ada-agent 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +256 -0
- package/bench/README.md +88 -0
- package/bench/swebench.mjs +242 -0
- package/bin/ada-server.mjs +6 -0
- package/bin/ada.mjs +7 -0
- package/docs/agent-loop.svg +66 -0
- package/docs/architecture.md +139 -0
- package/docs/architecture.svg +73 -0
- package/docs/connectors.md +48 -0
- package/docs/integrations.md +59 -0
- package/docs/login-flow.svg +56 -0
- package/docs/orchestration.md +45 -0
- package/package.json +64 -0
- package/skills/accessibility/SKILL.md +23 -0
- package/skills/add-logging/SKILL.md +23 -0
- package/skills/add-metrics/SKILL.md +23 -0
- package/skills/adr/SKILL.md +24 -0
- package/skills/aesthetic-direction/SKILL.md +24 -0
- package/skills/agent-loop/SKILL.md +23 -0
- package/skills/alerting/SKILL.md +23 -0
- package/skills/alpha-compositing/SKILL.md +23 -0
- package/skills/android-compose/SKILL.md +23 -0
- package/skills/angular-module/SKILL.md +23 -0
- package/skills/ansible-playbook/SKILL.md +24 -0
- package/skills/api-docs/SKILL.md +24 -0
- package/skills/app-store-prep/SKILL.md +23 -0
- package/skills/architecture-diagram/SKILL.md +21 -0
- package/skills/architecture-doc/SKILL.md +24 -0
- package/skills/audit-log/SKILL.md +23 -0
- package/skills/authz-review/SKILL.md +23 -0
- package/skills/aws-lambda/SKILL.md +24 -0
- package/skills/bash-script/SKILL.md +23 -0
- package/skills/batch/SKILL.md +23 -0
- package/skills/bisect/SKILL.md +23 -0
- package/skills/bounding-box/SKILL.md +24 -0
- package/skills/branch-cleanup/SKILL.md +23 -0
- package/skills/bundle-analyze/SKILL.md +23 -0
- package/skills/cache/SKILL.md +23 -0
- package/skills/call-graph/SKILL.md +23 -0
- package/skills/canvas-debug/SKILL.md +23 -0
- package/skills/cdn-setup/SKILL.md +23 -0
- package/skills/changelog/SKILL.md +24 -0
- package/skills/cherry-pick/SKILL.md +23 -0
- package/skills/ci-setup/SKILL.md +23 -0
- package/skills/cleanup/SKILL.md +23 -0
- package/skills/cli-tool/SKILL.md +23 -0
- package/skills/cloudformation/SKILL.md +23 -0
- package/skills/code-examples/SKILL.md +24 -0
- package/skills/code-review/SKILL.md +23 -0
- package/skills/color-palette/SKILL.md +24 -0
- package/skills/color-space/SKILL.md +24 -0
- package/skills/comment-why/SKILL.md +23 -0
- package/skills/commit/SKILL.md +26 -0
- package/skills/complexity-audit/SKILL.md +23 -0
- package/skills/component/SKILL.md +23 -0
- package/skills/component-library/SKILL.md +23 -0
- package/skills/connect-github/SKILL.md +20 -0
- package/skills/connect-mcp/SKILL.md +21 -0
- package/skills/connect-postgres/SKILL.md +20 -0
- package/skills/connect-remote/SKILL.md +23 -0
- package/skills/connect-slack/SKILL.md +20 -0
- package/skills/contract-audit/SKILL.md +25 -0
- package/skills/contributing/SKILL.md +23 -0
- package/skills/cpp-raii/SKILL.md +23 -0
- package/skills/cron-job/SKILL.md +23 -0
- package/skills/cv-preprocess/SKILL.md +24 -0
- package/skills/dark-mode/SKILL.md +24 -0
- package/skills/dashboard/SKILL.md +23 -0
- package/skills/dashboard-ui/SKILL.md +23 -0
- package/skills/data-export/SKILL.md +23 -0
- package/skills/data-validation/SKILL.md +23 -0
- package/skills/dataframe/SKILL.md +23 -0
- package/skills/db-index/SKILL.md +24 -0
- package/skills/dead-code/SKILL.md +23 -0
- package/skills/debug/SKILL.md +24 -0
- package/skills/deck-review/SKILL.md +24 -0
- package/skills/dedupe/SKILL.md +23 -0
- package/skills/dedupe-deps/SKILL.md +23 -0
- package/skills/dependency-audit/SKILL.md +23 -0
- package/skills/dependency-update/SKILL.md +23 -0
- package/skills/deploy/SKILL.md +23 -0
- package/skills/design-system/SKILL.md +24 -0
- package/skills/design-tokens/SKILL.md +24 -0
- package/skills/diagram-as-code/SKILL.md +24 -0
- package/skills/diff-explain/SKILL.md +23 -0
- package/skills/django-view/SKILL.md +23 -0
- package/skills/doc-lint/SKILL.md +24 -0
- package/skills/docker-compose/SKILL.md +23 -0
- package/skills/dockerize/SKILL.md +23 -0
- package/skills/docstrings/SKILL.md +23 -0
- package/skills/dotfiles/SKILL.md +23 -0
- package/skills/dpi-scaling/SKILL.md +23 -0
- package/skills/e2e-test/SKILL.md +23 -0
- package/skills/embeddings/SKILL.md +23 -0
- package/skills/empty-states/SKILL.md +23 -0
- package/skills/env-setup/SKILL.md +23 -0
- package/skills/erc20/SKILL.md +24 -0
- package/skills/error-tracking/SKILL.md +23 -0
- package/skills/estimate/SKILL.md +23 -0
- package/skills/etl-pipeline/SKILL.md +24 -0
- package/skills/eval-harness/SKILL.md +23 -0
- package/skills/exif-orientation/SKILL.md +23 -0
- package/skills/explain-code/SKILL.md +23 -0
- package/skills/express-middleware/SKILL.md +23 -0
- package/skills/extract-function/SKILL.md +23 -0
- package/skills/faq/SKILL.md +24 -0
- package/skills/fastapi-endpoint/SKILL.md +23 -0
- package/skills/favicon/SKILL.md +23 -0
- package/skills/feature-engineering/SKILL.md +23 -0
- package/skills/few-shot/SKILL.md +23 -0
- package/skills/find-owner/SKILL.md +23 -0
- package/skills/firmware-driver/SKILL.md +23 -0
- package/skills/fix-flaky-tests/SKILL.md +23 -0
- package/skills/flutter-widget/SKILL.md +23 -0
- package/skills/font-rendering/SKILL.md +23 -0
- package/skills/form-validation/SKILL.md +23 -0
- package/skills/format/SKILL.md +23 -0
- package/skills/game-loop/SKILL.md +23 -0
- package/skills/gas-optimize/SKILL.md +25 -0
- package/skills/gdpr-review/SKILL.md +24 -0
- package/skills/github-actions/SKILL.md +23 -0
- package/skills/glossary/SKILL.md +24 -0
- package/skills/go-idioms/SKILL.md +23 -0
- package/skills/gpu-profile/SKILL.md +23 -0
- package/skills/graphify/SKILL.md +21 -0
- package/skills/graphql-resolver/SKILL.md +23 -0
- package/skills/grpc-service/SKILL.md +23 -0
- package/skills/guardrails/SKILL.md +23 -0
- package/skills/healthcheck/SKILL.md +23 -0
- package/skills/heisenbug/SKILL.md +23 -0
- package/skills/helm-chart/SKILL.md +24 -0
- package/skills/hero-section/SKILL.md +23 -0
- package/skills/html-email/SKILL.md +24 -0
- package/skills/html-form/SKILL.md +23 -0
- package/skills/html-sanitize/SKILL.md +23 -0
- package/skills/html-table/SKILL.md +23 -0
- package/skills/html-to-pdf/SKILL.md +23 -0
- package/skills/http-client/SKILL.md +23 -0
- package/skills/i18n/SKILL.md +23 -0
- package/skills/i2c-spi/SKILL.md +23 -0
- package/skills/image-decode/SKILL.md +24 -0
- package/skills/image-memory/SKILL.md +24 -0
- package/skills/image-perf/SKILL.md +24 -0
- package/skills/image-pipeline/SKILL.md +24 -0
- package/skills/image-upload/SKILL.md +24 -0
- package/skills/infra-cost/SKILL.md +24 -0
- package/skills/input-validation/SKILL.md +23 -0
- package/skills/issue-template/SKILL.md +23 -0
- package/skills/java-streams/SKILL.md +23 -0
- package/skills/k8s-manifest/SKILL.md +23 -0
- package/skills/kotlin-coroutines/SKILL.md +23 -0
- package/skills/landing-page/SKILL.md +24 -0
