ada-agent 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (339) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +256 -0
  3. package/bench/README.md +88 -0
  4. package/bench/swebench.mjs +242 -0
  5. package/bin/ada-server.mjs +6 -0
  6. package/bin/ada.mjs +7 -0
  7. package/docs/agent-loop.svg +66 -0
  8. package/docs/architecture.md +139 -0
  9. package/docs/architecture.svg +73 -0
  10. package/docs/connectors.md +48 -0
  11. package/docs/integrations.md +59 -0
  12. package/docs/login-flow.svg +56 -0
  13. package/docs/orchestration.md +45 -0
  14. package/package.json +64 -0
  15. package/skills/accessibility/SKILL.md +23 -0
  16. package/skills/add-logging/SKILL.md +23 -0
  17. package/skills/add-metrics/SKILL.md +23 -0
  18. package/skills/adr/SKILL.md +24 -0
  19. package/skills/aesthetic-direction/SKILL.md +24 -0
  20. package/skills/agent-loop/SKILL.md +23 -0
  21. package/skills/alerting/SKILL.md +23 -0
  22. package/skills/alpha-compositing/SKILL.md +23 -0
  23. package/skills/android-compose/SKILL.md +23 -0
  24. package/skills/angular-module/SKILL.md +23 -0
  25. package/skills/ansible-playbook/SKILL.md +24 -0
  26. package/skills/api-docs/SKILL.md +24 -0
  27. package/skills/app-store-prep/SKILL.md +23 -0
  28. package/skills/architecture-diagram/SKILL.md +21 -0
  29. package/skills/architecture-doc/SKILL.md +24 -0
  30. package/skills/audit-log/SKILL.md +23 -0
  31. package/skills/authz-review/SKILL.md +23 -0
  32. package/skills/aws-lambda/SKILL.md +24 -0
  33. package/skills/bash-script/SKILL.md +23 -0
  34. package/skills/batch/SKILL.md +23 -0
  35. package/skills/bisect/SKILL.md +23 -0
  36. package/skills/bounding-box/SKILL.md +24 -0
  37. package/skills/branch-cleanup/SKILL.md +23 -0
  38. package/skills/bundle-analyze/SKILL.md +23 -0
  39. package/skills/cache/SKILL.md +23 -0
  40. package/skills/call-graph/SKILL.md +23 -0
  41. package/skills/canvas-debug/SKILL.md +23 -0
  42. package/skills/cdn-setup/SKILL.md +23 -0
  43. package/skills/changelog/SKILL.md +24 -0
  44. package/skills/cherry-pick/SKILL.md +23 -0
  45. package/skills/ci-setup/SKILL.md +23 -0
  46. package/skills/cleanup/SKILL.md +23 -0
  47. package/skills/cli-tool/SKILL.md +23 -0
  48. package/skills/cloudformation/SKILL.md +23 -0
  49. package/skills/code-examples/SKILL.md +24 -0
  50. package/skills/code-review/SKILL.md +23 -0
  51. package/skills/color-palette/SKILL.md +24 -0
  52. package/skills/color-space/SKILL.md +24 -0
  53. package/skills/comment-why/SKILL.md +23 -0
  54. package/skills/commit/SKILL.md +26 -0
  55. package/skills/complexity-audit/SKILL.md +23 -0
  56. package/skills/component/SKILL.md +23 -0
  57. package/skills/component-library/SKILL.md +23 -0
  58. package/skills/connect-github/SKILL.md +20 -0
  59. package/skills/connect-mcp/SKILL.md +21 -0
  60. package/skills/connect-postgres/SKILL.md +20 -0
  61. package/skills/connect-remote/SKILL.md +23 -0
  62. package/skills/connect-slack/SKILL.md +20 -0
  63. package/skills/contract-audit/SKILL.md +25 -0
  64. package/skills/contributing/SKILL.md +23 -0
  65. package/skills/cpp-raii/SKILL.md +23 -0
  66. package/skills/cron-job/SKILL.md +23 -0
  67. package/skills/cv-preprocess/SKILL.md +24 -0
  68. package/skills/dark-mode/SKILL.md +24 -0
  69. package/skills/dashboard/SKILL.md +23 -0
  70. package/skills/dashboard-ui/SKILL.md +23 -0
  71. package/skills/data-export/SKILL.md +23 -0
  72. package/skills/data-validation/SKILL.md +23 -0
  73. package/skills/dataframe/SKILL.md +23 -0
  74. package/skills/db-index/SKILL.md +24 -0
  75. package/skills/dead-code/SKILL.md +23 -0
  76. package/skills/debug/SKILL.md +24 -0
  77. package/skills/deck-review/SKILL.md +24 -0
  78. package/skills/dedupe/SKILL.md +23 -0
  79. package/skills/dedupe-deps/SKILL.md +23 -0
  80. package/skills/dependency-audit/SKILL.md +23 -0
  81. package/skills/dependency-update/SKILL.md +23 -0
  82. package/skills/deploy/SKILL.md +23 -0
  83. package/skills/design-system/SKILL.md +24 -0
  84. package/skills/design-tokens/SKILL.md +24 -0
  85. package/skills/diagram-as-code/SKILL.md +24 -0
  86. package/skills/diff-explain/SKILL.md +23 -0
  87. package/skills/django-view/SKILL.md +23 -0
  88. package/skills/doc-lint/SKILL.md +24 -0
  89. package/skills/docker-compose/SKILL.md +23 -0
  90. package/skills/dockerize/SKILL.md +23 -0
  91. package/skills/docstrings/SKILL.md +23 -0
  92. package/skills/dotfiles/SKILL.md +23 -0
  93. package/skills/dpi-scaling/SKILL.md +23 -0
  94. package/skills/e2e-test/SKILL.md +23 -0
  95. package/skills/embeddings/SKILL.md +23 -0
  96. package/skills/empty-states/SKILL.md +23 -0
  97. package/skills/env-setup/SKILL.md +23 -0
  98. package/skills/erc20/SKILL.md +24 -0
  99. package/skills/error-tracking/SKILL.md +23 -0
  100. package/skills/estimate/SKILL.md +23 -0
  101. package/skills/etl-pipeline/SKILL.md +24 -0
  102. package/skills/eval-harness/SKILL.md +23 -0
  103. package/skills/exif-orientation/SKILL.md +23 -0
  104. package/skills/explain-code/SKILL.md +23 -0
  105. package/skills/express-middleware/SKILL.md +23 -0
  106. package/skills/extract-function/SKILL.md +23 -0
  107. package/skills/faq/SKILL.md +24 -0
  108. package/skills/fastapi-endpoint/SKILL.md +23 -0
  109. package/skills/favicon/SKILL.md +23 -0
  110. package/skills/feature-engineering/SKILL.md +23 -0
  111. package/skills/few-shot/SKILL.md +23 -0
  112. package/skills/find-owner/SKILL.md +23 -0
  113. package/skills/firmware-driver/SKILL.md +23 -0
  114. package/skills/fix-flaky-tests/SKILL.md +23 -0
  115. package/skills/flutter-widget/SKILL.md +23 -0
  116. package/skills/font-rendering/SKILL.md +23 -0
  117. package/skills/form-validation/SKILL.md +23 -0
  118. package/skills/format/SKILL.md +23 -0
  119. package/skills/game-loop/SKILL.md +23 -0
  120. package/skills/gas-optimize/SKILL.md +25 -0
  121. package/skills/gdpr-review/SKILL.md +24 -0
  122. package/skills/github-actions/SKILL.md +23 -0
  123. package/skills/glossary/SKILL.md +24 -0
  124. package/skills/go-idioms/SKILL.md +23 -0
  125. package/skills/gpu-profile/SKILL.md +23 -0
  126. package/skills/graphify/SKILL.md +21 -0
  127. package/skills/graphql-resolver/SKILL.md +23 -0
  128. package/skills/grpc-service/SKILL.md +23 -0
  129. package/skills/guardrails/SKILL.md +23 -0
  130. package/skills/healthcheck/SKILL.md +23 -0
  131. package/skills/heisenbug/SKILL.md +23 -0
  132. package/skills/helm-chart/SKILL.md +24 -0
  133. package/skills/hero-section/SKILL.md +23 -0
  134. package/skills/html-email/SKILL.md +24 -0
