prizmkit 1.1.53 → 1.1.55

package/bundled/skills/app-planner/references/rules/frontend/fixed-rules.md

@@ -0,0 +1,188 @@
+# Fixed Rules — Complete Frontend Fixed Rules
+
+> This file is read by the `frontend-rules` skill in Phase 1 and injected directly into `frontend-rules.md`.
+> These rules are industry consensus / best practices — **do not ask the user**.
+> Every rule includes RATIONALE so the AI understands intent, not just constraints.
+
+---
+
+## F1. Types & Code Quality
+
+### F1.1 TypeScript Strict Mode
+- **Rule**: `tsconfig.json` must enable `"strict": true`.
+- **Forbidden**: Using `any`. Use `unknown` and apply type guards before use.
+- **Forbidden**: `@ts-ignore`. If ignoring is necessary, use `@ts-expect-error` with a reason comment.
+- **RATIONALE**: Types are the safety net for large projects. AI understands context more accurately in strict mode.
+
+### F1.2 Lint & Formatting
+- **Rule**: ESLint + Prettier config must be committed to the repository root.
+- **Rule**: Git pre-commit hooks (husky + lint-staged) enforce lint and format.
+- **Forbidden**: Committing `console.log`, `debugger`, unattributed `TODO` (must include issue number or owner).
+- **RATIONALE**: Automated guardrails are always more reliable than manual review.
+
+### F1.3 Naming Conventions
+- **Component files**: PascalCase (`UserCard.tsx`)
+- **Hook files**: camelCase prefixed with `use` (`useAuth.ts`)
+- **Utility functions**: camelCase (`formatDate.ts`)
+- **Constants**: SCREAMING_SNAKE_CASE (`MAX_RETRY_COUNT`)
+- **Types/Interfaces**: PascalCase. Avoid `I` prefix (`User`, not `IUser`).
+- **Forbidden**: Pinyin names, meaningless abbreviations (`a`/`b`/`tmp`), numeric suffixes (`button2`/`utils3`).
+- **RATIONALE**: Consistent naming significantly improves AI search/completion hit rates.
+
+---
+
+## F2. Style Deny List (universally applicable)
+
+- **Forbid** `!important` (unless overriding uncontrollable third-party styles, with a comment explaining why).
+- **Forbid** hardcoded color values (must use design tokens).
+- **Forbid** hardcoded font sizes, line heights, spacing, border radius, shadows, animation durations.
+- **Forbid** magic numbers (must use named constants).
+- **Forbid** inline `style` attributes (unless for dynamically computed positions/sizes, with a comment).
+- **Forbid** raw `z-index` numbers (must use a z-index layer constant).
+- **RATIONALE**: Hardcoded values make the design system meaningless. Once AI learns to hardcode, it spreads everywhere.
+
+---
+
+## F3. Component Design
+
+### F3.1 Component Contract
+- **Rule**: All Props must have complete TypeScript types. Forbid `Props: any`.
+- **Rule**: Components must support `className` forwarding, merged via `clsx`/`cn`.
+- **Rule**: Controlled vs. uncontrolled must be explicit. "Semi-controlled" is not allowed.
+- **Rule**: Exposed `ref` must use `forwardRef` with typing.
+- **RATIONALE**: Unclear component contracts are the main reason AI breaks three things when changing one.
+
+### F3.2 File Size
+- **Rule**: Single component file ≤ 300 lines (including comments).
+- **Rule**: Beyond this, split by logic/view/types into the same directory.
+- **RATIONALE**: Beyond 300 lines, the risk of AI losing context during modification spikes sharply.
+
+### F3.3 Four-State Completeness
+- **Rule**: All data-driven views must explicitly handle `loading` / `error` / `empty` / `success` states.
+- **Forbid**: Using `data && <UI/>` to gloss over the empty state.
+- **RATIONALE**: Missing states are the largest source of hidden UX bugs.
+
+---
+
+## F4. Internationalization (i18n) Baseline
+
+- **Forbid**: Hardcoding any user-visible text (buttons, titles, tooltips, error messages, empty states, placeholders).
+- **Rule**: All user-visible text must use i18n keys.
+- **Rule**: i18n key naming follows `page.section.element` three-segment format (e.g., `login.form.submitBtn`).
+- **Exception**: Pure brand names, trademarks, fixed acronyms (like `API`, `URL`) may be hardcoded.
