ai-squad 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +131 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.js +1013 -0
- package/package.json +49 -0
- package/sections/opencode/agents/identity/adversarial-reviewer.md +98 -0
- package/sections/opencode/agents/identity/architect.md +122 -0
- package/sections/opencode/agents/identity/docs-writer.md +53 -0
- package/sections/opencode/agents/identity/fullstack-dev.md +79 -0
- package/sections/opencode/agents/identity/memory-keeper.md +192 -0
- package/sections/opencode/agents/identity/po.md +102 -0
- package/sections/opencode/agents/identity/qa.md +90 -0
- package/sections/opencode/agents/identity/reviewer.md +84 -0
- package/sections/opencode/agents/identity/teamlead.md +101 -0
- package/sections/opencode/agents/identity/ux-ui.md +87 -0
- package/sections/opencode/agents/standards/generic.md +36 -0
- package/sections/opencode/agents/standards/nextjs.md +29 -0
- package/sections/opencode/agents/standards/python.md +217 -0
- package/sections/opencode/agents/standards/react.md +130 -0
- package/sections/opencode/agents/standards/typescript.md +30 -0
- package/sections/opencode/agents/workflow/context.md +24 -0
- package/sections/opencode/agents/workflow/memory.md +32 -0
- package/sections/opencode/agents/workflow/sessions.md +38 -0
- package/sections/opencode/agents/workflow/tasks.md +40 -0
- package/sections/opencode/config/agents.md +11 -0
- package/sections/opencode/context/nextjs/architecture.md +13 -0
- package/sections/opencode/context/nextjs/conventions.md +20 -0
- package/sections/opencode/context/nextjs/stack.md +14 -0
- package/sections/opencode/context/python/architecture.md +13 -0
- package/sections/opencode/context/python/conventions.md +19 -0
- package/sections/opencode/context/python/stack.md +14 -0
- package/sections/opencode/workflow/context.md +14 -0
- package/sections/opencode/workflow/memory.md +12 -0
- package/sections/opencode/workflow/sessions.md +20 -0
- package/sections/opencode/workflow/state.md +20 -0
- package/sections/opencode/workflow/tasks.md +13 -0
- package/sections/shared/frontmatter/adversarial-reviewer.yaml +7 -0
- package/sections/shared/frontmatter/architect.yaml +7 -0
- package/sections/shared/frontmatter/docs-writer.yaml +7 -0
- package/sections/shared/frontmatter/fullstack-dev.yaml +7 -0
- package/sections/shared/frontmatter/memory-keeper.yaml +7 -0
- package/sections/shared/frontmatter/po.yaml +7 -0
- package/sections/shared/frontmatter/qa.yaml +7 -0
- package/sections/shared/frontmatter/reviewer.yaml +7 -0
- package/sections/shared/frontmatter/teamlead.yaml +8 -0
- package/sections/shared/frontmatter/ux-ui.yaml +7 -0
- package/sections/shared/memory/conventions.md +10 -0
- package/sections/shared/memory/decisions.md +13 -0
- package/sections/shared/memory/patterns.md +12 -0
- package/sections/shared/task-template.md +44 -0
|
@@ -0,0 +1,217 @@
|
|
|
1
|
+
# Python Standards
|
|
2
|
+
|
|
3
|
+
When working on `${PROJECT_NAME}` with Python, follow these conventions unless project context overrides.
|
|
4
|
+
|
|
5
|
+
## Language Features
|
|
6
|
+
|
|
7
|
+
**DO:**
|
|
8
|
+
- Target Python ≥ 3.12 for all new projects — 3.13 is the stability baseline, 3.14 for performance/concurrency
|
|
9
|
+
- Use `X | Y` union syntax (never `Union[X, Y]` or `Optional[X]`)
|
|
10
|
+
- Use `match`/`case` structural pattern matching for complex branching on data shapes
|
|
11
|
+
- Use deferred annotations — no `from __future__ import annotations` in 3.14+
|
|
12
|
+
- Use `except*` for ExceptionGroups when concurrent code can raise multiple errors
|
|
13
|
+
|
|
14
|
+
**DON'T:**
|
|
15
|
+
- Don't use `Optional[X]` — use `X | None`
|
|
16
|
+
- Don't use `from __future__ import annotations` — it's superseded in 3.14+
|
|
17
|
+
- Don't rely on GIL-based thread safety in free-threaded Python 3.14+
|
|
18
|
+
|
|
19
|
+
## Type Hints
|
|
20
|
+
|
|
21
|
+
**DO:**
|
|
22
|
+
- Use `Protocol` for structural subtyping — duck typing with static checking
|
|
23
|
+
- Use `TypeIs` (3.13+) over `TypeGuard` — narrows in both branches
|
|
24
|
+
- Use `@override` decorator (3.12+) on methods that override parent methods
|
|
25
|
+
- Use `Literal["GET", "POST"]` for constrained string/int values
|
|
26
|
+
- Use `Final` for constants and non-overridable methods
|
|
27
|
+
- Use Pydantic `BaseModel` at system boundaries — API inputs, config files, DB records. Runtime validation, serialization, JSON schema
|
|
28
|
+
- Use `dataclass(frozen=True)` for internal immutable data containers — zero runtime overhead
|
|
29
|
+
- Use `TypedDict` for dict-shaped data — type-check dict keys at zero runtime cost
|
|
30
|
+
- Run `mypy --strict` in CI — catches `Any` leakage, untyped defs, incomplete types
|
|
31
|
+
- Consider running both mypy and pyright — they catch different error classes
|
|
32
|
+
|
|
33
|
+
**DON'T:**
|
|
34
|
+
- Don't use `Any` — it disables type checking. Use `object`, `Protocol`, or a `Union` instead
