bros-harness 0.1.0

package/assets/opencode/skills/redis-patterns/SKILL.md

@@ -0,0 +1,403 @@
+---
+name: redis-patterns
+description: Redis data structure patterns, caching strategies, distributed locks, rate limiting, pub/sub, and connection management for production applications.
+origin: ECC
+---
+
+# Redis Patterns
+
+Quick reference for Redis best practices across common backend use cases.
+
+## How It Works
+
+Redis is an in-memory data structure store that supports strings, hashes, lists, sets, sorted sets, streams, and more. Individual Redis commands are atomic on a single instance; multi-step workflows require Lua scripts, MULTI/EXEC transactions, or explicit synchronization to stay atomic. Data is optionally persisted via RDB snapshots or AOF logs. Clients communicate over TCP using the RESP protocol; connection pools are essential to avoid per-request handshake overhead.
+
+## When to Activate
+
+- Adding caching to an application
+- Implementing rate limiting or throttling
+- Building distributed locks or coordination
+- Setting up session or token storage
+- Using Pub/Sub or Redis Streams for messaging
+- Configuring Redis in production (pooling, eviction, clustering)
+
+## Data Structure Cheat Sheet
+
+| Use Case | Structure | Example Key |
+|----------|-----------|-------------|
+| Simple cache | String | `product:123` |
+| User session | Hash | `session:abc` |
+| Leaderboard | Sorted Set | `scores:weekly` |
+| Unique visitors | Set | `visitors:2024-01-01` |
+| Activity feed | List | `feed:user:456` |
+| Event stream | Stream | `events:orders` |
+| Counters / rate limits | String (INCR) | `ratelimit:user:123` |
+| Bloom filter / HLL | HyperLogLog | `hll:pageviews` |
+
+## Core Patterns
+
+### Cache-Aside (Lazy Loading)
+
+```python
+import redis
+import json
+
+r = redis.Redis(host='localhost', port=6379, decode_responses=True)
+
+def get_product(product_id: int):
+    cache_key = f"product:{product_id}"
+    cached = r.get(cache_key)
+
+    if cached:
+        return json.loads(cached)
+
+    product = db.query("SELECT * FROM products WHERE id = %s", product_id)
+    r.setex(cache_key, 3600, json.dumps(product))  # TTL: 1 hour
+    return product
+```
+
+### Write-Through Cache
+
+```python
+def update_product(product_id: int, data: dict):
+    # Write to DB first
+    db.execute("UPDATE products SET ... WHERE id = %s", product_id)
+
+    # Immediately update cache
+    cache_key = f"product:{product_id}"
+    r.setex(cache_key, 3600, json.dumps(data))
+```
+
+### Cache Invalidation
+
+```python
+# Tag-based invalidation — group related keys under a set
+def cache_product(product_id: int, category_id: int, data: dict):
+    key = f"product:{product_id}"
+    tag = f"tag:category:{category_id}"
+    pipe = r.pipeline(transaction=True)
+    pipe.setex(key, 3600, json.dumps(data))
+    pipe.sadd(tag, key)
+    pipe.expire(tag, 3600)
+    pipe.execute()
+
+def invalidate_category(category_id: int):
+    tag = f"tag:category:{category_id}"
+    keys = r.smembers(tag)
+    if keys:
+        r.delete(*keys)
+    r.delete(tag)
+```
+
+### Session Storage
+
+```python
+import time
+import uuid
+
+def create_session(user_id: int, ttl: int = 86400) -> str:
+    session_id = str(uuid.uuid4())
+    key = f"session:{session_id}"
+    pipe = r.pipeline(transaction=True)
+    pipe.hset(key, mapping={
+        "user_id": user_id,
+        "created_at": int(time.time()),
+    })
+    pipe.expire(key, ttl)
+    pipe.execute()
+    return session_id
+
+def get_session(session_id: str) -> dict | None:
+    data = r.hgetall(f"session:{session_id}")
+    return data if data else None
+
+def delete_session(session_id: str):
+    r.delete(f"session:{session_id}")
+```
+
+## Rate Limiting
+
+### Fixed Window (Simple)
+
+```python
+def is_rate_limited(user_id: int, limit: int = 100, window: int = 60) -> bool:
+    key = f"ratelimit:{user_id}:{int(time.time()) // window}"
