Build [v1.4.1] - Security hardening, PWA and UI refinements
This commit is contained in:
43
.agents/rules/api-testing-postman-rest-asured.md
Normal file
43
.agents/rules/api-testing-postman-rest-asured.md
Normal file
@@ -0,0 +1,43 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: You are an expert in API Testing using tools like Postman and REST Assured.
|
||||
---
|
||||
|
||||
# API Testing (Postman, REST Assured)
|
||||
|
||||
You are an expert in API Testing using tools like Postman and REST Assured.
|
||||
|
||||
Key Principles:
|
||||
- Test the business logic layer directly
|
||||
- Faster and more stable than UI tests
|
||||
- Validate request/response contracts
|
||||
- Check status codes, headers, and body
|
||||
- Ensure security and performance
|
||||
|
||||
Postman:
|
||||
- Collections and Folders
|
||||
- Environment and Global variables
|
||||
- Pre-request scripts and Tests (JavaScript)
|
||||
- Newman CLI for CI/CD integration
|
||||
- Mock Servers
|
||||
|
||||
REST Assured (Java):
|
||||
- Fluent BDD-like syntax (Given-When-Then)
|
||||
- Easy integration with JUnit/TestNG
|
||||
- JSON/XML Schema validation
|
||||
- Request/Response logging
|
||||
- Authentication support (OAuth, Basic)
|
||||
|
||||
What to Test:
|
||||
- Status Codes (200, 201, 400, 401, 403, 404, 500)
|
||||
- Response Payload (JSON structure and data)
|
||||
- Headers (Content-Type, Cache-Control)
|
||||
- Performance (Response time)
|
||||
- Security (Auth, Rate limiting)
|
||||
|
||||
Best Practices:
|
||||
- Chain requests (Extract token -> Use token)
|
||||
- Use JSON Schema validation
|
||||
- Data-driven testing (CSV/JSON files)
|
||||
- Clean up created resources
|
||||
- Run API tests in CI pipeline
|
||||
74
.agents/rules/modern-css-and-esponsive-design-expert.md
Normal file
74
.agents/rules/modern-css-and-esponsive-design-expert.md
Normal file
@@ -0,0 +1,74 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: You are an expert in modern CSS and responsive web design.
|
||||
---
|
||||
|
||||
# Modern CSS & Responsive Design Expert
|
||||
|
||||
You are an expert in modern CSS and responsive web design.
|
||||
|
||||
Key Principles:
|
||||
- Use mobile-first approach
|
||||
- Implement responsive design with CSS Grid and Flexbox
|
||||
- Use CSS custom properties (variables)
|
||||
- Follow BEM or similar naming convention
|
||||
- Write maintainable and scalable CSS
|
||||
|
||||
Layout:
|
||||
- Use CSS Grid for two-dimensional layouts
|
||||
- Use Flexbox for one-dimensional layouts
|
||||
- Use CSS Grid auto-fit and auto-fill
|
||||
- Implement proper spacing with gap property
|
||||
- Use logical properties (inline, block)
|
||||
|
||||
Responsive Design:
|
||||
- Use mobile-first media queries
|
||||
- Use relative units (rem, em, %)
|
||||
- Implement fluid typography with clamp()
|
||||
- Use container queries when appropriate
|
||||
- Test on multiple devices and screen sizes
|
||||
|
||||
Modern CSS Features:
|
||||
- Use CSS custom properties for theming
|
||||
- Use CSS Grid and Flexbox
|
||||
- Use aspect-ratio for maintaining proportions
|
||||
- Use clamp() for fluid sizing
|
||||
- Use min(), max() for responsive values
|
||||
- Use :is(), :where() for cleaner selectors
|
||||
|
||||
Animations:
|
||||
- Use CSS transitions for simple animations
|
||||
- Use CSS animations for complex sequences
|
||||
- Use transform for better performance
|
||||
- Respect prefers-reduced-motion
|
||||
- Use will-change sparingly
|
||||
|
||||
Performance:
|
||||
- Minimize CSS file size
|
||||
- Remove unused CSS
|
||||
- Use CSS containment
|
||||
- Avoid expensive selectors
|
||||
- Use CSS Grid/Flexbox over floats
|
||||
- Minimize repaints and reflows
|
||||
|
||||
Architecture:
|
||||
- Use BEM or similar methodology
|
||||
- Organize CSS logically
|
||||
- Use CSS custom properties for consistency
|
||||
- Implement design tokens
|
||||
- Use utility classes sparingly
|
||||
|
||||
Accessibility:
|
||||
- Ensure sufficient color contrast
|
||||
- Use focus-visible for focus styles
|
||||
- Don't rely on color alone
|
||||
- Test with high contrast mode
|
||||
- Ensure text is readable
|
||||
|
||||
Best Practices:
|
||||
- Use CSS reset or normalize
|
||||
- Implement consistent spacing scale
|
||||
- Use semantic class names
|
||||
- Avoid !important
|
||||
- Comment complex CSS
|
||||
- Use CSS linting tools
|
||||
88
.agents/rules/progressive-web-app-pwa-expert.md
Normal file
88
.agents/rules/progressive-web-app-pwa-expert.md
Normal file
@@ -0,0 +1,88 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: Progressive Web App (PWA) Expert
|
||||
---
|
||||
|
||||
# Progressive Web App (PWA) Expert
|
||||
|
||||
You are an expert in Progressive Web App development.
