forgecraft-mcp 1.2.0 → 1.3.2

package/templates/web-static/instructions.yaml

@@ -1,115 +1,115 @@
-tag: WEB-STATIC
-section: instructions
-blocks:
-  - id: static-site-architecture
-    tier: recommended
-    title: "Static Site Architecture"
-    content: |
-      ## Static Site & Jamstack Patterns
-
-      - Use Static Site Generation (SSG) as the default rendering strategy; reserve SSR or ISR only for pages requiring dynamic data at request time.
-      - Pre-render all content pages at build time. Ensure the build pipeline fails fast on broken links, missing assets, or template errors.
-      - Separate content from presentation: store structured content in Markdown, MDX, or a headless CMS, and consume it via build-time data fetching.
-      - Implement incremental builds where supported to keep build times under 60 seconds for content-heavy sites.
-      - Use content hashing for all emitted assets (JS, CSS, images) to enable aggressive, immutable caching (`Cache-Control: public, max-age=31536000, immutable`).
-      - Serve the site behind a CDN. Configure cache invalidation on deploy so users never see stale HTML entry points.
-      - Generate a `sitemap.xml` and `robots.txt` at build time. Include canonical URLs and Open Graph meta tags on every page.
-      - Keep JavaScript payload minimal. Audit bundle size on every PR; set a performance budget (e.g., < 100 KB compressed JS for the critical path).
-
-  - id: asset-optimization
-    tier: recommended
-    title: "Asset Optimization"
-    content: |
-      ## Asset Optimization & Performance
-
-      - Serve images in modern formats (WebP/AVIF) with `<picture>` fallbacks. Use responsive `srcset` and `sizes` attributes to deliver appropriately sized images.
-      - Inline critical CSS for above-the-fold content and defer non-critical stylesheets. Avoid render-blocking resources.
-      - Enable Brotli or gzip compression on the CDN/server for all text-based assets (HTML, CSS, JS, SVG, JSON).
-      - Lazy-load below-the-fold images and iframes using `loading="lazy"` or Intersection Observer.
-      - Preload key resources (`<link rel="preload">`) such as fonts and hero images. Use `font-display: swap` to prevent FOIT.
-      - Minimize third-party scripts. Load analytics and tracking asynchronously and after the main content is interactive.
-      - Run Lighthouse CI in the build pipeline; fail the build if performance score drops below the agreed threshold (e.g., 90).
-
-  - id: html-css-best-practices
-    tier: recommended
-    title: "HTML & CSS Best Practices"
-    content: |
-      ## HTML & CSS Quality Standards
-
-      - Write semantic HTML5 markup. Use `<header>`, `<nav>`, `<main>`, `<article>`, `<section>`, and `<footer>` to convey document structure.
-      - Ensure all pages pass WCAG 2.1 AA. Provide alt text for images, proper heading hierarchy, sufficient color contrast, and keyboard navigability.
-      - Use CSS custom properties (variables) for theming. Maintain a design-token file as the single source of truth for colors, spacing, and typography.
-      - Prefer utility-first or modular CSS methodologies (e.g., Tailwind, CSS Modules) to avoid specificity conflicts and dead CSS accumulation.
-      - Validate HTML output with the W3C validator in CI. Fix all errors; treat warnings as errors in new code.
-      - Support dark mode via `prefers-color-scheme` media query or a user-togglable theme that persists in `localStorage`.
-
-  - id: static-deployment
-    tier: recommended
-    title: "Static Site Deployment"
-    content: |
-      ## Static Site Deployment
-
-      ### Platforms
-      - **Netlify**: Git-push deploy, instant rollbacks, form handling, edge functions, split testing.
-        Free tier generous for static sites. Build plugins for Lighthouse, broken link detection.
-      - **Vercel**: Zero-config for Next.js/Astro/SvelteKit. Preview deployments per PR.
-      - **Cloudflare Pages**: Unlimited bandwidth, global edge network, Pages Functions for dynamic routes.
-      - **GitHub Pages**: Free for open-source. Limited (no server functions, no redirects file natively).
-        Suitable for docs sites and project landing pages only.
-      - **AWS S3 + CloudFront**: Maximum control, lowest cost at scale. Use `aws-cdk` or Terraform
-        to define the stack: S3 bucket (private) → CloudFront distribution → Route53 DNS → ACM cert.
-
-      ### Build Pipeline
-      - Build locally mirrors CI exactly (same Node version, same env vars). Use `.nvmrc` or `.node-version`.
-      - Build output is a static directory (`dist/`, `out/`, `public/`). No server process.
-      - Atomic deploys: new version fully uploaded before traffic switches. No partial states.