- package/skills/laravel-controller/SKILL.md +23 -0
- package/skills/lazy-load/SKILL.md +23 -0
- package/skills/license-check/SKILL.md +23 -0
- package/skills/license-header/SKILL.md +23 -0
- package/skills/lint-fix/SKILL.md +23 -0
- package/skills/llm-cost/SKILL.md +23 -0
- package/skills/lockfile-fix/SKILL.md +23 -0
- package/skills/low-power/SKILL.md +23 -0
- package/skills/makefile/SKILL.md +23 -0
- package/skills/man-page/SKILL.md +24 -0
- package/skills/mcp-server/SKILL.md +23 -0
- package/skills/memory-leak/SKILL.md +23 -0
- package/skills/mermaid-diagram/SKILL.md +23 -0
- package/skills/meta-tags/SKILL.md +23 -0
- package/skills/micro-interactions/SKILL.md +23 -0
- package/skills/migration/SKILL.md +23 -0
- package/skills/migration-guide/SKILL.md +24 -0
- package/skills/mkdocs-setup/SKILL.md +24 -0
- package/skills/mobile-permissions/SKILL.md +23 -0
- package/skills/mock-api/SKILL.md +23 -0
- package/skills/modernize/SKILL.md +23 -0
- package/skills/monorepo-setup/SKILL.md +23 -0
- package/skills/motion-design/SKILL.md +23 -0
- package/skills/n-plus-one/SKILL.md +23 -0
- package/skills/naming-review/SKILL.md +23 -0
- package/skills/nextjs-route/SKILL.md +23 -0
- package/skills/nginx-config/SKILL.md +23 -0
- package/skills/ocr-debug/SKILL.md +24 -0
- package/skills/onboard/SKILL.md +23 -0
- package/skills/onboarding-map/SKILL.md +23 -0
- package/skills/open-pr/SKILL.md +24 -0
- package/skills/openapi/SKILL.md +23 -0
- package/skills/opencv-debug/SKILL.md +24 -0
- package/skills/orm-model/SKILL.md +23 -0
- package/skills/owasp-check/SKILL.md +24 -0
- package/skills/page-transitions/SKILL.md +23 -0
- package/skills/pagination/SKILL.md +23 -0
- package/skills/perf-optimize/SKILL.md +23 -0
- package/skills/perf-profile/SKILL.md +23 -0
- package/skills/physics/SKILL.md +23 -0
- package/skills/pitch-deck/SKILL.md +24 -0
- package/skills/pixel-diff/SKILL.md +23 -0
- package/skills/ponytail/SKILL.md +46 -0
- package/skills/postmortem/SKILL.md +24 -0
- package/skills/pptx-deck/SKILL.md +23 -0
- package/skills/pptx-export/SKILL.md +23 -0
- package/skills/pptx-from-markdown/SKILL.md +23 -0
- package/skills/pptx-template/SKILL.md +24 -0
- package/skills/pr-review/SKILL.md +24 -0
- package/skills/precommit/SKILL.md +23 -0
- package/skills/pricing-page/SKILL.md +23 -0
- package/skills/project-overview/SKILL.md +22 -0
- package/skills/prompt-template/SKILL.md +23 -0
- package/skills/property-test/SKILL.md +23 -0
- package/skills/protobuf/SKILL.md +23 -0
- package/skills/py-async/SKILL.md +23 -0
- package/skills/py-typing/SKILL.md +23 -0
- package/skills/query-optimize/SKILL.md +23 -0
- package/skills/rag-pipeline/SKILL.md +23 -0
- package/skills/rails-resource/SKILL.md +23 -0
- package/skills/rate-limit/SKILL.md +23 -0
- package/skills/react-hooks/SKILL.md +23 -0
- package/skills/react-native-screen/SKILL.md +23 -0
- package/skills/react-perf/SKILL.md +23 -0
- package/skills/readme/SKILL.md +24 -0
- package/skills/rebase/SKILL.md +24 -0
- package/skills/refactor/SKILL.md +23 -0
- package/skills/regression-test/SKILL.md +23 -0
- package/skills/release-notes/SKILL.md +24 -0
- package/skills/rename-symbol/SKILL.md +23 -0
- package/skills/repro/SKILL.md +23 -0
- package/skills/resolve-conflicts/SKILL.md +23 -0
- package/skills/responsive/SKILL.md +23 -0
- package/skills/rest-endpoint/SKILL.md +23 -0
- package/skills/retro/SKILL.md +23 -0
- package/skills/rtos-task/SKILL.md +23 -0
- package/skills/runbook/SKILL.md +25 -0
- package/skills/rust-borrow/SKILL.md +23 -0
- package/skills/rust-unsafe-audit/SKILL.md +23 -0
- package/skills/sanitize/SKILL.md +23 -0
- package/skills/schema-design/SKILL.md +23 -0
- package/skills/screenshot-debug/SKILL.md +22 -0
- package/skills/scroll-animation/SKILL.md +23 -0
- package/skills/secret-scan/SKILL.md +23 -0
- package/skills/security-audit/SKILL.md +23 -0
- package/skills/security-review/SKILL.md +23 -0
- package/skills/seed-data/SKILL.md +23 -0
- package/skills/self-review/SKILL.md +23 -0
- package/skills/semantic-html/SKILL.md +23 -0
- package/skills/semver-bump/SKILL.md +24 -0
- package/skills/shader/SKILL.md +23 -0
- package/skills/shader-debug/SKILL.md +23 -0
- package/skills/simplify-conditionals/SKILL.md +23 -0
- package/skills/sitemap/SKILL.md +23 -0
- package/skills/skeleton-loader/SKILL.md +23 -0
- package/skills/slide-charts/SKILL.md +24 -0
- package/skills/slide-outline/SKILL.md +23 -0
- package/skills/snapshot-update/SKILL.md +23 -0
- package/skills/solidity-contract/SKILL.md +25 -0
- package/skills/speaker-notes/SKILL.md +23 -0
- package/skills/spike/SKILL.md +23 -0
- package/skills/split-file/SKILL.md +23 -0
- package/skills/spring-controller/SKILL.md +23 -0
- package/skills/sprite-anim/SKILL.md +23 -0
- package/skills/sql-report/SKILL.md +23 -0
- package/skills/squash/SKILL.md +24 -0
- package/skills/ssl-setup/SKILL.md +23 -0
- package/skills/stacktrace/SKILL.md +23 -0
- package/skills/static-site/SKILL.md +24 -0
- package/skills/structured-logging/SKILL.md +23 -0
- package/skills/svelte-store/SKILL.md +23 -0
- package/skills/swiftui-view/SKILL.md +23 -0
- package/skills/tailwind-theme/SKILL.md +24 -0
- package/skills/tcp-server/SKILL.md +23 -0
- package/skills/tdd/SKILL.md +23 -0
- package/skills/terraform-module/SKILL.md +24 -0
- package/skills/test-coverage/SKILL.md +23 -0
- package/skills/texture-debug/SKILL.md +23 -0
- package/skills/threat-model/SKILL.md +23 -0
- package/skills/thumbnail/SKILL.md +24 -0
- package/skills/todo-scan/SKILL.md +23 -0
- package/skills/tool-definition/SKILL.md +23 -0
- package/skills/trace-flow/SKILL.md +23 -0
- package/skills/tracing/SKILL.md +23 -0
- package/skills/train-model/SKILL.md +24 -0
- package/skills/tree-shake/SKILL.md +23 -0
- package/skills/ts-generics/SKILL.md +23 -0
- package/skills/ts-strict/SKILL.md +23 -0
- package/skills/tui-app/SKILL.md +23 -0
- package/skills/tutorial/SKILL.md +24 -0
- package/skills/type-tighten/SKILL.md +23 -0
- package/skills/typography/SKILL.md +24 -0
- package/skills/ui-bug-repro/SKILL.md +23 -0
- package/skills/ui-polish/SKILL.md +24 -0
- package/skills/ui-review/SKILL.md +24 -0
- package/skills/vendor/SKILL.md +23 -0
- package/skills/visual-diff-ci/SKILL.md +24 -0
- package/skills/visual-regression/SKILL.md +23 -0
- package/skills/vue-composition/SKILL.md +23 -0
- package/skills/web-component/SKILL.md +23 -0
- package/skills/web-fonts/SKILL.md +24 -0
- package/skills/web3-frontend/SKILL.md +25 -0
- package/skills/webgl-debug/SKILL.md +23 -0
- package/skills/webhook/SKILL.md +23 -0
- package/skills/websocket/SKILL.md +23 -0
- package/skills/write-tests/SKILL.md +19 -0
- package/src/client/agent.ts +803 -0
- package/src/client/background.ts +39 -0
- package/src/client/checkpoint.ts +48 -0
- package/src/client/cli.ts +1253 -0
- package/src/client/compaction.ts +86 -0
