xibecode 0.7.5 → 0.7.6

package/skills/docker-containers.md

@@ -0,0 +1,19 @@
+---
+description: Dockerfiles, multi-stage builds, and image hygiene
+tags: docker, containers, devops
+---
+
+# Docker & Containers
+
+## Dockerfiles
+
+- Prefer multi-stage builds to keep runtime images small; pin base image digests when the project does.
+- Use non-root users in production images when the stack supports it.
+
+## Caches
+
+- Order layers so dependency installs cache well (copy lockfiles before source).
+
+## Secrets
+
+- Never bake secrets into images; use build args only for non-secret metadata.

package/skills/documentation.md

@@ -0,0 +1,21 @@
+---
+description: README updates, API docs, and user-facing copy
+tags: docs, readme, technical-writing
+---
+
+# Documentation
+
+## When to update docs
+
+- User-facing behavior changes need README or docs updates in the same change set when the repo keeps them in sync.
+- New CLI flags, config keys, or environment variables must be documented where other options are listed.
+
+## Style
+
+- Use clear, imperative titles; short paragraphs; code blocks with correct language tags.
+- Link to upstream docs for heavy reference material instead of copying pages of API surface.
+
+## Examples
+
+- Prefer one minimal, copy-pastable example over many partial snippets.
+- Keep version numbers and install commands aligned with the package manager the project uses (e.g. pnpm).

package/skills/go-conventions.md

@@ -0,0 +1,19 @@
+---
+description: Go modules, interfaces, and idiomatic error handling
+tags: go, golang, modules
+---
+
+# Go Conventions
+
+## Modules
+
+- Respect `go.mod` / `go.sum`; run `go mod tidy` after dependency changes when appropriate.
+
+## Errors
+
+- Wrap errors with context (`fmt.Errorf` with `%w`) where the codebase does; avoid panics in libraries.
+
+## Style
+
+- Run `gofmt` / `goimports` to match existing formatting.
+- Keep interfaces small; prefer composition over deep inheritance (Go has none).

package/skills/graphql-apis.md

@@ -0,0 +1,18 @@
+---
+description: GraphQL schema design, resolvers, and N+1 pitfalls
+tags: graphql, api, apollo
+---
+
+# GraphQL APIs
+
+## Schema
+
+- Evolve schemas carefully: prefer additive changes; use deprecations before removals.
+
+## Performance
+
+- Watch for N+1 query patterns; use dataloaders or batching when the codebase does.
+
+## Errors
+
+- Return user-safe error messages; log detailed errors server-side only.

package/skills/grpc-protobuf.md

@@ -0,0 +1,18 @@
+---
+description: gRPC services, protobuf evolution, and streaming RPCs
+tags: grpc, protobuf, rpc
+---
+
+# gRPC & Protobuf
+
+## Compatibility
+
+- Add fields with care; reserve numbers; avoid reusing field numbers.
+
+## Evolution
+
+- Follow repo policy for required vs optional fields across language generators.
+
+## Errors
+
+- Map RPC failures to meaningful status codes; propagate rich error details only when safe.

package/skills/i18n-l10n.md

@@ -0,0 +1,18 @@
+---
+description: Internationalization, locales, and translation workflows
+tags: i18n, l10n, translations
+---
+
+# i18n & l10n
+
+## Strings
+
+- No user-visible concatenation of translated fragments; use ICU or framework message formats.
+
+## Locales
+
+- Respect RTL locales when adding layout; test date/number formatting per locale.
+
+## Workflow
+
+- Keep translation keys stable; update catalogs when adding strings.

package/skills/incident-response.md

@@ -0,0 +1,18 @@
+---
+description: Outages, rollbacks, and communication during incidents
+tags: incident, sre, on-call, postmortem
+---
+
+# Incident Response
+
+## Triage
+
+- Stabilize first: rollback, feature flag, or scale — pick what matches the playbook.
+
+## Communication
+
+- Short status updates; avoid blame; track timeline for post-incident review.
+
+## Follow-up
+
+- Document root cause, action items, and monitoring gaps; link to tickets.

package/skills/java-jvm.md

@@ -0,0 +1,18 @@
+---
+description: JVM projects, Gradle/Maven, and Java conventions
+tags: java, jvm, gradle, maven
+---
+
+# Java & JVM
+
+## Build
+
+- Match Gradle vs Maven layout already in the repo; respect toolchain versions.
+
+## Style
+
+- Follow project checkstyle/Spotless settings if present.
+
+## Dependencies
+
+- Prefer BOMs or version catalogs for consistent versions across modules.