|
|
35
|
+
- Don't use raw `dict` for structured data — use `TypedDict`, `dataclass`, or Pydantic
|
|
36
|
+
- Don't use `dataclass` for external data validation — it does NOT validate at runtime
|
|
37
|
+
- Don't annotate `self` or `cls` in method signatures
|
|
38
|
+
- Don't use `# type: ignore` without a specific error code — use `# type: ignore[attr-defined]`
|
|
39
|
+
|
|
40
|
+
## Tooling
|
|
41
|
+
|
|
42
|
+
**DO:**
|
|
43
|
+
- Use `uv` for package management — `uv init`, `uv add`, `uv lock`, `uv sync --frozen` in CI
|
|
44
|
+
- Use Ruff for linting and formatting — `ruff check . --fix && ruff format .`
|
|
45
|
+
- Configure everything in `pyproject.toml` — Ruff, mypy, pytest, coverage, build settings
|
|
46
|
+
- Use pre-commit hooks — Ruff + mypy, catch issues in seconds not CI minutes
|
|
47
|
+
- In CI: `uv sync --frozen && ruff check . && mypy --strict src/ && pytest -n auto --cov`
|
|
48
|
+
|
|
49
|
+
**DON'T:**
|
|
50
|
+
- Don't install tools globally — use `uv add --dev` and `uv run <tool>`
|
|
51
|
+
- Don't keep `setup.py`, `setup.cfg`, `.flake8`, `mypy.ini`, `pytest.ini` — migrate to `pyproject.toml`
|
|
52
|
+
- Don't use pip directly in new projects — `uv add` is the standard
|
|
53
|
+
- Don't split configuration across multiple files
|
|
54
|
+
|
|
55
|
+
## Project Structure
|
|
56
|
+
|
|
57
|
+
**DO:**
|
|
58
|
+
- Use the src layout — `src/my_package/` with sibling `tests/`, prevents accidental imports
|
|
59
|
+
- Put all metadata in `pyproject.toml` — `[project]`, `[build-system]`, `[tool.*]`
|
|
60
|
+
- Use `requires-python = ">=3.12"` in pyproject.toml
|
|
61
|
+
- Separate integration tests from unit tests — `tests/integration/` with its own `conftest.py`
|
|
62
|
+
- Keep `__init__.py` minimal — import key symbols, avoid heavy computation at import time
|
|
63
|
+
|
|
64
|
+
**DON'T:**
|
|
65
|
+
- Don't put test code in the package directory — shipped wheels should not include tests
|
|
66
|
+
- Don't use `setup.py` — it's deprecated for configuration
|
|
67
|
+
- Don't do heavy work at module import time — lazy-load expensive resources
|
|
68
|
+
- Don't use `from module import *` — pollutes namespace, breaks static analysis
|
|
69
|
+
|
|
70
|
+
## Code Style
|
|
71
|
+
|
|
72
|
+
**DO:**
|
|
73
|
+
- Follow PEP 8 — 4-space indentation, 100-char lines, snake_case for functions/variables, PascalCase for classes, UPPER_CASE for constants
|
|
74
|
+
- Use imperative verbs for functions (`get_user`, `calculate_total`, `validate_email`), noun phrases for classes (`UserProfile`, `EmailValidator`)
|
|
75
|
+
- Use `is_` / `has_` prefixes for boolean functions/properties
|
|
76
|
+
- Use single leading underscore `_internal` for internal/private module members
|
|
77
|
+
- Extract named constants for magic values — `TIMEOUT_SECONDS = 15`, not inline `15`
|
|
78
|
+
|
|
79
|
+
**DON'T:**
|
|
80
|
+
- Don't use single-letter variables except in comprehensions/loops (`i`, `k`, `v` only for trivial scopes)
|
|
81
|
+
- Don't shadow builtins — never name variables `list`, `dict`, `id`, `type`, `str`, `input`
|
|
82
|
+
- Don't use mixedCase — Python uses snake_case
|
|
83
|
+
- Don't name modules with hyphens — use underscores (`my_package`, not `my-package`)
|
|
84
|
+
- Don't use magic numbers — extract named constants
|
|
85
|
+
|
|
86
|
+
## Data Structures
|
|
87
|
+
|
|
88
|
+
| Use Case | Tool | Reason |
|
|
89
|
+
|---|---|---|
|
|
90
|
+
| API/DB models, untrusted input | **Pydantic BaseModel** | Runtime validation + serialization |
|
|
91
|
+
| Internal data containers | **dataclass(frozen=True)** | Zero overhead, immutability |
|
|
92
|
+
| Dict-shaped data (JSON configs) | **TypedDict** | Type-check keys at zero cost |
|
|
93
|
+
| Priority queues | **heapq** | O(log n) push/pop |
|
|
94
|
+
| FIFO/LIFO queues | **deque** | O(1) both ends |
|
|
95
|
+
| Membership testing | **set** | O(1) vs O(n) for list |
|
|
96
|
+
|
|
97
|
+
**DON'T:**
|
|
98
|
+
- Don't use `list` as a queue — `list.pop(0)` is O(n), use `deque`
|
|
99
|
+
- Don't use `list` for membership testing in hot loops — use `set`
|
|
100
|
+
- Don't use raw `dict` for structured data with known keys
|
|
101
|
+
- Don't use `NamedTuple` for large or mutable records — use `dataclass`
|
|
102
|
+
|
|
103
|
+
## Error Handling
|
|
104
|
+
|
|
105
|
+
**DO:**
|
|
106
|
+
- Catch specific exceptions — `except ValueError`, never `except Exception` or bare `except:`
|
|
107
|
+
- Create a custom exception hierarchy — one base exception per library/app
|
|
108
|
+
- Chain exceptions with `raise ... from ...` — preserve the original cause
|
|
109
|
+
- Use context managers for resource management — `with open(...) as f:`, `with transaction():`
|
|
110
|
+
- Use `try`/`else` for code that runs only on success
|
|
111
|
+
- Use `finally` for cleanup that MUST run
|
|
112
|
+
- Log exceptions with `logger.exception()` — automatically includes traceback