+- **RATIONALE**: Even for single-language projects, reserving the i18n channel costs almost nothing. Retrofitting it later costs an enormous amount.
+
+---
+
+## F5. Error Handling
+
+- **Rule**: Route-level ErrorBoundary must exist.
+- **Rule**: Async operations must have loading + error UI. "Silent failure" is not allowed.
+- **Rule**: API failures must have user notification (toast/inline) + retry entry.
+- **Rule**: Caught errors must be reported to monitoring (Sentry / custom).
+- **Forbid**: `catch(e) {}` empty catch blocks.
+- **RATIONALE**: The worst frontend experience isn't a bug — it's "nothing happened."
+
+---
+
+## F6. Accessibility (a11y Baseline)
+
+- **Rule**: All interactive elements must be keyboard-operable (Tab/Enter/Space/Esc).
+- **Rule**: Images must have `alt`. Decorative images use `alt=""`.
+- **Rule**: Icon buttons must have `aria-label`.
+- **Rule**: Form controls must be associated with `<label>` (`htmlFor` or wrapping).
+- **Rule**: Modal open must move focus into the modal. Modal close must return focus to the trigger element.
+- **Forbid**: `<div onClick>` as a substitute for `<button>`.
+- **Forbid**: Conveying information through color alone (must pair with icon/text).
+- **RATIONALE**: a11y is not a moral requirement — it's a legal requirement (GDPR/ADA), and SEO shares the same foundation.
+
+---
+
+## F7. Git Collaboration
+
+### F7.1 Branching & Commits
+- **Branch naming**: `feat/xxx`, `fix/xxx`, `refactor/xxx`, `chore/xxx`, `docs/xxx`.
+- **Commit messages**: Follow Conventional Commits (`type(scope): subject`).
+- **Rule**: Main branch protection. PR + Code Review required to merge.
+- **Rule**: Single PR changes ≤ 500 lines (generated code excluded). Beyond this, must split.
+
+### F7.2 PR Self-Check Checklist (must review each item)
+- [ ] Local `lint` / `typecheck` / `test` all green
+- [ ] New components registered in component index
+- [ ] New user-visible text has i18n keys
+- [ ] Four states (loading/error/empty/success) covered
+- [ ] No hardcoded colors/font sizes/spacing
+- [ ] No `console.log` / `debugger` / `any`
+- [ ] Key changes have supporting description (screenshots / recordings / design links)
+
+---
+
+## F8. Security Baseline
+
+- **Forbid**: Writing API keys, tokens, or secrets into frontend code.
+- **Forbid**: Using `dangerouslySetInnerHTML` / `v-html` to render user input (must sanitize).
+- **Rule**: All external links with `target="_blank"` must include `rel="noopener noreferrer"`.
+- **Rule**: Form submission requires client-side validation, but **forbid** relying solely on client-side validation.
+- **Rule**: Sensitive operations (delete, payment) require secondary confirmation.
+- **RATIONALE**: The frontend is an attack surface, not a security boundary.
+
+---
+
+## F9. AI Vibecoding Baseline Constraints (project-agnostic, always active)
+
+### F9.1 Search First
+- **Rule**: Before generating a new component, AI must search the `src/components/` index to check if a similar component already exists.
+- **Rule**: Before generating a utility function, AI must search `src/utils/` / `src/hooks/`. Forbid reinventing the wheel.
+
+### F9.2 Dependency Control
+- **Rule**: AI must not introduce new npm dependencies on its own.
+- **Rule**: If a new dependency is truly needed, AI must **explicitly list** in its response: package name, version, reason, alternative comparison. Human reviews the `package.json` change.
+
+### F9.3 Breaking Changes
+- **Rule**: Before modifying a shared component / common hook / common type, AI must first list **all callers**.
+- **Rule**: If the change would break callers, AI must provide a migration plan or refuse the change.
+
+### F9.4 Context Honesty
+- **Rule**: When uncertain, AI must explicitly say "I'm not sure." Forbid inventing API paths, file paths, or field names.
+- **Rule**: AI must read the latest file contents before modifying. Forbid generating diffs based on guesswork.
+
+### F9.5 Comment Obligation
+- **Rule**: Non-obvious AI-generated code must include a "why" comment (not "what").
+- **Forbid**: AI deleting existing comments (unless the corresponding code is also deleted).
+
+---
+
+## F10. Performance Baseline
+
+- **Rule**: List rendering must have `key`, and `key` must not use index (unless the list is purely static).