- package/src/client/extensions.ts +83 -0
- package/src/client/hooks.ts +40 -0
- package/src/client/image.ts +26 -0
- package/src/client/lsp.ts +0 -0
- package/src/client/mcp.ts +276 -0
- package/src/client/models-dev.ts +52 -0
- package/src/client/pkg.ts +41 -0
- package/src/client/platform.ts +94 -0
- package/src/client/prompts.ts +47 -0
- package/src/client/render.ts +138 -0
- package/src/client/session.ts +107 -0
- package/src/client/settings.ts +86 -0
- package/src/client/skill-router.ts +79 -0
- package/src/client/skills.ts +199 -0
- package/src/client/snapshot.ts +56 -0
- package/src/client/telemetry.ts +24 -0
- package/src/client/todos.ts +23 -0
- package/src/client/tools.ts +756 -0
- package/src/client/tui-mode.ts +41 -0
- package/src/client/tui.ts +224 -0
- package/src/sdk/index.ts +36 -0
- package/src/selfcheck.ts +364 -0
- package/src/server/config.ts +58 -0
- package/src/server/credentials.ts +89 -0
- package/src/server/identity.ts +58 -0
- package/src/server/index.ts +113 -0
- package/src/server/oauth.ts +93 -0
- package/src/server/providers/adapter.ts +25 -0
- package/src/server/providers/anthropic.ts +189 -0
- package/src/server/providers/openai-compat.ts +76 -0
- package/src/server/providers/registry.ts +31 -0
- package/src/server/router.ts +29 -0
- package/src/server/sse.ts +20 -0
- package/src/shared/types.ts +20 -0
- package/tsconfig.json +15 -0
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: adr
|
|
3
|
+
description: Write an Architecture Decision Record capturing context, the decision, and consequences
|
|
4
|
+
category: docs
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Adr
|
|
8
|
+
|
|
9
|
+
Use this to record a significant, hard-to-reverse technical decision so the reasoning survives past the people who made it. One ADR per decision, immutable once accepted.
|
|
10
|
+
|
|
11
|
+
1. Find or create `docs/adr/` (or `doc/decisions/`); number the new file sequentially, e.g. `0007-use-postgres.md`.
|
|
12
|
+
2. Write a short noun-phrase title describing the decision.
|
|
13
|
+
3. Set Status: Proposed, then Accepted (or later Deprecated/Superseded by ADR-NNNN).
|
|
14
|
+
4. Context: the forces, constraints, and problem driving the decision — neutral, no conclusion yet.
|
|
15
|
+
5. Decision: state what you're doing in active voice ("We will use ...").
|
|
16
|
+
6. Consequences: the resulting trade-offs, both positive and negative, including what becomes harder.
|
|
17
|
+
7. List the alternatives considered and why each was rejected.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- One decision per record; keep it to a page.
|
|
21
|
+
- ADRs are immutable — to change course, write a new ADR that supersedes the old one, don't edit it.
|
|
22
|
+
- Capture the why and the rejected options; that context is the whole point.
|
|
23
|
+
- Be honest about downsides in Consequences — every real decision has them.
|
|
24
|
+
- Keep filenames numbered and titles stable so cross-references hold.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: aesthetic-direction
|
|
3
|
+
description: Choose an intentional, non-templated visual direction and reference before building any UI
|
|
4
|
+
category: ui-design
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Aesthetic Direction
|
|
8
|
+
|
|
9
|
+
Do this before writing component code. The difference between a forgettable, templated UI and a memorable one is a deliberate point of view chosen up front — not defaults stacked by accident.
|
|
10
|
+
|
|
11
|
+
1. Name the feeling in 2–3 adjectives and a reference: "editorial and confident, like Linear meets a print magazine" or "warm utilitarian, like a well-made tool." Vague intent yields vague output.
|
|
12
|
+
2. Pick a stance on each axis deliberately: density (airy vs. compact), shape language (sharp vs. rounded), contrast (muted vs. punchy), and ornament (flat vs. layered/textured). Write the choices down.
|
|
13
|
+
3. Choose ONE signature move the design hangs on — a distinctive typeface, a bold accent, a grain/noise texture, an unusual grid, a motion personality. Without a signature, it reads generic.
|
|
14
|
+
4. Anchor with real references: pull 3–5 screenshots you admire and articulate *what specifically* works (the oversized headers, the restrained palette, the tight grid) — then translate, don't copy.
|
|
15
|
+
5. Pressure-test against templates: if it could be any Bootstrap/default-shadcn site, push harder — change the type, break the symmetry, commit to one strong color, vary the rhythm.
|
|
16
|
+
6. Encode the direction into tokens immediately so the rest of the build inherits the decision instead of re-litigating it per component.
|
|
17
|
+
7. Sanity-check feasibility and accessibility — a daring direction still has to pass contrast and perform.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- Decide the direction before components; retrofitting taste onto built UI rarely works.
|
|
21
|
+
- Commit to one signature element rather than three half-measures.
|
|
22
|
+
- "Modern/clean/minimal" is not a direction — name a feeling, a reference, and a specific move.
|
|
23
|
+
- Default shadcn/Bootstrap/Tailwind-gray is a starting point to subvert, not a destination.
|
|
24
|
+
- Distinctive still means accessible and fast — daring is not an excuse for 2:1 contrast.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: agent-loop
|
|
3
|
+
description: Build a minimal agent loop that streams, calls tools, and repeats until done
|
|
4
|
+
category: agent-llm
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Agent Loop
|
|
8
|
+
|
|
9
|
+
Reach for this to implement the core "model decides, tools run, repeat" cycle that turns a chat completion into an agent.
|
|
10
|
+
|
|
11
|
+
1. Seed a message list with a system prompt (role, tools available, stop conditions) and the user's request.
|
|
12
|
+
2. Call the model with the messages and the tool schemas; stream tokens to the user as they arrive.
|
|
13
|
+
3. If the response contains tool calls, append the assistant turn, execute each tool, and append a tool-result message per call.
|
|
14
|
+
4. Loop back to step 2 with the appended results; if the response has no tool calls, it's the final answer — stop.
|
|
15
|
+
5. Cap iterations (e.g. max 10) and total tokens to prevent runaway loops; surface a clear message when a cap is hit.
|
|
16
|
+
6. Handle errors per tool — return the error text as the tool result so the model can retry or change approach, rather than crashing the loop.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Always append the assistant's tool-call turn BEFORE the tool results, in the order the API expects, or the next call rejects the history.
|
|
20
|
+
- Execute independent tool calls concurrently, but preserve result ordering when appending them back.