+    pipe = r.pipeline(transaction=True)
+    pipe.incr(key)
+    pipe.expire(key, window)
+    count, _ = pipe.execute()
+    return count > limit
+```
+
+### Sliding Window (Lua — Atomic)
+
+```lua
+-- sliding_window.lua
+local key = KEYS[1]
+local now = tonumber(ARGV[1])
+local window = tonumber(ARGV[2])
+local limit = tonumber(ARGV[3])
+
+redis.call('ZREMRANGEBYSCORE', key, 0, now - window)
+local count = redis.call('ZCARD', key)
+
+if count < limit then
+    -- Use unique member (now + sequence) to avoid collisions within the same millisecond
+    local seq_key = key .. ':seq'
+    local seq = redis.call('INCR', seq_key)
+    redis.call('EXPIRE', seq_key, math.ceil(window / 1000))
+    redis.call('ZADD', key, now, now .. '-' .. seq)
+    redis.call('EXPIRE', key, math.ceil(window / 1000))
+    return 1
+end
+return 0
+```
+
+```python
+sliding_window = r.register_script(open('sliding_window.lua').read())
+
+def allow_request(user_id: int) -> bool:
+    key = f"ratelimit:sliding:{user_id}"
+    now = int(time.time() * 1000)
+    return bool(sliding_window(keys=[key], args=[now, 60000, 100]))
+```
+
+## Distributed Locks
+
+### Distributed Lock (Single Node — SET NX PX)
+
+```python
+import uuid
+
+def acquire_lock(resource: str, ttl_ms: int = 5000) -> str | None:
+    lock_key = f"lock:{resource}"
+    token = str(uuid.uuid4())
+    acquired = r.set(lock_key, token, px=ttl_ms, nx=True)
+    return token if acquired else None
+
+def release_lock(resource: str, token: str) -> bool:
+    release_script = """
+    if redis.call('get', KEYS[1]) == ARGV[1] then
+        return redis.call('del', KEYS[1])
+    else
+        return 0
+    end
+    """
+    result = r.eval(release_script, 1, f"lock:{resource}", token)
+    return bool(result)
+
+# Usage
+token = acquire_lock("order:payment:123")
+if token:
+    try:
+        process_payment()
+    finally:
+        release_lock("order:payment:123", token)
+```
+
+> For multi-node setups use the `redlock-py` library which implements the full Redlock algorithm.
+
+## Pub/Sub & Streams
+
+### Pub/Sub (Fire-and-Forget)
+
+```python
+# Publisher
+def publish_event(channel: str, payload: dict):
+    r.publish(channel, json.dumps(payload))
+
+# Subscriber (blocking — run in separate thread/process)
+def subscribe_events(channel: str):
+    pubsub = r.pubsub()
+    pubsub.subscribe(channel)
+    for message in pubsub.listen():
+        if message['type'] == 'message':
+            handle(json.loads(message['data']))
+```
+
+### Redis Streams (Durable Queue)
+
+```python
+# Producer
+def emit(stream: str, event: dict):
+    r.xadd(stream, event, maxlen=10000)  # Cap stream length
+
+# Consumer group — guarantees at-least-once delivery
+try:
+    r.xgroup_create('events:orders', 'processor', id='0', mkstream=True)
+except Exception:
+    pass  # Group already exists
+
+def consume(stream: str, group: str, consumer: str):
+    while True:
+        messages = r.xreadgroup(group, consumer, {stream: '>'}, count=10, block=2000)
+        for _, entries in (messages or []):
+            for msg_id, data in entries:
+                process(data)
+                r.xack(stream, group, msg_id)
+```
+
+> Prefer **Streams** over Pub/Sub when you need delivery guarantees, consumer groups, or replay.
+
+## Key Design
+
+### Naming Conventions
+
+```
+# Pattern: resource:id:field
+user:123:profile
+order:456:status
+cache:product:789
+
+# Pattern: namespace:resource:id
+myapp:session:abc123
+myapp:ratelimit:user:123
+
+# Pattern: resource:date (time-bound keys)
+stats:pageviews:2024-01-01
+```
+
+### TTL Strategy
+
+| Data Type | Suggested TTL |
+|-----------|--------------|
+| User session | 24h (`86400`) |
+| API response cache | 5–15 min |
+| Rate limit window | Match window size |
+| Short-lived tokens | 5–10 min |
+| Leaderboard | 1h–24h |
+| Static/reference data | 1h–1 week |
+
+Always set a TTL. Keys without TTL accumulate indefinitely and cause memory pressure.
