rapidkit 0.36.0 → 0.37.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +195 -24
- package/contracts/analyze-last-run.v1.json +106 -0
- package/contracts/cli-log-event.v1.json +51 -0
- package/contracts/doctor-project-evidence.v1.json +46 -0
- package/contracts/doctor-workspace-evidence.v1.json +57 -0
- package/contracts/release-readiness.v1.json +60 -0
- package/contracts/workspace-registry.v1.json +83 -0
- package/contracts/workspace-run-last.v1.json +112 -0
- package/dist/analyze-6RFG7C7Z.js +1 -0
- package/dist/autopilot-release-QNZ2IL7K.js +1 -0
- package/dist/chunk-3SWQKRXH.js +2 -0
- package/dist/chunk-6P5DCHBQ.js +4 -0
- package/dist/chunk-7RBZGQ7T.js +7 -0
- package/dist/chunk-B2KOIORF.js +1 -0
- package/dist/{chunk-VPNHGQIV.js → chunk-C7OVQQXT.js} +1 -1
- package/dist/chunk-C7WILE56.js +1 -0
- package/dist/chunk-FV5A3N3I.js +2 -0
- package/dist/chunk-GDGATWR5.js +2 -0
- package/dist/chunk-HEG6DIGW.js +2 -0
- package/dist/chunk-IOIWVHRO.js +883 -0
- package/dist/chunk-JBDQADHY.js +50 -0
- package/dist/{chunk-AC6KIKII.js → chunk-PPQYTYQG.js} +4 -4
- package/dist/chunk-RELR4O5E.js +2 -0
- package/dist/{chunk-DC44JPI3.js → chunk-RUUDLAKJ.js} +12 -12
- package/dist/chunk-T5LN7EO5.js +9 -0
- package/dist/chunk-TRXYRHD7.js +2 -0
- package/dist/chunk-U6QUN6V2.js +2 -0
- package/dist/chunk-UXKB4KGZ.js +13 -0
- package/dist/{create-7R4CGABE.js → create-HN5HOGQ4.js} +1 -1
- package/dist/{demo-kit-KTRITRWH.js → demo-kit-3VTLJBP7.js} +1 -1
- package/dist/{doctor-DG3TBPZN.js → doctor-QC662YLH.js} +1 -1
- package/dist/{dotnet-webapi-clean-TPQMNFSD.js → dotnet-webapi-clean-FX533F5U.js} +1 -1
- package/dist/{gofiber-standard-NDCBY6OM.js → gofiber-standard-35CJZ7S3.js} +1 -1
- package/dist/{gogin-standard-WUOMIHDR.js → gogin-standard-SAX6C4ZK.js} +1 -1
- package/dist/index.js +214 -213
- package/dist/managed-agent-markers-AXUM75OE.js +8 -0
- package/dist/pipeline-IMB3C3JY.js +5 -0
- package/dist/{springboot-standard-WQWB5E24.js → springboot-standard-SFMSLTX4.js} +1 -1
- package/dist/{workspace-ZDL5IQU4.js → workspace-2AL5C3QZ.js} +1 -1
- package/dist/workspace-agent-sync-4R7S3F6T.js +17 -0
- package/dist/workspace-context-CKACDTVE.js +1 -0
- package/dist/{workspace-contract-A6QP7FPA.js → workspace-contract-D5O4OZD5.js} +1 -1
- package/dist/workspace-foundation-L6ZBGMVE.js +1 -0
- package/dist/{workspace-intelligence-VLA2RILM.js → workspace-intelligence-3TWXJQ7Y.js} +1 -1
- package/dist/{workspace-model-OO4WOBJS.js → workspace-model-NQVZN5W4.js} +1 -1
- package/dist/workspace-registry-summary-MIPHVB56.js +1 -0
- package/dist/workspace-run-PNMZJNDC.js +1 -0
- package/dist/workspace-verify-EO435PS4.js +1 -0
- package/docs/AI_DYNAMIC_INTEGRATION.md +440 -0
- package/docs/AI_EXAMPLES.md +419 -0
- package/docs/AI_FEATURES.md +460 -0
- package/docs/AI_QUICKSTART.md +245 -0
- package/docs/DEVELOPMENT.md +88 -0
- package/docs/From Code to Shared Understanding.png +0 -0
- package/docs/OPEN_SOURCE_USER_SCENARIOS.md +170 -0
- package/docs/OPTIMIZATION_GUIDE.md +504 -0
- package/docs/PACKAGE_MANAGER_POLICY.md +25 -0
- package/docs/README.md +120 -0
- package/docs/SECURITY.md +63 -0
- package/docs/SETUP.md +107 -0
- package/docs/UTILITIES.md +221 -0
- package/docs/WORKSPACE_MARKER_SPEC.md +276 -0
- package/docs/ci-workflows.md +56 -0
- package/docs/commands-reference.md +136 -0
- package/docs/config-file-guide.md +295 -0
- package/docs/contracts/ARTIFACT_CATALOG.md +104 -0
- package/docs/contracts/COMMAND_OWNERSHIP_MATRIX.md +138 -0
- package/docs/contracts/README.md +70 -0
- package/docs/contracts/RUNTIME_ACCEPTANCE_MATRIX.md +98 -0
- package/docs/contracts/RUNTIME_SUPPORT_MATRIX.md +74 -0
- package/docs/contracts/rapidkit-cli-contracts.json +239 -0
- package/docs/doctor-command.md +263 -0
- package/docs/examples/ci-agent-grounding.yml +62 -0
- package/docs/from-code-to-shared-understanding.md +46 -0