|
|
113
|
+
- Use assertions for programming errors (bugs), exceptions for runtime errors
|
|
114
|
+
|
|
115
|
+
**DON'T:**
|
|
116
|
+
- Don't catch and silently ignore — `except Exception: pass` is a bug. If you must suppress, log it
|
|
117
|
+
- Don't use bare `except:` — catches `KeyboardInterrupt` and `SystemExit`
|
|
118
|
+
- Don't use exceptions for control flow — exceptions are for exceptional cases
|
|
119
|
+
- Don't raise `Exception` directly — raise a specific type or custom exception
|
|
120
|
+
- Don't lose the traceback — use `raise` (re-raise) or `raise NewError(...) from original`
|
|
121
|
+
- Don't use `assert` for input validation — assertions disappear with `python -O`
|
|
122
|
+
|
|
123
|
+
## Testing
|
|
124
|
+
|
|
125
|
+
**DO:**
|
|
126
|
+
- Use pytest — configure in `pyproject.toml` under `[tool.pytest.ini_options]`
|
|
127
|
+
- Centralize shared fixtures in `conftest.py` — auto-available to tests in that directory and below
|
|
128
|
+
- Choose fixture scopes: `function` for mutable/cheap, `session` for expensive/read-only resources
|
|
129
|
+
- Use `@pytest.mark.parametrize` with `ids` for readable multi-input tests
|
|
130
|
+
- Follow Arrange-Act-Assert — structure every test into these three clear phases
|
|
131
|
+
- One logical assertion per test — `test_apply_discount` tests discount, not inventory + email
|
|
132
|
+
- In CI: `pytest -n auto --cov=src/ --cov-report=xml --cov-fail-under=85 --strict-markers -ra`
|
|
133
|
+
- Install: `pytest-cov`, `pytest-xdist`, `pytest-mock`, `pytest-randomly`, `pytest-asyncio`
|
|
134
|
+
|
|
135
|
+
**DON'T:**
|
|
136
|
+
- Don't use `for` loops inside a single test — use `@parametrize`, loops hide which input failed
|
|
137
|
+
- Don't let tests depend on execution order — each test must set up everything through fixtures
|
|
138
|
+
- Don't skip `--strict-markers` — a typo'd marker becomes a silent no-op without it
|
|
139
|
+
- Don't mock what you don't own — mock your own adapters, not the external library directly
|
|
140
|
+
- Don't test implementation details — test behavior, not internal method calls
|
|
141
|
+
|
|
142
|
+
## Performance & Async
|
|
143
|
+
|
|
144
|
+
**DO:**
|
|
145
|
+
- Use `async`/`await` for I/O-bound work — network calls, file I/O, database queries. Not CPU-bound
|
|
146
|
+
- Prefer AnyIO over raw asyncio — fixes cancellation bugs, provides structured concurrency
|
|
147
|
+
- Use structured concurrency — `async with anyio.create_task_group() as tg:`
|
|
148
|
+
- Use `anyio.to_thread.run_sync()` for CPU-bound work in async contexts
|
|
149
|
+
- Use generators for large datasets — `yield` items one at a time instead of building lists in memory
|
|
150
|
+
- Profile before optimizing — use `cProfile` or `py-spy` to find actual bottlenecks
|
|
151
|
+
|
|
152
|
+
**DON'T:**
|
|
153
|
+
- Don't call blocking I/O inside `async def` — use async equivalents or `run_sync`
|
|
154
|
+
- Don't create tasks without tracking them — unhandled task exceptions silently vanish in asyncio
|
|
155
|
+
- Don't use `time.sleep()` in async code — use `await anyio.sleep()`
|
|
156
|
+
- Don't use `asyncio.shield()` — it's a footgun, use AnyIO cancel scopes instead
|
|
157
|
+
- Don't eagerly load large datasets into memory — use generators or lazy evaluation
|
|
158
|
+
|
|
159
|
+
## Security
|
|
160
|
+
|
|
161
|
+
**DO:**
|
|
162
|
+
- Never use `eval()`, `exec()`, or `compile()` on untrusted input
|
|
163
|
+
- Use `secrets` module for cryptographic randomness — `secrets.token_hex()`, not `random.random()`
|
|
164
|
+
- Validate and sanitize all user input at boundaries — use Pydantic models for API inputs
|
|
165
|
+
- Use parameterized queries for SQL — never string interpolation. SQLAlchemy/psycopg handle this
|
|
166
|
+
- Check dependencies for vulnerabilities — run `uv pip check` or `pip-audit` regularly
|
|
167
|
+
- Use `secrets.compare_digest()` for comparing tokens — constant-time comparison
|
|
168
|
+
- Use `.env` files for local secrets — and `.gitignore` them. Use a secrets manager in production
|
|
169
|
+
- Never log secrets, tokens, or passwords — redact sensitive fields from logs
|
|
170
|
+
|
|
171
|
+
**DON'T:**
|
|
172
|
+
- Don't use `pickle` on untrusted data — arbitrary code execution. Use JSON, msgpack, or protobuf
|
|
173
|
+
- Don't use `subprocess` with `shell=True` — shell injection risk. Pass args as a list, `shell=False`
|
|
174
|
+
- Don't hardcode secrets in source code — use environment variables or a secrets manager
|
|
175
|
+
- Don't use `yaml.load()` without `SafeLoader` — `yaml.load()` can execute arbitrary code, use `yaml.safe_load()`
|
|
176
|
+
- Don't construct SQL queries with string formatting — `f"SELECT * FROM users WHERE id = {user_id}"`
|
|
177
|
+
- Don't skip TLS verification — `verify=False` in requests is a security hole
|
|
178
|
+