  135. package/skills/html-form/SKILL.md +23 -0
  136. package/skills/html-sanitize/SKILL.md +23 -0
  137. package/skills/html-table/SKILL.md +23 -0
  138. package/skills/html-to-pdf/SKILL.md +23 -0
  139. package/skills/http-client/SKILL.md +23 -0
  140. package/skills/i18n/SKILL.md +23 -0
  141. package/skills/i2c-spi/SKILL.md +23 -0
  142. package/skills/image-decode/SKILL.md +24 -0
  143. package/skills/image-memory/SKILL.md +24 -0
  144. package/skills/image-perf/SKILL.md +24 -0
  145. package/skills/image-pipeline/SKILL.md +24 -0
  146. package/skills/image-upload/SKILL.md +24 -0
  147. package/skills/infra-cost/SKILL.md +24 -0
  148. package/skills/input-validation/SKILL.md +23 -0
  149. package/skills/issue-template/SKILL.md +23 -0
  150. package/skills/java-streams/SKILL.md +23 -0
  151. package/skills/k8s-manifest/SKILL.md +23 -0
  152. package/skills/kotlin-coroutines/SKILL.md +23 -0
  153. package/skills/landing-page/SKILL.md +24 -0
  154. package/skills/laravel-controller/SKILL.md +23 -0
  155. package/skills/lazy-load/SKILL.md +23 -0
  156. package/skills/license-check/SKILL.md +23 -0
  157. package/skills/license-header/SKILL.md +23 -0
  158. package/skills/lint-fix/SKILL.md +23 -0
  159. package/skills/llm-cost/SKILL.md +23 -0
  160. package/skills/lockfile-fix/SKILL.md +23 -0
  161. package/skills/low-power/SKILL.md +23 -0
  162. package/skills/makefile/SKILL.md +23 -0
  163. package/skills/man-page/SKILL.md +24 -0
  164. package/skills/mcp-server/SKILL.md +23 -0
  165. package/skills/memory-leak/SKILL.md +23 -0
  166. package/skills/mermaid-diagram/SKILL.md +23 -0
  167. package/skills/meta-tags/SKILL.md +23 -0
  168. package/skills/micro-interactions/SKILL.md +23 -0
  169. package/skills/migration/SKILL.md +23 -0
  170. package/skills/migration-guide/SKILL.md +24 -0
  171. package/skills/mkdocs-setup/SKILL.md +24 -0
  172. package/skills/mobile-permissions/SKILL.md +23 -0
  173. package/skills/mock-api/SKILL.md +23 -0
  174. package/skills/modernize/SKILL.md +23 -0
  175. package/skills/monorepo-setup/SKILL.md +23 -0
  176. package/skills/motion-design/SKILL.md +23 -0
  177. package/skills/n-plus-one/SKILL.md +23 -0
  178. package/skills/naming-review/SKILL.md +23 -0
  179. package/skills/nextjs-route/SKILL.md +23 -0
  180. package/skills/nginx-config/SKILL.md +23 -0
  181. package/skills/ocr-debug/SKILL.md +24 -0
  182. package/skills/onboard/SKILL.md +23 -0
  183. package/skills/onboarding-map/SKILL.md +23 -0
  184. package/skills/open-pr/SKILL.md +24 -0
  185. package/skills/openapi/SKILL.md +23 -0
  186. package/skills/opencv-debug/SKILL.md +24 -0
  187. package/skills/orm-model/SKILL.md +23 -0
  188. package/skills/owasp-check/SKILL.md +24 -0
  189. package/skills/page-transitions/SKILL.md +23 -0
  190. package/skills/pagination/SKILL.md +23 -0
  191. package/skills/perf-optimize/SKILL.md +23 -0
  192. package/skills/perf-profile/SKILL.md +23 -0
  193. package/skills/physics/SKILL.md +23 -0
  194. package/skills/pitch-deck/SKILL.md +24 -0
  195. package/skills/pixel-diff/SKILL.md +23 -0
  196. package/skills/ponytail/SKILL.md +46 -0
  197. package/skills/postmortem/SKILL.md +24 -0
  198. package/skills/pptx-deck/SKILL.md +23 -0
  199. package/skills/pptx-export/SKILL.md +23 -0
  200. package/skills/pptx-from-markdown/SKILL.md +23 -0
  201. package/skills/pptx-template/SKILL.md +24 -0
  202. package/skills/pr-review/SKILL.md +24 -0
  203. package/skills/precommit/SKILL.md +23 -0
  204. package/skills/pricing-page/SKILL.md +23 -0
  205. package/skills/project-overview/SKILL.md +22 -0
  206. package/skills/prompt-template/SKILL.md +23 -0
  207. package/skills/property-test/SKILL.md +23 -0
  208. package/skills/protobuf/SKILL.md +23 -0
  209. package/skills/py-async/SKILL.md +23 -0
  210. package/skills/py-typing/SKILL.md +23 -0
  211. package/skills/query-optimize/SKILL.md +23 -0
  212. package/skills/rag-pipeline/SKILL.md +23 -0
  213. package/skills/rails-resource/SKILL.md +23 -0
  214. package/skills/rate-limit/SKILL.md +23 -0
  215. package/skills/react-hooks/SKILL.md +23 -0
  216. package/skills/react-native-screen/SKILL.md +23 -0
  217. package/skills/react-perf/SKILL.md +23 -0
  218. package/skills/readme/SKILL.md +24 -0
  219. package/skills/rebase/SKILL.md +24 -0
  220. package/skills/refactor/SKILL.md +23 -0
  221. package/skills/regression-test/SKILL.md +23 -0
  222. package/skills/release-notes/SKILL.md +24 -0
  223. package/skills/rename-symbol/SKILL.md +23 -0
  224. package/skills/repro/SKILL.md +23 -0
  225. package/skills/resolve-conflicts/SKILL.md +23 -0
  226. package/skills/responsive/SKILL.md +23 -0
  227. package/skills/rest-endpoint/SKILL.md +23 -0
  228. package/skills/retro/SKILL.md +23 -0
  229. package/skills/rtos-task/SKILL.md +23 -0
  230. package/skills/runbook/SKILL.md +25 -0
  231. package/skills/rust-borrow/SKILL.md +23 -0
  232. package/skills/rust-unsafe-audit/SKILL.md +23 -0
  233. package/skills/sanitize/SKILL.md +23 -0
  234. package/skills/schema-design/SKILL.md +23 -0
  235. package/skills/screenshot-debug/SKILL.md +22 -0
  236. package/skills/scroll-animation/SKILL.md +23 -0
  237. package/skills/secret-scan/SKILL.md +23 -0
  238. package/skills/security-audit/SKILL.md +23 -0
  239. package/skills/security-review/SKILL.md +23 -0
  240. package/skills/seed-data/SKILL.md +23 -0
  241. package/skills/self-review/SKILL.md +23 -0
  242. package/skills/semantic-html/SKILL.md +23 -0
  243. package/skills/semver-bump/SKILL.md +24 -0
  244. package/skills/shader/SKILL.md +23 -0
  245. package/skills/shader-debug/SKILL.md +23 -0
  246. package/skills/simplify-conditionals/SKILL.md +23 -0
  247. package/skills/sitemap/SKILL.md +23 -0
  248. package/skills/skeleton-loader/SKILL.md +23 -0
  249. package/skills/slide-charts/SKILL.md +24 -0
  250. package/skills/slide-outline/SKILL.md +23 -0
  251. package/skills/snapshot-update/SKILL.md +23 -0
  252. package/skills/solidity-contract/SKILL.md +25 -0
  253. package/skills/speaker-notes/SKILL.md +23 -0
  254. package/skills/spike/SKILL.md +23 -0
  255. package/skills/split-file/SKILL.md +23 -0
  256. package/skills/spring-controller/SKILL.md +23 -0
  257. package/skills/sprite-anim/SKILL.md +23 -0
  258. package/skills/sql-report/SKILL.md +23 -0
  259. package/skills/squash/SKILL.md +24 -0
  260. package/skills/ssl-setup/SKILL.md +23 -0
  261. package/skills/stacktrace/SKILL.md +23 -0
  262. package/skills/static-site/SKILL.md +24 -0
  263. package/skills/structured-logging/SKILL.md +23 -0