- package/docs/governance-policy.enterprise.example.json +40 -0
- package/docs/mirror-config.enterprise.example.json +60 -0
- package/docs/policies.workspace.example.yml +23 -0
- package/docs/workspace-operations.md +160 -0
- package/docs/workspace-run.md +80 -0
- package/package.json +4 -2
- package/dist/analyze-HXO6R656.js +0 -1
- package/dist/autopilot-release-FMQ5KND5.js +0 -1
- package/dist/chunk-45KNNNAB.js +0 -2
- package/dist/chunk-7ZSURMR2.js +0 -4
- package/dist/chunk-HUQ5WRUF.js +0 -883
- package/dist/chunk-IATULVMR.js +0 -11
- package/dist/chunk-KIB4KHBF.js +0 -3
- package/dist/chunk-MCLLP6MW.js +0 -2
- package/dist/chunk-TC2PSHT6.js +0 -50
- package/dist/chunk-UY4LZEXK.js +0 -7
- package/dist/chunk-VM2TOHNX.js +0 -2
- package/dist/chunk-Y2ZPG7KN.js +0 -9
- package/dist/pipeline-23AEXNF2.js +0 -5
- package/dist/workspace-context-YFQQROOZ.js +0 -2
- package/dist/workspace-foundation-QVWALXMP.js +0 -1
- package/dist/workspace-run-NIKH2IKF.js +0 -1
- package/dist/workspace-verify-XEXRCET7.js +0 -1
|
@@ -0,0 +1,504 @@
|
|
|
1
|
+
# Optimization Guide
|
|
2
|
+
|
|
3
|
+
Optimization ideas for the RapidKit npm CLI codebase.
|
|
4
|
+
|
|
5
|
+
**Users:** [../README.md](../README.md) · [OPEN_SOURCE_USER_SCENARIOS.md](./OPEN_SOURCE_USER_SCENARIOS.md) · [Documentation index](./README.md)
|
|
6
|
+
|
|
7
|
+
## 1. Performance Optimizations
|
|
8
|
+
|
|
9
|
+
### 1.1 Reduce Bundle Size
|
|
10
|
+
```json
|
|
11
|
+
// package.json - Add these
|
|
12
|
+
{
|
|
13
|
+
"sideEffects": false,
|
|
14
|
+
"exports": {
|
|
15
|
+
".": {
|
|
16
|
+
"import": "./dist/index.js",
|
|
17
|
+
"types": "./dist/index.d.ts"
|
|
18
|
+
}
|
|
19
|
+
}
|
|
20
|
+
}
|
|
21
|
+
```
|
|
22
|
+
|
|
23
|
+
### 1.2 Better Tree-shaking
|
|
24
|
+
- Use dynamic imports for heavy libraries (inquirer, ora)
|
|
25
|
+
- Lazy loading for template files
|
|
26
|
+
|
|
27
|
+
### 1.3 Result Caching
|
|
28
|
+
```typescript
|
|
29
|
+
// Add caching for version checks and template loading
|
|
30
|
+
import { createHash } from 'crypto';
|
|
31
|
+
import os from 'os';
|
|
32
|
+
|
|
33
|
+
const CACHE_DIR = path.join(os.homedir(), '.rapidkit', 'cache');
|
|
34
|
+
const CACHE_TTL = 24 * 60 * 60 * 1000; // 24 hours
|
|
35
|
+
|
|
36
|
+
async function getCachedOrFetch(key: string, fetcher: () => Promise<any>) {
|
|
37
|
+
const cachePath = path.join(CACHE_DIR, `${createHash('md5').update(key).digest('hex')}.json`);
|
|
38
|
+
|
|
39
|
+
if (await fsExtra.pathExists(cachePath)) {
|
|
40
|
+
const cached = await fsExtra.readJson(cachePath);
|
|
41
|
+
if (Date.now() - cached.timestamp < CACHE_TTL) {
|
|
42
|
+
return cached.data;
|
|
43
|
+
}
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
const data = await fetcher();
|
|
47
|
+
await fsExtra.ensureDir(CACHE_DIR);
|
|
48
|
+
await fsExtra.writeJson(cachePath, { data, timestamp: Date.now() });
|
|
49
|
+
return data;
|
|
50
|
+
}
|
|
51
|
+
```
|
|
52
|
+
|
|
53
|
+
## 2. Code Quality Optimizations
|
|
54
|
+
|
|
55
|
+
### 2.1 Add ESLint
|
|
56
|
+
```bash
|
|
57
|
+
npm install -D @typescript-eslint/eslint-plugin @typescript-eslint/parser eslint
|
|
58
|
+
```
|
|
59
|
+
|
|
60
|
+
```javascript
|
|
61
|
+
// .eslintrc.cjs
|
|
62
|
+
module.exports = {
|
|
63
|
+
parser: '@typescript-eslint/parser',
|
|
64
|
+
extends: [
|
|
65
|
+
'eslint:recommended',
|
|
66
|
+
'plugin:@typescript-eslint/recommended',
|
|
67
|
+
],
|
|
68
|
+
parserOptions: {
|
|
69
|
+
ecmaVersion: 2022,
|
|
70
|
+
sourceType: 'module',
|
|
71
|
+
},
|
|
72
|
+
rules: {
|
|
73
|
+
'@typescript-eslint/no-explicit-any': 'warn',
|
|
74
|
+
'@typescript-eslint/no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
|
|
75
|
+
},
|
|
76
|
+
};
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
### 2.2 Add Prettier
|
|
80
|
+
```json
|
|
81
|
+
// .prettierrc
|
|
82
|
+
{
|
|
83
|
+
"semi": true,