+
+## Connection Management
+
+### Connection Pooling
+
+```python
+from redis import ConnectionPool, Redis
+
+pool = ConnectionPool(
+    host='localhost',
+    port=6379,
+    db=0,
+    max_connections=20,
+    decode_responses=True,
+    socket_connect_timeout=2,
+    socket_timeout=2,
+)
+
+r = Redis(connection_pool=pool)
+```
+
+### Cluster Mode
+
+```python
+from redis.cluster import RedisCluster
+
+r = RedisCluster(
+    startup_nodes=[{"host": "redis-1", "port": 6379}],
+    decode_responses=True,
+    skip_full_coverage_check=True,
+)
+```
+
+### Sentinel (High Availability)
+
+```python
+from redis.sentinel import Sentinel
+
+sentinel = Sentinel(
+    [('sentinel-1', 26379), ('sentinel-2', 26379)],
+    socket_timeout=0.5,
+)
+master = sentinel.master_for('mymaster', decode_responses=True)
+replica = sentinel.slave_for('mymaster', decode_responses=True)
+```
+
+## Eviction Policies
+
+| Policy | Behavior | Best For |
+|--------|----------|----------|
+| `noeviction` | Error on write when full | Queues / critical data |
+| `allkeys-lru` | Evict least recently used | General cache |
+| `volatile-lru` | LRU only among keys with TTL | Mixed data store |
+| `allkeys-lfu` | Evict least frequently used | Skewed access patterns |
+| `volatile-ttl` | Evict soonest-to-expire | Prioritize long-lived data |
+
+Set via `redis.conf`: `maxmemory-policy allkeys-lru`
+
+## Anti-Patterns
+
+| Anti-Pattern | Problem | Fix |
+|---|---|---|
+| Keys with no TTL | Memory grows unbounded | Always set TTL |
+| `KEYS *` in production | Blocks the server (O(N)) | Use `SCAN` cursor |
+| Storing large blobs (>100KB) | Slow serialization, memory pressure | Store reference + fetch from object store |
+| Single Redis for everything | No isolation between cache & queue | Use separate DBs or instances |
+| Ignoring connection pool limits | Connection exhaustion under load | Size pool to workload |
+| Not handling cache miss stampede | Thundering herd on cold start | Use locks or probabilistic early expiry |
+| `FLUSHALL` without thought | Wipes entire instance | Scope deletes by key pattern |
+
+### Cache Miss Stampede Prevention
+
+```python
+import threading
+
+_locks: dict[str, threading.Lock] = {}
+_locks_mutex = threading.Lock()
+
+def get_with_lock(key: str, fetch_fn, ttl: int = 300):
+    cached = r.get(key)
+    if cached:
+        return json.loads(cached)
+
+    with _locks_mutex:
+        if key not in _locks:
+            _locks[key] = threading.Lock()
+        lock = _locks[key]
+    with lock:
+        cached = r.get(key)  # Re-check after acquiring lock
+        if cached:
+            return json.loads(cached)
+        value = fetch_fn()
+        r.setex(key, ttl, json.dumps(value))
+        return value
+```
+
+> Note: for multi-process deployments, replace the in-process lock with `acquire_lock`/`release_lock` from the Distributed Locks section above.
+
+## Examples
+
+**Add caching to a Django/Flask API endpoint:**
+Use cache-aside with `setex` and a 5-minute TTL on the response. Key on the request parameters.
+
+**Rate-limit an API by user:**
+Use fixed-window with `pipeline(transaction=True)` for low-traffic endpoints; use sliding-window Lua for accurate per-user throttling.
+
+**Coordinate a background job across workers:**
+Use `acquire_lock` with a TTL that exceeds the expected job duration. Always release in a `finally` block.
+
+**Fan-out notifications to multiple subscribers:**
+Use Pub/Sub for fire-and-forget. Switch to Streams if you need guaranteed delivery or replay for late consumers.
+
+## Quick Reference
+
+| Pattern | When to Use |
+|---------|-------------|
+| Cache-aside | Read-heavy, tolerate slight staleness |
+| Write-through | Strong consistency required |
+| Distributed lock | Prevent concurrent access to a resource |
+| Sliding window rate limit | Accurate per-user throttling |
+| Redis Streams | Durable event queue with consumer groups |
+| Pub/Sub | Broadcast with no delivery guarantees needed |
+| Sorted Set leaderboard | Ranked scoring, pagination |
+| HyperLogLog | Approximate unique count at low memory |
+
+## Related
+
+- Skill: `postgres-patterns` — relational data patterns
+- Skill: `backend-patterns` — API and service layer patterns
+- Skill: `database-migrations` — schema versioning
+- Skill: `django-patterns` — Django cache framework integration
+- Agent: `database-reviewer` — full database review workflow

package/assets/opencode/skills/requirements-clarity/README.md

@@ -0,0 +1,260 @@
+# Requirements Clarity
+
+A systematic skill for transforming vague requirements into actionable Product Requirements Documents (PRDs) through focused dialogue and iterative clarification.