-      - Rollback = redeploy previous build artifact. Must complete in < 30 seconds.
-
-      ### Cache Strategy
-      - HTML: `Cache-Control: public, max-age=300, stale-while-revalidate=86400`.
-        Short-lived so deploys take effect quickly.
-      - Hashed assets (JS, CSS, images): `Cache-Control: public, max-age=31536000, immutable`.
-        Filename changes on content change — cache forever.
-      - Invalidate CDN cache on deploy (automatic on Netlify/Vercel/CF Pages; manual on CloudFront).
-
-  - id: web-static-smoke-testing
-    tier: recommended
-    title: "Static Site Smoke Testing (Post-Deploy)"
-    content: |
-      ## Static Site Smoke Testing
-
-      ### Required: Playwright Full Browser
-      Tag all smoke tests `@smoke` for isolated execution:
-      ```
-      npx playwright test --config playwright.smoke.config.ts --grep @smoke
-      ```
-
-      Minimum smoke suite:
-      - **Key pages load**: home + primary section pages render, no console errors, title present
-      - **No broken assets**: no 404 network requests (images, JS, CSS)
-      - **404 handling**: non-existent path returns 404, custom error page renders (not browser default)
-      - **HTTPS redirect**: `http://` redirects to `https://` (if applicable)
-
-      ```typescript
-      // tests/smoke/site.smoke.ts
-      import { test, expect } from '@playwright/test';
-
-      const KEY_PAGES = ['/', '/about', '/contact'];
-
-      for (const path of KEY_PAGES) {
-        test(`@smoke ${path} loads without broken assets`, async ({ page }) => {
-          const failed: string[] = [];
-          page.on('requestfailed', r => failed.push(r.url()));
-          page.on('response', r => { if (r.status() === 404) failed.push(r.url()); });
-          await page.goto(path);
-          await expect(page).toHaveTitle(/.+/);
-          expect(failed).toHaveLength(0);
-        });
-      }
-
-      test('@smoke 404 renders custom page', async ({ page }) => {
-        const res = await page.goto('/this-path-does-not-exist-smoke-xyz');
-        expect(res?.status()).toBe(404);
-        await expect(page.locator('body')).not.toBeEmpty();
-      });
-      ```
+tag: WEB-STATIC
+section: instructions
+blocks:
+  - id: static-site-architecture
+    tier: recommended
+    title: "Static Site Architecture"
+    content: |
+      ## Static Site & Jamstack Patterns
+
+      - Use Static Site Generation (SSG) as the default rendering strategy; reserve SSR or ISR only for pages requiring dynamic data at request time.
+      - Pre-render all content pages at build time. Ensure the build pipeline fails fast on broken links, missing assets, or template errors.
+      - Separate content from presentation: store structured content in Markdown, MDX, or a headless CMS, and consume it via build-time data fetching.
+      - Implement incremental builds where supported to keep build times under 60 seconds for content-heavy sites.
+      - Use content hashing for all emitted assets (JS, CSS, images) to enable aggressive, immutable caching (`Cache-Control: public, max-age=31536000, immutable`).
+      - Serve the site behind a CDN. Configure cache invalidation on deploy so users never see stale HTML entry points.
+      - Generate a `sitemap.xml` and `robots.txt` at build time. Include canonical URLs and Open Graph meta tags on every page.
+      - Keep JavaScript payload minimal. Audit bundle size on every PR; set a performance budget (e.g., < 100 KB compressed JS for the critical path).
+
+  - id: asset-optimization
+    tier: recommended
+    title: "Asset Optimization"
+    content: |
+      ## Asset Optimization & Performance
+
+      - Serve images in modern formats (WebP/AVIF) with `<picture>` fallbacks. Use responsive `srcset` and `sizes` attributes to deliver appropriately sized images.
+      - Inline critical CSS for above-the-fold content and defer non-critical stylesheets. Avoid render-blocking resources.
+      - Enable Brotli or gzip compression on the CDN/server for all text-based assets (HTML, CSS, JS, SVG, JSON).
+      - Lazy-load below-the-fold images and iframes using `loading="lazy"` or Intersection Observer.
+      - Preload key resources (`<link rel="preload">`) such as fonts and hero images. Use `font-display: swap` to prevent FOIT.
+      - Minimize third-party scripts. Load analytics and tracking asynchronously and after the main content is interactive.
+      - Run Lighthouse CI in the build pipeline; fail the build if performance score drops below the agreed threshold (e.g., 90).
