cursor-kit-cli 1.0.3

package/templates/rules/react.mdc

@@ -0,0 +1,58 @@
+---
+description: React component patterns and best practices
+globs: ["**/*.tsx", "**/*.jsx"]
+alwaysApply: false
+---
+
+# React Guidelines
+
+## Component Design
+- Prefer functional components with hooks
+- Keep components small and focused
+- Use composition over inheritance
+- Design components as compound components when appropriate
+
+## Props & State
+- Destructure props in function signature
+- Use TypeScript interfaces for prop types
+- Keep state as close to where it's used as possible
+- Lift state only when necessary for sharing
+
+## Hooks
+- Follow the Rules of Hooks
+- Extract reusable logic into custom hooks
+- Use `useMemo` and `useCallback` judiciously (profile first)
+- Prefer `useReducer` for complex state logic
+
+## Event Handlers
+- Prefix with "handle" (e.g., `handleClick`, `handleChange`)
+- Define handlers outside of JSX for readability
+- Use proper TypeScript event types
+
+## Performance
+- Avoid inline object/array creation in JSX
+- Use React.memo only when proven necessary
+- Implement proper key props in lists
+- Consider code-splitting for large components
+
+## Patterns to Follow
+```tsx
+// Good: Compound component pattern
+<Select>
+  <Select.Option value="a">Option A</Select.Option>
+  <Select.Option value="b">Option B</Select.Option>
+</Select>
+
+// Good: Custom hook for logic
+function useToggle(initial = false) {
+  const [state, setState] = useState(initial);
+  const toggle = useCallback(() => setState(s => !s), []);
+  return [state, toggle] as const;
+}
+```
+
+## Avoid
+- Prop drilling more than 2 levels (use Context or state management)
+- Business logic in components (extract to hooks/utils)
+- Inline styles (use CSS-in-JS or CSS modules)
+- Index as key in dynamic lists

package/templates/rules/security.mdc

@@ -0,0 +1,50 @@
+---
+description: Security best practices
+globs: 
+alwaysApply: true
+---
+
+# Security Guidelines
+
+## Input Validation
+- Validate all user inputs on both client and server
+- Sanitize inputs before use in queries or rendering
+- Use allowlists over denylists when possible
+- Validate file uploads (type, size, content)
+
+## Authentication
+- Never store passwords in plain text
+- Use strong hashing algorithms (bcrypt, argon2)
+- Implement proper session management
+- Use secure, httpOnly, sameSite cookies
+
+## Authorization
+- Check permissions on every protected operation
+- Implement principle of least privilege
+- Validate user access at API level, not just UI
+- Use role-based or attribute-based access control
+
+## Data Protection
+- Encrypt sensitive data at rest and in transit
+- Use HTTPS everywhere
+- Don't log sensitive information
+- Implement proper key management
+
+## Common Vulnerabilities to Prevent
+- **XSS**: Escape output, use Content Security Policy
+- **CSRF**: Use anti-CSRF tokens
+- **SQL Injection**: Use parameterized queries
+- **Path Traversal**: Validate and sanitize file paths
+
+## API Security
+- Use rate limiting
+- Implement proper CORS configuration
+- Validate and sanitize all API inputs
+- Use API keys and tokens appropriately
+- Don't expose stack traces or internal errors
+
+## Dependencies
+- Keep dependencies updated
+- Audit for known vulnerabilities regularly
+- Use lockfiles for reproducible builds
+- Review new dependencies before adding

package/templates/rules/testing.mdc

@@ -0,0 +1,54 @@
+---
+description: Testing standards and patterns
+globs: ["**/*.test.ts", "**/*.test.tsx", "**/*.spec.ts", "**/*.spec.tsx"]
+alwaysApply: false
+---
+
+# Testing Guidelines
+
+## Test Structure
+- Follow AAA pattern: Arrange, Act, Assert
+- One assertion per test when practical
+- Use descriptive test names that explain the expected behavior
+- Group related tests with `describe` blocks
+
+## Naming Convention
+```typescript
+describe('ComponentName', () => {
+  describe('methodName', () => {
+    it('should [expected behavior] when [condition]', () => {
+      // test
+    });
+  });
+});
+```
+
+## What to Test
+- Public interfaces and APIs
+- Edge cases and boundary conditions
+- Error handling paths
+- User interactions (for UI)
+- Integration points
+
+## What NOT to Test
+- Implementation details
+- Third-party libraries
+- Simple getters/setters
+- Private methods directly
+
+## Mocking
+- Mock external dependencies (APIs, databases)
+- Use dependency injection for easier mocking
+- Prefer spies over stubs when possible
+- Reset mocks between tests
+
+## Test Quality
+- Tests should be independent (no shared state)
+- Tests should be deterministic (same result every time)
+- Tests should be fast
+- Tests should be readable (tests are documentation)
+
+## Coverage Goals
+- Aim for high coverage on critical business logic
+- Don't chase 100% coverage blindly
+- Focus on meaningful tests over line coverage

package/templates/rules/typescript.mdc

@@ -0,0 +1,36 @@
+---
+description: TypeScript best practices and code style
+globs: ["**/*.ts", "**/*.tsx"]
+alwaysApply: false
+---
+
+# TypeScript Guidelines
+
+## Type Safety
+- Prefer explicit types on public functions, props, and return values
+- Avoid `any` and implicit `any` - use `unknown` when type is truly unknown
+- Use strict TypeScript configuration
+- Leverage type inference for local variables
+
+## Code Style
+- Use guard clauses over nested conditionals
+- Keep functions small and focused (single responsibility)
+- Use descriptive variable and function names
+- Event handlers should use "handle" prefix (e.g., `handleClick`, `handleSubmit`)
+
+## Naming Conventions
+- `camelCase` for variables, functions, and methods
+- `PascalCase` for classes, interfaces, types, and React components
+- `UPPER_SNAKE_CASE` for constants
+- Prefix interfaces with `I` only when necessary to distinguish from classes
+
+## Organization
+- Group related code in logical modules
+- Keep imports organized (external, internal, relative)
+- Co-locate related files (component + styles + tests)
+
+## Avoid
+- Magic numbers and strings (use named constants)
+- Deep nesting (max 2-3 levels)
+- Premature optimization
+- Unnecessary comments that restate the obvious