  264. package/skills/svelte-store/SKILL.md +23 -0
  265. package/skills/swiftui-view/SKILL.md +23 -0
  266. package/skills/tailwind-theme/SKILL.md +24 -0
  267. package/skills/tcp-server/SKILL.md +23 -0
  268. package/skills/tdd/SKILL.md +23 -0
  269. package/skills/terraform-module/SKILL.md +24 -0
  270. package/skills/test-coverage/SKILL.md +23 -0
  271. package/skills/texture-debug/SKILL.md +23 -0
  272. package/skills/threat-model/SKILL.md +23 -0
  273. package/skills/thumbnail/SKILL.md +24 -0
  274. package/skills/todo-scan/SKILL.md +23 -0
  275. package/skills/tool-definition/SKILL.md +23 -0
  276. package/skills/trace-flow/SKILL.md +23 -0
  277. package/skills/tracing/SKILL.md +23 -0
  278. package/skills/train-model/SKILL.md +24 -0
  279. package/skills/tree-shake/SKILL.md +23 -0
  280. package/skills/ts-generics/SKILL.md +23 -0
  281. package/skills/ts-strict/SKILL.md +23 -0
  282. package/skills/tui-app/SKILL.md +23 -0
  283. package/skills/tutorial/SKILL.md +24 -0
  284. package/skills/type-tighten/SKILL.md +23 -0
  285. package/skills/typography/SKILL.md +24 -0
  286. package/skills/ui-bug-repro/SKILL.md +23 -0
  287. package/skills/ui-polish/SKILL.md +24 -0
  288. package/skills/ui-review/SKILL.md +24 -0
  289. package/skills/vendor/SKILL.md +23 -0
  290. package/skills/visual-diff-ci/SKILL.md +24 -0
  291. package/skills/visual-regression/SKILL.md +23 -0
  292. package/skills/vue-composition/SKILL.md +23 -0
  293. package/skills/web-component/SKILL.md +23 -0
  294. package/skills/web-fonts/SKILL.md +24 -0
  295. package/skills/web3-frontend/SKILL.md +25 -0
  296. package/skills/webgl-debug/SKILL.md +23 -0
  297. package/skills/webhook/SKILL.md +23 -0
  298. package/skills/websocket/SKILL.md +23 -0
  299. package/skills/write-tests/SKILL.md +19 -0
  300. package/src/client/agent.ts +803 -0
  301. package/src/client/background.ts +39 -0
  302. package/src/client/checkpoint.ts +48 -0
  303. package/src/client/cli.ts +1253 -0
  304. package/src/client/compaction.ts +86 -0
  305. package/src/client/extensions.ts +83 -0
  306. package/src/client/hooks.ts +40 -0
  307. package/src/client/image.ts +26 -0
  308. package/src/client/lsp.ts +0 -0
  309. package/src/client/mcp.ts +276 -0
  310. package/src/client/models-dev.ts +52 -0
  311. package/src/client/pkg.ts +41 -0
  312. package/src/client/platform.ts +94 -0
  313. package/src/client/prompts.ts +47 -0
  314. package/src/client/render.ts +138 -0
  315. package/src/client/session.ts +107 -0
  316. package/src/client/settings.ts +86 -0
  317. package/src/client/skill-router.ts +79 -0
  318. package/src/client/skills.ts +199 -0
  319. package/src/client/snapshot.ts +56 -0
  320. package/src/client/telemetry.ts +24 -0
  321. package/src/client/todos.ts +23 -0
  322. package/src/client/tools.ts +756 -0
  323. package/src/client/tui-mode.ts +41 -0
  324. package/src/client/tui.ts +224 -0
  325. package/src/sdk/index.ts +36 -0
  326. package/src/selfcheck.ts +364 -0
  327. package/src/server/config.ts +58 -0
  328. package/src/server/credentials.ts +89 -0
  329. package/src/server/identity.ts +58 -0
  330. package/src/server/index.ts +113 -0
  331. package/src/server/oauth.ts +93 -0
  332. package/src/server/providers/adapter.ts +25 -0
  333. package/src/server/providers/anthropic.ts +189 -0
  334. package/src/server/providers/openai-compat.ts +76 -0
  335. package/src/server/providers/registry.ts +31 -0
  336. package/src/server/router.ts +29 -0
  337. package/src/server/sse.ts +20 -0
  338. package/src/shared/types.ts +20 -0
  339. package/tsconfig.json +15 -0
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: image-memory
3
+ description: Diagnose image memory blowups and leaks — huge decoded bitmaps, uncleared caches, retained handles
4
+ category: image
5
+ ---
6
+
7
+ # Image Memory
8
+
9
+ Reach for this when an image workload's RSS balloons or grows unbounded over time, risking OOM, even though files on disk are small.
10
+
11
+ 1. Reproduce and watch memory over a controlled run (process N images in a loop) with an RSS sampler or memory profiler; a steadily rising baseline means a leak, a single spike means one oversized decode.
12
+ 2. Remember decoded size != file size: a 2 MB JPEG decodes to `width × height × channels` bytes (a 6000×4000 RGBA image is ~96 MB raw). Log decoded dimensions of the largest inputs — one giant image can dwarf the file size.
13
+ 3. For leaks, find what retains buffers: unclosed image handles, appending decoded arrays to a list/cache that's never evicted, closures capturing big arrays, or thumbnails keeping the full-res parent alive.
14
+ 4. Inspect caches: an unbounded LRU/dict keyed by URL or path that stores decoded bitmaps grows forever. Add a size cap (by bytes, not count) and confirm eviction actually frees memory.
15
+ 5. Stream/downscale early: decode at a reduced size (JPEG DCT scaling, `draft`/thumbnail-on-decode) so you never materialize the full-res bitmap when you only need a small one.
16
+ 6. Free deterministically: close/`del` large arrays as soon as you're done, avoid keeping the whole batch in memory, and process in chunks rather than loading everything.
17
+ 7. Confirm the fix by re-running the loop and showing RSS is now flat (leak) or capped (blowup).
18
+
19
+ ## Rules
20
+ - Reason in decoded pixels, not file bytes — that's where the memory actually goes.
21
+ - Always close/dispose image handles; rely on context managers, not the garbage collector.
22
+ - Caches of decoded images must be bounded by total bytes and must evict; verify freeing, don't assume it.
23
+ - Decode/downscale to the size you need; don't materialize full-res bitmaps for thumbnails.
24
+ - A flat RSS over a long loop is the only proof a leak is fixed.
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: image-perf
3
+ description: Optimize image load/decode/processing throughput — find the bottleneck before changing code
4
+ category: image
5
+ ---
6
+
7
+ # Image Perf
8
+
9
+ Reach for this when image loading, decoding, or processing is too slow and you need to raise throughput without guessing.
10
+
11
+ 1. Reproduce on a representative batch and measure end-to-end time plus a per-stage breakdown (download vs decode vs resize vs model/encode). Optimize the dominant stage — never the one you assume.
12
+ 2. Determine if you're I/O-bound or CPU-bound: high wait/low CPU means I/O (network/disk), saturated cores means decode/compute. The diagnosis dictates the fix (concurrency vs faster codec/SIMD vs fewer pixels).