+
+## Purpose
+
+This skill helps you avoid costly misunderstandings and rework by ensuring requirements are crystal clear before implementation begins. It uses a 100-point scoring system to systematically identify gaps and guide you through targeted questions until your requirements are development-ready.
+
+## When to Use This Skill
+
+### Use When
+- Requirements are vague or ambiguous (e.g., "add login feature", "implement payment")
+- Features are complex and estimated to take more than 2 days
+- Cross-team coordination is required
+- Missing technical context (no tech stack, integration points, or constraints mentioned)
+- Incomplete specifications (no acceptance criteria, success metrics, edge cases)
+- Unclear scope boundaries ("what exactly does 'user management' include?")
+
+### Don't Use When
+- Specific file paths are mentioned (e.g., "fix auth.go:45")
+- Code snippets are already included in the request
+- Working with existing functions/classes (use code review instead)
+- Bug fixes with clear reproduction steps
+
+## How It Works
+
+### The Clarification Process
+
+1. **Initial Analysis** (Step 1)
+   - Parses your requirement description
+   - Generates a clarity score (0-100) using a detailed rubric
+   - Identifies what's clear and what needs clarification
+   - Creates a feature name and prepares for PRD generation
+
+2. **Gap Analysis** (Step 2)
+   - Systematically identifies missing information across four dimensions:
+     - **Functional Scope**: Core functionality, boundaries, edge cases
+     - **User Interaction**: Inputs, outputs, success/failure scenarios
+     - **Technical Constraints**: Performance, compatibility, security, scalability
+     - **Business Value**: Problem statement, target users, success metrics
+
+3. **Interactive Clarification** (Step 3)
+   - Asks 2-3 focused questions per round (avoids overwhelming you)
+   - Builds context progressively
+   - Updates clarity score after each response
+   - Continues until score reaches ≥ 90/100
+
+4. **PRD Generation** (Step 4)
+   - Once clarity score ≥ 90, generates comprehensive PRD
+   - Saves to `./docs/prds/{feature-name}-v{version}-prd.md`
+   - Includes all clarified information in structured format
+
+### Clarity Scoring Rubric
+
+The 100-point scoring system evaluates:
+
+- **Functional Clarity** (30 points): Clear inputs/outputs, user interaction, success criteria
+- **Technical Specificity** (25 points): Technology stack, integration points, constraints
+- **Implementation Completeness** (25 points): Edge cases, error handling, data validation
+- **Business Context** (20 points): Problem statement, target users, success metrics
+
+## Key Features
+
+### Systematic Questioning
+- Focused, specific questions (not overwhelming)
+- One category at a time
+- Builds on previous answers
+- Uses your language and provides examples
+
+### Quality-Driven Iteration
+- Continuous clarity assessment
+- Transparent score updates
+- Iterates until ≥ 90 points achieved
+- Documents all clarification rounds
+
+### Actionable Output
+- Concrete specifications ready for development
+- Measurable acceptance criteria (checklistable format)
+- Executable implementation phases with specific tasks
+- Complete PRD with all necessary sections
+
+### Core Principles
+- **Why?** (YAGNI check) - Ensures features are truly needed
+- **Simpler?** (KISS check) - Explores simpler alternatives before complex solutions
+
+## Usage Examples
+
+### Example 1: Vague Feature Request
+
+**User Input:**
+```
+I need a login feature for my app.
+```
+
+**Skill Response:**
+```
+I understand your requirement. Let me help you refine this specification.
+
+Current Clarity Score: 25/100
+
+Clear Aspects:
+- Need authentication functionality
+
+Needs Clarification:
+- Authentication method (email/password, OAuth, SSO?)
+- User types and permissions
+- Security requirements
+- Integration with existing systems
+- Success metrics
+
+Let me systematically clarify these points...
+
+1. Authentication Method: What authentication method do you prefer?
+   - For example: Email/password, social login (Google/GitHub),
+     magic links, or SSO?
+
+2. User Management: Do you need different user roles or permissions?
+   - For example: Admin vs. regular users, or all users have same access?
+
+3. Technology Stack: What's your current tech stack?
+   - For example: React frontend, Node.js backend, PostgreSQL database?
+```
+
+### Example 2: After Clarification Round
+
+**After User Response:**
+```
+Thank you for the additional information!