- Don't expose stack traces to users — catch and handle exceptions at the API boundary
|
|
179
|
+
|
|
180
|
+
## Anti-Patterns
|
|
181
|
+
|
|
182
|
+
**DO:**
|
|
183
|
+
- Use `pathlib.Path` instead of `os.path` — cleaner, cross-platform, object-oriented
|
|
184
|
+
- Use f-strings instead of `.format()` or `%` formatting
|
|
185
|
+
- Use `is` for `None`/`True`/`False` comparison — `x is None`, not `x == None`
|
|
186
|
+
- Use `isinstance()` instead of `type()` for type checks — respects inheritance
|
|
187
|
+
- Use `enumerate()` instead of `range(len(...))`
|
|
188
|
+
- Use `zip()` for parallel iteration — not index-based loops
|
|
189
|
+
- Default to immutability — `dataclass(frozen=True)`, `frozenset`
|
|
190
|
+
|
|
191
|
+
**DON'T:**
|
|
192
|
+
- Don't use mutable default arguments — `def f(lst=[])` is a classic trap, use `def f(lst=None): lst = lst or []`
|
|
193
|
+
- Don't catch and swallow exceptions silently — `except: pass` is a bug
|
|
194
|
+
- Don't use `from module import *` — pollutes namespace, hides origins
|
|
195
|
+
- Don't use `global` — pass state explicitly or restructure
|
|
196
|
+
- Don't use `if len(x) > 0` — just `if x:` (truthiness check)
|
|
197
|
+
- Don't compare `None` with `==` — use `is None` / `is not None`
|
|
198
|
+
- Don't put multiple statements on one line with `;` — one statement per line
|
|
199
|
+
- Don't use list comprehensions with side effects — they're for building lists, not `[print(x) for x in items]`
|
|
200
|
+
- Don't use `pip install` globally — always in a virtual environment managed by uv
|
|
201
|
+
|
|
202
|
+
## Dependencies
|
|
203
|
+
|
|
204
|
+
**DO:**
|
|
205
|
+
- Use uv: `uv init`, `uv add`, `uv lock`, `uv sync --frozen` in CI
|
|
206
|
+
- Commit your lock file — `uv.lock` (or `poetry.lock`) to version control for deterministic builds
|
|
207
|
+
- List only direct dependencies — let the resolver figure out transitive deps
|
|
208
|
+
- Separate dev from production dependencies — `uv add --dev pytest ruff mypy pre-commit`
|
|
209
|
+
- Pin Python version — `requires-python = ">=3.12"` in pyproject.toml
|
|
210
|
+
- Update dependencies intentionally — `uv lock --upgrade` as a deliberate step with testing
|
|
211
|
+
|
|
212
|
+
**DON'T:**
|
|
213
|
+
- Don't use `requirements.txt` as source of truth in new projects — use `pyproject.toml [project.dependencies]`
|
|
214
|
+
- Don't pin transitive dependencies in your input file — only list packages you import
|
|
215
|
+
- Don't keep unbounded dependency ranges — prefer `"django>=4.2,<6.0"` over unbounded `"django"`
|
|
216
|
+
- Don't ignore `uv pip check` warnings — broken dependency constraints cause runtime failures
|
|
217
|
+
- Don't skip dependency updates for months — stale deps accumulate CVEs
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
# React Standards
|
|
2
|
+
|
|
3
|
+
When working on `${PROJECT_NAME}` with React, follow these conventions unless project context overrides.
|
|
4
|
+
|
|
5
|
+
## Server Components (React 19+)
|
|
6
|
+
|
|
7
|
+
**DO:**
|
|
8
|
+
- Default to Server Components — only add `"use client"` when you need interactivity, state, effects, or browser APIs
|
|
9
|
+
- Use `async/await` directly in Server Components for data fetching — no `useEffect`, no `useState` for loading state
|
|
10
|
+
- Wrap async Server Components in `<Suspense>` boundaries with meaningful fallbacks
|
|
11
|
+
- Keep sensitive logic server-only: database access, API keys, private env vars, filesystem reads
|
|
12
|
+
- Fetch data in parallel at the component level — Server Components don't waterfall
|
|
13
|
+
|
|
14
|
+
**DON'T:**
|
|
15
|
+
- Do NOT use `useState`, `useEffect`, or browser APIs in Server Components
|
|
16
|
+
- Do NOT import a Server Component into a Client Component — pass data as children or props instead
|
|
17
|
+
- Do NOT use browser-locked libraries (`window`, `document`) in Server Components — wrap in a Client Component
|
|
18
|
+
|
|
19
|
+
## Hooks
|
|
20
|
+
|
|
21
|
+
**DO:**
|
|
22
|
+
- Rely on the React Compiler for automatic memoization — write clean code, let the compiler optimize
|
|
23
|
+
- Use `useCallback` only when: (1) child is wrapped in `React.memo`, (2) every prop is memoized, (3) the function reference change causes measurable re-renders
|
|
24
|
+
- Use the updater function pattern to avoid stale closures: `setCount(prev => prev + 1)`
|
|
25
|
+
- Use `useRef` for values that should not trigger re-renders
|
|
26
|
+
- Clean up every subscription, timer, and event listener in `useEffect` return
|
|
27
|
+
|
|
28
|
+
**DON'T:**
|
|
29
|
+
- Do NOT wrap every function in `useCallback` "just in case" — 90% can be removed without regression
|
|
30
|
+
- Do NOT compute derived state with `useEffect` + `useState` — compute it during render
|
|
31
|
+
- Do NOT use `useEffect` for data fetching in Server Components — `async/await` is the pattern
|
|
32
|
+
- Do NOT forget dependency arrays — stale closures cause subtle bugs