13
+ 3. Decode at target size, not full res: use JPEG scaled decoding / draft mode / thumbnail-on-load so you never decode pixels you'll immediately throw away — often the single biggest win.
14
+ 4. Parallelize the right way: overlap I/O with threads/async (GIL released during native decode), and use processes for CPU-heavy pure-Python work. Batch GPU/model calls instead of one-at-a-time.
15
+ 5. Swap in faster building blocks where it matters: a SIMD/turbo JPEG decoder, a vectorized resize, or GPU decode/resize; pick the right interpolation (don't pay for bicubic when bilinear suffices).
16
+ 6. Cache and avoid rework: memoize decoded/resized results, reuse buffers instead of reallocating per image, and skip redundant color conversions or copies between stages.
17
+ 7. Re-measure after each change and keep only the ones that move the dominant stage; verify output is still correct (perf must not silently change pixels).
18
+
19
+ ## Rules
20
+ - Profile first and per-stage — the bottleneck is rarely where intuition says.
21
+ - Decoding fewer pixels (scaled decode/downsample-on-load) usually beats any post-decode optimization.
22
+ - Classify I/O-bound vs CPU-bound before choosing threads, processes, or a faster codec.
23
+ - Threads overlap native decode (GIL released); use processes only for CPU-bound pure-Python.
24
+ - Verify pixels are unchanged after optimizing; faster but wrong is a regression.
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: image-pipeline
3
+ description: Debug an image-processing pipeline where resize/crop/filter order or off-by-one errors corrupt output
4
+ category: image
5
+ ---
6
+
7
+ # Image Pipeline
8
+
9
+ Reach for this when an image pipeline produces shifted, cropped-wrong, blurred, or subtly-off output and you suspect operation ordering or boundary math.
10
+
11
+ 1. Reproduce with one fixed input image and dump the intermediate after EVERY stage (write `stage_01.png`, `stage_02.png`, ...) so you can see exactly where it breaks.
12
+ 2. Make a synthetic test image with known features — a 1px grid, a colored corner marker, a centered crosshair — so any shift, flip, or crop is obvious by eye and by pixel coordinate.
13
+ 3. Check operation ORDER: resize-then-crop vs crop-then-resize give different results; sharpen/blur before vs after downscale changes aliasing. Confirm the order matches the spec, not just "looks plausible".
14
+ 4. Audit boundary math: half-open vs closed ranges (`[x0, x1)` vs `[x0, x1]`), center computed as `w/2` vs `(w-1)/2`, and whether crop boxes are inclusive. Off-by-one usually shows as a 1px black/duplicated edge row or column.
15
+ 5. Verify interpolation and rounding: integer truncation vs round, and whether coordinates are floored before sampling. Switch to nearest-neighbor temporarily to expose pure positional errors without resampling blur.
16
+ 6. Bisect by short-circuiting stages to identity (pass-through) one at a time until the output goes correct; the last stage you disabled owns the bug.
17
+ 7. After the fix, assert pixel-exact equality (or SSIM above threshold) against a golden image so the regression is locked.
18
+
19
+ ## Rules
20
+ - Always inspect intermediates as files; never trust "the array shape looks right".
21
+ - Resize changes coordinates — any crop/box/coordinate computed before a resize must be rescaled, not reused.
22
+ - A 1px dark border or doubled edge line almost always means an inclusive/exclusive range mismatch.
23
+ - Keep a deterministic synthetic fixture in the repo; floating photos make off-by-one invisible.
24
+ - Watch for silent dimension swaps: `(w, h)` vs `(h, w)` between libraries flips the whole image without erroring.
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: image-upload
3
+ description: Debug an image upload pipeline end to end — mime sniffing, EXIF strip, orientation, resize, size limits, storage
4
+ category: visual-test
5
+ ---
6
+
7
+ # Image Upload
8
+
9
+ Reach for this when uploads fail, get rejected, come out rotated, or land corrupted in storage. Debug the pipeline stage by stage, not all at once.
10
+
11
+ 1. Capture the raw bytes the server actually received (log to a temp file before any processing) — most "corrupt image" bugs are a truncated or wrongly-encoded multipart body.
12
+ 2. Verify type by content, not extension: sniff the magic bytes (`file`, libmagic) and reject on the sniffed mime; a `.png` that's really a polyglot/SVG is a security bug.
13
+ 3. Check orientation: read the EXIF `Orientation` tag — if you strip EXIF without baking rotation into pixels first, portrait photos render sideways.
14
+ 4. Strip metadata after applying orientation: remove EXIF/GPS/ICC (or transcode) so you don't leak location and don't ship surprise color profiles.
15
+ 5. Enforce limits in order — byte size, then decoded dimensions (the decompression-bomb guard), then re-encode to a safe format at a capped resolution.
16
+ 6. Confirm the stored object: re-download it, check mime/dimensions/byte size, and render it to verify the round trip, not just the HTTP 200.
17
+
18
+ ## Rules
19
+ - Never trust the client filename or `Content-Type`; sniff magic bytes server-side and decide from that.
20
+ - Apply EXIF orientation to pixels BEFORE stripping metadata, or rotated images become permanently sideways.
21
+ - Guard decoded dimensions, not just file size — a 2KB PNG can decode to gigapixels (decompression bomb / OOM).
22
+ - Strip GPS/EXIF for privacy and re-encode through a trusted decoder to neutralize embedded payloads.
23
+ - Verify by reading the object back from storage and rendering it; a 200 response doesn't prove the bytes are intact.
24
+ - Test the ugly cases: HEIC, CMYK JPEG, animated GIF/WebP, SVG, and zero-byte uploads each break a different stage.
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: infra-cost
3
+ description: Estimate cloud spend and trim it without degrading reliability
4
+ category: cloud
5
+ ---
6
+
7
+ # Infra Cost
8
+
9
+ Use this to put a number on what infrastructure costs (before or after deploy) and to find the cuts that save the most money for the least risk.
10
+
11
+ 1. Pull the actual bill broken down by service and tag (Cost Explorer / billing export) to see where money actually goes.
12
+ 2. For planned changes, estimate with a pricing tool (`infracost breakdown` on Terraform, or the provider calculator) before merging.
13
+ 3. Rank line items by spend and target the top few — compute, egress, and idle/oversized resources are usually the bulk.
14
+ 4. Right-size: match instance/DB sizes to observed utilization, delete unattached volumes/IPs/snapshots, and stop non-prod overnight.
15
+ 5. Commit to discounts where usage is stable (savings plans / reserved / committed-use); use spot/preemptible for fault-tolerant batch work.
16
+ 6. Cut data-transfer cost by keeping traffic in-region/in-AZ and fronting egress with a CDN.
17
+ 7. Add billing alerts/budgets and a `cost` tag so regressions are caught early.
18
+
19
+ ## Rules
20
+ - Measure before cutting — right-size from real utilization metrics, not guesses, to avoid causing incidents.
21
+ - Egress is often the silent top cost; check cross-AZ, cross-region, and internet-egress traffic specifically.
22
+ - Reserved/committed pricing only pays off for steady baseline load — don't commit to spiky or shrinking workloads.
23
+ - Tag resources for cost allocation; untagged spend is unaccountable and the first place waste hides.
24
+ - Don't sacrifice redundancy (multi-AZ, backups) for marginal savings — a single outage can dwarf the cut.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: input-validation
3
+ description: Add validation and sanitization at trust boundaries where untrusted data enters
4
+ category: security
5
+ ---
6
+
7
+ # Input Validation
8
+
9
+ Use this when adding or hardening checks on data crossing a trust boundary — request bodies, query params, headers, file uploads, env, or upstream API responses.
10
+
11
+ 1. Identify each trust boundary and the exact shape expected (type, range, length, format, allowed values) for every field.
12
+ 2. Validate at the boundary with a schema/validator (zod, pydantic, JSON Schema, Joi) — parse into typed values, reject anything that does not conform.