+- **Rule**: Long lists (>100 items) must use virtual scrolling.
+- **Rule**: Routes must be code-split (dynamic import).
+- **Rule**: Images must be lazy-loaded (`loading="lazy"`) + modern formats (webp/avif) + explicit width/height (prevents CLS).
+- **Rule**: Avoid creating new objects/functions in render (unless wrapped with memo).
+- **RATIONALE**: These are zero-cost performance optimizations. There is no reason not to do them.
+
+---
+
+## Injection Instructions (for the AI executing this skill)
+
+Each chapter in this file corresponds to a `{{ FIXED_RULES_* }}` placeholder in the template. During Phase 4 rendering, copy each chapter's full body (including RATIONALE) directly into the corresponding placeholder:
+
+| Chapter | Inject Into Placeholder | Template Section |
+|---------|------------------------|-------------------|
+| F1.1 TypeScript Strict Mode | `{{ FIXED_RULES_TYPESCRIPT }}` | §3.1 Type Safety |
+| F1.3 Naming Conventions | `{{ FIXED_RULES_NAMING }}` | §3.2 Naming Conventions |
+| F2 Style Deny List | `{{ FIXED_RULES_DENY_LIST }}` | §1.5 Style Deny List |
+| F3.1 Component Contract | `{{ FIXED_RULES_COMPONENT_CONTRACT }}` | §2.1 Component Contract |
+| F4 i18n Baseline | `{{ FIXED_RULES_I18N_BASELINE }}` | §5.4 Internationalization |
+| F5 Error Handling | `{{ FIXED_RULES_ERROR_HANDLING }}` | §5.2 Error Handling Rules |
+| F6 a11y Baseline | `{{ FIXED_RULES_A11Y }}` | §5.3 Accessibility |
+| F7 Git Collaboration | `{{ FIXED_RULES_GIT }}` | §8.1 Branching & Commits |
+| F8 Security Baseline | `{{ FIXED_RULES_SECURITY }}` | §9 Security Baseline |
+| F9 AI Baseline Constraints | `{{ FIXED_RULES_AI_BASE }}` | §7.1 Baseline Constraints |
+| F10 Performance Baseline | `{{ FIXED_RULES_PERFORMANCE }}` | §5.5 Performance Baseline |
+
+**Rendering rules**:
+1. For chapters marked "already present as fixed text in template", AI does not need to re-inject — the template has them hardcoded.
+2. Chapters marked "merged into..." should be prepended as baseline rules at the front of the corresponding derivation rule blocks.
+3. **RATIONALE fields must be preserved** — they give AI the basis for judgment at boundary cases.
+4. Keep the original markdown list structure when injecting. Do not rewrite as prose paragraphs.

package/bundled/skills/app-planner/references/rules/frontend/question-bank.md

@@ -0,0 +1,302 @@
+# Question Bank — Frontend Interactive Question Bank
+
+> This file is read on demand by SKILL.md in Phase 2. The AI must strictly follow the group order defined in this file, asking **one group at a time (1–5 questions)**, never dumping all questions at once.
+> For every question, show the user: question number, question text, options, **recommended choice (marked "Recommended")**, and a one-line description.
+> After each user response, immediately record the choice to internal state `answers[Qx] = ...` and proceed to the next group.
+
+---
+
+## Asking Rules
+
+1. **Group order**: G1 → G2 → G3 → G4 → G5 → G6 → G7 → G8 → G9. Do not skip.
+2. **Shortcut commands** (respond immediately when user types these at any point):
+   - `recommended` / `default` → skip current group, adopt all recommended options
+   - `all recommended` / `one-click` → skip all remaining groups, adopt all recommended options
+   - `strict` / `strictest` → adopt the strictest option for the current group
+   - `skip` / `don't need this` → mark current group as N/A, note in output that "project does not require this yet"
+   - `custom: xxx` → record user's custom content, do not match against options
+3. **Abbreviation recognition**: `A` / `a` / `1` all mean option A. `A,C` means multi-select (only for multi-select questions).
+4. **Follow-up rule**: If the user gives an answer outside the options (e.g., "I use Astro"), first confirm whether to classify as an "other" branch of an existing option before continuing.
+5. **Forbidden behaviors**:
+   - Must not make choices for the user before they explicitly answer.
+   - Must not fabricate user preferences to complete the answer set.
