foliko 1.1.8 → 1.1.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (306) hide show
  1. package/.agent/agents/code-assistant.json +17 -0
  2. package/.agent/agents/email-assistant.json +14 -0
  3. package/.agent/agents/file-assistant.json +18 -0
  4. package/.agent/agents/orchestrator-demo.md +53 -0
  5. package/.agent/agents/orchestrator.json +7 -0
  6. package/.agent/agents/poster-expert.md +228 -0
  7. package/.agent/agents/system-assistant.json +15 -0
  8. package/.agent/agents/web-assistant.json +12 -0
  9. package/.agent/data/default.json +5 -404
  10. package/.agent/data/email/processed-emails.json +1 -0
  11. package/.agent/data/plugins-state.json +173 -172
  12. package/.agent/data/scheduler/tasks.json +1 -0
  13. package/.agent/data/web/web-config.json +5 -0
  14. package/.agent/mcp_config.json +0 -14
  15. package/.agent/package.json +8 -0
  16. package/.agent/plugins/__pycache__/file_writer.cpython-312.pyc +0 -0
  17. package/.agent/plugins/daytona/README.md +89 -0
  18. package/.agent/plugins/daytona/index.js +377 -0
  19. package/.agent/plugins/daytona/package.json +12 -0
  20. package/.agent/plugins/marknative/README.md +134 -0
  21. package/.agent/plugins/marknative/fonts.zip +0 -0
  22. package/.agent/plugins/marknative/index.js +256 -0
  23. package/.agent/plugins/marknative/package.json +12 -0
  24. package/.agent/plugins/system-info/index.js +387 -0
  25. package/.agent/plugins/system-info/package.json +4 -0
  26. package/.agent/plugins/system-info/test.js +40 -0
  27. package/.agent/plugins/test-plugin.py +123 -0
  28. package/.agent/plugins/test_nested_plugin.py +85 -0
  29. package/.agent/plugins.json +11 -5
  30. package/.agent/python-scripts/test_sample.py +24 -0
  31. package/.agent/sessions/cli_default.json +96 -249
  32. package/.agent/sessions/weixin_o9cq80zgZqKPA2-s59PN43GdDy1w@im.wechat.json +189 -0
  33. package/.agent/skills/agent-browser/SKILL.md +311 -0
  34. package/.agent/skills/agent-browser/TEST_PLAN.md +200 -0
  35. package/.agent/skills/sysinfo/SKILL.md +38 -0
  36. package/.agent/skills/sysinfo/system-info.sh +130 -0
  37. package/.agent/skills/workflow/SKILL.md +324 -0
  38. package/.agent/test-agent.js +35 -0
  39. package/.agent/weixin.json +6 -0
  40. package/.agent/workflows/email-digest.json +50 -0
  41. package/.agent/workflows/file-backup.json +21 -0
  42. package/.agent/workflows/get-ip-notify.json +32 -0
  43. package/.agent/workflows/news-aggregator.json +93 -0
  44. package/.agent/workflows/news-dashboard-v2.json +94 -0
  45. package/.agent/workflows/notification-batch.json +32 -0
  46. package/.claude/settings.local.json +9 -1
  47. package/.env.example +56 -56
  48. package/README.md +441 -441
  49. package/cli/src/ui/chat-ui.js +32 -21
  50. package/foliko_poster.png +0 -0
  51. package/output/business_poster_final.png +0 -0
  52. package/output/emoji_test_v2.png +0 -0
  53. package/output/foliko-ai-launch-poster.png +0 -0
  54. package/output/foliko-poster.png +0 -0
  55. package/output/muji_style_poster.png +0 -0
  56. package/output/new_product_launch.png +0 -0
  57. package/output/news_poster_625yi_subsidy.png +0 -0
  58. package/output/tech_future_2026.png +0 -0
  59. package/output/tech_future_poster.png +0 -0
  60. package/package.json +1 -2
  61. package/plugins/default-plugins.js +58 -6
  62. package/plugins/extension-executor-plugin.js +8 -21
  63. package/plugins/python-plugin-loader.js +461 -40
  64. package/plugins/python-plugin-loader.js.bak +856 -0
  65. package/plugins/subagent-plugin.js +0 -121
  66. package/plugins/weixin-plugin.js +38 -29
  67. package/poster.png +0 -0
  68. package/skills/find-skills/AGENTS.md +162 -162
  69. package/skills/find-skills/SKILL.md +133 -133
  70. package/skills/foliko-dev/SKILL.md +6 -0
  71. package/skills/python-plugin-dev/SKILL.md +124 -2
  72. package/src/core/agent-chat.js +220 -281
  73. package/src/core/agent.js +10 -0
  74. package/src/utils/plugin-helpers.js +22 -4
  75. package/system.md +1678 -1574
  76. package/test-scan.js +18 -0
  77. package/.agent/.shared/ui-ux-pro-max/data/charts.csv +0 -26
  78. package/.agent/.shared/ui-ux-pro-max/data/colors.csv +0 -97
  79. package/.agent/.shared/ui-ux-pro-max/data/icons.csv +0 -101
  80. package/.agent/.shared/ui-ux-pro-max/data/landing.csv +0 -31
  81. package/.agent/.shared/ui-ux-pro-max/data/products.csv +0 -97
  82. package/.agent/.shared/ui-ux-pro-max/data/prompts.csv +0 -24
  83. package/.agent/.shared/ui-ux-pro-max/data/react-performance.csv +0 -45
  84. package/.agent/.shared/ui-ux-pro-max/data/stacks/flutter.csv +0 -53
  85. package/.agent/.shared/ui-ux-pro-max/data/stacks/html-tailwind.csv +0 -56
  86. package/.agent/.shared/ui-ux-pro-max/data/stacks/jetpack-compose.csv +0 -53
  87. package/.agent/.shared/ui-ux-pro-max/data/stacks/nextjs.csv +0 -53
  88. package/.agent/.shared/ui-ux-pro-max/data/stacks/nuxt-ui.csv +0 -51
  89. package/.agent/.shared/ui-ux-pro-max/data/stacks/nuxtjs.csv +0 -59
  90. package/.agent/.shared/ui-ux-pro-max/data/stacks/react-native.csv +0 -52