13
+ 3. Prefer allowlists over denylists: enumerate what is permitted (enum, regex anchored with `^...$`, numeric bounds) rather than blocking known-bad.
14
+ 4. Enforce size and depth limits (max length, max array size, max upload bytes, max JSON nesting) to blunt resource-exhaustion.
15
+ 5. Apply context-correct encoding/escaping at the sink (SQL params, HTML escape, shell arg arrays) — validation does not replace output encoding.
16
+ 6. Fail closed with a clear, non-leaky error; log the rejection for monitoring without echoing raw payloads.
17
+
18
+ ## Rules
19
+ - Validate on the server even if the client already validates — the client is untrusted.
20
+ - Normalize before validating (Unicode, path, case) so checks cannot be bypassed by alternate encodings.
21
+ - Validate is not the same as sanitize: reject bad input where you can; only transform when you must.
22
+ - Keep validation declarative and centralized so it is auditable, not scattered ad-hoc checks.
23
+ - Anchor regexes and set timeouts/limits to avoid ReDoS on attacker-controlled strings.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: issue-template
3
+ description: Add GitHub issue and pull request templates to standardize reports and reviews
4
+ category: compliance
5
+ ---
6
+
7
+ # Issue Template
8
+
9
+ Use when a repo gets low-quality or inconsistent issues/PRs, or when setting up a new project's contribution scaffolding.
10
+
11
+ 1. Create `.github/ISSUE_TEMPLATE/` with separate templates for bug reports and feature requests (YAML issue forms preferred, or Markdown with front-matter `name`/`about`/`labels`).
12
+ 2. In the bug template require: steps to reproduce, expected vs actual, version/environment, and logs — fields that make triage possible.
13
+ 3. In the feature template ask for: problem/motivation, proposed solution, and alternatives considered.
14
+ 4. Add `.github/ISSUE_TEMPLATE/config.yml` to set default labels and add `contact_links` (e.g. discussions, security policy) and decide whether to disable blank issues.
15
+ 5. Add `.github/PULL_REQUEST_TEMPLATE.md` with a summary, linked issue (`Closes #`), testing notes, and a checklist (tests pass, docs updated).
16
+ 6. Validate YAML syntax and confirm GitHub renders the picker by checking the repo's New Issue page.
17
+
18
+ ## Rules
19
+ - Issue forms (`.yml`) need valid YAML and correct field `type` values, or GitHub silently falls back to blank issues — validate before merging.
20
+ - Keep required fields minimal; over-long forms suppress reports.
21
+ - Reference labels that already exist in the repo, or create them, so auto-labeling doesn't fail.
22
+ - Don't route security reports through public issues — link to `SECURITY.md` in `config.yml` instead.
23
+ - Place everything under `.github/`; templates elsewhere are ignored by GitHub.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: java-streams
3
+ description: Modernize imperative Java loops into Streams and replace null checks with Optional
4
+ category: languages
5
+ ---
6
+
7
+ # Java Streams
8
+
9
+ Use this when refactoring verbose loop-and-accumulate Java into the Streams API, or replacing null-juggling with `Optional`, without changing behavior.
10
+
11
+ 1. Spot the loop shape: filter/map/reduce/collect patterns over a collection are the prime candidates; a loop with side effects or early break may be clearer left as-is.
12
+ 2. Translate the pipeline: `for` + `if` + `add` becomes `stream().filter(...).map(...).collect(toList())`; sums/counts become `mapToInt(...).sum()` or `collect(counting())`.
13
+ 3. Replace grouping/partitioning loops with `Collectors.groupingBy` / `toMap` / `partitioningBy` instead of manually populating maps.
14
+ 4. Convert methods that may return null to `Optional<T>`, and consume them with `map`/`filter`/`orElseGet`/`ifPresent` rather than `.get()` after an `isPresent` check.
15
+ 5. Keep lambdas small and side-effect-free; extract complex bodies to named methods or method references (`Type::method`) for readability.
16
+ 6. Run the existing test suite and confirm output equality, ordering, and null behavior are unchanged.
17
+
18
+ ## Rules
19
+ - Streams are for transformation, not iteration with side effects — don't mutate external state inside `forEach`; use `collect` to build results.
20
+ - Never call `Optional.get()` without a guarantee; prefer `orElse`, `orElseThrow`, or `ifPresentOrElse`. Don't use `Optional` for fields or method parameters.
21
+ - Watch performance: a stream over a tiny list can be slower and noisier than a plain loop — don't convert for its own sake.
22
+ - Preserve ordering semantics; `Collectors.toMap` throws on duplicate keys and `groupingBy` returns a `HashMap` (unordered) unless you supply a map factory.
23
+ - Avoid stateful or order-dependent lambdas in parallel streams — they'll race; default to sequential unless you've proven a parallel win.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: k8s-manifest
3
+ description: Write Kubernetes Deployment, Service, and Ingress manifests with sane defaults
4
+ category: cloud
5
+ ---
6
+
7
+ # K8s Manifest
8
+
9
+ Use this to stand up a stateless workload on Kubernetes — a Deployment fronted by a Service and exposed via an Ingress — without missing the production-critical fields people forget.
10
+
11
+ 1. Write the `Deployment` with explicit `replicas`, matching `selector`/`template` labels, and a pinned image tag (never `:latest`).
12
+ 2. Set `resources.requests` and `resources.limits` for cpu and memory on every container.
13
+ 3. Add `livenessProbe` and `readinessProbe` (HTTP or exec) so rollouts and restarts behave.
14
+ 4. Write the `Service` (usually `ClusterIP`) selecting the same pod labels and naming the target port.
15
+ 5. Write the `Ingress` with host rules, a `pathType`, the backend Service, and TLS referencing a cert Secret.
16
+ 6. Validate with `kubectl apply --dry-run=server -f .` (or `kubeval`) and `kubectl diff` before applying.
17
+
18
+ ## Rules
19
+ - Always run as non-root: set `securityContext` with `runAsNonRoot: true`, drop capabilities, and `readOnlyRootFilesystem` where possible.
20
+ - Keep config in `ConfigMap`/`Secret` and inject via `envFrom`/`valueFrom` — no secrets baked into manifests or images.
21
+ - Label consistently (`app`, `app.kubernetes.io/name`, `version`) so selectors and tooling work.
22
+ - Set a `Namespace` explicitly or via kustomize; don't rely on `default`.
23
+ - Prefer a rolling `strategy` with `maxUnavailable`/`maxSurge` tuned for your replica count.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: kotlin-coroutines
3
+ description: Refactor Kotlin callback and threaded code into coroutines with structured concurrency
4
+ category: languages
5
+ ---
6
+
7
+ # Kotlin Coroutines
8
+
9
+ Use this when replacing callback hell, `Thread`/`Executor` code, or RxJava chains with `suspend` functions and structured concurrency.
10
+
11
+ 1. Identify the async boundaries: callbacks, futures, `Thread`, or blocking calls — these become `suspend` functions or `withContext` blocks.
12
+ 2. Convert callback APIs with `suspendCancellableCoroutine`, resuming on success/failure and wiring `invokeOnCancellation` to release the underlying resource.
13
+ 3. Mark functions that suspend as `suspend fun`, and run blocking work on the right dispatcher (`withContext(Dispatchers.IO)` for I/O, `Default` for CPU).
14
+ 4. Launch concurrent work inside a scope (`coroutineScope { ... }` or a lifecycle-bound scope), using `async`/`await` for parallel results and `launch` for fire-and-forget within that scope.
15
+ 5. Replace streams of callbacks with `Flow` (`callbackFlow` for callback sources), and collect them in a scope that respects lifecycle.
16
+ 6. Verify cancellation and exceptions propagate: test that cancelling the scope stops the work, and that failures surface rather than being swallowed.
17
+
18
+ ## Rules
19
+ - Never use `GlobalScope`; tie coroutines to a structured scope (`viewModelScope`, `coroutineScope`, or an explicit `CoroutineScope` you cancel) so they're cancelled with their owner.
