@xonovex/skills 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude-plugin/plugin.json +21 -0
- package/commands/code-align.md +108 -0
- package/commands/code-harden.md +74 -0
- package/commands/code-simplify.md +145 -0
- package/commands/git-commit.md +146 -0
- package/commands/insights-extract.md +109 -0
- package/commands/insights-integrate.md +100 -0
- package/commands/plan-continue.md +167 -0
- package/commands/plan-create.md +107 -0
- package/commands/plan-research.md +113 -0
- package/commands/plan-subplans-create.md +111 -0
- package/commands/plan-tdd-create.md +128 -0
- package/commands/plan-update.md +99 -0
- package/commands/plan-validate.md +100 -0
- package/commands/plan-worktree-abandon.md +104 -0
- package/commands/plan-worktree-create.md +92 -0
- package/commands/plan-worktree-merge.md +132 -0
- package/package.json +44 -0
- package/skills/astro-guidelines/SKILL.md +23 -0
- package/skills/astro-guidelines/reference/accessibility.md +31 -0
- package/skills/astro-guidelines/reference/components.md +42 -0
- package/skills/astro-guidelines/reference/content-collections.md +32 -0
- package/skills/astro-guidelines/reference/islands-architecture.md +26 -0
- package/skills/astro-guidelines/reference/project-structure.md +32 -0
- package/skills/c99-game-opinionated-guidelines/SKILL.md +43 -0
- package/skills/c99-game-opinionated-guidelines/reference/builder-pattern.md +29 -0
- package/skills/c99-game-opinionated-guidelines/reference/coordinate-system.md +27 -0
- package/skills/c99-game-opinionated-guidelines/reference/geometry-pipeline.md +29 -0
- package/skills/c99-game-opinionated-guidelines/reference/math-types.md +31 -0
- package/skills/c99-game-opinionated-guidelines/reference/mesh-types.md +32 -0
- package/skills/c99-game-opinionated-guidelines/reference/physics-patterns.md +28 -0
- package/skills/c99-game-opinionated-guidelines/reference/spatial-structures.md +26 -0
- package/skills/c99-game-opinionated-guidelines/reference/tagged-unions.md +40 -0
- package/skills/c99-game-opinionated-guidelines/reference/vertex-packing.md +38 -0
- package/skills/c99-guidelines/SKILL.md +29 -0
- package/skills/c99-guidelines/reference/compound-literals.md +33 -0
- package/skills/c99-guidelines/reference/const-correctness.md +32 -0
- package/skills/c99-guidelines/reference/designated-initializers.md +32 -0
- package/skills/c99-guidelines/reference/error-handling.md +49 -0
- package/skills/c99-guidelines/reference/inline-functions.md +37 -0
- package/skills/c99-guidelines/reference/memory-management.md +35 -0
- package/skills/c99-opinionated-guidelines/SKILL.md +44 -0
- package/skills/c99-opinionated-guidelines/reference/alignment.md +50 -0
- package/skills/c99-opinionated-guidelines/reference/caller-owns-memory.md +38 -0
- package/skills/c99-opinionated-guidelines/reference/compound-literals.md +33 -0
- package/skills/c99-opinionated-guidelines/reference/const-correctness.md +32 -0
- package/skills/c99-opinionated-guidelines/reference/data-oriented-design.md +42 -0
- package/skills/c99-opinionated-guidelines/reference/designated-initializers.md +32 -0
- package/skills/c99-opinionated-guidelines/reference/error-handling.md +49 -0
- package/skills/c99-opinionated-guidelines/reference/file-naming.md +33 -0
- package/skills/c99-opinionated-guidelines/reference/implementation-variants.md +35 -0
- package/skills/c99-opinionated-guidelines/reference/inline-functions.md +37 -0
- package/skills/c99-opinionated-guidelines/reference/memory-management.md +35 -0
- package/skills/c99-opinionated-guidelines/reference/safety-validations.md +32 -0
- package/skills/c99-opinionated-guidelines/reference/testing-patterns.md +39 -0
- package/skills/cmake-guidelines/SKILL.md +31 -0
- package/skills/cmake-guidelines/reference/compile-options.md +34 -0
- package/skills/cmake-guidelines/reference/fetchcontent.md +32 -0
- package/skills/cmake-guidelines/reference/find-package.md +29 -0
- package/skills/cmake-guidelines/reference/generator-expressions.md +34 -0
- package/skills/cmake-guidelines/reference/installation.md +38 -0
- package/skills/cmake-guidelines/reference/project-structure.md +40 -0
- package/skills/cmake-guidelines/reference/target-types.md +37 -0
- package/skills/cmake-guidelines/reference/testing.md +30 -0
- package/skills/cmake-guidelines/reference/visibility-specifiers.md +32 -0
- package/skills/content-guidelines/SKILL.md +36 -0
- package/skills/content-guidelines/reference/humanize.md +30 -0
- package/skills/content-guidelines/reference/news.md +28 -0
- package/skills/content-guidelines/reference/travelguide.md +31 -0
- package/skills/docker-guidelines/SKILL.md +23 -0
- package/skills/docker-guidelines/reference/docker-compose.md +40 -0
- package/skills/docker-guidelines/reference/layer-caching.md +25 -0
- package/skills/docker-guidelines/reference/multi-stage-builds.md +37 -0
- package/skills/docker-guidelines/reference/production-config.md +32 -0
- package/skills/docker-guidelines/reference/security.md +27 -0
- package/skills/express.js-guidelines/SKILL.md +32 -0
- package/skills/express.js-guidelines/reference/app-setup.md +39 -0
- package/skills/express.js-guidelines/reference/authentication.md +39 -0
- package/skills/express.js-guidelines/reference/controllers.md +49 -0
- package/skills/express.js-guidelines/reference/error-handling.md +54 -0
- package/skills/express.js-guidelines/reference/project-structure.md +29 -0
- package/skills/express.js-guidelines/reference/responses.md +30 -0
- package/skills/express.js-guidelines/reference/routes.md +29 -0
- package/skills/express.js-guidelines/reference/testing.md +39 -0
- package/skills/express.js-guidelines/reference/validation.md +41 -0
- package/skills/general-fp-guidelines/SKILL.md +28 -0
- package/skills/general-oop-guidelines/SKILL.md +28 -0
- package/skills/git-guidelines/SKILL.md +46 -0
- package/skills/git-guidelines/reference/commit.md +32 -0
- package/skills/git-guidelines/reference/merge-resolve.md +38 -0
- package/skills/git-guidelines/reference/worktree-abandon.md +48 -0
- package/skills/git-guidelines/reference/worktree-cleanup.md +40 -0
- package/skills/git-guidelines/reference/worktree-commit.md +46 -0
- package/skills/git-guidelines/reference/worktree-create.md +42 -0
- package/skills/git-guidelines/reference/worktree-merge.md +45 -0
- package/skills/git-guidelines/reference/worktree-validate.md +44 -0
- package/skills/hono-guidelines/SKILL.md +49 -0
- package/skills/hono-guidelines/reference/application-structure.md +53 -0
- package/skills/hono-guidelines/reference/context-storage.md +46 -0
- package/skills/hono-guidelines/reference/cookie-handling.md +63 -0
- package/skills/hono-guidelines/reference/error-handling.md +69 -0
- package/skills/hono-guidelines/reference/middleware-combine.md +47 -0
- package/skills/hono-guidelines/reference/middleware-patterns.md +58 -0
- package/skills/hono-guidelines/reference/platform-runtime.md +41 -0
- package/skills/hono-guidelines/reference/security-middleware.md +60 -0
- package/skills/hono-guidelines/reference/validation-type-safety.md +43 -0
- package/skills/hono-guidelines/reference/websocket-support.md +59 -0