  91. package/.agent/.shared/ui-ux-pro-max/data/stacks/react.csv +0 -54
  92. package/.agent/.shared/ui-ux-pro-max/data/stacks/shadcn.csv +0 -61
  93. package/.agent/.shared/ui-ux-pro-max/data/stacks/svelte.csv +0 -54
  94. package/.agent/.shared/ui-ux-pro-max/data/stacks/swiftui.csv +0 -51
  95. package/.agent/.shared/ui-ux-pro-max/data/stacks/vue.csv +0 -50
  96. package/.agent/.shared/ui-ux-pro-max/data/styles.csv +0 -59
  97. package/.agent/.shared/ui-ux-pro-max/data/typography.csv +0 -58
  98. package/.agent/.shared/ui-ux-pro-max/data/ui-reasoning.csv +0 -101
  99. package/.agent/.shared/ui-ux-pro-max/data/ux-guidelines.csv +0 -100
  100. package/.agent/.shared/ui-ux-pro-max/data/web-interface.csv +0 -31
  101. package/.agent/.shared/ui-ux-pro-max/scripts/__pycache__/core.cpython-313.pyc +0 -0
  102. package/.agent/.shared/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-313.pyc +0 -0
  103. package/.agent/.shared/ui-ux-pro-max/scripts/core.py +0 -258
  104. package/.agent/.shared/ui-ux-pro-max/scripts/design_system.py +0 -1067
  105. package/.agent/.shared/ui-ux-pro-max/scripts/search.py +0 -106
  106. package/.agent/ARCHITECTURE.md +0 -288
  107. package/.agent/agents/ambient-agent.md +0 -57
  108. package/.agent/agents/debugger.md +0 -55
  109. package/.agent/agents/email-assistant.md +0 -49
  110. package/.agent/agents/file-manager.md +0 -42
  111. package/.agent/agents/python-developer.md +0 -60
  112. package/.agent/agents/scheduler.md +0 -59
  113. package/.agent/agents/web-developer.md +0 -45
  114. package/.agent/data/puppeteer-sessions/undefined.json +0 -6
  115. package/.agent/data/weixin-media/2026-04-08/img_1775618677512.jpg +0 -0
  116. package/.agent/data/weixin-media/2026-04-08/img_1775619073340.jpg +0 -0
  117. package/.agent/data/weixin-media/2026-04-08/img_1775619097536.jpg +0 -0
  118. package/.agent/data/weixin-media/2026-04-08/img_1775619209388.jpg +0 -0
  119. package/.agent/memory/feedback/mnrdvj5i-ca3dkd.md +0 -9
  120. package/.agent/memory/feedback/mnre365e-7s4zax.md +0 -9
  121. package/.agent/memory/feedback/mnre36jn-nkfgmp.md +0 -9
  122. package/.agent/memory/feedback/mnre3805-kjiq6h.md +0 -9
  123. package/.agent/memory/feedback/mnsf66kp-b10rcd.md +0 -9
  124. package/.agent/memory/feedback/mnsi3sz8-p5g2cw.md +0 -9
  125. package/.agent/memory/feedback/mnsibe47-sv2ni1.md +0 -9
  126. package/.agent/memory/feedback/mnsic89w-nn228o.md +0 -9
  127. package/.agent/memory/feedback/mnsj1xe9-x83ba0.md +0 -9
  128. package/.agent/memory/feedback/mnsj21iv-wnwelx.md +0 -9
  129. package/.agent/memory/feedback/mnsj2g4a-cog7a2.md +0 -9
  130. package/.agent/memory/feedback/mnsj4js7-lktjp6.md +0 -9
  131. package/.agent/memory/feedback/mnsj5d4y-uglwvp.md +0 -9
  132. package/.agent/memory/feedback/mnslkuo9-uous66.md +0 -24
  133. package/.agent/memory/feedback/mnsm3vq0-megoil.md +0 -9
  134. package/.agent/memory/feedback/mnsnn5x2-sxcihd.md +0 -9
  135. package/.agent/memory/feedback/mnsnq17s-nabrn9.md +0 -9
  136. package/.agent/memory/feedback/mnsnybet-wz7rn3.md +0 -9
  137. package/.agent/memory/feedback/mnsrw0s7-7s9e30.md +0 -9
  138. package/.agent/memory/feedback/mnu5hpnd-tlm16q.md +0 -9
  139. package/.agent/memory/feedback/mnu60uqe-xuoxp4.md +0 -9
  140. package/.agent/memory/project/mnqx54u5-loqtoe.md +0 -9
  141. package/.agent/memory/project/mnqx84cv-mx6dmd.md +0 -9
  142. package/.agent/memory/project/mnsacuyr-hgtk5n.md +0 -20
  143. package/.agent/memory/project/mnu5hy2x-bjsg7u.md +0 -9
  144. package/.agent/memory/reference/mnre3cww-penbo1.md +0 -9
  145. package/.agent/memory/reference/mns9wn48-luerua.md +0 -14
  146. package/.agent/memory/reference/mns9yz5c-thc2s0.md +0 -16
  147. package/.agent/memory/reference/mnsfy4um-910f1o.md +0 -23
  148. package/.agent/memory/reference/mnsg37dp-lmfj18.md +0 -32
  149. package/.agent/memory/reference/mnsll60q-0j911u.md +0 -36
  150. package/.agent/memory/reference/mnsmlb5y-nej31u.md +0 -16
  151. package/.agent/memory/reference/mnssle72-yrot96.md +0 -9
  152. package/.agent/memory/user/mnsfuon6-l416q1.md +0 -21
  153. package/.agent/memory/user/mnsg9kut-95m7rf.md +0 -20
  154. package/.agent/memory/user/mnu2eo1v-yy6fhe.md +0 -9
  155. package/.agent/memory/user/mnu2etuo-8u8jk8.md +0 -9
  156. package/.agent/plugins/poster-plugin/README.md +0 -304
  157. package/.agent/plugins/poster-plugin/fonts/NotoColorEmoji-Regular.ttf +0 -0
  158. package/.agent/plugins/poster-plugin/fonts/PatuaOne-Regular.ttf +0 -0
  159. package/.agent/plugins/poster-plugin/fonts/Symbola_hint.ttf +0 -0
  160. package/.agent/plugins/poster-plugin/fonts//345/276/256/350/275/257/351/233/205/351/273/221.ttf +0 -0
  161. package/.agent/plugins/poster-plugin/fonts//345/276/256/350/275/257/351/233/205/351/273/221/347/262/227/344/275/223.ttf +0 -0
  162. package/.agent/plugins/poster-plugin/index.js +0 -13
  163. package/.agent/plugins/poster-plugin/package.json +0 -29
  164. package/.agent/plugins/poster-plugin/src/canvas.js +0 -232