|
|
33
|
+
- Do NOT use `index` as `key` when items can be reordered, added, or removed — use stable unique IDs
|
|
34
|
+
|
|
35
|
+
## State Management
|
|
36
|
+
|
|
37
|
+
**DO:**
|
|
38
|
+
- Use `useState` for component-local UI state
|
|
39
|
+
- Use `useReducer` for complex local state with interdependent transitions
|
|
40
|
+
- Use Zustand for shared global state — selector-based subscriptions, ~1KB, no providers
|
|
41
|
+
- Use TanStack Query (React Query) for server state — caching, background refetching, eliminates boilerplate
|
|
42
|
+
- Use Context API for rarely-changing global values (theme, locale, auth status) — split by update frequency
|
|
43
|
+
- Keep state as close to where it's used as possible — lift up only when multiple components need it
|
|
44
|
+
|
|
45
|
+
**DON'T:**
|
|
46
|
+
- Do NOT use Context API for high-frequency updates — all consumers re-render on every change
|
|
47
|
+
- Do NOT duplicate server state in client state — TanStack Query is the source of truth for API data
|
|
48
|
+
- Do NOT choose Redux by default for new projects — Zustand covers 90% of use cases with less boilerplate
|
|
49
|
+
- Do NOT store derived values in state — compute them during render
|
|
50
|
+
|
|
51
|
+
## Components
|
|
52
|
+
|
|
53
|
+
**DO:**
|
|
54
|
+
- Follow Single Responsibility — each component should have one reason to change
|
|
55
|
+
- Use Compound Components for related components that share implicit state via Context
|
|
56
|
+
- Extract business logic and data transforms into pure utility functions outside components
|
|
57
|
+
- Extract reusable stateful logic into custom hooks
|
|
58
|
+
- Use Error Boundaries wrapping major sections to prevent cascading crashes
|
|
59
|
+
- Organize by feature, not by type: `features/auth/LoginForm.tsx` over `components/LoginForm.tsx`
|
|
60
|
+
|
|
61
|
+
**DON'T:**
|
|
62
|
+
- Do NOT put business logic in view components — components should orchestrate, hooks should compute
|
|
63
|
+
- Do NOT deeply nest components without extracting — deep nesting hurts readability and testing
|
|
64
|
+
- Do NOT use `index.ts` barrel exports excessively — they can cause circular dependencies
|
|
65
|
+
- Do NOT create unnecessary wrapper `<div>`s — use fragments (`<>...</>`)
|
|
66
|
+
- Do NOT forget to handle loading, empty, and error states in every data-dependent component
|
|
67
|
+
|
|
68
|
+
## TypeScript
|
|
69
|
+
|
|
70
|
+
**DO:**
|
|
71
|
+
- Use generic components for reusable UI patterns: `function List<T>({ items }: { items: T[] })`
|
|
72
|
+
- Use `ComponentPropsWithoutRef<'button'>` to extend native HTML element props
|
|
73
|
+
- Use explicit event types: `React.ChangeEvent<HTMLInputElement>`, `React.MouseEvent<HTMLButtonElement>`
|
|
74
|
+
- Export props interfaces alongside components: `export interface ButtonProps { ... }`
|
|
75
|
+
- Enable `strict: true` in `tsconfig.json`
|
|
76
|
+
|
|
77
|
+
**DON'T:**
|
|
78
|
+
- Do NOT use `React.FC` as default typing — it implicitly adds `children`, prefer explicit prop types
|
|
79
|
+
- Do NOT use `any` — use `unknown` and narrow types properly
|
|
80
|
+
- Do NOT duplicate component types for different data shapes — use one generic component
|
|
81
|
+
- Do NOT cast DOM events unnecessarily — use the proper handler types
|
|
82
|
+
|
|
83
|
+
## Performance
|
|
84
|
+
|
|
85
|
+
**DO:**
|
|
86
|
+
- Enable the React Compiler — highest-impact, lowest-effort optimization (30-60% re-render reduction)
|
|
87
|
+
- Route-based code splitting with `lazy` + `Suspense` — highest impact per effort
|
|
88
|
+
- Virtualize large lists (50+ items) with `react-window` or `@tanstack/react-virtual`
|
|
89
|
+
- Split contexts by update frequency — never bundle unrelated state in one context
|
|
90
|
+
- Use `useDeferredValue` and `useTransition` for non-urgent updates
|
|
91
|
+
- Optimize images: WebP/AVIF, responsive sizes, lazy loading, explicit dimensions
|
|
92
|
+
|
|
93
|
+
**DON'T:**
|
|
94
|
+
- Do NOT wrap everything in `React.memo` — only memoize components that re-render frequently with identical props
|
|
95
|
+
- Do NOT use expensive CSS properties in animations — prefer `transform` and `opacity` (GPU-composited)
|
|
96
|
+
- Do NOT ship Moment.js (300KB) — use `date-fns` or native `Intl.DateTimeFormat`
|
|
97
|
+
- Do NOT skip memory leak prevention — always clean up timers, intervals, and listeners
|
|
98
|
+
|
|
99
|
+
## Accessibility
|
|
100
|
+
|
|
101
|
+
**DO:**
|
|
102
|
+
- Use semantic HTML first: `<button>`, `<nav>`, `<main>`, `<form>` — they have built-in keyboard, role, and state support
|
|
103
|
+
- Follow the First Rule of ARIA: if a native element does what you need, use it — don't add ARIA to semantic elements
|
|
104
|
+
- Provide visible focus indicators — never remove `outline` without a custom replacement
|
|
105
|
+
- Use `aria-label` or `aria-labelledby` for interactive elements without visible text labels