20
+ - Switch dispatchers with `withContext`, not by launching new coroutines, and never block a coroutine thread with `Thread.sleep` or blocking I/O on `Default`/`Main`.
21
+ - Suspending functions must be main-safe — a `suspend fun` should be callable from any dispatcher and move blocking work off it internally.
22
+ - Make cancellation cooperative: check `isActive`/`ensureActive()` in loops, and don't swallow `CancellationException` — rethrow it.
23
+ - Prefer `coroutineScope`/`supervisorScope` over manual `Job` juggling; choose `supervisorScope` only when one child's failure should not cancel its siblings.
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: landing-page
3
+ description: Build a responsive marketing landing page with a hero, value sections, social proof, and a clear conversion CTA.
4
+ category: html
5
+ ---
6
+
7
+ # Landing Page
8
+
9
+ Use when building a single-purpose conversion page (product launch, signup, waitlist). The job is one clear action above the fold and a scannable narrative below it.
10
+
11
+ 1. Lay out the standard arc: hero (headline + subhead + primary CTA), problem/benefit sections, social proof, feature grid, FAQ, final CTA, footer.
12
+ 2. Write the hero with a benefit-driven headline (not the product name), a one-line subhead, and a single high-contrast CTA button; keep it readable on mobile without scrolling.
13
+ 3. Build the layout mobile-first with semantic landmarks (`<header> <main> <section> <footer>`) and CSS grid/flex; use `clamp()` for fluid type and spacing.
14
+ 4. Add a sticky or repeated CTA so the action is always reachable; make every CTA button visually identical and lead to the same target.
15
+ 5. Optimize for speed: inline critical CSS, lazy-load below-fold images (`loading="lazy"`), use responsive `<img srcset>` / modern formats (AVIF/WebP), defer non-critical JS.
16
+ 6. Layer in trust: real logos, testimonials with names/photos, concrete numbers; add SEO + OpenGraph meta tags (see `meta-tags` skill).
17
+ 7. Verify contrast (WCAG AA), keyboard focus states, and that the page works with JS disabled.
18
+
19
+ ## Rules
20
+ - One primary conversion goal per page; secondary links should not compete with the main CTA.
21
+ - Mobile-first: design the small viewport first, then enhance up with `min-width` media queries.
22
+ - Don't ship a megabyte hero image — compress, size to display dimensions, and serve modern formats.
23
+ - Use semantic headings in order (one `<h1>`, then `<h2>`/`<h3>`); don't pick heading levels by size.
24
+ - Avoid render-blocking third-party widgets above the fold; they tank Largest Contentful Paint.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: laravel-controller
3
+ description: Scaffold a Laravel controller with routes, form request, and Eloquent model
4
+ category: frameworks
5
+ ---
6
+
7
+ # Laravel Controller
8
+
9
+ Use to add a resource to a Laravel app — controller, routes, validation, and Eloquent model — following Laravel conventions.
10
+
11
+ 1. Generate the pieces: `php artisan make:model <Name> -mcr` (model + migration + resource controller) and a `make:request` for validation.
12
+ 2. Edit the migration columns, then `php artisan migrate`; set `$fillable`/`$casts` and relationships on the model.
13
+ 3. Register routes with `Route::resource('<plural>', <Name>Controller::class)` in `routes/web.php` or `routes/api.php`.
14
+ 4. Type-hint the Form Request in controller actions so validation runs automatically; use `$request->validated()`.
15
+ 5. Implement the resource actions, leaning on route-model binding (`<Name> $model`) and returning views or JSON/API resources.
16
+ 6. Run `php artisan serve`, confirm routes with `php artisan route:list`, and exercise CRUD.
17
+
18
+ ## Rules
19
+ - Validate with Form Request classes, not inline `$request->validate` scattered everywhere; use `validated()` for mass assignment.
20
+ - Set `$fillable` (or `$guarded`) on models to prevent mass-assignment vulnerabilities.
21
+ - Use route-model binding instead of manual `find` + 404 checks.
22
+ - Return API Resources (`->toResource()` / `JsonResource`) for API responses rather than raw models.
23
+ - Keep controllers thin; push reusable logic into services or model methods, and use `php artisan` generators over hand-rolling files.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: lazy-load
3
+ description: Defer or lazy-load heavy work so it only happens when actually needed
4
+ category: performance
5
+ ---
6
+
7
+ # Lazy Load
8
+
9
+ Reach for this when startup, page load, or a request pays for work whose result is often unused.
10
+
11
+ 1. Identify eager work that's expensive and not always needed: big imports, asset bundles, DB connections, precomputed data, or off-screen UI.
12
+ 2. Move the work behind first use — lazy imports/`import()`, deferred initialization, computed-on-demand, or route/component code-splitting.
13
+ 3. For UI/data, load on interaction or visibility (intersection observer, pagination, infinite scroll) instead of all up front.
14
+ 4. Memoize the deferred result so the expensive work runs at most once, not on every access.
15
+ 5. Add a lightweight placeholder/loading state and guard against repeated concurrent initialization (race on first use).
16
+ 6. Measure the win — faster startup/first paint or smaller initial payload — and confirm deferred paths still work.
17
+
18
+ ## Rules
19
+ - Lazy-loading trades first-use latency for faster startup; don't defer work that's needed immediately on the critical path.
20
+ - Always cache the result of a lazy init so you don't recompute on every call.
21
+ - Guard the first-use path against concurrent callers triggering the heavy work twice.
22
+ - Don't over-split — too many tiny lazy chunks add round-trips and can be slower than one bundle.
23
+ - Keep a visible loading/fallback state so deferred work doesn't look like a hang.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: license-check
3
+ description: Audit dependency licenses for compliance and flag copyleft or unknown-license packages
4
+ category: dependencies
5
+ ---
6
+
7
+ # License Check
8
+
9
+ Use before a release, an open-source publish, or a legal review to confirm every dependency's license is acceptable.
10
+
11
+ 1. Generate a full license inventory including transitive deps (`license-checker`, `pip-licenses`, `cargo-deny`, `cargo-about`, an SBOM tool).
12
+ 2. Define the allowlist/denylist for the project (e.g. allow MIT/BSD/Apache-2.0, deny GPL/AGPL for proprietary code).
13
+ 3. Flag anything copyleft, dual-licensed, custom, or reported as UNKNOWN/UNLICENSED for closer review.
14
+ 4. For each flagged package, find the actual obligation (attribution, source disclosure, network-use clause) before deciding.
15
+ 5. Resolve issues: replace the offending dependency, isolate it, or document the obligation and add required attribution/NOTICE.
16
+ 6. Wire the check into CI so a new non-compliant license fails the build instead of slipping in.
17
+
18
+ ## Rules
19
+ - Audit the whole transitive tree, not just direct dependencies — risk usually hides deep.
20
+ - "UNKNOWN" means missing metadata, not safe — chase down the real license manually.
21
+ - Copyleft (GPL/AGPL) in a proprietary product is a blocker; LGPL and weak-copyleft have nuance — read the terms.
22
+ - Permissive licenses still carry attribution duties; ship a NOTICE/THIRD-PARTY file to satisfy them.
23
+ - Re-run on every dependency change; a transitive bump can silently introduce a new license.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: license-header
3
+ description: Add SPDX or license headers to source files consistently across the repo
4
+ category: compliance
5
+ ---
6
+
7
+ # License Header
8
+
9
+ Reach for this when source files lack a license/copyright notice, or when adopting SPDX identifiers for tooling and audits.
10
+
11
+ 1. Pick the license and confirm it matches the repo `LICENSE` file (e.g. MIT, Apache-2.0); use the exact SPDX identifier from spdx.org/licenses.
12
+ 2. Decide the header form: short SPDX tag (`SPDX-License-Identifier: MIT`) plus a copyright line, or the full notice if the license requires it (Apache-2.0, GPL).