  165. package/.agent/plugins/poster-plugin/src/components/arrow.js +0 -84
  166. package/.agent/plugins/poster-plugin/src/components/avatar.js +0 -71
  167. package/.agent/plugins/poster-plugin/src/components/badge.js +0 -85
  168. package/.agent/plugins/poster-plugin/src/components/barcode.js +0 -123
  169. package/.agent/plugins/poster-plugin/src/components/bubble.js +0 -154
  170. package/.agent/plugins/poster-plugin/src/components/button.js +0 -168
  171. package/.agent/plugins/poster-plugin/src/components/card.js +0 -88
  172. package/.agent/plugins/poster-plugin/src/components/chart.js +0 -127
  173. package/.agent/plugins/poster-plugin/src/components/chip.js +0 -88
  174. package/.agent/plugins/poster-plugin/src/components/columns.js +0 -121
  175. package/.agent/plugins/poster-plugin/src/components/cta.js +0 -87
  176. package/.agent/plugins/poster-plugin/src/components/divider.js +0 -55
  177. package/.agent/plugins/poster-plugin/src/components/feature.js +0 -85
  178. package/.agent/plugins/poster-plugin/src/components/featureGrid.js +0 -117
  179. package/.agent/plugins/poster-plugin/src/components/frame.js +0 -230
  180. package/.agent/plugins/poster-plugin/src/components/grid.js +0 -130
  181. package/.agent/plugins/poster-plugin/src/components/highlightText.js +0 -145
  182. package/.agent/plugins/poster-plugin/src/components/icon.js +0 -94
  183. package/.agent/plugins/poster-plugin/src/components/imageFrame.js +0 -205
  184. package/.agent/plugins/poster-plugin/src/components/index.js +0 -81
  185. package/.agent/plugins/poster-plugin/src/components/listItem.js +0 -147
  186. package/.agent/plugins/poster-plugin/src/components/notification.js +0 -123
  187. package/.agent/plugins/poster-plugin/src/components/progress.js +0 -79
  188. package/.agent/plugins/poster-plugin/src/components/progressCircle.js +0 -117
  189. package/.agent/plugins/poster-plugin/src/components/qrcode.js +0 -74
  190. package/.agent/plugins/poster-plugin/src/components/quote.js +0 -169
  191. package/.agent/plugins/poster-plugin/src/components/rating.js +0 -85
  192. package/.agent/plugins/poster-plugin/src/components/ribbon.js +0 -197
  193. package/.agent/plugins/poster-plugin/src/components/seal.js +0 -148
  194. package/.agent/plugins/poster-plugin/src/components/star.js +0 -70
  195. package/.agent/plugins/poster-plugin/src/components/statCard.js +0 -105
  196. package/.agent/plugins/poster-plugin/src/components/stepper.js +0 -118
  197. package/.agent/plugins/poster-plugin/src/components/table.js +0 -167
  198. package/.agent/plugins/poster-plugin/src/components/tagCloud.js +0 -85
  199. package/.agent/plugins/poster-plugin/src/components/timeline.js +0 -117
  200. package/.agent/plugins/poster-plugin/src/components/watermark.js +0 -54
  201. package/.agent/plugins/poster-plugin/src/composer.js +0 -2314
  202. package/.agent/plugins/poster-plugin/src/elements/artText.js +0 -69
  203. package/.agent/plugins/poster-plugin/src/elements/background.js +0 -99
  204. package/.agent/plugins/poster-plugin/src/elements/circle.js +0 -31
  205. package/.agent/plugins/poster-plugin/src/elements/image.js +0 -28
  206. package/.agent/plugins/poster-plugin/src/elements/index.js +0 -28
  207. package/.agent/plugins/poster-plugin/src/elements/line.js +0 -23
  208. package/.agent/plugins/poster-plugin/src/elements/polygon.js +0 -63
  209. package/.agent/plugins/poster-plugin/src/elements/rectangle.js +0 -32
  210. package/.agent/plugins/poster-plugin/src/elements/richText.js +0 -283
  211. package/.agent/plugins/poster-plugin/src/elements/svg.js +0 -108
  212. package/.agent/plugins/poster-plugin/src/elements/text.js +0 -112
  213. package/.agent/plugins/poster-plugin/src/fonts.js +0 -674
  214. package/.agent/plugins/poster-plugin/src/index.js +0 -2126
  215. package/.agent/plugins/poster-plugin/src/presets.js +0 -36
  216. package/.agent/plugins/poster-plugin/src/templates/business.js +0 -60
  217. package/.agent/plugins/poster-plugin/src/templates/gradient.js +0 -64
  218. package/.agent/plugins/poster-plugin/src/templates/index.js +0 -43
  219. package/.agent/plugins/poster-plugin/src/templates/modern.js +0 -69
  220. package/.agent/plugins/poster-plugin/src/templates/simple.js +0 -58
  221. package/.agent/plugins/poster-plugin/src/templates/social.js +0 -62
  222. package/.agent/plugins/poster-plugin/src/templates/tech.js +0 -84
  223. package/.agent/plugins/poster-plugin/src/utils/imageLoader.js +0 -84
  224. package/.agent/plugins/poster-plugin/yarn.lock +0 -837
  225. package/.agent/plugins/puppeteer-plugin/README.md +0 -147
  226. package/.agent/plugins/puppeteer-plugin/index.js +0 -1422
  227. package/.agent/plugins/puppeteer-plugin/package.json +0 -9
  228. package/.agent/rules/GEMINI.md +0 -273
  229. package/.agent/rules/allow-rule.md +0 -77
  230. package/.agent/rules/log-rule.md +0 -83
  231. package/.agent/rules/security-rule.md +0 -93
  232. package/.agent/scripts/auto_preview.py +0 -148
  233. package/.agent/scripts/checklist.py +0 -217