+
+  - id: html-css-best-practices
+    tier: recommended
+    title: "HTML & CSS Best Practices"
+    content: |
+      ## HTML & CSS Quality Standards
+
+      - Write semantic HTML5 markup. Use `<header>`, `<nav>`, `<main>`, `<article>`, `<section>`, and `<footer>` to convey document structure.
+      - Ensure all pages pass WCAG 2.1 AA. Provide alt text for images, proper heading hierarchy, sufficient color contrast, and keyboard navigability.
+      - Use CSS custom properties (variables) for theming. Maintain a design-token file as the single source of truth for colors, spacing, and typography.
+      - Prefer utility-first or modular CSS methodologies (e.g., Tailwind, CSS Modules) to avoid specificity conflicts and dead CSS accumulation.
+      - Validate HTML output with the W3C validator in CI. Fix all errors; treat warnings as errors in new code.
+      - Support dark mode via `prefers-color-scheme` media query or a user-togglable theme that persists in `localStorage`.
+
+  - id: static-deployment
+    tier: recommended
+    title: "Static Site Deployment"
+    content: |
+      ## Static Site Deployment
+
+      ### Platforms
+      - **Netlify**: Git-push deploy, instant rollbacks, form handling, edge functions, split testing.
+        Free tier generous for static sites. Build plugins for Lighthouse, broken link detection.
+      - **Vercel**: Zero-config for Next.js/Astro/SvelteKit. Preview deployments per PR.
+      - **Cloudflare Pages**: Unlimited bandwidth, global edge network, Pages Functions for dynamic routes.
+      - **GitHub Pages**: Free for open-source. Limited (no server functions, no redirects file natively).
+        Suitable for docs sites and project landing pages only.
+      - **AWS S3 + CloudFront**: Maximum control, lowest cost at scale. Use `aws-cdk` or Terraform
+        to define the stack: S3 bucket (private) → CloudFront distribution → Route53 DNS → ACM cert.
+
+      ### Build Pipeline
+      - Build locally mirrors CI exactly (same Node version, same env vars). Use `.nvmrc` or `.node-version`.
+      - Build output is a static directory (`dist/`, `out/`, `public/`). No server process.
+      - Atomic deploys: new version fully uploaded before traffic switches. No partial states.
+      - Rollback = redeploy previous build artifact. Must complete in < 30 seconds.
+
+      ### Cache Strategy
+      - HTML: `Cache-Control: public, max-age=300, stale-while-revalidate=86400`.
+        Short-lived so deploys take effect quickly.
+      - Hashed assets (JS, CSS, images): `Cache-Control: public, max-age=31536000, immutable`.
+        Filename changes on content change — cache forever.
+      - Invalidate CDN cache on deploy (automatic on Netlify/Vercel/CF Pages; manual on CloudFront).
+
+  - id: web-static-smoke-testing
+    tier: recommended
+    title: "Static Site Smoke Testing (Post-Deploy)"
+    content: |
+      ## Static Site Smoke Testing
+
+      ### Required: Playwright Full Browser
+      Tag all smoke tests `@smoke` for isolated execution:
+      ```
+      npx playwright test --config playwright.smoke.config.ts --grep @smoke
+      ```
+
+      Minimum smoke suite:
+      - **Key pages load**: home + primary section pages render, no console errors, title present
+      - **No broken assets**: no 404 network requests (images, JS, CSS)
+      - **404 handling**: non-existent path returns 404, custom error page renders (not browser default)
+      - **HTTPS redirect**: `http://` redirects to `https://` (if applicable)
+
+      ```typescript
+      // tests/smoke/site.smoke.ts
+      import { test, expect } from '@playwright/test';
+
+      const KEY_PAGES = ['/', '/about', '/contact'];
+
+      for (const path of KEY_PAGES) {
+        test(`@smoke ${path} loads without broken assets`, async ({ page }) => {
+          const failed: string[] = [];
+          page.on('requestfailed', r => failed.push(r.url()));
+          page.on('response', r => { if (r.status() === 404) failed.push(r.url()); });
+          await page.goto(path);
+          await expect(page).toHaveTitle(/.+/);
+          expect(failed).toHaveLength(0);
+        });
+      }
+
+      test('@smoke 404 renders custom page', async ({ page }) => {
+        const res = await page.goto('/this-path-does-not-exist-smoke-xyz');
+        expect(res?.status()).toBe(404);
+        await expect(page.locator('body')).not.toBeEmpty();
+      });
+      ```

package/templates/web-static/mcp-servers.yaml

@@ -1,20 +1,20 @@
-tag: WEB-STATIC
-section: mcp-servers
-servers:
-  - name: chrome-devtools
-    description: "Chrome DevTools integration for debugging, profiling, and network inspection"
-    command: npx