- package/skills/hono-opinionated-guidelines/SKILL.md +49 -0
- package/skills/hono-opinionated-guidelines/reference/application-structure.md +53 -0
- package/skills/hono-opinionated-guidelines/reference/body-limit.md +57 -0
- package/skills/hono-opinionated-guidelines/reference/context-storage.md +46 -0
- package/skills/hono-opinionated-guidelines/reference/controllers.md +38 -0
- package/skills/hono-opinionated-guidelines/reference/cookie-handling.md +63 -0
- package/skills/hono-opinionated-guidelines/reference/error-handling.md +69 -0
- package/skills/hono-opinionated-guidelines/reference/middleware-combine.md +47 -0
- package/skills/hono-opinionated-guidelines/reference/middleware-patterns.md +58 -0
- package/skills/hono-opinionated-guidelines/reference/openapi-explicit-status-codes.md +61 -0
- package/skills/hono-opinionated-guidelines/reference/openapi-inline-handlers.md +56 -0
- package/skills/hono-opinionated-guidelines/reference/openapi-router-hierarchy.md +64 -0
- package/skills/hono-opinionated-guidelines/reference/openapi-spec-generation.md +57 -0
- package/skills/hono-opinionated-guidelines/reference/platform-runtime.md +41 -0
- package/skills/hono-opinionated-guidelines/reference/router-selection.md +34 -0
- package/skills/hono-opinionated-guidelines/reference/security-middleware.md +60 -0
- package/skills/hono-opinionated-guidelines/reference/validation-type-safety.md +43 -0
- package/skills/hono-opinionated-guidelines/reference/websocket-support.md +59 -0
- package/skills/insights-guidelines/SKILL.md +28 -0
- package/skills/insights-guidelines/reference/insights-extract.md +31 -0
- package/skills/insights-guidelines/reference/insights-integrate.md +35 -0
- package/skills/instruction-guidelines/SKILL.md +26 -0
- package/skills/instruction-guidelines/reference/assimilate.md +38 -0
- package/skills/instruction-guidelines/reference/simplify.md +46 -0
- package/skills/instruction-guidelines/reference/sync.md +41 -0
- package/skills/kubernetes-guidelines/SKILL.md +28 -0
- package/skills/kubernetes-guidelines/reference/configmaps-secrets.md +34 -0
- package/skills/kubernetes-guidelines/reference/deployments.md +55 -0
- package/skills/kubernetes-guidelines/reference/kustomize.md +41 -0
- package/skills/kubernetes-guidelines/reference/network-policies.md +53 -0
- package/skills/kubernetes-guidelines/reference/services.md +36 -0
- package/skills/kubernetes-guidelines/reference/validation.md +32 -0
- package/skills/lua-guidelines/SKILL.md +29 -0
- package/skills/lua-guidelines/reference/coroutines.md +66 -0
- package/skills/lua-guidelines/reference/error-handling.md +41 -0
- package/skills/lua-guidelines/reference/idiomatic-patterns.md +40 -0
- package/skills/lua-guidelines/reference/input-validation.md +42 -0
- package/skills/lua-guidelines/reference/local-variables.md +33 -0
- package/skills/lua-guidelines/reference/metatables.md +52 -0
- package/skills/lua-guidelines/reference/module-pattern.md +37 -0
- package/skills/lua-guidelines/reference/string-concatenation.md +31 -0
- package/skills/lua-opinionated-guidelines/SKILL.md +32 -0
- package/skills/lua-opinionated-guidelines/reference/cache-lookups.md +43 -0
- package/skills/lua-opinionated-guidelines/reference/coroutines.md +66 -0
- package/skills/lua-opinionated-guidelines/reference/error-handling.md +41 -0
- package/skills/lua-opinionated-guidelines/reference/idiomatic-patterns.md +40 -0
- package/skills/lua-opinionated-guidelines/reference/input-validation.md +42 -0
- package/skills/lua-opinionated-guidelines/reference/jit-friendly-tables.md +57 -0
- package/skills/lua-opinionated-guidelines/reference/local-variables.md +33 -0
- package/skills/lua-opinionated-guidelines/reference/metatables.md +52 -0
- package/skills/lua-opinionated-guidelines/reference/module-pattern.md +37 -0
- package/skills/lua-opinionated-guidelines/reference/string-concatenation.md +31 -0
- package/skills/moon-guidelines/SKILL.md +30 -0
- package/skills/moon-guidelines/reference/docker-multistage.md +42 -0
- package/skills/moon-guidelines/reference/project-constraints.md +25 -0
- package/skills/moon-guidelines/reference/query-language.md +27 -0
- package/skills/moon-guidelines/reference/tag-based-filtering.md +28 -0
- package/skills/moon-guidelines/reference/task-configuration.md +38 -0
- package/skills/moon-guidelines/reference/task-inheritance.md +30 -0
- package/skills/motion-react-guidelines/SKILL.md +66 -0
- package/skills/motion-react-guidelines/reference/3d-effects.md +35 -0
- package/skills/motion-react-guidelines/reference/entrance.md +36 -0
- package/skills/motion-react-guidelines/reference/exit.md +35 -0
- package/skills/motion-react-guidelines/reference/gestures.md +23 -0
- package/skills/motion-react-guidelines/reference/layout.md +39 -0
- package/skills/motion-react-guidelines/reference/motion-values.md +33 -0
- package/skills/motion-react-guidelines/reference/performance.md +32 -0
- package/skills/motion-react-guidelines/reference/scroll.md +38 -0
- package/skills/motion-react-guidelines/reference/spring-physics.md +40 -0
- package/skills/motion-react-guidelines/reference/stagger.md +34 -0
- package/skills/motion-react-guidelines/reference/svg-path.md +33 -0
- package/skills/motion-react-guidelines/reference/text-effects.md +39 -0
- package/skills/plan-guidelines/SKILL.md +56 -0
- package/skills/plan-guidelines/reference/code-align.md +23 -0
- package/skills/plan-guidelines/reference/code-barrels-remove.md +24 -0
- package/skills/plan-guidelines/reference/code-comments-remove.md +28 -0
- package/skills/plan-guidelines/reference/code-harden.md +30 -0
- package/skills/plan-guidelines/reference/code-shared-extract.md +25 -0
- package/skills/plan-guidelines/reference/code-simplify.md +33 -0
- package/skills/plan-guidelines/reference/code-template-extract.md +34 -0
- package/skills/plan-guidelines/reference/code-template-scaffold.md +36 -0
- package/skills/plan-guidelines/reference/general-research.md +35 -0
- package/skills/plan-guidelines/reference/plan-create.md +37 -0
- package/skills/plan-guidelines/reference/plan-tdd-create.md +44 -0
- package/skills/plan-guidelines/reference/todos.md +39 -0
- package/skills/presentation-guidelines/SKILL.md +25 -0
- package/skills/presentation-guidelines/reference/presentation-create.md +41 -0
- package/skills/presentation-guidelines/reference/presentation-motion-scaffold.md +38 -0
- package/skills/python-guidelines/SKILL.md +32 -0
- package/skills/python-guidelines/reference/async-await-patterns.md +62 -0
- package/skills/python-guidelines/reference/caching-functions.md +47 -0
- package/skills/python-guidelines/reference/dataclasses-type-hints.md +63 -0
- package/skills/python-guidelines/reference/exception-handling.md +72 -0
- package/skills/python-guidelines/reference/generators-comprehensions.md +54 -0
- package/skills/python-guidelines/reference/pathlib-file-ops.md +60 -0
- package/skills/python-guidelines/reference/resource-management.md +58 -0
- package/skills/python-guidelines/reference/string-formatting.md +41 -0
- package/skills/python-guidelines/reference/type-checking.md +47 -0