|
|
106
|
+
- Use live regions for dynamic content: `<div aria-live="polite">`
|
|
107
|
+
- Test with keyboard-only navigation
|
|
108
|
+
|
|
109
|
+
**DON'T:**
|
|
110
|
+
- Do NOT use `div` or `span` for interactive controls — use `<button>`, `<input>`, `<select>`
|
|
111
|
+
- Do NOT use ARIA when HTML semantics suffice — "No ARIA is better than bad ARIA"
|
|
112
|
+
- Do NOT use color alone to convey information — supplement with icons, text, or patterns
|
|
113
|
+
- Do NOT skip `alt` text on images — `alt=""` for decorative, descriptive text for informational
|
|
114
|
+
- Do NOT trap focus without an escape mechanism (Escape key to close modals)
|
|
115
|
+
|
|
116
|
+
## Security
|
|
117
|
+
|
|
118
|
+
**DO:**
|
|
119
|
+
- Let JSX auto-escape dynamic content — curly braces `{}` are safe against XSS by default
|
|
120
|
+
- Sanitize HTML with DOMPurify before using `dangerouslySetInnerHTML`
|
|
121
|
+
- Validate URLs before rendering in `<a href>`: only allow `http:` and `https:` protocols
|
|
122
|
+
- Store tokens in HTTP-only cookies, not localStorage
|
|
123
|
+
- Implement Content Security Policy (CSP) headers to restrict script sources
|
|
124
|
+
|
|
125
|
+
**DON'T:**
|
|
126
|
+
- Do NOT use `dangerouslySetInnerHTML` on raw user input without DOMPurify sanitization
|
|
127
|
+
- Do NOT use direct DOM manipulation to inject content — `ref.current.innerHTML = userContent`
|
|
128
|
+
- Do NOT expose API keys, secrets, or sensitive config in client-side code — everything in bundles is public
|
|
129
|
+
- Do NOT use `eval()` or `new Function()` with user-supplied input
|
|
130
|
+
- Do NOT ship source maps in production
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
# TypeScript Standards
|
|
2
|
+
|
|
3
|
+
When working on `${PROJECT_NAME}`, follow these TypeScript conventions unless `${PROJECT_NAME}`'s context docs say otherwise.
|
|
4
|
+
|
|
5
|
+
## Configuration
|
|
6
|
+
|
|
7
|
+
- Enable `strict: true` in `tsconfig.json` — no exceptions
|
|
8
|
+
- Use `noUncheckedIndexedAccess` to catch undefined access
|
|
9
|
+
- Prefer `es2022` or later as the compile target
|
|
10
|
+
|
|
11
|
+
## Types
|
|
12
|
+
|
|
13
|
+
- Prefer `interface` over `type` for object shapes — interfaces are extensible and produce better error messages
|
|
14
|
+
- Use `type` for unions, intersections, and mapped types
|
|
15
|
+
- Explicit return types on all exported functions — it catches accidental contract changes
|
|
16
|
+
- Never use `any` without a comment explaining why it's unavoidable
|
|
17
|
+
- Use `unknown` instead of `any` when the type is genuinely unknown
|
|
18
|
+
- Use `const` assertions (`as const`) for literal types and tuple inference
|
|
19
|
+
|
|
20
|
+
## Style
|
|
21
|
+
|
|
22
|
+
- Prefer `as` casting over angle-bracket syntax — it's unambiguous with JSX
|
|
23
|
+
- Use optional chaining (`?.`) and nullish coalescing (`??`) over verbose null checks
|
|
24
|
+
- Prefer `readonly` arrays and properties where mutation isn't needed
|
|
25
|
+
- Use template literal types for string patterns when applicable
|
|
26
|
+
|
|
27
|
+
## Exports
|
|
28
|
+
|
|
29
|
+
- Named exports only — no default exports (they break IDE auto-imports and refactoring)
|
|
30
|
+
- Export prop interfaces alongside their components
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# Context Documentation
|
|
2
|
+
|
|
3
|
+
${AGENT_NAME}, always ground yourself in `${PROJECT_NAME}`'s documented context before writing code.
|
|
4
|
+
|
|
5
|
+
## Required Reading
|
|
6
|
+
|
|
7
|
+
Before implementing anything, read these files in order:
|
|
8
|
+
|
|
9
|
+
1. **`.agent/context/project/stack.md`** — The tech stack. Languages, frameworks, databases, third-party services. This is the source of truth for what the project uses. Don't guess.
|
|
10
|
+
|
|
11
|
+
2. **`.agent/context/project/conventions.md`** — Project-specific conventions. File naming, directory structure, import ordering, formatting rules. Follow these exactly.
|
|
12
|
+
|
|
13
|
+
3. **`.agent/context/project/architecture.md`** — High-level architecture. Component tree, data flow, API surface, deployment topology. Understand the system before changing it.
|
|
14
|
+
|
|
15
|
+
## How to Use Context
|
|
16
|
+
|
|
17
|
+
- Treat these files as ground truth — they override your default assumptions
|
|
18
|
+
- If context and a standards section conflict, context wins (it's project-specific)
|
|
19
|
+
- When you notice something missing from these docs, flag it to the user; don't silently diverge
|
|
20
|
+
- If conventions say "use kebab-case for files," use kebab-case — don't improvise with camelCase because you prefer it
|
|
21
|
+
|
|
22
|
+
## Cross-Referencing
|
|
23
|
+
|
|
24
|
+
When context refers to patterns (e.g. "error handling follows the Result pattern"), check `.agent/memory/decisions.md` for the rationale behind those patterns.