-    args: ["-y", "@anthropic/chrome-devtools-mcp@latest"]
-    tags: [WEB-REACT, WEB-STATIC, ANALYTICS]
-    category: devtools
-    tier: recommended
-    url: "https://github.com/anthropics/anthropic-quickstarts/tree/main/chrome-devtools-mcp"
-
-  - name: playwright
-    description: "Browser automation for E2E testing, screenshots, and web scraping"
-    command: npx
-    args: ["-y", "@anthropic/mcp-server-playwright"]
-    tags: [WEB-REACT, WEB-STATIC]
-    category: testing
-    tier: recommended
-    url: "https://github.com/anthropics/anthropic-quickstarts/tree/main/mcp-server-playwright"
+tag: WEB-STATIC
+section: mcp-servers
+servers:
+  - name: chrome-devtools
+    description: "Chrome DevTools integration for debugging, profiling, and network inspection"
+    command: npx
+    args: ["-y", "@anthropic/chrome-devtools-mcp@latest"]
+    tags: [WEB-REACT, WEB-STATIC, ANALYTICS]
+    category: devtools
+    tier: recommended
+    url: "https://github.com/anthropics/anthropic-quickstarts/tree/main/chrome-devtools-mcp"
+
+  - name: playwright
+    description: "Browser automation for E2E testing, screenshots, and web scraping"
+    command: npx
+    args: ["-y", "@anthropic/mcp-server-playwright"]
+    tags: [WEB-REACT, WEB-STATIC]
+    category: testing
+    tier: recommended
+    url: "https://github.com/anthropics/anthropic-quickstarts/tree/main/mcp-server-playwright"

package/templates/web3/instructions.yaml

@@ -1,44 +1,44 @@
-tag: WEB3
-section: instructions
-blocks:
-  - id: smart-contract-patterns
-    tier: recommended
-    title: "Smart Contract Design"
-    content: |
-      ## Smart Contract Design Patterns
-
-      - Follow the Checks-Effects-Interactions pattern in every state-mutating function: validate inputs, update state, then make external calls. This prevents reentrancy attacks.
-      - Use the proxy pattern (UUPS or Transparent Proxy) for upgradeable contracts. Separate storage layout from logic, and never change the order of existing storage variables.
-      - Minimize on-chain storage. Store large data off-chain (IPFS, Arweave) and keep only content hashes on-chain for verification.
-      - Emit events for every significant state change. Events are the primary mechanism for off-chain indexers and UIs to track contract activity.
-      - Use OpenZeppelin's audited base contracts for standard functionality (ERC-20, ERC-721, ERC-1155, AccessControl, ReentrancyGuard) rather than writing from scratch.
-      - Implement access control with role-based patterns. Use multi-sig or timelocks for admin operations to prevent single points of compromise.
-      - Write comprehensive Solidity NatSpec comments for every public and external function, including `@param`, `@return`, and `@notice` tags.
-      - Target 100% branch coverage in contract tests. Test edge cases: zero values, max uint values, unauthorized callers, reentrancy attempts, and contract self-destruction scenarios.
-
-  - id: gas-optimization
-    tier: recommended
-    title: "Gas Optimization"
-    content: |
-      ## Gas Optimization Strategies
-
-      - Pack struct fields by size to minimize storage slots. Group `uint128` pairs, `bool` clusters, and `address` + smaller types into single 32-byte slots.
-      - Use `calldata` instead of `memory` for read-only function parameters in external functions to avoid unnecessary copying.
-      - Prefer mappings over arrays for lookups. If iteration is needed, maintain a separate array of keys alongside the mapping.
-      - Batch operations where possible: multi-transfer, batch minting, and batch approvals reduce per-transaction overhead.
-      - Use custom errors (`error InsufficientBalance(uint256 available, uint256 required)`) instead of `require` strings to save deployment and runtime gas.
-      - Cache storage variables in local `memory` or `stack` variables when accessed multiple times within a function.
-      - Profile gas usage in tests using Hardhat's gas reporter. Set gas budgets per function and fail CI if a change exceeds the budget.
-
-  - id: wallet-offchain
-    tier: recommended
-    title: "Wallet Integration & Off-Chain Patterns"
-    content: |
-      ## Wallet Integration & Off-Chain Architecture
-
-      - Support multiple wallet providers (MetaMask, WalletConnect, Coinbase Wallet) via a unified connector abstraction. Never hard-code a single provider.
-      - Handle chain switching and network mismatch gracefully. Prompt users to switch networks and display clear error messages for unsupported chains.
-      - Use EIP-712 typed structured data for off-chain signature requests so users can read and understand what they are signing.