  234. package/.agent/scripts/session_manager.py +0 -120
  235. package/.agent/scripts/verify_all.py +0 -327
  236. package/.agent/skills/api-patterns/SKILL.md +0 -81
  237. package/.agent/skills/api-patterns/api-style.md +0 -42
  238. package/.agent/skills/api-patterns/auth.md +0 -24
  239. package/.agent/skills/api-patterns/documentation.md +0 -26
  240. package/.agent/skills/api-patterns/graphql.md +0 -41
  241. package/.agent/skills/api-patterns/rate-limiting.md +0 -31
  242. package/.agent/skills/api-patterns/response.md +0 -37
  243. package/.agent/skills/api-patterns/rest.md +0 -40
  244. package/.agent/skills/api-patterns/scripts/api_validator.py +0 -211
  245. package/.agent/skills/api-patterns/security-testing.md +0 -122
  246. package/.agent/skills/api-patterns/trpc.md +0 -41
  247. package/.agent/skills/api-patterns/versioning.md +0 -22
  248. package/.agent/skills/app-builder/SKILL.md +0 -75
  249. package/.agent/skills/app-builder/agent-coordination.md +0 -71
  250. package/.agent/skills/app-builder/feature-building.md +0 -53
  251. package/.agent/skills/app-builder/project-detection.md +0 -34
  252. package/.agent/skills/app-builder/scaffolding.md +0 -118
  253. package/.agent/skills/app-builder/tech-stack.md +0 -40
  254. package/.agent/skills/app-builder/templates/SKILL.md +0 -39
  255. package/.agent/skills/app-builder/templates/astro-static/TEMPLATE.md +0 -76
  256. package/.agent/skills/app-builder/templates/chrome-extension/TEMPLATE.md +0 -92
  257. package/.agent/skills/app-builder/templates/cli-tool/TEMPLATE.md +0 -88
  258. package/.agent/skills/app-builder/templates/electron-desktop/TEMPLATE.md +0 -88
  259. package/.agent/skills/app-builder/templates/express-api/TEMPLATE.md +0 -83
  260. package/.agent/skills/app-builder/templates/flutter-app/TEMPLATE.md +0 -90
  261. package/.agent/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +0 -90
  262. package/.agent/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +0 -122
  263. package/.agent/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +0 -122
  264. package/.agent/skills/app-builder/templates/nextjs-static/TEMPLATE.md +0 -169
  265. package/.agent/skills/app-builder/templates/nuxt-app/TEMPLATE.md +0 -134
  266. package/.agent/skills/app-builder/templates/python-fastapi/TEMPLATE.md +0 -83
  267. package/.agent/skills/app-builder/templates/react-native-app/TEMPLATE.md +0 -119
  268. package/.agent/skills/architecture/SKILL.md +0 -55
  269. package/.agent/skills/architecture/context-discovery.md +0 -43
  270. package/.agent/skills/architecture/examples.md +0 -94
  271. package/.agent/skills/architecture/pattern-selection.md +0 -68
  272. package/.agent/skills/architecture/patterns-reference.md +0 -50
  273. package/.agent/skills/architecture/trade-off-analysis.md +0 -77
  274. package/.agent/skills/clean-code/SKILL.md +0 -201
  275. package/.agent/skills/doc.md +0 -177
  276. package/.agent/skills/frontend-design/SKILL.md +0 -418
  277. package/.agent/skills/frontend-design/animation-guide.md +0 -331
  278. package/.agent/skills/frontend-design/color-system.md +0 -311
  279. package/.agent/skills/frontend-design/decision-trees.md +0 -418
  280. package/.agent/skills/frontend-design/motion-graphics.md +0 -306
  281. package/.agent/skills/frontend-design/scripts/accessibility_checker.py +0 -183
  282. package/.agent/skills/frontend-design/scripts/ux_audit.py +0 -722
  283. package/.agent/skills/frontend-design/typography-system.md +0 -345
  284. package/.agent/skills/frontend-design/ux-psychology.md +0 -1116
  285. package/.agent/skills/frontend-design/visual-effects.md +0 -383
  286. package/.agent/skills/i18n-localization/SKILL.md +0 -154
  287. package/.agent/skills/i18n-localization/scripts/i18n_checker.py +0 -241
  288. package/.agent/skills/mcp-builder/SKILL.md +0 -176
  289. package/.agent/skills/poster-design/SKILL.md +0 -385
  290. package/.agent/skills/web-design-guidelines/SKILL.md +0 -57
  291. package/.agent/workflows/brainstorm.md +0 -113
  292. package/.agent/workflows/create.md +0 -59
  293. package/.agent/workflows/debug.md +0 -103
  294. package/.agent/workflows/deploy.md +0 -176
  295. package/.agent/workflows/enhance.md +0 -63
  296. package/.agent/workflows/orchestrate.md +0 -237
  297. package/.agent/workflows/plan.md +0 -89
  298. package/.agent/workflows/preview.md +0 -81
  299. package/.agent/workflows/simple-test.md +0 -42
  300. package/.agent/workflows/status.md +0 -86
  301. package/.agent/workflows/structured-orchestrate.md +0 -180
  302. package/.agent/workflows/test.md +0 -144
  303. package/.agent/workflows/ui-ux-pro-max.md +0 -296
  304. package/outputs/emoji-font-showcase.png +0 -0
  305. package/outputs/foliko-muji-style.png +0 -0
  306. /package/.agent/plugins/{poster-plugin → marknative}/fonts/SegoeUI Emoji.ttf +0 -0
@@ -1,81 +0,0 @@
1
- ---
2
- name: api-patterns
3
- description: API design principles and decision-making. REST vs GraphQL vs tRPC selection, response formats, versioning, pagination.