- package/skills/react-guidelines/SKILL.md +105 -0
- package/skills/react-guidelines/reference/accessibility.md +31 -0
- package/skills/react-guidelines/reference/activity-effect-event.md +42 -0
- package/skills/react-guidelines/reference/component-design.md +57 -0
- package/skills/react-guidelines/reference/hooks.md +39 -0
- package/skills/react-guidelines/reference/migration-anti-patterns.md +33 -0
- package/skills/react-guidelines/reference/migration-deprecations.md +109 -0
- package/skills/react-guidelines/reference/migration-paradigm-shifts.md +33 -0
- package/skills/react-guidelines/reference/migration-typescript.md +95 -0
- package/skills/react-guidelines/reference/new-hooks.md +94 -0
- package/skills/react-guidelines/reference/performance-optimization.md +41 -0
- package/skills/react-guidelines/reference/react-compiler.md +34 -0
- package/skills/react-guidelines/reference/server-components.md +99 -0
- package/skills/react-guidelines/reference/state-management.md +72 -0
- package/skills/react-guidelines/reference/suspense-streaming.md +36 -0
- package/skills/remotion-guidelines/SKILL.md +67 -0
- package/skills/remotion-guidelines/reference/animations.md +121 -0
- package/skills/remotion-guidelines/reference/assets.md +21 -0
- package/skills/remotion-guidelines/reference/captions.md +33 -0
- package/skills/remotion-guidelines/reference/charts.md +35 -0
- package/skills/remotion-guidelines/reference/compositions.md +40 -0
- package/skills/remotion-guidelines/reference/dom-measurement.md +82 -0
- package/skills/remotion-guidelines/reference/gifs.md +33 -0
- package/skills/remotion-guidelines/reference/lottie.md +41 -0
- package/skills/remotion-guidelines/reference/maps.md +26 -0
- package/skills/remotion-guidelines/reference/media.md +39 -0
- package/skills/remotion-guidelines/reference/mediabunny.md +28 -0
- package/skills/remotion-guidelines/reference/sequencing.md +44 -0
- package/skills/remotion-guidelines/reference/text.md +24 -0
- package/skills/remotion-guidelines/reference/three-d.md +33 -0
- package/skills/remotion-guidelines/reference/timing.md +22 -0
- package/skills/remotion-guidelines/reference/transitions.md +52 -0
- package/skills/shell-scripting-guidelines/SKILL.md +31 -0
- package/skills/shell-scripting-guidelines/reference/argument-parsing.md +67 -0
- package/skills/shell-scripting-guidelines/reference/common-patterns.md +46 -0
- package/skills/shell-scripting-guidelines/reference/error-handling.md +62 -0
- package/skills/shell-scripting-guidelines/reference/functions.md +66 -0
- package/skills/shell-scripting-guidelines/reference/idempotency.md +57 -0
- package/skills/shell-scripting-guidelines/reference/parameter-expansion.md +38 -0
- package/skills/shell-scripting-guidelines/reference/posix-compatibility.md +53 -0
- package/skills/shell-scripting-guidelines/reference/quoting.md +42 -0
- package/skills/shell-scripting-guidelines/reference/script-template.md +70 -0
- package/skills/shell-scripting-guidelines/reference/strict-mode.md +41 -0
- package/skills/shell-scripting-guidelines/reference/validation.md +30 -0
- package/skills/skill-guidelines/SKILL.md +33 -0
- package/skills/skill-guidelines/reference/assimilate.md +51 -0
- package/skills/skill-guidelines/reference/create.md +48 -0
- package/skills/skill-guidelines/reference/extract.md +48 -0
- package/skills/skill-guidelines/reference/simplify.md +56 -0
- package/skills/sql-postgresql-guidelines/SKILL.md +31 -0
- package/skills/sql-postgresql-guidelines/reference/constraints.md +47 -0
- package/skills/sql-postgresql-guidelines/reference/cte-patterns.md +42 -0
- package/skills/sql-postgresql-guidelines/reference/data-types.md +46 -0
- package/skills/sql-postgresql-guidelines/reference/indexing.md +45 -0
- package/skills/sql-postgresql-guidelines/reference/jsonb.md +54 -0
- package/skills/sql-postgresql-guidelines/reference/performance.md +46 -0
- package/skills/sql-postgresql-guidelines/reference/role-based-access.md +47 -0
- package/skills/sql-postgresql-guidelines/reference/row-level-security.md +66 -0
- package/skills/strudel-guidelines/SKILL.md +52 -0
- package/skills/strudel-guidelines/reference/arrangement.md +24 -0
- package/skills/strudel-guidelines/reference/conditionals.md +22 -0
- package/skills/strudel-guidelines/reference/effects.md +22 -0
- package/skills/strudel-guidelines/reference/genre-ambient.md +26 -0
- package/skills/strudel-guidelines/reference/genre-harsh.md +21 -0
- package/skills/strudel-guidelines/reference/genre-trance.md +23 -0
- package/skills/strudel-guidelines/reference/layering.md +22 -0
- package/skills/strudel-guidelines/reference/mini-notation.md +74 -0
- package/skills/strudel-guidelines/reference/modulation.md +22 -0
- package/skills/strudel-guidelines/reference/scales-harmony.md +20 -0
- package/skills/strudel-guidelines/reference/sounds.md +89 -0
- package/skills/strudel-guidelines/reference/tempo-timing.md +23 -0
- package/skills/terraform-guidelines/SKILL.md +28 -0
- package/skills/terraform-guidelines/reference/advanced-patterns.md +88 -0
- package/skills/terraform-guidelines/reference/locals.md +53 -0
- package/skills/terraform-guidelines/reference/module-definition.md +81 -0
- package/skills/terraform-guidelines/reference/module-structure.md +51 -0
- package/skills/terraform-guidelines/reference/remote-state.md +38 -0
- package/skills/terraform-guidelines/reference/root-module.md +71 -0
- package/skills/terraform-guidelines/reference/typed-variables.md +90 -0
- package/skills/threejs-guidelines/SKILL.md +38 -0
- package/skills/threejs-guidelines/reference/animation.md +26 -0
- package/skills/threejs-guidelines/reference/cameras-controls.md +26 -0
- package/skills/threejs-guidelines/reference/geometry.md +22 -0
- package/skills/threejs-guidelines/reference/interaction.md +25 -0
- package/skills/threejs-guidelines/reference/lighting-shadows.md +31 -0
- package/skills/threejs-guidelines/reference/loaders.md +29 -0
- package/skills/threejs-guidelines/reference/materials.md +25 -0
- package/skills/threejs-guidelines/reference/math.md +27 -0
- package/skills/threejs-guidelines/reference/node-materials.md +32 -0
- package/skills/threejs-guidelines/reference/patterns.md +29 -0
- package/skills/threejs-guidelines/reference/performance.md +24 -0
- package/skills/threejs-guidelines/reference/physics-vr.md +36 -0
- package/skills/threejs-guidelines/reference/postprocessing.md +26 -0
- package/skills/threejs-guidelines/reference/scene-fundamentals.md +26 -0
- package/skills/threejs-guidelines/reference/shaders.md +28 -0
- package/skills/threejs-guidelines/reference/textures.md +21 -0
- package/skills/threejs-guidelines/reference/webgpu.md +34 -0
- package/skills/typescript-guidelines/SKILL.md +37 -0
- package/skills/typescript-guidelines/reference/async-without-await.md +32 -0
- package/skills/typescript-guidelines/reference/avoid-barrel-exports.md +25 -0
- package/skills/typescript-guidelines/reference/avoid-eslint-disable.md +28 -0
- package/skills/typescript-guidelines/reference/avoid-reexports.md +26 -0
- package/skills/typescript-guidelines/reference/env-access-bracket-notation.md +29 -0