+   - Must not output more than 3 questions in a single message.
+
+---
+
+## Group Overview
+
+| Group | Topic | Questions | Count |
+|-------|-------|-----------|-------|
+| G1 | Tech Stack | Q1–Q3 | 3 |
+| G2 | Styling | Q4–Q4b | 2 |
+| G3 | State & Data Fetching | Q5–Q7 | 3 |
+| G4 | Design System | Q8–Q10 | 3 |
+| G5 | Responsive & Adaptation | Q11–Q12 | 2 |
+| G6 | i18n & Accessibility | Q13–Q14 | 2 |
+| G7 | Testing & Quality | Q15–Q17 | 3 |
+| G8 | AI Vibecoding Constraints | Q18–Q22 | 5 |
+| G9 | Performance Baseline | Q23–Q24 | 2 |
+
+Total: 25 questions.
+
+---
+
+## G1 — Tech Stack
+
+### Q1. Frontend Framework
+- **Options**:
+  - A) React 18+ **【Recommended】**
+  - B) Vue 3
+  - C) Svelte 5
+  - D) Solid
+  - E) Custom (specify version)
+- **Note**: Determines which hooks/Composition API-specific rules are injected.
+- **Maps to**: `{{ framework }}` (TL;DR) + `{{ tech_stack_rules }}` (derivation injection)
+
+### Q2. Meta-Framework
+- **Options**:
+  - A) Next.js (App Router) **【Recommended for React projects】**
+  - B) Nuxt (Recommended for Vue projects)
+  - C) Remix
+  - D) Plain SPA (Vite)
+  - E) Custom
+- **Note**: Affects SSR/RSC, routing conventions, data fetching rules.
+- **Maps to**: `{{ meta_framework }}` (TL;DR + §2.4) + `{{ tech_stack_rules }}` (derivation injection)
+
+### Q3. Package Manager
+- **Options**:
+  - A) pnpm **【Recommended】**
+  - B) npm
+  - C) yarn
+  - D) bun
+- **Strict option**: A (pnpm, enforced workspace + lockfile commit)
+- **Note**: Affects monorepo capability, CI caching, lockfile rules.
+- **Maps to**: `{{ package_manager }}` (TL;DR) + `{{ tech_stack_rules }}` (derivation injection)
+
+---
+
+## G2 — Styling
+
+### Q4. Styling Solution (**single choice, no mixing**)
+- **Options**:
+  - A) Tailwind CSS **【Recommended: atomic, AI-friendly】**
+  - B) CSS Modules
+  - C) CSS-in-JS (styled-components / emotion)
+  - D) UnoCSS
+  - E) Plain CSS + BEM
+- **Strict option**: A (Tailwind + forbid arbitrary values)
+- **Note**: This choice determines the D2 branch rule set injected by derivation-rules.md (each option has dedicated rules).
+- **Maps to**: `{{ style_solution }}` (TL;DR) + `{{ style_specific_rules }}` (derivation injection into §2.3)
+
+### Q4b. Font Loading Strategy
+- **Options**:
+  - A) Self-hosted with font-display: swap **【Recommended: best performance + privacy】**
+  - B) Google Fonts / CDN with font-display: swap
+  - C) System font stack only (no custom fonts)
+  - D) Not decided yet
+- **Note**: Affects font loading performance and privacy. A provides the best control; B is simpler but adds a third-party dependency; C has zero download overhead.
+- **Maps to**: `{{ font_strategy }}` (TL;DR) + `{{ performance_rules }}` (additional derivation)
+
+---
+
+## G3 — State & Data Fetching
+
+### Q5. Global State Library
+- **Options**:
+  - A) Zustand **【Recommended for React】**
+  - B) Pinia **【Recommended for Vue】**
+  - C) Redux Toolkit
+  - D) Jotai / Valtio
+  - E) Context / Provide-Inject only, no global store
+- **Note**: Recommendation depends on Q1 framework choice.
+- **Maps to**: `{{ state_lib }}` (TL;DR + §4.1) + `{{ state_rules }}` (derivation injection)
+
+### Q6. Server State Library
+- **Options**:
+  - A) TanStack Query **【Recommended】**
+  - B) SWR
+  - C) RTK Query
+  - D) Custom fetch hook wrapper
+- **Strict option**: A (TanStack Query + enforced queryKey convention)
+- **Note**: Affects API caching, retry, and staleTime rules.