+
+Clarity Score Update: 25/100 → 65/100
+
+New Clarified Content:
+- Authentication: Email/password with optional Google OAuth
+- User roles: Admin and regular users with different permissions
+- Tech stack: Next.js 14, PostgreSQL, using NextAuth.js
+
+Remaining Points to Clarify:
+- Password requirements and security constraints
+- Session management (duration, refresh tokens?)
+- Edge cases (account lockout, password reset)
+- Success metrics (MAU, conversion rate?)
+
+Let me continue with the next round of questions...
+
+1. Security Requirements: What are your password requirements?
+   - For example: Minimum length, special characters, 2FA?
+
+2. Session Management: How long should user sessions last?
+   - For example: 24 hours, 7 days, remember me option?
+
+3. Edge Cases: How should we handle failed login attempts?
+   - For example: Rate limiting, account lockout after X attempts?
+```
+
+### Example 3: Final PRD Generation
+
+**When Clarity Score ≥ 90:**
+```
+Perfect! I will now generate the complete PRD document...
+
+[Generates PRD at ./docs/prds/user-authentication-v1.0-prd.md]
+
+Your Product Requirements Document is ready!
+
+File: ./docs/prds/user-authentication-v1.0-prd.md
+Quality Score: 92/100
+Clarification Rounds: 3
+
+The PRD includes:
+✓ Complete requirements description with background and value proposition
+✓ Technical approach with architecture decisions
+✓ Measurable acceptance criteria (functional, quality, user acceptance)
+✓ 4 execution phases with specific tasks and deliverables
+✓ Risk assessment and mitigation strategies
+
+You can now hand this off to your development team for implementation.
+```
+
+## Generated PRD Structure
+
+The final PRD includes:
+
+1. **Requirements Description**
+   - Background (business problem, target users, value proposition)
+   - Feature overview (core features, boundaries, user scenarios)
+   - Detailed requirements (I/O, user interaction, data, edge cases)
+
+2. **Design Decisions**
+   - Technical approach (architecture, components, data storage, interfaces)
+   - Constraints (performance, compatibility, security, scalability)
+   - Risk assessment (technical, dependency, schedule risks)
+
+3. **Acceptance Criteria**
+   - Functional acceptance (feature-specific conditions)
+   - Quality standards (code quality, test coverage, performance, security)
+   - User acceptance (UX, documentation, training)
+
+4. **Execution Phases**
+   - Phase 1: Preparation (environment setup, technical validation)
+   - Phase 2: Core Development (implement core functionality)
+   - Phase 3: Integration & Testing (quality assurance)
+   - Phase 4: Deployment (release and monitoring)
+
+Each phase includes specific tasks, deliverables, and time estimates.
+
+## Output Location
+
+PRDs are saved to:
+```
+./docs/prds/{feature-name}-v{version}-prd.md
+```
+
+Where:
+- `{feature-name}`: Auto-generated in kebab-case format
+- `{version}`: Document version (default 1.0, or user-specified)
+
+## Best Practices
+
+### DO
+- Answer questions thoroughly but concisely
+- Provide examples when you have specific preferences
+- Ask for clarification if questions aren't clear
+- Review the final PRD and provide feedback
+- Share constraints and non-negotiables upfront
+
+### DON'T
+- Rush through clarification rounds
+- Assume the skill knows your technical context
+- Skip questions that seem "obvious"
+- Approve PRD before reviewing thoroughly
+- Provide contradictory information across rounds
+
+## Success Criteria
+
+A successful requirements clarification session results in:
+- Clarity score ≥ 90/100
+- All PRD sections complete with substantial content
+- Acceptance criteria in checklistable format
+- Execution phases with actionable, concrete tasks
+- Development team can start implementation immediately
+- No major questions or ambiguities remain
+
+## Tips for Better Results
+
+1. **Be Specific**: Instead of "fast", say "< 200ms response time"
+2. **Think End-to-End**: Consider the full user journey
+3. **Share Constraints Early**: Technical limitations, budget, timeline
+4. **Provide Context**: Explain the "why" behind your requirement
+5. **Reference Examples**: "Like Stripe's payment flow" is clearer than abstract descriptions
+
+## Related Skills
+
+- **feature-planning**: For breaking down features after PRD is complete
+- **implementation-blueprint**: For detailed implementation planning
+- **dev-spec**: For complete design and planning sessions
+- **critical-brainstorm**: For exploring and stress-testing ideas before clarification
+
+---
+
+**Need help clarifying requirements?** Invoke this skill and provide your initial requirement description. The skill will guide you through systematic clarification until you have a development-ready PRD.