|
|
21
|
+
- Enforce a hard iteration cap and a wall-clock/token budget; an agent with no brake will spin.
|
|
22
|
+
- Make tool execution idempotent or guard destructive actions, since the model may retry after a transient error.
|
|
23
|
+
- Stream text deltas but buffer tool-call arguments until complete — partial JSON is not parseable.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: alerting
|
|
3
|
+
description: Define actionable alerts and SLOs that page on symptoms, not noisy causes
|
|
4
|
+
category: observability
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Alerting
|
|
8
|
+
|
|
9
|
+
Use this to turn metrics into alerts that wake someone only when users are actually affected — and to back them with SLOs.
|
|
10
|
+
|
|
11
|
+
1. Define the SLO first: pick a user-facing SLI (availability or latency), a target (e.g. 99.9% over 30 days), and compute the error budget.
|
|
12
|
+
2. Alert on symptoms (elevated error rate, p99 latency, budget burn) rather than causes (high CPU) — page on what users feel.
|
|
13
|
+
3. Use multi-window burn-rate alerts: a fast window (e.g. 5m) and a slow window (e.g. 1h) both breaching, so you page on sustained burn, not single spikes.
|
|
14
|
+
4. Set `for:` durations to require the condition to persist, suppressing flaps; add `severity` labels routing critical→page, warning→ticket.
|
|
15
|
+
5. Write a runbook link and a clear, templated summary into each alert annotation so the on-call knows what broke and what to do.
|
|
16
|
+
6. Test by injecting a failure or backfilling data, confirm the alert fires, routes, and resolves; tune thresholds against historical data to bound false positives.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Every alert must be actionable — if there's no human response, make it a dashboard, not a page.
|
|
20
|
+
- Page on customer impact; ticket or silence everything else.
|
|
21
|
+
- Tie thresholds to the error budget, not arbitrary round numbers.
|
|
22
|
+
- Always include a runbook URL and the affected service/component in annotations.
|
|
23
|
+
- Add an "absent data" alert so a dead exporter doesn't silently hide outages.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: alpha-compositing
|
|
3
|
+
description: Fix alpha blending, transparency, and premultiplied-alpha bugs — dark/white halos, wrong order, additive glow
|
|
4
|
+
category: graphics
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Alpha Compositing
|
|
8
|
+
|
|
9
|
+
Reach for this when transparent images show dark or white fringes, edges glow, layers stack wrong, or "transparent" pixels aren't.
|
|
10
|
+
|
|
11
|
+
1. Reproduce on a stark background: composite the asset over pure red AND pure white. Dark halos on light backgrounds (or bright fringes on dark) are the classic premultiplied-vs-straight-alpha mismatch.
|
|
12
|
+
2. Decide one alpha convention end-to-end. If the source is premultiplied, the blend func must be `ONE, ONE_MINUS_SRC_ALPHA`; if straight, `SRC_ALPHA, ONE_MINUS_SRC_ALPHA`. Mixing the upload flag and the blend func is the #1 cause of halos.
|
|
13
|
+
3. Check the upload/decode flag: in WebGL toggle `UNPACK_PREMULTIPLY_ALPHA_WEBGL`; in canvas/CSS the browser premultiplies. Verify whether your PNG was authored premultiplied and align the flag to it.
|
|
14
|
+
4. For correct blending of semi-transparent geometry, draw back-to-front and disable depth writes (keep depth test) for the transparent pass — out-of-order alpha produces hard wrong edges where far fragments overwrite near ones.
|
|
15
|
+
5. For unexpected additive "glow", confirm you didn't leave an additive blend (`ONE, ONE`) set from a particle/bloom pass; blend state is sticky across draws.
|
|
16
|
+
6. Confirm the texture even has an alpha channel and an internal format that keeps it (`RGBA`, not `RGB`); a dropped alpha makes everything opaque.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Pick premultiplied OR straight alpha and keep the upload flag and blend function consistent — never mix.
|
|
20
|
+
- Dark fringes on light bg = treating premultiplied data as straight (or vice versa); test on red+white to confirm.
|
|
21
|
+
- Transparent geometry: sort back-to-front, depth-test on, depth-write OFF.
|
|
22
|
+
- Blend mode is global state; reset it after additive/special passes or it leaks.
|
|
23
|
+
- "Transparent" needs an actual alpha channel AND a blend enabled — `RGB` format or `disable(BLEND)` makes alpha a no-op.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: android-compose
|
|
3
|
+
description: Build a Jetpack Compose screen with hoisted state and a ViewModel
|
|
4
|
+
category: mobile
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Android Compose
|
|
8
|
+
|
|
9
|
+
Use this when building a screen in Jetpack Compose, separating stateless composables from the state held in a `ViewModel` and exposed as `StateFlow`.
|
|
10
|
+
|
|
11
|
+
1. Write the screen as a `@Composable` function in PascalCase that takes its state and event lambdas as parameters (state hoisting), keeping it stateless and previewable.
|
|
12
|
+
2. Hold real state in a `ViewModel` exposed via `StateFlow`/`MutableStateFlow`, and collect it with `collectAsStateWithLifecycle()`.
|
|
13
|
+
3. For purely local UI state (expanded, text input) use `remember { mutableStateOf(...) }`, and `rememberSaveable` for state that must survive config changes.
|
|
14
|
+
4. Provide a route composable that pulls the `ViewModel` (`viewModel()` / Hilt) and passes state + callbacks down into the stateless screen.
|
|
15
|
+
5. Use `Modifier` for layout/styling, scaffold structure with `Scaffold`/`Column`/`LazyColumn`, and pull colors from `MaterialTheme`.
|
|
16
|
+
6. Add an `@Preview` composable with sample state, then verify recomposition and clicks with a Compose UI test (`createComposeRule`, `onNodeWithText`).
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Hoist state up and keep leaf composables stateless so they're easy to preview and test.
|
|
20
|
+
- Never read or mutate `mutableStateOf` outside composition without `remember` — it resets every recomposition.
|
|
21
|
+
- Keep composables side-effect free; launch coroutines via `LaunchedEffect`/`rememberCoroutineScope`, not inline in the body.
|
|
22
|
+
- Pass stable types and lambdas to avoid needless recomposition; use `key` in lazy lists.
|
|
23
|
+
- Don't hold Android `Context`/`Activity` references in a `ViewModel`; survive rotation via the ViewModel, not the composable.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: angular-module
|
|
3
|
+
description: Scaffold an Angular feature module (or standalone feature) with lazy routing
|
|
4
|
+
category: frameworks
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Angular Module
|
|
8
|
+
|
|
9
|
+
Use to add a self-contained feature to an Angular app — a feature module (or standalone components) with its own components, routing, and services.
|
|
10
|
+
|
|
11
|
+
1. Generate the scaffold: `ng generate module features/<name> --routing` (or skip the module and use `--standalone` components on modern Angular).
|
|
12
|
+
2. Add components/services with `ng generate component features/<name>/<comp>` and `ng generate service features/<name>/<svc>`.
|
|
13
|
+
3. Define the feature's routes in its routing module/`routes` array, with a default child route and any guards/resolvers.
|
|
14
|
+
4. Wire lazy loading from the root router: `loadChildren: () => import('./features/<name>/<name>.module').then(m => m.<Name>Module)` (or `loadComponent` for standalone).
|
|
15
|
+
5. Provide feature-scoped services in the module `providers` (or `providedIn` a route) so they aren't global unless intended.
|
|
16
|
+
6. Run `ng serve`, navigate to the route, and confirm the chunk loads lazily and the feature renders.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Declare each component in exactly one NgModule; for standalone components, list deps in `imports` instead.
|
|
20
|
+
- Export only the components other modules actually use; keep internals private.
|
|
21
|
+
- Import `CommonModule` (not `BrowserModule`) in feature modules for `*ngIf`/`*ngFor`.
|
|
22
|
+
- Prefer lazy-loaded routes for features to keep the initial bundle small.