13
+ 3. Map comment syntax per language (`//` for C/Go/JS/Rust, `#` for Python/shell/YAML, `<!-- -->` for HTML/XML) and place the header as the first lines, after a shebang or encoding line if present.
14
+ 4. Apply to all in-scope files, skipping vendored/`node_modules`/generated code and anything with a conflicting third-party header.
15
+ 5. Run a check that every target file starts with the header (grep the first lines) and fix misses.
16
+ 6. Add or update a CI step (e.g. `licensee`, `reuse lint`, or a grep guard) so new files must include the header.
17
+
18
+ ## Rules
19
+ - Never overwrite or remove an existing third-party copyright line; preserve it and add yours below.
20
+ - Keep the year/owner consistent with `LICENSE`; do not invent dates or change ownership.
21
+ - Respect shebangs: header goes on line 2+ so `#!/usr/bin/env` stays line 1 and the file stays executable.
22
+ - Prefer SPDX identifiers over pasting full license text in every file unless the license mandates the full notice.
23
+ - Match the project's existing comment style and spacing; do not reflow surrounding code.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: lint-fix
3
+ description: Run the project linter and fix the violations it reports
4
+ category: review
5
+ ---
6
+
7
+ # Lint Fix
8
+
9
+ Use this to get a clean lint run — discover the project's linter, run it, and resolve every violation without suppressing problems you should actually fix.
10
+
11
+ 1. Identify the configured linter from the manifest/config (e.g. `eslint`, `ruff`, `clippy`, `golangci-lint`, `rubocop`) and its invocation script.
12
+ 2. Run the linter across the changed files (or the whole project if that's the convention) and capture the full list of violations.
13
+ 3. Apply the safe autofix mode first (`--fix`, `ruff check --fix`, `cargo clippy --fix`) and re-run to see what remains.
14
+ 4. Fix remaining violations by hand — address the underlying issue rather than reaching for an inline disable.
15
+ 5. Re-run the linter until it reports zero violations, then run the test suite to confirm fixes didn't change behavior.
16
+ 6. Commit the lint fixes separately from feature changes so the diff stays easy to review.
17
+
18
+ ## Rules
19
+ - Fix the root cause; only use an inline disable when the rule is genuinely wrong here, with a comment explaining why.
20
+ - Never loosen the shared lint config to silence a violation unless that's the explicit, agreed task.
21
+ - Re-run after autofix — autofixers can introduce new violations or leave some untouched.
22
+ - Keep autofix-only churn (formatting-adjacent) reviewable; don't bundle it with logic changes.
23
+ - A green test run is required after fixes — a lint fix that breaks behavior isn't a fix.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: llm-cost
3
+ description: Estimate and reduce the token cost of LLM calls without losing output quality
4
+ category: agent-llm
5
+ ---
6
+
7
+ # LLM Cost
8
+
9
+ Use this to measure where tokens go in an LLM workload and cut spend by trimming inputs, caching, and right-sizing the model.
10
+
11
+ 1. Measure first: log input/output token counts per call (from the API response usage) and multiply by the model's per-token price to get real cost.
12
+ 2. Find the hot path — usually a large system prompt or context re-sent on every turn, or oversized tool results echoed back.
13
+ 3. Cache the stable prefix (system prompt, tool schemas, long shared context) with prompt caching so repeated tokens bill at the reduced rate.
14
+ 4. Shrink inputs: trim/summarize history, paginate or filter tool outputs, drop redundant few-shot examples, and strip boilerplate.
15
+ 5. Right-size the model: route easy/structured calls to a cheaper/smaller model and reserve the frontier model for hard reasoning.
16
+ 6. Cap `max_tokens` to the real need and re-measure cost-per-task to confirm the change actually saved money.
17
+
18
+ ## Rules
19
+ - Optimize by measured cost, not vibes — get token counts before and after every change.
20
+ - Output tokens usually cost several times more than input tokens; trimming verbose responses often beats trimming the prompt.
21
+ - Put cacheable content at the front and keep it byte-stable; any change to the prefix busts the cache.
22
+ - Summarizing history saves tokens but loses fidelity — keep recent turns verbatim and compress only older ones.
23
+ - A cheaper model that needs retries or longer outputs can cost more than the expensive one; compare end-to-end, not per-token.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: lockfile-fix
3
+ description: Resolve lockfile drift or merge conflicts by regenerating the lockfile from the manifest
4
+ category: dependencies
5
+ ---
6
+
7
+ # Lockfile Fix
8
+
9
+ Reach for this when the lockfile is out of sync with the manifest or has merge-conflict markers after a rebase/merge.
10
+
11
+ 1. Identify the manager and its lockfile (`package-lock.json`, `pnpm-lock.yaml`, `yarn.lock`, `Cargo.lock`, `poetry.lock`, `uv.lock`).
12
+ 2. For a merge conflict, take the manifest's resolution first — accept both sides of the manifest, then discard the conflicted lockfile body.
13
+ 3. Regenerate from the manifest: `npm install`, `pnpm install`, `yarn install`, `cargo generate-lockfile`, `poetry lock`, `uv lock` — never resolve lockfile markers by hand.
14
+ 4. Verify the manifest itself merged cleanly and reflects the intended versions before regenerating.
15
+ 5. Reinstall clean (`npm ci`) to prove the new lockfile resolves and the tree installs.
16
+ 6. Commit the regenerated lockfile alongside the manifest and run tests.
17
+
18
+ ## Rules
19
+ - Never hand-edit conflict markers in a lockfile; delete the conflicted content and regenerate.
20
+ - Resolve the manifest first — the lockfile is derived, not authoritative.
21
+ - Use the same package-manager version as the team/CI; a different version can rewrite the whole lockfile.
22
+ - Run a clean install (`ci`/frozen) afterward to catch an unsatisfiable resolution early.
23
+ - Keep the regenerated lockfile and manifest in one commit so the pair stays consistent.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: low-power
3
+ description: Reduce firmware power draw with sleep modes, clock gating, and peripheral management
4
+ category: gamedev
5
+ ---
6
+
7
+ # Low Power
8
+
9
+ Use when a battery-powered device must extend run time: cut active current, sleep aggressively, and wake only on events.
10
+
11
+ 1. Measure baseline current first (bench supply or coulomb counter) so every change is verified against real numbers.
12
+ 2. Restructure to event-driven: do work, then enter the deepest sleep mode that still allows the needed wake source.
13
+ 3. Wake from interrupts/RTC/peripheral events rather than polling; remove busy-wait and fixed delay loops.
14
+ 4. Gate clocks and power down unused peripherals, and configure idle GPIOs (pull or drive) to stop leakage current.
15
+ 5. Lower the active clock to the slowest rate that meets the deadline; run fast-then-sleep ("race to idle") when bursty.
16
+ 6. Re-measure after each change and check average current over a full duty cycle, not just the peak.
17
+
18
+ ## Rules
19
+ - Floating input pins leak current — set every unused GPIO to a defined pull or output level before sleeping.
20
+ - Confirm your chosen sleep mode retains the RAM/registers and wake sources you actually need before relying on it.
21
+ - Disable or reconfigure debug/SWD, brown-out, and watchdog peripherals that quietly keep current high in sleep.
22
+ - Average current over the whole duty cycle drives battery life; a low sleep current is moot if wakeups are too frequent.
23
+ - Always re-measure on hardware; datasheet sleep figures assume an ideal configuration you probably have not matched.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: makefile
3
+ description: Generate a Makefile or task runner exposing common project commands behind short aliases
4
+ category: ci-cd
5
+ ---
6
+
7
+ # Makefile
8
+
9
+ Use when a project's everyday commands are long or scattered and you want one discoverable entrypoint (`make test`, `make run`).
10
+
11
+ 1. Collect the real commands developers run: install, build, lint, test, format, run, clean.
12
+ 2. Create a target per command with a short, conventional name; have each shell out to the actual tool.