- package/skills/typescript-guidelines/reference/numeric-separator-enforcement.md +30 -0
- package/skills/typescript-guidelines/reference/template-literals-require-string-conversion.md +26 -0
- package/skills/typescript-guidelines/reference/unbound-method-references.md +32 -0
- package/skills/typescript-guidelines/reference/unnecessary-async-keywords.md +37 -0
- package/skills/typescript-to-lua-guidelines/SKILL.md +33 -0
- package/skills/typescript-to-lua-guidelines/reference/avoiding-heavy-features.md +41 -0
- package/skills/typescript-to-lua-guidelines/reference/coroutine-patterns.md +49 -0
- package/skills/typescript-to-lua-guidelines/reference/function-patterns.md +59 -0
- package/skills/typescript-to-lua-guidelines/reference/lua-interop.md +49 -0
- package/skills/typescript-to-lua-guidelines/reference/module-organization.md +42 -0
- package/skills/typescript-to-lua-guidelines/reference/multi-return-functions.md +47 -0
- package/skills/typescript-to-lua-guidelines/reference/namespaces-vs-classes.md +52 -0
- package/skills/typescript-to-lua-guidelines/reference/performance-tips.md +68 -0
- package/skills/typescript-to-lua-guidelines/reference/stable-tables.md +60 -0
- package/skills/typescript-to-lua-guidelines/reference/tsconfig.md +46 -0
- package/skills/typescript-to-lua-guidelines/reference/tstl-decorators.md +61 -0
- package/skills/typescript-to-lua-guidelines/reference/type-safety.md +79 -0
- package/skills/vitest-guidelines/SKILL.md +32 -0
- package/skills/vitest-guidelines/reference/cors-preflight-status-code.md +34 -0
- package/skills/vitest-guidelines/reference/http-testing.md +57 -0
- package/skills/vitest-guidelines/reference/json-response-type-safety.md +40 -0
- package/skills/vitest-guidelines/reference/mock-patterns.md +53 -0
- package/skills/vitest-guidelines/reference/project-references-path-resolution.md +36 -0
- package/skills/vitest-guidelines/reference/test-organization.md +25 -0
- package/skills/vitest-guidelines/reference/timestamp-testing.md +55 -0
- package/skills/vitest-guidelines/reference/type-safety.md +55 -0
- package/skills/vitest-guidelines/reference/typescript-config.md +43 -0
- package/skills/zod-guidelines/SKILL.md +33 -0
- package/skills/zod-guidelines/reference/default-values-output-type.md +63 -0
- package/skills/zod-guidelines/reference/migration-string-validators.md +38 -0
- package/skills/zod-guidelines/reference/migration-v4.md +46 -0
- package/skills/zod-guidelines/reference/schema-organization.md +73 -0
- package/skills/zod-guidelines/reference/validation-patterns.md +37 -0
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# worktree-create: Create Feature Worktree
|
|
2
|
+
|
|
3
|
+
**Guideline:** Create worktree with feature branch for isolated development without affecting current worktree.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Enables parallel feature development in separate directories, avoiding context switching and stash complications that plague single-worktree workflows.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
# From services directory with master branch
|
|
11
|
+
cd /home/user/project/services
|
|
12
|
+
|
|
13
|
+
# Create worktree for auth-flow feature
|
|
14
|
+
# Creates: ../services-feature-auth-flow directory
|
|
15
|
+
# Creates: services/feature/auth-flow branch (off master)
|
|
16
|
+
git worktree add ../services-feature-auth-flow -b services/feature/auth-flow master
|
|
17
|
+
|
|
18
|
+
# Config stores the merge target
|
|
19
|
+
git config branch.services/feature/auth-flow.mergeBackTo master
|
|
20
|
+
|
|
21
|
+
# Navigate to new worktree and start development
|
|
22
|
+
cd ../services-feature-auth-flow
|
|
23
|
+
npm install
|
|
24
|
+
npm run typecheck
|
|
25
|
+
|
|
26
|
+
# Commit work independently without affecting main worktree
|
|
27
|
+
git add services/auth/login.ts
|
|
28
|
+
git commit -m "feat: Add LoginFlow component"
|
|
29
|
+
|
|
30
|
+
# Later, merge back to source
|
|
31
|
+
cd ../services
|
|
32
|
+
git merge services/feature/auth-flow --no-ff
|
|
33
|
+
git push origin master
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
**Techniques:**
|
|
37
|
+
- Detect worktree name from directory basename
|
|
38
|
+
- Get source branch from arg or `git branch --show-current`
|
|
39
|
+
- Sanitize feature name to kebab-case format
|
|
40
|
+
- Create directory `../<worktree>-feature-<name>` and branch `<worktree>/feature/<name>`
|
|
41
|
+
- Create worktree: `git worktree add <dir> -b <branch> <source-branch>`
|
|
42
|
+
- Store merge target in git config: `git config branch.<branch>.mergeBackTo <source-branch>`
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
# worktree-merge: Merge Feature Worktree Back to Source
|
|
2
|
+
|
|
3
|
+
**Guideline:** Merge feature worktree branch back to source branch after validation passes to complete the feature development cycle.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Completing the merge integrates changes to main codebase and enables cleanup of the temporary feature worktree while maintaining code quality.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
# In feature worktree after validation passes
|
|
11
|
+
cd ../services-feature-auth-flow
|
|
12
|
+
npm run typecheck && npm run lint && npm run build && npm run test
|
|
13
|
+
# All pass ✓
|
|
14
|
+
|
|
15
|
+
# Merge to source worktree
|
|
16
|
+
MERGE_SOURCE=$(git config branch.services/feature/auth-flow.mergeBackTo)
|
|
17
|
+
# MERGE_SOURCE = master
|
|
18
|
+
|
|
19
|
+
cd ../services
|
|
20
|
+
git pull origin master
|
|
21
|
+
git merge services/feature/auth-flow --no-ff
|
|
22
|
+
# Merge commit created
|
|
23
|
+
|
|
24
|
+
# Validate merged result
|
|
25
|
+
npm run typecheck && npm run lint
|
|
26
|
+
# All pass ✓
|
|
27
|
+
|
|
28
|
+
# Push to remote
|
|
29
|
+
git push origin master
|
|
30
|
+
|
|
31
|
+
# Optional: Clean up feature worktree
|
|
32
|
+
cd ../services
|
|
33
|
+
git worktree remove ../services-feature-auth-flow
|
|
34
|
+
git branch -d services/feature/auth-flow
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
**Techniques:**
|
|
38
|
+
- Verify validation passed
|
|
39
|
+
- Read source: `git config branch.<branch>.mergeBackTo`
|
|
40
|
+
- Navigate to source worktree directory
|
|
41
|
+
- Update source: `git pull origin <source-branch>`
|
|
42
|
+
- Merge: `git merge <feature-branch> --no-ff`
|
|
43
|
+
- Handle conflicts (auto-resolve simple, manual review complex)
|
|
44
|
+
- Validate merged result: `npm run typecheck && npm run lint`
|
|
45
|
+
- Push: `git push origin <source-branch>`
|
|
@@ -0,0 +1,44 @@
|
|
|
1
|
+
# worktree-validate: Pre-Merge Validation Checkpoint
|
|
2
|
+
|
|
3
|
+
**Guideline:** Validate feature worktree before merge by running typecheck, lint, build, and tests to ensure stability.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Running validation before merge catches issues early, ensures quality standards are met, and verifies the feature aligns with plan criteria when configured.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
# In feature worktree
|
|
11
|
+