-      - Implement an off-chain indexer (The Graph, custom) to serve query-heavy read operations. Never query the blockchain directly from the frontend for list or aggregate views.
-      - Design for L2 and multi-chain: abstract chain-specific logic behind an interface so the application can deploy to new chains without rewriting business logic.
-      - Validate all inputs on-chain even if they were validated off-chain. Off-chain validation is a UX convenience; on-chain validation is the security boundary.
+tag: WEB3
+section: instructions
+blocks:
+  - id: smart-contract-patterns
+    tier: recommended
+    title: "Smart Contract Design"
+    content: |
+      ## Smart Contract Design Patterns
+
+      - Follow the Checks-Effects-Interactions pattern in every state-mutating function: validate inputs, update state, then make external calls. This prevents reentrancy attacks.
+      - Use the proxy pattern (UUPS or Transparent Proxy) for upgradeable contracts. Separate storage layout from logic, and never change the order of existing storage variables.
+      - Minimize on-chain storage. Store large data off-chain (IPFS, Arweave) and keep only content hashes on-chain for verification.
+      - Emit events for every significant state change. Events are the primary mechanism for off-chain indexers and UIs to track contract activity.
+      - Use OpenZeppelin's audited base contracts for standard functionality (ERC-20, ERC-721, ERC-1155, AccessControl, ReentrancyGuard) rather than writing from scratch.
+      - Implement access control with role-based patterns. Use multi-sig or timelocks for admin operations to prevent single points of compromise.
+      - Write comprehensive Solidity NatSpec comments for every public and external function, including `@param`, `@return`, and `@notice` tags.
+      - Target 100% branch coverage in contract tests. Test edge cases: zero values, max uint values, unauthorized callers, reentrancy attempts, and contract self-destruction scenarios.
+
+  - id: gas-optimization
+    tier: recommended
+    title: "Gas Optimization"
+    content: |
+      ## Gas Optimization Strategies
+
+      - Pack struct fields by size to minimize storage slots. Group `uint128` pairs, `bool` clusters, and `address` + smaller types into single 32-byte slots.
+      - Use `calldata` instead of `memory` for read-only function parameters in external functions to avoid unnecessary copying.
+      - Prefer mappings over arrays for lookups. If iteration is needed, maintain a separate array of keys alongside the mapping.
+      - Batch operations where possible: multi-transfer, batch minting, and batch approvals reduce per-transaction overhead.
+      - Use custom errors (`error InsufficientBalance(uint256 available, uint256 required)`) instead of `require` strings to save deployment and runtime gas.
+      - Cache storage variables in local `memory` or `stack` variables when accessed multiple times within a function.
+      - Profile gas usage in tests using Hardhat's gas reporter. Set gas budgets per function and fail CI if a change exceeds the budget.
+
+  - id: wallet-offchain
+    tier: recommended
+    title: "Wallet Integration & Off-Chain Patterns"
+    content: |
+      ## Wallet Integration & Off-Chain Architecture
+
+      - Support multiple wallet providers (MetaMask, WalletConnect, Coinbase Wallet) via a unified connector abstraction. Never hard-code a single provider.
+      - Handle chain switching and network mismatch gracefully. Prompt users to switch networks and display clear error messages for unsupported chains.
+      - Use EIP-712 typed structured data for off-chain signature requests so users can read and understand what they are signing.
+      - Implement an off-chain indexer (The Graph, custom) to serve query-heavy read operations. Never query the blockchain directly from the frontend for list or aggregate views.
+      - Design for L2 and multi-chain: abstract chain-specific logic behind an interface so the application can deploy to new chains without rewriting business logic.
+      - Validate all inputs on-chain even if they were validated off-chain. Off-chain validation is a UX convenience; on-chain validation is the security boundary.

package/templates/web3/mcp-servers.yaml

@@ -1,11 +1,11 @@
-tag: WEB3
-section: mcp-servers
-servers:
-  - name: solidity
-    description: "Solidity smart contract development — compilation, ABI generation, and deployment helpers"
-    command: npx
-    args: ["-y", "mcp-server-solidity"]
-    tags: [WEB3]
-    category: devtools
-    tier: recommended
-    url: "https://github.com/AIMONGmbH/solidity-mcp-server"
+tag: WEB3
+section: mcp-servers
+servers:
+  - name: solidity
+    description: "Solidity smart contract development — compilation, ABI generation, and deployment helpers"
+    command: npx
+    args: ["-y", "mcp-server-solidity"]
+    tags: [WEB3]
+    category: devtools
+    tier: recommended
+    url: "https://github.com/AIMONGmbH/solidity-mcp-server"