|
|
84
|
+
"trailingComma": "es5",
|
|
85
|
+
"singleQuote": true,
|
|
86
|
+
"printWidth": 100,
|
|
87
|
+
"tabWidth": 2
|
|
88
|
+
}
|
|
89
|
+
```
|
|
90
|
+
|
|
91
|
+
### 2.3 Pre-commit Hooks
|
|
92
|
+
```bash
|
|
93
|
+
npm install -D husky lint-staged
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
```json
|
|
97
|
+
// package.json
|
|
98
|
+
{
|
|
99
|
+
"lint-staged": {
|
|
100
|
+
"*.ts": ["eslint --fix", "prettier --write"]
|
|
101
|
+
}
|
|
102
|
+
}
|
|
103
|
+
```
|
|
104
|
+
|
|
105
|
+
## 3. User Experience (UX) Optimizations
|
|
106
|
+
|
|
107
|
+
### 3.1 Better Progress Indicators
|
|
108
|
+
```typescript
|
|
109
|
+
// Use multi-step progress bar
|
|
110
|
+
import cliProgress from 'cli-progress';
|
|
111
|
+
|
|
112
|
+
const multibar = new cliProgress.MultiBar({
|
|
113
|
+
clearOnComplete: false,
|
|
114
|
+
hideCursor: true,
|
|
115
|
+
format: '{bar} | {filename} | {value}/{total}',
|
|
116
|
+
});
|
|
117
|
+
|
|
118
|
+
const installBar = multibar.create(100, 0, { filename: 'Installing dependencies' });
|
|
119
|
+
const templateBar = multibar.create(100, 0, { filename: 'Copying templates' });
|
|
120
|
+
```
|
|
121
|
+
|
|
122
|
+
### 3.2 Better Error Messages with Suggestions
|
|
123
|
+
```typescript
|
|
124
|
+
export class PythonNotFoundError extends RapidKitError {
|
|
125
|
+
constructor() {
|
|
126
|
+
super(
|
|
127
|
+
'Python not found',
|
|
128
|
+
'PYTHON_NOT_FOUND',
|
|
129
|
+
'Python 3.10+ is required but not found in PATH.\n\n' +
|
|
130
|
+
'💡 Quick fixes:\n' +
|
|
131
|
+
' • macOS: brew install python@3.11\n' +
|
|
132
|
+
' • Ubuntu/Debian: sudo apt install python3.11\n' +
|
|
133
|
+
' • Windows: Download from python.org\n' +
|
|
134
|
+
' • Or use pyenv: pyenv install 3.11.0'
|
|
135
|
+
);
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
### 3.3 Interactive Mode Improvements
|
|
141
|
+
```typescript
|
|
142
|
+
// Add fuzzy search for template selection
|
|
143
|
+
import inquirerPrompt from 'inquirer-autocomplete-prompt';
|
|
144
|
+
|
|
145
|
+
inquirer.registerPrompt('autocomplete', inquirerPrompt);
|
|
146
|
+
|
|
147
|
+
await inquirer.prompt([{
|
|
148
|
+
type: 'autocomplete',
|
|
149
|
+
name: 'template',
|
|
150
|
+
message: 'Choose a template:',
|
|
151
|
+
source: async (_, input) => {
|
|
152
|
+
return templates.filter(t =>
|
|
153
|
+
t.name.includes(input?.toLowerCase() || '')
|
|
154
|
+
);
|
|
155
|
+
},
|
|
156
|
+
}]);
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
## 4. Security Optimizations
|
|
160
|
+
|
|
161
|
+
### 4.1 Better Input Validation
|
|
162
|
+
```typescript
|
|
163
|
+
import validator from 'validator';
|
|
164
|
+
|
|
165
|
+
export function validateProjectName(name: string): void {
|
|
166
|
+
// Check for path traversal
|
|
167
|
+
if (name.includes('..') || name.includes('/') || name.includes('\\')) {
|
|
168
|
+
throw new ValidationError('Project name cannot contain path separators');
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
// Check for dangerous characters
|
|
172
|
+
if (!validator.isAlphanumeric(name.replace(/[-_]/g, ''))) {
|
|
173
|
+
throw new ValidationError('Project name can only contain alphanumeric, dash, and underscore');
|
|
174
|
+
}
|
|
175
|
+
|
|
176
|
+
// Check length
|
|
177
|
+
if (name.length > 100) {
|
|
178
|
+
throw new ValidationError('Project name is too long (max 100 characters)');
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
```
|
|
182
|
+
|
|
183
|
+
### 4.2 Dependency Security
|
|
184
|
+
```bash
|
|
185
|
+
# Add npm audit to CI/CD
|
|
186
|
+
npm audit --audit-level=moderate
|
|
187
|
+
```
|
|
188
|
+
|
|
189
|
+
### 4.3 Template Sanitization
|
|
190
|
+
```typescript
|
|
191
|
+
// Use secure template rendering
|
|
192
|
+
import nunjucks from 'nunjucks';
|
|
193
|
+
|
|
194
|
+
const env = new nunjucks.Environment(null, {