|
|
23
|
+
- Follow the generated file/selector naming and folder structure; don't hand-roll boilerplate the CLI produces.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: ansible-playbook
|
|
3
|
+
description: Write an idempotent Ansible playbook with roles, variables, and handlers
|
|
4
|
+
category: cloud
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Ansible Playbook
|
|
8
|
+
|
|
9
|
+
Use this to automate configuration of one or more hosts — installing packages, templating configs, managing services — in a repeatable, idempotent way.
|
|
10
|
+
|
|
11
|
+
1. Define the inventory (hosts/groups) and confirm connectivity with `ansible all -m ping`.
|
|
12
|
+
2. Structure logic into roles (`roles/<name>/{tasks,handlers,templates,defaults}`) rather than one monolithic play.
|
|
13
|
+
3. Write tasks using purpose-built modules (`apt`, `copy`, `template`, `service`) — not `command`/`shell` unless unavoidable.
|
|
14
|
+
4. Put tunables in `defaults/main.tf` (lowest precedence) and environment specifics in group/host vars; reference with `{{ }}`.
|
|
15
|
+
5. Use `notify` + `handlers` to restart services only when a config actually changes.
|
|
16
|
+
6. Dry-run with `ansible-playbook --check --diff`, then apply for real.
|
|
17
|
+
7. Lint with `ansible-lint` and keep tasks `--check`-clean so re-runs report no changes.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- Every task must be idempotent — re-running the playbook should report `changed=0` once converged.
|
|
21
|
+
- Encrypt secrets with `ansible-vault`; never commit plaintext credentials to vars files.
|
|
22
|
+
- Prefer modules over `shell`; when you must use `shell`, add `creates`/`removes` or a `when`/`changed_when` guard.
|
|
23
|
+
- Name every task descriptively so output and failures are readable.
|
|
24
|
+
- Use `become` only on tasks that need privilege escalation, not blanket at play level when avoidable.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: api-docs
|
|
3
|
+
description: Generate API reference docs from the code, grouped by module with signatures and examples
|
|
4
|
+
category: docs
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Api Docs
|
|
8
|
+
|
|
9
|
+
Reach for this to produce a reference that lists every public endpoint, function, or class with its signature and contract. Distinct from a tutorial: this is exhaustive lookup material, not a guided walkthrough.
|
|
10
|
+
|
|
11
|
+
1. Decide the API surface: HTTP routes, exported library symbols, or CLI commands — and where docs should live (`docs/`, `/reference`).
|
|
12
|
+
2. Prefer a generator that reads the source of truth: OpenAPI/Swagger from route defs, TypeDoc/Sphinx/rustdoc/godoc from doc-comments.
|
|
13
|
+
3. If generating, ensure source comments/annotations are complete first, then run the generator and commit its config.
|
|
14
|
+
4. If writing by hand, group by module/resource; for each entry give signature, params, return/response, errors, and status codes.
|
|
15
|
+
5. Add at least one request/response or call example per entry, with realistic values.
|
|
16
|
+
6. Cross-link related entries and note auth, versioning, and deprecations.
|
|
17
|
+
7. Build the docs and verify examples against the running code or test suite.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- Derive from the code so docs can't silently drift; wire generation into CI if it exists.
|
|
21
|
+
- Every entry needs an example — a signature alone isn't reference documentation.
|
|
22
|
+
- Document error responses and edge cases, not just the happy path.
|
|
23
|
+
- Mark deprecated and unstable APIs explicitly with the version they changed.
|
|
24
|
+
- Keep ordering stable (alphabetical or by resource) so diffs stay readable.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: app-store-prep
|
|
3
|
+
description: Prepare a store listing and run the release-build checklist before submission
|
|
4
|
+
category: mobile
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# App Store Prep
|
|
8
|
+
|
|
9
|
+
Use this when readying a mobile app for App Store / Google Play submission: building the signed release artifact and assembling the metadata a reviewer needs.
|
|
10
|
+
|
|
11
|
+
1. Bump the version: set a human-facing version name and increment the build/version code (each upload must be unique and monotonically increasing).
|
|
12
|
+
2. Produce a signed release build — iOS archive (`.ipa`) with the correct distribution profile, Android `.aab` signed with the upload key — using release config, not debug.
|
|
13
|
+
3. Strip debug artifacts: remove logging, test endpoints, and unused permissions; confirm release flags (minify/shrink, no debuggable) and crash reporting are on.
|
|
14
|
+
4. Assemble store assets: icon, screenshots per required device size, a privacy policy URL, and the data-collection / privacy questionnaire (App Privacy / Data safety).
|
|
15
|
+
5. Write the listing: title, subtitle, description, keywords, category, age rating, and accurate "what's new" notes.
|
|
16
|
+
6. Run a final pre-submit pass on a real device from the release artifact, then upload, fill review notes (and demo credentials if login is required), and submit.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Keep signing keys/keystores backed up and out of version control; losing the Android upload key blocks future updates.
|
|
20
|
+
- Every store upload needs a higher build number than the last — reusing one is rejected.
|
|
21
|
+
- Match declared permissions and privacy answers to actual behavior; mismatches are the top rejection cause.
|
|
22
|
+
- Provide working demo/login credentials in review notes for any gated feature, or review will fail.
|
|
23
|
+
- Test the release (not debug) build on a physical device — debug-only crashes and ProGuard/R8 stripping surface here.
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: architecture-diagram
|
|
3
|
+
description: Map a project's components and data flow into a clean architecture diagram (Mermaid or SVG).
|
|
4
|
+
category: docs
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Architecture Diagram
|
|
8
|
+
|
|
9
|
+
Use to show how a system fits together — components, boundaries, and how data/control flows between them.
|
|
10
|
+
|
|
11
|
+
1. Discover the pieces: entry points, modules/services, data stores, external dependencies (read the README, the manifest, and the top-level directories).
|
|
12
|
+
2. Trace the main flow: how a request/task moves through the system (client → service → store → external), and which parts own state vs. are stateless.
|
|
13
|
+
3. Lay it out in tiers (left→right or top→down): ≤ ~4 boxes per tier, group related pieces in subgraphs, draw arrows for the *real* call/data direction (and a return path only if it matters).
|
|
14
|
+
4. Render it: a fenced ` ```mermaid ` flowchart for a committed, editable diagram, or a hand-authored SVG for a polished on-brand one. Save to `docs/architecture.{md,svg}` and embed it in the README.
|
|
15
|
+
5. Add a one-line caption of the key design idea (e.g. "one adapter per wire format").
|
|
16
|
+
|
|
17
|
+
## Rules
|
|
18
|
+
- Diagram the system as it IS in the code, not an idealized version.
|
|
19
|
+
- Components and boundaries, not every file — keep it at the level a newcomer needs.
|
|
20
|
+
- Label arrows with what flows (requests, events, SSE) and mark external/3rd-party pieces distinctly.
|
|
21
|
+
- Keep the source (Mermaid/SVG) in the repo so the picture stays in sync with the code.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: architecture-doc
|
|
3
|
+
description: Write a concise architecture overview of components, data flow, and key decisions
|
|
4
|
+
category: docs
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Architecture Doc
|
|
8
|
+
|
|
9
|
+
Use this when a new contributor (or future you) needs the mental model of how the system fits together, without reading every file. Aim for a short ARCHITECTURE.md, not a spec.
|
|
10
|
+
|
|
11
|
+
1. Map the major components/modules and what each is responsible for — read entry points and directory layout first.
|
|
12
|
+
2. Trace the primary data/request flow end to end (input → processing → storage → output).
|
|
13
|
+
3. Draw one diagram (ASCII or Mermaid) showing components and the arrows between them.
|
|
14
|
+
4. Document the key technical decisions and constraints (datastore choice, sync vs async, boundaries) and the why.
|
|
15
|
+
5. Note external dependencies and integration points (APIs, queues, third-party services).
|
|
16
|
+
6. Add a "where things live" map so readers can jump from a concept to the directory/file.
|
|
17
|
+
7. Keep it to a couple of screens; link to deeper docs/ADRs instead of expanding inline.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- Explain the why behind structure, not just the what — that's the part code can't show.
|
|
21
|
+
- One clear diagram beats three; prefer Mermaid so it renders in-repo.