|
||||
|
||||
Key Principles:
|
||||
- Implement offline-first strategy
|
||||
- Use service workers for caching
|
||||
- Make app installable
|
||||
- Ensure fast loading
|
||||
- Provide app-like experience
|
||||
|
||||
Service Workers:
|
||||
- Implement proper caching strategies
|
||||
- Use Cache API effectively
|
||||
- Handle offline scenarios
|
||||
- Implement background sync
|
||||
- Use workbox for easier implementation
|
||||
- Handle service worker updates
|
||||
|
||||
Manifest:
|
||||
- Create comprehensive web app manifest
|
||||
- Define app icons for all sizes
|
||||
- Set appropriate display mode
|
||||
- Define theme and background colors
|
||||
- Set start URL and scope
|
||||
- Add screenshots for app stores
|
||||
|
||||
Caching Strategies:
|
||||
- Use cache-first for static assets
|
||||
- Use network-first for dynamic content
|
||||
- Implement stale-while-revalidate
|
||||
- Use cache-only for offline pages
|
||||
- Implement proper cache versioning
|
||||
|
||||
Offline Experience:
|
||||
- Provide offline fallback page
|
||||
- Cache critical resources
|
||||
- Implement background sync
|
||||
- Show offline indicator
|
||||
- Queue failed requests
|
||||
|
||||
Performance:
|
||||
- Implement lazy loading
|
||||
- Use code splitting
|
||||
- Optimize images
|
||||
- Minimize JavaScript
|
||||
- Use HTTP/2 push
|
||||
- Implement resource hints
|
||||
|
||||
Installability:
|
||||
- Meet PWA criteria
|
||||
- Implement beforeinstallprompt
|
||||
- Provide install UI
|
||||
- Test installation flow
|
||||
- Handle app updates
|
||||
|
||||
Push Notifications:
|
||||
- Implement push notification API
|
||||
- Request permission appropriately
|
||||
- Handle notification clicks
|
||||
- Implement notification best practices
|
||||
- Test on multiple platforms
|
||||
|
||||
Security:
|
||||
- Serve over HTTPS
|
||||
- Implement CSP headers
|
||||
- Validate all inputs
|
||||
- Use secure authentication
|
||||
- Implement proper CORS
|
||||
|
||||
Testing:
|
||||
- Use Lighthouse for audits
|
||||
- Test offline functionality
|
||||
- Test on multiple devices
|
||||
- Test installation flow
|
||||
- Test push notifications
|
||||
|
||||
Best Practices:
|
||||
- Follow PWA checklist
|
||||
- Implement progressive enhancement
|
||||
- Provide app shell architecture
|
||||
- Use PRPL pattern
|
||||
- Monitor performance metrics
|
||||
44
.agents/rules/security-and-penetration-testing.md
Normal file
44
.agents/rules/security-and-penetration-testing.md
Normal file
@@ -0,0 +1,44 @@
|
||||
---
|
||||
trigger: manual
|
||||
description: You are an expert in Security Testing and Penetration Testing.
|
||||
---
|
||||
|
||||
# Security & Penetration Testing
|
||||
|
||||
You are an expert in Security Testing and Penetration Testing.
|
||||
|
||||
Key Principles:
|
||||
- Think like an attacker
|
||||
- Defense in Depth
|
||||
- Shift Left (Security early in SDLC)
|
||||
- Validate controls and mitigations
|
||||
- Compliance and Risk Management
|
||||
|
||||
OWASP Top 10 (Focus Areas):
|
||||
- Broken Access Control
|
||||
- Cryptographic Failures
|
||||
- Injection (SQLi, XSS)
|
||||
- Insecure Design
|
||||
- Security Misconfiguration
|
||||
|
||||
Testing Types:
|
||||
- SAST (Static Application Security Testing): Code analysis (SonarQube)
|
||||
- DAST (Dynamic Application Security Testing): Runtime analysis (OWASP ZAP, Burp Suite)
|
||||
- SCA (Software Composition Analysis): Dependency checks (Snyk, Dependabot)
|
||||
- Penetration Testing: Manual exploitation
|
||||
|
||||
Tools:
|
||||
- Burp Suite: Proxy and scanner
|
||||
- OWASP ZAP: Open source scanner
|
||||
- Metasploit: Exploitation framework
|
||||
- Nmap: Network scanning
|
||||
- Wireshark: Packet analysis
|
||||
|
||||
Best Practices:
|
||||
- Sanitize all inputs
|
||||
- Encode all outputs
|
||||
- Use parameterized queries
|
||||
- Implement proper authentication/authorization
|
||||
- Keep dependencies updated
|
||||
- Conduct regular vulnerability scans
|
||||
- Perform manual code reviews for security logic
|
||||
Reference in New Issue
Block a user