+- **Maps to**: `{{ server_state_lib }}` (TL;DR + §4.2) + `{{ server_state_rules }}` (derivation injection)
+
+### Q7. API Type Source
+- **Options**:
+  - A) Backend OpenAPI auto-generation **【Recommended】**
+  - B) Backend Protobuf generation
+  - C) Hand-written .d.ts
+  - D) Shared monorepo type package with backend
+- **Strict option**: A or B (eliminates hand-written types)
+- **Note**: Determines whether to inject the "forbid hand-written API types" constraint.
+- **Maps to**: `{{ api_type_source }}` (TL;DR + §4.3) + `{{ server_state_rules }}` (derivation injection)
+
+---
+
+## G4 — Design System
+
+### Q8. Primary Design/Mockup Source
+- **Options**:
+  - A) Existing HTML prototype in `temp/` directory
+  - B) Existing Figma designs
+  - C) Other location (specify path)
+  - D) None, starting from scratch
+- **Note**: If multiple sources exist, select the primary one. Additional sources will be noted in the output. A/B trigger a "design extraction" step (annotate token sources in output). D triggers a "recommend doing a style direction first" hint.
+- **Maps to**: `{{ design_source }}` (document header metadata)
+
+### Q9. Token Naming Layers
+- **Options**:
+  - A) Three-layer (primitive / semantic / component) **【Recommended】**
+  - B) Two-layer (base / semantic)
+  - C) Single-layer (semantic only)
+- **Strict option**: A
+- **Note**: Three layers makes theme switching and brand reuse straightforward.
+- **Maps to**: `{{ token_layering }}` (TL;DR) + `{{ token_layering_rules }}` (derivation injection into §1.1)
+
+### Q10. Dark Mode
+- **Options**:
+  - A) Supported, via CSS variable switching **【Recommended】**
+  - B) Supported, via class switching (Tailwind `dark:` prefix)
+  - C) Not supported
+- **Note**: Choosing A/B auto-injects "tokens must include both light/dark value pairs" rule.
+- **Maps to**: `{{ dark_mode }}` (TL;DR) + `{{ dark_mode_rules }}` (derivation injection into §1.3)
+
+---
+
+## G5 — Responsive & Adaptation
+
+### Q11. Adaptation Strategy
+- **Options**:
+  - A) Mobile-first **【Recommended】**
+  - B) Desktop-first
+  - C) Desktop only
+  - D) Mobile only
+- **Note**: Determines media query writing direction and default style conventions.
+- **Maps to**: `{{ responsive_strategy }}` (TL;DR) + `{{ breakpoint_rules }}` (derivation injection into §1.4)
+
+### Q12. Breakpoint Scheme
+- **Options**:
+  - A) Tailwind defaults (sm 640 / md 768 / lg 1024 / xl 1280 / 2xl 1536) **【Recommended】**
+  - B) Material Design (xs / sm / md / lg / xl)
+  - C) Custom (provide full breakpoint table)
+- **Note**: Choosing A with Q4=Tailwind locks the breakpoints.
+- **Maps to**: `{{ breakpoint_rules }}` (derivation injection into §1.4)
+
+---
+
+## G6 — i18n & Accessibility
+
+### Q13. Internationalization (i18n)
+- **Options**:
+  - A) Multi-language with full i18n framework (specify: zh-CN, en-US, ja-JP, etc.)
+  - B) Single-language, but text centralized in i18n files for future expansion **【Recommended: early-stage projects】**
+  - C) Single-language, hardcoding allowed (no i18n infrastructure)
+- **Note**: Choosing A auto-injects i18n key naming rules and forbid hardcoding user-visible text. B centralizes text but does not require multi-language support. C allows hardcoding and requires no i18n infrastructure.
+- **Maps to**: `{{ i18n }}` (TL;DR) + `{{ i18n_rules }}` (derivation injection into §5.4)
+
+### Q14. Accessibility Target
+- **Options**:
+  - A) WCAG 2.1 AA **【Recommended】**
+  - B) WCAG 2.1 AAA
+  - C) Basic keyboard reachability only
+- **Strict option**: B
+- **Note**: Affects contrast ratio thresholds and ARIA check strictness.
