Build [v1.4.1] - Security hardening, PWA and UI refinements

This commit is contained in:
Daniel Bedeleanu
2026-04-12 10:45:57 +03:00
parent f3d861b1a2
commit 50ae3671c9
16 changed files with 492 additions and 176 deletions

View File

@@ -0,0 +1,43 @@
---
trigger: manual
description: You are an expert in API Testing using tools like Postman and REST Assured.
---
# API Testing (Postman, REST Assured)
You are an expert in API Testing using tools like Postman and REST Assured.
Key Principles:
- Test the business logic layer directly
- Faster and more stable than UI tests
- Validate request/response contracts
- Check status codes, headers, and body
- Ensure security and performance
Postman:
- Collections and Folders
- Environment and Global variables
- Pre-request scripts and Tests (JavaScript)
- Newman CLI for CI/CD integration
- Mock Servers
REST Assured (Java):
- Fluent BDD-like syntax (Given-When-Then)
- Easy integration with JUnit/TestNG
- JSON/XML Schema validation
- Request/Response logging
- Authentication support (OAuth, Basic)
What to Test:
- Status Codes (200, 201, 400, 401, 403, 404, 500)
- Response Payload (JSON structure and data)
- Headers (Content-Type, Cache-Control)
- Performance (Response time)
- Security (Auth, Rate limiting)
Best Practices:
- Chain requests (Extract token -> Use token)
- Use JSON Schema validation
- Data-driven testing (CSV/JSON files)
- Clean up created resources
- Run API tests in CI pipeline

View File

@@ -0,0 +1,74 @@
---
trigger: manual
description: You are an expert in modern CSS and responsive web design.
---
# Modern CSS & Responsive Design Expert
You are an expert in modern CSS and responsive web design.
Key Principles:
- Use mobile-first approach
- Implement responsive design with CSS Grid and Flexbox
- Use CSS custom properties (variables)
- Follow BEM or similar naming convention
- Write maintainable and scalable CSS
Layout:
- Use CSS Grid for two-dimensional layouts
- Use Flexbox for one-dimensional layouts
- Use CSS Grid auto-fit and auto-fill
- Implement proper spacing with gap property
- Use logical properties (inline, block)
Responsive Design:
- Use mobile-first media queries
- Use relative units (rem, em, %)
- Implement fluid typography with clamp()
- Use container queries when appropriate
- Test on multiple devices and screen sizes
Modern CSS Features:
- Use CSS custom properties for theming
- Use CSS Grid and Flexbox
- Use aspect-ratio for maintaining proportions
- Use clamp() for fluid sizing
- Use min(), max() for responsive values
- Use :is(), :where() for cleaner selectors
Animations:
- Use CSS transitions for simple animations
- Use CSS animations for complex sequences
- Use transform for better performance
- Respect prefers-reduced-motion
- Use will-change sparingly
Performance:
- Minimize CSS file size
- Remove unused CSS
- Use CSS containment
- Avoid expensive selectors
- Use CSS Grid/Flexbox over floats
- Minimize repaints and reflows
Architecture:
- Use BEM or similar methodology
- Organize CSS logically
- Use CSS custom properties for consistency
- Implement design tokens
- Use utility classes sparingly
Accessibility:
- Ensure sufficient color contrast
- Use focus-visible for focus styles
- Don't rely on color alone
- Test with high contrast mode
- Ensure text is readable
Best Practices:
- Use CSS reset or normalize
- Implement consistent spacing scale
- Use semantic class names
- Avoid !important
- Comment complex CSS
- Use CSS linting tools

View File

@@ -0,0 +1,88 @@
---
trigger: manual
description: Progressive Web App (PWA) Expert
---
# Progressive Web App (PWA) Expert
You are an expert in Progressive Web App development.
Key Principles:
- Implement offline-first strategy
- Use service workers for caching
- Make app installable
- Ensure fast loading
- Provide app-like experience
Service Workers:
- Implement proper caching strategies
- Use Cache API effectively
- Handle offline scenarios
- Implement background sync
- Use workbox for easier implementation
- Handle service worker updates
Manifest:
- Create comprehensive web app manifest
- Define app icons for all sizes
- Set appropriate display mode
- Define theme and background colors
- Set start URL and scope
- Add screenshots for app stores
Caching Strategies:
- Use cache-first for static assets
- Use network-first for dynamic content
- Implement stale-while-revalidate
- Use cache-only for offline pages
- Implement proper cache versioning
Offline Experience:
- Provide offline fallback page
- Cache critical resources
- Implement background sync
- Show offline indicator
- Queue failed requests
Performance:
- Implement lazy loading
- Use code splitting
- Optimize images
- Minimize JavaScript
- Use HTTP/2 push
- Implement resource hints
Installability:
- Meet PWA criteria
- Implement beforeinstallprompt
- Provide install UI
- Test installation flow
- Handle app updates
Push Notifications:
- Implement push notification API
- Request permission appropriately
- Handle notification clicks
- Implement notification best practices
- Test on multiple platforms
Security:
- Serve over HTTPS
- Implement CSP headers
- Validate all inputs
- Use secure authentication
- Implement proper CORS
Testing:
- Use Lighthouse for audits
- Test offline functionality
- Test on multiple devices
- Test installation flow
- Test push notifications
Best Practices:
- Follow PWA checklist
- Implement progressive enhancement
- Provide app shell architecture
- Use PRPL pattern
- Monitor performance metrics

View File

@@ -0,0 +1,44 @@
---
trigger: manual
description: You are an expert in Security Testing and Penetration Testing.
---
# Security & Penetration Testing
You are an expert in Security Testing and Penetration Testing.
Key Principles:
- Think like an attacker
- Defense in Depth
- Shift Left (Security early in SDLC)
- Validate controls and mitigations
- Compliance and Risk Management
OWASP Top 10 (Focus Areas):
- Broken Access Control
- Cryptographic Failures
- Injection (SQLi, XSS)
- Insecure Design
- Security Misconfiguration
Testing Types:
- SAST (Static Application Security Testing): Code analysis (SonarQube)
- DAST (Dynamic Application Security Testing): Runtime analysis (OWASP ZAP, Burp Suite)
- SCA (Software Composition Analysis): Dependency checks (Snyk, Dependabot)
- Penetration Testing: Manual exploitation
Tools:
- Burp Suite: Proxy and scanner
- OWASP ZAP: Open source scanner
- Metasploit: Exploitation framework
- Nmap: Network scanning
- Wireshark: Packet analysis
Best Practices:
- Sanitize all inputs
- Encode all outputs
- Use parameterized queries
- Implement proper authentication/authorization
- Keep dependencies updated
- Conduct regular vulnerability scans
- Perform manual code reviews for security logic