diff --git a/.github/actions/cache-checkout/action.yml b/.github/actions/cache-checkout/action.yml new file mode 100644 index 00000000000000..514d8e4c007cee --- /dev/null +++ b/.github/actions/cache-checkout/action.yml @@ -0,0 +1,40 @@ +name: Cache Git Checkout +description: "Save or restore git checkout from cache to speed up CI workflows" +inputs: + mode: + description: "Mode of operation: 'save' to cache the checkout, 'restore' to restore from cache" + required: true + +runs: + using: "composite" + steps: + - name: Restore git checkout from cache + if: ${{ inputs.mode == 'restore' }} + uses: actions/cache/restore@v4 + id: cache-restore + with: + path: | + . + !.git + !node_modules + !**/node_modules + key: git-checkout-${{ github.head_ref || github.ref_name }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Delete previous git-checkout caches for this branch + if: ${{ inputs.mode == 'save' }} + uses: useblacksmith/cache-delete@v1 + with: + key: git-checkout-${{ github.head_ref || github.ref_name }}- + prefix: "true" + + - name: Save git checkout to cache + if: ${{ inputs.mode == 'save' }} + uses: actions/cache/save@v4 + with: + path: | + . + !.git + !node_modules + !**/node_modules + key: git-checkout-${{ github.head_ref || github.ref_name }}-${{ github.sha }} diff --git a/.github/actions/dangerous-git-checkout/action.yml b/.github/actions/dangerous-git-checkout/action.yml index c2dccc4e290e27..6a3dd50f87d5cc 100644 --- a/.github/actions/dangerous-git-checkout/action.yml +++ b/.github/actions/dangerous-git-checkout/action.yml @@ -8,3 +8,8 @@ runs: with: ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 2 + sparse-checkout-cone-mode: false + sparse-checkout: | + /* + !/example-apps/ + !**/*.mp4 diff --git a/.github/workflows/api-v1-production-build.yml b/.github/workflows/api-v1-production-build.yml index 26d08fa9e8073d..380340d37d13b2 100644 --- a/.github/workflows/api-v1-production-build.yml +++ b/.github/workflows/api-v1-production-build.yml @@ -65,7 +65,11 @@ jobs: - 5432:5432 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - uses: ./.github/actions/cache-db - name: Cache API v1 production build diff --git a/.github/workflows/api-v2-production-build.yml b/.github/workflows/api-v2-production-build.yml index 177199661f6c32..2d2e9cb47216c0 100644 --- a/.github/workflows/api-v2-production-build.yml +++ b/.github/workflows/api-v2-production-build.yml @@ -35,7 +35,11 @@ jobs: - 5432:5432 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - name: Generate Prisma schemas working-directory: apps/api/v2 diff --git a/.github/workflows/api-v2-unit-tests.yml b/.github/workflows/api-v2-unit-tests.yml index 5c6fd7b69c4e5b..822ff051054a88 100644 --- a/.github/workflows/api-v2-unit-tests.yml +++ b/.github/workflows/api-v2-unit-tests.yml @@ -12,11 +12,15 @@ jobs: runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - run: yarn prisma generate - name: Run API v2 unit tests working-directory: apps/api/v2 run: | export NODE_OPTIONS="--max_old_space_size=8192" - yarn workspace @calcom/platform-libraries build && yarn test + TZ=America/New_York yarn workspace @calcom/platform-libraries build && yarn test diff --git a/.github/workflows/atoms-production-build.yml b/.github/workflows/atoms-production-build.yml index b8fc029accedc3..ef6f9a4210536f 100644 --- a/.github/workflows/atoms-production-build.yml +++ b/.github/workflows/atoms-production-build.yml @@ -12,7 +12,11 @@ jobs: timeout-minutes: 30 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - name: Cache atoms production build uses: actions/cache@v4 diff --git a/.github/workflows/check-api-v2-breaking-changes.yml b/.github/workflows/check-api-v2-breaking-changes.yml index b41d3b719b7bff..270f0bd08ccf8f 100644 --- a/.github/workflows/check-api-v2-breaking-changes.yml +++ b/.github/workflows/check-api-v2-breaking-changes.yml @@ -34,7 +34,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - name: Generate Swagger diff --git a/.github/workflows/check-types.yml b/.github/workflows/check-types.yml index f640b75d9633c2..bd2da476723597 100644 --- a/.github/workflows/check-types.yml +++ b/.github/workflows/check-types.yml @@ -12,7 +12,11 @@ jobs: runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - name: Show info run: node -e "console.log(require('v8').getHeapStatistics())" diff --git a/.github/workflows/companion-build.yml b/.github/workflows/companion-build.yml index 12985b43eb228a..58cd1be35d987e 100644 --- a/.github/workflows/companion-build.yml +++ b/.github/workflows/companion-build.yml @@ -17,7 +17,11 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - name: Setup Bun uses: oven-sh/setup-bun@v1 diff --git a/.github/workflows/delete-blacksmith-cache.yml b/.github/workflows/delete-blacksmith-cache.yml index 26addc991fecc6..5a84df5f482dcc 100644 --- a/.github/workflows/delete-blacksmith-cache.yml +++ b/.github/workflows/delete-blacksmith-cache.yml @@ -31,3 +31,13 @@ jobs: with: key: ${{ env.CACHE_NAME }}-${{ github.event.pull_request.head.ref }} prefix: "true" + + delete-git-checkout-cache-on-pr-close: + if: github.event_name == 'pull_request' && github.event.action == 'closed' + runs-on: blacksmith-2vcpu-ubuntu-2404 + steps: + - name: Delete git-checkout cache + uses: useblacksmith/cache-delete@v1 + with: + key: git-checkout-${{ github.event.pull_request.head.ref }}- + prefix: "true" diff --git a/.github/workflows/docs-build.yml b/.github/workflows/docs-build.yml index ccf44ed8a6ac46..6e869ff753b8c1 100644 --- a/.github/workflows/docs-build.yml +++ b/.github/workflows/docs-build.yml @@ -12,7 +12,11 @@ jobs: runs-on: blacksmith-2vcpu-ubuntu-2404 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - name: Cache Docs build uses: actions/cache@v4 id: cache-docs-build diff --git a/.github/workflows/e2e-api-v2.yml b/.github/workflows/e2e-api-v2.yml index 267c6baf958f49..9656c4b4737143 100644 --- a/.github/workflows/e2e-api-v2.yml +++ b/.github/workflows/e2e-api-v2.yml @@ -74,7 +74,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - uses: ./.github/actions/cache-db - name: Build platform packages with Turbo diff --git a/.github/workflows/e2e-app-store.yml b/.github/workflows/e2e-app-store.yml index e3e1774c805d28..d7bede4762d0d2 100644 --- a/.github/workflows/e2e-app-store.yml +++ b/.github/workflows/e2e-app-store.yml @@ -81,7 +81,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - uses: ./.github/actions/yarn-playwright-install - run: yarn prisma generate diff --git a/.github/workflows/e2e-embed-react.yml b/.github/workflows/e2e-embed-react.yml index a58cac84840255..5ece5472a754b9 100644 --- a/.github/workflows/e2e-embed-react.yml +++ b/.github/workflows/e2e-embed-react.yml @@ -73,7 +73,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - uses: ./.github/actions/yarn-playwright-install - run: yarn prisma generate diff --git a/.github/workflows/e2e-embed.yml b/.github/workflows/e2e-embed.yml index c3b9b5e3c642ea..eec3307fc36c15 100644 --- a/.github/workflows/e2e-embed.yml +++ b/.github/workflows/e2e-embed.yml @@ -81,7 +81,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - uses: ./.github/actions/yarn-playwright-install - run: yarn prisma generate diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 54a20cb066ce53..8495fef8231d73 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -82,7 +82,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - uses: ./.github/actions/yarn-playwright-install - run: yarn prisma generate diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 83605ea5ccba94..1ea84258531392 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -79,7 +79,11 @@ jobs: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - run: yarn prisma generate - uses: ./.github/actions/cache-db diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 76dd0d24a400f7..a141c1579f2815 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,11 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - name: Run Lint run: yarn lint diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml index 3a05287fdfb06b..b99abd9df869b7 100644 --- a/.github/workflows/pr.yml +++ b/.github/workflows/pr.yml @@ -175,6 +175,10 @@ jobs: steps: - uses: actions/checkout@v4 - uses: ./.github/actions/dangerous-git-checkout + - name: Cache git checkout + uses: ./.github/actions/cache-checkout + with: + mode: save - name: Generate DB cache key id: cache-db-key uses: ./.github/actions/cache-db-key diff --git a/.github/workflows/production-build-without-database.yml b/.github/workflows/production-build-without-database.yml index 78920c5fb671f2..512efe6ac710be 100644 --- a/.github/workflows/production-build-without-database.yml +++ b/.github/workflows/production-build-without-database.yml @@ -43,7 +43,11 @@ jobs: timeout-minutes: 30 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - run: yarn prisma generate - name: Generate cache key diff --git a/.github/workflows/setup-db.yml b/.github/workflows/setup-db.yml index f0634a0c68502e..66e4ea042fd484 100644 --- a/.github/workflows/setup-db.yml +++ b/.github/workflows/setup-db.yml @@ -47,7 +47,11 @@ jobs: - 5432:5432 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install if: inputs.DB_CACHE_HIT != 'true' - run: yarn prisma generate diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml index a922ec9698aaad..532ddb77a81ba9 100644 --- a/.github/workflows/unit-tests.yml +++ b/.github/workflows/unit-tests.yml @@ -12,7 +12,11 @@ jobs: runs-on: blacksmith-4vcpu-ubuntu-2404 steps: - uses: actions/checkout@v4 - - uses: ./.github/actions/dangerous-git-checkout + with: + sparse-checkout: .github + - uses: ./.github/actions/cache-checkout + with: + mode: restore - uses: ./.github/actions/yarn-install - run: yarn prisma generate - run: yarn test -- --no-isolate diff --git a/AGENTS.md b/AGENTS.md index a7dbde3ac4611c..879c978338fdb5 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,221 +1,103 @@ -# Cal.com Development Guide for AI Agents +# Compliance Rules -You are a senior Cal.com engineer working in a Yarn/Turbo monorepo. You prioritize type safety, security, and small, reviewable diffs. +This file contains the compliance and code quality rules for this repository. -## Do +## 1. Repository and Service Classes Must Follow Naming Conventions -- Use `select` instead of `include` in Prisma queries for performance and security -- Use `import type { X }` for TypeScript type imports -- Use early returns to reduce nesting: `if (!booking) return null;` -- Use `ErrorWithCode` for errors in non-tRPC files (services, repositories, utilities); use `TRPCError` only in tRPC routers -- Use conventional commits: `feat:`, `fix:`, `refactor:` -- Create PRs in draft mode by default -- Run `yarn type-check:ci --force` before concluding CI failures are unrelated to your changes -- Import directly from source files, not barrel files (e.g., `@calcom/ui/components/button` not `@calcom/ui`) -- Add translations to `apps/web/public/static/locales/en/common.json` for all UI strings -- Use `date-fns` or native `Date` instead of Day.js when timezone awareness isn't needed -- Put permission checks in `page.tsx`, never in `layout.tsx` -- Use `ast-grep` for searching if available; otherwise use `rg` (ripgrep), then fall back to `grep` -- Use Biome for formatting and linting - - -## Don't - -- Never use `as any` - use proper type-safe solutions instead -- Never expose `credential.key` field in API responses or queries -- Never commit secrets or API keys -- Never modify `*.generated.ts` files directly - they're created by app-store-cli -- Never put business logic in repositories - that belongs in Services -- Never use barrel imports from index.ts files -- Never skip running type checks before pushing -- Never create large PRs (>500 lines or >10 files) - split them instead - -## Commands - -### File-scoped (preferred for speed) - -```bash -# Type check - always run on changed files -yarn type-check:ci --force - -# Lint and format single file -yarn biome check --write path/to/file.tsx - -# Unit test specific file -yarn vitest run path/to/file.test.ts - -# Unit test specific file + specific test -yarn vitest run path/to/file.test.ts --testNamePattern="specific test name" - -# Integration test specific file -yarn test path/to/file.integration-test.ts -- --integrationTestsOnly - -# Integration test specific file + specific test -yarn test path/to/file.integration-test.ts --testNamePattern="specific test name" -- --integrationTestsOnly - -# E2E test specific file -PLAYWRIGHT_HEADLESS=1 yarn e2e path/to/file.e2e.ts - -# E2E test specific file + specific test -PLAYWRIGHT_HEADLESS=1 yarn e2e path/to/file.e2e.ts --grep "specific test name" -``` - -### Project-wide (use sparingly) - -```bash -# Development -yarn dev # Start dev server -yarn dx # Dev with database setup - -# Build & check -yarn build # Build all packages -yarn biome check --write . # Lint and format all -yarn type-check # Type check all - -# Tests (use TZ=UTC for consistency) -TZ=UTC yarn test # All unit tests -yarn e2e # All E2E tests - -# Database -yarn prisma generate # Regenerate types after schema changes -yarn workspace @calcom/prisma db-migrate # Run migrations -``` - -### Biome focused workflow -+ -```bash -yarn biome check --write . -yarn type-check:ci --force -``` - - -## Boundaries - -### Always do -- Run type check on changed files before committing -- Run relevant tests before pushing -- Use `select` in Prisma queries -- Follow conventional commits for PR titles -- Run Biome before pushing - -### Ask first -- Adding new dependencies -- Schema changes to `packages/prisma/schema.prisma` -- Changes affecting multiple packages -- Deleting files -- Running full build or E2E suites - -### Never do -- Commit secrets, API keys, or `.env` files -- Expose `credential.key` in any query -- Use `as any` type casting -- Force push or rebase shared branches -- Modify generated files directly - -## Project Structure - -``` -apps/web/ # Main Next.js application -packages/prisma/ # Database schema (schema.prisma) and migrations -packages/trpc/ # tRPC API layer (routers in server/routers/) -packages/ui/ # Shared UI components -packages/features/ # Feature-specific code -packages/app-store/ # Third-party integrations -packages/lib/ # Shared utilities -``` - -### Key files -- Routes: `apps/web/app/` (App Router) -- Database schema: `packages/prisma/schema.prisma` -- tRPC routers: `packages/trpc/server/routers/` -- Translations: `apps/web/public/static/locales/en/common.json` -- Workflow constants: `packages/features/ee/workflows/lib/constants.ts` - -## Tech Stack - -- **Framework**: Next.js 13+ (App Router in some areas) -- **Language**: TypeScript (strict) -- **Database**: PostgreSQL with Prisma ORM -- **API**: tRPC for type-safe APIs -- **Auth**: NextAuth.js -- **Styling**: Tailwind CSS -- **Testing**: Vitest (unit), Playwright (E2E) -- **i18n**: next-i18next - -## Code Examples - -### Good error handling - -```typescript -// Good - Descriptive error with context -throw new Error(`Unable to create booking: User ${userId} has no available time slots for ${date}`); - -// Bad - Generic error -throw new Error("Booking failed"); -``` - -For which error class to use (`ErrorWithCode` vs `TRPCError`) and concrete examples, see [Error Types in knowledge-base.md](agents/knowledge-base.md#error-types). - -### Good Prisma query - -```typescript -// Good - Use select for performance and security -const booking = await prisma.booking.findFirst({ - select: { - id: true, - title: true, - user: { - select: { - id: true, - name: true, - email: true, - } - } - } -}); - -// Bad - Include fetches all fields including sensitive ones -const booking = await prisma.booking.findFirst({ - include: { user: true } -}); -``` - -### Good imports - -```typescript -// Good - Type imports and direct paths -import type { User } from "@prisma/client"; -import { Button } from "@calcom/ui/components/button"; - -// Bad - Regular import for types, barrel imports -import { User } from "@prisma/client"; -import { Button } from "@calcom/ui"; -``` - -## PR Checklist - -- [ ] Title follows conventional commits: `feat(scope): description` -- [ ] Type check passes: `yarn type-check:ci --force` -- [ ] Lint passes: `yarn lint:fix` -- [ ] Relevant tests pass -- [ ] Diff is small and focused (<500 lines, <10 files) -- [ ] No secrets or API keys committed -- [ ] UI strings added to translation files -- [ ] Created as draft PR - -## When Stuck - -- Ask a clarifying question before making large speculative changes -- Propose a short plan for complex tasks -- Open a draft PR with notes if unsure about approach -- Fix type errors before test failures - they're often the root cause -- Run `yarn prisma generate` if you see missing enum/type errors - -## Extended Documentation - -For detailed information, see the `agents/` directory: - -- **[agents/README.md](agents/README.md)** - Architecture overview and patterns -- **[agents/commands.md](agents/commands.md)** - Complete command reference -- **[agents/knowledge-base.md](agents/knowledge-base.md)** - Domain knowledge and best practices -- **[agents/coding-standards.md](agents/coding-standards.md)** - Coding standards with examples +**Objective:** Ensure consistency and discoverability by requiring repository classes to use 'PrismaRepository' pattern and service classes to use 'Service' pattern, with filenames matching class names exactly in PascalCase + +**Success Criteria:** Repository files are named 'PrismaRepository.ts' with matching exported class names (e.g., PrismaAppRepository), and service files are named 'Service.ts' with matching class names (e.g., MembershipService) + +**Failure Criteria:** Repository or service files use generic names like 'app.ts', use dot-suffixes like '.service.ts' or '.repository.ts', or have filename/class name mismatches + +--- + +## 2. Prevent Circular Dependencies Between Core Packages + +**Objective:** Maintain clear architectural boundaries and prevent circular dependencies by enforcing import restrictions between core packages (lib, app-store, features, trpc) + +**Success Criteria:** The lib package does not import from app-store, features, or trpc; app-store does not import from features or trpc; features does not import from trpc; and trpc does not import from apps/web + +**Failure Criteria:** Code contains imports that violate the dependency hierarchy, such as lib importing from features, app-store importing from trpc, or any other restricted cross-package imports + +--- + +## 3. Use Biome for Code Formatting with Standardized Configuration + +**Objective:** Ensure consistent code formatting across the entire codebase by using Biome with specific formatting rules for line width, indentation, quotes, and semicolons + +**Success Criteria:** All TypeScript/JavaScript files use 110 character line width, 2-space indentation, LF line endings, double quotes for JSX, always include semicolons, use ES5 trailing commas, and always use arrow function parentheses + +**Failure Criteria:** Code files deviate from the standard formatting rules, such as using single quotes in JSX, omitting semicolons, using different indentation widths, or exceeding line width limits + +--- + +## 4. Default Exports