+- **Maps to**: `{{ a11y_level }}` (TL;DR + §5.3) + `{{ a11y_extra_rules }}` (injected into §5.3)
+
+---
+
+## G7 — Testing & Quality
+
+### Q15. Test Coverage Requirements
+- **Options**:
+  - A) Shared component unit tests + critical path E2E **【Recommended】**
+  - B) Unit tests only
+  - C) E2E only
+  - D) Not required yet
+- **Strict option**: A + enforced coverage ≥ 80%
+- **Note**: Determines whether Q16/Q17 need to be asked.
+- **Maps to**: `{{ test_rules }}` (dynamically assembled by D-TEST-01 into §6.1)
+
+### Q16. Unit Test Framework (only ask if Q15 = A or B)
+- **Options**:
+  - A) Vitest **【Recommended for Vite/Next projects】**
+  - B) Jest
+  - C) Node test runner
+- **Note**: Match with build tool first.
+- **Maps to**: `{{ unit_test_framework }}` (TL;DR) + assembled into `{{ test_rules }}` by D-TEST-01
+
+### Q17. E2E Framework (only ask if Q15 = A or C)
+- **Options**:
+  - A) Playwright **【Recommended】**
+  - B) Cypress
+  - C) WebdriverIO
+- **Note**: Playwright has the best multi-browser support.
+- **Maps to**: `{{ e2e_framework }}` (TL;DR) + assembled into `{{ test_rules }}` by D-TEST-01
+
+---
+
+## G8 — AI Vibecoding Constraints
+
+### Q18. AI Component Index Sync
+- **Options**:
+  - A) Must sync to `src/components/index.ts` + type exports **【Recommended】**
+  - B) Not required
+- **Strict option**: A
+- **Note**: Determines whether AI will reinvent existing components. Strict is safer.
+- **Maps to**: `{{ ai_index_rule }}` (injected into §7.3)
+
+### Q19. AI Permission to Add Dependencies
+- **Options**:
+  - A) Forbid AI from adding dependencies on its own; human must review `package.json` changes **【Recommended】**
+  - B) Allowed, but must declare in PR description with alternative comparison
+  - C) Fully allowed
+- **Strict option**: A
+- **Note**: A is key for supply chain security + bundle size control.
+- **Maps to**: `{{ ai_dependency_rule }}` (injected into §7.3)
+
+### Q20. AI Impact Analysis Before Modifying Shared Components
+- **Options**:
+  - A) Must list all callers and declare in change notes first **【Recommended】**
+  - B) Not required
+- **Strict option**: A
+- **Note**: Prevents "fix one component, break ten pages."
+- **Maps to**: `{{ ai_breaking_change_rule }}` (injected into §7.3)
+
+### Q21. AI Permission to Modify Config Files
+- **Options**:
+  - A) Forbid; config files (tsconfig, vite, eslint, tailwind) must be manually edited **【Recommended】**
+  - B) Allowed to modify, but must explain each change
+- **Maps to**: `{{ ai_config_rule }}`
+
+### Q22. AI Single File Generation Limit
+- **Options**:
+  - A) 200 lines
+  - B) 300 lines **【Recommended】**
+  - C) 500 lines
+  - D) No limit
+- **Strict option**: A
+- **Note**: Exceeding the limit auto-triggers a split hint to prevent god components.
+- **Maps to**: `{{ ai_max_lines }}` (appears in TL;DR + §3.3 + §7.3 + §8.2 — AI replaces the value in all locations)
+
+---
+
+## G9 — Performance Baseline
+
+### Q23. First Screen LCP Target
+- **Options**:
+  - A) < 2.5s **【Recommended: Web Vitals "good" threshold】**
+  - B) < 1.5s (extreme performance, requires pre-rendering/edge deployment)
+  - C) Not required yet
+- **Strict option**: B
+- **Note**: Determines whether SSR/RSC, font preloading, and critical CSS inlining rules are required.
+- **Maps to**: `{{ lcp_target }}` (TL;DR) + `{{ performance_rules }}` (derivation injection into §5.5)
+
+### Q24. Single Chunk Size Limit
+- **Options**:
+  - A) < 300KB (< 100KB gzipped) **【Recommended】**
+  - B) < 500KB
+  - C) No limit
+- **Strict option**: A + configure bundle-analyzer for CI enforcement
+- **Note**: Determines whether to inject "routes must be lazy-loaded" and "large third-party libs must use dynamic import" rules.
+- **Maps to**: `{{ bundle_size }}` (TL;DR) + `{{ performance_rules }}` (derivation injection into §5.5)