|
|
22
|
+
- Describe boundaries and data flow, not implementation line-by-line.
|
|
23
|
+
- Call out the non-obvious: surprising couplings, intentional duplication, hot paths.
|
|
24
|
+
- Date it lightly and link related ADRs so it stays anchored as the system evolves.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: audit-log
|
|
3
|
+
description: Add a tamper-evident audit log of security-relevant actions with who/what/when
|
|
4
|
+
category: observability
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Audit Log
|
|
8
|
+
|
|
9
|
+
Reach for this when you must record who did what to which resource and when — for compliance, security forensics, or accountability.
|
|
10
|
+
|
|
11
|
+
1. Define the events worth auditing: authentication, authorization changes, data access/exports, config and permission changes, and admin actions.
|
|
12
|
+
2. Design a stable record schema: `actor` (id + type), `action`, `resource` (type + id), `timestamp` (UTC), `source_ip`, `outcome`, and a `correlation_id`.
|
|
13
|
+
3. Write audit records to a separate, append-only store (dedicated table/stream), never the same mutable rows the app edits, and never only to app logs.
|
|
14
|
+
4. Make it tamper-evident: hash-chain each entry (`hash = H(prev_hash + entry)`) or use a WORM/immutable backend so silent edits are detectable.
|
|
15
|
+
5. Emit the record in the same transaction as the action where possible so an action can't succeed without its audit trail.
|
|
16
|
+
6. Restrict write/read access, set a retention policy matching your compliance regime, and add a verification job that walks the hash chain to detect breaks.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Audit logs are append-only — no updates or deletes outside the retention policy.
|
|
20
|
+
- Record the outcome (success/denied/error), not just attempts; failed-access events are the point.
|
|
21
|
+
- Don't store raw secrets or full sensitive payloads — log identifiers and the fact of access.
|
|
22
|
+
- Use a trusted server-side clock in UTC; never trust client-supplied timestamps.
|
|
23
|
+
- Separate audit storage and permissions from application data so an app compromise can't rewrite history.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: authz-review
|
|
3
|
+
description: Review authentication and authorization logic for missing or broken access checks
|
|
4
|
+
category: security
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Authz Review
|
|
8
|
+
|
|
9
|
+
Use this to audit who-can-do-what: missing access checks, broken object-level authorization (IDOR), and privilege escalation paths.
|
|
10
|
+
|
|
11
|
+
1. List every protected resource and action, then map which endpoint/handler serves each and what check it performs.
|
|
12
|
+
2. Verify each handler enforces BOTH authentication (who you are) and authorization (what you may touch) — and that authorization is object-level, not just "is logged in".
|
|
13
|
+
3. Hunt for IDOR: any handler that reads an id from the request and fetches the record without scoping to the current user/tenant.
|
|
14
|
+
4. Check role/permission logic for default-allow, missing server-side enforcement (client-only gating), and admin routes lacking checks.
|
|
15
|
+
5. Inspect token/session handling: expiry, revocation, signature verification, and that role/tenant claims are server-validated, not trusted from the client.
|
|
16
|
+
6. Write a test (or curl repro) proving an unauthorized actor is now blocked for each gap found.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Default deny: access must be explicitly granted, never implicitly assumed.
|
|
20
|
+
- Enforce authorization on the server for every request — UI hiding is not a control.
|
|
21
|
+
- Scope every record lookup by owner/tenant; never trust an id alone from the client.
|
|
22
|
+
- Re-check authorization on every step of multi-step flows, not just the first.
|
|
23
|
+
- Confirm fixes with a negative test (the forbidden action returns 403/404), not just a happy-path test.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: aws-lambda
|
|
3
|
+
description: Scaffold an AWS Lambda with a least-privilege IAM role and a clean handler
|
|
4
|
+
category: cloud
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# AWS Lambda
|
|
8
|
+
|
|
9
|
+
Use this to create a deployable Lambda function — handler code, an execution role scoped to exactly what it touches, and the wiring (env, timeout, trigger).
|
|
10
|
+
|
|
11
|
+
1. Write the handler with the runtime's expected signature (`handler(event, context)`), keeping the entry thin and the logic in testable functions.
|
|
12
|
+
2. Initialize clients and read config (env vars) at module scope so they're reused across warm invocations.
|
|
13
|
+
3. Define an IAM execution role granting only the actions/resources this function needs, plus `AWSLambdaBasicExecutionRole` for logs.
|
|
14
|
+
4. Declare the function in IaC (Terraform/SAM/CDK): runtime, `handler`, `memory_size`, `timeout`, env vars, and the role ARN.
|
|
15
|
+
5. Wire the trigger (API Gateway, EventBridge, SQS, S3) and grant the source permission to invoke.
|
|
16
|
+
6. Test locally (`sam local invoke` or a unit test passing a sample event) before deploying.
|
|
17
|
+
7. Add structured logging and set a `CloudWatch` log retention so logs don't accumulate forever.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- Scope IAM to specific resource ARNs and actions — never attach `*` or broad managed policies like `AdministratorAccess`.
|
|
21
|
+
- Pull secrets from Secrets Manager/SSM at runtime, not from plaintext env vars.
|
|
22
|
+
- Set a realistic `timeout` and `memory_size`; the default 3s timeout silently fails many functions.
|
|
23
|
+
- Make handlers idempotent — retries (SQS, async) will re-deliver events.
|
|
24
|
+
- Don't store state in `/tmp` expecting persistence; treat every invocation as potentially cold.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bash-script
|
|
3
|
+
description: Write a robust, safe bash script with strict mode, quoting, traps, and clear failure handling
|
|
4
|
+
category: shell
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Bash Script
|
|
8
|
+
|
|
9
|
+
Use this when authoring a bash script that must run reliably and fail loudly — automation, glue, CI steps, or setup scripts.
|
|
10
|
+
|
|
11
|
+
1. Start with `#!/usr/bin/env bash` and `set -euo pipefail` so unset vars, failed commands, and broken pipes abort the run.
|
|
12
|
+
2. Set `IFS=$'\n\t'` if you iterate over lines/paths, and quote every expansion (`"$var"`, `"${arr[@]}"`) to survive spaces and globs.
|
|
13
|
+
3. Wrap logic in functions with a `main "$@"` entrypoint at the bottom; keep top-level code to argument parsing and the `main` call.
|
|
14
|
+
4. Add `trap 'cleanup' EXIT` (and `ERR` if useful) to remove temp files made with `mktemp`, even on early exit.
|
|
15
|
+
5. Validate prerequisites up front: required args, `command -v tool` for each dependency, and writable paths — exit with a message before doing work.
|
|
16
|
+
6. Run `shellcheck` on the script and fix every warning before considering it done.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Never `cd` without checking it succeeded; prefer `cd "$dir" || exit 1` or compute absolute paths instead.
|
|
20
|
+
- Avoid parsing `ls` output; use globs or `find ... -print0` with `read -d ''` for filenames.
|
|
21
|
+
- Send errors and progress to stderr (`>&2`); keep stdout for the script's actual output.
|
|
22
|
+
- Use `[[ ]]` over `[ ]` for tests, and `$(...)` over backticks for command substitution.
|
|
23
|
+
- For anything with nested data structures, arrays of structs, or heavy text processing, stop and switch to Python — bash is the wrong tool past ~100 lines.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: batch
|
|
3
|
+
description: Batch requests/operations to cut per-call overhead and round-trips
|
|
4
|
+
category: performance
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Batch
|
|
8
|
+
|
|
9
|
+
Reach for this when many small, similar operations each pay fixed overhead — network round-trips, DB statements, or API calls in a loop.
|
|
10
|
+
|
|
11
|
+
1. Find the chatty loop: per-item HTTP calls, single-row inserts, or one API request per element when a bulk form exists.
|
|
12
|
+
2. Group items into batches and use the bulk primitive — `INSERT ... VALUES (many)`, `WHERE id IN (...)`, bulk/multi endpoints, or a pipeline.
|
|
13
|
+
3. Choose a batch size that balances throughput against memory and payload limits; chunk large sets rather than one giant call.