|
|
195
|
+
autoescape: true,
|
|
196
|
+
throwOnUndefined: true,
|
|
197
|
+
});
|
|
198
|
+
```
|
|
199
|
+
|
|
200
|
+
## 5. Architecture Optimizations
|
|
201
|
+
|
|
202
|
+
### 5.1 Plugin System
|
|
203
|
+
```typescript
|
|
204
|
+
// src/plugins/plugin-manager.ts
|
|
205
|
+
interface Plugin {
|
|
206
|
+
name: string;
|
|
207
|
+
version: string;
|
|
208
|
+
hooks: {
|
|
209
|
+
beforeCreate?: (context: CreateContext) => Promise<void>;
|
|
210
|
+
afterCreate?: (context: CreateContext) => Promise<void>;
|
|
211
|
+
beforeInstall?: (context: InstallContext) => Promise<void>;
|
|
212
|
+
afterInstall?: (context: InstallContext) => Promise<void>;
|
|
213
|
+
};
|
|
214
|
+
}
|
|
215
|
+
|
|
216
|
+
export class PluginManager {
|
|
217
|
+
private plugins: Plugin[] = [];
|
|
218
|
+
|
|
219
|
+
register(plugin: Plugin) {
|
|
220
|
+
this.plugins.push(plugin);
|
|
221
|
+
}
|
|
222
|
+
|
|
223
|
+
async runHook(hookName: string, context: any) {
|
|
224
|
+
for (const plugin of this.plugins) {
|
|
225
|
+
const hook = plugin.hooks[hookName];
|
|
226
|
+
if (hook) {
|
|
227
|
+
await hook(context);
|
|
228
|
+
}
|
|
229
|
+
}
|
|
230
|
+
}
|
|
231
|
+
}
|
|
232
|
+
```
|
|
233
|
+
|
|
234
|
+
### 5.2 Modular Template System
|
|
235
|
+
```typescript
|
|
236
|
+
// src/templates/template-registry.ts
|
|
237
|
+
export class TemplateRegistry {
|
|
238
|
+
private templates = new Map<string, Template>();
|
|
239
|
+
|
|
240
|
+
register(id: string, template: Template) {
|
|
241
|
+
this.templates.set(id, template);
|
|
242
|
+
}
|
|
243
|
+
|
|
244
|
+
get(id: string): Template | undefined {
|
|
245
|
+
return this.templates.get(id);
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
list(): Template[] {
|
|
249
|
+
return Array.from(this.templates.values());
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
```
|
|
253
|
+
|
|
254
|
+
### 5.3 State Machine for Installation Flow
|
|
255
|
+
```typescript
|
|
256
|
+
// src/core/installation-state-machine.ts
|
|
257
|
+
enum State {
|
|
258
|
+
IDLE = 'idle',
|
|
259
|
+
VALIDATING = 'validating',
|
|
260
|
+
CREATING_DIR = 'creating_dir',
|
|
261
|
+
INSTALLING_DEPS = 'installing_deps',
|
|
262
|
+
COPYING_TEMPLATES = 'copying_templates',
|
|
263
|
+
INITIALIZING_GIT = 'initializing_git',
|
|
264
|
+
COMPLETE = 'complete',
|
|
265
|
+
ERROR = 'error',
|
|
266
|
+
}
|
|
267
|
+
|
|
268
|
+
export class InstallationStateMachine {
|
|
269
|
+
private state: State = State.IDLE;
|
|
270
|
+
|
|
271
|
+
async transition(to: State) {
|
|
272
|
+
logger.debug(`State transition: ${this.state} -> ${to}`);
|
|
273
|
+
this.state = to;
|
|
274
|
+
}
|
|
275
|
+
|
|
276
|
+
canTransition(to: State): boolean {
|
|
277
|
+
// Define valid transitions
|
|
278
|
+
const validTransitions = {
|
|
279
|
+
[State.IDLE]: [State.VALIDATING],
|
|
280
|
+
[State.VALIDATING]: [State.CREATING_DIR, State.ERROR],
|
|
281
|
+
// ...
|
|
282
|
+
};
|
|
283
|
+
return validTransitions[this.state]?.includes(to) ?? false;
|
|
284
|
+
}
|
|
285
|
+
}
|
|
286
|
+
```
|
|
287
|
+
|
|
288
|
+
## 6. Testing Optimizations
|
|
289
|
+
|
|
290
|
+
### 6.1 Integration Tests
|
|
291
|
+
```typescript
|
|
292
|
+
// src/__tests__/integration/full-flow.test.ts
|
|
293
|
+
describe('Full installation flow', () => {
|
|
294
|
+
it('should create demo workspace successfully', async () => {
|
|
295
|
+
const tmpDir = await fsExtra.mkdtemp(path.join(os.tmpdir(), 'rapidkit-test-'));
|
|
296
|
+
|
|
297
|
+
try {
|
|
298
|
+
await createProject('test-workspace', {
|
|
299
|
+
demoMode: true,
|
|
300
|
+
skipGit: true,
|
|
301
|
+
});
|
|
302
|
+
|
|
303
|
+
expect(await fsExtra.pathExists(path.join(tmpDir, 'test-workspace'))).toBe(true);
|
|
304
|
+
expect(await fsExtra.pathExists(path.join(tmpDir, 'test-workspace', 'generate-demo.js'))).toBe(true);
|
|
305
|
+
} finally {