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
# Memory Management
|
|
2
|
+
|
|
3
|
+
${AGENT_NAME}, consult project memory before making decisions in `${PROJECT_NAME}`.
|
|
4
|
+
|
|
5
|
+
## Before You Start
|
|
6
|
+
|
|
7
|
+
Read these files before beginning any work:
|
|
8
|
+
|
|
9
|
+
1. **`.agent/memory/decisions.md`** — Architectural decisions and their rationale. Every non-trivial choice made in the project should be recorded here with date, context, and reasoning.
|
|
10
|
+
|
|
11
|
+
2. **`.agent/memory/conventions.md`** — Discovered conventions that aren't in the formal standards docs. These are patterns the team has settled on through practice (naming choices, file organization, error handling style).
|
|
12
|
+
|
|
13
|
+
## When Making Decisions
|
|
14
|
+
|
|
15
|
+
- Check `.agent/memory/decisions.md` first — has this already been decided?
|
|
16
|
+
- Reference the relevant past decision by its date/ID when making a new one
|
|
17
|
+
- If your decision reverses or modifies a past decision, explain why
|
|
18
|
+
|
|
19
|
+
## Recording New Decisions
|
|
20
|
+
|
|
21
|
+
After making a significant architectural choice, append to `.agent/memory/decisions.md`:
|
|
22
|
+
|
|
23
|
+
```markdown
|
|
24
|
+
## YYYY-MM-DD: Decision Title
|
|
25
|
+
|
|
26
|
+
**Context:** What situation led to this decision
|
|
27
|
+
**Decision:** What was chosen
|
|
28
|
+
**Alternatives considered:** What else was evaluated and why it wasn't picked
|
|
29
|
+
**Consequences:** What this enables and what it constrains
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
Keep entries factual. Don't record trivial choices like variable names.
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
# Session Logging
|
|
2
|
+
|
|
3
|
+
${AGENT_NAME}, log every session so `${PROJECT_NAME}` maintains a traceable history.
|
|
4
|
+
|
|
5
|
+
## When to Log
|
|
6
|
+
|
|
7
|
+
At the end of each work session — whether you completed tasks or not — write a session log.
|
|
8
|
+
|
|
9
|
+
## Log Location
|
|
10
|
+
|
|
11
|
+
Write to `.agent/sessions/YYYY-MM-DD.md`. If the file already exists (same-day continuation), append to it rather than overwriting.
|
|
12
|
+
|
|
13
|
+
## Log Format
|
|
14
|
+
|
|
15
|
+
```markdown
|
|
16
|
+
# Session: YYYY-MM-DD
|
|
17
|
+
|
|
18
|
+
**Agent:** ${AGENT_NAME}
|
|
19
|
+
**Duration:** Brief estimate if known
|
|
20
|
+
|
|
21
|
+
## Tasks Worked On
|
|
22
|
+
- TASK-001: What was attempted or completed
|
|
23
|
+
- TASK-002: Another item
|
|
24
|
+
|
|
25
|
+
## Decisions Made
|
|
26
|
+
- Decision summary and rationale (one line each)
|
|
27
|
+
|
|
28
|
+
## Problems and Solutions
|
|
29
|
+
- Problem encountered → How it was resolved
|
|
30
|
+
- Open issues carried forward (if any)
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## Guidelines
|
|
34
|
+
|
|
35
|
+
- Keep entries factual and brief — these are logs, not documentation
|
|
36
|
+
- Record problems even if you couldn't solve them; next sessions need to know
|
|
37
|
+
- If nothing was accomplished, log that too (blocked, waiting, research-only)
|
|
38
|
+
- Don't duplicate content already in `.agent/memory/decisions.md` — link to it instead
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
# Task Management
|
|
2
|
+
|
|
3
|
+
${AGENT_NAME}, use the task system to track your work in `${PROJECT_NAME}`.
|
|
4
|
+
|
|
5
|
+
## Reading Tasks
|
|
6
|
+
|
|
7
|
+
Task files live in `.agent/tasks/`. At startup, scan the directory for the current task:
|
|
8
|
+
|
|
9
|
+
1. Look for a file matching `current.md` or `active.md` — that's your active task
|
|
10
|
+
2. If none found, look for `backlog.md` and pick the next `[ ]` item
|
|
11
|
+
3. If no tasks exist, ask the user what to work on
|
|
12
|
+
|
|
13
|
+
## Task File Format
|
|
14
|
+
|
|
15
|
+
Each task file follows this structure:
|
|
16
|
+
|
|
17
|
+
```markdown
|
|
18
|
+
# ${AGENT_NAME} Tasks
|
|
19
|
+
|
|
20
|
+
## Active
|
|
21
|
+
- [ ] TASK-001: Brief description of what needs doing
|
|
22
|
+
- Subtask detail if needed
|
|
23
|
+
- Another subtask
|
|
24
|
+
|
|
25
|
+
## Completed
|
|
26
|
+
- [x] TASK-000: Something already finished
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
## Marking Tasks Done
|
|
30
|
+
|
|
31
|
+
When you complete a task:
|
|
32
|
+
|
|
33
|
+
1. Change `[ ]` to `[x]` in the source file
|
|
34
|
+
2. Move the completed line to the `## Completed` section
|
|
35
|
+
3. If there are more tasks in `## Active`, pick the next one
|
|
36
|
+
4. If the active section is empty, report completion to the user
|
|
37
|
+
|
|
38
|
+
## Task Naming
|
|
39
|
+
|
|
40
|
+
Use short, imperative descriptions: "Add authentication middleware", "Fix login redirect bug", "Update API types for user endpoint". Prefix with `TASK-NNN` if the project uses numbered tracking.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
This project uses AI Squad agents for development. The following agents are available:
|
|
4
|
+
|
|
5
|
+
${AGENT_LIST}
|
|
6
|
+
|
|
7
|
+
## Workflow
|
|
8
|
+
|
|
9
|
+
Before starting any task, read the current state and understand the project context.
|
|
10
|
+
|
|
11
|
+
Always follow project conventions and architecture decisions.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Architecture — ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
## Directory Structure
|
|
4
|
+
Describe the top-level project layout here.
|
|
5
|
+
|
|
6
|
+
## Data Flow
|
|
7
|
+
Describe how data moves through the system (request → component → database).
|
|
8
|
+
|
|
9
|
+
## Key Design Decisions
|
|
10
|
+
Add entries here as architectural decisions are made. Reference `.agent/memory/decisions.md` for full ADRs.
|
|
11
|
+
|
|
12
|
+
## External Services
|
|
13
|
+
List any third-party APIs and how they integrate.
