feat: improved the Claude Kit as a plugin

This commit is contained in:
duthaho
2026-04-19 14:09:14 +07:00
parent 3103a8da1b
commit d1a6d2a2bc
186 changed files with 771 additions and 1691 deletions
+16
View File
@@ -0,0 +1,16 @@
---
paths:
- "src/api/**"
- "**/routes/**"
- "**/endpoints/**"
- "**/controllers/**"
---
# API Development Rules
- All endpoints must include input validation (Zod for TS, Pydantic for Python)
- Use standard error response format: `{ error: string, code: number, details?: any }`
- Return appropriate HTTP status codes — never use 200 for errors
- Include OpenAPI documentation comments on all endpoints
- Rate limiting required on all public endpoints
- Authentication middleware on all protected routes
+17
View File
@@ -0,0 +1,17 @@
---
paths:
- "**/*.tsx"
- "**/*.jsx"
- "src/components/**"
- "src/app/**"
---
# Frontend Rules
- One component per file, named with PascalCase
- Use Server Components by default in Next.js — add `'use client'` only when needed
- Tailwind utility classes for styling — avoid inline styles
- All interactive elements must be keyboard accessible
- Include `aria-label` on icon-only buttons
- Use semantic HTML (`<nav>`, `<main>`, `<section>`) over generic `<div>`
- Images require `alt` text
+14
View File
@@ -0,0 +1,14 @@
---
paths:
- "**/migrations/**"
- "**/*.migration.*"
- "**/alembic/**"
---
# Database Migration Rules
- Every migration must be reversible — include down/rollback logic
- Never modify existing migrations — create new ones
- Add indexes for foreign keys and frequently queried columns
- Use transactions for multi-step migrations
- Test migrations against a copy of production data when possible
+12
View File
@@ -0,0 +1,12 @@
# Security Rules
- Never hardcode secrets, API keys, or credentials in source code
- Use parameterized queries only — never string concatenation for SQL
- No `eval()`, `new Function()`, or dynamic code execution
- No `any` types in TypeScript — use proper typing
- Validate all user inputs at API boundaries
- Output encoding for all rendered content
- Secrets via environment variables only
- No disabled security headers
- Authentication required on all protected endpoints
- Rate limiting on public APIs
+19
View File
@@ -0,0 +1,19 @@
---
paths:
- "**/*.test.*"
- "**/*.spec.*"
- "**/tests/**"
- "**/test_*"
- "**/__tests__/**"
---
# Test Writing Rules
- Python test naming: `test_[function]_[scenario]_[expected]`
- TypeScript test naming: `describe('[Component]', () => { it('should [behavior]') })`
- Each test file must have at least one happy path and one error case
- Mock external dependencies, not internal modules
- Use factories/fixtures over inline test data
- Never commit `.skip()` or `.only()` — remove before pushing
- Minimum coverage: 80% overall, 95% for critical paths
- Prefer pytest for Python, vitest for TypeScript