ateschh-kit 1.0.0 → 1.2.0

package/skills/expo-api-routes/SKILL.md

@@ -0,0 +1,368 @@
+---
+name: expo-api-routes
+description: Guidelines for creating API routes in Expo Router with EAS Hosting
+version: 1.0.0
+license: MIT
+---
+
+## When to Use API Routes
+
+Use API routes when you need:
+
+- **Server-side secrets** — API keys, database credentials, or tokens that must never reach the client
+- **Database operations** — Direct database queries that shouldn't be exposed
+- **Third-party API proxies** — Hide API keys when calling external services (OpenAI, Stripe, etc.)
+- **Server-side validation** — Validate data before database writes
+- **Webhook endpoints** — Receive callbacks from services like Stripe or GitHub
+- **Rate limiting** — Control access at the server level
+- **Heavy computation** — Offload processing that would be slow on mobile
+
+## When NOT to Use API Routes
+
+Avoid API routes when:
+
+- **Data is already public** — Use direct fetch to public APIs instead
+- **No secrets required** — Static data or client-safe operations
+- **Real-time updates needed** — Use WebSockets or services like Supabase Realtime
+- **Simple CRUD** — Consider Firebase, Supabase, or Convex for managed backends
+- **File uploads** — Use direct-to-storage uploads (S3 presigned URLs, Cloudflare R2)
+- **Authentication only** — Use Clerk, Auth0, or Firebase Auth instead
+
+## File Structure
+
+API routes live in the `app` directory with `+api.ts` suffix:
+
+```
+app/
+  api/
+    hello+api.ts          → GET /api/hello
+    users+api.ts          → /api/users
+    users/[id]+api.ts     → /api/users/:id
+  (tabs)/
+    index.tsx
+```
+
+## Basic API Route
+
+```ts
+// app/api/hello+api.ts
+export function GET(request: Request) {
+  return Response.json({ message: "Hello from Expo!" });
+}
+```
+
+## HTTP Methods
+
+Export named functions for each HTTP method:
+
+```ts
+// app/api/items+api.ts
+export function GET(request: Request) {
+  return Response.json({ items: [] });
+}
+
+export async function POST(request: Request) {
+  const body = await request.json();
+  return Response.json({ created: body }, { status: 201 });
+}
+
+export async function PUT(request: Request) {
+  const body = await request.json();
+  return Response.json({ updated: body });
+}
+
+export async function DELETE(request: Request) {
+  return new Response(null, { status: 204 });
+}
+```
+
+## Dynamic Routes
+
+```ts
+// app/api/users/[id]+api.ts
+export function GET(request: Request, { id }: { id: string }) {
+  return Response.json({ userId: id });
+}
+```
+
+## Request Handling
+
+### Query Parameters
+
+```ts
+export function GET(request: Request) {
+  const url = new URL(request.url);
+  const page = url.searchParams.get("page") ?? "1";
+  const limit = url.searchParams.get("limit") ?? "10";
+
+  return Response.json({ page, limit });
+}
+```
+
+### Headers
+
+```ts
+export function GET(request: Request) {
+  const auth = request.headers.get("Authorization");
+
+  if (!auth) {
+    return Response.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  return Response.json({ authenticated: true });
+}
+```
+
+### JSON Body
+
+```ts
+export async function POST(request: Request) {
+  const { email, password } = await request.json();
+
+  if (!email || !password) {
+    return Response.json({ error: "Missing fields" }, { status: 400 });
+  }
+
+  return Response.json({ success: true });
+}
+```
+
+## Environment Variables
+
+Use `process.env` for server-side secrets:
+
+```ts
+// app/api/ai+api.ts
+export async function POST(request: Request) {
+  const { prompt } = await request.json();
+
+  const response = await fetch("https://api.openai.com/v1/chat/completions", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${process.env.OPENAI_API_KEY}`,
+    },
+    body: JSON.stringify({
+      model: "gpt-4",
+      messages: [{ role: "user", content: prompt }],
+    }),
+  });
+
+  const data = await response.json();
+  return Response.json(data);
+}
+```
+
+Set environment variables:
+
+- **Local**: Create `.env` file (never commit)
+- **EAS Hosting**: Use `eas env:create` or Expo dashboard
+
+## CORS Headers
+
+Add CORS for web clients:
+
+```ts
+const corsHeaders = {
+  "Access-Control-Allow-Origin": "*",
+  "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
+  "Access-Control-Allow-Headers": "Content-Type, Authorization",
+};
+
+export function OPTIONS() {
+  return new Response(null, { headers: corsHeaders });
+}
+
+export function GET() {
+  return Response.json({ data: "value" }, { headers: corsHeaders });
+}
+```
+
+## Error Handling
+
+```ts
+export async function POST(request: Request) {
+  try {
+    const body = await request.json();
+    // Process...