cd ../services-feature-auth-flow
|
|
12
|
+
|
|
13
|
+
# Run validation checks
|
|
14
|
+
npm run typecheck
|
|
15
|
+
# ✓ PASS (0 errors)
|
|
16
|
+
|
|
17
|
+
npm run lint
|
|
18
|
+
# ✓ PASS (0 errors)
|
|
19
|
+
|
|
20
|
+
npm run build
|
|
21
|
+
# ✓ PASS (bundle 245 KB)
|
|
22
|
+
|
|
23
|
+
npm run test
|
|
24
|
+
# ✓ PASS (42 tests, 0 failures, 95% coverage)
|
|
25
|
+
|
|
26
|
+
# Check plan criteria if configured
|
|
27
|
+
git config branch.services/feature/auth-flow.plan
|
|
28
|
+
# "Implement email+password flow with TOTP and backup codes"
|
|
29
|
+
|
|
30
|
+
# Verify plan success criteria met:
|
|
31
|
+
# ✓ Email validation (part of LoginFlow)
|
|
32
|
+
# ✓ TOTP verification (part of LoginFlow)
|
|
33
|
+
# ✓ Backup codes support (in VerificationFlow)
|
|
34
|
+
|
|
35
|
+
# Overall status: READY TO MERGE
|
|
36
|
+
# All validation passed, all plan criteria met
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
**Techniques:**
|
|
40
|
+
- Verify in feature worktree
|
|
41
|
+
- Check commits complete
|
|
42
|
+
- Run validation in sequence: `npm run typecheck`, `npm run lint`, `npm run build`, `npm run test`
|
|
43
|
+
- Check plan criteria if associated
|
|
44
|
+
- Report results
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: hono-guidelines
|
|
3
|
+
description: >-
|
|
4
|
+
Trigger on `*.ts` files with Hono imports or `@hono/` packages. Use when building Hono 4.0+ API servers. Apply for validation, middleware, error handling, WebSockets. Keywords: Hono, middleware, Zod validator, error handling, WebSocket.
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Hono Coding Guidelines
|
|
8
|
+
|
|
9
|
+
## Requirements
|
|
10
|
+
|
|
11
|
+
- Hono ≥ 4.0, @hono/node-server, @hono/zod-validator, TypeScript ≥ 5.8
|
|
12
|
+
|
|
13
|
+
## Essentials
|
|
14
|
+
|
|
15
|
+
- **Factory functions** - Use for testability and domain organization, see [reference/application-structure.md](reference/application-structure.md)
|
|
16
|
+
- **Type-safe validation** - Cast `c.req.valid` properly, handle errors with Zod, see [reference/validation-type-safety.md](reference/validation-type-safety.md)
|
|
17
|
+
- **Middleware configuration** - Use factories for CORS, composition with `some()`/`every()`/`except()`, see [reference/middleware-patterns.md](reference/middleware-patterns.md), [reference/middleware-combine.md](reference/middleware-combine.md)
|
|
18
|
+
- **WebSocket helpers** - Keep object references to maintain `this` binding, see [reference/websocket-support.md](reference/websocket-support.md)
|
|
19
|
+
- **Error responses** - Use RFC 7807 Problem Details format, see [reference/error-handling.md](reference/error-handling.md)
|
|
20
|
+
- **Security middleware** - Apply `secureHeaders()` for security headers, see [reference/security-middleware.md](reference/security-middleware.md)
|
|
21
|
+
- **Cookie handling** - Set secure options explicitly, use signed cookies, see [reference/cookie-handling.md](reference/cookie-handling.md)
|
|
22
|
+
- **Platform portability** - Use `env(c)` for environment, `getRuntimeKey()` for detection, see [reference/platform-runtime.md](reference/platform-runtime.md)
|
|
23
|
+
|
|
24
|
+
## Example
|
|
25
|
+
|
|
26
|
+
```typescript
|
|
27
|
+
import {Hono} from "hono";
|
|
28
|
+
import {secureHeaders} from "hono/secure-headers";
|
|
29
|
+
|
|
30
|
+
export function createApp() {
|
|
31
|
+
const app = new Hono();
|
|
32
|
+
app.use("*", secureHeaders());
|
|
33
|
+
app.route("/api/v1", v1Router);
|
|
34
|
+
return app;
|
|
35
|
+
}
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
## Progressive disclosure
|
|
39
|
+
|
|
40
|
+
- Read [reference/application-structure.md](reference/application-structure.md) - When organizing a new Hono application
|
|
41
|
+
- Read [reference/validation-type-safety.md](reference/validation-type-safety.md) - When losing type safety after validation
|
|
42
|
+
- Read [reference/middleware-patterns.md](reference/middleware-patterns.md) - When creating reusable middleware or configuring CORS
|
|
43
|
+
- Read [reference/websocket-support.md](reference/websocket-support.md) - When implementing WebSocket endpoints
|
|
44
|
+
- Read [reference/error-handling.md](reference/error-handling.md) - When standardizing error responses across routes
|
|
45
|
+
- Read [reference/security-middleware.md](reference/security-middleware.md) - When configuring auth, CSRF, or security headers
|
|
46
|
+
- Read [reference/cookie-handling.md](reference/cookie-handling.md) - When managing sessions or sensitive cookies
|
|
47
|
+
- Read [reference/context-storage.md](reference/context-storage.md) - When accessing Context outside handlers
|
|
48
|
+
- Read [reference/middleware-combine.md](reference/middleware-combine.md) - When composing complex middleware logic
|
|
49
|
+
- Read [reference/platform-runtime.md](reference/platform-runtime.md) - When deploying across multiple runtimes
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
# application-structure: Application Factory and Router Organization
|
|
2
|
+
|
|
3
|
+
**Guideline:** Use factory functions to create Hono applications instead of exporting instances, and organize routes into separate router files by domain.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Factory functions enable testability by creating fresh instances per test, support dependency injection, and improve isolation. Domain-based router organization provides clear separation of concerns and reduces merge conflicts in team environments.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
// src/app.ts - Main application factory
|
|
11
|
+
import {Hono} from "hono";
|
|
12
|
+
import {cors} from "hono/cors";
|
|
13
|
+
import {logger} from "hono/logger";
|
|
14
|
+
import {v1Router} from "./routes/v1/index.js";
|
|
15
|
+
import {v2Router} from "./routes/v2/index.js";
|
|
16
|
+
|
|
17
|
+
export function createApp() {
|
|
18
|
+
const app = new Hono();
|
|
19
|
+
|
|
20
|
+
// Global middleware
|
|
21
|
+
app.use("*", logger());
|
|
22
|
+
app.use("*", cors());
|
|
23
|
+
|
|
24
|
+
// Mount routers by version
|
|
25
|
+
app.route("/api/v1", v1Router);
|
|
26
|
+
app.route("/api/v2", v2Router);
|
|
27
|
+
|
|
28
|
+
return app;
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
// src/routes/v1/users.ts - Domain router
|
|
32
|
+
import {Hono} from "hono";
|
|
33
|
+
import {zValidator} from "@hono/zod-validator";
|
|
34
|
+
import * as controller from "../../controllers/users.controller.js";
|
|
35
|
+
import {CreateUserSchema} from "../../schemas/users.js";
|
|
36
|
+
|
|
37
|
+
export const usersRouter = new Hono();
|
|
38
|
+
|
|
39
|
+
usersRouter.post(
|
|
40
|
+
"/",
|
|
41
|
+
zValidator("json", CreateUserSchema),
|
|
42
|
+
controller.createUser,
|
|
43
|
+
);
|
|
44
|
+
```
|
|
45
|
+
|
|
46
|
+
**Techniques:**
|
|
47
|
+
- Create `createApp()` factory function instead of exporting instances
|
|
48
|
+
- Configure global middleware inside the factory
|
|
49
|
+
- Mount domain routers using `app.route()`
|
|
50
|
+
- Organize routers in separate files by domain (users, items, etc.)
