redoc_url="/redoc", # ReDoc
|
|
345
|
+
openapi_url="/openapi.json"
|
|
346
|
+
)
|
|
347
|
+
|
|
348
|
+
# 端点文档
|
|
349
|
+
@router.post(
|
|
350
|
+
"/users",
|
|
351
|
+
response_model=UserResponse,
|
|
352
|
+
status_code=201,
|
|
353
|
+
summary="Create a new user",
|
|
354
|
+
description="Create a new user with the provided data",
|
|
355
|
+
responses={
|
|
356
|
+
201: {"description": "User created successfully"},
|
|
357
|
+
400: {"description": "Invalid input"},
|
|
358
|
+
409: {"description": "User already exists"}
|
|
359
|
+
}
|
|
360
|
+
)
|
|
361
|
+
async def create_user(user: UserCreate):
|
|
362
|
+
...
|
|
363
|
+
```
|
|
364
|
+
|
|
365
|
+
---
|
|
366
|
+
|
|
367
|
+
## Agent 路由
|
|
368
|
+
|
|
369
|
+
| 任务类型 | 调用 Agent |
|
|
370
|
+
|----------|------------|
|
|
371
|
+
| 后端架构设计 | `agents/backend-architect.md` |
|
|
372
|
+
| FastAPI 开发 | `agents/fastapi-pro.md` |
|
|
373
|
+
| Django 开发 | `agents/django-pro.md` |
|
|
374
|
+
| GraphQL 设计 | `agents/graphql-architect.md` |
|
|
375
|
+
|
|
376
|
+
---
|
|
377
|
+
|
|
378
|
+
## 与 fullstack-developer 集成
|
|
379
|
+
|
|
380
|
+
### 调用时机
|
|
381
|
+
|
|
382
|
+
```
|
|
383
|
+
fullstack-developer Phase 4
|
|
384
|
+
│
|
|
385
|
+
├── 需要 API 开发?
|
|
386
|
+
│ ↓
|
|
387
|
+
│ api-scaffolding
|
|
388
|
+
│ │
|
|
389
|
+
│ ├── 定义 Contract
|
|
390
|
+
│ ├── 生成项目结构
|
|
391
|
+
│ ├── 实现端点
|
|
392
|
+
│ └── 返回: API 代码 + 文档
|
|
393
|
+
│
|
|
394
|
+
└── 继续下一任务
|
|
395
|
+
```
|
|
396
|
+
|
|
397
|
+
### 输出要求
|
|
398
|
+
|
|
399
|
+
```markdown
|
|
400
|
+
## API Scaffolding 完成报告
|
|
401
|
+
|
|
402
|
+
### Contract
|
|
403
|
+
- OpenAPI: `docs/openapi.yaml`
|
|
404
|
+
- 端点数量: X
|
|
405
|
+
|
|
406
|
+
### 实现
|
|
407
|
+
| 端点 | 方法 | 文件 |
|
|
408
|
+
|------|------|------|
|
|
409
|
+
| /api/v1/users | GET/POST | api/v1/endpoints/users.py |
|
|
410
|
+
|
|
411
|
+
### 安全
|
|
412
|
+
- [ ] 认证: JWT
|
|
413
|
+
- [ ] 授权: RBAC
|
|
414
|
+
- [ ] 输入验证: Pydantic
|
|
415
|
+
|
|
416
|
+
### 测试
|
|
417
|
+
- [ ] 单元测试覆盖
|
|
418
|
+
- [ ] 集成测试覆盖
|
|
419
|
+
```
|
|
420
|
+
|
|
421
|
+
---
|
|
422
|
+
|
|
423
|
+
## Reference Navigation
|
|
424
|
+
|
|
425
|
+
| Situation | Read This |
|
|
426
|
+
|-----------|-----------|
|
|
427
|
+
| FastAPI 模板 | `skills/fastapi-templates/SKILL.md` |
|
|
428
|
+
| 后端架构 | `agents/backend-architect.md` |
|
|
429
|
+
| GraphQL 设计 | `agents/graphql-architect.md` |
|
|
430
|
+
| API 测试 | `../api-testing-observability/SKILL.md` |
|
|
431
|
+
| 数据库设计 | `../database-migrations/SKILL.md` |
|