4
- allowed-tools: Read, Write, Edit, Glob, Grep
5
- ---
6
-
7
- # API Patterns
8
-
9
- > API design principles and decision-making for 2025.
10
- > **Learn to THINK, not copy fixed patterns.**
11
-
12
- ## 🎯 Selective Reading Rule
13
-
14
- **Read ONLY files relevant to the request!** Check the content map, find what you need.
15
-
16
- ---
17
-
18
- ## 📑 Content Map
19
-
20
- | File | Description | When to Read |
21
- |------|-------------|--------------|
22
- | `api-style.md` | REST vs GraphQL vs tRPC decision tree | Choosing API type |
23
- | `rest.md` | Resource naming, HTTP methods, status codes | Designing REST API |
24
- | `response.md` | Envelope pattern, error format, pagination | Response structure |
25
- | `graphql.md` | Schema design, when to use, security | Considering GraphQL |
26
- | `trpc.md` | TypeScript monorepo, type safety | TS fullstack projects |
27
- | `versioning.md` | URI/Header/Query versioning | API evolution planning |
28
- | `auth.md` | JWT, OAuth, Passkey, API Keys | Auth pattern selection |
29
- | `rate-limiting.md` | Token bucket, sliding window | API protection |
30
- | `documentation.md` | OpenAPI/Swagger best practices | Documentation |
31
- | `security-testing.md` | OWASP API Top 10, auth/authz testing | Security audits |
32
-
33
- ---
34
-
35
- ## 🔗 Related Skills
36
-
37
- | Need | Skill |
38
- |------|-------|
39
- | API implementation | `@[skills/backend-development]` |
40
- | Data structure | `@[skills/database-design]` |
41
- | Security details | `@[skills/security-hardening]` |
42
-
43
- ---
44
-
45
- ## ✅ Decision Checklist
46
-
47
- Before designing an API:
48
-
49
- - [ ] **Asked user about API consumers?**
50
- - [ ] **Chosen API style for THIS context?** (REST/GraphQL/tRPC)
51
- - [ ] **Defined consistent response format?**
52
- - [ ] **Planned versioning strategy?**
53
- - [ ] **Considered authentication needs?**
54
- - [ ] **Planned rate limiting?**
55
- - [ ] **Documentation approach defined?**
56
-
57
- ---
58
-
59
- ## ❌ Anti-Patterns
60
-
61
- **DON'T:**
62
- - Default to REST for everything
63
- - Use verbs in REST endpoints (/getUsers)
64
- - Return inconsistent response formats
65
- - Expose internal errors to clients
66
- - Skip rate limiting
67
-
68
- **DO:**
69
- - Choose API style based on context
70
- - Ask about client requirements
71
- - Document thoroughly
72
- - Use appropriate status codes
73
-
74
- ---
75
-
76
- ## Script
77
-
78
- | Script | Purpose | Command |
79
- |--------|---------|---------|
80
- | `scripts/api_validator.py` | API endpoint validation | `python scripts/api_validator.py <project_path>` |
81
-
@@ -1,42 +0,0 @@
1
- # API Style Selection (2025)
2
-
3
- > REST vs GraphQL vs tRPC - Hangi durumda hangisi?
4
-
5
- ## Decision Tree
6
-
7
- ```
8
- Who are the API consumers?
9
-
10
- ├── Public API / Multiple platforms
11
- │ └── REST + OpenAPI (widest compatibility)
12
-
13
- ├── Complex data needs / Multiple frontends
14
- │ └── GraphQL (flexible queries)
15
-
16
- ├── TypeScript frontend + backend (monorepo)
17
- │ └── tRPC (end-to-end type safety)
18
-
19
- ├── Real-time / Event-driven
20
- │ └── WebSocket + AsyncAPI
21
-
22
- └── Internal microservices
23
- └── gRPC (performance) or REST (simplicity)
24
- ```
25
-
26
- ## Comparison
27
-
28
- | Factor | REST | GraphQL | tRPC |
29
- |--------|------|---------|------|
30
- | **Best for** | Public APIs | Complex apps | TS monorepos |
31
- | **Learning curve** | Low | Medium | Low (if TS) |
32
- | **Over/under fetching** | Common | Solved | Solved |
33
- | **Type safety** | Manual (OpenAPI) | Schema-based | Automatic |
34
- | **Caching** | HTTP native | Complex | Client-based |
35
-
36
- ## Selection Questions
37
-
38
- 1. Who are the API consumers?
39
- 2. Is the frontend TypeScript?
40
- 3. How complex are the data relationships?
41
- 4. Is caching critical?
42
- 5. Public or internal API?
@@ -1,24 +0,0 @@
1
- # Authentication Patterns
2
-
3
- > Choose auth pattern based on use case.
4
-
5
- ## Selection Guide
6
-
7
- | Pattern | Best For |
8
- |---------|----------|
9
- | **JWT** | Stateless, microservices |
10
- | **Session** | Traditional web, simple |
11
- | **OAuth 2.0** | Third-party integration |
12
- | **API Keys** | Server-to-server, public APIs |
13
- | **Passkey** | Modern passwordless (2025+) |
14
-
15
- ## JWT Principles
16
-
17
- ```
18
- Important:
19
- ├── Always verify signature
20
- ├── Check expiration
21
- ├── Include minimal claims
22
- ├── Use short expiry + refresh tokens
23
- └── Never store sensitive data in JWT
24
- ```
@@ -1,26 +0,0 @@
1
- # API Documentation Principles
2
-
3
- > Good docs = happy developers = API adoption.