|
|
51
|
+
- Import controllers from dedicated controller files
|
|
52
|
+
- Keep route definitions focused on routing logic only
|
|
53
|
+
- Export factory functions for testability
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
# context-storage: Access Context Globally with AsyncLocalStorage
|
|
2
|
+
|
|
3
|
+
**Guideline:** Use `contextStorage()` middleware with `getContext()` to access Hono Context outside route handlers, enabling cleaner service layer code without parameter drilling.
|
|
4
|
+
|
|
5
|
+
**Rationale:** AsyncLocalStorage provides global access to the current request context without parameter drilling through the call stack, enabling clean separation between routing and business logic while automatically cleaning up context after requests.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {Hono} from "hono";
|
|
11
|
+
import {contextStorage, getContext} from "hono/context-storage";
|
|
12
|
+
|
|
13
|
+
const app = new Hono();
|
|
14
|
+
|
|
15
|
+
// Enable context storage early
|
|
16
|
+
app.use(contextStorage());
|
|
17
|
+
|
|
18
|
+
// Set request metadata
|
|
19
|
+
app.use("*", async (c, next) => {
|
|
20
|
+
c.set("requestId", crypto.randomUUID());
|
|
21
|
+
c.set("tenantId", c.req.header("X-Tenant-ID"));
|
|
22
|
+
await next();
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
app.get("/items", (c) => {
|
|
26
|
+
const items = itemsService.list(); // No context passed
|
|
27
|
+
return c.json(items);
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
// In service layer (separate file)
|
|
31
|
+
export function list() {
|
|
32
|
+
const c = getContext();
|
|
33
|
+
const tenantId = c.get("tenantId");
|
|
34
|
+
const requestId = c.get("requestId");
|
|
35
|
+
|
|
36
|
+
logger.info(`[${requestId}] Listing items for tenant ${tenantId}`);
|
|
37
|
+
return db.items.findMany({where: {tenantId}});
|
|
38
|
+
}
|
|
39
|
+
```
|
|
40
|
+
|
|
41
|
+
**Techniques:**
|
|
42
|
+
- Import `contextStorage` and `getContext` from `hono/context-storage`
|
|
43
|
+
- Apply `contextStorage()` middleware early in middleware chain
|
|
44
|
+
- Call `getContext()` anywhere during request handling to access context
|
|
45
|
+
- For Cloudflare Workers enable `nodejs_compat` flag
|
|
46
|
+
- Use sparingly as explicit parameters are more testable
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# cookie-handling: Secure Cookie Configuration and Signed Cookies
|
|
2
|
+
|
|
3
|
+
**Guideline:** Set secure cookie options explicitly, use signed cookies for sensitive data, and follow browser-enforced prefix requirements for additional security.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Cookies require careful configuration to ensure HTTPS-only transmission, prevent JavaScript access, defend against CSRF, and verify integrity. Cookie prefixes enforce additional security guarantees, while signed cookies prevent tampering and provide strong integrity verification for sensitive client-side state.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {
|
|
11
|
+
getCookie,
|
|
12
|
+
getSignedCookie,
|
|
13
|
+
setCookie,
|
|
14
|
+
setSignedCookie,
|
|
15
|
+
} from "hono/cookie";
|
|
16
|
+
|
|
17
|
+
// Standard secure cookie
|
|
18
|
+
app.post("/login", (c) => {
|
|
19
|
+
setCookie(c, "session", sessionId, {
|
|
20
|
+
secure: true,
|
|
21
|
+
httpOnly: true,
|
|
22
|
+
sameSite: "Strict",
|
|
23
|
+
maxAge: 86400, // 1 day
|
|
24
|
+
path: "/",
|
|
25
|
+
});
|
|
26
|
+
return c.json({success: true});
|
|
27
|
+
});
|
|
28
|
+
|
|
29
|
+
// Signed cookie for integrity (async)
|
|
30
|
+
app.post("/preferences", async (c) => {
|
|
31
|
+
await setSignedCookie(c, "prefs", JSON.stringify(prefs), "secret-key", {
|
|
32
|
+
secure: true,
|
|
33
|
+
httpOnly: true,
|
|
34
|
+
sameSite: "Lax",
|
|
35
|
+
});
|
|
36
|
+
return c.json({saved: true});
|
|
37
|
+
});
|
|
38
|
+
|
|
39
|
+
// Verify signed cookie
|
|
40
|
+
app.get("/preferences", async (c) => {
|
|
41
|
+
const prefs = await getSignedCookie(c, "secret-key", "prefs");
|
|
42
|
+
if (prefs === false) {
|
|
43
|
+
return c.json({error: "Invalid signature"}, 400);
|
|
44
|
+
}
|
|
45
|
+
return c.json(JSON.parse(prefs ?? "{}"));
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
// Host-prefixed cookie (strictest)
|
|
49
|
+
setCookie(c, "__Host-session", token, {
|
|
50
|
+
secure: true,
|
|
51
|
+
path: "/",
|
|
52
|
+
// domain must NOT be set for __Host- prefix
|
|
53
|
+
});
|
|
54
|
+
```
|
|
55
|
+
|
|
56
|
+
**Techniques:**
|
|
57
|
+
- Import cookie helpers from `hono/cookie` (setCookie, getCookie, setSignedCookie, getSignedCookie)
|
|
58
|
+
- Always set `secure: true` and `httpOnly: true` for sensitive cookies
|
|
59
|
+
- Use `sameSite: 'Strict'` for maximum CSRF protection or `'Lax'` for better compatibility
|
|
60
|
+
- Use `setSignedCookie` (async) for cookies requiring integrity verification
|
|
61
|
+
- Verify signed cookies with `getSignedCookie` and check for false value on tampering
|
|
62
|
+
- Use `__Host-` prefix for strictest cookie restrictions (requires `secure: true` and `path: '/'`)
|
|
63
|
+
- Keep `maxAge` under 400 days to respect browser limits
|
|
@@ -0,0 +1,69 @@
|
|
|
1
|
+
# error-handling: RFC 7807 Problem Details for Consistent Error Responses
|
|
2
|
+
|
|
3
|
+
**Guideline:** Use RFC 7807 Problem Details format for all error responses to provide consistent, structured, machine-readable error information across your API.