|
|
306
|
+
await fsExtra.remove(tmpDir);
|
|
307
|
+
}
|
|
308
|
+
});
|
|
309
|
+
});
|
|
310
|
+
```
|
|
311
|
+
|
|
312
|
+
### 6.2 Snapshot Tests for Generated Files
|
|
313
|
+
```typescript
|
|
314
|
+
// src/__tests__/snapshots/templates.test.ts
|
|
315
|
+
it('should generate correct pyproject.toml', async () => {
|
|
316
|
+
const result = await generateTemplate('pyproject.toml', {
|
|
317
|
+
project_name: 'test_project',
|
|
318
|
+
author: 'Test Author',
|
|
319
|
+
});
|
|
320
|
+
|
|
321
|
+
expect(result).toMatchSnapshot();
|
|
322
|
+
});
|
|
323
|
+
```
|
|
324
|
+
|
|
325
|
+
### 6.3 Performance Benchmarks
|
|
326
|
+
```typescript
|
|
327
|
+
// src/__tests__/benchmarks/creation-speed.bench.ts
|
|
328
|
+
import { bench, describe } from 'vitest';
|
|
329
|
+
|
|
330
|
+
describe('Creation performance', () => {
|
|
331
|
+
bench('create demo workspace', async () => {
|
|
332
|
+
await createProject('bench-test', { demoMode: true, dryRun: true });
|
|
333
|
+
});
|
|
334
|
+
});
|
|
335
|
+
```
|
|
336
|
+
|
|
337
|
+
## 7. Documentation Optimizations
|
|
338
|
+
|
|
339
|
+
### 7.1 API Documentation
|
|
340
|
+
```bash
|
|
341
|
+
npm install -D typedoc
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
```json
|
|
345
|
+
// package.json
|
|
346
|
+
{
|
|
347
|
+
"scripts": {
|
|
348
|
+
"docs": "typedoc --out docs src/index.ts"
|
|
349
|
+
}
|
|
350
|
+
}
|
|
351
|
+
```
|
|
352
|
+
|
|
353
|
+
### 7.2 Interactive Examples
|
|
354
|
+
```typescript
|
|
355
|
+
// examples/programmatic-usage.ts
|
|
356
|
+
import { createProject } from 'rapidkit';
|
|
357
|
+
|
|
358
|
+
async function example() {
|
|
359
|
+
await createProject('my-workspace', {
|
|
360
|
+
demoMode: true,
|
|
361
|
+
skipGit: false,
|
|
362
|
+
});
|
|
363
|
+
}
|
|
364
|
+
```
|
|
365
|
+
|
|
366
|
+
## 8. CI/CD Optimizations
|
|
367
|
+
|
|
368
|
+
**Note**: CI/CD is optional. If you don't need automated workflows, you can skip this section.
|
|
369
|
+
|
|
370
|
+
### 8.1 GitHub Actions Workflow
|
|
371
|
+
```yaml
|
|
372
|
+
# .github/workflows/ci.yml
|
|
373
|
+
name: CI
|
|
374
|
+
|
|
375
|
+
on: [push, pull_request]
|
|
376
|
+
|
|
377
|
+
jobs:
|
|
378
|
+
test:
|
|
379
|
+
runs-on: ${{ matrix.os }}
|
|
380
|
+
strategy:
|
|
381
|
+
matrix:
|
|
382
|
+
os: [ubuntu-latest, macos-latest, windows-latest]
|
|
383
|
+
node-version: [18, 20, 22]
|
|
384
|
+
|
|
385
|
+
steps:
|
|
386
|
+
- uses: actions/checkout@v3
|
|
387
|
+
- uses: actions/setup-node@v3
|
|
388
|
+
with:
|
|
389
|
+
node-version: ${{ matrix.node-version }}
|
|
390
|
+
- run: npm ci
|
|
391
|
+
- run: npm test
|
|
392
|
+
- run: npm run build
|
|
393
|
+
```
|
|
394
|
+
|
|
395
|
+
### 8.2 Automated Releases
|
|
396
|
+
```yaml
|
|
397
|
+
# .github/workflows/release.yml
|
|
398
|
+
name: Release
|
|
399
|
+
|
|
400
|
+
on:
|
|
401
|
+
push:
|
|
402
|
+
tags:
|
|
403
|
+
- 'v*'
|
|
404
|
+
|
|
405
|
+
jobs:
|
|
406
|
+
release:
|
|
407
|
+
runs-on: ubuntu-latest
|
|
408
|
+
steps:
|
|
409
|
+
- uses: actions/checkout@v3
|
|
410
|
+
- uses: actions/setup-node@v3
|
|
411
|
+
- run: npm ci
|
|
412
|
+
- run: npm run build
|
|
413
|
+
- run: npm publish
|
|
414
|
+
env:
|
|
415
|
+
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
|
|
416
|
+
```
|
|
417
|
+
|
|
418
|
+
## 9. Monitoring & Analytics Optimizations
|
|
419
|
+
|
|
420
|
+
### 9.1 Telemetry (Optional with User Consent)
|
|
421
|
+
```typescript
|
|
422
|
+
// src/telemetry.ts
|
|
423
|
+
import os from 'os';
|
|
424
|
+
import { getVersion } from './update-checker.js';
|
|
425
|
+
|
|
426
|
+
interface TelemetryData {
|
|
427
|
+
version: string;
|
|
428
|
+
command: string;
|
|
429
|
+
options: string[];
|
|
430
|
+
platform: string;
|
|
431
|
+
nodeVersion: string;
|
|
432
|
+
success: boolean;
|
|
433
|
+
duration: number;
|
|
434
|
+
}
|
|
435
|
+
|
|
