claudex-setup 1.4.0 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/setup.js +47 -4
package/package.json
CHANGED
package/src/setup.js
CHANGED
|
@@ -197,6 +197,22 @@ function detectDependencies(ctx) {
|
|
|
197
197
|
guidelines.push('- AWS CDK available. Define stacks in lib/, constructs as separate classes');
|
|
198
198
|
}
|
|
199
199
|
|
|
200
|
+
// Security middleware
|
|
201
|
+
if (allDeps['express-rate-limit']) {
|
|
202
|
+
guidelines.push('- Rate limiting configured. Apply to auth endpoints. Set appropriate windowMs and max values');
|
|
203
|
+
}
|
|
204
|
+
if (allDeps['hpp']) {
|
|
205
|
+
guidelines.push('- HPP (HTTP Parameter Pollution) protection enabled');
|
|
206
|
+
}
|
|
207
|
+
if (allDeps['csurf']) {
|
|
208
|
+
guidelines.push('- CSRF protection enabled. Ensure tokens are included in all state-changing requests');
|
|
209
|
+
}
|
|
210
|
+
|
|
211
|
+
// AWS Lambda
|
|
212
|
+
if (allDeps['@aws-sdk/client-lambda'] || allDeps['@aws-cdk/aws-lambda'] || allDeps['aws-cdk-lib']) {
|
|
213
|
+
guidelines.push('- Lambda handlers: keep cold start fast, use layers for deps, set appropriate memory/timeout');
|
|
214
|
+
}
|
|
215
|
+
|
|
200
216
|
return guidelines;
|
|
201
217
|
}
|
|
202
218
|
|
|
@@ -371,7 +387,14 @@ function getFrameworkInstructions(stacks) {
|
|
|
371
387
|
- Prefer Server Components by default; add 'use client' only when needed
|
|
372
388
|
- Use next/image for images, next/link for navigation
|
|
373
389
|
- API routes go in app/api/ (App Router) or pages/api/ (Pages Router)
|
|
374
|
-
- Use loading.tsx, error.tsx, and not-found.tsx for route-level UX
|
|
390
|
+
- Use loading.tsx, error.tsx, and not-found.tsx for route-level UX
|
|
391
|
+
|
|
392
|
+
### Next.js App Router
|
|
393
|
+
- Default to Server Components. Add 'use client' only when needed (hooks, events, browser APIs)
|
|
394
|
+
- Use Server Actions for mutations. Validate with Zod, call revalidatePath after writes
|
|
395
|
+
- Route handlers in app/api/ export named functions: GET, POST, PUT, DELETE
|
|
396
|
+
- Use loading.tsx, error.tsx, not-found.tsx for route-level UI states
|
|
397
|
+
- Middleware in middleware.ts for auth checks, redirects, headers`);
|
|
375
398
|
} else if (stackKeys.includes('react')) {
|
|
376
399
|
sections.push(`### React
|
|
377
400
|
- Use functional components with hooks exclusively
|
|
@@ -444,7 +467,10 @@ function getFrameworkInstructions(stacks) {
|
|
|
444
467
|
- Handle all errors explicitly — never ignore err returns
|
|
445
468
|
- Use context.Context for cancellation and timeouts
|
|
446
469
|
- Prefer table-driven tests
|
|
447
|
-
- Run \`go vet\` and \`golangci-lint\` before committing
|
|
470
|
+
- Run \`go vet\` and \`golangci-lint\` before committing
|
|
471
|
+
- If using gRPC: define .proto files in proto/ or pkg/proto, generate with protoc
|
|
472
|
+
- If Makefile exists: use make targets for build/test/lint
|
|
473
|
+
- Organize: cmd/ for entry points, internal/ for private packages, pkg/ for public`);
|
|
448
474
|
}
|
|
449
475
|
|
|
450
476
|
if (stackKeys.includes('terraform')) {
|
|
@@ -453,7 +479,10 @@ function getFrameworkInstructions(stacks) {
|
|
|
453
479
|
- Always run \`terraform plan\` before \`terraform apply\`
|
|
454
480
|
- Store state remotely (S3 + DynamoDB, or Terraform Cloud)
|
|
455
481
|
- Use variables.tf for all configurable values
|
|
456
|
-
- Tag all resources consistently
|
|
482
|
+
- Tag all resources consistently
|
|
483
|
+
- If using Helm: define charts in charts/ or helm/, use values.yaml for config
|
|
484
|
+
- Lock providers: always commit .terraform.lock.hcl
|
|
485
|
+
- Use terraform fmt before committing`);
|
|
457
486
|
}
|
|
458
487
|
|
|
459
488
|
const hasJS = stackKeys.some(k => ['react', 'vue', 'angular', 'nextjs', 'node', 'svelte'].includes(k));
|
|
@@ -523,10 +552,24 @@ npm run lint # or: npx eslint .`;
|
|
|
523
552
|
|
|
524
553
|
// --- Framework-specific instructions ---
|
|
525
554
|
const frameworkInstructions = getFrameworkInstructions(stacks);
|
|
526
|
-
|
|
555
|
+
let stackSection = frameworkInstructions
|
|
527
556
|
? `\n## Stack-Specific Guidelines\n\n${frameworkInstructions}\n`
|
|
528
557
|
: '';
|
|
529
558
|
|
|
559
|
+
// Check for security-focused project
|
|
560
|
+
const pkg2 = ctx.jsonFile('package.json') || {};
|
|
561
|
+
const allDeps2 = { ...(pkg2.dependencies || {}), ...(pkg2.devDependencies || {}) };
|
|
562
|
+
const hasSecurityDeps = allDeps2['helmet'] || allDeps2['jsonwebtoken'] || allDeps2['bcrypt'] || allDeps2['passport'];
|
|
563
|
+
if (hasSecurityDeps) {
|
|
564
|
+
stackSection += '\n### Security Best Practices\n';
|
|
565
|
+
stackSection += '- Follow OWASP Top 10 — run /security-review regularly\n';
|
|
566
|
+
stackSection += '- Never log sensitive data (passwords, tokens, PII)\n';
|
|
567
|
+
stackSection += '- Use parameterized queries — never string concatenation for SQL\n';
|
|
568
|
+
stackSection += '- Set security headers via Helmet. Review CSP policy for your frontend\n';
|
|
569
|
+
stackSection += '- Rate limit all authentication endpoints\n';
|
|
570
|
+
stackSection += '- Validate and sanitize all user input at API boundaries\n';
|
|
571
|
+
}
|
|
572
|
+
|
|
530
573
|
// --- TypeScript-specific additions ---
|
|
531
574
|
let tsSection = '';
|
|
532
575
|
if (hasTS) {
|