|
|
4
|
+
|
|
5
|
+
**Rationale:** RFC 7807 provides a standard structure recognized across HTTP APIs, enabling clients to parse errors consistently with machine-readable field-level validation details and request context. Built-in extensibility and separation between human and machine-readable fields improves debugging and error handling.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import type {Context} from "hono";
|
|
11
|
+
import type {z} from "zod";
|
|
12
|
+
|
|
13
|
+
export interface ProblemDetails {
|
|
14
|
+
type: string;
|
|
15
|
+
title: string;
|
|
16
|
+
status: number;
|
|
17
|
+
detail?: string;
|
|
18
|
+
instance?: string;
|
|
19
|
+
issues?: {
|
|
20
|
+
path: string[];
|
|
21
|
+
message: string;
|
|
22
|
+
code?: string;
|
|
23
|
+
}[];
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
export function badRequest(c: Context, error: z.ZodError): Response {
|
|
27
|
+
const problem: ProblemDetails = {
|
|
28
|
+
type: "about:blank#bad-request",
|
|
29
|
+
title: "Bad Request",
|
|
30
|
+
status: 400,
|
|
31
|
+
detail: "Request validation failed",
|
|
32
|
+
instance: c.req.path,
|
|
33
|
+
issues: error.issues.map((issue) => ({
|
|
34
|
+
path: issue.path.map(String),
|
|
35
|
+
message: issue.message,
|
|
36
|
+
code: issue.code,
|
|
37
|
+
})),
|
|
38
|
+
};
|
|
39
|
+
|
|
40
|
+
return new Response(JSON.stringify(problem), {
|
|
41
|
+
status: 400,
|
|
42
|
+
headers: {"Content-Type": "application/json"},
|
|
43
|
+
});
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
export function notFound(c: Context, detail: string): Response {
|
|
47
|
+
const problem: ProblemDetails = {
|
|
48
|
+
type: "about:blank#not-found",
|
|
49
|
+
title: "Not Found",
|
|
50
|
+
status: 404,
|
|
51
|
+
detail,
|
|
52
|
+
instance: c.req.path,
|
|
53
|
+
};
|
|
54
|
+
|
|
55
|
+
return new Response(JSON.stringify(problem), {
|
|
56
|
+
status: 404,
|
|
57
|
+
headers: {"Content-Type": "application/json"},
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
**Techniques:**
|
|
63
|
+
- Define `ProblemDetails` TypeScript interface matching RFC 7807 spec
|
|
64
|
+
- Include required fields: type, title, status
|
|
65
|
+
- Include optional fields: detail, instance, custom extensions
|
|
66
|
+
- For validation errors add `issues` array with field-level details
|
|
67
|
+
- Create helper functions for common error types (badRequest, notFound, etc.)
|
|
68
|
+
- Return proper HTTP status codes matching the status field
|
|
69
|
+
- Set `Content-Type: application/json` header
|
|
@@ -0,0 +1,47 @@
|
|
|
1
|
+
# middleware-combine: Composing Middleware with some, every, except
|
|
2
|
+
|
|
3
|
+
**Guideline:** Use the `combine` module (`some`, `every`, `except`) to compose complex middleware logic for conditional execution and access control.
|
|
4
|
+
|
|
5
|
+
**Rationale:** The combine module provides declarative composition of complex requirements: `some()` implements OR logic for alternative auth methods, `every()` implements AND logic for layered checks, and `except()` skips middleware for specific paths, enabling cleaner code than nested conditionals.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {basicAuth} from "hono/basic-auth";
|
|
11
|
+
import {bearerAuth} from "hono/bearer-auth";
|
|
12
|
+
import {every, except, some} from "hono/combine";
|
|
13
|
+
|
|
14
|
+
// Accept either basic auth OR bearer token
|
|
15
|
+
app.use(
|
|
16
|
+
"/api/*",
|
|
17
|
+
some(
|
|
18
|
+
basicAuth({verifyUser: verifyBasicAuth}),
|
|
19
|
+
bearerAuth({verifyToken: verifyBearerToken}),
|
|
20
|
+
),
|
|
21
|
+
);
|
|
22
|
+
|
|
23
|
+
// Must be authenticated AND have admin role
|
|
24
|
+
app.use(
|
|
25
|
+
"/admin/*",
|
|
26
|
+
every(bearerAuth({verifyToken: verifyToken}), async (c, next) => {
|
|
27
|
+
const user = c.get("user");
|
|
28
|
+
if (user.role !== "admin") {
|
|
29
|
+
return c.json({error: "Forbidden"}, 403);
|
|
30
|
+
}
|
|
31
|
+
await next();
|
|
32
|
+
}),
|
|
33
|
+
);
|
|
34
|
+
|
|
35
|
+
// Apply rate limiting to all routes EXCEPT health checks
|
|
36
|
+
app.use("*", except("/health", rateLimiter({max: 100, window: 60})));
|
|
37
|
+
|
|
38
|
+
// Multiple path exclusions
|
|
39
|
+
app.use("*", except(["/health", "/metrics", "/ready"], authMiddleware()));
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
**Techniques:**
|
|
43
|
+
- Import `some`, `every`, `except` from `hono/combine`
|
|
44
|
+
- Use `some()` for alternative auth methods (OAuth OR API key)
|
|
45
|
+
- Use `every()` for layered requirements (authenticated AND has role)
|
|
46
|
+
- Use `except()` for path-based middleware exclusions
|
|
47
|
+
- Combine module handlers with other Hono middleware seamlessly
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# middleware-patterns: CORS Configuration and Custom Middleware
|
|
2
|
+
|
|
3
|
+
**Guideline:** Configure CORS differently for development and production, and use middleware factory functions to ensure proper `this` binding and parameterization.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Environment-specific CORS balances development convenience with production security. Middleware factories ensure correct context binding in async operations, enable parameterization, and provide consistent patterns across applications through proper closure over configuration values.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import type {Context, Next} from "hono";
|
|
11
|
+
import {cors} from "hono/cors";
|
|
12
|
+
|
|
13
|
+
// Environment-specific CORS
|
|
14
|
+
const isDevelopment = process.env.NODE_ENV === "development";
|
|
15
|
+
|
|
16
|
+
if (isDevelopment) {
|
|
17
|
+
// Development: Permissive
|
|
18
|
+
app.use(
|
|
19
|
+
"*",
|
|
20
|
+
cors({
|
|
21
|
+
origin: "*",
|
|
22
|
+
allowMethods: ["GET", "POST", "PUT", "DELETE"],
|
|
23
|
+
maxAge: 86_400, // 24 hours
|
|
24
|
+
}),
|
|
25
|
+
);
|
|
26
|
+
} else {
|
|
27
|
+
// Production: Restrictive
|
|
28
|
+
app.use(
|
|
29
|
+
"*",
|
|
30
|
+
cors({
|
|
31
|
+
origin: ["https://app.example.com"],
|
|
32
|
+
allowMethods: ["GET", "POST", "PUT", "DELETE"],
|
|
33
|
+
credentials: true,
|
|
34
|
+
maxAge: 600, // 10 minutes
|
|
35
|
+
}),
|
|
36
|
+
);
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
// Custom middleware factory with proper binding
|
|
40
|
+
function requestId() {
|
|
41
|
+
return async (c: Context, next: Next) => {
|
|
42
|
+
const id = crypto.randomUUID();
|
|
43
|
+
c.set("requestId", id);
|
|
44
|
+
c.header("X-Request-ID", id);
|
|
45
|
+
await next();
|
|
46
|
+
};
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
app.use("*", requestId());
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
**Techniques:**
|
|
53
|
+
- Import CORS from `hono/cors` and configure based on environment
|
|
54
|
+