436
|
+
export async function sendTelemetry(data: TelemetryData) {
|
|
437
|
+
// Only if user opted-in via config
|
|
438
|
+
const config = await loadUserConfig();
|
|
439
|
+
if (!config.telemetry) return;
|
|
440
|
+
|
|
441
|
+
try {
|
|
442
|
+
await fetch('https://telemetry.getrapidkit.com/api/events', {
|
|
443
|
+
method: 'POST',
|
|
444
|
+
headers: { 'Content-Type': 'application/json' },
|
|
445
|
+
body: JSON.stringify({
|
|
446
|
+
...data,
|
|
447
|
+
timestamp: new Date().toISOString(),
|
|
448
|
+
}),
|
|
449
|
+
});
|
|
450
|
+
} catch {
|
|
451
|
+
// Fail silently
|
|
452
|
+
}
|
|
453
|
+
}
|
|
454
|
+
```
|
|
455
|
+
|
|
456
|
+
## 10. Bundle Size Optimizations
|
|
457
|
+
|
|
458
|
+
### 10.1 Analyze Bundle
|
|
459
|
+
```bash
|
|
460
|
+
npm install -D webpack-bundle-analyzer
|
|
461
|
+
```
|
|
462
|
+
|
|
463
|
+
### 10.2 Replace Heavy Dependencies
|
|
464
|
+
- `inquirer` → `prompts` (lighter alternative)
|
|
465
|
+
- `chalk` → `picocolors` (much smaller)
|
|
466
|
+
- `fs-extra` → native `fs/promises` where possible
|
|
467
|
+
|
|
468
|
+
### 10.3 Code Splitting
|
|
469
|
+
```typescript
|
|
470
|
+
// Dynamic imports for heavy operations
|
|
471
|
+
const createDemoWorkspace = async () => {
|
|
472
|
+
const { generateDemoKit } = await import('./demo-kit.js');
|
|
473
|
+
return generateDemoKit(...);
|
|
474
|
+
};
|
|
475
|
+
```
|
|
476
|
+
|
|
477
|
+
## Implementation Priority
|
|
478
|
+
|
|
479
|
+
### 🔴 High Priority (Week 1)
|
|
480
|
+
1. ESLint + Prettier setup ✅
|
|
481
|
+
2. Better error messages with suggestions
|
|
482
|
+
3. Input validation improvements
|
|
483
|
+
4. Bundle size optimization
|
|
484
|
+
|
|
485
|
+
### 🟡 Medium Priority (Weeks 2-3)
|
|
486
|
+
1. Plugin system
|
|
487
|
+
2. Integration tests
|
|
488
|
+
3. Performance benchmarks
|
|
489
|
+
4. CI/CD workflows (optional)
|
|
490
|
+
|
|
491
|
+
### 🟢 Low Priority (Month 2+)
|
|
492
|
+
1. Telemetry system
|
|
493
|
+
2. Advanced caching
|
|
494
|
+
3. Multi-language support
|
|
495
|
+
4. Interactive documentation
|
|
496
|
+
|
|
497
|
+
## Summary
|
|
498
|
+
|
|
499
|
+
These optimizations can achieve:
|
|
500
|
+
- **Performance**: ~40% faster installation
|
|
501
|
+
- **Bundle Size**: ~30% reduction
|
|
502
|
+
- **User Experience**: Significant improvements in error handling and progress tracking
|
|
503
|
+
- **Code Quality**: Higher coverage and better maintainability
|
|
504
|
+
- **Security**: Reduced attack surface and better validation
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
# Package Manager Policy
|
|
2
|
+
|
|
3
|
+
## Official Policy
|
|
4
|
+
|
|
5
|
+
This repository is **npm-only** for development and CI workflows.
|
|
6
|
+
|
|
7
|
+
## Why
|
|
8
|
+
|
|
9
|
+
- CI workflows use `npm ci` as the canonical install path.
|
|
10
|
+
- A single lockfile strategy reduces dependency drift and release variance.
|
|
11
|
+
- Release and E2E scripts are standardized on npm commands.
|
|
12
|
+
|
|
13
|
+
## Rules
|
|
14
|
+
|
|
15
|
+
- Use `npm install` (or `npm ci` in CI/local clean installs).
|
|
16
|
+
- Do not use `yarn` or `pnpm` for contributor workflows in this repository.
|
|
17
|
+
- Keep `package-lock.json` as the canonical lockfile.
|
|
18
|
+
|
|
19
|
+
## Enforcement
|
|
20
|
+
|
|
21
|
+
A `preinstall` guard blocks non-npm package managers during local install.
|
|
22
|
+
|
|
23
|
+
## Notes
|
|
24
|
+
|
|
25
|
+
This policy applies to the `rapidkit-npm` repository itself. Generated projects may use their own package-manager conventions depending on framework and template outputs.
|
package/docs/README.md
ADDED
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
# RapidKit NPM — Documentation Index
|
|
2
|
+
|
|
3
|
+
Hub for user and contributor documentation. Start with the [main README](../README.md) for install and quickstarts.