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Conventions — ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
## Code Style
|
|
4
|
+
- Use TypeScript strict mode. No `any` without justification.
|
|
5
|
+
- Prefer Server Components unless client interactivity is needed.
|
|
6
|
+
- Use `kebab-case` for files, `PascalCase` for components.
|
|
7
|
+
- Co-locate component tests alongside the component file.
|
|
8
|
+
|
|
9
|
+
## Routing
|
|
10
|
+
- App Router only. Group routes by feature in `(feature)` folders.
|
|
11
|
+
- `page.tsx` is the route entry; keep it thin.
|
|
12
|
+
|
|
13
|
+
## Data Fetching
|
|
14
|
+
- Fetch in Server Components when possible.
|
|
15
|
+
- Use React `cache()` for per-request deduplication.
|
|
16
|
+
- Mutations go in Server Actions or API routes.
|
|
17
|
+
|
|
18
|
+
## State
|
|
19
|
+
- URL search params for shareable UI state.
|
|
20
|
+
- Zustand or Jotai for complex client state (add to stack if used).
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Tech Stack — ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
| Category | Technology |
|
|
4
|
+
|----------|------------|
|
|
5
|
+
| Framework | Next.js |
|
|
6
|
+
| Language | TypeScript |
|
|
7
|
+
| Styling | Tailwind CSS |
|
|
8
|
+
| Database | — |
|
|
9
|
+
| Auth | — |
|
|
10
|
+
| Hosting | Vercel |
|
|
11
|
+
| Testing | Vitest + Playwright |
|
|
12
|
+
| Linting | ESLint + Prettier |
|
|
13
|
+
|
|
14
|
+
Fill in the blanks as the project evolves.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Architecture — ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
## Directory Structure
|
|
4
|
+
Describe the top-level project layout here.
|
|
5
|
+
|
|
6
|
+
## Data Flow
|
|
7
|
+
Describe how data moves through the system (request → handler → database).
|
|
8
|
+
|
|
9
|
+
## Key Design Decisions
|
|
10
|
+
Add entries here as architectural decisions are made. Reference `.agent/memory/decisions.md` for full ADRs.
|
|
11
|
+
|
|
12
|
+
## External Services
|
|
13
|
+
List any third-party APIs and how they integrate.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# Conventions — ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
## Code Style
|
|
4
|
+
- Follow PEP 8. Enforce with ruff and black.
|
|
5
|
+
- Type hints on all function signatures. Run mypy in strict mode.
|
|
6
|
+
- Use `snake_case` for files, functions, and variables.
|
|
7
|
+
|
|
8
|
+
## Project Layout
|
|
9
|
+
- `src/` layout preferred over flat `app/` layout.
|
|
10
|
+
- Keep modules focused: one concern per module.
|
|
11
|
+
|
|
12
|
+
## Error Handling
|
|
13
|
+
- Use custom exception classes, not bare `Exception`.
|
|
14
|
+
- Fail loudly in development, gracefully in production.
|
|
15
|
+
|
|
16
|
+
## Testing
|
|
17
|
+
- pytest with fixtures in `conftest.py`.
|
|
18
|
+
- One test file per source module: `test_<module>.py`.
|
|
19
|
+
- Aim for >80% coverage on business logic.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Tech Stack — ${PROJECT_NAME}
|
|
2
|
+
|
|
3
|
+
| Category | Technology |
|
|
4
|
+
|----------|------------|
|
|
5
|
+
| Language | Python |
|
|
6
|
+
| Package Manager | pip / Poetry |
|
|
7
|
+
| Web Framework | FastAPI / Flask / Django |
|
|
8
|
+
| Database | — |
|
|
9
|
+
| ORM | — |
|
|
10
|
+
| Testing | pytest |
|
|
11
|
+
| Linting | ruff / black / mypy |
|
|
12
|
+
| Hosting | — |
|
|
13
|
+
|
|
14
|
+
Fill in the blanks as the project evolves.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# Context Management
|
|
2
|
+
|
|
3
|
+
## Available Context Docs
|
|
4
|
+
- `stack.md` — tech stack, tools, libraries. Read when choosing dependencies.
|
|
5
|
+
- `conventions.md` — coding conventions. Read before writing code.
|
|
6
|
+
- `architecture.md` — system design and data flow. Read for architectural context.
|
|
7
|
+
|
|
8
|
+
## When to Read
|
|
9
|
+
At the start of any implementation task, read `stack.md` and `conventions.md`. For system-level changes, also read `architecture.md`.
|
|
10
|
+
|
|
11
|
+
## Maintenance
|
|
12
|
+
- `stack.md` — updated by `squad-architect` when dependencies change
|
|
13
|
+
- `conventions.md` — updated by `squad-memory-keeper` as new conventions emerge
|
|
14
|
+
- `architecture.md` — updated by `squad-architect` for design changes
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Memory Management
|
|
2
|
+
|
|
3
|
+
## When to Read Memory
|
|
4
|
+
Before starting any task, read `.agent/memory/decisions.md` and `.agent/memory/conventions.md` to understand past decisions and established patterns.
|
|
5
|
+
|
|
6
|
+
## When to Append
|
|
7
|
+
After making a technical decision, append to `decisions.md`. When a new convention emerges, append to `conventions.md`. Use the format specified in the templates.
|
|
8
|
+
|
|
9
|
+
## Agent Ownership
|
|
10
|
+
- `decisions.md` — maintained by `squad-architect` and `squad-memory-keeper`
|
|
11
|
+
- `conventions.md` — maintained by `squad-memory-keeper`
|
|
12
|
+
- `patterns.md` — maintained by `squad-architect` (Comprehensive only)
|