4
-
5
- ## OpenAPI/Swagger Essentials
6
-
7
- ```
8
- Include:
9
- ├── All endpoints with examples
10
- ├── Request/response schemas
11
- ├── Authentication requirements
12
- ├── Error response formats
13
- └── Rate limiting info
14
- ```
15
-
16
- ## Good Documentation Has
17
-
18
- ```
19
- Essentials:
20
- ├── Quick start / Getting started
21
- ├── Authentication guide
22
- ├── Complete API reference
23
- ├── Error handling guide
24
- ├── Code examples (multiple languages)
25
- └── Changelog
26
- ```
@@ -1,41 +0,0 @@
1
- # GraphQL Principles
2
-
3
- > Flexible queries for complex, interconnected data.
4
-
5
- ## When to Use
6
-
7
- ```
8
- ✅ Good fit:
9
- ├── Complex, interconnected data
10
- ├── Multiple frontend platforms
11
- ├── Clients need flexible queries
12
- ├── Evolving data requirements
13
- └── Reducing over-fetching matters
14
-
15
- ❌ Poor fit:
16
- ├── Simple CRUD operations
17
- ├── File upload heavy
18
- ├── HTTP caching important
19
- └── Team unfamiliar with GraphQL
20
- ```
21
-
22
- ## Schema Design Principles
23
-
24
- ```
25
- Principles:
26
- ├── Think in graphs, not endpoints
27
- ├── Design for evolvability (no versions)
28
- ├── Use connections for pagination
29
- ├── Be specific with types (not generic "data")
30
- └── Handle nullability thoughtfully
31
- ```
32
-
33
- ## Security Considerations
34
-
35
- ```
36
- Protect against:
37
- ├── Query depth attacks → Set max depth
38
- ├── Query complexity → Calculate cost
39
- ├── Batching abuse → Limit batch size
40
- ├── Introspection → Disable in production
41
- ```
@@ -1,31 +0,0 @@
1
- # Rate Limiting Principles
2
-
3
- > Protect your API from abuse and overload.
4
-
5
- ## Why Rate Limit
6
-
7
- ```
8
- Protect against:
9
- ├── Brute force attacks
10
- ├── Resource exhaustion
11
- ├── Cost overruns (if pay-per-use)
12
- └── Unfair usage
13
- ```
14
-
15
- ## Strategy Selection
16
-
17
- | Type | How | When |
18
- |------|-----|------|
19
- | **Token bucket** | Burst allowed, refills over time | Most APIs |
20
- | **Sliding window** | Smooth distribution | Strict limits |
21
- | **Fixed window** | Simple counters per window | Basic needs |
22
-
23
- ## Response Headers
24
-
25
- ```
26
- Include in headers:
27
- ├── X-RateLimit-Limit (max requests)
28
- ├── X-RateLimit-Remaining (requests left)
29
- ├── X-RateLimit-Reset (when limit resets)
30
- └── Return 429 when exceeded
31
- ```
@@ -1,37 +0,0 @@
1
- # Response Format Principles
2
-
3
- > Consistency is key - choose a format and stick to it.
4
-
5
- ## Common Patterns
6
-
7
- ```
8
- Choose one:
9
- ├── Envelope pattern ({ success, data, error })
10
- ├── Direct data (just return the resource)
11
- └── HAL/JSON:API (hypermedia)
12
- ```
13
-
14
- ## Error Response
15
-
16
- ```
17
- Include:
18
- ├── Error code (for programmatic handling)
19
- ├── User message (for display)
20
- ├── Details (for debugging, field-level errors)
21
- ├── Request ID (for support)
22
- └── NOT internal details (security!)
23
- ```
24
-
25
- ## Pagination Types
26
-
27
- | Type | Best For | Trade-offs |
28
- |------|----------|------------|
29
- | **Offset** | Simple, jumpable | Performance on large datasets |
30
- | **Cursor** | Large datasets | Can't jump to page |
31
- | **Keyset** | Performance critical | Requires sortable key |
32
-
33
- ### Selection Questions
34
-
35
- 1. How large is the dataset?
36
- 2. Do users need to jump to specific pages?
37
- 3. Is data frequently changing?
@@ -1,40 +0,0 @@
1
- # REST Principles
2
-
3
- > Resource-based API design - nouns not verbs.
4
-
5
- ## Resource Naming Rules
6
-
7
- ```
8
- Principles:
9
- ├── Use NOUNS, not verbs (resources, not actions)
10
- ├── Use PLURAL forms (/users not /user)
11
- ├── Use lowercase with hyphens (/user-profiles)
12
- ├── Nest for relationships (/users/123/posts)
13
- └── Keep shallow (max 3 levels deep)
14
- ```
15
-
16
- ## HTTP Method Selection
17
-
18
- | Method | Purpose | Idempotent? | Body? |
19
- |--------|---------|-------------|-------|
20
- | **GET** | Read resource(s) | Yes | No |
21
- | **POST** | Create new resource | No | Yes |
22
- | **PUT** | Replace entire resource | Yes | Yes |
23
- | **PATCH** | Partial update | No | Yes |
24
- | **DELETE** | Remove resource | Yes | No |
25
-
26
- ## Status Code Selection
27
-
28
- | Situation | Code | Why |
29
- |-----------|------|-----|
30
- | Success (read) | 200 | Standard success |
31
- | Created | 201 | New resource created |
32
- | No content | 204 | Success, nothing to return |
33
- | Bad request | 400 | Malformed request |
34
- | Unauthorized | 401 | Missing/invalid auth |
35
- | Forbidden | 403 | Valid auth, no permission |
36
- | Not found | 404 | Resource doesn't exist |
37
- | Conflict | 409 | State conflict (duplicate) |
38
- | Validation error | 422 | Valid syntax, invalid data |
39
- | Rate limited | 429 | Too many requests |
40
- | Server error | 500 | Our fault |
@@ -1,211 +0,0 @@
1
- #!/usr/bin/env python3
2
- """
3
- API Validator - Checks API endpoints for best practices.
