create-claude-workspace 1.1.64 → 1.1.66
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -63,6 +63,7 @@ Always prefer `@cibule/*` packages over custom implementations:
|
|
|
63
63
|
- Platform-specific code lives ONLY in `infrastructure/` layer behind abstract repository interfaces
|
|
64
64
|
- Use Web Standard APIs: `fetch`, `Request`, `Response`, `URL`, `crypto`, `TextEncoder`/`TextDecoder`
|
|
65
65
|
- Hono is inherently platform-agnostic — inject platform bindings via DI, not `c.env` in routes
|
|
66
|
+
- **OpenAPI-first**: All API routes MUST use `hono-openapi` with `openAPIRouteHandler` — generates OpenAPI spec from TypeBox schemas. Serve API docs via `@scalar/hono-api-reference` at `/reference`. Never define routes without OpenAPI metadata.
|
|
66
67
|
- Entry points handle platform wiring:
|
|
67
68
|
- Worker entry: exports `default { fetch }` with Hono app + D1 bindings
|
|
68
69
|
- Node entry: `serve()` with Hono app + SQLite/better-sqlite3 bindings
|
|
@@ -84,7 +85,7 @@ Always prefer `@cibule/*` packages over custom implementations:
|
|
|
84
85
|
- `moduleResolution: "bundler"` — NEVER add `.js` extensions to imports (write `'./foo'`, not `'./foo.js'`)
|
|
85
86
|
- `readonly` on all fields that don't need reassignment
|
|
86
87
|
- Custom error classes for domain-specific errors
|
|
87
|
-
- Input validation at system boundaries (
|
|
88
|
+
- Input validation at system boundaries — **TypeBox** preferred (compile-time types + runtime validation from one schema, no duplication). Use `typebox` and `typebox/compiler` for `TypeCompiler`.
|
|
88
89
|
- Async/await patterns (no callback hell)
|
|
89
90
|
- Separation of concerns (routes, services, repositories)
|
|
90
91
|
- File size limit: MAX 200 lines per TypeScript file
|
|
@@ -75,7 +75,7 @@ Read `.claude/profiles/frontend.md` for the framework-specific review checklist.
|
|
|
75
75
|
- **Backend API security** (for API routes / endpoints):
|
|
76
76
|
- Authentication check on protected routes (middleware or per-route guard)
|
|
77
77
|
- Authorization: does the user have permission for this resource?
|
|
78
|
-
- Input validation at API boundary (
|
|
78
|
+
- Input validation at API boundary (TypeBox schema, not manual checks)
|
|
79
79
|
- No SQL injection — all queries use parameterized statements (never string interpolation)
|
|
80
80
|
- Rate limiting on sensitive endpoints (login, registration, password reset)
|
|
81
81
|
- CORS configuration — no wildcard `*` in production
|
|
@@ -281,7 +281,8 @@ Key rules enforced (do NOT weaken):
|
|
|
281
281
|
|
|
282
282
|
[Include only if the project has a backend]
|
|
283
283
|
|
|
284
|
-
- Hono routes with validation (
|
|
284
|
+
- Hono routes with validation (**TypeBox** — `typebox` for schema + type inference, `TypeCompiler` for runtime validation)
|
|
285
|
+
- **OpenAPI-first**: Use `hono-openapi` with `openAPIRouteHandler` for all API routes — generates OpenAPI spec from TypeBox schemas automatically. API docs served via `@scalar/hono-api-reference` at `/reference`.
|
|
285
286
|
- `@cibule/di` for dependency injection (see @cibule/* Ecosystem section above)
|
|
286
287
|
- `@cibule/db` + driver for database access, UnitOfWork for atomic writes
|
|
287
288
|
- `@cibule/storage` + driver for file storage, `@cibule/image` + driver for image processing
|