+    return Response.json({ success: true });
+  } catch (error) {
+    console.error("API error:", error);
+    return Response.json({ error: "Internal server error" }, { status: 500 });
+  }
+}
+```
+
+## Testing Locally
+
+Start the development server with API routes:
+
+```bash
+npx expo serve
+```
+
+This starts a local server at `http://localhost:8081` with full API route support.
+
+Test with curl:
+
+```bash
+curl http://localhost:8081/api/hello
+curl -X POST http://localhost:8081/api/users -H "Content-Type: application/json" -d '{"name":"Test"}'
+```
+
+## Deployment to EAS Hosting
+
+### Prerequisites
+
+```bash
+npm install -g eas-cli
+eas login
+```
+
+### Deploy
+
+```bash
+eas deploy
+```
+
+This builds and deploys your API routes to EAS Hosting (Cloudflare Workers).
+
+### Environment Variables for Production
+
+```bash
+# Create a secret
+eas env:create --name OPENAI_API_KEY --value sk-xxx --environment production
+
+# Or use the Expo dashboard
+```
+
+### Custom Domain
+
+Configure in `eas.json` or Expo dashboard.
+
+## EAS Hosting Runtime (Cloudflare Workers)
+
+API routes run on Cloudflare Workers. Key limitations:
+
+### Missing/Limited APIs
+
+- **No Node.js filesystem** — `fs` module unavailable
+- **No native Node modules** — Use Web APIs or polyfills
+- **Limited execution time** — 30 second timeout for CPU-intensive tasks
+- **No persistent connections** — WebSockets require Durable Objects
+- **fetch is available** — Use standard fetch for HTTP requests
+
+### Use Web APIs Instead
+
+```ts
+// Use Web Crypto instead of Node crypto
+const hash = await crypto.subtle.digest(
+  "SHA-256",
+  new TextEncoder().encode("data")
+);
+
+// Use fetch instead of node-fetch
+const response = await fetch("https://api.example.com");
+
+// Use Response/Request (already available)
+return new Response(JSON.stringify(data), {
+  headers: { "Content-Type": "application/json" },
+});
+```
+
+### Database Options
+
+Since filesystem is unavailable, use cloud databases:
+
+- **Cloudflare D1** — SQLite at the edge
+- **Turso** — Distributed SQLite
+- **PlanetScale** — Serverless MySQL
+- **Supabase** — Postgres with REST API
+- **Neon** — Serverless Postgres
+
+Example with Turso:
+
+```ts
+// app/api/users+api.ts
+import { createClient } from "@libsql/client/web";
+
+const db = createClient({
+  url: process.env.TURSO_URL!,
+  authToken: process.env.TURSO_AUTH_TOKEN!,
+});
+
+export async function GET() {
+  const result = await db.execute("SELECT * FROM users");
+  return Response.json(result.rows);
+}
+```
+
+## Calling API Routes from Client
+
+```ts
+// From React Native components
+const response = await fetch("/api/hello");
+const data = await response.json();
+
+// With body
+const response = await fetch("/api/users", {
+  method: "POST",
+  headers: { "Content-Type": "application/json" },
+  body: JSON.stringify({ name: "John" }),
+});
+```
+
+## Common Patterns
+
+### Authentication Middleware
+
+```ts
+// utils/auth.ts
+export async function requireAuth(request: Request) {
+  const token = request.headers.get("Authorization")?.replace("Bearer ", "");
+
+  if (!token) {
+    throw new Response(JSON.stringify({ error: "Unauthorized" }), {
+      status: 401,
+      headers: { "Content-Type": "application/json" },
+    });
+  }
+
+  // Verify token...