4
- Validates OpenAPI specs, response formats, and common issues.
5
- """
6
- import sys
7
- import json
8
- import re
9
- from pathlib import Path
10
-
11
- # Fix Windows console encoding for Unicode output
12
- try:
13
- sys.stdout.reconfigure(encoding='utf-8', errors='replace')
14
- sys.stderr.reconfigure(encoding='utf-8', errors='replace')
15
- except AttributeError:
16
- pass # Python < 3.7
17
-
18
- def find_api_files(project_path: Path) -> list:
19
- """Find API-related files."""
20
- patterns = [
21
- "**/*api*.ts", "**/*api*.js", "**/*api*.py",
22
- "**/routes/*.ts", "**/routes/*.js", "**/routes/*.py",
23
- "**/controllers/*.ts", "**/controllers/*.js",
24
- "**/endpoints/*.ts", "**/endpoints/*.py",
25
- "**/*.openapi.json", "**/*.openapi.yaml",
26
- "**/swagger.json", "**/swagger.yaml",
27
- "**/openapi.json", "**/openapi.yaml"
28
- ]
29
-
30
- files = []
31
- for pattern in patterns:
32
- files.extend(project_path.glob(pattern))
33
-
34
- # Exclude node_modules, etc.
35
- return [f for f in files if not any(x in str(f) for x in ['node_modules', '.git', 'dist', 'build', '__pycache__'])]
36
-
37
- def check_openapi_spec(file_path: Path) -> dict:
38
- """Check OpenAPI/Swagger specification."""
39
- issues = []
40
- passed = []
41
-
42
- try:
43
- content = file_path.read_text(encoding='utf-8')
44
-
45
- if file_path.suffix == '.json':
46
- spec = json.loads(content)
47
- else:
48
- # Basic YAML check
49
- if 'openapi:' in content or 'swagger:' in content:
50
- passed.append("[OK] OpenAPI/Swagger version defined")
51
- else:
52
- issues.append("[X] No OpenAPI version found")
53
-
54
- if 'paths:' in content:
55
- passed.append("[OK] Paths section exists")
56
- else:
57
- issues.append("[X] No paths defined")
58
-
59
- if 'components:' in content or 'definitions:' in content:
60
- passed.append("[OK] Schema components defined")
61
-
62
- return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'openapi'}
63
-
64
- # JSON OpenAPI checks
65
- if 'openapi' in spec or 'swagger' in spec:
66
- passed.append("[OK] OpenAPI version defined")
67
-
68
- if 'info' in spec:
69
- if 'title' in spec['info']:
70
- passed.append("[OK] API title defined")
71
- if 'version' in spec['info']:
72
- passed.append("[OK] API version defined")
73
- if 'description' not in spec['info']:
74
- issues.append("[!] API description missing")
75
-
76
- if 'paths' in spec:
77
- path_count = len(spec['paths'])
78
- passed.append(f"[OK] {path_count} endpoints defined")
79
-
80
- # Check each path
81
- for path, methods in spec['paths'].items():
82
- for method, details in methods.items():
83
- if method in ['get', 'post', 'put', 'patch', 'delete']:
84
- if 'responses' not in details:
85
- issues.append(f"[X] {method.upper()} {path}: No responses defined")
86
- if 'summary' not in details and 'description' not in details:
87
- issues.append(f"[!] {method.upper()} {path}: No description")
88
-
89
- except Exception as e:
90
- issues.append(f"[X] Parse error: {e}")
91
-
92
- return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'openapi'}
93
-
94
- def check_api_code(file_path: Path) -> dict:
95
- """Check API code for common issues."""
96
- issues = []
97
- passed = []
98
-
99
- try:
100
- content = file_path.read_text(encoding='utf-8')
101
-
102
- # Check for error handling
103
- error_patterns = [
104
- r'try\s*{', r'try:', r'\.catch\(',
105
- r'except\s+', r'catch\s*\('
106
- ]
107
- has_error_handling = any(re.search(p, content) for p in error_patterns)
108
- if has_error_handling:
109
- passed.append("[OK] Error handling present")
110
- else:
111
- issues.append("[X] No error handling found")
112
-
113
- # Check for status codes
114
- status_patterns = [
115
- r'status\s*\(\s*\d{3}\s*\)', r'statusCode\s*[=:]\s*\d{3}',
116
- r'HttpStatus\.', r'status_code\s*=\s*\d{3}',
117
- r'\.status\(\d{3}\)', r'res\.status\('
118
- ]
119
- has_status = any(re.search(p, content) for p in status_patterns)
120
- if has_status:
121
- passed.append("[OK] HTTP status codes used")
122
- else:
123
- issues.append("[!] No explicit HTTP status codes")
124
-
125
- # Check for validation
126
- validation_patterns = [
127
- r'validate', r'schema', r'zod', r'joi', r'yup',
128
- r'pydantic', r'@Body\(', r'@Query\('
129
- ]
130
- has_validation = any(re.search(p, content, re.I) for p in validation_patterns)
131
- if has_validation:
132
- passed.append("[OK] Input validation present")
133
- else:
134
- issues.append("[!] No input validation detected")
135
-
136
- # Check for auth middleware
137
- auth_patterns = [
138
- r'auth', r'jwt', r'bearer', r'token',
139
- r'middleware', r'guard', r'@Authenticated'
140
- ]
141
- has_auth = any(re.search(p, content, re.I) for p in auth_patterns)
142
- if has_auth:
143
- passed.append("[OK] Authentication/authorization detected")
144
-
145
- # Check for rate limiting
146
- rate_patterns = [r'rateLimit', r'throttle', r'rate.?limit']
147
- has_rate = any(re.search(p, content, re.I) for p in rate_patterns)
148
- if has_rate:
149
- passed.append("[OK] Rate limiting present")
150
-
151
- # Check for logging
152
- log_patterns = [r'console\.log', r'logger\.', r'logging\.', r'log\.']