|
|
4
|
+
|
|
5
|
+
## Table of contents
|
|
6
|
+
|
|
7
|
+
- [User documentation](#user-documentation)
|
|
8
|
+
- [Operations & security](#operations--security)
|
|
9
|
+
- [AI module recommendations](#ai-module-recommendations)
|
|
10
|
+
- [Technical contracts](#technical-contracts)
|
|
11
|
+
- [Contributor documentation](#contributor-documentation)
|
|
12
|
+
- [Validation commands](#validation-commands)
|
|
13
|
+
|
|
14
|
+
## User documentation
|
|
15
|
+
|
|
16
|
+
| Document | Description |
|
|
17
|
+
| --- | --- |
|
|
18
|
+
| [commands-reference.md](./commands-reference.md) | Full CLI syntax, profiles, and policy keys |
|
|
19
|
+
| [workspace-operations.md](./workspace-operations.md) | Import, adopt, snapshots, archives, contracts, infra |
|
|
20
|
+
| [workspace-run.md](./workspace-run.md) | Polyglot fleet orchestration (`workspace run`) |
|
|
21
|
+
| [from-code-to-shared-understanding.md](./from-code-to-shared-understanding.md) | GitHub-rendered Workspace Intelligence diagram |
|
|
22
|
+
| [OPEN_SOURCE_USER_SCENARIOS.md](./OPEN_SOURCE_USER_SCENARIOS.md) | Role-based workflows (junior → enterprise) |
|
|
23
|
+
| [doctor-command.md](./doctor-command.md) | Doctor scopes, CI exit codes, JSON evidence |
|
|
24
|
+
| [config-file-guide.md](./config-file-guide.md) | User config file (`~/.rapidkitrc.json`, `rapidkit.config.*`) |
|
|
25
|
+
| [WORKSPACE_MARKER_SPEC.md](./WORKSPACE_MARKER_SPEC.md) | Workspace marker format |
|
|
26
|
+
| [PACKAGE_MANAGER_POLICY.md](./PACKAGE_MANAGER_POLICY.md) | npm-only policy for this repository |
|
|
27
|
+
|
|
28
|
+
**Common tasks**
|
|
29
|
+
|
|
30
|
+
- Adopt an existing repo: [workspace-operations.md#import-and-adoption](./workspace-operations.md#import-and-adoption)
|
|
31
|
+
- Scaffold a frontend app: [commands-reference.md](./commands-reference.md) (`create frontend`)
|
|
32
|
+
- CI release gate: [commands-reference.md](./commands-reference.md) (`pipeline`, `readiness`)
|
|
33
|
+
- Agent context: `workspace model` / `workspace context` — schemas in [contracts/workspace-intelligence/](../contracts/workspace-intelligence/)
|
|
34
|
+
|
|
35
|
+
## Operations & security
|
|
36
|
+
|
|
37
|
+
| Document | Description |
|
|
38
|
+
| --- | --- |
|
|
39
|
+
| [SECURITY.md](./SECURITY.md) | Vulnerability reporting and supported versions |
|
|
40
|
+
| [policies.workspace.example.yml](./policies.workspace.example.yml) | Workspace policy template |
|
|
41
|
+
| [governance-policy.enterprise.example.json](./governance-policy.enterprise.example.json) | Sigstore governance allowlist template |
|
|
42
|
+
| [mirror-config.enterprise.example.json](./mirror-config.enterprise.example.json) | Mirror + evidence export template |
|
|
43
|
+
|
|
44
|
+
## AI module recommendations
|
|
45
|
+
|
|
46
|
+
FastAPI/NestJS module suggestions via OpenAI embeddings (optional).
|
|
47
|
+
|
|
48
|
+
| Document | Description |
|
|
49
|
+
| --- | --- |
|
|
50
|
+
| [AI_QUICKSTART.md](./AI_QUICKSTART.md) | 60-second setup |
|
|
51
|
+
| [AI_FEATURES.md](./AI_FEATURES.md) | Complete feature reference |
|
|
52
|
+
| [AI_EXAMPLES.md](./AI_EXAMPLES.md) | Use-case examples |
|
|
53
|
+
| [AI_DYNAMIC_INTEGRATION.md](./AI_DYNAMIC_INTEGRATION.md) | Integration architecture |
|
|
54
|
+
|
|
55
|
+
## Technical contracts
|
|
56
|
+
|
|
57
|
+
JSON schemas and ownership rules for tooling parity.
|
|
58
|
+
|
|
59
|
+
| Location | Description |
|
|
60
|
+
| --- | --- |
|
|
61
|
+
| [contracts/README.md](./contracts/README.md) | Core CLI JSON contracts + generator scripts |
|
|
62
|
+
| [contracts/COMMAND_OWNERSHIP_MATRIX.md](./contracts/COMMAND_OWNERSHIP_MATRIX.md) | npm wrapper vs Core command ownership |
|
|
63
|
+
| [contracts/RUNTIME_SUPPORT_MATRIX.md](./contracts/RUNTIME_SUPPORT_MATRIX.md) | Scaffold/import/lifecycle support tiers |
|
|
64
|
+
| [contracts/RUNTIME_ACCEPTANCE_MATRIX.md](./contracts/RUNTIME_ACCEPTANCE_MATRIX.md) | Runtime acceptance test expectations |
|
|
65
|
+
| [../contracts/](../contracts/) | Canonical JSON schemas (published in npm tarball) |
|
|
66
|
+
|
|
67
|
+
Regenerate and verify:
|
|
68
|
+
|
|
69
|
+
```bash
|
|
70
|
+
npm run generate:contracts
|
|
71
|
+
npm run check:generated-contracts
|
|
72
|
+
npm run validate:contracts
|
|
73
|
+
```
|
|
74
|
+
|
|
75
|
+
## Contributor documentation
|
|
76
|
+
|
|
77
|
+
| Document | Description |
|
|
78
|
+
| --- | --- |
|
|
79
|
+
| [DEVELOPMENT.md](./DEVELOPMENT.md) | Local dev, testing, debugging |
|
|
80
|
+
| [SETUP.md](./SETUP.md) | Build gates, smoke flows, release hygiene |
|
|
81
|
+
| [ci-workflows.md](./ci-workflows.md) | GitHub Actions workflow map |
|
|
82
|
+
| [OPTIMIZATION_GUIDE.md](./OPTIMIZATION_GUIDE.md) | Performance and improvement notes |
|
|
83
|
+
| [UTILITIES.md](./UTILITIES.md) | Internal cache and metrics helpers |
|
|
84
|
+
|
|
85
|
+
Also see [../CONTRIBUTING.md](../CONTRIBUTING.md) and [../CHANGELOG.md](../CHANGELOG.md).