|
|
14
|
+
4. Optionally add a short time-window or size-trigger buffer (debounce/flush) to accumulate items before sending.
|
|
15
|
+
5. Handle partial failure: know whether the batch is atomic or per-item, and retry or report the failed subset without redoing successes.
|
|
16
|
+
6. Measure round-trips and total time before/after to confirm the overhead reduction is real.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Batch the overhead, not the work — the win comes from fewer round-trips, not less computation.
|
|
20
|
+
- Cap batch size; an unbounded batch hits payload limits, timeouts, or memory blowups.
|
|
21
|
+
- Respect ordering and idempotency — retries on a partially-applied batch must not double-apply.
|
|
22
|
+
- Don't add buffering/debounce latency to operations that need to be immediate.
|
|
23
|
+
- Preserve per-item error reporting so one bad item doesn't silently sink the whole batch.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bisect
|
|
3
|
+
description: Use git bisect to pinpoint the commit that introduced a regression
|
|
4
|
+
category: git
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Bisect
|
|
8
|
+
|
|
9
|
+
Reach for this when something worked before and is broken now, but you don't know which commit broke it. `git bisect` binary-searches history so you test ~log2(N) commits instead of all of them.
|
|
10
|
+
|
|
11
|
+
1. Reproduce the bug reliably and define a clear pass/fail test — ideally a single command that exits 0 when good, non-zero when bad.
|
|
12
|
+
2. Start the search: `git bisect start`, then mark the current broken state `git bisect bad`, and a known-good commit/tag `git bisect good <sha-or-tag>`.
|
|
13
|
+
3. At each step git checks out a midpoint commit; run your test and answer `git bisect good` or `git bisect bad` (use `git bisect skip` if a commit can't be tested, e.g. won't build).
|
|
14
|
+
4. Repeat until git prints "`<sha> is the first bad commit`" and shows that commit's details.
|
|
15
|
+
5. Inspect the culprit with `git show <sha>` to understand the regression, then `git bisect reset` to return to your original HEAD.
|
|
16
|
+
6. To fully automate, write a script that exits 0/non-zero and run `git bisect run ./test.sh` — git drives the whole search unattended.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- The good/bad answers must be reliable; a flaky test will send bisect to the wrong commit.
|
|
20
|
+
- For `git bisect run`, your script must exit 125 for "skip/untestable", 0 for good, 1–124 for bad — not just any non-zero.
|
|
21
|
+
- Pick a `good` commit you're confident actually predates the bug, or the search range is wrong from the start.
|
|
22
|
+
- Always finish with `git bisect reset` to restore HEAD and clean up bisect state.
|
|
23
|
+
- If the breakage is environmental (deps, data) rather than in code, bisect will mislead you — confirm it's a code regression first.
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bounding-box
|
|
3
|
+
description: Debug bounding-box bugs — xyxy vs xywh, normalized vs pixel, scaling after resize, axis order
|
|
4
|
+
category: image
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Bounding Box
|
|
8
|
+
|
|
9
|
+
Reach for this when detection/annotation boxes draw in the wrong place, are shifted/scaled, or are off-screen tiny/huge.
|
|
10
|
+
|
|
11
|
+
1. Reproduce by drawing the boxes on the source image and saving it — visual overlay instantly shows whether boxes are shifted, scaled, swapped, or in the wrong coordinate frame.
|
|
12
|
+
2. Identify the format: `xyxy` (x1,y1,x2,y2) vs `xywh` (x,y,w,h) vs center-based `cxcywh` (YOLO). Feeding one where another is expected produces boxes that are offset or sized wrong in a consistent way.
|
|
13
|
+
3. Check normalized vs pixel coordinates: values in `0–1` mean normalized (multiply by width/height); values up to image size are pixels. A box at the top-left corner with tiny dimensions usually means normalized coords drawn as pixels.
|
|
14
|
+
4. Account for resize/letterbox: if the image was resized or padded before inference, boxes are in the model's input space and must be scaled back (and un-padded) to original-image coordinates.
|
|
15
|
+
5. Verify axis order: `(x, y)` vs `(row, col)`/`(y, x)` swaps width and height. A box that looks transposed or lands at a mirrored position is an axis swap.
|
|
16
|
+
6. Clamp and sanity-check: ensure `x2 > x1`, `y2 > y1`, and coords within image bounds; negative or out-of-range values point to a sign or scaling error.
|
|
17
|
+
7. Confirm with one hand-labeled box whose correct pixel coordinates you know, end to end.
|
|
18
|
+
|
|
19
|
+
## Rules
|
|
20
|
+
- State the format explicitly (xyxy / xywh / cxcywh) at every interface; conversions are where boxes break.
|
|
21
|
+
- Normalized boxes need image w/h to render; mixing 0–1 and pixel values is the most common error.
|
|
22
|
+
- After any resize/pad/letterbox, transform boxes back to original coordinates — scale AND offset.
|
|
23
|
+
- `(x, y)` ordering for boxes vs `(row, col)` numpy indexing swaps W/H; pin it down.
|
|
24
|
+
- Always validate by overlaying on the actual image, not by reading numbers alone.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: branch-cleanup
|
|
3
|
+
description: Prune merged and stale local and remote branches safely
|
|
4
|
+
category: git
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Branch Cleanup
|
|
8
|
+
|
|
9
|
+
Use this to clear out branches that have already merged or gone stale, keeping the branch list readable without deleting unmerged work.
|
|
10
|
+
|
|
11
|
+
1. Sync references first: `git fetch --prune` to update remotes and drop refs for branches deleted on the remote.
|
|
12
|
+
2. List merged branches: `git branch --merged main` shows locals fully merged into main (safe to delete); review the list before acting.
|
|
13
|
+
3. Delete merged locals: `git branch -d <name>` (the lowercase `-d` refuses to delete unmerged branches, which is the safety you want).
|
|
14
|
+
4. Find stale branches: `git branch -vv` flags ones whose upstream is `[gone]`, and `git for-each-ref --sort=committerdate refs/heads --format='%(committerdate:short) %(refname:short)'` surfaces the oldest.
|
|
15
|
+
5. Clean remotes deliberately: `git push origin --delete <name>` for branches you own and confirm are merged; don't delete others' active branches.
|
|
16
|
+
6. Re-check `git branch --merged` and `git branch` to confirm only intended branches remain.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Use `git branch -d` (safe) not `-D` (force) unless you've verified the branch is truly disposable — `-D` discards unmerged commits.
|
|
20
|
+
- Exclude protected branches (`main`, `develop`, release/*) from any bulk delete; filter them out explicitly.
|
|
21
|
+
- `git fetch --prune` only cleans remote-tracking refs, not local branches — do both steps.
|
|
22
|
+
- Confirm a remote branch is merged and unowned by an active developer before `--delete`.
|
|
23
|
+
- Recover an accidentally-deleted branch via `git reflog` / `git checkout -b <name> <sha>` while the object is still reachable.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: bundle-analyze
|
|
3
|
+
description: Analyze the production bundle to find the heaviest modules and shrink the shipped size
|
|
4
|
+
category: dependencies
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Bundle Analyze
|
|
8
|
+
|
|
9
|
+
Use when the shipped bundle is too large and you need to know what is taking up space before cutting it.
|
|
10
|
+
|
|
11
|
+
1. Produce a production build with stats enabled and open a treemap (`webpack-bundle-analyzer`, `vite-bundle-visualizer`, `source-map-explorer`, `rollup-plugin-visualizer`).
|
|
12
|
+
2. Rank modules by gzipped size and flag the worst offenders — large libs, duplicated packages, and accidentally-bundled dev/test code.
|
|
13
|
+
3. Replace heavy dependencies with lighter or native equivalents (e.g. date helpers, lodash → per-method or stdlib).
|
|
14
|
+
4. Split routes and lazy-load rarely-used chunks; defer anything not needed for first paint.
|
|
15
|
+
5. Ensure tree-shaking works: prefer ESM imports, drop side-effect-y barrel files, and set `sideEffects` correctly.
|
|
16
|
+
6. Rebuild, compare gzipped sizes against the baseline, and record the before/after numbers.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Measure gzipped (or brotli) size, not raw bytes — that's what users actually download.