package/skills/kubernetes-basics.md

@@ -0,0 +1,19 @@
+---
+description: Kubernetes manifests, resources, and safe rollouts
+tags: kubernetes, k8s, yaml, devops
+---
+
+# Kubernetes Basics
+
+## Manifests
+
+- Match API versions already in the repo; validate with `kubectl apply --dry-run=server` when possible.
+
+## Workloads
+
+- Set sensible `resources` requests/limits when the cluster pattern expects them.
+- Use readiness/liveness probes consistent with how the service exposes health.
+
+## Rollouts
+
+- Prefer gradual rollouts when the project uses them; document breaking chart changes.

package/skills/llm-integration.md

@@ -0,0 +1,18 @@
+---
+description: Prompting, tool use, and safe LLM features in applications
+tags: llm, ai, prompts, openai
+---
+
+# LLM Integration in Apps
+
+## Safety
+
+- Treat model output as untrusted for code execution; validate and sandbox when generating code or commands.
+
+## Cost & latency
+
+- Cache where appropriate; bound context size; stream responses when UX allows.
+
+## Evaluation
+
+- Add regression prompts or evals when changing prompts or models in critical flows.

package/skills/message-queues-events.md

@@ -0,0 +1,18 @@
+---
+description: Queues, pub/sub, and event-driven integration
+tags: kafka, rabbitmq, sqs, events
+---
+
+# Message Queues & Events
+
+## Semantics
+
+- Prefer at-least-once with idempotent consumers unless exactly-once is already guaranteed.
+
+## Schemas
+
+- Version event payloads; use schema registries when the platform does.
+
+## Ops
+
+- Monitor lag, DLQs, and replay procedures; never silently drop failed messages without policy.

package/skills/microservices-boundaries.md

@@ -0,0 +1,18 @@
+---
+description: Service boundaries, contracts, and distributed failure modes
+tags: microservices, architecture, soa
+---
+
+# Microservice Boundaries
+
+## Ownership
+
+- Prefer clear bounded contexts; avoid shared databases across services unless already the pattern.
+
+## Communication
+
+- Use sync vs async boundaries intentionally; document timeouts and retries.
+
+## Failure
+
+- Design for partial outages: idempotency, deduplication, and poison-message handling where queues exist.

package/skills/mobile-native-ui.md

@@ -0,0 +1,18 @@
+---
+description: Native mobile patterns (Swift/Kotlin) and platform guidelines
+tags: ios, android, swift, kotlin, mobile
+---
+
+# Native Mobile UI
+
+## Platforms
+
+- Follow Human Interface Guidelines / Material guidelines as the product targets.
+
+## Lifecycle
+
+- Respect app backgrounding, permissions flows, and store review policies for APIs used.
+
+## Sharing
+
+- Keep business logic in shared modules only when the repo already uses KMP or similar.

package/skills/mobile-responsive.md

@@ -0,0 +1,18 @@
+---
+description: Responsive layouts, touch targets, and mobile UX
+tags: responsive, mobile, viewport
+---
+
+# Mobile & Responsive
+
+## Layout
+
+- Test key breakpoints used in the codebase; avoid fixed widths that break small screens.
+
+## Touch
+
+- Minimum tap targets (~44px) for primary actions when targeting mobile users.
+
+## Performance
+
+- Lazy-load heavy media; avoid main-thread blocking on low-end devices when possible.

package/skills/monorepo-workflows.md

@@ -0,0 +1,18 @@
+---
+description: Monorepos, workspaces, and cross-package changes
+tags: monorepo, pnpm, turborepo, nx
+---
+
+# Monorepo Workflows
+
+## Tooling
+
+- Use the workspace’s task runner (`turbo`, `nx`, `pnpm -r`) as configured; don’t bypass caches without reason.
+
+## Changes
+
+- When touching shared packages, bump dependents or use workspace protocol consistently.
+
+## CI
+
+- Run affected tests/builds when the pipeline supports it; otherwise follow project conventions.

package/skills/node-api-design.md

@@ -0,0 +1,21 @@
+---
+description: HTTP APIs, validation, and Node.js service boundaries
+tags: node, api, http, rest
+---
+
+# Node API Design
+
+## Structure
+
+- One clear entry for HTTP handling (router layer) and thin handlers that call domain logic.
+- Validate inputs at the boundary (schema library or manual checks) and return consistent error shapes.
+
+## HTTP semantics
+
+- Use correct status codes: 400 client errors, 401/403 auth, 404 missing resources, 409 conflicts, 500 only for unexpected server faults.
+- Include actionable error messages for API consumers without leaking secrets or stack traces in production.
+
+## Security
+
+- Never log tokens, passwords, or full PII. Redact sensitive fields in logs.
+- Rate-limit and authenticate public endpoints when the project already does so.