- For development use `origin: "*"` for permissive access
|
|
55
|
+
- For production specify allowed origins explicitly
|
|
56
|
+
- Create middleware factory function that returns `async (c, next) => {...}`
|
|
57
|
+
- Call factory function when registering: `app.use("*", requestId())`
|
|
58
|
+
- Never destructure methods from helpers that rely on `this` binding
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# platform-runtime: Platform-Specific Runtime Detection
|
|
2
|
+
|
|
3
|
+
**Guideline:** Use `env()` for unified environment variables and `getRuntimeKey()` for platform-specific code paths.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Hono runs on different runtimes with different APIs and behaviors. Unified helpers enable portable code across all platforms.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {Hono} from "hono";
|
|
11
|
+
import {env, getRuntimeKey} from "hono/adapter";
|
|
12
|
+
import {getConnInfo} from "hono/cloudflare-workers";
|
|
13
|
+
|
|
14
|
+
const app = new Hono();
|
|
15
|
+
|
|
16
|
+
// Unified environment access
|
|
17
|
+
app.get("/config", (c) => {
|
|
18
|
+
const {DATABASE_URL} = env<{DATABASE_URL: string}>(c);
|
|
19
|
+
return c.json({configured: !!DATABASE_URL});
|
|
20
|
+
});
|
|
21
|
+
|
|
22
|
+
// Platform-specific logic
|
|
23
|
+
app.use("*", async (c, next) => {
|
|
24
|
+
const runtime = getRuntimeKey();
|
|
25
|
+
c.header("X-Runtime", runtime === "workerd" ? "cloudflare" : runtime);
|
|
26
|
+
await next();
|
|
27
|
+
});
|
|
28
|
+
|
|
29
|
+
// Connection info
|
|
30
|
+
app.get("/ip", (c) => {
|
|
31
|
+
const info = getConnInfo(c);
|
|
32
|
+
return c.json({ip: info.remote.address});
|
|
33
|
+
});
|
|
34
|
+
```
|
|
35
|
+
|
|
36
|
+
**Techniques:**
|
|
37
|
+
- Import `env` and `getRuntimeKey` from `hono/adapter`
|
|
38
|
+
- Use `env(c)` instead of `process.env` or `Deno.env`
|
|
39
|
+
- Check runtime with `getRuntimeKey()` for platform-specific logic
|
|
40
|
+
- Import connection info from platform-specific paths
|
|
41
|
+
- Handle platform differences (Deno cache requires `wait: true`, Node.js needs compression middleware)
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
# security-middleware: Built-in Security Middleware Configuration
|
|
2
|
+
|
|
3
|
+
**Guideline:** Use Hono's built-in security middleware for authentication, CSRF protection, and security headers, applying `secureHeaders()` first in the middleware chain.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Hono provides battle-tested security middleware implementations for basic auth, bearer tokens, JWT verification, CSRF protection, and IP restriction with consistent configuration patterns and type safety, eliminating the need for external dependencies.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {Hono} from "hono";
|
|
11
|
+
import {basicAuth} from "hono/basic-auth";
|
|
12
|
+
import {bearerAuth} from "hono/bearer-auth";
|
|
13
|
+
import {csrf} from "hono/csrf";
|
|
14
|
+
import {ipRestriction} from "hono/ip-restriction";
|
|
15
|
+
import {secureHeaders} from "hono/secure-headers";
|
|
16
|
+
|
|
17
|
+
const app = new Hono();
|
|
18
|
+
|
|
19
|
+
// Apply secure headers first
|
|
20
|
+
app.use("*", secureHeaders());
|
|
21
|
+
|
|
22
|
+
// CSRF protection for form submissions
|
|
23
|
+
app.use("/forms/*", csrf());
|
|
24
|
+
|
|
25
|
+
// Bearer auth with custom verification
|
|
26
|
+
app.use(
|
|
27
|
+
"/api/*",
|
|
28
|
+
bearerAuth({
|
|
29
|
+
verifyToken: async (token, c) => {
|
|
30
|
+
return await tokenService.verify(token);
|
|
31
|
+
},
|
|
32
|
+
}),
|
|
33
|
+
);
|
|
34
|
+
|
|
35
|
+
// Basic auth for admin routes
|
|
36
|
+
app.use(
|
|
37
|
+
"/admin/*",
|
|
38
|
+
basicAuth({
|
|
39
|
+
verifyUser: (username, password, c) => {
|
|
40
|
+
return username === "admin" && password === process.env.ADMIN_PASSWORD;
|
|
41
|
+
},
|
|
42
|
+
}),
|
|
43
|
+
);
|
|
44
|
+
|
|
45
|
+
// IP restriction for internal routes
|
|
46
|
+
app.use(
|
|
47
|
+
"/internal/*",
|
|
48
|
+
ipRestriction({
|
|
49
|
+
denyList: [],
|
|
50
|
+
allowList: ["192.168.0.0/16", "10.0.0.0/8"],
|
|
51
|
+
}),
|
|
52
|
+
);
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
**Techniques:**
|
|
56
|
+
- Import middleware from `hono/` subpaths (basicAuth, bearerAuth, csrf, secureHeaders, ipRestriction)
|
|
57
|
+
- Apply security headers first in middleware chain to protect all routes
|
|
58
|
+
- Use custom verifiers for dynamic authentication logic
|
|
59
|
+
- Configure CSRF protection for form-based applications
|
|
60
|
+
- Restrict IPs for admin and internal routes using CIDR notation
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
# validation-type-safety: Request Validation and Type Safety with Zod
|
|
2
|
+
|
|
3
|
+
**Guideline:** Cast `c.req.valid` to specify return types and cast validation errors to `z.ZodError` to restore type safety when using Hono's base Context type.
|
|
4
|
+
|
|
5
|
+
**Rationale:** Hono's Context type without generic validation types returns `any` from `c.req.valid()`, losing type safety. Type assertions restore compile-time type checking without complex nested generics, enabling autocomplete and error detection while keeping signatures simple.
|
|
6
|
+
|
|
7
|
+
**Example:**
|
|
8
|
+
|
|
9
|
+
```typescript
|
|
10
|
+
import {zValidator} from "@hono/zod-validator";
|
|
11
|
+
import type {Context} from "hono";
|
|
12
|
+
import type {z} from "zod";
|
|
13
|
+
import {CreateUserSchema, type CreateUser} from "../schemas/users.js";
|
|
14
|
+
|
|
15
|
+
// Controller with type-safe validation
|
|
16
|
+
export function createUser(c: Context) {
|
|
17
|
+
// Cast c.req.valid to specify return type
|
|
18
|
+
const data = (c.req.valid as (target: string) => CreateUser)("json");
|
|
19
|
+
|
|
20
|
+
// Now `data` has full type information
|
|
21
|
+
const user = userService.create(data);
|
|
22
|
+
return c.json(user, 201);
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
usersRouter.post(
|
|
26
|
+
"/",
|
|
27
|
+
zValidator("json", CreateUserSchema, (result, c) => {
|
|
28
|
+
if (!result.success) {
|
|
29
|
+
// Cast to z.ZodError for type-safe error processing
|
|
30
|
+
return badRequest(c, result.error as z.ZodError);
|
|
31
|
+
}
|
|
32
|
+
}),
|
|
33
|
+
controller.createUser,
|
|
34
|
+
);
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
**Techniques:**
|
|
38
|
+
- Define Zod schemas for request payloads with TypeScript type exports
|
|
39
|
+
- In controllers using base `Context`, cast `c.req.valid` with target parameter
|
|
40
|
+
- Specify the return type in the cast (e.g., `CreateUser`)
|
|
41
|
+
- In zValidator error handlers, cast `result.error` to `z.ZodError`
|
|
42
|
+
- Use typed validation errors in error response functions
|
|
43
|
+
- Apply same pattern to query params and path params
|