|
|
20
|
+
- Always analyze a production build; dev builds include unminified helpers and skew the picture.
|
|
21
|
+
- Confirm a smaller alternative is genuinely lighter after tree-shaking, not just on paper.
|
|
22
|
+
- Duplicated versions of one library are a common, easy win — dedupe before swapping libs.
|
|
23
|
+
- Re-run the analyzer after each change so you attribute the savings correctly.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: cache
|
|
3
|
+
description: Add caching (memoize/LRU/HTTP) where it pays off, with correct keys and invalidation
|
|
4
|
+
category: performance
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Cache
|
|
8
|
+
|
|
9
|
+
Reach for this when the same expensive computation or fetch repeats with identical inputs and recomputing is the bottleneck.
|
|
10
|
+
|
|
11
|
+
1. Confirm the work is cacheable: deterministic for a given key, read-heavy, and expensive enough that caching beats the lookup overhead.
|
|
12
|
+
2. Define the cache key precisely — include every input that changes the result; exclude volatile or irrelevant fields.
|
|
13
|
+
3. Pick the layer: memoize a pure function, an in-process LRU with a size cap, a shared store (Redis), or HTTP `Cache-Control`/`ETag` for responses.
|
|
14
|
+
4. Set bounds: max entries or memory cap plus a TTL, so the cache can't grow unbounded or serve stale data forever.
|
|
15
|
+
5. Define invalidation up front — TTL expiry, write-through on update, or explicit bust on the events that change the source.
|
|
16
|
+
6. Measure hit rate and latency before/after; if the hit rate is low or correctness gets fragile, remove it.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- An unbounded cache is a memory leak — always cap size and/or TTL.
|
|
20
|
+
- A wrong key is worse than no cache: too broad serves stale results, too narrow never hits.
|
|
21
|
+
- Don't cache cheap, fast, or rarely-repeated work — the bookkeeping costs more than it saves.
|
|
22
|
+
- Cache invalidation is the hard part; prefer TTL or write-through over hand-rolled bust logic.
|
|
23
|
+
- Never cache per-user or sensitive data in a shared/global cache without scoping the key to the user.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: call-graph
|
|
3
|
+
description: Map the callers and dependencies of a symbol to understand blast radius before changing it
|
|
4
|
+
category: code-understanding
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Call Graph
|
|
8
|
+
|
|
9
|
+
Use before modifying or removing a function, method, or type when you need to know who depends on it and what it depends on.
|
|
10
|
+
|
|
11
|
+
1. Pin down the exact symbol: its definition, signature, and the module/namespace that exports it.
|
|
12
|
+
2. Find callers — grep for the name across the repo, then filter out shadowing, comments, and unrelated same-name symbols.
|
|
13
|
+
3. Find dependencies — list the functions, types, and external modules this symbol calls or uses.
|
|
14
|
+
4. Follow indirection: interfaces/abstract methods, dynamic dispatch, dependency injection, event handlers, and re-exports that hide real call sites.
|
|
15
|
+
5. Note entry points that reach the symbol (HTTP routes, CLI commands, jobs, tests) so you know the real blast radius.
|
|
16
|
+
6. Summarize as inbound (callers) and outbound (dependencies), flagging anything public/exported or crossing a package boundary.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- A grep for the bare name over-matches; confirm each hit is the same symbol, not a namesake.
|
|
20
|
+
- Account for indirect calls — interface implementations and string-keyed dispatch will not show as direct references.
|
|
21
|
+
- Treat exported/public symbols as having unknown external callers; say so when the repo is a library.
|
|
22
|
+
- Distinguish test-only callers from production callers; they imply different risk.
|
|
23
|
+
- Report concrete file:line references, not vague counts.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: canvas-debug
|
|
3
|
+
description: Debug HTML5 canvas rendering bugs: missing draws, smearing, wrong coordinates, broken transforms or clipping
|
|
4
|
+
category: graphics
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Canvas Debug
|
|
8
|
+
|
|
9
|
+
Reach for this when a 2D `<canvas>` shows nothing, smears frames together, draws in the wrong place, or scales oddly.
|
|
10
|
+
|
|
11
|
+
1. Confirm you have a 2D context and a sized canvas: log `ctx`, `canvas.width`, `canvas.height`. A canvas styled with CSS but never given `width`/`height` attributes defaults to 300x150 and stretches.
|
|
12
|
+
2. Reproduce in isolation: comment out the render loop and draw one hard-coded `fillRect(10,10,50,50)` in a solid color. If that shows, the bug is in your draw data/order, not the canvas.
|
|
13
|
+
3. For smearing/ghosting across frames, confirm you `clearRect(0,0,canvas.width,canvas.height)` (or reset) at the top of every frame; accumulating trails means the clear is missing or sized wrong.
|
|
14
|
+
4. For "everything shifted/rotated/gone after one draw", audit `save()`/`restore()` pairing — an unmatched `translate`/`rotate`/`scale` leaks into later draws. Add a counter or wrap each entity's draw in `save()`...`restore()`.
|
|
15
|
+
5. For wrong coordinates on click/hit-test, map pointer coords through `getBoundingClientRect()` and the DPR scale, not raw `clientX/Y`; mismatched canvas pixel size vs CSS size is the usual culprit.
|
|
16
|
+
6. For invisible draws, check `globalAlpha`, `fillStyle`/`strokeStyle` (transparent or same-as-background), `lineWidth` 0, paths not `beginPath()`-reset between shapes, and drawing outside an active `clip()` region.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Set `canvas.width`/`canvas.height` as attributes (or in JS), never only via CSS — CSS only stretches the bitmap.
|
|
20
|
+
- Every `save()` needs exactly one `restore()`; never rely on resetting transforms by hand.
|
|
21
|
+
- Call `beginPath()` before each new shape or strokes/fills bleed into prior subpaths.
|
|
22
|
+
- Coordinates are in the transformed space — pointer hit-testing must invert the same transform.
|
|
23
|
+
- Clear the frame explicitly; canvases never auto-clear between draws.
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: cdn-setup
|
|
3
|
+
description: Configure a CDN and cache layer in front of an origin for speed and offload
|
|
4
|
+
category: cloud
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# CDN Setup
|
|
8
|
+
|
|
9
|
+
Reach for this to put a CDN (CloudFront, Cloudflare, Fastly) in front of an origin so static assets are served from the edge and the origin sees far less traffic.
|
|
10
|
+
|
|
11
|
+
1. Define the origin (host, port, protocol) and create the distribution/zone pointing at it.
|
|
12
|
+
2. Set cache behaviors: long TTLs for immutable static assets, short or bypass for HTML and authenticated routes.
|
|
13
|
+
3. Honor or override caching with `Cache-Control`/`Surrogate-Control` headers from the origin; decide which query strings, headers, and cookies are part of the cache key.
|
|
14
|
+
4. Attach TLS at the edge and force HTTPS; configure the custom domain (CNAME) and its certificate.
|
|
15
|
+
5. Set a cache-busting strategy — hashed/fingerprinted asset filenames so new deploys invalidate naturally.
|
|
16
|
+
6. Test cache behavior by inspecting `X-Cache`/`CF-Cache-Status`/`Age` response headers, then load-test to confirm origin offload.
|
|
17
|
+
|
|
18
|
+
## Rules
|
|
19
|
+
- Never cache authenticated or personalized responses at a shared edge — vary on auth or set `Cache-Control: private`.
|
|
20
|
+
- Prefer fingerprinted filenames over manual cache invalidation; invalidations are slow, rate-limited, and sometimes billed.
|
|
21
|
+
- Keep the cache key minimal — every cookie/header/query param you include fragments and dilutes the cache.
|
|
22
|
+
- Set sensible `Cache-Control` at the origin so the CDN, browsers, and intermediaries all agree.
|
|
23
|
+
- Watch for cache stampedes on misses; enable origin shielding / request coalescing for hot objects.
|