package/skills/observability-logging.md

@@ -0,0 +1,21 @@
+---
+description: Structured logging, metrics, and debugging production issues
+tags: logging, observability, monitoring
+---
+
+# Observability & Logging
+
+## Logging
+
+- Use the project's logger if one exists; otherwise structured JSON logs in servers.
+- Log levels: `debug` for development detail, `info` for lifecycle events, `warn`/`error` for problems.
+- Include `requestId` or `traceId` when the app supports distributed tracing.
+
+## Errors
+
+- Log the error message and a stack trace server-side; return sanitized messages to clients.
+- Avoid logging environment variable names with values, API keys, or session cookies.
+
+## Metrics
+
+- When adding critical paths, consider counters or histograms if the codebase already exports metrics.

package/skills/openapi-rest.md

@@ -0,0 +1,18 @@
+---
+description: OpenAPI specs, REST versioning, and contract testing
+tags: openapi, swagger, rest, api
+---
+
+# OpenAPI & REST Contracts
+
+## Specs
+
+- Keep OpenAPI in sync with handlers; generate clients when the repo does.
+
+## Versioning
+
+- Follow URL or header versioning already in use; avoid breaking changes without version bumps.
+
+## Testing
+
+- Add contract or snapshot tests for critical endpoints when the project supports them.

package/skills/optimize-performance.md

@@ -0,0 +1,90 @@
+---
+description: Performance optimization and profiling
+tags: performance, optimization, profiling
+---
+
+# Performance Optimization Skill
+
+You are a performance expert focused on identifying and fixing bottlenecks. When this skill is active:
+
+## Performance Workflow
+
+1. **Measure First**
+   - Profile the application
+   - Identify slow operations
+   - Measure baseline metrics
+   - Set performance targets
+
+2. **Find Bottlenecks**
+   - **CPU-bound**: Heavy computations, inefficient algorithms
+   - **I/O-bound**: Database queries, file operations, network calls
+   - **Memory**: Large objects, memory leaks
+   - **Rendering**: DOM manipulation, layout thrashing
+
+3. **Optimize**
+   - Apply appropriate optimization technique
+   - Measure improvement
+   - Verify correctness (run tests)
+
+4. **Verify**
+   - Re-profile after changes
+   - Compare before/after metrics
+   - Check for regressions
+
+## Common Optimizations
+
+### Database
+
+- Add indexes for frequent queries
+- Use query caching
+- Batch operations
+- Avoid N+1 queries
+- Use connection pooling
+
+### Algorithms
+
+- Choose right data structure (Map vs Array)
+- Reduce time complexity (O(n²) → O(n log n))
+- Memoization for expensive computations
+- Lazy evaluation
+
+### Caching
+
+- Cache expensive operations
+- Use CDN for static assets
+- Browser caching headers
+- In-memory caching (Redis)
+
+### Code-Level
+
+- Avoid premature optimization
+- Reduce allocations
+- Reuse objects
+- Minimize DOM manipulation
+- Debounce/throttle events
+
+### Network
+
+- Compress responses (gzip)
+- Minimize payload size
+- Use HTTP/2
+- Implement pagination
+- Lazy load resources
+
+## Performance Checklist
+
+- [ ] Profiled to identify bottlenecks
+- [ ] Baseline metrics recorded
+- [ ] Optimization applied
+- [ ] Tests still pass
+- [ ] Performance improved (measured)
+- [ ] No new bugs introduced
+- [ ] Documented optimization rationale
+
+## Tools & Commands
+
+- Use `run_command` for profiling tools
+- Use `grep_code` to find inefficient patterns
+- Monitor memory usage
+- Check bundle sizes
+- Analyze database query plans

package/skills/playwright-e2e.md

@@ -0,0 +1,18 @@
+---
+description: Playwright tests, selectors, and flake resistance
+tags: playwright, e2e, testing
+---
+
+# Playwright E2E
+
+## Selectors
+
+- Prefer role- and test-id-based selectors over brittle CSS when the app exposes them.
+
+## Stability
+
+- Use auto-waiting; avoid fixed sleeps except as last resort.
+
+## CI
+
+- Run headless in CI; shard when runtime is high; capture traces on failure when enabled.

package/skills/python-quality.md

@@ -0,0 +1,21 @@
+---
+description: Python packaging, typing, and project layout
+tags: python, pip, uv, typing
+---
+
+# Python Quality
+
+## Layout
+
+- Prefer `src/` layouts when the repo already uses them; match `pyproject.toml` or `setup.cfg` style.
+- Use virtual environments; never commit `.venv` or `__pycache__`.
+
+## Typing
+
+- Prefer type hints on public functions; use `from __future__ import annotations` when the project does.
+- Match strictness to existing `mypy` / `pyright` config.
+
+## Tools
+
+- Prefer `uv` or `pip` to match lockfiles (`uv.lock`, `requirements.txt`).
+- Format and lint with whatever the project uses (`ruff`, `black`, `isort`).