|
|
86
|
+
|
|
87
|
+
## Validation commands
|
|
88
|
+
|
|
89
|
+
```bash
|
|
90
|
+
npm run validate:docs # links + drift guard + examples + README smoke
|
|
91
|
+
npm run check:markdown-links # local markdown link integrity
|
|
92
|
+
npm run validate:docs-examples # example JSON/YAML in docs
|
|
93
|
+
npm run smoke:readme # CLI help smoke for documented commands
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
## Repository layout
|
|
97
|
+
|
|
98
|
+
```text
|
|
99
|
+
rapidkit-npm/
|
|
100
|
+
├── README.md # User hub (install, quickstarts, doc links)
|
|
101
|
+
├── CHANGELOG.md
|
|
102
|
+
├── RELEASE_NOTES.md
|
|
103
|
+
├── releases/ # Per-version release notes
|
|
104
|
+
└── docs/
|
|
105
|
+
├── README.md # This index
|
|
106
|
+
├── commands-reference.md
|
|
107
|
+
├── workspace-operations.md
|
|
108
|
+
├── workspace-run.md
|
|
109
|
+
├── ci-workflows.md
|
|
110
|
+
├── doctor-command.md
|
|
111
|
+
├── OPEN_SOURCE_USER_SCENARIOS.md
|
|
112
|
+
├── config-file-guide.md
|
|
113
|
+
├── SECURITY.md
|
|
114
|
+
├── SETUP.md
|
|
115
|
+
├── DEVELOPMENT.md
|
|
116
|
+
├── contracts/ # Contract docs (mirrors + matrices)
|
|
117
|
+
└── … # AI guides, policies, examples
|
|
118
|
+
```
|
|
119
|
+
|
|
120
|
+
Enterprise governance runbooks are maintained outside this OSS docs tree.
|
package/docs/SECURITY.md
ADDED
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
# Security Policy
|
|
2
|
+
|
|
3
|
+
## Supported Versions
|
|
4
|
+
|
|
5
|
+
| Version | Supported |
|
|
6
|
+
| ------- | ------------------ |
|
|
7
|
+
| 0.35.x (latest minor) | :white_check_mark: |
|
|
8
|
+
| < 0.35.0 | :x: |
|
|
9
|
+
|
|
10
|
+
During the `0.x` phase, only the latest minor line receives security fixes.
|
|
11
|
+
|
|
12
|
+
## Known Security Considerations
|
|
13
|
+
|
|
14
|
+
### Development Dependencies
|
|
15
|
+
|
|
16
|
+
Our CI/CD pipeline may report moderate severity vulnerabilities in development dependencies (vitest, vite, esbuild). These packages are:
|
|
17
|
+
|
|
18
|
+
- ✅ **Only used during development and testing**
|
|
19
|
+
- ✅ **Not included in the published npm package**
|
|
20
|
+
- ✅ **Not shipped to end users**
|
|
21
|
+
- ✅ **Do not affect runtime security**
|
|
22
|
+
|
|
23
|
+
The published package only includes runtime dependencies required for workspace creation.
|
|
24
|
+
|
|
25
|
+
### Production Dependencies
|
|
26
|
+
|
|
27
|
+
We actively monitor and address any security vulnerabilities in production dependencies that are shipped with the package.
|
|
28
|
+
|
|
29
|
+
## Reporting a Vulnerability
|
|
30
|
+
|
|
31
|
+
If you discover a security vulnerability in rapidkit, please report it by emailing **security@getrapidkit.com** or opening a private security advisory on GitHub.
|
|
32
|
+
|
|
33
|
+
Please include:
|
|
34
|
+
- Description of the vulnerability
|
|
35
|
+
- Steps to reproduce
|
|
36
|
+
- Potential impact
|
|
37
|
+
- Suggested fix (if available)
|
|
38
|
+
|
|
39
|
+
We will respond within 48 hours and work to address critical issues as quickly as possible.
|
|
40
|
+
|
|
41
|
+
## Security Best Practices
|
|
42
|
+
|
|
43
|
+
When using rapidkit:
|
|
44
|
+
|
|
45
|
+
1. **Keep dependencies updated**: Run `npm update` regularly
|
|
46
|
+
2. **Review generated code**: Always review the workspace structure before deployment
|
|
47
|
+
3. **Use official releases**: Install from npm registry, not from git directly
|
|
48
|
+
4. **Verify package integrity**: Use `npm audit` on your generated project
|
|
49
|
+
|
|
50
|
+
## Security Scanning
|
|
51
|
+
|
|
52
|
+
We use:
|
|
53
|
+
- GitHub Security Advisories
|
|
54
|
+
- npm audit (production dependencies)
|
|
55
|
+
- Dependabot for automated updates
|
|
56
|
+
- Regular manual security reviews
|
|
57
|
+
|
|
58
|
+
## Updates
|
|
59
|
+
|
|
60
|
+
Security updates are released as patch versions on the latest `0.x` minor line and announced in:
|
|
61
|
+
- GitHub Releases
|
|
62
|
+
- CHANGELOG.md
|
|
63
|
+
- npm package updates
|