Allowed Only in Next.js Page and Layout Files + +**Objective:** Enforce named exports throughout the codebase for better refactoring and tree-shaking, while allowing default exports only where Next.js requires them (page.tsx and layout.tsx files) + +**Success Criteria:** Files use named exports (export const, export function, export class) except for files matching patterns 'apps/web/app/**/page.tsx', 'apps/web/app/**/layout.tsx', and 'apps/web/app/pages/**/*.tsx' which may use default exports + +**Failure Criteria:** Non-page/layout files use default exports, or page/layout files fail to export the required default component + +--- + +## 5. Schema and Handler Files Must Be Separated with Type-Safe Patterns + +**Objective:** Maintain separation of concerns and type safety by requiring schema definitions in separate '.schema.ts' files with both Zod schema and TypeScript type exports, while handlers in '.handler.ts' files use these typed schemas + +**Success Criteria:** Schema files export both a TypeScript type (TInputSchema) and a corresponding Zod schema (ZInputSchema: z.ZodTypeInputSchema>), and handler files import and use these typed schemas for validation + +**Failure Criteria:** Schema and handler logic are mixed in the same file, schema files lack either TypeScript types or Zod schemas, or handler files perform validation without using the defined schemas + +--- + +## 6. Lint Staged Files Before Commit with Error-on-Warnings Enforcement + +**Objective:** Ensure code quality by running Biome linting on staged files before commits and treating warnings as errors unless explicitly skipped via SKIP_WARNINGS environment variable + +**Success Criteria:** Pre-commit hook runs 'biome lint --error-on-warnings' on staged TypeScript/JavaScript files, 'biome format' on JSON files, and 'prisma format' on schema.prisma, and all checks pass before commit is allowed + +**Failure Criteria:** Commits are made with linting warnings or formatting issues, staged files are not checked before commit, or the pre-commit hook is bypassed without proper justification + +--- + +## 7. Environment Variables Must Not Be Accessed Directly in Non-Configuration Code + +**Objective:** Prevent runtime errors and improve testability by avoiding direct process.env access in business logic and instead using centralized configuration modules or environment-specific checks + +**Success Criteria:** Direct process.env access is limited to configuration files, environment detection utilities (isENVProd, isENVDev), and build-time configuration, while business logic receives environment values through dependency injection or configuration objects + +**Failure Criteria:** Business logic, handlers, or service classes directly access process.env properties instead of using configuration abstractions or injected values + +--- + +## 8. All Tests Must Use Vitest Framework and UTC Timezone + +**Objective:** Ensure consistent test execution and prevent timezone-related bugs by standardizing on Vitest as the test framework and enforcing UTC timezone for all test runs + +**Success Criteria:** Test files use Vitest syntax (vi.mock, vi.fn, describe, it, expect), test commands set TZ=UTC environment variable, and tests do not depend on local timezone settings + +**Failure Criteria:** Tests use Jest-specific APIs, test commands omit TZ=UTC setting, or tests fail when run in different timezones + +--- + +## 9. React Components Must Use react-hook-form with Zod Schema Validation + +**Objective:** Ensure consistent form handling and validation by requiring React Hook Form with Zod resolver for all form components, providing type-safe validation and error handling + +**Success Criteria:** Form components use useForm hook with zodResolver, define Zod schemas for form validation, use Controller or register for form fields, and properly handle validation errors with error messages + +**Failure Criteria:** Form components implement custom validation logic without react-hook-form, lack Zod schema validation, or fail to properly display validation errors to users + +--- + +## 10. Custom Error Classes Must Use Hierarchical Structure with Typed Codes + +**Objective:** Enable robust error handling and debugging by requiring custom error classes that extend base Error classes with typed error codes, HTTP status codes, and structured error information + +**Success Criteria:** Error classes extend from base error types (HttpError, CalendarAppError, ErrorWithCode), include typed error codes for categorization, provide statusCode for HTTP errors, and include relevant context (URL, method, cause) + +**Failure Criteria:** Code throws generic Error objects, lacks error categorization, omits HTTP status codes for API errors, or fails to include sufficient debugging context + +---