package/skills/react-next-patterns.md

@@ -0,0 +1,24 @@
+---
+description: React and Next.js components, hooks, and data fetching
+tags: react, nextjs, frontend
+---
+
+# React & Next.js Patterns
+
+## Components
+
+- Prefer small, focused components; colocate styles and tests when the repo does.
+- Keep side effects in `useEffect` (or server-only code in Server Components) with correct dependency arrays.
+
+## State
+
+- Lift state only as high as needed; prefer local state or existing stores (Redux, Zustand, etc.) to match the codebase.
+
+## Next.js
+
+- Use App Router vs Pages Router conventions already in the project — do not mix routers in one route tree.
+- For Server Actions and forms, follow existing patterns for validation and error handling.
+
+## Performance
+
+- Memoize only when profiling or clear re-render cost; avoid premature `useMemo`/`useCallback` everywhere.

package/skills/redis-caching.md

@@ -0,0 +1,18 @@
+---
+description: Caching layers, TTLs, and Redis usage patterns
+tags: redis, cache, performance
+---
+
+# Redis & Caching
+
+## Correctness
+
+- Invalidate or version cache keys when underlying data can change; avoid stale reads for auth or billing.
+
+## TTL
+
+- Set sensible expirations; document cache stampede mitigations if traffic spikes.
+
+## Keys
+
+- Use namespaces/prefixes consistent with the codebase; avoid unbounded key growth.

package/skills/refactor-clean-code.md

@@ -0,0 +1,38 @@
+---
+description: Refactor code to follow clean code principles and best practices
+tags: refactoring, code-quality, clean-code
+---
+
+# Clean Code Refactoring Skill
+
+You are an expert code refactorer focused on clean code principles. When this skill is active:
+
+## Refactoring Principles
+
+1. **Naming**: Use descriptive, intention-revealing names for variables, functions, and classes
+2. **Functions**: Keep functions small (< 20 lines), single responsibility
+3. **DRY**: Eliminate code duplication through abstraction
+4. **SOLID**: Apply SOLID principles where applicable
+5. **Comments**: Code should be self-documenting; use comments only for "why", not "what"
+
+## Workflow
+
+1. **Read & Analyze**: Read the target file(s) thoroughly
+2. **Identify Issues**: Look for:
+   - Long functions (> 30 lines)
+   - Unclear variable names
+   - Code duplication
+   - Deep nesting (> 3 levels)
+   - Magic numbers/strings
+3. **Refactor Incrementally**: Make small, testable changes
+4. **Verify**: Run tests after each change
+5. **Document**: Explain refactoring decisions
+
+## Best Practices
+
+- Always run tests before and after refactoring
+- Use `verified_edit` for safety
+- Preserve existing behavior (no functional changes)
+- Extract methods/functions for clarity
+- Use constants for magic values
+- Apply consistent formatting

package/skills/rust-patterns.md

@@ -0,0 +1,18 @@
+---
+description: Rust ownership patterns, crates, and unsafe boundaries
+tags: rust, cargo, systems
+---
+
+# Rust Patterns
+
+## Safety
+
+- Avoid `unsafe` unless the project already uses it; contain it behind small, reviewed modules.
+
+## Crates
+
+- Follow workspace `Cargo.toml` layout; keep feature flags consistent with existing crates.
+
+## Errors
+
+- Use `Result` and project error types (`thiserror`, `anyhow`) as established in the repo.

package/skills/sandbox-autonomous.md

@@ -0,0 +1,25 @@
+---
+description: Safe autonomous runs in sandboxes, CI, and ephemeral environments
+tags: sandbox, automation, safety, non-interactive
+---
+
+# Sandbox & Autonomous Execution
+
+## Working directory
+
+- Treat the printed working directory as the only project root unless the user explicitly says otherwise.
+- Do not assume fixed paths like `/workspace` unless that is literally `cwd`.
+
+## Non-interactive commands
+
+- Always pass `--yes`, `-y`, or tool-specific non-interactive flags so installs and CLIs never block on prompts.
+- If a tool still prompts, use the `input` parameter on `run_command` to pipe answers.
+
+## Secrets & network
+
+- Never print API keys, tokens, or `.env` contents. Do not commit secrets.
+- In CI or sandboxes, only use credentials provided by the environment; do not embed long-lived keys in code.
+
+## Side effects
+
+- Prefer reversible edits and small commits. Avoid destructive operations on git history unless the task requires it.