13
+ 3. Declare `.PHONY` for every target that isn't a file, so they always run.
14
+ 4. Add a default `help` target (self-documenting via `##` comments) so `make` lists what's available.
15
+ 5. Compose targets where it helps (`ci: lint test build`, `check: lint test`) to mirror the pipeline.
16
+ 6. Run each target to confirm it works; reference the same targets from CI so local and CI commands stay identical.
17
+
18
+ ## Rules
19
+ - Recipe lines must be tab-indented, not spaces — the classic Makefile footgun.
20
+ - Mark non-file targets `.PHONY` or stale files silently skip them.
21
+ - Keep targets thin wrappers over the real tools; don't reimplement logic in make.
22
+ - Have CI call the same `make` targets so there's one source of truth for commands.
23
+ - On Windows/non-make environments prefer a `justfile` or npm scripts instead of forcing make.
@@ -0,0 +1,24 @@
1
+ ---
2
+ name: man-page
3
+ description: Write a man page / CLI --help reference with synopsis, options, examples, and exit codes.
4
+ category: docs
5
+ ---
6
+
7
+ # Man Page
8
+
9
+ Use when a CLI needs a precise reference — the canonical `--help` output and/or a `man` page that documents every flag, argument, and exit code.
10
+
11
+ 1. Follow the standard section order: NAME, SYNOPSIS, DESCRIPTION, OPTIONS, EXAMPLES, EXIT STATUS, ENVIRONMENT, SEE ALSO.
12
+ 2. Write the SYNOPSIS with convention: `[ ]` optional, `<>` placeholders, `...` repeatable, `|` mutually exclusive.
13
+ 3. Document every option with both short and long forms (`-v, --verbose`), its argument, default, and one-line effect.
14
+ 4. Add an EXAMPLES section with real, copy-pasteable invocations covering the common cases and one advanced case.
15
+ 5. List exit codes and their meaning (0 success, non-zero failures) so scripts can branch on them.
16
+ 6. Keep the in-binary `--help` and the man page consistent — ideally generate one from the other (e.g. from the arg parser).
17
+ 7. Author the man page in Markdown and convert with `pandoc`/`ronn`/`scdoc` rather than hand-writing roff.
18
+
19
+ ## Rules
20
+ - SYNOPSIS notation is a contract: optional/required/repeatable must match the parser's actual behavior.
21
+ - Document defaults and units explicitly (`--timeout <sec>` default `30`); ambiguity here causes real bugs.
22
+ - Examples are mandatory and must run as written — they're the section people actually read.
23
+ - Don't hand-edit roff; generate the man page from a readable source.
24
+ - Keep `--help` terse and the man page complete; cross-reference rather than duplicate.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: mcp-server
3
+ description: Scaffold an MCP server that exposes tools over stdio or HTTP for an LLM agent to call
4
+ category: agent-llm
5
+ ---
6
+
7
+ # MCP Server
8
+
9
+ Reach for this when you need to expose local capabilities (files, APIs, DB queries) to an agent via the Model Context Protocol instead of hand-rolling a custom integration.
10
+
11
+ 1. Pick a transport: stdio for local/CLI use (the default, simplest), or HTTP/SSE for a remote or multi-client server.
12
+ 2. Init the project and add the MCP SDK (`@modelcontextprotocol/sdk` for TS, `mcp` for Python); create a server with a name and version.
13
+ 3. Register each tool with a unique name, a one-line description, and a JSON-Schema (or zod/pydantic) input schema — keep inputs flat and typed.
14
+ 4. Implement each tool handler to do the work, then return content as a list of typed parts (text/json); never return raw exceptions.
15
+ 5. Wire the transport and start the loop (stdio: read/write over stdin/stdout; HTTP: bind a port and mount the session handler).
16
+ 6. Register the server in the client config (command + args for stdio, URL for HTTP) and smoke-test that tools list and a sample call both succeed.
17
+
18
+ ## Rules
19
+ - For stdio, NEVER write logs or prints to stdout — it corrupts the protocol stream; log to stderr or a file.
20
+ - Tool names must be stable and unique; renaming one breaks any agent that hardcoded it.
21
+ - Validate and sanitize every input inside the handler; schema validation is a hint, not a security boundary.
22
+ - Return structured errors (a result with `isError: true` and a message) so the agent can recover, rather than throwing.
23
+ - Keep each tool single-purpose and side-effect-explicit; mark destructive tools clearly in the description.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: memory-leak
3
+ description: Find and fix a memory leak by measuring growth, capturing heaps, and tracing retained references
4
+ category: debugging
5
+ ---
6
+
7
+ # Memory Leak
8
+
9
+ Use when memory climbs over time and doesn't come back down — RSS growth, OOM kills, GC thrashing, or a process that gets slower the longer it runs. The goal is to find what's still being referenced after it should be free.
10
+
11
+ 1. Confirm it's a real leak: drive a repeating workload and watch memory across cycles — a leak grows monotonically and never returns to baseline after GC.
12
+ 2. Take a heap snapshot at a steady state, run more cycles, take another, and diff them to see which object types grew.
13
+ 3. Pick the growing type and inspect its retainer/retention path — find what's holding the reference that should have been released.
14
+ 4. Trace that reference to the code: usually an unbounded cache/array, an event listener never removed, a closure capturing large state, or a timer never cleared.
15
+ 5. Break the retention — remove the listener, bound or evict the cache, clear the timer, drop the closure capture — and re-run the cycle test.
16
+ 6. Verify memory now returns to baseline across many cycles and stays flat under sustained load.
17
+
18
+ ## Rules
19
+ - Force/allow GC before measuring, or you'll chase garbage that just hadn't been collected yet.
20
+ - Compare snapshots at the same point in the cycle — drift in workload looks like a leak when it isn't.
21
+ - The biggest object isn't the leak; the one that keeps growing across snapshots is.
22
+ - Common culprits: event emitters, global/module-level collections, caches without eviction, subscriptions, and detached DOM nodes.
23
+ - Fix retention, then prove it with a long soak run — a single short run won't show a slow leak.
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: mermaid-diagram
3
+ description: Add Mermaid flowchart, sequence, or ER diagrams to Markdown docs that render on GitHub and most doc sites.
4
+ category: docs
5
+ ---
6
+
7
+ # Mermaid Diagram
8
+
9
+ Use when a diagram belongs *in* the doc and should stay diffable in git — Mermaid renders natively on GitHub, GitLab, MkDocs Material, and Docusaurus.
10
+
11
+ 1. Choose the diagram type by intent: `flowchart` for process/decisions, `sequenceDiagram` for interactions over time, `erDiagram` for data models, `stateDiagram-v2` for state machines.
12
+ 2. Open a fenced block tagged ```` ```mermaid ```` and declare the type and direction on the first line (e.g. `flowchart TD`).
13
+ 3. Define nodes with stable IDs and human labels (`A[Load config]`), then edges (`A --> B`); use `-->|label|` for edge text.
14
+ 4. Keep each diagram to one idea (~5-15 nodes); split large flows into multiple diagrams rather than one unreadable graph.
15
+ 5. Verify rendering — paste into the Mermaid Live Editor (mermaid.live) or your doc preview; a single syntax error blanks the whole block.
16
+ 6. For doc sites, confirm the Mermaid plugin is enabled (MkDocs: `pymdownx.superfences` custom fence; Docusaurus: `@docusaurus/theme-mermaid`).
17
+
18
+ ## Rules
19
+ - IDs are code, labels are prose: never put spaces or punctuation in a bare node ID — wrap the label in `[]`, `()`, or `{}`.
20
+ - Escape special characters in labels with quotes: `A["Retry (max 3)"]`.
21
+ - Pick `TD`/`LR` deliberately; sequence diagrams flow top-down regardless.
22
+ - Don't embed huge diagrams inline — if it needs zoom/pan, link to a standalone page.
23
+ - Comment intent with `%% ...` so the next editor knows what the diagram is asserting.