153
- has_logging = any(re.search(p, content) for p in log_patterns)
154
- if has_logging:
155
- passed.append("[OK] Logging present")
156
-
157
- except Exception as e:
158
- issues.append(f"[X] Read error: {e}")
159
-
160
- return {'file': str(file_path), 'passed': passed, 'issues': issues, 'type': 'code'}
161
-
162
- def main():
163
- target = sys.argv[1] if len(sys.argv) > 1 else "."
164
- project_path = Path(target)
165
-
166
- print("\n" + "=" * 60)
167
- print(" API VALIDATOR - Endpoint Best Practices Check")
168
- print("=" * 60 + "\n")
169
-
170
- api_files = find_api_files(project_path)
171
-
172
- if not api_files:
173
- print("[!] No API files found.")
174
- print(" Looking for: routes/, controllers/, api/, openapi.json/yaml")
175
- sys.exit(0)
176
-
177
- results = []
178
- for file_path in api_files[:15]: # Limit
179
- if 'openapi' in file_path.name.lower() or 'swagger' in file_path.name.lower():
180
- result = check_openapi_spec(file_path)
181
- else:
182
- result = check_api_code(file_path)
183
- results.append(result)
184
-
185
- # Print results
186
- total_issues = 0
187
- total_passed = 0
188
-
189
- for result in results:
190
- print(f"\n[FILE] {result['file']} [{result['type']}]")
191
- for item in result['passed']:
192
- print(f" {item}")
193
- total_passed += 1
194
- for item in result['issues']:
195
- print(f" {item}")
196
- if item.startswith("[X]"):
197
- total_issues += 1
198
-
199
- print("\n" + "=" * 60)
200
- print(f"[RESULTS] {total_passed} passed, {total_issues} critical issues")
201
- print("=" * 60)
202
-
203
- if total_issues == 0:
204
- print("[OK] API validation passed")
205
- sys.exit(0)
206
- else:
207
- print("[X] Fix critical issues before deployment")
208
- sys.exit(1)
209
-
210
- if __name__ == "__main__":
211
- main()
@@ -1,122 +0,0 @@
1
- # API Security Testing
2
-
3
- > Principles for testing API security. OWASP API Top 10, authentication, authorization testing.
4
-
5
- ---
6
-
7
- ## OWASP API Security Top 10
8
-
9
- | Vulnerability | Test Focus |
10
- |---------------|------------|
11
- | **API1: BOLA** | Access other users' resources |
12
- | **API2: Broken Auth** | JWT, session, credentials |
13
- | **API3: Property Auth** | Mass assignment, data exposure |
14
- | **API4: Resource Consumption** | Rate limiting, DoS |
15
- | **API5: Function Auth** | Admin endpoints, role bypass |
16
- | **API6: Business Flow** | Logic abuse, automation |
17
- | **API7: SSRF** | Internal network access |
18
- | **API8: Misconfiguration** | Debug endpoints, CORS |
19
- | **API9: Inventory** | Shadow APIs, old versions |
20
- | **API10: Unsafe Consumption** | Third-party API trust |
21
-
22
- ---
23
-
24
- ## Authentication Testing
25
-
26
- ### JWT Testing
27
-
28
- | Check | What to Test |
29
- |-------|--------------|
30
- | Algorithm | None, algorithm confusion |
31
- | Secret | Weak secrets, brute force |
32
- | Claims | Expiration, issuer, audience |
33
- | Signature | Manipulation, key injection |
34
-
35
- ### Session Testing
36
-
37
- | Check | What to Test |
38
- |-------|--------------|
39
- | Generation | Predictability |
40
- | Storage | Client-side security |
41
- | Expiration | Timeout enforcement |
42
- | Invalidation | Logout effectiveness |
43
-
44
- ---
45
-
46
- ## Authorization Testing
47
-
48
- | Test Type | Approach |
49
- |-----------|----------|
50
- | **Horizontal** | Access peer users' data |
51
- | **Vertical** | Access higher privilege functions |
52
- | **Context** | Access outside allowed scope |
53
-
54
- ### BOLA/IDOR Testing
55
-
56
- 1. Identify resource IDs in requests
57
- 2. Capture request with user A's session
58
- 3. Replay with user B's session
59
- 4. Check for unauthorized access
60
-
61
- ---
62
-
63
- ## Input Validation Testing
64
-
65
- | Injection Type | Test Focus |
66
- |----------------|------------|
67
- | SQL | Query manipulation |
68
- | NoSQL | Document queries |
69
- | Command | System commands |
70
- | LDAP | Directory queries |
71
-
72
- **Approach:** Test all parameters, try type coercion, test boundaries, check error messages.
73
-
74
- ---
75
-
76
- ## Rate Limiting Testing
77
-
78
- | Aspect | Check |
79
- |--------|-------|
80
- | Existence | Is there any limit? |
81
- | Bypass | Headers, IP rotation |
82
- | Scope | Per-user, per-IP, global |
83
-
84
- **Bypass techniques:** X-Forwarded-For, different HTTP methods, case variations, API versioning.
85
-
86
- ---
87
-
88
- ## GraphQL Security
89
-
90
- | Test | Focus |
91
- |------|-------|
92
- | Introspection | Schema disclosure |
93
- | Batching | Query DoS |
94
- | Nesting | Depth-based DoS |
95
- | Authorization | Field-level access |
96
-
97
- ---
98
-
99
- ## Security Testing Checklist
100
-
101
- **Authentication:**
102
- - [ ] Test for bypass
103
- - [ ] Check credential strength
104
- - [ ] Verify token security
105
-
106
- **Authorization:**
107
- - [ ] Test BOLA/IDOR
108
- - [ ] Check privilege escalation
109
- - [ ] Verify function access
110
-
111
- **Input:**
112
- - [ ] Test all parameters
113
- - [ ] Check for injection
114
-
115
- **Config:**
116
- - [ ] Check CORS
117
- - [ ] Verify headers
118
- - [ ] Test error handling
119
-
120
- ---
121
-
122
- > **Remember:** APIs are the backbone of modern apps. Test them like attackers will.