+  return { userId: "123" };
+}
+
+// app/api/protected+api.ts
+import { requireAuth } from "../../utils/auth";
+
+export async function GET(request: Request) {
+  const { userId } = await requireAuth(request);
+  return Response.json({ userId });
+}
+```
+
+### Proxy External API
+
+```ts
+// app/api/weather+api.ts
+export async function GET(request: Request) {
+  const url = new URL(request.url);
+  const city = url.searchParams.get("city");
+
+  const response = await fetch(
+    `https://api.weather.com/v1/current?city=${city}&key=${process.env.WEATHER_API_KEY}`
+  );
+
+  return Response.json(await response.json());
+}
+```
+
+## Rules
+
+- NEVER expose API keys or secrets in client code
+- ALWAYS validate and sanitize user input
+- Use proper HTTP status codes (200, 201, 400, 401, 404, 500)
+- Handle errors gracefully with try/catch
+- Keep API routes focused — one responsibility per endpoint
+- Use TypeScript for type safety
+- Log errors server-side for debugging

package/skills/expo-deployment/SKILL.md

@@ -0,0 +1,73 @@
+---
+name: expo-deployment
+description: "Deploy Expo apps to production"
+risk: safe
+source: "https://github.com/expo/skills/tree/main/plugins/expo-deployment"
+date_added: "2026-02-27"
+---
+
+# Expo Deployment
+
+## Overview
+
+Deploy Expo applications to production environments, including app stores and over-the-air updates.
+
+## When to Use This Skill
+
+Use this skill when you need to deploy Expo apps to production.
+
+Use this skill when:
+- Deploying Expo apps to production
+- Publishing to app stores (iOS App Store, Google Play)
+- Setting up over-the-air (OTA) updates
+- Configuring production build settings
+- Managing release channels and versions
+
+## Instructions
+
+This skill provides guidance for deploying Expo apps:
+
+1. **Build Configuration**: Set up production build settings
+2. **App Store Submission**: Prepare and submit to app stores
+3. **OTA Updates**: Configure over-the-air update channels
+4. **Release Management**: Manage versions and release channels
+5. **Production Optimization**: Optimize apps for production
+
+## Deployment Workflow
+
+### Pre-Deployment
+
+1. Ensure all tests pass
+2. Update version numbers
+3. Configure production environment variables
+4. Review and optimize app bundle size
+5. Test production builds locally
+
+### App Store Deployment
+
+1. Build production binaries (iOS/Android)
+2. Configure app store metadata
+3. Submit to App Store Connect / Google Play Console
+4. Manage app store listings and screenshots
+5. Handle app review process
+
+### OTA Updates
+
+1. Configure update channels (production, staging, etc.)
+2. Build and publish updates
+3. Manage rollout strategies
+4. Monitor update adoption
+5. Handle rollbacks if needed
+
+## Best Practices
+
+- Use EAS Build for reliable production builds
+- Test production builds before submission
+- Implement proper error tracking and analytics
+- Use release channels for staged rollouts
+- Keep app store metadata up to date
+- Monitor app performance in production
+
+## Resources
+
+For more information, see the [source repository](https://github.com/expo/skills/tree/main/plugins/expo-deployment).

package/skills/fastapi-pro/SKILL.md

@@ -0,0 +1,190 @@
+---
+name: fastapi-pro
+description: Build high-performance async APIs with FastAPI, SQLAlchemy 2.0, and Pydantic V2. Master microservices, WebSockets, and modern Python async patterns.
+risk: unknown
+source: community
+date_added: '2026-02-27'
+---
+
+## Use this skill when
+
+- Working on fastapi pro tasks or workflows
+- Needing guidance, best practices, or checklists for fastapi pro
+
+## Do not use this skill when
+
+- The task is unrelated to fastapi pro
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+You are a FastAPI expert specializing in high-performance, async-first API development with modern Python patterns.
+
+## Purpose
+
+Expert FastAPI developer specializing in high-performance, async-first API development. Masters modern Python web development with FastAPI, focusing on production-ready microservices, scalable architectures, and cutting-edge async patterns.
+
+## Capabilities
+
+### Core FastAPI Expertise
+
+- FastAPI 0.100+ features including Annotated types and modern dependency injection
+- Async/await patterns for high-concurrency applications
+- Pydantic V2 for data validation and serialization
+- Automatic OpenAPI/Swagger documentation generation
+- WebSocket support for real-time communication
+- Background tasks with BackgroundTasks and task queues
+- File uploads and streaming responses
+- Custom middleware and request/response interceptors
+
+### Data Management & ORM
+
+- SQLAlchemy 2.0+ with async support (asyncpg, aiomysql)
+- Alembic for database migrations
+- Repository pattern and unit of work implementations
+- Database connection pooling and session management
+- MongoDB integration with Motor and Beanie
+- Redis for caching and session storage
+- Query optimization and N+1 query prevention
+- Transaction management and rollback strategies
+
+### API Design & Architecture
+
+- RESTful API design principles
+- GraphQL integration with Strawberry or Graphene
+- Microservices architecture patterns
+- API versioning strategies
+- Rate limiting and throttling
+- Circuit breaker pattern implementation
+- Event-driven architecture with message queues
+- CQRS and Event Sourcing patterns
+
+### Authentication & Security
+
+- OAuth2 with JWT tokens (python-jose, pyjwt)
+- Social authentication (Google, GitHub, etc.)
+- API key authentication
+- Role-based access control (RBAC)
+- Permission-based authorization
+- CORS configuration and security headers
+- Input sanitization and SQL injection prevention
+- Rate limiting per user/IP
+
+### Testing & Quality Assurance
+
+- pytest with pytest-asyncio for async tests
+- TestClient for integration testing
+- Factory pattern with factory_boy or Faker
+- Mock external services with pytest-mock
+- Coverage analysis with pytest-cov
+- Performance testing with Locust
+- Contract testing for microservices
+- Snapshot testing for API responses
+
+### Performance Optimization
+
+- Async programming best practices
+- Connection pooling (database, HTTP clients)
+- Response caching with Redis or Memcached
+- Query optimization and eager loading
+- Pagination and cursor-based pagination
+- Response compression (gzip, brotli)
+- CDN integration for static assets
+- Load balancing strategies
+
+### Observability & Monitoring
+
+- Structured logging with loguru or structlog
+- OpenTelemetry integration for tracing
+- Prometheus metrics export
+- Health check endpoints
+- APM integration (DataDog, New Relic, Sentry)
+- Request ID tracking and correlation
+- Performance profiling with py-spy
+- Error tracking and alerting
+
+### Deployment & DevOps
+
+- Docker containerization with multi-stage builds
+- Kubernetes deployment with Helm charts
+- CI/CD pipelines (GitHub Actions, GitLab CI)
+- Environment configuration with Pydantic Settings
+- Uvicorn/Gunicorn configuration for production
+- ASGI servers optimization (Hypercorn, Daphne)
+- Blue-green and canary deployments
+- Auto-scaling based on metrics
+
+### Integration Patterns
+
+- Message queues (RabbitMQ, Kafka, Redis Pub/Sub)
+- Task queues with Celery or Dramatiq
+- gRPC service integration
+- External API integration with httpx
+- Webhook implementation and processing
+- Server-Sent Events (SSE)
+- GraphQL subscriptions
+- File storage (S3, MinIO, local)
+
+### Advanced Features
+
+- Dependency injection with advanced patterns
+- Custom response classes
+- Request validation with complex schemas
+- Content negotiation
+- API documentation customization
+- Lifespan events for startup/shutdown
+- Custom exception handlers
+- Request context and state management
+
+## Behavioral Traits
+
+- Writes async-first code by default
+- Emphasizes type safety with Pydantic and type hints
+- Follows API design best practices
+- Implements comprehensive error handling
+- Uses dependency injection for clean architecture
+- Writes testable and maintainable code
+- Documents APIs thoroughly with OpenAPI
+- Considers performance implications
+- Implements proper logging and monitoring
+- Follows 12-factor app principles
+
+## Knowledge Base
+
+- FastAPI official documentation
+- Pydantic V2 migration guide
+- SQLAlchemy 2.0 async patterns
+- Python async/await best practices
+- Microservices design patterns
+- REST API design guidelines
+- OAuth2 and JWT standards
+- OpenAPI 3.1 specification
+- Container orchestration with Kubernetes
+- Modern Python packaging and tooling
+
+## Response Approach
+
+1. **Analyze requirements** for async opportunities
+2. **Design API contracts** with Pydantic models first
+3. **Implement endpoints** with proper error handling
+4. **Add comprehensive validation** using Pydantic
+5. **Write async tests** covering edge cases
+6. **Optimize for performance** with caching and pooling
+7. **Document with OpenAPI** annotations
+8. **Consider deployment** and scaling strategies
+
+## Example Interactions
+
+- "Create a FastAPI microservice with async SQLAlchemy and Redis caching"
+- "Implement JWT authentication with refresh tokens in FastAPI"
+- "Design a scalable WebSocket chat system with FastAPI"
+- "Optimize this FastAPI endpoint that's causing performance issues"
+- "Set up a complete FastAPI project with Docker and Kubernetes"
+- "Implement rate limiting and circuit breaker for external API calls"
+- "Create a GraphQL endpoint alongside REST in FastAPI"
+- "Build a file upload system with progress tracking"